CSRFCheckerMiddleware::process() - Code Metrics - Inspection of "PSR-15 compliance" - Ocramius/PSR7Csrf - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#5)

by Marco

created 2018-01-28 09:25 UTC

CSRFCheckerMiddleware::process() B

↳ Parent: CSRFCheckerMiddleware

Complexity

Conditions	6
Paths	9

Size

Total Lines	27
Code Lines	18

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	14
CRAP Score	6

Importance

Changes

Metric	Value
dl	0
loc	27
ccs	14
cts	14
cp	1
rs	8.439
c	0
b	0
f	0
cc	6
eloc	18
nc	9
nop	2
crap	6

<?php

declare(strict_types=1);

namespace PSR7Csrf;

use BadMethodCallException;
use InvalidArgumentException;
use Lcobucci\JWT\Parser;
use Lcobucci\JWT\Signer;
use Lcobucci\JWT\ValidationData;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use PSR7Csrf\Exception\SessionAttributeNotFoundException;
use PSR7Csrf\HttpMethod\IsSafeHttpRequestInterface;
use PSR7Csrf\RequestParameter\ExtractCSRFParameterInterface;
use PSR7Csrf\Session\ExtractUniqueKeyFromSessionInterface;
use PSR7Sessions\Storageless\Session\SessionInterface;

final class CSRFCheckerMiddleware implements \Psr\Http\Server\MiddlewareInterface
{
    /**
     * @var Signer
     */
    private $signer;

    /**
     * @var Parser
     */
    private $tokenParser;

    /**
     * @var IsSafeHttpRequestInterface
     */
    private $isSafeHttpRequest;

    /**
     * @var ExtractUniqueKeyFromSessionInterface
     */
    private $extractUniqueKeyFromSession;

    /**
     * @var ExtractCSRFParameterInterface
     */
    private $extractCSRFParameter;

    /**
     * @var string
     */
    private $sessionAttribute;

    /**
     * @var ResponseInterface
     */
    private $faultyResponse;

    public function __construct(
        IsSafeHttpRequestInterface $isSafeHttpRequest,
        ExtractUniqueKeyFromSessionInterface $extractUniqueKeyFromSession,
        ExtractCSRFParameterInterface $extractCSRFParameter,
        Parser $tokenParser,
        Signer $signer,
        string $sessionAttribute,
        ResponseInterface $faultyResponse
    ) {
        $this->isSafeHttpRequest           = $isSafeHttpRequest;
        $this->extractUniqueKeyFromSession = $extractUniqueKeyFromSession;
        $this->extractCSRFParameter        = $extractCSRFParameter;
        $this->tokenParser                 = $tokenParser;
        $this->signer                      = $signer;
        $this->sessionAttribute            = $sessionAttribute;
        $this->faultyResponse              = $faultyResponse;
    }

    public function process(
        ServerRequestInterface $request,
        RequestHandlerInterface $handler
    ) : ResponseInterface {
        if ($this->isSafeHttpRequest->__invoke($request)) {
            return $handler->handle($request);
        }

        try {
            $token = $this->tokenParser->parse($this->extractCSRFParameter->__invoke($request));

            if ($token->validate(new ValidationData())
                && $token->verify(
                    $this->signer,
                    $this->extractUniqueKeyFromSession->__invoke($this->getSession($request))
                )
            ) {
                return $handler->handle($request);
            }
        } catch (BadMethodCallException $invalidToken) {
            return $this->faultyResponse;
        } catch (InvalidArgumentException $invalidToken) {
            return $this->faultyResponse;
        }

        return $this->faultyResponse;
    }

    private function getSession(ServerRequestInterface $request) : SessionInterface
    {
        $session = $request->getAttribute($this->sessionAttribute);

        if (! $session instanceof SessionInterface) {
            throw SessionAttributeNotFoundException::fromAttributeNameAndRequest($this->sessionAttribute, $request);
        }

