CsrfTokenAuthenticator::setToken() - Code Metrics - Inspection of "Update README.md" - biurad/php-security - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 3c8625...c93166 )

by Divine Niiquaye

created 2022-04-04 09:39 UTC

CsrfTokenAuthenticator::setToken() A

↳ Parent: CsrfTokenAuthenticator

Complexity

Conditions	1
Paths	1

Size

Total Lines	2
Code Lines	0

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	2

Importance

Changes

Metric	Value
cc	1
eloc	0
nc	1
nop	1
dl	0
loc	2
ccs	0
cts	0
cp	0
crap	2
rs	10
c	0
b	0
f	0

<?php

namespace Biurad\Security\Authenticator;

use Biurad\Security\Interfaces\AuthenticatorInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
use Symfony\Component\Security\Csrf\CsrfToken;
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;

/**
 * Authenticates whether the given CSRF token is valid.
 *
 * @author Divine Niiquaye Ibok <[email protected]>
 */
class CsrfTokenAuthenticator implements AuthenticatorInterface
{
    private CsrfTokenManagerInterface $csrfTokenManager;
    private string $csrfTokenId;
    private string $csrfParameter;

    public function __construct(CsrfTokenManagerInterface $csrfTokenManager, string $csrfTokenId = 'authenticate', string $csrfParameter = '_csrf_token')
    {
        $this->csrfTokenManager = $csrfTokenManager;
        $this->csrfTokenId = $csrfTokenId;
        $this->csrfParameter = $csrfParameter;
    }

    /**
     * {@inheritdoc}
     */
    public function setToken(?TokenInterface $token): void
    {
        // This authenticator does not use a token.
    }

    /**
     * {@inheritdoc}
     */
    public function supports(ServerRequestInterface $request): bool
    {
        return 'POST' === $request->getMethod();
    }

    /**
     * {@inheritdoc}
     */
    public function authenticate(ServerRequestInterface $request, array $credentials): ?TokenInterface
    {
        if (empty($csrfToken = $credentials[$this->csrfParameter] ?? null)) {
            return null;
        }

        if (!\is_string($csrfToken)) {
            throw new BadRequestException(\sprintf('The key "%s" must be a string, "%s" given.', $this->csrfParameter, \gettype($csrfToken)));
        }

        $csrfToken = new CsrfToken($this->csrfTokenId, $csrfToken);

        if (false === $this->csrfTokenManager->isTokenValid($csrfToken)) {
            throw new InvalidCsrfTokenException('Invalid CSRF token.');
        }

        return null;
    }

    /**
     * {@inheritdoc}
     */
    public function failure(ServerRequestInterface $request, AuthenticationException $exception): ?ResponseInterface
    {
        return null;
    }
}


1			<?php
2
3			namespace Biurad\Security\Authenticator;
4
5			use Biurad\Security\Interfaces\AuthenticatorInterface;
6			use Psr\Http\Message\ResponseInterface;
7			use Psr\Http\Message\ServerRequestInterface;
8			use Symfony\Component\HttpFoundation\Exception\BadRequestException;
9			use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
10			use Symfony\Component\Security\Core\Exception\AuthenticationException;
11			use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
12			use Symfony\Component\Security\Csrf\CsrfToken;
13			use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
14
15			/**
16			* Authenticates whether the given CSRF token is valid.
17			*
18			* @author Divine Niiquaye Ibok <[email protected]>
19			*/
20			class CsrfTokenAuthenticator implements AuthenticatorInterface
21			{
22			private CsrfTokenManagerInterface $csrfTokenManager;
23			private string $csrfTokenId;
24			private string $csrfParameter;
25
26			public function __construct(CsrfTokenManagerInterface $csrfTokenManager, string $csrfTokenId = 'authenticate', string $csrfParameter = '_csrf_token')
27			{
28			$this->csrfTokenManager = $csrfTokenManager;
29			$this->csrfTokenId = $csrfTokenId;
30			$this->csrfParameter = $csrfParameter;
31			}
32
33			/**
34			* {@inheritdoc}
35			*/
36			public function setToken(?TokenInterface $token): void
37			{
38			// This authenticator does not use a token.
39			}
40
41			/**
42			* {@inheritdoc}
43			*/
44			public function supports(ServerRequestInterface $request): bool
45			{
46			return 'POST' === $request->getMethod();
47			}
48
49			/**
50			* {@inheritdoc}
51			*/
52			public function authenticate(ServerRequestInterface $request, array $credentials): ?TokenInterface
53			{
54			if (empty($csrfToken = $credentials[$this->csrfParameter] ?? null)) {
55			return null;
56			}
57
58			if (!\is_string($csrfToken)) {
59			throw new BadRequestException(\sprintf('The key "%s" must be a string, "%s" given.', $this->csrfParameter, \gettype($csrfToken)));
60			}
61
62			$csrfToken = new CsrfToken($this->csrfTokenId, $csrfToken);
63
64			if (false === $this->csrfTokenManager->isTokenValid($csrfToken)) {
65			throw new InvalidCsrfTokenException('Invalid CSRF token.');
66			}
67
68			return null;
69			}
70
71			/**
72			* {@inheritdoc}
73			*/
74			public function failure(ServerRequestInterface $request, AuthenticationException $exception): ?ResponseInterface
75			{
76			return null;
77			}
78			}
79

biurad / php-security

Push — master ( 3c8625...c93166 )

CsrfTokenAuthenticator::setToken() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like