IdTokenHintDiscovery - Code Metrics - Inspection of "Metadata" - OAuth2-Framework/oauth2-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Pull Request — master (#37)

by Florent

created 2017-04-12 13:00 UTC

IdTokenHintDiscovery A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	73
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	10

Importance

Changes

Metric	Value
wmc	9
lcom	1
cbo	10
dl	0
loc	73
rs	10
c	0
b	0
f	0

3 Methods

Rating	Name	Size	Complexity
A	__construct()	5	1
A	enablePairwiseSubject()	4	1
C	find()	32	7

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2017 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace OAuth2Framework\Component\Server\Endpoint\Authorization\UserAccountDiscovery;

use Assert\Assertion;
use OAuth2Framework\Component\Server\Endpoint\Authorization\Authorization;
use OAuth2Framework\Component\Server\Endpoint\Authorization\Exception\CreateRedirectionException;
use OAuth2Framework\Component\Server\Endpoint\Authorization\Exception\RedirectToLoginPageException;
use OAuth2Framework\Component\Server\Endpoint\UserInfo\Pairwise\PairwiseSubjectIdentifierAlgorithmInterface;
use OAuth2Framework\Component\Server\Model\IdToken\IdToken;
use OAuth2Framework\Component\Server\Model\IdToken\IdTokenId;
use OAuth2Framework\Component\Server\Model\IdToken\IdTokenLoader;
use OAuth2Framework\Component\Server\Model\UserAccount\UserAccountId;
use OAuth2Framework\Component\Server\Model\UserAccount\UserAccountRepositoryInterface;
use OAuth2Framework\Component\Server\Response\OAuth2ResponseFactoryManager;
use Psr\Http\Message\ServerRequestInterface;

final class IdTokenHintDiscovery implements UserAccountDiscoveryInterface
{
    /**
     * @var IdTokenLoader
     */
    private $idTokenLoader;

    /**
     * @var PairwiseSubjectIdentifierAlgorithmInterface|null
     */
    private $pairwiseAlgorithm = null;

    /**
     * @var UserAccountRepositoryInterface
     */
    private $userAccountRepository;

    /**
     * IdTokenHintExtension constructor.
     *
     * @param IdTokenLoader                  $idTokenLoader
     * @param UserAccountRepositoryInterface $userAccountRepository
     */
    public function __construct(IdTokenLoader $idTokenLoader, UserAccountRepositoryInterface $userAccountRepository)
    {
        $this->idTokenLoader = $idTokenLoader;
        $this->userAccountRepository = $userAccountRepository;
    }

    /**
     * @param PairwiseSubjectIdentifierAlgorithmInterface $pairwiseAlgorithm
     */
    public function enablePairwiseSubject(PairwiseSubjectIdentifierAlgorithmInterface $pairwiseAlgorithm)
    {
        $this->pairwiseAlgorithm = $pairwiseAlgorithm;
    }

    /**
     * {@inheritdoc}
     */
    public function find(ServerRequestInterface $request, Authorization $authorization, callable $next): Authorization
    {
        $authorization = $next($request, $authorization);
        if ($authorization->hasQueryParam('id_token_hint')) {
            try {
                $idTokenId = IdTokenId::create($authorization->getQueryParam('id_token_hint'));
                $idToken = $this->idTokenLoader->load($idTokenId);
                Assertion::isInstanceOf($idToken, IdToken::class, 'The parameter \'id_token_hint\' does not contain a valid ID Token.');
                $userAccountId = $idToken->getUserAccountId();
                if (null !== $this->pairwiseAlgorithm) {
                    $publicId = $this->pairwiseAlgorithm->getPublicIdFromSubjectIdentifier($userAccountId->getValue());
                    Assertion::notNull($publicId, 'Unable to retrieve the user account using the \'id_token_hint\' parameter.');
                } else {
                    $publicId = $userAccountId->getValue();
                }
                $realUserAccountId = UserAccountId::create($publicId);