        return $session;
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace PSR7Csrf;
6
7		use BadMethodCallException;
8		use InvalidArgumentException;
9		use Lcobucci\JWT\Parser;
10		use Lcobucci\JWT\Signer;
11		use Lcobucci\JWT\ValidationData;
12		use Psr\Http\Message\ResponseInterface;
13		use Psr\Http\Message\ServerRequestInterface;
14		use Psr\Http\Server\RequestHandlerInterface;
15		use PSR7Csrf\Exception\SessionAttributeNotFoundException;
16		use PSR7Csrf\HttpMethod\IsSafeHttpRequestInterface;
17		use PSR7Csrf\RequestParameter\ExtractCSRFParameterInterface;
18		use PSR7Csrf\Session\ExtractUniqueKeyFromSessionInterface;
19		use PSR7Sessions\Storageless\Session\SessionInterface;
20
21		final class CSRFCheckerMiddleware implements \Psr\Http\Server\MiddlewareInterface
22		{
23		/**
24		* @var Signer
25		*/
26		private $signer;
27
28		/**
29		* @var Parser
30		*/
31		private $tokenParser;
32
33		/**
34		* @var IsSafeHttpRequestInterface
35		*/
36		private $isSafeHttpRequest;
37
38		/**
39		* @var ExtractUniqueKeyFromSessionInterface
40		*/
41		private $extractUniqueKeyFromSession;
42
43		/**
44		* @var ExtractCSRFParameterInterface
45		*/
46		private $extractCSRFParameter;
47
48		/**
49		* @var string
50		*/
51		private $sessionAttribute;
52
53	9	/**
54		* @var ResponseInterface
55		*/
56		private $faultyResponse;
57
58		public function __construct(
59		IsSafeHttpRequestInterface $isSafeHttpRequest,
60		ExtractUniqueKeyFromSessionInterface $extractUniqueKeyFromSession,
61	9	ExtractCSRFParameterInterface $extractCSRFParameter,
62	9	Parser $tokenParser,
63	9	Signer $signer,
64	9	string $sessionAttribute,
65	9	ResponseInterface $faultyResponse
66	9	) {
67	9	$this->isSafeHttpRequest = $isSafeHttpRequest;
68		$this->extractUniqueKeyFromSession = $extractUniqueKeyFromSession;
69	9	$this->extractCSRFParameter = $extractCSRFParameter;
70		$this->tokenParser = $tokenParser;
71		$this->signer = $signer;
72		$this->sessionAttribute = $sessionAttribute;
73		$this->faultyResponse = $faultyResponse;
74	9	}
75	2
76		public function process(
77		ServerRequestInterface $request,
78		RequestHandlerInterface $handler
79	7	) : ResponseInterface {
80		if ($this->isSafeHttpRequest->__invoke($request)) {
81	6	return $handler->handle($request);
82	5	}
83	5
84	6	try {
85		$token = $this->tokenParser->parse($this->extractCSRFParameter->__invoke($request));
86
87	4	if ($token->validate(new ValidationData())
88		&& $token->verify(
89	3	$this->signer,
90	1	$this->extractUniqueKeyFromSession->__invoke($this->getSession($request))
91	2	)
92	1	) {
93		return $handler->handle($request);
94		}
95	2	} catch (BadMethodCallException $invalidToken) {
96		return $this->faultyResponse;
97		} catch (InvalidArgumentException $invalidToken) {
98	5	return $this->faultyResponse;
99		}
100	5
101		return $this->faultyResponse;
102	5	}
103	1
104		private function getSession(ServerRequestInterface $request) : SessionInterface
105		{
106	4	$session = $request->getAttribute($this->sessionAttribute);
107
108		if (! $session instanceof SessionInterface) {
109	4	throw SessionAttributeNotFoundException::fromAttributeNameAndRequest($this->sessionAttribute, $request);
110		}
111
112		return $session;
113		}
114		}
115

Ocramius / PSR7Csrf

Pull Request — master (#5)

CSRFCheckerMiddleware::process() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like