Oidc::__construct() - Code Metrics - Inspection of "Implemented dependency injection container" - gyselroth/micro - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 0c1faf...c6b404 )

by Raffael

created 2017-10-19 15:29 UTC

Oidc::__construct() A

↳ Parent: Oidc

Complexity

Conditions	1
Paths	1

Size

Total Lines	5
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	5
rs	9.4285
c	0
b	0
f	0
cc	1
eloc	3
nc	1
nop	2

<?php
declare(strict_types = 1);

/**
 * Micro
 *
 * @author    Raffael Sahli <[email protected]>
 * @copyright Copyright (c) 2017 gyselroth GmbH (https://gyselroth.com)
 * @license   MIT https://opensource.org/licenses/MIT
 */

namespace Micro\Auth\Adapter;

use \Psr\Log\LoggerInterface;
use \Micro\Auth\Exception;

class Oidc extends AbstractAdapter
{
    /**
     * OpenID-connect discovery path
     */
    CONST DISCOVERY_PATH = '/.well-known/openid-configuration';


    /**
     * OpenID-connect provider url
     *
     * @var string
     */
    protected $provider_url = 'https://oidc.example.org';


    /**
     * Token validation endpoint (rfc7662)
     *
     * @var string
     */
    protected $token_validation_url;


    /**
     * Identity attribute
     *
     * @var string
     */
    protected $identity_attribute = 'preferred_username';


    /**
     * Attributes
     *
     * @var array
     */
    protected $attributes = [];


    /**
     * Access token
     *
     * @var string
     */
    private $access_token;


    /**
     * Init adapter
     *
     * @param   LoggerInterface $logger
     * @param   Iterable $config
     * @return  void

     */
    public function __construct(LoggerInterface $logger, ?Iterable $config=null)
    {
        $this->logger = $logger;
        $this->setOptions($config);
    }


    /**
     * Set options
     *
     * @param   Iterable $config
     * @return  AdapterInterface
     */
    public function setOptions(? Iterable $config = null) : AdapterInterface
    {
        if ($config === null) {
            return $this;
        }

        foreach($config as $option => $value) {
            switch($option) {
                case 'provider_url':
switch ($expr) {
    case "A": { //wrong
        doSomething();
        break;
    }
    case "B"; //wrong
        doSomething();
        break;
    case "C": //right
        doSomething();
        break;
}
                case 'token_validation_url':
                case 'identity_attribute':
                    $this->{$option} = (string)$value;
                break;
            }
        }

        return  parent::setOptions($config);
    }


    /**
     * Authenticate
     *
     * @return bool
     */
    public function authenticate(): bool
    {
        if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
            $this->logger->debug('skip auth adapter ['.get_class($this).'], no http authorization header or access_token param found', [
                'category' => get_class($this)
            ]);

            return false;
        } else {
            $header = $_SERVER['HTTP_AUTHORIZATION'];
            $parts  = explode(' ', $header);

            if ($parts[0] == 'Bearer') {
                $this->logger->debug('found http bearer authorization header', [
                    'category' => get_class($this)
                ]);

                return $this->verifyToken($parts[1]);
            } else {
                $this->logger->debug('http authorization header contains no bearer string or invalid authentication string', [
                    'category' => get_class($this)
                ]);

                return false;
            }
        }
    }


    /**
     * Get discovery url
     *
     * @return string
     */
    public function getDiscoveryUrl(): string
    {
        return $this->provider_url.self::DISCOVERY_PATH;
    }


    /**
     * Get discovery document
     *
     * @return array
     */
    public function getDiscoveryDocument(): array
    {
        if ($apc = extension_loaded('apc') && apc_exists($this->provider_url)) {

            return apc_get($this->provider_url);
        } else {
            $ch = curl_init();
            $url = $this->getDiscoveryUrl();
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

            $this->logger->debug('fetch openid-connect discovery document from ['.$url.']', [
                'category' => get_class($this)
            ]);

            $result = curl_exec($ch);
            $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
            curl_close($ch);

            if($code === 200) {
                $discovery = json_decode($result, true);
                $this->logger->debug('received openid-connect discovery document from ['.$url.']', [
                    'category' => get_class($this),
                    'discovery'=> $discovery
                ]);

                if ($apc === true) {
                    apc_store($this->provider_url, $discovery);
                }

                return $discovery;
            } else {
                $this->logger->error('failed to receive openid-connect discovery document from ['.$url.'], request ended with status ['.$code.']', [
                    'category' => get_class($this),
                ]);

                throw new Exception('failed to get openid-connect discovery document');
            }
        }
    }


