OAuthModule::init() - Code Metrics - Inspection of "lots of more stripping, works again" - fkooman/php-remote-storage - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( eac42d...55bb68 )

by François

created 2017-01-16 12:31 UTC

OAuthModule::init() B

↳ Parent: OAuthModule

Complexity

Conditions	4
Paths	1

Size

Total Lines	69
Code Lines	40

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	69
rs	8.7653
c	0
b	0
f	0
cc	4
eloc	40
nc	1
nop	1

1 Method

Rating	Name	Duplication	Size	Complexity
B	OAuthModule::postAuthorize()	0	42	4

How to fix Long Method

<?php
/**
 *  Copyright (C) 2016 SURFnet.
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

namespace fkooman\RemoteStorage\OAuth;

use fkooman\RemoteStorage\Http\Exception\HttpException;
use fkooman\RemoteStorage\Http\HtmlResponse;
use fkooman\RemoteStorage\Http\RedirectResponse;
use fkooman\RemoteStorage\Http\Request;
use fkooman\RemoteStorage\RandomInterface;
use fkooman\RemoteStorage\TplInterface;

class OAuthModule
{
    /** @var \fkooman\RemoteStorage\TplInterface */
    private $tpl;

    /** @var \fkooman\RemoteStorage\RandomInterface */
    private $random;

    /** @var TokenStorage */
    private $tokenStorage;

    public function __construct(TplInterface $tpl, RandomInterface $random, TokenStorage $tokenStorage)
    {
        $this->tpl = $tpl;
        $this->random = $random;
        $this->tokenStorage = $tokenStorage;
    }

    public function getAuthorize(Request $request, $userId)

    {
        $this->validateRequest($request);
        $this->validateClient($request);

        // ask for approving this client/scope
        return new HtmlResponse(
            $this->tpl->render(
                'authorizeOAuthClient',
                [
                    'client_id' => $request->getQueryParameter('client_id'),
                    'scope' => $request->getQueryParameter('scope'),
                    'redirect_uri' => $request->getQueryParameter('redirect_uri'),
                ]
            )
        );
    }

    public function postAuthorize(Request $request, $userId)
    {
        $this->validateRequest($request);
        $this->validateClient($request);

        // state is OPTIONAL in remoteStorage specification
        $state = $request->getQueryParameter('state', false, null);
        $returnUriPattern = '%s#%s';

        if ('no' === $request->getPostParameter('approve')) {
            $redirectParameters = [
                'error' => 'access_denied',
                'error_description' => 'user refused authorization',
            ];
            if (!is_null($state)) {
                $redirectParameters['state'] = $state;
            }
            $redirectQuery = http_build_query($redirectParameters);

            $redirectUri = sprintf($returnUriPattern, $request->getQueryParameter('redirect_uri'), $redirectQuery);

            return new RedirectResponse($redirectUri, 302);
        }

        $accessToken = $this->getAccessToken(
            $userId,
            $request->getQueryParameter('client_id'),
            $request->getQueryParameter('scope')
        );

        // add access_token (and optionally state) to redirect_uri
        $redirectParameters = [
            'access_token' => $accessToken,
        ];
        if (!is_null($state)) {
            $redirectParameters['state'] = $state;
        }
        $redirectQuery = http_build_query($redirectParameters);
        $redirectUri = sprintf($returnUriPattern, $request->getQueryParameter('redirect_uri'), $redirectQuery);

        return new RedirectResponse($redirectUri, 302);
    }

    private function getAccessToken($userId, $clientId, $scope)
    {
        $existingToken = $this->tokenStorage->getExistingToken(
            $userId,
            $clientId,
            $scope
        );

        if (false !== $existingToken) {
            // if the user already has an access_token for this client and
            // scope, reuse it
            $accessTokenKey = $existingToken['access_token_key'];
            $accessToken = $existingToken['access_token'];
        } else {
            // generate a new one
            $accessTokenKey = $this->random->get(8);
            $accessToken = $this->random->get(16);
            // store it
            $this->tokenStorage->store(
                $userId,
                $accessTokenKey,
                $accessToken,
                $clientId,
                $scope
            );
        }

        return sprintf('%s.%s', $accessTokenKey, $accessToken);
    }

    private function validateRequest(Request $request)
    {
        // we enforce that all parameter are set, nothing is "OPTIONAL"
        $clientId = $request->getQueryParameter('client_id');
        if (1 !== preg_match('/^[\x20-\x7E]+$/', $clientId)) {
            throw new HttpException('invalid client_id', 400);
        }

