OAuth2Provider::authenticate() - Code Metrics - eole-io/sandstone - Measure and Improve Code Quality continuously with Scrutinizer

OAuth2Provider::authenticate() B
last analyzed 2018-04-24 10:49 UTC

↳ Parent: OAuth2Provider

Complexity

Conditions	3
Paths	3

Size

Total Lines	24
Code Lines	15

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	24
rs	8.9713
c	0
b	0
f	0
cc	3
eloc	15
nc	3
nop	1

<?php

namespace Eole\Sandstone\OAuth2\Security\Authentication\Provider;

use League\OAuth2\Server\Exception\AccessDeniedException;
use League\OAuth2\Server\ResourceServer;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
use Eole\Sandstone\OAuth2\Security\Exception\OAuth2AuthenticationException;
use Eole\Sandstone\OAuth2\Security\Authentication\Token\OAuth2Token;

class OAuth2Provider implements AuthenticationProviderInterface
{
    /**
     * @var UserProviderInterface
     */
    private $userProvider;

    /**
     * @var UserCheckerInterface
     */
    private $userChecker;

    /**
     * @var ResourceServer
     */
    private $resourceServer;

    /**
     * @param UserProviderInterface $userProvider
     * @param UserCheckerInterface $userChecker
     * @param ResourceServer $resourceServer
     */
    public function __construct(
        UserProviderInterface $userProvider,
        UserCheckerInterface $userChecker,
        ResourceServer $resourceServer
    ) {
        $this->userProvider = $userProvider;
        $this->userChecker = $userChecker;
        $this->resourceServer = $resourceServer;
    }

    /**
     * {@InheritDoc}
     */
    public function authenticate(TokenInterface $token)
    {
        try {
            $this->resourceServer->isValidRequest(true, $token->getTokenData());
interface User
{
    /** @return string */
    public function getPassword();
}

class MyUser implements User
{
    public function getPassword()
    {
        // return something
    }

    public function getDisplayName()
    {
        // return some name.
    }
}

class AuthSystem
{
    public function authenticate(User $user)
    {
        $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
        // do something.
    }
}
        } catch (AccessDeniedException $e) {

            throw new OAuth2AuthenticationException('OAuth2 token expired or invalid.');
        }

        $username = $this->resourceServer->getAccessToken()->getSession()->getId();

        $user = $this->userProvider->loadUserByUsername($username);
        $isUser = $user instanceof UserInterface;

        if (!$isUser) {
            throw new OAuth2AuthenticationException('User not found.');
        }

        $this->userChecker->checkPreAuth($user);
        $this->userChecker->checkPostAuth($user);

        $authenticatedToken = new OAuth2Token($token->getTokenData());
interface User
{
    /** @return string */
    public function getPassword();
}

class MyUser implements User
{
    public function getPassword()
    {
        // return something
    }

    public function getDisplayName()
    {
        // return some name.
    }
}

class AuthSystem
{
    public function authenticate(User $user)
    {
        $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
        // do something.
    }
}
        $authenticatedToken->setUser($user);

        return $authenticatedToken;
    }

    /**
     * {@InheritDoc}
     */
    public function supports(TokenInterface $token)
    {
        return $token instanceof OAuth2Token;
    }
}