    /**
     * Token verification
     *
     * @param   string $token
     * @return  bool
     */
    protected function verifyToken(string $token): bool
    {
        if($this->token_validation_url) {
            $this->logger->debug('validate oauth2 token via rfc7662 token validation endpoint ['.$this->token_validation_url.']', [
               'category' => get_class($this),
            ]);

            $url = str_replace('{token}', $token, $this->token_validation_url);
        } else {
            $discovery = $this->getDiscoveryDocument();
            if (!(isset($discovery['userinfo_endpoint']))) {
                throw new Exception('userinfo_endpoint could not be determained');
            }

            $this->logger->debug('validate token via openid-connect userinfo_endpoint ['.$discovery['userinfo_endpoint'].']', [
               'category' => get_class($this),
            ]);

            $url = $discovery['userinfo_endpoint'].'?access_token='.$token;
        }

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        $result = curl_exec($ch);
        $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        curl_close($ch);
        $response = json_decode($result, true);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

        if($code === 200) {
            $attributes = json_decode($result, true);
            $this->logger->debug('successfully verified oauth2 access token via authorization server', [
               'category' => get_class($this),
            ]);

            if(!isset($attributes[$this->identity_attribute])) {
                throw new Exception('identity attribute '.$this->identity_attribute.' not found in oauth2 response');
            }

            $this->identifier = $attributes['preferred_username'];

            if($this->token_validation_url) {
                $this->attributes = $attributes;
            } else {
                $this->access_token = $token;
            }

            return true;
        } else {
            $this->logger->error('failed verify oauth2 access token via authorization server, received status ['.$code.']', [
               'category' => get_class($this),
            ]);

            throw new Exception('failed verify oauth2 access token via authorization server');
        }
    }


    /**
     * Get attributes
     *
     * @return array
     */
    public function getAttributes(): array
    {
        if(count($this->attributes) !== 0) {
            return $this->attributes;
        }

        $discovery = $this->getDiscoveryDocument();
        if (!(isset($discovery['authorization_endpoint']))) {
            throw new Exception('authorization_endpoint could not be determained');
        }

        $this->logger->debug('fetch user attributes from userinfo_endpoint ['.$discovery['userinfo_endpoint'].']', [
           'category' => get_class($this),
        ]);

        $url = $discovery['userinfo_endpoint'].'?access_token='.$this->access_token;
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        $result = curl_exec($ch);
        $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        curl_close($ch);
        $response = json_decode($result, true);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

        if($code === 200) {
            $attributes = json_decode($result, true);
            $this->logger->debug('successfully requested user attributes from userinfo_endpoint', [
               'category' => get_class($this),
            ]);

            return $this->attributes = $attributes;
        } else {
            $this->logger->error('failed requesting user attributes from userinfo_endpoint, status code ['.$code.']', [
               'category' => get_class($this),
            ]);

            throw new Exception('failed requesting user attribute from userinfo_endpoint');
        }

