These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace AdvancedLearning\Oauth2Server\Middleware; |
||
4 | |||
5 | use AdvancedLearning\Oauth2Server\Exceptions\AuthenticationException; |
||
6 | use AdvancedLearning\Oauth2Server\Services\Authenticator; |
||
7 | use SilverStripe\Control\HTTPRequest; |
||
8 | use SilverStripe\Control\HTTPResponse; |
||
9 | use SilverStripe\Control\Middleware\HTTPMiddleware; |
||
10 | use SilverStripe\Core\Application; |
||
11 | use SilverStripe\Core\Injector\Injector; |
||
12 | use SilverStripe\ORM\Connect\DatabaseException; |
||
13 | use SilverStripe\ORM\DB; |
||
14 | use SilverStripe\Security\Member; |
||
15 | use SilverStripe\Security\Security; |
||
16 | |||
17 | /** |
||
18 | * Class ResourceServerMiddleware. |
||
19 | * |
||
20 | * Replacement for @see \League\OAuth2\Server\Middleware\ResourceServerMiddleware |
||
21 | * to make it compatible with SilverStripe. |
||
22 | * |
||
23 | * @package AdvancedLearning\Oauth2Server\Middleware |
||
24 | */ |
||
25 | class AuthenticationMiddleware implements HTTPMiddleware |
||
26 | { |
||
27 | /** |
||
28 | * @var Application |
||
29 | */ |
||
30 | protected $application = null; |
||
31 | |||
32 | /** |
||
33 | * @var Authenticator |
||
34 | */ |
||
35 | protected $authenticator; |
||
36 | |||
37 | /** |
||
38 | * Build error control chain for an application |
||
39 | * |
||
40 | * @param Application $application The SilverStripe Application. |
||
0 ignored issues
–
show
|
|||
41 | */ |
||
42 | public function __construct() |
||
43 | { |
||
44 | $this->authenticator = Injector::inst()->get(Authenticator::class); |
||
45 | } |
||
46 | |||
47 | /** |
||
48 | * Process the middleware. |
||
49 | * |
||
50 | * @param HTTPRequest $request The incoming request. |
||
51 | * @param callable $next The next middleware. |
||
52 | * |
||
53 | * @return HTTPResponse |
||
54 | */ |
||
55 | public function process(HTTPRequest $request, callable $next) |
||
56 | { |
||
57 | try { |
||
58 | $request = $this->authenticator->authenticate($request); |
||
59 | |||
60 | // set the current user |
||
61 | if ($userID = $request->getHeader('oauth_user_id')) { |
||
62 | Security::setCurrentUser(Member::get()->byID($userID)); |
||
0 ignored issues
–
show
It seems like
\SilverStripe\Security\M...r::get()->byID($userID) targeting SilverStripe\ORM\DataList::byID() can also be of type object<SilverStripe\ORM\DataObject> ; however, SilverStripe\Security\Security::setCurrentUser() does only seem to accept null|object<SilverStripe\Security\Member> , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
63 | } |
||
64 | } catch (AuthenticationException $exception) { |
||
65 | // for middleware do nothing |
||
66 | } catch (DatabaseException $exception) { |
||
67 | // db not ready, ignore |
||
68 | } |
||
69 | |||
70 | // Pass the request on to the next responder in the chain |
||
71 | return $next($request); |
||
72 | } |
||
73 | } |
||
74 |
This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function.
Consider the following example. The parameter
$italy
is not defined by the methodfinale(...)
.The most likely cause is that the parameter was removed, but the annotation was not.