HMACSignatureAuth - Code Metrics - charlesportwoodii/yii2-api-rest-components - Measure and Improve Code Quality continuously with Scrutinizer

HMACSignatureAuth A
last analyzed 2019-01-14 23:02 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	103
Duplicated Lines	0 %

Importance

Changes

Metric	Value
eloc	46
dl	0
loc	103
rs	10
c	0
b	0
f	0
wmc	16

4 Methods

Rating	Name	Size	Complexity
A	beforeAction()	7	2
A	getBodyFromRequest()	12	3
A	getTokenFromAccessToken()	16	4
B	authenticate()	35	7

<?php

namespace yrc\filters\auth;

use DateTime;
use ncryptf\Authorization;
use ncryptf\Token as NcryptfToken;
use yrc\models\redis\Token;
use yii\helpers\Json;
use yii\filters\auth\AuthMethod;
use yii\web\HttpException;
use yii\web\Request;
use yii\web\Response;
use Yii;

/**
 * HeaderParamAuth is an action filter that supports the authentication based on the access token passed through a query parameter.
 */
final class HMACSignatureAuth extends AuthMethod
{
    // The date header
    const DATE_HEADER = 'X-DATE';
    
    // The authorization header
    const AUTHORIZATION_HEADER = 'Authorization';
    
    // The amount of the seconds the request is permitted to differ from the server time
    const DRIFT_TIME_ALLOWANCE = 90;

    /**
     * @inheritdoc
     */
    public function beforeAction($action)
    {
        if (Yii::$app->request->method === 'OPTIONS') {
            return true;
        }

        return parent::beforeAction($action);
    }

    /**
     * @inheritdoc
     */
    public function authenticate($user, $request, $response)
    {
        $params = Authorization::extractParamsFromHeaderString($request->getHeaders()->get(self::AUTHORIZATION_HEADER));

        if ($params) {
            if ($token = $this->getTokenFromAccessToken($params['access_token'])) {
                try {
                    $date = new DateTime($params['date'] ?? $request->getHeaders()->get(self::DATE_HEADER));
                    $auth = new Authorization(
                        $request->method,
                        $request->getUrl(),
                        $token->getNcryptfToken(),
                        $date,
                        $this->getBodyFromRequest($request),
                        $params['v'],
                        \base64_decode($params['salt'])
                    );

                    if ($auth->verify(\base64_decode($params['hmac']), $auth, static::DRIFT_TIME_ALLOWANCE)) {
                        if ($identity = $user->loginByAccessToken($token, \get_class($this))) {
                            return $identity;
                        }
                    }
                } catch (HttpException $e) {
                    throw $e;
                } catch (\Exception $e) {
                    Yii::error([
                        'message' => 'An unexpected error occured when handling authentication request.',
                        'exception' => $e
                    ]);
                }
            }
        }

        $this->handleFailure($response);
    }

    /**
     * Retrieves a Token object from an access token string
     * @param string $accessToken
     * @return \yrc\models\redis\Token
     */
    private function getTokenFromAccessToken(string $accessToken)
    {
        try {
            $tokenClass = (Yii::$app->user->identityClass::TOKEN_CLASS);
            $token = $tokenClass::find()
                ->where(['access_token' => $accessToken])
                ->one();
        } catch (\Exception $e) {
            return null;
        }

        if ($token === null || $token->isExpired()) {
            return null;
        }

        return $token;
    }

    /**
     * Retrieves the appropriate request body
     * @param \yii\web\Request $request
     * @return mixed
     */
    private function getBodyFromRequest(Request $request)
    {
        $body = $request->getDecryptedBody();
        if ($body === '') {
            return "";
        }

        if ($request->headers->has('X-Force-Serialize')) {
            return Json::encode(Json::decode($body), JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_PRESERVE_ZERO_FRACTION);
        }

