AuthorizationManager::setEventManager() - Code Metrics - Inspection of "Authorization checks before message events" - WyriHaximus/Ratchet - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — thruway-0.4 ( f36ec7...f9ceef )

by Cees-Jan

created 2017-06-09 14:44 UTC

AuthorizationManager::setEventManager() A

↳ Parent: AuthorizationManager

Complexity

Conditions	1
Paths	1

Size

Total Lines	5
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	3
c	0
b	0
f	0
nc	1
nop	1
dl	0
loc	5
rs	9.4285

<?php

/*
 * This file is part of Ratchet.
 *
 ** (c) 2016 Cees-Jan Kiewiet
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace WyriHaximus\Ratchet\Security;

use Cake\Event\EventManager;
use function React\Promise\reject;
use Thruway\Event\MessageEvent;
use Thruway\Event\NewRealmEvent;
use Thruway\Message\ErrorMessage;
use Thruway\Module\RealmModuleInterface;
use Thruway\Module\RouterModuleClient;
use WyriHaximus\Ratchet\Event\AuthorizeEvent;

class AuthorizationManager extends RouterModuleClient implements RealmModuleInterface
{
    /**
     * @var EventManager
     */
    private $eventManager;

    /**
     * @param EventManager $eventManager
     */
    public function setEventManager(EventManager $eventManager)
    {
        $this->eventManager = $eventManager;
        return $this;
    }

    /**
     * Listen for Router events.
     * Required to add the authorization module to the realm
     *
     * @return array
     */
    public static function getSubscribedEvents()
    {
        return [
            'new_realm' => ['handleNewRealm', 10]
        ];
    }

    /**
     * @param NewRealmEvent $newRealmEvent
     */
    public function handleNewRealm(NewRealmEvent $newRealmEvent)
    {
        $realm = $newRealmEvent->realm;

        if ($realm->getRealmName() === $this->getRealm()) {
            $realm->addModule($this);
        }
    }

    /**
     * @return array
     */
    public function getSubscribedRealmEvents()
    {
        return [
            'PublishMessageEvent'   => ['authorize', 100],
            'SubscribeMessageEvent' => ['authorize', 100],
            'RegisterMessageEvent'  => ['authorize', 100],
            'CallMessageEvent'      => ['authorize', 100],
        ];
    }

    /**
     * @param MessageEvent $msg
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
     */
    public function authorize(MessageEvent $messageEvent)
    {
        $event = AuthorizeEvent::create($this->getRealm(), $messageEvent->session, $messageEvent->message);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $event->promise()->otherwise(function () use ($messageEvent) {
interface User
{
    /** @return string */
    public function getPassword();
}

class MyUser implements User
{
    public function getPassword()
    {
        // return something
    }

    public function getDisplayName()
    {
        // return some name.
    }
}

class AuthSystem
{
    public function authenticate(User $user)
    {
        $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
        // do something.
    }
}
            $messageEvent->session->sendMessage(ErrorMessage::createErrorMessageFromMessage($messageEvent->message, "wamp.error.not_authorized"));
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
            $messageEvent->stopPropagation();
        });
        $this->eventManager->dispatch($event);
    }
}


GitHub Access Token became invalid

Push — thruway-0.4 ( f36ec7...f9ceef )