    }
}


1			<?php
2			declare(strict_types = 1);
3
4			/**
5			* Micro
6			*
7			* @author Raffael Sahli <[email protected]>
8			* @copyright Copyright (c) 2017 gyselroth GmbH (https://gyselroth.com)
9			* @license MIT https://opensource.org/licenses/MIT
10			*/
11
12			namespace Micro\Auth\Adapter;
13
14			use \Psr\Log\LoggerInterface;
15			use \Micro\Auth\Exception;
16
17			class Oidc extends AbstractAdapter
18			{
19			/**
20			* OpenID-connect discovery path
21			*/
22			CONST DISCOVERY_PATH = '/.well-known/openid-configuration';
23
24
25			/**
26			* OpenID-connect provider url
27			*
28			* @var string
29			*/
30			protected $provider_url = 'https://oidc.example.org';
31
32
33			/**
34			* Token validation endpoint (rfc7662)
35			*
36			* @var string
37			*/
38			protected $token_validation_url;
39
40
41			/**
42			* Identity attribute
43			*
44			* @var string
45			*/
46			protected $identity_attribute = 'preferred_username';
47
48
49			/**
50			* Attributes
51			*
52			* @var array
53			*/
54			protected $attributes = [];
55
56
57			/**
58			* Access token
59			*
60			* @var string
61			*/
62			private $access_token;
63
64
65			/**
66			* Init adapter
67			*
68			* @param LoggerInterface $logger
69			* @param Iterable $config
70			* @return void
			0 ignored issues – show Comprehensibility Best Practice introduced 2017-06-21 11:15 UTC by Report Bug Copy Issue Report Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Adding a `@return` annotation to a constructor is not recommended, since a constructor does not have a meaningful return value. Please refer to the PHP core documentation on constructors. Loading history...
71			*/
72			public function __construct(LoggerInterface $logger, ?Iterable $config=null)
73			{
74			$this->logger = $logger;
75			$this->setOptions($config);
76			}
77
78
79			/**
80			* Set options
81			*
82			* @param Iterable $config
83			* @return AdapterInterface
84			*/
85			public function setOptions(? Iterable $config = null) : AdapterInterface
86			{
87			if ($config === null) {
88			return $this;
89			}
90
91			foreach($config as $option => $value) {
92			switch($option) {
93			case 'provider_url':
			0 ignored issues – show Coding Style introduced 2017-10-19 15:32 UTC by Report Bug Copy Issue Report `case` statements should be defined using a colon. As per the PSR-2 coding standard, case statements should not be wrapped in curly braces. There is no need for braces, since each case is terminated by the next `break`. There is also the option to use a semicolon instead of a colon, this is discouraged because many programmers do not even know it works and the colon is universal between programming languages. switch ($expr) { case "A": { //wrong doSomething(); break; } case "B"; //wrong doSomething(); break; case "C": //right doSomething(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
94			case 'token_validation_url':
95			case 'identity_attribute':
96			$this->{$option} = (string)$value;
97			break;
98			}
99			}
100
101			return parent::setOptions($config);
102			}
103
104
105			/**
106			* Authenticate
107			*
108			* @return bool
109			*/
110			public function authenticate(): bool
111			{
112			if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
113			$this->logger->debug('skip auth adapter ['.get_class($this).'], no http authorization header or access_token param found', [
114			'category' => get_class($this)
115			]);
116
117			return false;
118			} else {
119			$header = $_SERVER['HTTP_AUTHORIZATION'];
120			$parts = explode(' ', $header);
121
122			if ($parts[0] == 'Bearer') {
123			$this->logger->debug('found http bearer authorization header', [
124			'category' => get_class($this)
125			]);
126
127			return $this->verifyToken($parts[1]);
128			} else {
129			$this->logger->debug('http authorization header contains no bearer string or invalid authentication string', [
130			'category' => get_class($this)
131			]);
132
133			return false;
134			}
135			}
136			}
137
138
139			/**
140			* Get discovery url
141			*
142			* @return string
143			*/
144			public function getDiscoveryUrl(): string
145			{
146			return $this->provider_url.self::DISCOVERY_PATH;
147			}
148
149
150			/**
151			* Get discovery document
152			*
153			* @return array
154			*/
155			public function getDiscoveryDocument(): array
156			{
157			if ($apc = extension_loaded('apc') && apc_exists($this->provider_url)) {
			0 ignored issues – show Comprehensibility introduced 2017-08-10 14:48 UTC by Report Bug Copy Issue Report Consider adding parentheses for clarity. Current Interpretation: `$apc = (extension_loaded...s($this->provider_url))`, Probably Intended Meaning: `($apc = extension_loaded...ts($this->provider_url)` Loading history...
158			return apc_get($this->provider_url);
159			} else {
160			$ch = curl_init();
161			$url = $this->getDiscoveryUrl();
162			curl_setopt($ch, CURLOPT_URL, $url);
163			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
164
165			$this->logger->debug('fetch openid-connect discovery document from ['.$url.']', [
