Issues in AuthenticationMiddleware.php - All Issues - Inspection of "Fix error response" - advanced-learning/silverstripe-oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( d874fd...3a6bc2 )

by Conrad

created 2018-02-01 01:06 UTC

src/Middleware/AuthenticationMiddleware.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Conrad Dobbs 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace AdvancedLearning\Oauth2Server\Middleware;

use AdvancedLearning\Oauth2Server\Exceptions\AuthenticationException;
use AdvancedLearning\Oauth2Server\Services\Authenticator;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\HTTPResponse;
use SilverStripe\Control\Middleware\HTTPMiddleware;
use SilverStripe\Core\Application;
use SilverStripe\Core\Injector\Injector;
use SilverStripe\ORM\Connect\DatabaseException;
use SilverStripe\ORM\DB;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;

/**
 * Class ResourceServerMiddleware.
 *
 * Replacement for @see \League\OAuth2\Server\Middleware\ResourceServerMiddleware
 * to make it compatible with SilverStripe.
 *
 * @package AdvancedLearning\Oauth2Server\Middleware
 */
class AuthenticationMiddleware implements HTTPMiddleware
{
    /**
     * @var Application
     */
    protected $application = null;

    /**
     * @var Authenticator
     */
    protected $authenticator;

    /**
     * Build error control chain for an application
     *
     * @param Application    $application The SilverStripe Application.
     */
    public function __construct()
    {
        $this->authenticator = Injector::inst()->get(Authenticator::class);
    }

    /**
     * Process the middleware.
     *
     * @param HTTPRequest $request The incoming request.
     * @param callable    $next    The next middleware.
     *
     * @return HTTPResponse
     */
    public function process(HTTPRequest $request, callable $next)
    {
        try {
            $request = $this->authenticator->authenticate($request);

            // set the current user
            if ($userID = $request->getHeader('oauth_user_id')) {
                Security::setCurrentUser(Member::get()->byID($userID));

            }
        } catch (AuthenticationException $exception) {
            // for middleware do nothing
        } catch (DatabaseException $exception) {
            // db not ready, ignore
        }

        // Pass the request on to the next responder in the chain
        return $next($request);
    }
}


1			<?php
2
3			namespace AdvancedLearning\Oauth2Server\Middleware;
4
5			use AdvancedLearning\Oauth2Server\Exceptions\AuthenticationException;
6			use AdvancedLearning\Oauth2Server\Services\Authenticator;
7			use SilverStripe\Control\HTTPRequest;
8			use SilverStripe\Control\HTTPResponse;
9			use SilverStripe\Control\Middleware\HTTPMiddleware;
10			use SilverStripe\Core\Application;
11			use SilverStripe\Core\Injector\Injector;
12			use SilverStripe\ORM\Connect\DatabaseException;
13			use SilverStripe\ORM\DB;
14			use SilverStripe\Security\Member;
15			use SilverStripe\Security\Security;
16
17			/**
18			* Class ResourceServerMiddleware.
19			*
20			* Replacement for @see \League\OAuth2\Server\Middleware\ResourceServerMiddleware
21			* to make it compatible with SilverStripe.
22			*
23			* @package AdvancedLearning\Oauth2Server\Middleware
24			*/
25			class AuthenticationMiddleware implements HTTPMiddleware
26			{
27			/**
28			* @var Application
29			*/
30			protected $application = null;
31
32			/**
33			* @var Authenticator
34			*/
35			protected $authenticator;
36
37			/**
38			* Build error control chain for an application
39			*
40			* @param Application $application The SilverStripe Application.
41			*/
42			public function __construct()
43			{
44			$this->authenticator = Injector::inst()->get(Authenticator::class);
45			}
46
47			/**
48			* Process the middleware.
49			*
50			* @param HTTPRequest $request The incoming request.
51			* @param callable $next The next middleware.
52			*
53			* @return HTTPResponse
54			*/
55			public function process(HTTPRequest $request, callable $next)
56			{
57			try {
58			$request = $this->authenticator->authenticate($request);
59
60			// set the current user
61			if ($userID = $request->getHeader('oauth_user_id')) {
62			Security::setCurrentUser(Member::get()->byID($userID));
			0 ignored issues – show Bug introduced 2018-01-22 23:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `\SilverStripe\Security\M...r::get()->byID($userID)` targeting `SilverStripe\ORM\DataList::byID()` can also be of type `object<SilverStripe\ORM\DataObject>`; however, `SilverStripe\Security\Security::setCurrentUser()` does only seem to accept `null\|object<SilverStripe\Security\Member>`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
63			}
64			} catch (AuthenticationException $exception) {
65			// for middleware do nothing
66			} catch (DatabaseException $exception) {
67			// db not ready, ignore
68			}
69
70			// Pass the request on to the next responder in the chain
71			return $next($request);
72			}
73			}
74

advanced-learning / silverstripe-oauth2-server

Push — master ( d874fd...3a6bc2 )

src/Middleware/AuthenticationMiddleware.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like