Issues in ServerMiddleware.php - Failed Issues - Inspection of "Fixup" - jasny/http-signature - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions
Push — master ( 26ac20...3d81ff )

by Arnold
created 2019-03-14 02:23 UTC
src/ServerMiddleware.php (2 issues)

Labels

Severity

Major 2
<?php declare(strict_types=1);

namespace Jasny\HttpSignature;

use Psr\Http\Message\ServerRequestInterface as ServerRequest;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ResponseFactoryInterface as ResponseFactory;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;

/**
 * Middleware to verify HTTP Signature authentication.
 * Can be used both as single pass (PSR-15) and double pass middleware.
 */
class ServerMiddleware implements MiddlewareInterface
{
    /**
     * @var HttpSignature
     */
    protected $service;

    /**
     * @var ResponseFactory|null
     */
    protected $responseFactory;

    /**
     * Class constructor.
     *
     * @param HttpSignature        $service
     * @param ResponseFactory|null $responseFactory
     */
    public function __construct(HttpSignature $service, ?ResponseFactory $responseFactory = null)
    {
        $this->service = $service;
        $this->responseFactory = $responseFactory;
    }


    /**
     * Process an incoming server request (PSR-15).
     *
     * @param ServerRequest  $request
     * @param RequestHandler $handler
     * @return Response
     * @throws \RuntimeException if unauthorized response can't be created
     */
    public function process(ServerRequest $request, RequestHandler $handler): Response
    {
        if (!$this->isRequestSigned($request)) {
            return $handler->handle($request);
        }

        $next = function (ServerRequest $request) use ($handler) {
            return $handler->handle($request);
        };

        return $this->handleSignedRequest($request, null, $next);
    }

    /**
     * Get a callback that can be used as double pass middleware.
     *
     * @return callable
     */
    public function asDoublePass(): callable
    {
        return function (ServerRequest $request, Response $response, callable $next): Response {
            return $this->isRequestSigned($request)
                ? $this->handleSignedRequest($request, $response, $next)
                : $next($request, $response);
        };
    }

    /**
     * Handle signed request.
     *
     * @param ServerRequest  $request
     * @param Response|null  $response
     * @param callable       $next
     * @return Response
     * @throws \RuntimeException when the unauthorized response can't be created.
     */
    protected function handleSignedRequest(ServerRequest $request, ?Response $response, callable $next): Response
    {
        try {
            $keyId = $this->service->verify($request);
            $request = $request->withAttribute('signature_key_id', $keyId);

            $nextResponse = $next($request, $response);
        } catch (HttpSignatureException $exception) {
            $nextResponse = $this->createUnauthorizedResponse($request, $response, $exception->getMessage());
        }

        return $nextResponse;
    }

    /**
     * Check if the request contains a signature authorization header.
     *
     * @param ServerRequest $request
     * @return bool
     */
    protected function isRequestSigned(ServerRequest $request): bool
    {
        return
            $request->hasHeader('authorization') &&
            (substr(strtolower($request->getHeaderLine('authorization')), 0, 10) === 'signature ');
    }

    /**
     * Create a response using the response factory.
     *
     * @param int           $status            Response status
     * @param Response|null $originalResponse
     * @return Response
     */
    protected function createResponse(int $status, ?Response $originalResponse = null): Response
    {
        if ($this->responseFactory === null && $originalResponse === null) {
            throw new \BadMethodCallException('Response factory not set');
        }

        return $this->responseFactory !== null

            ? $this->responseFactory->createResponse($status)
            : $originalResponse->withStatus($status)->withBody(clone $originalResponse->getBody());
            : $originalResponse->/** @scrutinizer ignore-call */ withStatus($status)->withBody(clone $originalResponse->getBody());
    }

    /**
     * Create a `401 Unauthorized` response.
     *
     * @param ServerRequest $request
     * @param Response|null $response
     * @param string        $message
     * @return Response
     * @throws \RuntimeException when can't write body.
     */
    protected function createUnauthorizedResponse(
        ServerRequest $request,
        ?Response $response,
        string $message
    ): Response {
        $newResponse = $this->createResponse(401, $response);

        $errorResponse = $this->service->setAuthenticateResponseHeader($request->getMethod(), $newResponse)
            ->withHeader('Content-Type', 'text/plain');

        $errorResponse->getBody()->write($message);

        return $errorResponse;
    }
}

jasny / http-signature

Push — master ( 26ac20...3d81ff )

src/ServerMiddleware.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like