166			'category' => get_class($this)
167			]);
168
169			$result = curl_exec($ch);
170			$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
171			curl_close($ch);
172
173			if($code === 200) {
174			$discovery = json_decode($result, true);
175			$this->logger->debug('received openid-connect discovery document from ['.$url.']', [
176			'category' => get_class($this),
177			'discovery'=> $discovery
178			]);
179
180			if ($apc === true) {
181			apc_store($this->provider_url, $discovery);
182			}
183
184			return $discovery;
185			} else {
186			$this->logger->error('failed to receive openid-connect discovery document from ['.$url.'], request ended with status ['.$code.']', [
187			'category' => get_class($this),
188			]);
189
190			throw new Exception('failed to get openid-connect discovery document');
191			}
192			}
193			}
194
195
196			/**
197			* Token verification
198			*
199			* @param string $token
200			* @return bool
201			*/
202			protected function verifyToken(string $token): bool
203			{
204			if($this->token_validation_url) {
205			$this->logger->debug('validate oauth2 token via rfc7662 token validation endpoint ['.$this->token_validation_url.']', [
206			'category' => get_class($this),
207			]);
208
209			$url = str_replace('{token}', $token, $this->token_validation_url);
210			} else {
211			$discovery = $this->getDiscoveryDocument();
212			if (!(isset($discovery['userinfo_endpoint']))) {
213			throw new Exception('userinfo_endpoint could not be determained');
214			}
215
216			$this->logger->debug('validate token via openid-connect userinfo_endpoint ['.$discovery['userinfo_endpoint'].']', [
217			'category' => get_class($this),
218			]);
219
220			$url = $discovery['userinfo_endpoint'].'?access_token='.$token;
221			}
222
223			$ch = curl_init();
224			curl_setopt($ch, CURLOPT_URL, $url);
225			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
226			$result = curl_exec($ch);
227			$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
228			curl_close($ch);
229			$response = json_decode($result, true);
			0 ignored issues – show Unused Code introduced 2017-08-30 10:22 UTC by Report Bug Copy Issue Report `$response` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
230
231			if($code === 200) {
232			$attributes = json_decode($result, true);
233			$this->logger->debug('successfully verified oauth2 access token via authorization server', [
234			'category' => get_class($this),
235			]);
236
237			if(!isset($attributes[$this->identity_attribute])) {
238			throw new Exception('identity attribute '.$this->identity_attribute.' not found in oauth2 response');
239			}
240
241			$this->identifier = $attributes['preferred_username'];
242
243			if($this->token_validation_url) {
244			$this->attributes = $attributes;
245			} else {
246			$this->access_token = $token;
247			}
248
249			return true;
250			} else {
251			$this->logger->error('failed verify oauth2 access token via authorization server, received status ['.$code.']', [
252			'category' => get_class($this),
253			]);
254
255			throw new Exception('failed verify oauth2 access token via authorization server');
256			}
257			}
258
259
260			/**
261			* Get attributes
262			*
263			* @return array
264			*/
265			public function getAttributes(): array
266			{
267			if(count($this->attributes) !== 0) {
268			return $this->attributes;
269			}
270
271			$discovery = $this->getDiscoveryDocument();
272			if (!(isset($discovery['authorization_endpoint']))) {
273			throw new Exception('authorization_endpoint could not be determained');
274			}
275
276			$this->logger->debug('fetch user attributes from userinfo_endpoint ['.$discovery['userinfo_endpoint'].']', [
277			'category' => get_class($this),
278			]);
279
280			$url = $discovery['userinfo_endpoint'].'?access_token='.$this->access_token;
281			$ch = curl_init();
282			curl_setopt($ch, CURLOPT_URL, $url);
283			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
284			$result = curl_exec($ch);
285			$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
286			curl_close($ch);
287			$response = json_decode($result, true);
			0 ignored issues – show Unused Code introduced 2017-08-30 10:22 UTC by Report Bug Copy Issue Report `$response` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
288
289			if($code === 200) {
290			$attributes = json_decode($result, true);
291			$this->logger->debug('successfully requested user attributes from userinfo_endpoint', [
292			'category' => get_class($this),
293			]);
294
295			return $this->attributes = $attributes;
296			} else {
297			$this->logger->error('failed requesting user attributes from userinfo_endpoint, status code ['.$code.']', [
298			'category' => get_class($this),
299			]);
300
301			throw new Exception('failed requesting user attribute from userinfo_endpoint');
302			}
303
304			}
305			}
306

gyselroth / micro

Push — master ( 0c1faf...c6b404 )

Oidc::__construct() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like