TokenAuthenticator::onAuthenticationSuccess() - Code Metrics - Inspection of "Security initial work" - components-web-app/api-components-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — v2 ( dec916...f92e78 )

by Daniel

created 2020-03-31 19:09 UTC

TokenAuthenticator::onAuthenticationSuccess() A

↳ Parent: TokenAuthenticator

Complexity

Conditions	1
Paths	1

Size

Total Lines	2
Code Lines	0

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	2

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	0
c	1
b	0
f	0
dl	0
loc	2
ccs	0
cts	1
cp	0
rs	10
cc	1
nc	1
nop	3
crap	2

<?php

/*
 * This file is part of the Silverback API Component Bundle Project
 *
 * (c) Daniel West <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace Silverback\ApiComponentBundle\Security;

use Silverback\ApiComponentBundle\Entity\User\TokenUser;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;

class TokenAuthenticator extends AbstractGuardAuthenticator
{
    private Security $security;
    private array $tokens;

    public function __construct(Security $security, array $tokens = [])
    {
        $this->security = $security;
        $this->tokens = $tokens;
    }

    /**
     * Called on every request to decide if this authenticator should be
     * used for the request. Returning false will cause this authenticator
     * to be skipped.
     */
    public function supports(Request $request): bool
    {
        if ($this->security->getUser()) {
            return false;
        }

        return $request->headers->has('X-AUTH-TOKEN');
    }

    /**
     * Called on every request. Return whatever credentials you want to
     * be passed to getUser() as $credentials.
     */
    public function getCredentials(Request $request): array
    {
        return [
            'token' => $request->headers->get('X-AUTH-TOKEN'),
        ];
    }

    public function getUser($credentials, UserProviderInterface $userProvider = null): ?TokenUser
    {
        $apiToken = $credentials['token'];
        if (null === $apiToken || !\in_array($apiToken, $this->tokens, true)) {
            return null;
        }

        return new TokenUser();
    }

    public function checkCredentials($credentials, UserInterface $user): bool
    {
        return true;
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): void
    {
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): JsonResponse
    {
        $data = [
            'message' => strtr($exception->getMessageKey(), $exception->getMessageData()),
        ];

        return new JsonResponse($data, Response::HTTP_FORBIDDEN);
    }

    /**
     * Called when authentication is needed, but it's not sent.
     */
    public function start(Request $request, AuthenticationException $authException = null): JsonResponse
    {
        $data = [
            'message' => 'Token Authentication Required',
        ];

        return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
    }

    public function supportsRememberMe(): bool
    {
        return false;
    }
}


1			<?php
2
3			/*
4			* This file is part of the Silverback API Component Bundle Project
5			*
6			* (c) Daniel West <[email protected]>
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			declare(strict_types=1);
13
14			namespace Silverback\ApiComponentBundle\Security;
15
16			use Silverback\ApiComponentBundle\Entity\User\TokenUser;
17			use Symfony\Component\HttpFoundation\JsonResponse;
18			use Symfony\Component\HttpFoundation\Request;
19			use Symfony\Component\HttpFoundation\Response;
20			use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
21			use Symfony\Component\Security\Core\Exception\AuthenticationException;
22			use Symfony\Component\Security\Core\Security;
23			use Symfony\Component\Security\Core\User\UserInterface;
24			use Symfony\Component\Security\Core\User\UserProviderInterface;
25			use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
26
27			class TokenAuthenticator extends AbstractGuardAuthenticator
28			{
29			private Security $security;
30			private array $tokens;
31
32			public function __construct(Security $security, array $tokens = [])
33			{
34			$this->security = $security;
35			$this->tokens = $tokens;
36			}
37
38			/**
39			* Called on every request to decide if this authenticator should be
40			* used for the request. Returning false will cause this authenticator
41			* to be skipped.
42			*/
43			public function supports(Request $request): bool
44			{
45			if ($this->security->getUser()) {
46			return false;
47			}
48
49			return $request->headers->has('X-AUTH-TOKEN');
50			}
51
52			/**
53			* Called on every request. Return whatever credentials you want to
54			* be passed to getUser() as $credentials.
55			*/
56			public function getCredentials(Request $request): array
57			{
58			return [
59			'token' => $request->headers->get('X-AUTH-TOKEN'),
60			];
61			}
62
63			public function getUser($credentials, UserProviderInterface $userProvider = null): ?TokenUser
64			{
65			$apiToken = $credentials['token'];
66			if (null === $apiToken \|\| !\in_array($apiToken, $this->tokens, true)) {
67			return null;
68			}
69
70			return new TokenUser();
71			}
72
73			public function checkCredentials($credentials, UserInterface $user): bool
74			{
75			return true;
76			}
77
78			public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): void
79			{
80			}
81
82			public function onAuthenticationFailure(Request $request, AuthenticationException $exception): JsonResponse
83			{
84			$data = [
85			'message' => strtr($exception->getMessageKey(), $exception->getMessageData()),
86			];
87
88			return new JsonResponse($data, Response::HTTP_FORBIDDEN);
89			}
90
91			/**
92			* Called when authentication is needed, but it's not sent.
93			*/
94			public function start(Request $request, AuthenticationException $authException = null): JsonResponse
95			{
96			$data = [
97			'message' => 'Token Authentication Required',
98			];
99
100			return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
101			}
102
103			public function supportsRememberMe(): bool
104			{
105			return false;
106			}
107			}
108

components-web-app / api-components-bundle

Push — v2 ( dec916...f92e78 )

TokenAuthenticator::onAuthenticationSuccess() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like