Issues in Authorization.php - New Issues - Inspection of "Add php di support" - chadicus/slim-oauth2-middleware - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Pull Request — master (#26)

unknown

created 2017-01-09 17:23 UTC

src/Authorization.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Chadicus\Slim\OAuth2\Middleware;

use ArrayAccess;
use Chadicus\Slim\OAuth2\Http\RequestBridge;
use Chadicus\Slim\OAuth2\Http\ResponseBridge;
use Chadicus\Psr\Middleware\MiddlewareInterface;
use DI;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ResponseInterface;
use OAuth2;

/**
 * Slim Middleware to handle OAuth2 Authorization.
 */
class Authorization implements MiddlewareInterface
{
    /**
     * OAuth2 Server
     *
     * @var OAuth2\Server
     */
    private $server;

    /**
     * Array of scopes required for authorization.
     *
     * @var array
     */
    private $scopes;

    /**
     * Container for token.
     *
     * @var ArrayAccess
     */
    private $container;

    /**
     * Create a new instance of the Authorization middleware.
     *
     * @param OAuth2\Server $server    The configured OAuth2 server.
     * @param DI\Container  $container A container object in which to store the token from the request.
     * @param array         $scopes    Scopes required for authorization. $scopes can be given as an array of arrays. OR
     *                                 logic will use with each grouping.  Example:
     *                                 Given ['superUser', ['basicUser', 'aPermission']], the request will be verified
     *                                 if the request token has 'superUser' scope OR 'basicUser' and 'aPermission' as
     *                                 its scope.
     */
    public function __construct(OAuth2\Server $server, DI\Container $container, array $scopes = [])
    {
        $this->server = $server;
        $this->container = $container;

        $this->scopes = $this->formatScopes($scopes);
    }

    /**
     * Execute this middleware.
     *
     * @param  ServerRequestInterface $request  The PSR7 request.
     * @param  ResponseInterface      $response The PSR7 response.
     * @param  callable               $next     The Next middleware.
     *
     * @return ResponseInterface
     */
    public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
    {
        $oauth2Request = RequestBridge::toOAuth2($request);
        foreach ($this->scopes as $scope) {
            if ($this->server->verifyResourceRequest($oauth2Request, null, $scope)) {
                $this->container->set('token', $this->server->getResourceController()->getToken());
interface User
{
    /** @return string */
    public function getPassword();
}

class MyUser implements User
{
    public function getPassword()
    {
        // return something
    }

    public function getDisplayName()
    {
        // return some name.
    }
}

class AuthSystem
{
    public function authenticate(User $user)
    {
        $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
        // do something.
    }
}
                return $next($request, $response);
            }
        }

        $response = ResponseBridge::fromOAuth2($this->server->getResponse());

        if ($response->hasHeader('Content-Type')) {
            return $response;
        }

        return $response->withHeader('Content-Type', 'application/json');
    }

    /**
     * Returns a callable function to be used as a authorization middleware with a specified scope.
     *
     * @param array $scopes Scopes require for authorization.
     *
     * @return Authorization
     */
    public function withRequiredScope(array $scopes)
    {
        $clone = clone $this;
        $clone->scopes = $clone->formatScopes($scopes);
        return $clone;
    }

    /**
     * Helper method to ensure given scopes are formatted properly.
     *
     * @param array $scopes Scopes required for authorization.
     *
     * @return array The formatted scopes array.
     */
    private function formatScopes(array $scopes)
    {
        if (empty($scopes)) {
            return [null]; //use at least 1 null scope
        }

        array_walk(
            $scopes,
            function (&$scope) {
                if (is_array($scope)) {
                    $scope = implode(' ', $scope);
                }
            }
        );