        // XXX we also should enforce HTTPS
        $redirectUri = $request->getQueryParameter('redirect_uri');
        if (false === filter_var($redirectUri, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED | FILTER_FLAG_PATH_REQUIRED)) {

            throw new HttpException('invalid redirect_uri', 400);
        }
        if (false !== strpos($redirectUri, '?')) {
            throw new HttpException('invalid redirect_uri', 400);
        }
        $responseType = $request->getQueryParameter('response_type');
        if ('token' !== $responseType) {
            throw new HttpException('invalid response_type', 400);
        }
        // XXX make sure this regexp/code is actually correct!
        $scope = $request->getQueryParameter('scope');
        $scopeTokens = explode(' ', $scope);
        foreach ($scopeTokens as $scopeToken) {
            if (1 !== preg_match('/^\x21|[\x23-\x5B]|[\x5D-\x7E]+$/', $scopeToken)) {
                throw new HttpException('invalid scope', 400);
            }
        }

        // state is OPTIONAL in remoteStorage
        $state = $request->getQueryParameter('state', false, null);
        if (!is_null($state)) {
            if (1 !== preg_match('/^[\x20-\x7E]+$/', $state)) {
                throw new HttpException('invalid state', 400);
            }
        }
    }

    private function validateClient(Request $request)
    {
        $clientId = $request->getQueryParameter('client_id');
        $redirectUri = $request->getQueryParameter('redirect_uri');

        // redirectUri has to start with clientId (or be equal)
        if (0 !== strpos($redirectUri, $clientId)) {
            throw new HttpException('"redirect_uri" does not match "client_id"', 400);
        }
    }
}


