These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | |||
5 | /* |
||
6 | * The MIT License (MIT) |
||
7 | * |
||
8 | * Copyright (c) 2014-2018 Spomky-Labs |
||
9 | * |
||
10 | * This software may be modified and distributed under the terms |
||
11 | * of the MIT license. See the LICENSE file for details. |
||
12 | */ |
||
13 | |||
14 | namespace OAuth2Framework\Component\RefreshTokenGrant; |
||
15 | |||
16 | use OAuth2Framework\Component\Core\AccessToken\AccessToken; |
||
17 | use OAuth2Framework\Component\Core\Client\Client; |
||
18 | use OAuth2Framework\Component\Core\ResourceOwner\ResourceOwner; |
||
19 | use OAuth2Framework\Component\TokenEndpoint\Extension\TokenEndpointExtension; |
||
20 | use OAuth2Framework\Component\TokenEndpoint\GrantType; |
||
21 | use OAuth2Framework\Component\TokenEndpoint\GrantTypeData; |
||
22 | use Psr\Http\Message\ServerRequestInterface; |
||
23 | |||
24 | final class RefreshTokenEndpointExtension implements TokenEndpointExtension |
||
25 | { |
||
26 | /** |
||
27 | * @var int |
||
28 | */ |
||
29 | private $lifetime; |
||
30 | |||
31 | /** |
||
32 | * @var RefreshTokenRepository |
||
33 | */ |
||
34 | private $refreshTokenRepository; |
||
35 | |||
36 | public function __construct(int $lifetime, RefreshTokenRepository $refreshTokenRepository) |
||
37 | { |
||
38 | $this->lifetime = $lifetime; |
||
39 | $this->refreshTokenRepository = $refreshTokenRepository; |
||
40 | } |
||
41 | |||
42 | public function beforeAccessTokenIssuance(ServerRequestInterface $request, GrantTypeData $grantTypeData, GrantType $grantType, callable $next): GrantTypeData |
||
43 | { |
||
44 | return $next($request, $grantTypeData, $grantType); |
||
45 | } |
||
46 | |||
47 | public function afterAccessTokenIssuance(Client $client, ResourceOwner $resourceOwner, AccessToken $accessToken, callable $next): array |
||
48 | { |
||
49 | $result = $next($client, $resourceOwner, $accessToken); |
||
50 | $scope = $accessToken->getParameter()->has('scope') ? \explode(' ', $accessToken->getParameter()->get('scope')) : []; |
||
51 | if (\in_array('offline_access', $scope, true)) { |
||
52 | $expiresAt = new \DateTimeImmutable(\Safe\sprintf('now +%u seconds', $this->lifetime)); |
||
53 | $refreshToken = $this->refreshTokenRepository->create( |
||
54 | $accessToken->getClientId(), |
||
55 | $accessToken->getResourceOwnerId(), |
||
56 | $accessToken->getParameter(), |
||
57 | $accessToken->getMetadata(), |
||
58 | $expiresAt, |
||
0 ignored issues
–
show
|
|||
59 | null |
||
60 | ); |
||
61 | $refreshToken->addAccessToken($accessToken->getTokenId()); |
||
62 | $this->refreshTokenRepository->save($refreshToken); |
||
63 | $result['refresh_token'] = $refreshToken->getTokenId()->getValue(); |
||
64 | } |
||
65 | |||
66 | return $result; |
||
67 | } |
||
68 | } |
||
69 |
This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass.
Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type.