        return $body;
    }
}


1			<?php
2
3			namespace yrc\filters\auth;
4
5			use DateTime;
6			use ncryptf\Authorization;
7			use ncryptf\Token as NcryptfToken;
8			use yrc\models\redis\Token;
9			use yii\helpers\Json;
10			use yii\filters\auth\AuthMethod;
11			use yii\web\HttpException;
12			use yii\web\Request;
13			use yii\web\Response;
14			use Yii;
15
16			/**
17			* HeaderParamAuth is an action filter that supports the authentication based on the access token passed through a query parameter.
18			*/
19			final class HMACSignatureAuth extends AuthMethod
20			{
21			// The date header
22			const DATE_HEADER = 'X-DATE';
23
24			// The authorization header
25			const AUTHORIZATION_HEADER = 'Authorization';
26
27			// The amount of the seconds the request is permitted to differ from the server time
28			const DRIFT_TIME_ALLOWANCE = 90;
29
30			/**
31			* @inheritdoc
32			*/
33			public function beforeAction($action)
34			{
35			if (Yii::$app->request->method === 'OPTIONS') {
36			return true;
37			}
38
39			return parent::beforeAction($action);
40			}
41
42			/**
43			* @inheritdoc
44			*/
45			public function authenticate($user, $request, $response)
46			{
47			$params = Authorization::extractParamsFromHeaderString($request->getHeaders()->get(self::AUTHORIZATION_HEADER));
48
49			if ($params) {
50			if ($token = $this->getTokenFromAccessToken($params['access_token'])) {
51			try {
52			$date = new DateTime($params['date'] ?? $request->getHeaders()->get(self::DATE_HEADER));
53			$auth = new Authorization(
54			$request->method,
55			$request->getUrl(),
56			$token->getNcryptfToken(),
57			$date,
58			$this->getBodyFromRequest($request),
59			$params['v'],
60			\base64_decode($params['salt'])
61			);
62
63			if ($auth->verify(\base64_decode($params['hmac']), $auth, static::DRIFT_TIME_ALLOWANCE)) {
64			if ($identity = $user->loginByAccessToken($token, \get_class($this))) {
65			return $identity;
66			}
67			}
68			} catch (HttpException $e) {
69			throw $e;
70			} catch (\Exception $e) {
71			Yii::error([
72			'message' => 'An unexpected error occured when handling authentication request.',
73			'exception' => $e
74			]);
75			}
76			}
77			}
78
79			$this->handleFailure($response);
80			}
81
82			/**
83			* Retrieves a Token object from an access token string
84			* @param string $accessToken
85			* @return \yrc\models\redis\Token
86			*/
87			private function getTokenFromAccessToken(string $accessToken)
88			{
89			try {
90			$tokenClass = (Yii::$app->user->identityClass::TOKEN_CLASS);
91			$token = $tokenClass::find()
92			->where(['access_token' => $accessToken])
93			->one();
94			} catch (\Exception $e) {
95			return null;
96			}
97
98			if ($token === null \|\| $token->isExpired()) {
99			return null;
100			}
101
102			return $token;
103			}
104
105			/**
106			* Retrieves the appropriate request body
107			* @param \yii\web\Request $request
108			* @return mixed
109			*/
110			private function getBodyFromRequest(Request $request)
111			{
112			$body = $request->getDecryptedBody();
113			if ($body === '') {
114			return "";
115			}
116
117			if ($request->headers->has('X-Force-Serialize')) {
118			return Json::encode(Json::decode($body), JSON_UNESCAPED_SLASHES \| JSON_UNESCAPED_UNICODE \| JSON_PRESERVE_ZERO_FRACTION);
119			}
120
121			return $body;
122			}
123			}
124

charlesportwoodii / yii2-api-rest-components

HMACSignatureAuth A last analyzed 2019-01-14 23:02 UTC

Complexity

Size/Duplication

Importance

4 Methods

Duplication Side-by-Side

Filter issues like

HMACSignatureAuth A
last analyzed 2019-01-14 23:02 UTC