CsrfTokenStorage::check() - Code Metrics - Inspection of "Update phpdoc." - limoncello-php-dist/application - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( ac1fa0...9301b0 )

by Neomerx

created 2018-05-15 16:15 UTC

CsrfTokenStorage::check() A

↳ Parent: CsrfTokenStorage

Complexity

Conditions	2
Paths	2

Size

Total Lines	12
Code Lines	7

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	7
CRAP Score	2

Importance

Changes

Metric	Value
dl	0
loc	12
ccs	7
cts	7
cp	1
rs	9.4285
c	0
b	0
f	0
cc	2
eloc	7
nc	2
nop	1
crap	2

<?php namespace Limoncello\Application\Packages\Csrf;

/**
 * Copyright 2015-2018 [email protected]
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

use ArrayAccess;
use Exception;
use Limoncello\Application\Contracts\Csrf\CsrfTokenStorageInterface;

/**
 * @package Limoncello\Application
 */
class CsrfTokenStorage implements CsrfTokenStorageInterface
{
    /**
     * Number of random bytes in a token.
     */
    protected const TOKEN_BYTE_LENGTH = 16;

    /**
     * @var ArrayAccess
     */
    private $sessionStorage;

    /**
     * @var string
     */
    private $tokenStorageKey;

    /**
     * @var null|int
     */
    private $maxTokens = null;

    /**
     * @var int
     */
    private $maxTokensGcThreshold;

    /**
     * @param ArrayAccess $sessionStorage
     * @param string      $tokenStorageKey
     * @param int|null    $maxTokens
     * @param int         $maxTokensGcThreshold
     */
    public function __construct(
        ArrayAccess $sessionStorage,
        string $tokenStorageKey,
        ?int $maxTokens,
        int $maxTokensGcThreshold
    ) {
        $this->setSessionStorage($sessionStorage)
            ->setTokenStorageKey($tokenStorageKey)
            ->setMaxTokens($maxTokens)
            ->setMaxTokensGcThreshold($maxTokensGcThreshold);
    }

    /**
     * @inheritdoc
     *
     * @throws Exception
     */
    public function create(): string
    {
        $tokenStorage = $this->getTokenStorage();
        $value        = $this->createTokenValue();
        $timestamp    = $this->createTokenTimestamp();

        $tokenStorage[$value] = $timestamp;

        // check if we should limit number to stored tokens
        $maxTokens = $this->getMaxTokens();
        if ($maxTokens !== null &&
            count($tokenStorage) > $maxTokens + $this->getMaxTokensGcThreshold()
        ) {
            // sort by timestamp and take last $maxTokens
            asort($tokenStorage, SORT_NUMERIC);
            $tokenStorage = array_slice($tokenStorage, -$maxTokens, null, true);
            // minus means count from the end ---------^
        }

        $this->setTokenStorage($tokenStorage);

        return $value;
    }

    /**
     * @inheritdoc
     */
    public function check(string $token): bool
    {
        $tokenStorage = $this->getTokenStorage();
        $tokenFound   = array_key_exists($token, $tokenStorage);
        if ($tokenFound === true) {
            // remove the token so it cannot be used again
            unset($tokenStorage[$token]);
            $this->setTokenStorage($tokenStorage);
        }

        return $tokenFound;
    }

    /**
     * @return ArrayAccess
     */
    protected function getSessionStorage(): ArrayAccess
    {
        return $this->sessionStorage;
    }

    /**
     * @param ArrayAccess $sessionStorage
     *
     * @return self
     */
    protected function setSessionStorage(ArrayAccess $sessionStorage): self
    {
        $this->sessionStorage = $sessionStorage;

        return $this;
    }

    /**
     * @return string
     */
    protected function getTokenStorageKey(): string
    {
        return $this->tokenStorageKey;
    }

    /**
     * @param string $tokenStorageKey
     *
     * @return self
     */
    protected function setTokenStorageKey(string $tokenStorageKey): self
    {
        assert(empty($tokenStorageKey) === false);

        $this->tokenStorageKey = $tokenStorageKey;

        return $this;
    }

    /**
     * @return int|null
     */
    protected function getMaxTokens(): ?int
    {
        return $this->maxTokens;
    }

    /**
     * @param int|null $maxTokens
     *
     * @return self
     */
    protected function setMaxTokens(?int $maxTokens): self
    {
        assert($maxTokens === null || $maxTokens > 0);

