AbstractBearer - Code Metrics - Inspection of "Added bearer token authenticator & tests" - apparat/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( d24783...e203a5 )

by Joschi

created 2016-08-22 18:11 UTC

AbstractBearer A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	74
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	1

Test Coverage

Coverage

100%

Importance

Changes	1
Bugs	0	Features	1

Metric	Value
wmc	11
c	1
b	0
f	1
lcom	1
cbo	1
dl	0
loc	74
ccs	19
cts	19
cp	1
rs	10

5 Methods

Rating	Name	Size	Complexity
A	authenticate()	6	3
A	authenticateHeader()	17	4
	verifyToken()	1	?
A	authenticateBody()	6	2
A	authenticateQuery()	6	2

<?php

/**
 * apparat-server
 *
 * @category    Apparat
 * @package     Apparat\Server
 * @subpackage  Apparat\Server\Ports
 * @author      Joschi Kuphal <[email protected]> / @jkphl
 * @copyright   Copyright © 2016 Joschi Kuphal <[email protected]> / @jkphl
 * @license     http://opensource.org/licenses/MIT The MIT License (MIT)
 */

/***********************************************************************************
 *  The MIT License (MIT)
 *
 *  Copyright © 2016 Joschi Kuphal <[email protected]> / @jkphl
 *
 *  Permission is hereby granted, free of charge, to any person obtaining a copy of
 *  this software and associated documentation files (the "Software"), to deal in
 *  the Software without restriction, including without limitation the rights to
 *  use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 *  the Software, and to permit persons to whom the Software is furnished to do so,
 *  subject to the following conditions:
 *
 *  The above copyright notice and this permission notice shall be included in all
 *  copies or substantial portions of the Software.
 *
 *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
 *  FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
 *  COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
 *  IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 *  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 ***********************************************************************************/

namespace Apparat\Server\Ports\Authenticator;

use Psr\Http\Message\ServerRequestInterface;

/**
 * Abstract bearer authenticator
 *
 * @package Apparat\Server
 * @subpackage Apparat\Server\Ports
 * @see https://tools.ietf.org/html/rfc6750#section-2
 */
abstract class AbstractBearer implements AuthenticatorInterface
{
    /**
     * Authenticate a request
     *
     * @param ServerRequestInterface $request Request
     * @return boolean Request is authenticated
     * @see https://quill.p3k.io/creating-a-micropub-endpoint#verifying-access-tokens
     */
    public function authenticate(ServerRequestInterface $request)
    {
        return $this->authenticateHeader($request)
        || $this->authenticateBody($request)
        || $this->authenticateQuery($request);
    }

    /**
     * Authenticate with an "Authorization" header
     *
     * @param ServerRequestInterface $request Request
     * @return bool Request is valid
     */
    protected function authenticateHeader(ServerRequestInterface $request)
    {
        // Run through all "Authorization" headers
        foreach ($request->getHeader('Authorization') as $authHeader) {
            // If this is supposed to be a bearer token
            if (!strncmp(strtolower($authHeader), 'bearer', 6)) {
                $bearerToken = preg_split('%\s+%', $authHeader);

                // If there is really a bearer token
                if (count($bearerToken) > 1) {
                    return $this->verifyToken($bearerToken[1]);
                }
            }
        }

        return false;
    }

    /**
     * Verify the validity of the bearer token
     *
     * @param string $token Bearer token
     * @return boolean The bearer token is valid
     */
    abstract protected function verifyToken($token);

    /**
     * Authenticate with an "access_token" body parameter
     *
     * @param ServerRequestInterface $request Request
     * @return bool Request is valid
     */
    protected function authenticateBody(ServerRequestInterface $request)
    {
        $bodyParameters = (array)$request->getParsedBody();
        return array_key_exists('access_token', $bodyParameters) ?
            $this->verifyToken($bodyParameters['access_token']) : false;
    }

    /**
     * Authenticate with an "access_token" query parameter
     *
     * @param ServerRequestInterface $request Request
     * @return bool Request is valid
     */
    protected function authenticateQuery(ServerRequestInterface $request)
    {
        $queryParameters = (array)$request->getQueryParams();
        return array_key_exists('access_token', $queryParameters) ?
            $this->verifyToken($queryParameters['access_token']) : false;
    }
}


