ClientAuthenticationMiddleware::checkClient() - Code Metrics - Inspection of "Tests added" - OAuth2-Framework/oauth2-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — ng ( 6e48f5...81cfdf )

by Florent

created 2018-01-21 16:34 UTC

ClientAuthenticationMiddleware::checkClient() A

↳ Parent: ClientAuthenticationMiddleware

Complexity

Conditions	4
Paths	3

Size

Total Lines	9
Code Lines	5

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	9
rs	9.2
c	0
b	0
f	0
cc	4
eloc	5
nc	3
nop	1

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2018 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace OAuth2Framework\Component\Server\TokenEndpoint;

use Interop\Http\Server\RequestHandlerInterface;
use Interop\Http\Server\MiddlewareInterface;
use OAuth2Framework\Component\Server\Core\Client\Client;
use OAuth2Framework\Component\Server\Core\Client\ClientRepository;
use OAuth2Framework\Component\Server\Core\Response\OAuth2Exception;
use OAuth2Framework\Component\Server\TokenEndpoint\AuthenticationMethod\AuthenticationMethod;
use OAuth2Framework\Component\Server\TokenEndpoint\AuthenticationMethod\AuthenticationMethodManager;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

final class ClientAuthenticationMiddleware implements MiddlewareInterface
{
    /**
     * @var AuthenticationMethodManager
     */
    private $authenticationMethodManager;

    /**
     * @var ClientRepository
     */
    private $clientRepository;

    /**
     * ClientAuthenticationMiddleware constructor.
     *
     * @param ClientRepository            $clientRepository
     * @param AuthenticationMethodManager $authenticationMethodManager
     */
    public function __construct(ClientRepository $clientRepository, AuthenticationMethodManager $authenticationMethodManager)
    {
        $this->clientRepository = $clientRepository;
        $this->authenticationMethodManager = $authenticationMethodManager;
    }

    /**
     * {@inheritdoc}
     */
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        try {
            $clientId = $this->authenticationMethodManager->findClientIdAndCredentials($request, $authentication_method, $client_credentials);
            if (null !== $clientId) {
                $client = $this->clientRepository->find($clientId);
                $this->checkClient($client);
                $this->checkAuthenticationMethod($request, $client, $authentication_method, $client_credentials);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
                $request = $request->withAttribute('client', $client);
                $request = $request->withAttribute('client_authentication_method', $authentication_method);
                $request = $request->withAttribute('client_credentials', $client_credentials);
            }
        } catch (\Exception $e) {
            throw new OAuth2Exception(401, OAuth2Exception::ERROR_INVALID_CLIENT, $e->getMessage(), [], $e);
        }

        return $handler->handle($request);
    }

    /**
     * @param null|Client $client
     */
    private function checkClient(?Client $client)
    {
        if (null === $client || $client->isDeleted()) {
            throw new \InvalidArgumentException('Unknown client or client not authenticated.');
        }
        if ($client->areClientCredentialsExpired()) {
            throw new \InvalidArgumentException('Client credentials expired.');
        }
    }

