AuthenticationMiddleware::process()   A
last analyzed

Complexity

Conditions 5
Paths 9

Size

Total Lines 23

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
dl 0
loc 23
rs 9.2408
c 0
b 0
f 0
cc 5
nc 9
nop 2
1
<?php
2
3
namespace AdvancedLearning\Oauth2Server\Middleware;
4
5
use AdvancedLearning\Oauth2Server\Exceptions\AuthenticationException;
6
use AdvancedLearning\Oauth2Server\Services\Authenticator;
7
use SilverStripe\Control\Director;
8
use SilverStripe\Control\HTTPRequest;
9
use SilverStripe\Control\HTTPResponse;
10
use SilverStripe\Control\Middleware\HTTPMiddleware;
11
use SilverStripe\Core\Application;
12
use SilverStripe\Core\Injector\Injector;
13
use SilverStripe\ORM\Connect\DatabaseException;
14
use SilverStripe\ORM\DB;
15
use SilverStripe\Security\Member;
16
use SilverStripe\Security\Security;
17
18
/**
19
 * Class ResourceServerMiddleware.
20
 *
21
 * Replacement for @see \League\OAuth2\Server\Middleware\ResourceServerMiddleware
22
 * to make it compatible with SilverStripe.
23
 *
24
 * @package AdvancedLearning\Oauth2Server\Middleware
25
 */
26
class AuthenticationMiddleware implements HTTPMiddleware
27
{
28
    /**
29
     * @var Application
30
     */
31
    protected $application = null;
32
33
    /**
34
     * @var Authenticator
35
     */
36
    protected $authenticator;
37
38
    /**
39
     * Build error control chain for an application
40
     *
41
     * @param Application    $application The SilverStripe Application.
0 ignored issues
show
Bug introduced by Conrad
There is no parameter named $application. Was it maybe removed?

This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function.

Consider the following example. The parameter $italy is not defined by the method finale(...).

/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}

The most likely cause is that the parameter was removed, but the annotation was not.

Loading history...
42
     */
43
    public function __construct()
44
    {
45
        $this->authenticator = Injector::inst()->get(Authenticator::class);
46
    }
47
48
    /**
49
     * Process the middleware.
50
     *
51
     * @param HTTPRequest $request The incoming request.
52
     * @param callable    $next    The next middleware.
53
     *
54
     * @return HTTPResponse
55
     */
56
    public function process(HTTPRequest $request, callable $next)
57
    {
58
        // don't authenticate if being run from command line
59
        if (Director::is_cli()) {
60
            return $next($request);
61
        }
62
63
        try {
64
            $request = $this->authenticator->authenticate($request);
65
66
            // set the current user
67
            if ($userID = $request->getHeader('oauth_user_id')) {
68
                Security::setCurrentUser(Member::get()->byID($userID));
0 ignored issues
show
Bug introduced by Conrad Dobbs
It seems like \SilverStripe\Security\M...r::get()->byID($userID) targeting SilverStripe\ORM\DataList::byID() can also be of type object<SilverStripe\ORM\DataObject>; however, SilverStripe\Security\Security::setCurrentUser() does only seem to accept null|object<SilverStripe\Security\Member>, maybe add an additional type check?

This check looks at variables that are passed out again to other methods.

If the outgoing method call has stricter type requirements than the method itself, an issue is raised.

An additional type check may prevent trouble.

Loading history...
69
            }
70
        } catch (AuthenticationException $exception) {
71
            // for middleware do nothing
72
        } catch (DatabaseException $exception) {
73
            // db not ready, ignore
74
        }
75
76
        // Pass the request on to the next responder in the chain
77
        return $next($request);
78
    }
79
}
80