BasicAuthenticator::authenticate() - Code Metrics - appserver-io/authenticator - Measure and Improve Code Quality continuously with Scrutinizer

BasicAuthenticator::authenticate() B
last analyzed 2021-10-06 16:03 UTC

↳ Parent: BasicAuthenticator

Complexity

Conditions	6
Paths	5

Size

Total Lines	61
Code Lines	30

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	42

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	30
c	1
b	0
f	0
dl	0
loc	61
ccs	0
cts	36
cp	0
rs	8.8177
cc	6
nc	5
nop	2
crap	42

How to fix Long Method

<?php

/**
 * AppserverIo\Authenticator\BasicAuthenticator
 *
 * NOTICE OF LICENSE
 *
 * This source file is subject to the Open Software License (OSL 3.0)
 * that is available through the world-wide-web at this URL:
 * http://opensource.org/licenses/osl-3.0.php
 *
 * PHP version 5
 *
 * @author    Tim Wagner <[email protected]>
 * @copyright 2016 TechDivision GmbH <[email protected]>
 * @license   http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
 * @link      https://github.com/appserver-io/authenticator
 * @link      http://www.appserver.io
 */

namespace AppserverIo\Authenticator;

use AppserverIo\Lang\String;
use AppserverIo\Psr\HttpMessage\Protocol;
use AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface;
use AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface;
use AppserverIo\Http\Authentication\AuthenticationException;

/**
 * An authenticator implementation providing HTTP basic authentication.
 *
 * @author    Tim Wagner <[email protected]>
 * @copyright 2016 TechDivision GmbH <[email protected]>
 * @license   http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
 * @link      https://github.com/appserver-io/authenticator
 * @link      http://www.appserver.io
 */
class BasicAuthenticator extends AbstractAuthenticator
{

    /**
     * Defines the auth type which should match the client request type definition
     *
     * @var string AUTH_TYPE
     */
    const AUTH_TYPE = 'Basic';

    /**
     * The password to authenticate the user with.
     *
     * @var string
     */
    protected $password;

    /**
     * Try to authenticate the user making this request, based on the specified login configuration.
     *
     * Return TRUE if any specified constraint has been satisfied, or FALSE if we have created a response
     * challenge already.
     *
     * @param \AppserverIo\Psr\Servlet\Http\HttpServletRequestInterface  $servletRequest  The servlet request instance
     * @param \AppserverIo\Psr\Servlet\Http\HttpServletResponseInterface $servletResponse The servlet response instance
     *
     * @return boolean TRUE if authentication has already been processed on a request before, else FALSE
     * @throws \AppserverIo\Http\Authentication\AuthenticationException Is thrown if the request can't be authenticated
     */
    public function authenticate(HttpServletRequestInterface $servletRequest, HttpServletResponseInterface $servletResponse)
    {

        // check if auth header is not set in coming request headers
        if ($servletRequest->hasHeader(Protocol::HEADER_AUTHORIZATION) === false) {
            // stop processing immediately
            $servletRequest->setDispatched(true);
            $servletResponse->setStatusCode(401);
            $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader());
            return false;
        }

        // load the raw login credentials
        $rawAuthData = $servletRequest->getHeader(Protocol::HEADER_AUTHORIZATION);

        // set auth hash got from auth data request header and check if username and password has been passed
        if (strstr($credentials = base64_decode(trim(strstr($rawAuthData, " "))), ':') === false) {
        if (strstr($credentials = base64_decode(trim(strstr(/** @scrutinizer ignore-type */ $rawAuthData, " "))), ':') === false) {
            // stop processing immediately
            $servletRequest->setDispatched(true);
            $servletResponse->setStatusCode(401);
            $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader());
            return false;
        }

        // get out username and password
        list ($username, $password) = explode(':', $credentials);

        // query whether or not a username and a password has been passed
        if (($password === null) || ($username === null)) {
            // stop processing immediately
            $servletRequest->setDispatched(true);
            $servletResponse->setStatusCode(401);
            $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader());
            return false;
        }

        // set username and password
        $this->username = new String($username);
        $this->password = new String($password);

        // load the realm to authenticate this request for
        /** @var AppserverIo\Appserver\ServletEngine\Security\RealmInterface $realm */
        $realm = $this->getAuthenticationManager()->getRealm($this->getRealmName());

        // authenticate the request and initialize the user principal
        $userPrincipal = $realm->authenticate($this->getUsername(), $this->getPassword());

        // query whether or not the realm returned an authenticated user principal
        if ($userPrincipal == null) {
            // stop processing immediately
            $servletRequest->setDispatched(true);
            $servletResponse->setStatusCode(401);
            $servletResponse->setBodyStream('Unauthorized');
            $servletResponse->setBodyStream(/** @scrutinizer ignore-type */ 'Unauthorized');
            $servletResponse->addHeader(Protocol::HEADER_WWW_AUTHENTICATE, $this->getAuthenticateHeader());
            return false;
        }

        // add the user principal and the authentication type to the request
        $servletRequest->setUserPrincipal($userPrincipal);
                         setUserPrincipal($userPrincipal);
        $servletRequest->setAuthType($this->getAuthType());
                         setAuthType($this->getAuthType());
        return true;
    }

    /**
     * Returns the authentication header for response to set
     *
     * @return string
     */
    public function getAuthenticateHeader()
    {
        return sprintf('%s realm="%s"', $this->getAuthType(), $this->getRealmName());

    }

    /**
     * Returns the parsed password
     *
     * @return string
     */
    public function getPassword()
    {
        return isset($this->password) ? $this->password : null;
    }
}


appserver-io / authenticator

BasicAuthenticator::authenticate() B last analyzed 2021-10-06 16:03 UTC

Complexity

Size

Duplication

Code Coverage

Importance

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like

BasicAuthenticator::authenticate() B
last analyzed 2021-10-06 16:03 UTC