Issues in Authorization.php - Failed Issues - Inspection of "4.x" - chadicus/slim-oauth2-middleware - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Pull Request — master (#48)

by Chad

created 2018-03-15 13:06 UTC

src/Authorization.php (1 issue)

Labels

Coding Style 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Chadicus\Slim\OAuth2\Middleware;

use ArrayAccess;
use Chadicus\Slim\OAuth2\Http\RequestBridge;
use Chadicus\Slim\OAuth2\Http\ResponseBridge;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Interop\Container\ContainerInterface;
use OAuth2;

/**
 * Slim Middleware to handle OAuth2 Authorization.
 */
class Authorization implements MiddlewareInterface
{
    /**
     * OAuth2 Server
     *
     * @var OAuth2\Server
     */
    private $server;

    /**
     * Array of scopes required for authorization.
     *
     * @var array
     */
    private $scopes;

    /**
     * Container for token.
     *
     * @var ArrayAccess|ContainerInterface
     */
    private $container;

    /**
     * Create a new instance of the Authroization middleware.
     *
     * @param OAuth2\Server                  $server    The configured OAuth2 server.
     * @param ArrayAccess|ContainerInterface $container A container object in which to store the token from the
     *                                                  request.
     * @param array                          $scopes    Scopes required for authorization. $scopes can be given as an
     *                                                  array of arrays. OR logic will use with each grouping.
     *                                                  Example:
     *                                                  Given ['superUser', ['basicUser', 'aPermission']], the request
     *                                                  will be verified if the request token has 'superUser' scope
     *                                                  OR 'basicUser' and 'aPermission' as its scope.
     *
     * @throws \InvalidArgumentException Thrown if $container is not an instance of ArrayAccess or ContainerInterface.
     */
    public function __construct(OAuth2\Server $server, $container, array $scopes = [])
    {
        $this->server = $server;
        if (!is_a($container, '\\ArrayAccess') && !is_a($container, '\\Interop\\Container\\ContainerInterface')) {
            throw new \InvalidArgumentException(
                '$container does not implement \\ArrayAccess or \\Interop\\Container\\ContainerInterface'
            );
        }

        $this->container = $container;
        $this->scopes = $this->formatScopes($scopes);
    }

    /**
     * Execute this middleware as a function.
     *
     * @param  ServerRequestInterface $request  The PSR7 request.
     * @param  ResponseInterface      $response The PSR7 response.
     * @param  callable               $next     The Next middleware.
     *
     * @return ResponseInterface
     */
    public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
    {
        $handler = new class implements RequestHandlerInterface

        {
            public $next;
            public $response;

            /**
             * Handle the request and return a response.
             *
             * @param ServerRequestInterface $request The request to handle.
             *
             * @return ResponseInterface
             */
            public function handle(ServerRequestInterface $request): ResponseInterface
            {
                return call_user_func_array($this->next, [$request, $this->response]);
            }
        };

        $handler->next = $next;
        $handler->response = $response;

        return $this->process($request, $handler);
    }

    /**
     * Execute this middleware.
     *
     * @param ServerRequestInterface  $request The PSR-7 request.
     * @param RequestHandlerInterface $handler The PSR-15 request handler.
     *
     * @return ResponseInterface
     */
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler) : ResponseInterface
    {
        $oauth2Request = RequestBridge::toOAuth2($request);
        foreach ($this->scopes as $scope) {
            if ($this->server->verifyResourceRequest($oauth2Request, null, $scope)) {
                $this->setToken($this->server->getResourceController()->getToken());
                return $handler->handle($request);
            }
        }

        $response = ResponseBridge::fromOauth2($this->server->getResponse());

        if ($response->hasHeader('Content-Type')) {
            return $response;
        }

        return $response->withHeader('Content-Type', 'application/json');
    }

    /**
     * Helper method to set the token value in the container instance.
     *
     * @param array $token The token from the incoming request.
     *
     * @return void
     */
    private function setToken(array $token)
    {
        if (is_a($this->container, '\\ArrayAccess')) {
            $this->container['token'] = $token;
            return;
        }

        $this->container->set('token', $token);
    }

    /**
     * Returns a callable function to be used as a authorization middleware with a specified scope.
     *
     * @param array $scopes Scopes require for authorization.
     *
     * @return Authorization
     */
    public function withRequiredScope(array $scopes)
    {
        $clone = clone $this;
        $clone->scopes = $clone->formatScopes($scopes);
        return $clone;
    }

    /**
     * Helper method to ensure given scopes are formatted properly.
     *
     * @param array $scopes Scopes required for authorization.
     *
     * @return array The formatted scopes array.
     */
    private function formatScopes(array $scopes)
    {
        if (empty($scopes)) {
            return [null]; //use at least 1 null scope
        }

        array_walk(
            $scopes,
            function (&$scope) {
                if (is_array($scope)) {
                    $scope = implode(' ', $scope);
                }
            }
        );

