Json25519ResponseFormatter::formatJson() - Code Metrics - Inspection of "Added detached signatures" - charlesportwoodii/yii2-api-rest-components - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( c8b416...5bed71 )

by Charles

created 2017-03-16 16:17 UTC

Json25519ResponseFormatter::formatJson() A

↳ Parent: Json25519ResponseFormatter

Complexity

Conditions	3
Paths	3

Size

Total Lines	49
Code Lines	24

Duplication

Lines	0
Ratio	0 %

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
c	2
b	0
f	0
dl	0
loc	49
rs	9.2258
cc	3
eloc	24
nc	3
nop	1

<?php

namespace yrc\web;

use yrc\web\JsonResponseFormatter;
use yii\web\NotAcceptableHttpException;
use Yii;

class Json25519ResponseFormatter extends JsonResponseFormatter
{
    /**
     * Take the response generated by JsonResponseFormatter and anonymously encrypt it
     * @param array $response
     */
    protected function formatJson($response)
    {
        parent::formatJson($response);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $response->getHeaders()->set('Content-Type', 'application/json+25519; charset=UTF-8');


        // If we do not have a user identity in place we cannot encrypt the response. Tell the user the Accept headers are not acceptable
        if (Yii::$app->user->isGuest) {
            throw new NotAcceptableHttpException;
        }

        // Retrieve the token object from the user
        $token = Yii::$app->user->getIdentity()->getToken();

        // Abort if we don't get a token back.
        if ($token === null) {
            throw new NotAcceptableHttpException;
        }

        // Calculate the keypair
        $keyPair = \Sodium\crypto_box_keypair_from_secretkey_and_publickey(
            \base64_decode($token->getCryptToken()->secret_box_kp),
            \base64_decode($token->getCryptToken()->client_public)
        );

        // Encrypt the content
        $nonce = \Sodium\randombytes_buf(\Sodium\CRYPTO_BOX_NONCEBYTES);
        $content = \Sodium\crypto_box(
            $response->content,
            $nonce,
            $keyPair
        );

        $signature = \Sodium\crypto_sign_detached(
            $content,
            \base64_decode($token->getCryptToken()->secret_sign_kp)
        );

        // Calculate a nonce and set it in the header
        $response->getHeaders()->set('x-nonce', \base64_encode($nonce));


        // Send the public key in the clear. The client may need this on the initial authentication request
        $response->getHeaders()->set('x-pubkey', \base64_encode($token->getCryptToken()->getBoxPublicKey()));

        $response->getHeaders()->set('x-sigpubkey', \base64_encode($token->getCryptToken()->getSignPublicKey()));

        // Sign the raw response and send the signature alongside the header
        $response->getHeaders()->set('x-signature', \base64_encode($signature));


        // Update the response content
        $response->content = \base64_encode($content);
    }
}

1			<?php
2
3			namespace yrc\web;
4
5			use yrc\web\JsonResponseFormatter;
6			use yii\web\NotAcceptableHttpException;
7			use Yii;
8
9			class Json25519ResponseFormatter extends JsonResponseFormatter
10			{
11			/**
12			* Take the response generated by JsonResponseFormatter and anonymously encrypt it
13			* @param array $response
14			*/
15			protected function formatJson($response)
16			{
17			parent::formatJson($response);
			0 ignored issues – show Documentation introduced 2017-03-14 22:03 UTC by Report Bug Copy Issue Report `$response` is of type `array`, but the function expects a `object<yrc\web\Response>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
18			$response->getHeaders()->set('Content-Type', 'application/json+25519; charset=UTF-8');
			0 ignored issues – show Bug introduced 2017-03-14 22:03 UTC by Report Bug Copy Issue Report The method `getHeaders` cannot be called on `$response` (of type `array`). Methods can only be called on objects. This check looks for methods being called on variables that have been inferred to never be objects. Loading history...
19
20			// If we do not have a user identity in place we cannot encrypt the response. Tell the user the Accept headers are not acceptable
21			if (Yii::$app->user->isGuest) {
22			throw new NotAcceptableHttpException;
23			}
24
25			// Retrieve the token object from the user
26			$token = Yii::$app->user->getIdentity()->getToken();
27
28			// Abort if we don't get a token back.
29			if ($token === null) {
30			throw new NotAcceptableHttpException;
31			}
32
33			// Calculate the keypair
34			$keyPair = \Sodium\crypto_box_keypair_from_secretkey_and_publickey(
35			\base64_decode($token->getCryptToken()->secret_box_kp),
36			\base64_decode($token->getCryptToken()->client_public)
37			);
38
39			// Encrypt the content
40			$nonce = \Sodium\randombytes_buf(\Sodium\CRYPTO_BOX_NONCEBYTES);
41			$content = \Sodium\crypto_box(
42			$response->content,
43			$nonce,
44			$keyPair
45			);
46
47			$signature = \Sodium\crypto_sign_detached(
48			$content,
49			\base64_decode($token->getCryptToken()->secret_sign_kp)
50			);
51
52			// Calculate a nonce and set it in the header
53			$response->getHeaders()->set('x-nonce', \base64_encode($nonce));
			0 ignored issues – show Bug introduced 2017-03-14 22:03 UTC by Report Bug Copy Issue Report The method `getHeaders` cannot be called on `$response` (of type `array`). Methods can only be called on objects. This check looks for methods being called on variables that have been inferred to never be objects. Loading history...
54
55			// Send the public key in the clear. The client may need this on the initial authentication request
56			$response->getHeaders()->set('x-pubkey', \base64_encode($token->getCryptToken()->getBoxPublicKey()));
			0 ignored issues – show Bug introduced 2017-03-14 22:03 UTC by Report Bug Copy Issue Report The method `getHeaders` cannot be called on `$response` (of type `array`). Methods can only be called on objects. This check looks for methods being called on variables that have been inferred to never be objects. Loading history...
57			$response->getHeaders()->set('x-sigpubkey', \base64_encode($token->getCryptToken()->getSignPublicKey()));
			0 ignored issues – show Bug introduced 2017-03-16 16:20 UTC by Report Bug Copy Issue Report The method `getHeaders` cannot be called on `$response` (of type `array`). Methods can only be called on objects. This check looks for methods being called on variables that have been inferred to never be objects. Loading history...
58			// Sign the raw response and send the signature alongside the header
59			$response->getHeaders()->set('x-signature', \base64_encode($signature));
			0 ignored issues – show Bug introduced 2017-03-16 16:20 UTC by Report Bug Copy Issue Report The method `getHeaders` cannot be called on `$response` (of type `array`). Methods can only be called on objects. This check looks for methods being called on variables that have been inferred to never be objects. Loading history...
60
61			// Update the response content
62			$response->content = \base64_encode($content);
63			}
64			}

charlesportwoodii / yii2-api-rest-components

Push — master ( c8b416...5bed71 )

Json25519ResponseFormatter::formatJson() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like