JsonWebToken::decode() - Code Metrics - o2system/security - Measure and Improve Code Quality continuously with Scrutinizer

JsonWebToken::decode() F
last analyzed 2019-10-10 15:07 UTC

↳ Parent: JsonWebToken
Complexity

Conditions	24
Paths	276
Size

Total Lines	113
Code Lines	53
Duplication

Lines	0
Ratio	0 %
Importance

Changes	1
Bugs	0	Features	0
Metric	Value
cc	24
eloc	53
c	1
b	0
f	0
nc	276
nop	2
dl	0
loc	113
rs	2.3833
How to fix Long Method Complexity

<?php
/**
 * This file is part of the O2System Framework package.
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * @author         Steeve Andrian Salim
 * @copyright      Copyright (c) Steeve Andrian Salim
 */

// ------------------------------------------------------------------------

namespace O2System\Security\Authentication;

// ------------------------------------------------------------------------

use O2System\Security\Encoders\Base64;
use O2System\Security\Encoders\Json;
use O2System\Security\Authentication\User\Signature;
use O2System\Security\Encryptions\Algorithm;
use O2System\Security\Generators\Token;

/**
 * Class JsonWebToken
 * @package O2System\Security\Authentication
 */
class JsonWebToken extends Token
{
    protected $keyId;

    /**
     * When checking nbf, iat or expiration times,
     * we want to provide some extra leeway time to
     * account for clock skew.
     */
    protected $leeway = 0;

    protected $headers = [
        'typ' => 'JWT',
    ];

    // ------------------------------------------------------------------------

    public function setKeyId($keyId)
    {
        $this->keyId = $keyId;

        return $this;
    }

    // ------------------------------------------------------------------------

    public function setLeeway($leeway)
    {
        $this->leeway = intval($leeway);

        return $this;
    }

    // ------------------------------------------------------------------------

    public function encode(array $payload, $key = null)
    {
        $key = empty($key) ? $this->key : $key;
        if (is_null($key)) {
            if (class_exists('O2System\Framework', false)) {
                $key = config()->getItem('security')->encryptionKey;
                $key = /** @scrutinizer ignore-call */ config()->getItem('security')->encryptionKey;
            }
        }

        $this->addHeader('alg', $this->algorithm);

        if ( ! empty($this->keyId)) {
            $this->addHeader('kid', $this->keyId);
        }

        // Create Header Segment
        $segments[] = Base64::encode(Json::encode($this->headers));


        // Create Payload Segment
        $segments[] = Base64::encode(Json::encode($payload));

        // Create Signature Segment
        $segments[] = Base64::encode(Signature::generate($segments, $key, $this->algorithm));

        return implode('.', $segments);
    }

    // ------------------------------------------------------------------------

    public function decode($token, $key = null)
    {
        $key = empty($key) ? $this->key : $key;
        if (is_null($key)) {
            if (class_exists('O2System\Framework', false)) {
                $key = config()->getItem('security')->encryptionKey;
                $key = /** @scrutinizer ignore-call */ config()->getItem('security')->encryptionKey;
            }
        }

        $timestamp = empty($this->timestamp) ? time() : $this->timestamp;

        $segments = explode('.', $token);
        $segments = array_map('trim', $segments);

        if (count($segments) == 3) {
            list($headers, $payload, $signature) = $segments;

            // Base64 decode headers
            if (false === ($headers = Base64::decode($headers))) {
                $this->errors[] = 'Invalid header base64 decoding';

                return false;
            }

            // Json decode headers
            if (null === ($headers = Json::decode($headers))) {
                $this->errors[] = 'Invalid header json decoding';

                return false;
            }

            // Validate algorithm header
            if (empty($headers->alg)) {
                $this->errors[] = 'Invalid algorithm';

                return false;
            } elseif ( ! Algorithm::validate($headers->alg)) {
                $this->errors[] = 'Unsupported algorithm';

                return false;
            }

            // Validate algorithm key id
            if (is_array($key) or $key instanceof \ArrayAccess) {
                if (isset($headers->kid)) {
                    if ( ! isset($key[ $headers->kid ])) {
                        $this->errors[] = 'Invalid Key Id';

                        return false;
                    }

                    $key = $key[ $headers->kid ];
                } else {
                    $this->errors[] = 'Empty Key id';

                    return false;
                }
            }

            // Base64 decode payload
            if (false === ($payload = Base64::decode($payload))) {
                $this->errors[] = 'Invalid payload base64 decoding';

                return false;
            }

            // Json decode payload
            if (null === ($payload = Json::decode($payload))) {
                $this->errors[] = 'Invalid payload json decoding';

                return false;
            }

            // Base64 decode payload
            if (false === ($signature = Base64::decode($signature))) {
                $this->errors[] = 'Invalid signature base64 decoding';

                return false;
            }

            if (Signature::verify($token, $signature, $key, $headers->alg) === false) {
                $this->errors[] = 'Invalid signature';

                return false;
            }

            // Check if the nbf if it is defined. This is the time that the
            // token can actually be used. If it's not yet that time, abort.
            if (isset($payload->nbf) && $payload->nbf > ($timestamp + $this->leeway)) {
                $this->errors[] = 'Cannot handle token prior to ' . date(\DateTime::ISO8601, $payload->nbf);

                return false;
            }

            // Check that this token has been created before 'now'. This prevents
            // using tokens that have been created for later use (and haven't
            // correctly used the nbf claim).
            if (isset($payload->iat) && $payload->iat > ($timestamp + $this->leeway)) {
                $this->errors[] = 'Cannot handle token prior to ' . date(\DateTime::ISO8601, $payload->iat);

                return false;
            }
            // Check if this token has expired.
            if (isset($payload->exp) && ($timestamp - $this->leeway) >= $payload->exp) {
                $this->errors[] = 'Expired token';

                return false;
            }

            return $payload;
        }

        return false;
    }
}
o2system / security

GitHub Access Token became invalid

JsonWebToken::decode() F last analyzed 2019-10-10 15:07 UTC

Complexity

Size

Duplication

Importance

How to fix Long Method Complexity

Long Method

Duplication Side-by-Side

Filter issues like

JsonWebToken::decode() F
last analyzed 2019-10-10 15:07 UTC
