OAuth::getNoAuthResponse() - Code Metrics - Inspection of "Fixes issues raised by scrutinizer" - joindin/callingallpapers-api - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#8)

by Andreas

created 2016-03-25 23:24 UTC

OAuth::getNoAuthResponse() A

↳ Parent: OAuth

Complexity

Conditions	1
Paths	1

Size

Total Lines	8
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	1	Features	0

Metric	Value
c	1
b	1
f	0
dl	0
loc	8
rs	9.4285
cc	1
eloc	4
nc	1
nop	3

<?php
/**
 * Copyright (c) 2016-2016 The callingallpapers.com Developer Team
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 *
 * @author    Andreas Heigl<[email protected]>
 * @copyright 2016-2016 The callingallpapers.com Developer Team
 * @license   http://www.opensource.org/licenses/mit-license.php MIT-License
 * @version   0.0
 * @since     16.01.2016
 * @link      https://github.com/joindin/callingallpapers
 */

namespace Callingallpapers\Api\Middleware;

use Callingallpapers\Api\PersistenceLayer\UserPersistenceLayer;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

class OAuth
{
    protected $app;

    public function __construct($app)
    {
        $this->app = $app;
    }

    /**
     * Example middleware invokable class
     *
     * @param  \Psr\Http\Message\ServerRequestInterface $request  PSR7 request
     * @param  \Psr\Http\Message\ResponseInterface      $response PSR7 response
     * @param  callable                                 $next     Next middleware
     *
     * @return \Psr\Http\Message\ResponseInterface
     */
    public function __invoke(
        ServerRequestInterface $request,
        ResponseInterface $response,
        callable $next
    ) {
        $auth = $request->getHeader('Authenticate');
        if ($request->getMethod() === 'GET') {
            // Get is allowed without authentication
            // Rate-Limit is handlede by another Middleware
            return $next($request, $response);
        }
        if (empty($auth)) {
            return $this->getNoAuthResponse($response);
        }

        $bearer = explode(' ', $auth[0]);
        if (! isset($bearer[1])) {
            return $this->getNoAuthResponse($response);
        }
        $bearer = $bearer[1];

        $upl = new UserPersistenceLayer($this->app->getContainer()['pdo']);
        try {
            $user = $upl->getUserForToken($bearer);
        } catch (\Exception $e) {
            return $this->getNoAuthResponse($response, 'invalid token', 'Invalid Access-Token provided');
        }

        $request = $request->withAttribute('user', $user['user']);

        return $next($request, $response);
    }

    protected function getNoAuthResponse($response, $error = 'no token', $description = 'No Access-Token provided')
    {
        $response = $response->withHeader('WWW-Authenticate', 'Bearer realm="callingallpapers", error="' . $error . '", error_desciption="' . $description . '"');
        $response = $response->withStatus(401);

        return $response;

    }
}


1			<?php
2			/**
3			* Copyright (c) 2016-2016 The callingallpapers.com Developer Team
4			*
5			* Permission is hereby granted, free of charge, to any person obtaining a copy
6			* of this software and associated documentation files (the "Software"), to deal
7			* in the Software without restriction, including without limitation the rights
8			* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9			* copies of the Software, and to permit persons to whom the Software is
10			* furnished to do so, subject to the following conditions:
11			*
12			* The above copyright notice and this permission notice shall be included in
13			* all copies or substantial portions of the Software.
14			*
15			* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16			* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17			* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18			* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19			* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20			* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21			* THE SOFTWARE.
22			*
23			* @author Andreas Heigl<[email protected]>
24			* @copyright 2016-2016 The callingallpapers.com Developer Team
25			* @license http://www.opensource.org/licenses/mit-license.php MIT-License
26			* @version 0.0
27			* @since 16.01.2016
28			* @link https://github.com/joindin/callingallpapers
29			*/
30
31			namespace Callingallpapers\Api\Middleware;
32
33			use Callingallpapers\Api\PersistenceLayer\UserPersistenceLayer;
34			use Psr\Http\Message\ResponseInterface;
35			use Psr\Http\Message\ServerRequestInterface;
36
37			class OAuth
38			{
39			protected $app;
40
41			public function __construct($app)
42			{
43			$this->app = $app;
44			}
45
46			/**
47			* Example middleware invokable class
48			*
49			* @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
50			* @param \Psr\Http\Message\ResponseInterface $response PSR7 response
51			* @param callable $next Next middleware
52			*
53			* @return \Psr\Http\Message\ResponseInterface
54			*/
55			public function __invoke(
56			ServerRequestInterface $request,
57			ResponseInterface $response,
58			callable $next
59			) {
60			$auth = $request->getHeader('Authenticate');
61			if ($request->getMethod() === 'GET') {
62			// Get is allowed without authentication
63			// Rate-Limit is handlede by another Middleware
64			return $next($request, $response);
65			}
66			if (empty($auth)) {
67			return $this->getNoAuthResponse($response);
68			}
69
70			$bearer = explode(' ', $auth[0]);
71			if (! isset($bearer[1])) {
72			return $this->getNoAuthResponse($response);
73			}
74			$bearer = $bearer[1];
75
76			$upl = new UserPersistenceLayer($this->app->getContainer()['pdo']);
77			try {
78			$user = $upl->getUserForToken($bearer);
79			} catch (\Exception $e) {
80			return $this->getNoAuthResponse($response, 'invalid token', 'Invalid Access-Token provided');
81			}
82
83			$request = $request->withAttribute('user', $user['user']);
84
85			return $next($request, $response);
86			}
87
88			protected function getNoAuthResponse($response, $error = 'no token', $description = 'No Access-Token provided')
89			{
90			$response = $response->withHeader('WWW-Authenticate', 'Bearer realm="callingallpapers", error="' . $error . '", error_desciption="' . $description . '"');
91			$response = $response->withStatus(401);
92
93			return $response;
94
95			}
96			}
97

joindin / callingallpapers-api

Pull Request — master (#8)

OAuth::getNoAuthResponse() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like