Issues in AuthMiddleware.php (master) - Issues in master - elyday/comment-server - Measure and Improve Code Quality continuously with Scrutinizer

Issues (6)

app/Http/Middleware/AuthMiddleware.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php

namespace App\Http\Middleware;


use App\Helper\FormatHelper;
use Auth0\SDK\JWTVerifier;
use Closure;
use Exception;
use Illuminate\Http\Request;

class AuthMiddleware
{
    /**
     * Run the request filter.
     *
     * @param  Request $request
     * @param  Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $returnArray = array();

        if (!$request->hasHeader('Authorization')) {
            $returnArray["error-code"] = "authorization-header-not-found";
        }

        $token = $request->bearerToken();

        if ($request->header('Authorization') == null || $token == null) {

            $returnArray["error-code"] = "no-token-provided";
        } else if (!$this->retrieveAndValidateToken($token)) {
            $returnArray["error-code"] = "token-is-not-valid";
        }

        if (!empty($returnArray)) {
            return FormatHelper::formatData($returnArray, false, 401);
        }

        return $next($request);

    }

    /**
     * Check the given Token.
     *
     * @param string $token
     * @return bool
     */
    private function retrieveAndValidateToken($token)
    {
        try {
            $verifier = new JWTVerifier([
                'supported_algs' => ["RS256"],
                'valid_audiences' => ['https://comment.eynet.xyz/'],
                'authorized_iss' => ['https://comment-server.eu.auth0.com/'],
            ]);

            $verifier->verifyAndDecode($token);
            return true;
        } catch (Exception $e) {
            return false;
        }
    }
}


1			<?php
2
3			namespace App\Http\Middleware;
4
5
6			use App\Helper\FormatHelper;
7			use Auth0\SDK\JWTVerifier;
8			use Closure;
9			use Exception;
10			use Illuminate\Http\Request;
11
12			class AuthMiddleware
13			{
14			/**
15			* Run the request filter.
16			*
17			* @param Request $request
18			* @param Closure $next
19			* @return mixed
20			*/
21			public function handle($request, Closure $next)
22			{
23			$returnArray = array();
24
25			if (!$request->hasHeader('Authorization')) {
26			$returnArray["error-code"] = "authorization-header-not-found";
27			}
28
29			$token = $request->bearerToken();
30
31			if ($request->header('Authorization') == null \|\| $token == null) {
			0 ignored issues – show Bug introduced 2018-04-26 07:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing `$token` of type `null\|string` against `null`; this is ambiguous if the string can be empty. Consider using a strict comparison `===` instead. Loading history...
32			$returnArray["error-code"] = "no-token-provided";
33			} else if (!$this->retrieveAndValidateToken($token)) {
34			$returnArray["error-code"] = "token-is-not-valid";
35			}
36
37			if (!empty($returnArray)) {
38			return FormatHelper::formatData($returnArray, false, 401);
39			}
40
41			return $next($request);
42
43			}
44
45			/**
46			* Check the given Token.
47			*
48			* @param string $token
49			* @return bool
50			*/
51			private function retrieveAndValidateToken($token)
52			{
53			try {
54			$verifier = new JWTVerifier([
55			'supported_algs' => ["RS256"],
56			'valid_audiences' => ['https://comment.eynet.xyz/'],
57			'authorized_iss' => ['https://comment-server.eu.auth0.com/'],
58			]);
59
60			$verifier->verifyAndDecode($token);
61			return true;
62			} catch (Exception $e) {
63			return false;
64			}
65			}
66			}
67

elyday / comment-server

Issues (6)

app/Http/Middleware/AuthMiddleware.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like