WampCraAuthProvider - Code Metrics - Inspection of "Merge remote-tracking branch 'origin/thruway-0.4'..." - WyriHaximus/Ratchet - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — thruway-0.4 ( 3d0cda...b1828d )

by Cees-Jan

created 2017-01-30 15:14 UTC

WampCraAuthProvider A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	138
Duplicated Lines	0 %

Coupling/Cohesion

Components	0
Dependencies	3

Importance

Changes

Metric	Value
c	0
b	0
f	0
dl	0
loc	138
rs	10
wmc	17
lcom	0
cbo	3

3 Methods

Rating	Name	Size	Complexity
A	getMethodName()	4	1
C	processHello()	74	10
B	processAuthenticate()	36	6

<?php

/*
 * This file is part of Ratchet.
 *
 ** (c) 2016 Cees-Jan Kiewiet
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace WyriHaximus\Ratchet\Security;

use Thruway\Authentication\AbstractAuthProviderClient;
use Thruway\Message\HelloMessage;
use Thruway\Message\Message;

/**
 * Class WampCraAuthProvider
 *
 * @package Thruway\Authentication
 */
class WampCraAuthProvider extends AbstractAuthProviderClient
{
    /**
     * @return string
     */
    public function getMethodName()
    {
        return 'wampcra';
    }

    /**
     * The arguments given by the server are the actual hello message ($args[0])
     * and some session information ($args[1])
     *
     * The session information is an associative array that contains the sessionId and realm
     *
     * @param array $args
     * @return array
     */
    public function processHello(array $args)
    {
        debug($args);
        $helloMsg    = array_shift($args);
        $sessionInfo = array_shift($args);

        if (!is_array($helloMsg)) {
            return ["ERROR"];
        }

        if (!is_object($sessionInfo)) {
            return ["ERROR"];
        }

        $helloMsg = Message::createMessageFromArray($helloMsg);

        if (!$helloMsg instanceof HelloMessage
            || !$sessionInfo
            || !isset($helloMsg->getDetails()->authid)
            || !$this->getUserDb() instanceof WampCraUserDbInterface
if ($x instanceof DoesNotExist) {
    // Do something.
}
        ) {
            return ["ERROR"];
        }

        $authid = $helloMsg->getDetails()->authid;
        $user   = $this->getUserDb()->get($authid);


        if (!$user) {
            return ["FAILURE"];
        }

        // create a challenge
        $nonce        = bin2hex(mcrypt_create_iv(22, MCRYPT_DEV_URANDOM));
        $authRole     = "user";
        $authMethod   = "wampcra";
        $authProvider = "userdb";
        $now          = new \DateTime();
        $timeStamp    = $now->format($now::ISO8601);
        if (!isset($sessionInfo->sessionId)) {
            return ["ERROR"];
        }
        $sessionId    = $sessionInfo->sessionId;

        $challenge = [
            "authid"       => $authid,
            "authrole"     => $authRole,
            "authprovider" => $authProvider,
            "authmethod"   => $authMethod,
            "nonce"        => $nonce,
            "timestamp"    => $timeStamp,
            "session"      => $sessionId
        ];

        $serializedChallenge = json_encode($challenge);

        $challengeDetails = [
            "challenge"        => $serializedChallenge,
            "challenge_method" => $this->getMethodName()
        ];

        if ($user['salt'] !== null) {
            // we are using salty password
            $saltInfo = [
                "salt"       => $user['salt'],
                "keylen"     => 32,
                "iterations" => 1000
            ];

            $challengeDetails = array_merge($challengeDetails, $saltInfo);
        }

        return ["CHALLENGE", (object)$challengeDetails];

    }

    /**
     * Process authenticate
     *
     * @param mixed $signature
     * @param mixed $extra
     * @return array
     */
    public function processAuthenticate($signature, $extra = null)
    {
debug([$signature, $extra]);
        $challenge = $this->getChallengeFromExtra($extra);


        if (!$challenge
            || !isset($challenge->authid)
            || !$this->getUserDb() instanceof WampCraUserDbInterface
if ($x instanceof DoesNotExist) {
    // Do something.
}
        ) {
            return ["FAILURE"];
        }

        $authid = $challenge->authid;
        $user   = $this->getUserDb()->get($authid);


        if (!$user) {
            return ["FAILURE"];
        }

        $keyToUse = $user['key'];
        $token    = base64_encode(hash_hmac('sha256', json_encode($challenge), $keyToUse, true));

        if ($token != $signature) {
            return ["FAILURE"];
        }

        $authDetails = [
            "authmethod"   => "wampcra",
            "authrole"     => "user",
            "authid"       => $challenge->authid,
            "authprovider" => $challenge->authprovider
        ];

        return ["SUCCESS", $authDetails];
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}

