SelfConsumable::parse() - Code Metrics - Inspection of "Adding some logic here" - flipboxfactory/craft-jwt - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — develop (8ea255)

by Nate

created 2018-03-21 15:42 UTC

SelfConsumable::parse() B

↳ Parent: SelfConsumable

Complexity

Conditions	7
Paths	4

Size

Total Lines	19
Code Lines	13

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	56

Importance

Changes

Metric	Value
dl	0
loc	19
ccs	0
cts	17
cp	0
rs	8.2222
c	0
b	0
f	0
cc	7
eloc	13
nc	4
nop	3
crap	56

<?php

/**
 * @copyright  Copyright (c) Flipbox Digital Limited
 * @license    https://flipboxfactory.com/software/jwt/license
 * @link       https://www.flipboxfactory.com/jwt/organization/
 */

namespace flipbox\craft\jwt\services;

use Craft;
use craft\elements\User;
use flipbox\craft\jwt\Jwt;
use Lcobucci\JWT\Token;
use yii\base\Component;
use yii\web\IdentityInterface;

/**
 * @author Flipbox Factory <[email protected]>
 * @since 1.0.0
 */
class SelfConsumable extends Component
{
    /**
     * The CSRF claim identifier
     */
    const CLAIM_CSRF = 'csrf';

    /**
     * The Audience claim identifier
     */
    const CLAIM_AUDIENCE = 'aud';

    /**
     * The Issuer claim identifier
     */
    const CLAIM_ISSUER = 'iss';

    /**
     * The Identity claim identifier
     */
    const CLAIM_IDENTITY = 'jti';

    /**
     * Issue an authorization JWT token on behalf of a user.
     *
     * @param string $user
     * @param string|null $audience
     * @param int|null $expiration
     * @return Token|null
     * @throws \craft\errors\SiteNotFoundException
     * @throws \yii\base\InvalidConfigException
     */
    public function issue(
        $user = 'CURRENT_USER',
        string $audience = null,
        int $expiration = null
    ) {
        if (null === ($identity = $this->resolveUser($user))) {
            return null;
        }

        return Jwt::getInstance()->getBuilder()
            ->setIssuer(Jwt::getInstance()->getSettings()->getIssuer())
            ->setAudience($this->resolveAudience($audience))
            ->setId($identity->getId(), true)
            ->setIssuedAt(time())
            ->setNotBefore(time())
            ->setExpiration($this->resolveTokenExpiration($expiration))
            ->set(self::CLAIM_CSRF, Craft::$app->getRequest()->getCsrfToken())
            ->sign(Jwt::getInstance()->getSettings()->getSigner(), $this->getSignatureKey($identity))
            ->getToken();
    }

    /**
     * This
     * @param string $token
     * @return null|IdentityInterface
     * @throws \craft\errors\SiteNotFoundException
     */
    public function claim(string $token)
    {
        if (null === ($token = $this->parse($token))) {
            return null;
        }

        return $this->tokenIdentity($token);
    }

    /**
     * @param $token
     * @param bool $validate
     * @param bool $verify
     * @return Token|null
     * @throws \craft\errors\SiteNotFoundException
     */
    public function parse(string $token, bool $validate = true, bool $verify = true)
    {
        try {
            $token = Jwt::getInstance()->getParser()->parse((string)$token);
        } catch (\RuntimeException $e) {
            Jwt::warning("Invalid JWT provided: " . $e->getMessage());
            return null;
        } catch (\InvalidArgumentException $e) {
            Jwt::warning("Invalid JWT provided: " . $e->getMessage());
            return null;
        }

        if (($validate && !Jwt::getInstance()->validateToken($token)) ||
            ($verify && !$this->verifyToken($token))) {
            return null;
        }

        return $token;
    }

    /**
     * @param Token $token
     * @return bool
     * @throws \craft\errors\SiteNotFoundException
     */
    public function verifyToken(Token $token): bool
    {
        if (null === ($identity = $this->resolveUser($token->getClaim(self::CLAIM_IDENTITY)))) {
            return false;
        }

        return $this->verifyTokenCsrfClaim($token) &&
            $this->verifyIssuer($token) &&
            $this->verifyAudience($token) &&
            $this->verifyTokenSignature($token, $identity);
    }

