TokenAuthenticator::checkCredentials() - Code Metrics - Inspection of "Add unit tests for TokenAuthenticator + add custom..." - components-web-app/api-components-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — feature/unit-tests ( bc9028...785607 )

by Daniel

created 2020-04-16 18:57 UTC

TokenAuthenticator::checkCredentials() A

↳ Parent: TokenAuthenticator

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	2
CRAP Score	1

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	1
c	1
b	0
f	0
dl	0
loc	3
ccs	2
cts	2
cp	1
rs	10
cc	1
nc	1
nop	2
crap	1

<?php

/*
 * This file is part of the Silverback API Component Bundle Project
 *
 * (c) Daniel West <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace Silverback\ApiComponentBundle\Security;

use Silverback\ApiComponentBundle\Action\AbstractAction;
use Silverback\ApiComponentBundle\Entity\User\TokenUser;
use Silverback\ApiComponentBundle\Exception\TokenAuthenticationException;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;

class TokenAuthenticator extends AbstractGuardAuthenticator
{
    private Security $security;
    private AbstractAction $abstractAction;
    private array $tokens;

    public function __construct(Security $security, AbstractAction $abstractAction, array $tokens = [])
    {
        $this->security = $security;
        $this->abstractAction = $abstractAction;
        $this->tokens = $tokens;
    }

    /**
     * Called on every request to decide if this authenticator should be
     * used for the request. Returning false will cause this authenticator
     * to be skipped.
     */
    public function supports(Request $request): bool
    {
        if ($this->security->getUser()) {
            return false;
        }

        return $request->headers->has('X-AUTH-TOKEN');
    }

    /**
     * Called on every request. Return whatever credentials you want to
     * be passed to getUser() as $credentials.
     */
    public function getCredentials(Request $request): array
    {
        return [
            'token' => $request->headers->get('X-AUTH-TOKEN'),
        ];
    }

    public function getUser($credentials, UserProviderInterface $userProvider = null): ?TokenUser
    {
        $apiToken = $credentials['token'];
        if (null === $apiToken || !\in_array($apiToken, $this->tokens, true)) {
            throw new TokenAuthenticationException('The authentication token provided in the X-AUTH-TOKEN header is invalid');
        }

        return new TokenUser();
    }

    public function checkCredentials($credentials, UserInterface $user): bool
    {
        return true;
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): void
    {
    }

    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response
    {
        $data = [
            'message' => strtr($exception->getMessageKey(), $exception->getMessageData()),
        ];

        return $this->abstractAction->getResponse($request, $data, Response::HTTP_FORBIDDEN);
    }

    /**
     * Called when authentication is needed, but it's not sent.
     */
    public function start(Request $request, AuthenticationException $authException = null): Response
    {
        $data = [
            'message' => 'Token Authentication Required',
        ];

        return $this->abstractAction->getResponse($request, $data, Response::HTTP_UNAUTHORIZED);
    }

    public function supportsRememberMe(): bool
    {
        return false;
    }
}


1		<?php
2
3		/*
4		* This file is part of the Silverback API Component Bundle Project
5		*
6		* (c) Daniel West <[email protected]>
7		*
8		* For the full copyright and license information, please view the LICENSE
9		* file that was distributed with this source code.
10		*/
11
12		declare(strict_types=1);
13
14		namespace Silverback\ApiComponentBundle\Security;
15
16		use Silverback\ApiComponentBundle\Action\AbstractAction;
17		use Silverback\ApiComponentBundle\Entity\User\TokenUser;
18		use Silverback\ApiComponentBundle\Exception\TokenAuthenticationException;
19		use Symfony\Component\HttpFoundation\Request;
20		use Symfony\Component\HttpFoundation\Response;
21		use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
22		use Symfony\Component\Security\Core\Exception\AuthenticationException;
23		use Symfony\Component\Security\Core\Security;
24		use Symfony\Component\Security\Core\User\UserInterface;
25		use Symfony\Component\Security\Core\User\UserProviderInterface;
26		use Symfony\Component\Security\Guard\AbstractGuardAuthenticator;
27
28		class TokenAuthenticator extends AbstractGuardAuthenticator
29		{
30		private Security $security;
31		private AbstractAction $abstractAction;
32		private array $tokens;
33
34	12	public function __construct(Security $security, AbstractAction $abstractAction, array $tokens = [])
35		{
36	12	$this->security = $security;
37	12	$this->abstractAction = $abstractAction;
38	12	$this->tokens = $tokens;
39	12	}
40
41		/**
42		* Called on every request to decide if this authenticator should be
43		* used for the request. Returning false will cause this authenticator
44		* to be skipped.
45		*/
46	3	public function supports(Request $request): bool
47		{
48	3	if ($this->security->getUser()) {
49	1	return false;
50		}
51
52	2	return $request->headers->has('X-AUTH-TOKEN');
53		}
54
55		/**
56		* Called on every request. Return whatever credentials you want to
57		* be passed to getUser() as $credentials.
58		*/
59	1	public function getCredentials(Request $request): array
60		{
61		return [
62	1	'token' => $request->headers->get('X-AUTH-TOKEN'),
63		];
64		}
65
66	3	public function getUser($credentials, UserProviderInterface $userProvider = null): ?TokenUser
67		{
68	3	$apiToken = $credentials['token'];
69	3	if (null === $apiToken \|\| !\in_array($apiToken, $this->tokens, true)) {
70	2	throw new TokenAuthenticationException('The authentication token provided in the X-AUTH-TOKEN header is invalid');
71		}
72
73	1	return new TokenUser();
74		}
75
76	1	public function checkCredentials($credentials, UserInterface $user): bool
77		{
78	1	return true;
79		}
80
81	1	public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): void
82		{
83	1	}
84
85	1	public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response
86		{
87		$data = [
88	1	'message' => strtr($exception->getMessageKey(), $exception->getMessageData()),
89		];
90
91	1	return $this->abstractAction->getResponse($request, $data, Response::HTTP_FORBIDDEN);
92		}
93
94		/**
95		* Called when authentication is needed, but it's not sent.
96		*/
97	1	public function start(Request $request, AuthenticationException $authException = null): Response
98		{
99		$data = [
100	1	'message' => 'Token Authentication Required',
101		];
102
103	1	return $this->abstractAction->getResponse($request, $data, Response::HTTP_UNAUTHORIZED);
104		}
105
106	1	public function supportsRememberMe(): bool
107		{
108	1	return false;
109		}
110		}
111

components-web-app / api-components-bundle

Push — feature/unit-tests ( bc9028...785607 )

TokenAuthenticator::checkCredentials() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like