ApiKeyAuthenticator - Code Metrics - Inspection of "add security, oauth, resurs custumers/login" - geekhub-php/CheTheatre - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#137)

unknown

created 2017-03-27 03:38 UTC

ApiKeyAuthenticator A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	82
Duplicated Lines	0 %

Coupling/Cohesion

Components	0
Dependencies	1

Importance

Changes	2
Bugs	1	Features	1

Metric	Value
c	2
b	1
f	1
dl	0
loc	82
rs	10
wmc	8
lcom	0
cbo	1

4 Methods

Rating	Name	Size	Complexity
B	authenticateToken()	31	3
A	__construct()	4	1
A	createToken()	13	2
A	supportsToken()	4	2

<?php

namespace AppBundle\Security;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
use Symfony\Component\Security\Core\User\UserProviderInterface;
use Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface;
use Doctrine\Common\Persistence\ManagerRegistry;

class ApiKeyAuthenticator implements SimplePreAuthenticatorInterface
{
    /**
     * @var ManagerRegistry
     */
    private $registry;

    /**
     * @param ManagerRegistry $registry
     */
    public function __construct(ManagerRegistry $registry)
    {
        $this->registry = $registry;
    }

    /**
     * @param Request $request
     * @param string $providerKey
     * @return PreAuthenticatedToken
     */
    public function createToken(Request $request, $providerKey)
    {
        $apiKey = $request->headers->get('API-Key-Token');
        if (!$apiKey) {
            throw new BadCredentialsException();
        }

        return new PreAuthenticatedToken(
            'customer',
            $apiKey,
            $providerKey
        );
    }

    /**
     * @param TokenInterface $token
     * @param string $providerKey
     * @return bool
     */
    public function supportsToken(TokenInterface $token, $providerKey)
    {
        return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
if ($x instanceof DoesNotExist) {
    // Do something.
}
    }

    /**
     * @param TokenInterface $token
     * @param UserProviderInterface $userProvider
     * @param string $providerKey
     * @return PreAuthenticatedToken
     */
    public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
    {
        if (!$userProvider instanceof ApiKeyUserProvider) {
            throw new \InvalidArgumentException(
                sprintf(
                    'The user provider must be an instance of ApiKeyUserProvider (%s was given).',
                    get_class($userProvider)
                )
            );
        }

        $apiKey = $token->getCredentials();
        $username = $userProvider->getUsernameByApiKey($apiKey);

        if (!$username) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            // CAUTION: this message will be returned to the client
            // (so don't put any un-trusted messages / error strings here)
            throw new CustomUserMessageAuthenticationException(
                sprintf('API Key "%s" does not exist.', $apiKey)
            );
        }

        $user = $userProvider->loadUserByUsername($username);

        return new PreAuthenticatedToken(
            $user,
            $apiKey,
            $providerKey,
            $user->getRoles()
        );
    }
}


1			<?php
2
3			namespace AppBundle\Security;
4
5			use Symfony\Component\HttpFoundation\Request;
6			use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
7			use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
8			use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
9			use Symfony\Component\Security\Core\Exception\BadCredentialsException;
10			use Symfony\Component\Security\Core\User\UserProviderInterface;
11			use Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface;
12			use Doctrine\Common\Persistence\ManagerRegistry;
13
14			class ApiKeyAuthenticator implements SimplePreAuthenticatorInterface
15			{
16			/**
17			* @var ManagerRegistry
18			*/
19			private $registry;
20
21			/**
22			* @param ManagerRegistry $registry
23			*/
24			public function __construct(ManagerRegistry $registry)
25			{
26			$this->registry = $registry;
27			}
28
29			/**
30			* @param Request $request
31			* @param string $providerKey
32			* @return PreAuthenticatedToken
33			*/
34			public function createToken(Request $request, $providerKey)
35			{
36			$apiKey = $request->headers->get('API-Key-Token');
37			if (!$apiKey) {
38			throw new BadCredentialsException();
39			}
40
41			return new PreAuthenticatedToken(
42			'customer',
43			$apiKey,
44			$providerKey
45			);
46			}
47
48			/**
49			* @param TokenInterface $token
50			* @param string $providerKey
51			* @return bool
52			*/
53			public function supportsToken(TokenInterface $token, $providerKey)
54			{
55			return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $providerKey;
			0 ignored issues – show Bug introduced 2017-03-27 03:52 UTC by Report Bug Copy Issue Report The class `Symfony\Component\Securi...n\PreAuthenticatedToken` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
56			}
57
58			/**
59			* @param TokenInterface $token
60			* @param UserProviderInterface $userProvider
61			* @param string $providerKey
62			* @return PreAuthenticatedToken
63			*/
64			public function authenticateToken(TokenInterface $token, UserProviderInterface $userProvider, $providerKey)
65			{
66			if (!$userProvider instanceof ApiKeyUserProvider) {
67			throw new \InvalidArgumentException(
68			sprintf(
69			'The user provider must be an instance of ApiKeyUserProvider (%s was given).',
70			get_class($userProvider)
71			)
72			);
73			}
74
75			$apiKey = $token->getCredentials();
76			$username = $userProvider->getUsernameByApiKey($apiKey);
77
78			if (!$username) {
			0 ignored issues – show Bug Best Practice introduced 2017-03-26 01:47 UTC by Report Bug Copy Issue Report The expression `$username` of type `null\|string` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
79			// CAUTION: this message will be returned to the client
80			// (so don't put any un-trusted messages / error strings here)
81			throw new CustomUserMessageAuthenticationException(
82			sprintf('API Key "%s" does not exist.', $apiKey)
83			);
84			}
85
86			$user = $userProvider->loadUserByUsername($username);
87
88			return new PreAuthenticatedToken(
89			$user,
90			$apiKey,
91			$providerKey,
92			$user->getRoles()
93			);
94			}
95			}
96

geekhub-php / CheTheatre

Pull Request — master (#137)

ApiKeyAuthenticator A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

4 Methods

1. Missing dependencies

2. Missing use statement

Duplication Side-by-Side

Filter issues like