    /**
     * @param Token $token
     * @return null|IdentityInterface
     */
    private function tokenIdentity(Token $token)
    {
        return $this->resolveUser($token->getClaim(self::CLAIM_IDENTITY));
    }

    /**
     * @param Token $token
     * @return bool
     * @throws \craft\errors\SiteNotFoundException
     */
    private function verifyAudience(Token $token): bool
    {
        $audience = $token->getClaim(self::CLAIM_AUDIENCE);
        if (false === ($audience ===
            Jwt::getInstance()->getSettings()->getSelfConsumableAudience())
        ) {
            Jwt::error(sprintf(
                "Unable to verify audience: %s",
                $audience
            ));

            return false;
        }
        return true;
    }

    /**
     * Verify that the issuer is one we can accept from
     *
     * @param Token $token
     * @return bool
     * @throws \craft\errors\SiteNotFoundException
     */
    private function verifyIssuer(Token $token): bool
    {
        $issuer = $token->getClaim(self::CLAIM_ISSUER);
        if (false === in_array(
            $issuer,
            Jwt::getInstance()->getSettings()->getSelfConsumableIssuers()
        )) {
            Jwt::error(sprintf(
                "Unable to verify issuer: %s",
                $issuer
            ));

            return false;
        }
        return true;
    }

    /**
     * @param Token $token
     * @return bool
     */
    private function verifyTokenCsrfClaim(Token $token): bool
    {
        $csrf = $token->getClaim(self::CLAIM_CSRF);
        if (false === Craft::$app->getRequest()->validateCsrfToken($csrf)) {
            Jwt::error(sprintf(
                "Unable to verify CSRF Token: %s",
                $csrf
            ));

            return false;
        }
        return true;
    }

    /**
     * @param Token $token
     * @param IdentityInterface $identity
     * @return bool
     */
    private function verifyTokenSignature(Token $token, IdentityInterface $identity): bool
    {
        try {
            if (false === $token->verify(
                Jwt::getInstance()->getSettings()->resolveSigner($token->getHeader('alg')),
                $this->getSignatureKey($identity)
            )) {
                Jwt::error("Unable to verify token signature");
                return false;
            }
            return true;
        } catch (\Exception $e) {
            Jwt::error(sprintf(
                "Exception caught while trying to verify token signature: %s",
                $e->getMessage()
            ));
        }
        return false;
    }

    /**
     * @param IdentityInterface $identity
     * @return string
     */
    private function getSignatureKey(IdentityInterface $identity)
    {
        $id = $identity instanceof User ? $identity->uid : $identity->getId();
        return Jwt::getInstance()->getSettings()->getKey() . '.' . $id;
    }

    /**
     * @param string|null $audience
     * @return string
     * @throws \craft\errors\SiteNotFoundException
     */
    private function resolveAudience(string $audience = null): string
    {
        if ($audience === null) {
            $audience = Jwt::getInstance()->getSettings()->getSelfConsumableAudience();
        }

        return (string)$audience;
    }

    /**
     * @param int|null $expiration
     * @return int
     */
    private function resolveTokenExpiration(int $expiration = null): int
    {
        if ($expiration === null) {
            $expiration = Jwt::getInstance()->getSettings()->tokenExpiration;
        }

        return time() + (int)$expiration;
    }

    /**
     * @param $user
     * @return IdentityInterface|null
     */
    private function resolveUser($user)
    {
        if ($user instanceof IdentityInterface) {
            return $user;
        }

        if ($user === 'CURRENT_USER') {
            return Craft::$app->getUser()->getIdentity();
        }

        if (is_numeric($user)) {
            return Craft::$app->getUsers()->getUserById($user);
        }

        if (is_string($user)) {
            return Craft::$app->getUsers()->getUserByUsernameOrEmail($user);
        }