    /**
     * @param ServerRequestInterface $request
     * @param Client                 $client
     * @param AuthenticationMethod   $authenticationMethod
     * @param mixed                  $client_credentials
     */
    private function checkAuthenticationMethod(ServerRequestInterface $request, Client $client, AuthenticationMethod $authenticationMethod, $client_credentials)
    {
        if (!$client->has('token_endpoint_auth_method') || !in_array($client->get('token_endpoint_auth_method'), $authenticationMethod->getSupportedMethods())) {
            throw new \InvalidArgumentException('Unknown client or client not authenticated.');
        }
        if (!$authenticationMethod->isClientAuthenticated($client, $client_credentials, $request)) {
            throw new \InvalidArgumentException('Unknown client or client not authenticated.');
        }
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2018 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace OAuth2Framework\Component\Server\TokenEndpoint;
15
16			use Interop\Http\Server\RequestHandlerInterface;
17			use Interop\Http\Server\MiddlewareInterface;
18			use OAuth2Framework\Component\Server\Core\Client\Client;
19			use OAuth2Framework\Component\Server\Core\Client\ClientRepository;
20			use OAuth2Framework\Component\Server\Core\Response\OAuth2Exception;
21			use OAuth2Framework\Component\Server\TokenEndpoint\AuthenticationMethod\AuthenticationMethod;
22			use OAuth2Framework\Component\Server\TokenEndpoint\AuthenticationMethod\AuthenticationMethodManager;
23			use Psr\Http\Message\ResponseInterface;
24			use Psr\Http\Message\ServerRequestInterface;
25
26			final class ClientAuthenticationMiddleware implements MiddlewareInterface
27			{
28			/**
29			* @var AuthenticationMethodManager
30			*/
31			private $authenticationMethodManager;
32
33			/**
34			* @var ClientRepository
35			*/
36			private $clientRepository;
37
38			/**
39			* ClientAuthenticationMiddleware constructor.
40			*
41			* @param ClientRepository $clientRepository
42			* @param AuthenticationMethodManager $authenticationMethodManager
43			*/
44			public function __construct(ClientRepository $clientRepository, AuthenticationMethodManager $authenticationMethodManager)
45			{
46			$this->clientRepository = $clientRepository;
47			$this->authenticationMethodManager = $authenticationMethodManager;
48			}
49
50			/**
51			* {@inheritdoc}
52			*/
53			public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
54			{
55			try {
56			$clientId = $this->authenticationMethodManager->findClientIdAndCredentials($request, $authentication_method, $client_credentials);
57			if (null !== $clientId) {
58			$client = $this->clientRepository->find($clientId);
59			$this->checkClient($client);
60			$this->checkAuthenticationMethod($request, $client, $authentication_method, $client_credentials);
			0 ignored issues – show Bug introduced 2018-01-21 16:38 UTC by Report Bug Copy Issue Report It seems like `$client` defined by `$this->clientRepository->find($clientId)` on line `58` can be `null`; however, `OAuth2Framework\Componen...kAuthenticationMethod()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null / function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history... Bug introduced 2018-01-21 16:38 UTC by Report Bug Copy Issue Report It seems like `$authentication_method` can be `null`; however, `checkAuthenticationMethod()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /* @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
61			$request = $request->withAttribute('client', $client);
62			$request = $request->withAttribute('client_authentication_method', $authentication_method);
63			$request = $request->withAttribute('client_credentials', $client_credentials);
64			}
65			} catch (\Exception $e) {
66			throw new OAuth2Exception(401, OAuth2Exception::ERROR_INVALID_CLIENT, $e->getMessage(), [], $e);
67			}
68
69			return $handler->handle($request);
70			}
71
72			/**
73			* @param null\|Client $client
74			*/
75			private function checkClient(?Client $client)
76			{
77			if (null === $client \|\| $client->isDeleted()) {
78			throw new \InvalidArgumentException('Unknown client or client not authenticated.');
79			}
80			if ($client->areClientCredentialsExpired()) {
81			throw new \InvalidArgumentException('Client credentials expired.');
82			}
83			}
84
85			/**
86			* @param ServerRequestInterface $request
87			* @param Client $client
88			* @param AuthenticationMethod $authenticationMethod
89			* @param mixed $client_credentials
90			*/
91			private function checkAuthenticationMethod(ServerRequestInterface $request, Client $client, AuthenticationMethod $authenticationMethod, $client_credentials)
92			{
93			if (!$client->has('token_endpoint_auth_method') \|\| !in_array($client->get('token_endpoint_auth_method'), $authenticationMethod->getSupportedMethods())) {
94			throw new \InvalidArgumentException('Unknown client or client not authenticated.');
95			}
96			if (!$authenticationMethod->isClientAuthenticated($client, $client_credentials, $request)) {
97			throw new \InvalidArgumentException('Unknown client or client not authenticated.');
98			}
99			}
100			}
101

OAuth2-Framework / oauth2-framework

Push — ng ( 6e48f5...81cfdf )

ClientAuthenticationMiddleware::checkClient() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like