                $tmp = $this->userAccountRepository->findUserAccount($realUserAccountId);
                if (null !== $tmp) {
                    if (null !== $authorization->getUserAccount()) {
                        if ($tmp->getPublicId()->getValue() !== $authorization->getUserAccount()->getPublicId()->getValue()) {
                            throw new RedirectToLoginPageException($authorization);
                        }
                    }
                }
            } catch (\InvalidArgumentException $e) {
                throw new CreateRedirectionException($authorization, OAuth2ResponseFactoryManager::ERROR_INVALID_REQUEST, $e->getMessage());
            }
        }

        return $authorization;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2017 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace OAuth2Framework\Component\Server\Endpoint\Authorization\UserAccountDiscovery;
15
16			use Assert\Assertion;
17			use OAuth2Framework\Component\Server\Endpoint\Authorization\Authorization;
18			use OAuth2Framework\Component\Server\Endpoint\Authorization\Exception\CreateRedirectionException;
19			use OAuth2Framework\Component\Server\Endpoint\Authorization\Exception\RedirectToLoginPageException;
20			use OAuth2Framework\Component\Server\Endpoint\UserInfo\Pairwise\PairwiseSubjectIdentifierAlgorithmInterface;
21			use OAuth2Framework\Component\Server\Model\IdToken\IdToken;
22			use OAuth2Framework\Component\Server\Model\IdToken\IdTokenId;
23			use OAuth2Framework\Component\Server\Model\IdToken\IdTokenLoader;
24			use OAuth2Framework\Component\Server\Model\UserAccount\UserAccountId;
25			use OAuth2Framework\Component\Server\Model\UserAccount\UserAccountRepositoryInterface;
26			use OAuth2Framework\Component\Server\Response\OAuth2ResponseFactoryManager;
27			use Psr\Http\Message\ServerRequestInterface;
28
29			final class IdTokenHintDiscovery implements UserAccountDiscoveryInterface
30			{
31			/**
32			* @var IdTokenLoader
33			*/
34			private $idTokenLoader;
35
36			/**
37			* @var PairwiseSubjectIdentifierAlgorithmInterface\|null
38			*/
39			private $pairwiseAlgorithm = null;
40
41			/**
42			* @var UserAccountRepositoryInterface
43			*/
44			private $userAccountRepository;
45
46			/**
47			* IdTokenHintExtension constructor.
48			*
49			* @param IdTokenLoader $idTokenLoader
50			* @param UserAccountRepositoryInterface $userAccountRepository
51			*/
52			public function __construct(IdTokenLoader $idTokenLoader, UserAccountRepositoryInterface $userAccountRepository)
53			{
54			$this->idTokenLoader = $idTokenLoader;
55			$this->userAccountRepository = $userAccountRepository;
56			}
57
58			/**
59			* @param PairwiseSubjectIdentifierAlgorithmInterface $pairwiseAlgorithm
60			*/
61			public function enablePairwiseSubject(PairwiseSubjectIdentifierAlgorithmInterface $pairwiseAlgorithm)
62			{
63			$this->pairwiseAlgorithm = $pairwiseAlgorithm;
64			}
65
66			/**
67			* {@inheritdoc}
68			*/
69			public function find(ServerRequestInterface $request, Authorization $authorization, callable $next): Authorization
70			{
71			$authorization = $next($request, $authorization);
72			if ($authorization->hasQueryParam('id_token_hint')) {
73			try {
74			$idTokenId = IdTokenId::create($authorization->getQueryParam('id_token_hint'));
75			$idToken = $this->idTokenLoader->load($idTokenId);
76			Assertion::isInstanceOf($idToken, IdToken::class, 'The parameter \'id_token_hint\' does not contain a valid ID Token.');
77			$userAccountId = $idToken->getUserAccountId();
78			if (null !== $this->pairwiseAlgorithm) {
79			$publicId = $this->pairwiseAlgorithm->getPublicIdFromSubjectIdentifier($userAccountId->getValue());
80			Assertion::notNull($publicId, 'Unable to retrieve the user account using the \'id_token_hint\' parameter.');
81			} else {
82			$publicId = $userAccountId->getValue();
83			}
84			$realUserAccountId = UserAccountId::create($publicId);
85
86			$tmp = $this->userAccountRepository->findUserAccount($realUserAccountId);
87			if (null !== $tmp) {
88			if (null !== $authorization->getUserAccount()) {
89			if ($tmp->getPublicId()->getValue() !== $authorization->getUserAccount()->getPublicId()->getValue()) {
90			throw new RedirectToLoginPageException($authorization);
91			}
92			}
93			}
94			} catch (\InvalidArgumentException $e) {
95			throw new CreateRedirectionException($authorization, OAuth2ResponseFactoryManager::ERROR_INVALID_REQUEST, $e->getMessage());
96			}
97			}
98
99			return $authorization;
100			}
101			}
102

OAuth2-Framework / oauth2-framework

Pull Request — master (#37)

IdTokenHintDiscovery A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

3 Methods

Duplication Side-by-Side

Filter issues like