        return null;
    }
}


1			<?php
2
3			/**
4			* @copyright Copyright (c) Flipbox Digital Limited
5			* @license https://flipboxfactory.com/software/jwt/license
6			* @link https://www.flipboxfactory.com/jwt/organization/
7			*/
8
9			namespace flipbox\craft\jwt\services;
10
11			use Craft;
12			use craft\elements\User;
13			use flipbox\craft\jwt\Jwt;
14			use Lcobucci\JWT\Token;
15			use yii\base\Component;
16			use yii\web\IdentityInterface;
17
18			/**
19			* @author Flipbox Factory <[email protected]>
20			* @since 1.0.0
21			*/
22			class SelfConsumable extends Component
23			{
24			/**
25			* The CSRF claim identifier
26			*/
27			const CLAIM_CSRF = 'csrf';
28
29			/**
30			* The Audience claim identifier
31			*/
32			const CLAIM_AUDIENCE = 'aud';
33
34			/**
35			* The Issuer claim identifier
36			*/
37			const CLAIM_ISSUER = 'iss';
38
39			/**
40			* The Identity claim identifier
41			*/
42			const CLAIM_IDENTITY = 'jti';
43
44			/**
45			* Issue an authorization JWT token on behalf of a user.
46			*
47			* @param string $user
48			* @param string\|null $audience
49			* @param int\|null $expiration
50			* @return Token\|null
51			* @throws \craft\errors\SiteNotFoundException
52			* @throws \yii\base\InvalidConfigException
53			*/
54			public function issue(
55			$user = 'CURRENT_USER',
56			string $audience = null,
57			int $expiration = null
58			) {
59			if (null === ($identity = $this->resolveUser($user))) {
60			return null;
61			}
62
63			return Jwt::getInstance()->getBuilder()
64			->setIssuer(Jwt::getInstance()->getSettings()->getIssuer())
65			->setAudience($this->resolveAudience($audience))
66			->setId($identity->getId(), true)
67			->setIssuedAt(time())
68			->setNotBefore(time())
69			->setExpiration($this->resolveTokenExpiration($expiration))
70			->set(self::CLAIM_CSRF, Craft::$app->getRequest()->getCsrfToken())
71			->sign(Jwt::getInstance()->getSettings()->getSigner(), $this->getSignatureKey($identity))
72			->getToken();
73			}
74
75			/**
76			* This
77			* @param string $token
78			* @return null\|IdentityInterface
79			* @throws \craft\errors\SiteNotFoundException
80			*/
81			public function claim(string $token)
82			{
83			if (null === ($token = $this->parse($token))) {
84			return null;
85			}
86
87			return $this->tokenIdentity($token);
88			}
89
90			/**
91			* @param $token
92			* @param bool $validate
93			* @param bool $verify
94			* @return Token\|null
95			* @throws \craft\errors\SiteNotFoundException
96			*/
97			public function parse(string $token, bool $validate = true, bool $verify = true)
98			{
99			try {
100			$token = Jwt::getInstance()->getParser()->parse((string)$token);
101			} catch (\RuntimeException $e) {
102			Jwt::warning("Invalid JWT provided: " . $e->getMessage());
103			return null;
104			} catch (\InvalidArgumentException $e) {
105			Jwt::warning("Invalid JWT provided: " . $e->getMessage());
106			return null;
107			}
108
109			if (($validate && !Jwt::getInstance()->validateToken($token)) \|\|
110			($verify && !$this->verifyToken($token))) {
111			return null;
112			}
113
114			return $token;
115			}
116
117			/**
118			* @param Token $token
119			* @return bool
120			* @throws \craft\errors\SiteNotFoundException
121			*/
122			public function verifyToken(Token $token): bool
123			{
124			if (null === ($identity = $this->resolveUser($token->getClaim(self::CLAIM_IDENTITY)))) {
125			return false;
126			}
127
128			return $this->verifyTokenCsrfClaim($token) &&
129			$this->verifyIssuer($token) &&
130			$this->verifyAudience($token) &&
131			$this->verifyTokenSignature($token, $identity);
132			}
133
134			/**
135			* @param Token $token
136			* @return null\|IdentityInterface
137			*/
138			private function tokenIdentity(Token $token)
139			{
140			return $this->resolveUser($token->getClaim(self::CLAIM_IDENTITY));
141			}
142
143			/**
144			* @param Token $token
