IdTokenHintDiscovery - Code Metrics - Inspection of "Use of the last v1.1@beta JWT framework components" - OAuth2-Framework/oauth2-framework - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — ng ( a36945...8b0de7 )

by Florent

created 2018-03-21 12:26 UTC

IdTokenHintDiscovery A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	81
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	9

Importance

Changes

Metric	Value
wmc	12
lcom	1
cbo	9
dl	0
loc	81
rs	10
c	0
b	0
f	0

4 Methods

Rating	Name	Size	Complexity
A	__construct()	5	1
A	enablePairwiseSubject()	4	1
A	find()	4	1
D	check()	32	9

<?php

declare(strict_types=1);

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2014-2018 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace OAuth2Framework\Component\AuthorizationEndpoint\UserAccountDiscovery;

use OAuth2Framework\Component\AuthorizationEndpoint\Authorization;
use OAuth2Framework\Component\AuthorizationEndpoint\Exception\CreateRedirectionException;
use OAuth2Framework\Component\Core\Exception\OAuth2Exception;
use OAuth2Framework\Component\Core\UserAccount\UserAccount;
use OAuth2Framework\Component\Core\UserAccount\UserAccountId;
use OAuth2Framework\Component\Core\UserAccount\UserAccountRepository;
use OAuth2Framework\Component\OpenIdConnect\IdToken;
use OAuth2Framework\Component\OpenIdConnect\IdTokenId;
use OAuth2Framework\Component\OpenIdConnect\IdTokenLoader;
use OAuth2Framework\Component\OpenIdConnect\UserInfo\Pairwise\PairwiseSubjectIdentifierAlgorithm;

class IdTokenHintDiscovery implements UserAccountDiscovery
{
    /**
     * @var IdTokenLoader
     */
    private $idTokenLoader;

    /**
     * @var PairwiseSubjectIdentifierAlgorithm|null
     */
    private $pairwiseAlgorithm = null;

    /**
     * @var UserAccountRepository
     */
    private $userAccountRepository;

    /**
     * IdTokenHintExtension constructor.
     *
     * @param IdTokenLoader         $idTokenLoader
     * @param UserAccountRepository $userAccountRepository
     */
    public function __construct(IdTokenLoader $idTokenLoader, UserAccountRepository $userAccountRepository)
    {
        $this->idTokenLoader = $idTokenLoader;
        $this->userAccountRepository = $userAccountRepository;
    }

    /**
     * @param PairwiseSubjectIdentifierAlgorithm $pairwiseAlgorithm
     */
    public function enablePairwiseSubject(PairwiseSubjectIdentifierAlgorithm $pairwiseAlgorithm)
    {
        $this->pairwiseAlgorithm = $pairwiseAlgorithm;
    }

    /**
     * {@inheritdoc}
     */
    public function find(Authorization $authorization, ?bool &$isFullyAuthenticated = null): ?UserAccount
    {
        return null;
    }

    /**
     * {@inheritdoc}
     */
    public function check(Authorization $authorization)
    {
        if ($authorization->hasQueryParam('id_token_hint')) {
            try {
                $idTokenId = IdTokenId::create($authorization->getQueryParam('id_token_hint'));
                $idToken = $this->idTokenLoader->load($idTokenId);
                if (!$idToken instanceof IdToken) {
                    throw new \InvalidArgumentException('The parameter "id_token_hint" does not contain a valid ID Token.');
                }
                $userAccountId = $idToken->getUserAccountId();
                if (null !== $this->pairwiseAlgorithm) {
                    $publicId = $this->pairwiseAlgorithm->getPublicIdFromSubjectIdentifier($userAccountId->getValue());
                    if (null === $publicId) {
                        throw new \InvalidArgumentException('Unable to retrieve the user account using the "id_token_hint" parameter.');
                    }
                } else {
                    $publicId = $userAccountId->getValue();
                }
                $realUserAccountId = UserAccountId::create($publicId);

