Issues in Authorization.php - Failed Issues - Inspection of "Slim3" - chadicus/slim-oauth2-middleware - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Pull Request — master (#17)

by Chad

created 2016-05-22 16:57 UTC

src/Authorization.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Chadicus\Slim\OAuth2\Middleware;

use Chadicus\Slim\OAuth2\Http\RequestBridge;
use Chadicus\Slim\OAuth2\Http\ResponseBridge;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ResponseInterface;
use OAuth2;
use Slim;

/**
 * Slim Middleware to handle OAuth2 Authorization.
 */
class Authorization implements MiddlewareInterface
{
    /**
     * Slim App
     *
     * @var Slim\App
     */
    private $slim;

    /**
     * OAuth2 Server
     *
     * @var OAuth2\Server
     */
    private $server;

    /**
     * Array of scopes required for authorization.
     *
     * @var array
     */
    private $scopes;

    /**
     * Create a new instance of the Authroization middleware.
     *
     * @param Slim\App      $slim   The slim framework application instance.
     * @param OAuth2\Server $server The configured OAuth2 server.
     * @param array         $scopes Scopes required for authorization. $scopes can be given as an array of arrays. OR
     *                              logic will use with each grouping.  Example:
     *                              Given ['superUser', ['basicUser', 'aPermission']], the request will be verified if
     *                              the request token has 'superUser' scope OR 'basicUser' and 'aPermission' as its
     *                              scope.
     */
    public function __construct(Slim\App $slim, OAuth2\Server $server, array $scopes = [])
    {
        $this->slim = $slim;
        $this->server = $server;
        $this->scopes = $scopes;
    }

    /**
     * Execute this middleware.
     *
     * @param  ServerRequestInterface $request  The PSR7 request.
     * @param  ResponseInterface      $response The PSR7 response.
     * @param  callable               $next     The Next middleware.
     *
     * @return Slim\Http\Response
     */
    public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
    {
        $oauth2Request = RequestBridge::toOAuth2($request);

        $scopes = $this->scopes;
        if (empty($scopes)) {
            $scopes = [null]; //use at least 1 null scope
        }

        foreach ($scopes as $scope) {
            if (is_array($scope)) {
                $scope = implode(' ', $scope);
            }

            if ($this->server->verifyResourceRequest($oauth2Request, null, $scope)) {
                $this->slim->getContainer()->token = $this->server->getResourceController()->getToken();
interface SomeInterface { }
class SomeClass implements SomeInterface {
    public $a;
}

function someFunction(SomeInterface $object) {
    if ($object instanceof SomeClass) {
        $a = $object->a;
    }
}
                return $next($request, $response);
            }
        }

        return ResponseBridge::fromOAuth2($this->server->getResponse());
    }

    /**
     * Returns a callable function to be used as a authorization middleware with a specified scope.
     *
     * @param array $scopes Scopes require for authorization.
     *
     * @return Authorization
     */
    public function withRequiredScope(array $scopes)
    {
        $clone = clone $this;
        $clone->scopes = $scopes;
        return $clone;
    }
}


1			<?php
2			namespace Chadicus\Slim\OAuth2\Middleware;
3
4			use Chadicus\Slim\OAuth2\Http\RequestBridge;
5			use Chadicus\Slim\OAuth2\Http\ResponseBridge;
6			use Psr\Http\Message\ServerRequestInterface;
7			use Psr\Http\Message\ResponseInterface;
8			use OAuth2;
9			use Slim;
10
11			/**
12			* Slim Middleware to handle OAuth2 Authorization.
13			*/
14			class Authorization implements MiddlewareInterface
15			{
16			/**
17			* Slim App
18			*
19			* @var Slim\App
20			*/
21			private $slim;
22
23			/**
24			* OAuth2 Server
25			*
26			* @var OAuth2\Server
27			*/
28			private $server;
29
30			/**
31			* Array of scopes required for authorization.
32			*
33			* @var array
34			*/
35			private $scopes;
36
37			/**
38			* Create a new instance of the Authroization middleware.
39			*
40			* @param Slim\App $slim The slim framework application instance.
41			* @param OAuth2\Server $server The configured OAuth2 server.
42			* @param array $scopes Scopes required for authorization. $scopes can be given as an array of arrays. OR
43			* logic will use with each grouping. Example:
44			* Given ['superUser', ['basicUser', 'aPermission']], the request will be verified if
45			* the request token has 'superUser' scope OR 'basicUser' and 'aPermission' as its
46			* scope.
47			*/
48			public function __construct(Slim\App $slim, OAuth2\Server $server, array $scopes = [])
49			{
50			$this->slim = $slim;
51			$this->server = $server;
52			$this->scopes = $scopes;
53			}
54
55			/**
56			* Execute this middleware.
57			*
58			* @param ServerRequestInterface $request The PSR7 request.
59			* @param ResponseInterface $response The PSR7 response.
60			* @param callable $next The Next middleware.
61			*
62			* @return Slim\Http\Response
63			*/
64			public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
65			{
66			$oauth2Request = RequestBridge::toOAuth2($request);
67
68			$scopes = $this->scopes;
69			if (empty($scopes)) {
70			$scopes = [null]; //use at least 1 null scope
71			}
72
73			foreach ($scopes as $scope) {
74			if (is_array($scope)) {
75			$scope = implode(' ', $scope);
76			}
77
78			if ($this->server->verifyResourceRequest($oauth2Request, null, $scope)) {
79			$this->slim->getContainer()->token = $this->server->getResourceController()->getToken();
			0 ignored issues – show Bug introduced 2016-05-22 16:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this Accessing `token` on the interface `Interop\Container\ContainerInterface` suggest that you code against a concrete implementation. How about adding an `instanceof` check? If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes Adding an additional type check: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeInterface $object) { if ($object instanceof SomeClass) { $a = $object->a; } } Changing the type hint: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeClass $object) { $a = $object->a; } Loading history...
80			return $next($request, $response);
81			}
82			}
83
84			return ResponseBridge::fromOAuth2($this->server->getResponse());
85			}
86
87			/**
88			* Returns a callable function to be used as a authorization middleware with a specified scope.
89			*
90			* @param array $scopes Scopes require for authorization.
91			*
92			* @return Authorization
93			*/
94			public function withRequiredScope(array $scopes)
95			{
96			$clone = clone $this;
97			$clone->scopes = $scopes;
98			return $clone;
99			}
100			}
101

chadicus / slim-oauth2-middleware

Pull Request — master (#17)

src/Authorization.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like