        return $scopes;
    }
}


1			<?php
2			namespace Chadicus\Slim\OAuth2\Middleware;
3
4			use ArrayAccess;
5			use Chadicus\Slim\OAuth2\Http\RequestBridge;
6			use Chadicus\Slim\OAuth2\Http\ResponseBridge;
7			use Chadicus\Psr\Middleware\MiddlewareInterface;
8			use DI;
9			use Psr\Http\Message\ServerRequestInterface;
10			use Psr\Http\Message\ResponseInterface;
11			use OAuth2;
12
13			/**
14			* Slim Middleware to handle OAuth2 Authorization.
15			*/
16			class Authorization implements MiddlewareInterface
17			{
18			/**
19			* OAuth2 Server
20			*
21			* @var OAuth2\Server
22			*/
23			private $server;
24
25			/**
26			* Array of scopes required for authorization.
27			*
28			* @var array
29			*/
30			private $scopes;
31
32			/**
33			* Container for token.
34			*
35			* @var ArrayAccess
36			*/
37			private $container;
38
39			/**
40			* Create a new instance of the Authorization middleware.
41			*
42			* @param OAuth2\Server $server The configured OAuth2 server.
43			* @param DI\Container $container A container object in which to store the token from the request.
44			* @param array $scopes Scopes required for authorization. $scopes can be given as an array of arrays. OR
45			* logic will use with each grouping. Example:
46			* Given ['superUser', ['basicUser', 'aPermission']], the request will be verified
47			* if the request token has 'superUser' scope OR 'basicUser' and 'aPermission' as
48			* its scope.
49			*/
50			public function __construct(OAuth2\Server $server, DI\Container $container, array $scopes = [])
51			{
52			$this->server = $server;
53			$this->container = $container;
			0 ignored issues – show Documentation Bug introduced 2017-01-09 17:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$container` of type `object<DI\Container>` is incompatible with the declared type `object<ArrayAccess>` of property `$container`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
54			$this->scopes = $this->formatScopes($scopes);
55			}
56
57			/**
58			* Execute this middleware.
59			*
60			* @param ServerRequestInterface $request The PSR7 request.
61			* @param ResponseInterface $response The PSR7 response.
62			* @param callable $next The Next middleware.
63			*
64			* @return ResponseInterface
65			*/
66			public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
67			{
68			$oauth2Request = RequestBridge::toOAuth2($request);
69			foreach ($this->scopes as $scope) {
70			if ($this->server->verifyResourceRequest($oauth2Request, null, $scope)) {
71			$this->container->set('token', $this->server->getResourceController()->getToken());
			0 ignored issues – show Bug introduced 2017-01-09 17:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you code against a concrete implementation and not the interface `OAuth2\Controller\ResourceControllerInterface` as the method `getToken()` does only exist in the following implementations of said interface: `OAuth2\Controller\ResourceController`, `OAuth2\OpenID\Controller\UserInfoController`. Let’s take a look at an example: interface User { /** @return string / public function getPassword(); } class MyUser implements User { public function getPassword() { // return something } public function getDisplayName() { // return some name. } } class AuthSystem { public function authenticate(User $user) { $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName())); // do something. } } In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break. Available Fixes Change the type-hint for the parameter: class AuthSystem { public function authenticate(MyUser $user) { / ... / } } Add an additional type-check: class AuthSystem { public function authenticate(User $user) { if ($user instanceof MyUser) { $this->logger->info(/* ... /); } // or alternatively if ( ! $user instanceof MyUser) { throw new \LogicException( '$user must be an instance of MyUser, ' .'other instances are not supported.' ); } } } Note:* PHP Analyzer uses reverse abstract interpretation to narrow down the types inside the if block in such a case. Add the method to the interface: interface User { /** @return string / public function getPassword(); /* @return string / public function getDisplayName(); } Loading history... Bug introduced 2017-01-09 17:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you code against a concrete implementation and not the interface `ArrayAccess` as the method `set()` does only exist in the following implementations of said interface: `Guzzle\Common\Collection`, `Guzzle\Http\QueryString`, `Guzzle\Service\Builder\ServiceBuilder`, `Guzzle\Service\Command\AbstractCommand`, `Guzzle\Service\Command\ClosureCommand`, `Guzzle\Service\Command\OperationCommand`, `Guzzle\Service\Resource\Model`, `Guzzle\Tests\Service\Mock\Command\IterableCommand`, `Guzzle\Tests\Service\Mock\Command\MockCommand`, `Guzzle\Tests\Service\Mock\Command\OtherCommand`, `Guzzle\Tests\Service\Mock\Command\Sub\Sub`, `HttpQueryString`. Let’s take a look at an example: interface User { /* @return string / public function getPassword(); } class MyUser implements User { public function getPassword() { // return something } public function getDisplayName() { // return some name. } } class AuthSystem { public function authenticate(User $user) { $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName())); // do something. } } In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break. Available Fixes Change the type-hint for the parameter: class AuthSystem { public function authenticate(MyUser $user) { / ... / } } Add an additional type-check: class AuthSystem { public function authenticate(User $user) { if ($user instanceof MyUser) { $this->logger->info(/* ... /); } // or alternatively if ( ! $user instanceof MyUser) { throw new \LogicException( '$user must be an instance of MyUser, ' .'other instances are not supported.' ); } } } Note:* PHP Analyzer uses reverse abstract interpretation to narrow down the types inside the if block in such a case. Add the method to the interface: interface User { /** @return string / public function getPassword(); /* @return string */ public function getDisplayName(); } Loading history...
72			return $next($request, $response);
73			}
74			}
75
76			$response = ResponseBridge::fromOAuth2($this->server->getResponse());
77
78			if ($response->hasHeader('Content-Type')) {
79			return $response;
80			}
81
82			return $response->withHeader('Content-Type', 'application/json');
83			}
84
85			/**
86			* Returns a callable function to be used as a authorization middleware with a specified scope.
87			*
88			* @param array $scopes Scopes require for authorization.
89			*
90			* @return Authorization
91			*/
92			public function withRequiredScope(array $scopes)
93			{
94			$clone = clone $this;
95			$clone->scopes = $clone->formatScopes($scopes);
96			return $clone;
97			}
98
99			/**
100			* Helper method to ensure given scopes are formatted properly.
101			*
102			* @param array $scopes Scopes required for authorization.
103			*
104			* @return array The formatted scopes array.
105			*/
106			private function formatScopes(array $scopes)
107			{
108			if (empty($scopes)) {
109			return [null]; //use at least 1 null scope
110			}
111
112			array_walk(
113			$scopes,
114			function (&$scope) {
115			if (is_array($scope)) {
116			$scope = implode(' ', $scope);
117			}
118			}
119			);
120
121			return $scopes;
122			}
123			}
124

chadicus / slim-oauth2-middleware

Pull Request — master (#26)

src/Authorization.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like