        $this->maxTokens = $maxTokens > 0 ? $maxTokens : null;

        return $this;
    }

    /**
     * @return int
     */
    protected function getMaxTokensGcThreshold(): int
    {
        return $this->maxTokensGcThreshold;
    }

    /**
     * @param int $maxTokensGcThreshold
     *
     * @return self
     */
    protected function setMaxTokensGcThreshold(int $maxTokensGcThreshold): self
    {
        assert($maxTokensGcThreshold >= 0);

        $this->maxTokensGcThreshold = $maxTokensGcThreshold >= 0 ? $maxTokensGcThreshold : 0;

        return $this;
    }

    /**
     * @return string
     *
     * @throws Exception
     */
    protected function createTokenValue(): string
    {
        $value = bin2hex(random_bytes(static::TOKEN_BYTE_LENGTH));

        return $value;
    }

    /**
     * Additional information that would be stored with a token. For example, could be creation timestamp.
     *
     * @return int
     */
    protected function createTokenTimestamp(): int
    {
        return time();
    }

    /**
     * @return array
     */
    protected function getTokenStorage(): array
    {
        $sessionStorage = $this->getSessionStorage();
        $storageKey     = $this->getTokenStorageKey();

        $tokenStorage
            = $sessionStorage->offsetExists($storageKey) === true ? $sessionStorage->offsetGet($storageKey) : [];

        return $tokenStorage;
    }

    /**
     * Replace whole token storage.
     *
     * @param array $tokenStorage
     *
     * @return self
     */
    protected function setTokenStorage(array $tokenStorage): self
    {
        $this->getSessionStorage()->offsetSet($this->getTokenStorageKey(), $tokenStorage);