    }
}


1			<?php
2
3			/*
4			* This file is part of Ratchet.
5			*
6			** (c) 2016 Cees-Jan Kiewiet
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			namespace WyriHaximus\Ratchet\Security;
13
14			use Thruway\Authentication\AbstractAuthProviderClient;
15			use Thruway\Message\HelloMessage;
16			use Thruway\Message\Message;
17
18			/**
19			* Class WampCraAuthProvider
20			*
21			* @package Thruway\Authentication
22			*/
23			class WampCraAuthProvider extends AbstractAuthProviderClient
24			{
25			/**
26			* @return string
27			*/
28			public function getMethodName()
29			{
30			return 'wampcra';
31			}
32
33			/**
34			* The arguments given by the server are the actual hello message ($args[0])
35			* and some session information ($args[1])
36			*
37			* The session information is an associative array that contains the sessionId and realm
38			*
39			* @param array $args
40			* @return array
41			*/
42			public function processHello(array $args)
43			{
44			debug($args);
45			$helloMsg = array_shift($args);
46			$sessionInfo = array_shift($args);
47
48			if (!is_array($helloMsg)) {
49			return ["ERROR"];
50			}
51
52			if (!is_object($sessionInfo)) {
53			return ["ERROR"];
54			}
55
56			$helloMsg = Message::createMessageFromArray($helloMsg);
57
58			if (!$helloMsg instanceof HelloMessage
59			\|\| !$sessionInfo
60			\|\| !isset($helloMsg->getDetails()->authid)
61			\|\| !$this->getUserDb() instanceof WampCraUserDbInterface
			0 ignored issues – show Bug introduced 2017-01-30 15:24 UTC by Report Bug Copy Issue Report The method `getUserDb()` does not seem to exist on `object<WyriHaximus\Ratch...ty\WampCraAuthProvider>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history... Bug introduced 2017-01-30 15:24 UTC by Report Bug Copy Issue Report The class `WyriHaximus\Ratchet\Secu...\WampCraUserDbInterface` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
62			) {
63			return ["ERROR"];
64			}
65
66			$authid = $helloMsg->getDetails()->authid;
67			$user = $this->getUserDb()->get($authid);
			0 ignored issues – show Bug introduced 2017-01-30 15:24 UTC by Report Bug Copy Issue Report The method `getUserDb()` does not seem to exist on `object<WyriHaximus\Ratch...ty\WampCraAuthProvider>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
68
69			if (!$user) {
70			return ["FAILURE"];
71			}
72
73			// create a challenge
74			$nonce = bin2hex(mcrypt_create_iv(22, MCRYPT_DEV_URANDOM));
75			$authRole = "user";
76			$authMethod = "wampcra";
77			$authProvider = "userdb";
78			$now = new \DateTime();
79			$timeStamp = $now->format($now::ISO8601);
80			if (!isset($sessionInfo->sessionId)) {
81			return ["ERROR"];
82			}
83			$sessionId = $sessionInfo->sessionId;
84
85			$challenge = [
86			"authid" => $authid,
87			"authrole" => $authRole,
88			"authprovider" => $authProvider,
89			"authmethod" => $authMethod,
90			"nonce" => $nonce,
91			"timestamp" => $timeStamp,
92			"session" => $sessionId
93			];
94
95			$serializedChallenge = json_encode($challenge);
96
97			$challengeDetails = [
98			"challenge" => $serializedChallenge,
99			"challenge_method" => $this->getMethodName()
100			];
101
102			if ($user['salt'] !== null) {
103			// we are using salty password
104			$saltInfo = [
105			"salt" => $user['salt'],
106			"keylen" => 32,
107			"iterations" => 1000
108			];
109
110			$challengeDetails = array_merge($challengeDetails, $saltInfo);
111			}
112
113			return ["CHALLENGE", (object)$challengeDetails];
114
115			}
116
117			/**
118			* Process authenticate
119			*
120			* @param mixed $signature
121			* @param mixed $extra
122			* @return array
123			*/
124			public function processAuthenticate($signature, $extra = null)
125			{
126			debug([$signature, $extra]);
127			$challenge = $this->getChallengeFromExtra($extra);
			0 ignored issues – show Bug introduced 2017-01-30 15:24 UTC by Report Bug Copy Issue Report The method `getChallengeFromExtra()` does not seem to exist on `object<WyriHaximus\Ratch...ty\WampCraAuthProvider>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
128
129			if (!$challenge
130			\|\| !isset($challenge->authid)
131			\|\| !$this->getUserDb() instanceof WampCraUserDbInterface
			0 ignored issues – show Bug introduced 2017-01-30 15:24 UTC by Report Bug Copy Issue Report The method `getUserDb()` does not seem to exist on `object<WyriHaximus\Ratch...ty\WampCraAuthProvider>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history... Bug introduced 2017-01-30 15:24 UTC by Report Bug Copy Issue Report The class `WyriHaximus\Ratchet\Secu...\WampCraUserDbInterface` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
132			) {
133			return ["FAILURE"];
134			}
135
136			$authid = $challenge->authid;
137			$user = $this->getUserDb()->get($authid);
			0 ignored issues – show Bug introduced 2017-01-30 15:24 UTC by Report Bug Copy Issue Report The method `getUserDb()` does not seem to exist on `object<WyriHaximus\Ratch...ty\WampCraAuthProvider>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
138
139			if (!$user) {
140			return ["FAILURE"];
141			}
142
143			$keyToUse = $user['key'];
144			$token = base64_encode(hash_hmac('sha256', json_encode($challenge), $keyToUse, true));
145
146			if ($token != $signature) {
147			return ["FAILURE"];
148			}
149
150			$authDetails = [
151			"authmethod" => "wampcra",
152			"authrole" => "user",
153			"authid" => $challenge->authid,
154			"authprovider" => $challenge->authprovider
155			];
156
157			return ["SUCCESS", $authDetails];
			0 ignored issues – show Best Practice introduced 2017-01-30 15:24 UTC by Report Bug Copy Issue Report The expression `return array('SUCCESS', $authDetails);` seems to be an `array`, but some of its elements' types (`array`) are incompatible with the return type of the parent method `Thruway\Authentication\A...nt::processAuthenticate` of type `string[]`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return new Author('Johannes'); } } class BlogPost extends Post { public function getAuthor() { return 'Johannes'; } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
158
159			}
160			}
161

WyriHaximus / Ratchet

GitHub Access Token became invalid

Push — thruway-0.4 ( 3d0cda...b1828d )

WampCraAuthProvider A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

3 Methods

1. Missing dependencies

2. Missing use statement

1. Missing dependencies

2. Missing use statement

Duplication Side-by-Side

Filter issues like