These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * SocialConnect project |
||
4 | * @author: Patsura Dmitry https://github.com/ovr <[email protected]> |
||
5 | */ |
||
6 | |||
7 | namespace SocialConnect\OAuth2; |
||
8 | |||
9 | use SocialConnect\Provider\AccessTokenInterface; |
||
10 | use SocialConnect\Provider\Exception\InvalidAccessToken; |
||
11 | |||
12 | class AccessToken implements AccessTokenInterface |
||
13 | { |
||
14 | /** |
||
15 | * @var string |
||
16 | */ |
||
17 | protected $token; |
||
18 | |||
19 | /** |
||
20 | * @var int|null |
||
21 | */ |
||
22 | protected $expires; |
||
23 | |||
24 | /** |
||
25 | * @var integer|null |
||
26 | */ |
||
27 | protected $uid; |
||
28 | |||
29 | /** |
||
30 | * @param array $token |
||
31 | * @throws InvalidAccessToken |
||
32 | */ |
||
33 | 55 | public function __construct(array $token) |
|
34 | { |
||
35 | 55 | if (!isset($token['access_token'])) { |
|
36 | 1 | throw new InvalidAccessToken( |
|
37 | 'API returned data without access_token field' |
||
38 | 1 | ); |
|
39 | } |
||
40 | |||
41 | 54 | $this->token = $token['access_token']; |
|
42 | |||
43 | // Show preference to 'expires_in' since it is defined in RFC6749 Section 5.1. |
||
44 | // Defer to 'expires' if it is provided instead. |
||
45 | 54 | if (isset($token['expires_in'])) { |
|
46 | 1 | if (!is_numeric($token['expires_in'])) { |
|
47 | throw new InvalidAccessToken('expires_in value must be an integer'); |
||
48 | } |
||
49 | |||
50 | 1 | $this->expires = $token['expires_in'] != 0 ? time() + $token['expires_in'] : 0; |
|
0 ignored issues
–
show
|
|||
51 | 54 | } elseif (!empty($token['expires'])) { |
|
52 | // Some providers supply the seconds until expiration rather than |
||
53 | // the exact timestamp. Take a best guess at which we received. |
||
54 | 1 | $expires = $token['expires']; |
|
55 | 1 | if (!$this->isExpirationTimestamp($expires)) { |
|
56 | $expires += time(); |
||
57 | } |
||
58 | |||
59 | 1 | $this->expires = $expires; |
|
60 | 1 | } |
|
61 | |||
62 | 54 | if (isset($token['user_id'])) { |
|
63 | 17 | $this->uid = $token['user_id']; |
|
64 | 17 | } |
|
65 | 54 | } |
|
66 | |||
67 | /** |
||
68 | * Check if a value is an expiration timestamp or second value. |
||
69 | * |
||
70 | * @param integer $value |
||
71 | * @return bool |
||
72 | */ |
||
73 | 1 | protected function isExpirationTimestamp($value) |
|
74 | { |
||
75 | // If the given value is larger than the original OAuth 2 draft date, |
||
76 | // assume that it is meant to be a (possible expired) timestamp. |
||
77 | 1 | $oauth2InceptionDate = 1349067600; // 2012-10-01 |
|
78 | 1 | return ($value > $oauth2InceptionDate); |
|
79 | } |
||
80 | |||
81 | /** |
||
82 | * @return string |
||
83 | */ |
||
84 | 54 | public function getToken() |
|
85 | { |
||
86 | 54 | return $this->token; |
|
87 | } |
||
88 | |||
89 | /** |
||
90 | * @param int|null $uid |
||
91 | */ |
||
92 | 2 | public function setUid($uid) |
|
93 | { |
||
94 | 2 | $this->uid = $uid; |
|
95 | 2 | } |
|
96 | |||
97 | /** |
||
98 | * @return integer |
||
99 | */ |
||
100 | 19 | public function getUserId() |
|
101 | { |
||
102 | 19 | return $this->uid; |
|
103 | } |
||
104 | |||
105 | /** |
||
106 | * @return int|null |
||
107 | */ |
||
108 | 3 | public function getExpires() |
|
109 | { |
||
110 | 3 | return $this->expires; |
|
111 | } |
||
112 | } |
||
113 |
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly.
For example, imagine you have a variable
$accountId
that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to theid
property of an instance of theAccount
class. This class holds a proper account, so the id value must no longer be false.Either this assignment is in error or a type check should be added for that assignment.