1		<?php
2
3		/**
4		* apparat-server
5		*
6		* @category Apparat
7		* @package Apparat\Server
8		* @subpackage Apparat\Server\Ports
9		* @author Joschi Kuphal <[email protected]> / @jkphl
10		* @copyright Copyright © 2016 Joschi Kuphal <[email protected]> / @jkphl
11		* @license http://opensource.org/licenses/MIT The MIT License (MIT)
12		*/
13
14		/***********************************************************************************
15		* The MIT License (MIT)
16		*
17		* Copyright © 2016 Joschi Kuphal <[email protected]> / @jkphl
18		*
19		* Permission is hereby granted, free of charge, to any person obtaining a copy of
20		* this software and associated documentation files (the "Software"), to deal in
21		* the Software without restriction, including without limitation the rights to
22		* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
23		* the Software, and to permit persons to whom the Software is furnished to do so,
24		* subject to the following conditions:
25		*
26		* The above copyright notice and this permission notice shall be included in all
27		* copies or substantial portions of the Software.
28		*
29		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
30		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
31		* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
32		* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
33		* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
34		* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
35		***********************************************************************************/
36
37		namespace Apparat\Server\Ports\Authenticator;
38
39		use Psr\Http\Message\ServerRequestInterface;
40
41		/**
42		* Abstract bearer authenticator
43		*
44		* @package Apparat\Server
45		* @subpackage Apparat\Server\Ports
46		* @see https://tools.ietf.org/html/rfc6750#section-2
47		*/
48		abstract class AbstractBearer implements AuthenticatorInterface
49		{
50		/**
51		* Authenticate a request
52		*
53		* @param ServerRequestInterface $request Request
54		* @return boolean Request is authenticated
55		* @see https://quill.p3k.io/creating-a-micropub-endpoint#verifying-access-tokens
56		*/
57	6	public function authenticate(ServerRequestInterface $request)
58		{
59	6	return $this->authenticateHeader($request)
60	6	\|\| $this->authenticateBody($request)
61	6	\|\| $this->authenticateQuery($request);
62		}
63
64		/**
65		* Authenticate with an "Authorization" header
66		*
67		* @param ServerRequestInterface $request Request
68		* @return bool Request is valid
69		*/
70	6	protected function authenticateHeader(ServerRequestInterface $request)
71		{
72		// Run through all "Authorization" headers
73	6	foreach ($request->getHeader('Authorization') as $authHeader) {
74		// If this is supposed to be a bearer token
75	1	if (!strncmp(strtolower($authHeader), 'bearer', 6)) {
76	1	$bearerToken = preg_split('%\s+%', $authHeader);
77
78		// If there is really a bearer token
79	1	if (count($bearerToken) > 1) {
80	1	return $this->verifyToken($bearerToken[1]);
81		}
82		}
83		}
84
85	6	return false;
86		}
87
88		/**
89		* Verify the validity of the bearer token
90		*
91		* @param string $token Bearer token
92		* @return boolean The bearer token is valid
93		*/
94		abstract protected function verifyToken($token);
95
96		/**
97		* Authenticate with an "access_token" body parameter
98		*
99		* @param ServerRequestInterface $request Request
100		* @return bool Request is valid
101		*/
102	6	protected function authenticateBody(ServerRequestInterface $request)
103		{
104	6	$bodyParameters = (array)$request->getParsedBody();
105	6	return array_key_exists('access_token', $bodyParameters) ?
106	6	$this->verifyToken($bodyParameters['access_token']) : false;
107		}
108
109		/**
110		* Authenticate with an "access_token" query parameter
111		*
112		* @param ServerRequestInterface $request Request
113		* @return bool Request is valid
114		*/
115	6	protected function authenticateQuery(ServerRequestInterface $request)
116		{
117	6	$queryParameters = (array)$request->getQueryParams();
118	6	return array_key_exists('access_token', $queryParameters) ?
119	6	$this->verifyToken($queryParameters['access_token']) : false;
120		}
121		}
122

apparat / server

Push — master ( d24783...e203a5 )

AbstractBearer A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

5 Methods

Duplication Side-by-Side

Filter issues like