                $userAccount = $this->userAccountRepository->find($realUserAccountId);
                if (null === $userAccount) {
                    throw new \InvalidArgumentException('Unable to retrieve the user account using the "id_token_hint" parameter.');
                }
                if (null !== $userAccount && $userAccount->getPublicId()->getValue() !== $authorization->getUserAccount()->getPublicId()->getValue()) {
                    throw new \InvalidArgumentException('Unable to retrieve the user account using the "id_token_hint" parameter.');
                }
            } catch (\InvalidArgumentException $e) {
                throw new CreateRedirectionException($authorization, OAuth2Exception::ERROR_INVALID_REQUEST, $e->getMessage());
            }
        }
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* The MIT License (MIT)
7			*
8			* Copyright (c) 2014-2018 Spomky-Labs
9			*
10			* This software may be modified and distributed under the terms
11			* of the MIT license. See the LICENSE file for details.
12			*/
13
14			namespace OAuth2Framework\Component\AuthorizationEndpoint\UserAccountDiscovery;
15
16			use OAuth2Framework\Component\AuthorizationEndpoint\Authorization;
17			use OAuth2Framework\Component\AuthorizationEndpoint\Exception\CreateRedirectionException;
18			use OAuth2Framework\Component\Core\Exception\OAuth2Exception;
19			use OAuth2Framework\Component\Core\UserAccount\UserAccount;
20			use OAuth2Framework\Component\Core\UserAccount\UserAccountId;
21			use OAuth2Framework\Component\Core\UserAccount\UserAccountRepository;
22			use OAuth2Framework\Component\OpenIdConnect\IdToken;
23			use OAuth2Framework\Component\OpenIdConnect\IdTokenId;
24			use OAuth2Framework\Component\OpenIdConnect\IdTokenLoader;
25			use OAuth2Framework\Component\OpenIdConnect\UserInfo\Pairwise\PairwiseSubjectIdentifierAlgorithm;
26
27			class IdTokenHintDiscovery implements UserAccountDiscovery
28			{
29			/**
30			* @var IdTokenLoader
31			*/
32			private $idTokenLoader;
33
34			/**
35			* @var PairwiseSubjectIdentifierAlgorithm\|null
36			*/
37			private $pairwiseAlgorithm = null;
38
39			/**
40			* @var UserAccountRepository
41			*/
42			private $userAccountRepository;
43
44			/**
45			* IdTokenHintExtension constructor.
46			*
47			* @param IdTokenLoader $idTokenLoader
48			* @param UserAccountRepository $userAccountRepository
49			*/
50			public function __construct(IdTokenLoader $idTokenLoader, UserAccountRepository $userAccountRepository)
51			{
52			$this->idTokenLoader = $idTokenLoader;
53			$this->userAccountRepository = $userAccountRepository;
54			}
55
56			/**
57			* @param PairwiseSubjectIdentifierAlgorithm $pairwiseAlgorithm
58			*/
59			public function enablePairwiseSubject(PairwiseSubjectIdentifierAlgorithm $pairwiseAlgorithm)
60			{
61			$this->pairwiseAlgorithm = $pairwiseAlgorithm;
62			}
63
64			/**
65			* {@inheritdoc}
66			*/
67			public function find(Authorization $authorization, ?bool &$isFullyAuthenticated = null): ?UserAccount
68			{
69			return null;
70			}
71
72			/**
73			* {@inheritdoc}
74			*/
75			public function check(Authorization $authorization)
76			{
77			if ($authorization->hasQueryParam('id_token_hint')) {
78			try {
79			$idTokenId = IdTokenId::create($authorization->getQueryParam('id_token_hint'));
80			$idToken = $this->idTokenLoader->load($idTokenId);
81			if (!$idToken instanceof IdToken) {
82			throw new \InvalidArgumentException('The parameter "id_token_hint" does not contain a valid ID Token.');
83			}
84			$userAccountId = $idToken->getUserAccountId();
85			if (null !== $this->pairwiseAlgorithm) {
86			$publicId = $this->pairwiseAlgorithm->getPublicIdFromSubjectIdentifier($userAccountId->getValue());
87			if (null === $publicId) {
88			throw new \InvalidArgumentException('Unable to retrieve the user account using the "id_token_hint" parameter.');
89			}
90			} else {
91			$publicId = $userAccountId->getValue();
92			}
93			$realUserAccountId = UserAccountId::create($publicId);
94
95			$userAccount = $this->userAccountRepository->find($realUserAccountId);
96			if (null === $userAccount) {
97			throw new \InvalidArgumentException('Unable to retrieve the user account using the "id_token_hint" parameter.');
98			}
99			if (null !== $userAccount && $userAccount->getPublicId()->getValue() !== $authorization->getUserAccount()->getPublicId()->getValue()) {
100			throw new \InvalidArgumentException('Unable to retrieve the user account using the "id_token_hint" parameter.');
101			}
102			} catch (\InvalidArgumentException $e) {
103			throw new CreateRedirectionException($authorization, OAuth2Exception::ERROR_INVALID_REQUEST, $e->getMessage());
104			}
105			}
106			}
107			}
108

OAuth2-Framework / oauth2-framework

Push — ng ( a36945...8b0de7 )

IdTokenHintDiscovery A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

4 Methods

Duplication Side-by-Side

Filter issues like