        return $this;
    }
}


1		<?php namespace Limoncello\Application\Packages\Csrf;
2
3		/**
4		* Copyright 2015-2018 [email protected]
5		*
6		* Licensed under the Apache License, Version 2.0 (the "License");
7		* you may not use this file except in compliance with the License.
8		* You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing, software
13		* distributed under the License is distributed on an "AS IS" BASIS,
14		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15		* See the License for the specific language governing permissions and
16		* limitations under the License.
17		*/
18
19		use ArrayAccess;
20		use Exception;
21		use Limoncello\Application\Contracts\Csrf\CsrfTokenStorageInterface;
22
23		/**
24		* @package Limoncello\Application
25		*/
26		class CsrfTokenStorage implements CsrfTokenStorageInterface
27		{
28		/**
29		* Number of random bytes in a token.
30		*/
31		protected const TOKEN_BYTE_LENGTH = 16;
32
33		/**
34		* @var ArrayAccess
35		*/
36		private $sessionStorage;
37
38		/**
39		* @var string
40		*/
41		private $tokenStorageKey;
42
43		/**
44		* @var null\|int
45		*/
46		private $maxTokens = null;
47
48		/**
49		* @var int
50		*/
51		private $maxTokensGcThreshold;
52
53		/**
54		* @param ArrayAccess $sessionStorage
55		* @param string $tokenStorageKey
56		* @param int\|null $maxTokens
57		* @param int $maxTokensGcThreshold
58		*/
59	3	public function __construct(
60		ArrayAccess $sessionStorage,
61		string $tokenStorageKey,
62		?int $maxTokens,
63		int $maxTokensGcThreshold
64		) {
65	3	$this->setSessionStorage($sessionStorage)
66	3	->setTokenStorageKey($tokenStorageKey)
67	3	->setMaxTokens($maxTokens)
68	3	->setMaxTokensGcThreshold($maxTokensGcThreshold);
69		}
70
71		/**
72		* @inheritdoc
73		*
74		* @throws Exception
75		*/
76	2	public function create(): string
77		{
78	2	$tokenStorage = $this->getTokenStorage();
79	2	$value = $this->createTokenValue();
80	2	$timestamp = $this->createTokenTimestamp();
81
82	2	$tokenStorage[$value] = $timestamp;
83
84		// check if we should limit number to stored tokens
85	2	$maxTokens = $this->getMaxTokens();
86	2	if ($maxTokens !== null &&
87	2	count($tokenStorage) > $maxTokens + $this->getMaxTokensGcThreshold()
88		) {
89		// sort by timestamp and take last $maxTokens
90	1	asort($tokenStorage, SORT_NUMERIC);
91	1	$tokenStorage = array_slice($tokenStorage, -$maxTokens, null, true);
92		// minus means count from the end ---------^
93		}
94
95	2	$this->setTokenStorage($tokenStorage);
96
97	2	return $value;
98		}
99
100		/**
101		* @inheritdoc
102		*/
103	1	public function check(string $token): bool
104		{
105	1	$tokenStorage = $this->getTokenStorage();
106	1	$tokenFound = array_key_exists($token, $tokenStorage);
107	1	if ($tokenFound === true) {
108		// remove the token so it cannot be used again
109	1	unset($tokenStorage[$token]);
110	1	$this->setTokenStorage($tokenStorage);
111		}
112
113	1	return $tokenFound;
114		}
115
116		/**
117		* @return ArrayAccess
118		*/
119	2	protected function getSessionStorage(): ArrayAccess
120		{
121	2	return $this->sessionStorage;
122		}
123
124		/**
125		* @param ArrayAccess $sessionStorage
126		*
127		* @return self
128		*/
129	3	protected function setSessionStorage(ArrayAccess $sessionStorage): self
130		{
131	3	$this->sessionStorage = $sessionStorage;
132
133	3	return $this;
134		}
135
136		/**
137		* @return string
138		*/
139	2	protected function getTokenStorageKey(): string
140		{
141	2	return $this->tokenStorageKey;
142		}
143
144		/**
145		* @param string $tokenStorageKey
146		*
147		* @return self
148		*/
149	3	protected function setTokenStorageKey(string $tokenStorageKey): self
150		{
151	3	assert(empty($tokenStorageKey) === false);
152
153	3	$this->tokenStorageKey = $tokenStorageKey;
154
155	3	return $this;
156		}
157
158		/**
159		* @return int\|null
160		*/
161	2	protected function getMaxTokens(): ?int
162		{
163	2	return $this->maxTokens;
164		}
165
166		/**
167		* @param int\|null $maxTokens
168		*
169		* @return self
170		*/
171	3	protected function setMaxTokens(?int $maxTokens): self
172		{
173	3	assert($maxTokens === null \|\| $maxTokens > 0);
174
175	3	$this->maxTokens = $maxTokens > 0 ? $maxTokens : null;
176
177	3	return $this;
178		}
179
180		/**
181		* @return int
182		*/
183	2	protected function getMaxTokensGcThreshold(): int
184		{
185	2	return $this->maxTokensGcThreshold;
186		}
187
188		/**
189		* @param int $maxTokensGcThreshold
190		*
191		* @return self
192		*/
193	3	protected function setMaxTokensGcThreshold(int $maxTokensGcThreshold): self
194		{
195	3	assert($maxTokensGcThreshold >= 0);
196
197	3	$this->maxTokensGcThreshold = $maxTokensGcThreshold >= 0 ? $maxTokensGcThreshold : 0;
198
199	3	return $this;
200		}
201
202		/**
203		* @return string
204		*
205		* @throws Exception
206		*/
207	2	protected function createTokenValue(): string
208		{
209	2	$value = bin2hex(random_bytes(static::TOKEN_BYTE_LENGTH));
210
211	2	return $value;
212		}
213
214		/**
215		* Additional information that would be stored with a token. For example, could be creation timestamp.
216		*
217		* @return int
218		*/
219	2	protected function createTokenTimestamp(): int
220		{
221	2	return time();
222		}
223
224		/**
225		* @return array
226		*/
227	2	protected function getTokenStorage(): array
228		{
229	2	$sessionStorage = $this->getSessionStorage();
230	2	$storageKey = $this->getTokenStorageKey();
231
232		$tokenStorage
233	2	= $sessionStorage->offsetExists($storageKey) === true ? $sessionStorage->offsetGet($storageKey) : [];
234
235	2	return $tokenStorage;
236		}
237
238		/**
239		* Replace whole token storage.
240		*
241		* @param array $tokenStorage
242		*
243		* @return self
244		*/
245	2	protected function setTokenStorage(array $tokenStorage): self
246		{
247	2	$this->getSessionStorage()->offsetSet($this->getTokenStorageKey(), $tokenStorage);
248
249	2	return $this;
250		}
251		}
252

limoncello-php-dist / application

Push — master ( ac1fa0...9301b0 )

CsrfTokenStorage::check() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like