AbstractSignatureMethod::checkSignature() - Code Metrics - Inspection of "Fix(example): Issues from Scrutinizer" - SocialConnect/auth - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — master (bda8d5)

by Дмитрий

created 2019-07-16 11:43 UTC

AbstractSignatureMethod::checkSignature() A

↳ Parent: Project

Complexity

Conditions	5
Paths	4

Size

Total Lines	18
Code Lines	9

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	30

Importance

Changes

Metric	Value
eloc	9
dl	0
loc	18
rs	9.6111
c	0
b	0
f	0
ccs	0
cts	10
cp	0
cc	5
nc	4
nop	4
crap	30

<?php
/**
 * SocialConnect project
 * @author: Patsura Dmitry https://github.com/ovr <[email protected]>
 */

namespace SocialConnect\OAuth1\Signature;

use SocialConnect\Provider\Consumer;
use SocialConnect\OAuth1\Request;
use SocialConnect\OAuth1\Token;

abstract class AbstractSignatureMethod
{
    /**
     * Needs to return the name of the Signature Method (ie HMAC-SHA1)
     *
     * @return string
     */
    abstract public function getName();

    /**
     * Build up the signature
     * NOTE: The output of this function MUST NOT be urlencoded.
     * the encoding is handled in OAuthRequest when the final
     * request is serialized
     *
     * @param Request $request
     * @param Consumer $consumer
     * @param Token $token
     * @return string
     */
    abstract public function buildSignature(Request $request, Consumer $consumer, Token $token);

    /**
     * Verifies that a given signature is correct
     *
     * @param Request $request
     * @param Consumer $consumer
     * @param Token $token
     * @param string $signature
     * @return bool
     */
    public function checkSignature(Request $request, Consumer $consumer, Token $token, $signature)
    {
        $built = $this->buildSignature($request, $consumer, $token);
        if (strlen($built) == 0 || strlen($signature) == 0) { // Check for zero length, although unlikely here
            return false;
        }

        if (strlen($built) != strlen($signature)) {
            return false;
        }

        // Avoid a timing leak with a (hopefully) time insensitive compare
        $result = 0;
        for ($i = 0; $i < strlen($signature); $i ++) {
            $result |= ord($built {$i}) ^ ord($signature {$i});
        }

        return $result == 0;
    }
}


1			<?php
2			/**
3			* SocialConnect project
4			* @author: Patsura Dmitry https://github.com/ovr <[email protected]>
5			*/
6
7			namespace SocialConnect\OAuth1\Signature;
8
9			use SocialConnect\Provider\Consumer;
10			use SocialConnect\OAuth1\Request;
11			use SocialConnect\OAuth1\Token;
12
13			abstract class AbstractSignatureMethod
14			{
15			/**
16			* Needs to return the name of the Signature Method (ie HMAC-SHA1)
17			*
18			* @return string
19			*/
20			abstract public function getName();
21
22			/**
23			* Build up the signature
24			* NOTE: The output of this function MUST NOT be urlencoded.
25			* the encoding is handled in OAuthRequest when the final
26			* request is serialized
27			*
28			* @param Request $request
29			* @param Consumer $consumer
30			* @param Token $token
31			* @return string
32			*/
33			abstract public function buildSignature(Request $request, Consumer $consumer, Token $token);
34
35			/**
36			* Verifies that a given signature is correct
37			*
38			* @param Request $request
39			* @param Consumer $consumer
40			* @param Token $token
41			* @param string $signature
42			* @return bool
43			*/
44			public function checkSignature(Request $request, Consumer $consumer, Token $token, $signature)
45			{
46			$built = $this->buildSignature($request, $consumer, $token);
47			if (strlen($built) == 0 \|\| strlen($signature) == 0) { // Check for zero length, although unlikely here
48			return false;
49			}
50
51			if (strlen($built) != strlen($signature)) {
52			return false;
53			}
54
55			// Avoid a timing leak with a (hopefully) time insensitive compare
56			$result = 0;
57			for ($i = 0; $i < strlen($signature); $i ++) {
58			$result \|= ord($built {$i}) ^ ord($signature {$i});
59			}
60
61			return $result == 0;
62			}
63			}
64

SocialConnect / auth

Branch — master (bda8d5)

AbstractSignatureMethod::checkSignature() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like