HttpDigest - Code Metrics - Inspection of "kw_auth - checking user status when used" - alex-kalanis/kw_auth - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 141183...2b56eb )

by Petr

created 2023-03-27 06:31 UTC

HttpDigest A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	84
Duplicated Lines	0 %

Test Coverage

Coverage

79.41%

Importance

Changes	1
Bugs	0	Features	1

Metric	Value
eloc	31
c	1
b	0
f	1
dl	0
loc	84
ccs	27
cts	34
cp	0.7941
rs	10
wmc	13

5 Methods

Rating	Name	Size	Complexity
A	httpDigestParse()	15	4
A	process()	20	6
A	__construct()	4	1
A	remove()	3	1
A	authNotExists()	4	1

<?php

namespace kalanis\kw_auth\Methods;


use ArrayAccess;
use kalanis\kw_auth\Interfaces\IAuthCert;


/**
 * Class HttpDigest
 * @package kalanis\kw_auth\AuthMethods
 * Authenticate via digest http method
 * @link https://serverpilot.io/docs/how-to-perform-http-digest-authentication-with-php/
 * @link https://www.php.net/manual/en/features.http-auth.php
 */
class HttpDigest extends AMethods
{
    const INPUT_METHOD = 'REQUEST_METHOD';
    const INPUT_DIGEST = 'PHP_AUTH_DIGEST';

    /** @var string */
    protected $realm = 'KWCMS_Http_Digest';
    /** @var IAuthCert */
    protected $authenticator;
    /** @var ArrayAccess<string, string|int> */
    protected $server = null;

    /**
     * @param IAuthCert $authenticator
     * @param AMethods|null $nextOne
     * @param ArrayAccess<string, string|int> $server
     */
    public function __construct(IAuthCert $authenticator, ?AMethods $nextOne, ArrayAccess $server)
    {
        parent::__construct($authenticator, $nextOne);
        $this->server = $server;
    }

    public function process(ArrayAccess $credentials): void
    {
        if (!$this->server->offsetExists(static::INPUT_DIGEST) || empty($this->server->offsetGet(static::INPUT_DIGEST))) {
            return;
        }
        $data = $this->httpDigestParse(strval($this->server->offsetGet(static::INPUT_DIGEST)));
        if (!empty($data)) {
            $wantedUser = $this->authenticator->getCertData(strval($data['username']));
            if (!$wantedUser) {
                return;
            }

            // verify
            $A1 = md5($data['username'] . ':' . $this->realm . ':' . $wantedUser->getPubKey()); // @todo: srsly, pubkey?! have nothing better?
            $A2 = md5($this->server->offsetGet(static::INPUT_METHOD) . ':' . $data['uri']);
            $valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);

            if ($data['response'] == $valid_response) {
                // OK
                $this->loggedUser = $wantedUser;
            }
        }
    }

    /**
     * @codeCoverageIgnore headers
     */
    public function remove(): void
    {
        $this->authNotExists();
    }

    /**
     * @codeCoverageIgnore headers
     */
    public function authNotExists(): void
    {
        header('HTTP/1.1 401 Unauthorized');
        header('WWW-Authenticate: Digest realm="' . $this->realm . '",qop="auth",nonce="' . uniqid() . '",opaque="' . md5($this->realm) . '"');
    }

    /**
     * Parse the http auth header
     * @param string $txt
     * @return array<string, string>
     */
    protected function httpDigestParse(string $txt): array
    {
        // protect against missing data
        $needed_parts = ['nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1];
        $data = [];
        $keys = implode('|', array_keys($needed_parts));

        preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]*?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);

        foreach ($matches as $m) {
            $data[strval($m[1])] = strval($m[3] ?: ( $m[4] ?? '' ));
            unset($needed_parts[$m[1]]);
        }

        return $needed_parts ? [] : $data;

