Stripe::verify() - Code Metrics - Inspection of "Merge branch 'master' of github.com:clarkeash/shie..." - clarkeash/shield - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 381557...d947b3 )

by Ashley

created 2017-07-22 22:02 UTC

Stripe::verify() A

↳ Parent: Stripe

Complexity

Conditions	3
Paths	2

Size

Total Lines	15
Code Lines	8

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	15
c	0
b	0
f	0
rs	9.4285
cc	3
eloc	8
nc	2
nop	1

<?php

namespace Clarkeash\Shield\Services;

use Clarkeash\Shield\Contracts\Service;
use Illuminate\Http\Request;

class Stripe implements Service
{
    public function verify(Request $request): bool
    {
        $processed = $this->process($request->header('Stripe-Signature'));


        $tolerance = config('shield.services.stripe.tolerance', 60 * 5);

        if(($tolerance > 0) && ((time() - $processed['t']) > $tolerance)) {
            return false;
        }

        $payload = $processed['t'] . '.' . $request->getContent();
        $generated = hash_hmac('sha256', $payload, config('shield.services.stripe.token'));

        return hash_equals($generated, $processed['v1']);
    }

    protected function process(string $header)
    {
        $sections = explode(',', $header);

        $data = [];

        foreach ($sections as $section) {
            $parts = explode('=', $section);
            $data[$parts[0]] = $parts[1];
        }

        return $data;
    }

    public function headers(): array
    {
        return ['Stripe-Signature'];
    }
}


1			<?php
2
3			namespace Clarkeash\Shield\Services;
4
5			use Clarkeash\Shield\Contracts\Service;
6			use Illuminate\Http\Request;
7
8			class Stripe implements Service
9			{
10			public function verify(Request $request): bool
11			{
12			$processed = $this->process($request->header('Stripe-Signature'));
			0 ignored issues – show Bug introduced 2017-07-22 22:03 UTC by Report Bug Copy Issue Report It seems like `$request->header('Stripe-Signature')` targeting `Illuminate\Http\Concerns...actsWithInput::header()` can also be of type `array`; however, `Clarkeash\Shield\Services\Stripe::process()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
13
14			$tolerance = config('shield.services.stripe.tolerance', 60 * 5);
15
16			if(($tolerance > 0) && ((time() - $processed['t']) > $tolerance)) {
17			return false;
18			}
19
20			$payload = $processed['t'] . '.' . $request->getContent();
21			$generated = hash_hmac('sha256', $payload, config('shield.services.stripe.token'));
22
23			return hash_equals($generated, $processed['v1']);
24			}
25
26			protected function process(string $header)
27			{
28			$sections = explode(',', $header);
29
30			$data = [];
31
32			foreach ($sections as $section) {
33			$parts = explode('=', $section);
34			$data[$parts[0]] = $parts[1];
35			}
36
37			return $data;
38			}
39
40			public function headers(): array
41			{
42			return ['Stripe-Signature'];
43			}
44			}
45

clarkeash / shield

Push — master ( 381557...d947b3 )

Stripe::verify() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like