145			* @return bool
146			* @throws \craft\errors\SiteNotFoundException
147			*/
148			private function verifyAudience(Token $token): bool
149			{
150			$audience = $token->getClaim(self::CLAIM_AUDIENCE);
151			if (false === ($audience ===
152			Jwt::getInstance()->getSettings()->getSelfConsumableAudience())
153			) {
154			Jwt::error(sprintf(
155			"Unable to verify audience: %s",
156			$audience
157			));
158
159			return false;
160			}
161			return true;
162			}
163
164			/**
165			* Verify that the issuer is one we can accept from
166			*
167			* @param Token $token
168			* @return bool
169			* @throws \craft\errors\SiteNotFoundException
170			*/
171			private function verifyIssuer(Token $token): bool
172			{
173			$issuer = $token->getClaim(self::CLAIM_ISSUER);
174			if (false === in_array(
175			$issuer,
176			Jwt::getInstance()->getSettings()->getSelfConsumableIssuers()
177			)) {
178			Jwt::error(sprintf(
179			"Unable to verify issuer: %s",
180			$issuer
181			));
182
183			return false;
184			}
185			return true;
186			}
187
188			/**
189			* @param Token $token
190			* @return bool
191			*/
192			private function verifyTokenCsrfClaim(Token $token): bool
193			{
194			$csrf = $token->getClaim(self::CLAIM_CSRF);
195			if (false === Craft::$app->getRequest()->validateCsrfToken($csrf)) {
196			Jwt::error(sprintf(
197			"Unable to verify CSRF Token: %s",
198			$csrf
199			));
200
201			return false;
202			}
203			return true;
204			}
205
206			/**
207			* @param Token $token
208			* @param IdentityInterface $identity
209			* @return bool
210			*/
211			private function verifyTokenSignature(Token $token, IdentityInterface $identity): bool
212			{
213			try {
214			if (false === $token->verify(
215			Jwt::getInstance()->getSettings()->resolveSigner($token->getHeader('alg')),
216			$this->getSignatureKey($identity)
217			)) {
218			Jwt::error("Unable to verify token signature");
219			return false;
220			}
221			return true;
222			} catch (\Exception $e) {
223			Jwt::error(sprintf(
224			"Exception caught while trying to verify token signature: %s",
225			$e->getMessage()
226			));
227			}
228			return false;
229			}
230
231			/**
232			* @param IdentityInterface $identity
233			* @return string
234			*/
235			private function getSignatureKey(IdentityInterface $identity)
236			{
237			$id = $identity instanceof User ? $identity->uid : $identity->getId();
238			return Jwt::getInstance()->getSettings()->getKey() . '.' . $id;
239			}
240
241			/**
242			* @param string\|null $audience
243			* @return string
244			* @throws \craft\errors\SiteNotFoundException
245			*/
246			private function resolveAudience(string $audience = null): string
247			{
248			if ($audience === null) {
249			$audience = Jwt::getInstance()->getSettings()->getSelfConsumableAudience();
250			}
251
252			return (string)$audience;
253			}
254
255			/**
256			* @param int\|null $expiration
257			* @return int
258			*/
259			private function resolveTokenExpiration(int $expiration = null): int
260			{
261			if ($expiration === null) {
262			$expiration = Jwt::getInstance()->getSettings()->tokenExpiration;
263			}
264
265			return time() + (int)$expiration;
266			}
267
268			/**
269			* @param $user
270			* @return IdentityInterface\|null
271			*/
272			private function resolveUser($user)
273			{
274			if ($user instanceof IdentityInterface) {
275			return $user;
276			}
277
278			if ($user === 'CURRENT_USER') {
279			return Craft::$app->getUser()->getIdentity();
280			}
281
282			if (is_numeric($user)) {
283			return Craft::$app->getUsers()->getUserById($user);
284			}
285
286			if (is_string($user)) {
287			return Craft::$app->getUsers()->getUserByUsernameOrEmail($user);
288			}
289
290			return null;
291			}
292			}
293

flipboxfactory / craft-jwt

Branch — develop (8ea255)

SelfConsumable::parse() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like