    }
}


1		<?php
2
3		namespace kalanis\kw_auth\Methods;
4
5
6		use ArrayAccess;
7		use kalanis\kw_auth\Interfaces\IAuthCert;
8
9
10		/**
11		* Class HttpDigest
12		* @package kalanis\kw_auth\AuthMethods
13		* Authenticate via digest http method
14		* @link https://serverpilot.io/docs/how-to-perform-http-digest-authentication-with-php/
15		* @link https://www.php.net/manual/en/features.http-auth.php
16		*/
17		class HttpDigest extends AMethods
18		{
19		const INPUT_METHOD = 'REQUEST_METHOD';
20		const INPUT_DIGEST = 'PHP_AUTH_DIGEST';
21
22		/** @var string */
23		protected $realm = 'KWCMS_Http_Digest';
24		/** @var IAuthCert */
25		protected $authenticator;
26		/** @var ArrayAccess<string, string\|int> */
27		protected $server = null;
28
29		/**
30		* @param IAuthCert $authenticator
31		* @param AMethods\|null $nextOne
32		* @param ArrayAccess<string, string\|int> $server
33		*/
34	6	public function __construct(IAuthCert $authenticator, ?AMethods $nextOne, ArrayAccess $server)
35		{
36	6	parent::__construct($authenticator, $nextOne);
37	6	$this->server = $server;
38	6	}
39
40	6	public function process(ArrayAccess $credentials): void
41		{
42	6	if (!$this->server->offsetExists(static::INPUT_DIGEST) \|\| empty($this->server->offsetGet(static::INPUT_DIGEST))) {
43	2	return;
44		}
45	4	$data = $this->httpDigestParse(strval($this->server->offsetGet(static::INPUT_DIGEST)));
46	4	if (!empty($data)) {
47	3	$wantedUser = $this->authenticator->getCertData(strval($data['username']));
48	3	if (!$wantedUser) {
49	1	return;
50		}
51
52		// verify
53	2	$A1 = md5($data['username'] . ':' . $this->realm . ':' . $wantedUser->getPubKey()); // @todo: srsly, pubkey?! have nothing better?
54	2	$A2 = md5($this->server->offsetGet(static::INPUT_METHOD) . ':' . $data['uri']);
55	2	$valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
56
57	2	if ($data['response'] == $valid_response) {
58		// OK
59	2	$this->loggedUser = $wantedUser;
60		}
61		}
62	3	}
63
64		/**
65		* @codeCoverageIgnore headers
66		*/
67		public function remove(): void
68		{
69		$this->authNotExists();
70		}
71
72		/**
73		* @codeCoverageIgnore headers
74		*/
75		public function authNotExists(): void
76		{
77		header('HTTP/1.1 401 Unauthorized');
78		header('WWW-Authenticate: Digest realm="' . $this->realm . '",qop="auth",nonce="' . uniqid() . '",opaque="' . md5($this->realm) . '"');
79		}
80
81		/**
82		* Parse the http auth header
83		* @param string $txt
84		* @return array<string, string>
85		*/
86	4	protected function httpDigestParse(string $txt): array
87		{
88		// protect against missing data
89	4	$needed_parts = ['nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1];
90	4	$data = [];
91	4	$keys = implode('\|', array_keys($needed_parts));
92
93	4	preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]*?)\2\|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
94
95	4	foreach ($matches as $m) {
96	3	$data[strval($m[1])] = strval($m[3] ?: ( $m[4] ?? '' ));
97	3	unset($needed_parts[$m[1]]);
98		}
99
100	4	return $needed_parts ? [] : $data;
		0 ignored issues – show introduced 2022-08-25 03:59 UTC by Report Bug Copy Issue Report `$needed_parts` is a non-empty array, thus is always `true`. Loading history...
101		}
102		}
103

alex-kalanis / kw_auth

Push — master ( 141183...2b56eb )

HttpDigest A

Complexity

Size/Duplication

Test Coverage

Importance

5 Methods

Duplication Side-by-Side

Filter issues like