        return $scopes;
    }
}


1			<?php
2			namespace Chadicus\Slim\OAuth2\Middleware;
3
4			use ArrayAccess;
5			use Chadicus\Slim\OAuth2\Http\RequestBridge;
6			use Chadicus\Slim\OAuth2\Http\ResponseBridge;
7			use Psr\Http\Message\ServerRequestInterface;
8			use Psr\Http\Message\ResponseInterface;
9			use Psr\Http\Server\MiddlewareInterface;
10			use Psr\Http\Server\RequestHandlerInterface;
11			use Interop\Container\ContainerInterface;
12			use OAuth2;
13
14			/**
15			* Slim Middleware to handle OAuth2 Authorization.
16			*/
17			class Authorization implements MiddlewareInterface
18			{
19			/**
20			* OAuth2 Server
21			*
22			* @var OAuth2\Server
23			*/
24			private $server;
25
26			/**
27			* Array of scopes required for authorization.
28			*
29			* @var array
30			*/
31			private $scopes;
32
33			/**
34			* Container for token.
35			*
36			* @var ArrayAccess\|ContainerInterface
37			*/
38			private $container;
39
40			/**
41			* Create a new instance of the Authroization middleware.
42			*
43			* @param OAuth2\Server $server The configured OAuth2 server.
44			* @param ArrayAccess\|ContainerInterface $container A container object in which to store the token from the
45			* request.
46			* @param array $scopes Scopes required for authorization. $scopes can be given as an
47			* array of arrays. OR logic will use with each grouping.
48			* Example:
49			* Given ['superUser', ['basicUser', 'aPermission']], the request
50			* will be verified if the request token has 'superUser' scope
51			* OR 'basicUser' and 'aPermission' as its scope.
52			*
53			* @throws \InvalidArgumentException Thrown if $container is not an instance of ArrayAccess or ContainerInterface.
54			*/
55			public function __construct(OAuth2\Server $server, $container, array $scopes = [])
56			{
57			$this->server = $server;
58			if (!is_a($container, '\\ArrayAccess') && !is_a($container, '\\Interop\\Container\\ContainerInterface')) {
59			throw new \InvalidArgumentException(
60			'$container does not implement \\ArrayAccess or \\Interop\\Container\\ContainerInterface'
61			);
62			}
63
64			$this->container = $container;
65			$this->scopes = $this->formatScopes($scopes);
66			}
67
68			/**
69			* Execute this middleware as a function.
70			*
71			* @param ServerRequestInterface $request The PSR7 request.
72			* @param ResponseInterface $response The PSR7 response.
73			* @param callable $next The Next middleware.
74			*
75			* @return ResponseInterface
76			*/
77			public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
78			{
79			$handler = new class implements RequestHandlerInterface
			0 ignored issues – show Coding Style introduced 2018-03-15 13:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this This class is not in CamelCase format. Classes in PHP are usually named in CamelCase. In camelCase names are written without any punctuation, the start of each new word being marked by a capital letter. The whole name starts with a capital letter as well. Thus the name database provider becomes `DatabaseProvider`. Loading history...
80			{
81			public $next;
82			public $response;
83
84			/**
85			* Handle the request and return a response.
86			*
87			* @param ServerRequestInterface $request The request to handle.
88			*
89			* @return ResponseInterface
90			*/
91			public function handle(ServerRequestInterface $request): ResponseInterface
92			{
93			return call_user_func_array($this->next, [$request, $this->response]);
94			}
95			};
96
97			$handler->next = $next;
98			$handler->response = $response;
99
100			return $this->process($request, $handler);
101			}
102
103			/**
104			* Execute this middleware.
105			*
106			* @param ServerRequestInterface $request The PSR-7 request.
107			* @param RequestHandlerInterface $handler The PSR-15 request handler.
108			*
109			* @return ResponseInterface
110			*/
111			public function process(ServerRequestInterface $request, RequestHandlerInterface $handler) : ResponseInterface
112			{
113			$oauth2Request = RequestBridge::toOAuth2($request);
114			foreach ($this->scopes as $scope) {
115			if ($this->server->verifyResourceRequest($oauth2Request, null, $scope)) {
116			$this->setToken($this->server->getResourceController()->getToken());
117			return $handler->handle($request);
118			}
119			}
120
121			$response = ResponseBridge::fromOauth2($this->server->getResponse());
122
123			if ($response->hasHeader('Content-Type')) {
124			return $response;
125			}
126
127			return $response->withHeader('Content-Type', 'application/json');
128			}
129
130			/**
131			* Helper method to set the token value in the container instance.
132			*
133			* @param array $token The token from the incoming request.
134			*
135			* @return void
136			*/
137			private function setToken(array $token)
138			{
139			if (is_a($this->container, '\\ArrayAccess')) {
140			$this->container['token'] = $token;
141			return;
142			}
143
144			$this->container->set('token', $token);
145			}
146
147			/**
148			* Returns a callable function to be used as a authorization middleware with a specified scope.
149			*
150			* @param array $scopes Scopes require for authorization.
151			*
152			* @return Authorization
153			*/
154			public function withRequiredScope(array $scopes)
155			{
156			$clone = clone $this;
157			$clone->scopes = $clone->formatScopes($scopes);
158			return $clone;
159			}
160
161			/**
162			* Helper method to ensure given scopes are formatted properly.
163			*
164			* @param array $scopes Scopes required for authorization.
165			*
166			* @return array The formatted scopes array.
167			*/
168			private function formatScopes(array $scopes)
169			{
170			if (empty($scopes)) {
171			return [null]; //use at least 1 null scope
172			}
173
174			array_walk(
175			$scopes,
176			function (&$scope) {
177			if (is_array($scope)) {
178			$scope = implode(' ', $scope);
179			}
180			}
181			);
182
183			return $scopes;
184			}
185			}
186

chadicus / slim-oauth2-middleware

Pull Request — master (#48)

src/Authorization.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like