AbstractAuthorizedApiController::authorizeApi() - Code Metrics - Inspection of "Merge pull request #4 from nerds-and-company/featu..." - nerds-and-company/craft-api-authentication-plugin - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 0417d6...3a7a41 )

by Bob Olde

created 2015-11-26 08:45 UTC

AbstractAuthorizedApiController::authorizeApi() A

↳ Parent: AbstractAuthorizedApiController

Complexity

Conditions	4
Paths	4

Size

Total Lines	14
Code Lines	10

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	20

Importance

Changes	1
Bugs	0	Features	1

Metric	Value
c	1
b	0
f	1
dl	0
loc	14
rs	9.2
ccs	0
cts	14
cp	0
cc	4
eloc	10
nc	4
nop	0
crap	20

<?php

namespace Craft;

/**
 * Class ApiAuthController
 *
 * Api authentication using user keys
 *
 * @author    Nerds & Company
 * @copyright Copyright (c) 2015, Nerds & Company
 * @license   MIT
 *
 * @link      http://www.nerds.company
 */
abstract class AbstractAuthorizedApiController extends BaseController
{
    /**
     * Allow anonymous access to this controller.
     *
     * @var bool
     */
    protected $allowAnonymous = true;

    /**
     * Initialize controller
     */
    public function init()
    {
        craft()->apiAuth->setCorsHeaders();
        if (craft()->apiAuth->isOptionsRequest()) {
            craft()->end();
        }
        $this->authorizeApi();
    }

    /**
     * @return bool
     */
    private function authorizeApi()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
            http_response_code(401);
            $this->returnErrorJson(Craft::t('Authorization header missing'));
        }
        $key = $_SERVER['HTTP_AUTHORIZATION'];
        list($bearer, $token) = explode(' ', $key);
        if ($bearer != 'Bearer' || !craft()->apiAuth->authenticateKey($token)) {
            http_response_code(401);
            $this->returnErrorJson(Craft::t('Invalid key used'));
        }
        return true;
    }
}


1			<?php
2
3			namespace Craft;
4
5			/**
6			* Class ApiAuthController
7			*
8			* Api authentication using user keys
9			*
10			* @author Nerds & Company
11			* @copyright Copyright (c) 2015, Nerds & Company
12			* @license MIT
13			*
14			* @link http://www.nerds.company
15			*/
16			abstract class AbstractAuthorizedApiController extends BaseController
17			{
18			/**
19			* Allow anonymous access to this controller.
20			*
21			* @var bool
22			*/
23			protected $allowAnonymous = true;
24
25			/**
26			* Initialize controller
27			*/
28			public function init()
29			{
30			craft()->apiAuth->setCorsHeaders();
31			if (craft()->apiAuth->isOptionsRequest()) {
32			craft()->end();
33			}
34			$this->authorizeApi();
35			}
36
37			/**
38			* @return bool
39			*/
40			private function authorizeApi()
			0 ignored issues – show Coding Style introduced 2015-11-25 12:56 UTC by Report Bug Copy Issue Report `authorizeApi` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
41			{
42			if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
43			http_response_code(401);
44			$this->returnErrorJson(Craft::t('Authorization header missing'));
45			}
46			$key = $_SERVER['HTTP_AUTHORIZATION'];
47			list($bearer, $token) = explode(' ', $key);
48			if ($bearer != 'Bearer' \|\| !craft()->apiAuth->authenticateKey($token)) {
49			http_response_code(401);
50			$this->returnErrorJson(Craft::t('Invalid key used'));
51			}
52			return true;
53			}
54			}
55

nerds-and-company / craft-api-authentication-plugin

Push — master ( 0417d6...3a7a41 )

AbstractAuthorizedApiController::authorizeApi() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like