1		<?php
2		/**
3		* Copyright (C) 2016 SURFnet.
4		*
5		* This program is free software: you can redistribute it and/or modify
6		* it under the terms of the GNU Affero General Public License as
7		* published by the Free Software Foundation, either version 3 of the
8		* License, or (at your option) any later version.
9		*
10		* This program is distributed in the hope that it will be useful,
11		* but WITHOUT ANY WARRANTY; without even the implied warranty of
12		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13		* GNU Affero General Public License for more details.
14		*
15		* You should have received a copy of the GNU Affero General Public License
16		* along with this program. If not, see <http://www.gnu.org/licenses/>.
17		*/
18
19		namespace fkooman\RemoteStorage\OAuth;
20
21		use fkooman\RemoteStorage\Http\Exception\HttpException;
22		use fkooman\RemoteStorage\Http\HtmlResponse;
23		use fkooman\RemoteStorage\Http\RedirectResponse;
24		use fkooman\RemoteStorage\Http\Request;
25		use fkooman\RemoteStorage\RandomInterface;
26		use fkooman\RemoteStorage\TplInterface;
27
28		class OAuthModule
29		{
30		/** @var \fkooman\RemoteStorage\TplInterface */
31		private $tpl;
32
33		/** @var \fkooman\RemoteStorage\RandomInterface */
34		private $random;
35
36		/** @var TokenStorage */
37		private $tokenStorage;
38
39		public function __construct(TplInterface $tpl, RandomInterface $random, TokenStorage $tokenStorage)
40		{
41		$this->tpl = $tpl;
42		$this->random = $random;
43		$this->tokenStorage = $tokenStorage;
44		}
45
46		public function getAuthorize(Request $request, $userId)
		0 ignored issues – show Unused Code introduced 2017-01-16 12:34 UTC by Report Bug Copy Issue Report The parameter `$userId` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
47		{
48		$this->validateRequest($request);
49		$this->validateClient($request);
50
51		// ask for approving this client/scope
52		return new HtmlResponse(
53		$this->tpl->render(
54		'authorizeOAuthClient',
55		[
56		'client_id' => $request->getQueryParameter('client_id'),
57		'scope' => $request->getQueryParameter('scope'),
58		'redirect_uri' => $request->getQueryParameter('redirect_uri'),
59		]
60		)
61		);
62		}
63
64		public function postAuthorize(Request $request, $userId)
65		{
66		$this->validateRequest($request);
67		$this->validateClient($request);
68
69		// state is OPTIONAL in remoteStorage specification
70		$state = $request->getQueryParameter('state', false, null);
71		$returnUriPattern = '%s#%s';
72
73		if ('no' === $request->getPostParameter('approve')) {
74		$redirectParameters = [
75		'error' => 'access_denied',
76		'error_description' => 'user refused authorization',
77		];
78		if (!is_null($state)) {
79		$redirectParameters['state'] = $state;
80		}
81		$redirectQuery = http_build_query($redirectParameters);
82
83		$redirectUri = sprintf($returnUriPattern, $request->getQueryParameter('redirect_uri'), $redirectQuery);
84
85		return new RedirectResponse($redirectUri, 302);
86		}
87
88		$accessToken = $this->getAccessToken(
89		$userId,
90		$request->getQueryParameter('client_id'),
91		$request->getQueryParameter('scope')
92		);
93
94		// add access_token (and optionally state) to redirect_uri
95		$redirectParameters = [
96		'access_token' => $accessToken,
97		];
98		if (!is_null($state)) {
99		$redirectParameters['state'] = $state;
100		}
101		$redirectQuery = http_build_query($redirectParameters);
102		$redirectUri = sprintf($returnUriPattern, $request->getQueryParameter('redirect_uri'), $redirectQuery);
103
104		return new RedirectResponse($redirectUri, 302);
105		}
106
107		private function getAccessToken($userId, $clientId, $scope)
108		{
109		$existingToken = $this->tokenStorage->getExistingToken(
110		$userId,
111		$clientId,
112		$scope
113		);
114
115		if (false !== $existingToken) {
116		// if the user already has an access_token for this client and
117		// scope, reuse it
118		$accessTokenKey = $existingToken['access_token_key'];
119		$accessToken = $existingToken['access_token'];
120		} else {
121		// generate a new one
122		$accessTokenKey = $this->random->get(8);
123		$accessToken = $this->random->get(16);
124		// store it
125		$this->tokenStorage->store(
126		$userId,
127		$accessTokenKey,
128		$accessToken,
129		$clientId,
130		$scope
131		);
132		}
133
134		return sprintf('%s.%s', $accessTokenKey, $accessToken);
135		}
136
137		private function validateRequest(Request $request)
138		{
139		// we enforce that all parameter are set, nothing is "OPTIONAL"
140		$clientId = $request->getQueryParameter('client_id');
141		if (1 !== preg_match('/^[\x20-\x7E]+$/', $clientId)) {
142		throw new HttpException('invalid client_id', 400);
143		}
144
145		// XXX we also should enforce HTTPS
146		$redirectUri = $request->getQueryParameter('redirect_uri');
147	View Code Duplication	if (false === filter_var($redirectUri, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED \| FILTER_FLAG_HOST_REQUIRED \| FILTER_FLAG_PATH_REQUIRED)) {
		0 ignored issues – show Duplication introduced 2017-01-13 10:38 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
148		throw new HttpException('invalid redirect_uri', 400);
149		}
150		if (false !== strpos($redirectUri, '?')) {
151		throw new HttpException('invalid redirect_uri', 400);
152		}
153		$responseType = $request->getQueryParameter('response_type');
154		if ('token' !== $responseType) {
155		throw new HttpException('invalid response_type', 400);
156		}
157		// XXX make sure this regexp/code is actually correct!
158		$scope = $request->getQueryParameter('scope');
159		$scopeTokens = explode(' ', $scope);
160		foreach ($scopeTokens as $scopeToken) {
161		if (1 !== preg_match('/^\x21\|[\x23-\x5B]\|[\x5D-\x7E]+$/', $scopeToken)) {
162		throw new HttpException('invalid scope', 400);
163		}
164		}
165
166		// state is OPTIONAL in remoteStorage
167		$state = $request->getQueryParameter('state', false, null);
168		if (!is_null($state)) {
169		if (1 !== preg_match('/^[\x20-\x7E]+$/', $state)) {
170		throw new HttpException('invalid state', 400);
171		}
172		}
173		}
174
175		private function validateClient(Request $request)
176		{
177		$clientId = $request->getQueryParameter('client_id');
178		$redirectUri = $request->getQueryParameter('redirect_uri');
179
180		// redirectUri has to start with clientId (or be equal)
181		if (0 !== strpos($redirectUri, $clientId)) {
182		throw new HttpException('"redirect_uri" does not match "client_id"', 400);
183		}
184		}
185		}
186

fkooman / php-remote-storage

GitHub Access Token became invalid

Push — master ( eac42d...55bb68 )

OAuthModule::init() B

Complexity

Size

Duplication

Importance

1 Method

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like