1			<?php
2
3			namespace Eole\Sandstone\OAuth2\Security\Authentication\Provider;
4
5			use League\OAuth2\Server\Exception\AccessDeniedException;
6			use League\OAuth2\Server\ResourceServer;
7			use Symfony\Component\Security\Core\User\UserInterface;
8			use Symfony\Component\Security\Core\User\UserProviderInterface;
9			use Symfony\Component\Security\Core\User\UserCheckerInterface;
10			use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
11			use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
12			use Eole\Sandstone\OAuth2\Security\Exception\OAuth2AuthenticationException;
13			use Eole\Sandstone\OAuth2\Security\Authentication\Token\OAuth2Token;
14
15			class OAuth2Provider implements AuthenticationProviderInterface
16			{
17			/**
18			* @var UserProviderInterface
19			*/
20			private $userProvider;
21
22			/**
23			* @var UserCheckerInterface
24			*/
25			private $userChecker;
26
27			/**
28			* @var ResourceServer
29			*/
30			private $resourceServer;
31
32			/**
33			* @param UserProviderInterface $userProvider
34			* @param UserCheckerInterface $userChecker
35			* @param ResourceServer $resourceServer
36			*/
37			public function __construct(
38			UserProviderInterface $userProvider,
39			UserCheckerInterface $userChecker,
40			ResourceServer $resourceServer
41			) {
42			$this->userProvider = $userProvider;
43			$this->userChecker = $userChecker;
44			$this->resourceServer = $resourceServer;
45			}
46
47			/**
48			* {@InheritDoc}
49			*/
50			public function authenticate(TokenInterface $token)
51			{
52			try {
53			$this->resourceServer->isValidRequest(true, $token->getTokenData());
			0 ignored issues – show Bug introduced 2016-06-19 11:45 UTC by Report Bug Copy Issue Report It seems like you code against a concrete implementation and not the interface `Symfony\Component\Securi...on\Token\TokenInterface` as the method `getTokenData()` does only exist in the following implementations of said interface: `Eole\Sandstone\OAuth2\Se...ation\Token\OAuth2Token`. Let’s take a look at an example: interface User { /** @return string / public function getPassword(); } class MyUser implements User { public function getPassword() { // return something } public function getDisplayName() { // return some name. } } class AuthSystem { public function authenticate(User $user) { $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName())); // do something. } } In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break. Available Fixes Change the type-hint for the parameter: class AuthSystem { public function authenticate(MyUser $user) { / ... / } } Add an additional type-check: class AuthSystem { public function authenticate(User $user) { if ($user instanceof MyUser) { $this->logger->info(/* ... /); } // or alternatively if ( ! $user instanceof MyUser) { throw new \LogicException( '$user must be an instance of MyUser, ' .'other instances are not supported.' ); } } } Note:* PHP Analyzer uses reverse abstract interpretation to narrow down the types inside the if block in such a case. Add the method to the interface: interface User { /** @return string / public function getPassword(); /* @return string */ public function getDisplayName(); } Loading history... Bug introduced 2017-10-25 11:45 UTC by Report Bug Copy Issue Report The method `isValidRequest()` does not seem to exist on `object<League\OAuth2\Server\ResourceServer>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
54			} catch (AccessDeniedException $e) {
			0 ignored issues – show Bug introduced 2017-10-25 11:45 UTC by Report Bug Copy Issue Report The class `League\OAuth2\Server\Exc...n\AccessDeniedException` does not exist. Did you forget a USE statement, or did you not list all dependencies? Scrutinizer analyzes your `composer.json`/`composer.lock` file if available to determine the classes, and functions that are defined by your dependencies. It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis. Loading history...
55			throw new OAuth2AuthenticationException('OAuth2 token expired or invalid.');
56			}
57
58			$username = $this->resourceServer->getAccessToken()->getSession()->getId();
			0 ignored issues – show Bug introduced 2017-10-25 11:45 UTC by Report Bug Copy Issue Report The method `getAccessToken()` does not seem to exist on `object<League\OAuth2\Server\ResourceServer>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
59			$user = $this->userProvider->loadUserByUsername($username);
60			$isUser = $user instanceof UserInterface;
61
62			if (!$isUser) {
63			throw new OAuth2AuthenticationException('User not found.');
64			}
65
66			$this->userChecker->checkPreAuth($user);
67			$this->userChecker->checkPostAuth($user);
68
69			$authenticatedToken = new OAuth2Token($token->getTokenData());
			0 ignored issues – show Bug introduced 2016-06-19 11:45 UTC by Report Bug Copy Issue Report It seems like you code against a concrete implementation and not the interface `Symfony\Component\Securi...on\Token\TokenInterface` as the method `getTokenData()` does only exist in the following implementations of said interface: `Eole\Sandstone\OAuth2\Se...ation\Token\OAuth2Token`. Let’s take a look at an example: interface User { /** @return string / public function getPassword(); } class MyUser implements User { public function getPassword() { // return something } public function getDisplayName() { // return some name. } } class AuthSystem { public function authenticate(User $user) { $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName())); // do something. } } In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break. Available Fixes Change the type-hint for the parameter: class AuthSystem { public function authenticate(MyUser $user) { / ... / } } Add an additional type-check: class AuthSystem { public function authenticate(User $user) { if ($user instanceof MyUser) { $this->logger->info(/* ... /); } // or alternatively if ( ! $user instanceof MyUser) { throw new \LogicException( '$user must be an instance of MyUser, ' .'other instances are not supported.' ); } } } Note:* PHP Analyzer uses reverse abstract interpretation to narrow down the types inside the if block in such a case. Add the method to the interface: interface User { /** @return string / public function getPassword(); /* @return string */ public function getDisplayName(); } Loading history...
70			$authenticatedToken->setUser($user);
71
72			return $authenticatedToken;
73			}
74
75			/**
76			* {@InheritDoc}
77			*/
78			public function supports(TokenInterface $token)
79			{
80			return $token instanceof OAuth2Token;
81			}
82			}
83

eole-io / sandstone

OAuth2Provider::authenticate() B last analyzed 2018-04-24 10:49 UTC

Complexity

Size

Duplication

Importance

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like

OAuth2Provider::authenticate() B
last analyzed 2018-04-24 10:49 UTC