AuthorizationManager::setEventManager() A

Complexity

Size

Duplication

Importance

Available Fixes

1			<?php
2
3			/*
4			* This file is part of Ratchet.
5			*
6			** (c) 2016 Cees-Jan Kiewiet
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			namespace WyriHaximus\Ratchet\Security;
13
14			use Cake\Event\EventManager;
15			use function React\Promise\reject;
16			use Thruway\Event\MessageEvent;
17			use Thruway\Event\NewRealmEvent;
18			use Thruway\Message\ErrorMessage;
19			use Thruway\Module\RealmModuleInterface;
20			use Thruway\Module\RouterModuleClient;
21			use WyriHaximus\Ratchet\Event\AuthorizeEvent;
22
23			class AuthorizationManager extends RouterModuleClient implements RealmModuleInterface
24			{
25			/**
26			* @var EventManager
27			*/
28			private $eventManager;
29
30			/**
31			* @param EventManager $eventManager
32			*/
33			public function setEventManager(EventManager $eventManager)
34			{
35			$this->eventManager = $eventManager;
36			return $this;
37			}
38
39			/**
40			* Listen for Router events.
41			* Required to add the authorization module to the realm
42			*
43			* @return array
44			*/
45			public static function getSubscribedEvents()
46			{
47			return [
48			'new_realm' => ['handleNewRealm', 10]
49			];
50			}
51
52			/**
53			* @param NewRealmEvent $newRealmEvent
54			*/
55			public function handleNewRealm(NewRealmEvent $newRealmEvent)
56			{
57			$realm = $newRealmEvent->realm;
58
59			if ($realm->getRealmName() === $this->getRealm()) {
60			$realm->addModule($this);
61			}
62			}
63
64			/**
65			* @return array
66			*/
67			public function getSubscribedRealmEvents()
68			{
69			return [
70			'PublishMessageEvent' => ['authorize', 100],
71			'SubscribeMessageEvent' => ['authorize', 100],
72			'RegisterMessageEvent' => ['authorize', 100],
73			'CallMessageEvent' => ['authorize', 100],
74			];
75			}
76
77			/**
78			* @param MessageEvent $msg
			0 ignored issues – show Bug introduced 2017-06-09 14:53 UTC by Report Bug Copy Issue Report There is no parameter named `$msg`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
79			*/
80			public function authorize(MessageEvent $messageEvent)
81			{
82			$event = AuthorizeEvent::create($this->getRealm(), $messageEvent->session, $messageEvent->message);
			0 ignored issues – show Documentation introduced 2017-06-09 14:53 UTC by Report Bug Copy Issue Report `$messageEvent->message` is of type `object<Thruway\Message\Message>`, but the function expects a `object<Thruway\Message\ActionMessageInterface>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
83			$event->promise()->otherwise(function () use ($messageEvent) {
			0 ignored issues – show Bug introduced 2017-06-09 14:53 UTC by Report Bug Copy Issue Report It seems like you code against a concrete implementation and not the interface `React\Promise\PromiseInterface` as the method `otherwise()` does only exist in the following implementations of said interface: `React\Promise\FulfilledPromise`, `React\Promise\LazyPromise`, `React\Promise\Promise`, `React\Promise\RejectedPromise`. Let’s take a look at an example: interface User { /** @return string / public function getPassword(); } class MyUser implements User { public function getPassword() { // return something } public function getDisplayName() { // return some name. } } class AuthSystem { public function authenticate(User $user) { $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName())); // do something. } } In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break. Available Fixes Change the type-hint for the parameter: class AuthSystem { public function authenticate(MyUser $user) { / ... / } } Add an additional type-check: class AuthSystem { public function authenticate(User $user) { if ($user instanceof MyUser) { $this->logger->info(/* ... /); } // or alternatively if ( ! $user instanceof MyUser) { throw new \LogicException( '$user must be an instance of MyUser, ' .'other instances are not supported.' ); } } } Note:* PHP Analyzer uses reverse abstract interpretation to narrow down the types inside the if block in such a case. Add the method to the interface: interface User { /** @return string / public function getPassword(); /* @return string */ public function getDisplayName(); } Loading history...
84			$messageEvent->session->sendMessage(ErrorMessage::createErrorMessageFromMessage($messageEvent->message, "wamp.error.not_authorized"));
			0 ignored issues – show Bug introduced 2017-06-09 14:53 UTC by Report Bug Copy Issue Report It seems like `\Thruway\Message\ErrorMe....error.not_authorized')` can be `null`; however, `sendMessage()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
85			$messageEvent->stopPropagation();
86			});
87			$this->eventManager->dispatch($event);
88			}
89			}
90

WyriHaximus / Ratchet

GitHub Access Token became invalid

Push — thruway-0.4 ( f36ec7...f9ceef )

AuthorizationManager::setEventManager() A

Complexity

Size

Duplication

Importance

Available Fixes

Duplication Side-by-Side

Filter issues like