Authorization::createPayload() - Code Metrics - Inspection of "inline docs revisions" - o2system/security - Measure and Improve Code Quality continuously with Scrutinizer

Test Setup Failed

Push — master ( 500279...2f8c13 )

unknown

created 2019-02-09 04:10 UTC

Authorization::createPayload() A

↳ Parent: Authorization

Complexity

Conditions	5
Paths	12

Size

Total Lines	30
Code Lines	16

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	5
eloc	16
nc	12
nop	2
dl	0
loc	30
rs	9.4222
c	0
b	0
f	0

<?php
/**
 * This file is part of the O2System Framework package.
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * @author         Steeve Andrian Salim
 * @copyright      Copyright (c) Steeve Andrian Salim
 */

// ------------------------------------------------------------------------

namespace O2System\Security\Authentication\Oauth\User;

// ------------------------------------------------------------------------

use O2System\Security\Authentication;
use O2System\Security\Authentication\Oauth;
use O2System\Security\Generators\Token;
use O2System\Spl\Traits\Collectors\ConfigCollectorTrait;

/**
 * Class Authorization
 * @package O2System\Security\Authentication\Oauth\User
 */
class Authorization
{
    use ConfigCollectorTrait;

    /**
     * Authorization::$user
     *
     * @var \O2System\Security\Authentication\Oauth\User\Account
     */
    protected $user;

    // ------------------------------------------------------------------------

    /**
     * Authorization::__construct
     *
     * @param \O2System\Security\Authentication\Oauth\User\Account $user
     */
    public function __construct(Oauth\User\Account $user)
    {
        $this->user = $user;

        $this->setConfig([
            'issuer'    => null,
            'scope'     => [],
            'authorize' => [
                'allow_implicit'             => false,
                'enforce_state'              => true,
                'require_exact_redirect_uri' => true,
                'redirect_status_code'       => 302,
            ],
            'token'     => [
                'type'             => 'bearer',
                'lifetime'         => 3600,
                'refresh_lifetime' => 1209600,
            ],
        ]);
    }

    // ------------------------------------------------------------------------

    /**
     * Authorization::getRefreshToken
     *
     * Provide an unique refresh token
     *
     * Implementing classes may want to override this function to implement
     * other refresh token generation schemes.
     *
     * @param \O2System\Security\Authentication\Oauth\Client\Account $client
     * @param array                                                  $options
     *
     * @return array
     * @throws \Exception
     */
    public function getRefreshToken(Oauth\Client\Account $client, array $options = [])
    {
        return $this->getAccessToken($client, $options); // let's reuse the same scheme for token generation
    }

    // ------------------------------------------------------------------------

    /**
     * Authorization::getAccessToken
     *
     * Provide an unique access token.
     *
     * Implementing classes may want to override this function to implement
     * other access token generation schemes.
     *
     * @param \O2System\Security\Authentication\Oauth\Client\Account $client
     * @param array                                                  $options
     *
     * @return array
     * @throws \Exception
     */
    public function getAccessToken(Oauth\Client\Account $client, array $options = [])
    {
        $privateKey = null;
        if ($client->offsetExists('private_key')) {
            $privateKey = $client->offsetGet('private_key');
        }

        $scope = $this->config[ 'token' ][ 'scope' ];
        if (isset($options[ 'scope' ])) {
            if (is_array($options[ 'scope' ])) {
                $scope = array_merge($scope, $options[ 'scope' ]);
            }
        }

        if (isset($options[ 'lifetime' ])) {
            $this->config[ 'token' ][ 'lifetime' ] = $options[ 'lifetime' ];
        }

        if (isset($options[ 'refresh_lifetime' ])) {
            $this->config[ 'token' ][ 'refresh_lifetime' ] = $options[ 'refresh_lifetime' ];
        }

        $payload = $this->createPayload($client, $scope);

        $jsonWebToken = new Authentication\JsonWebToken();
        $accessToken = $jsonWebToken->encode($payload, $privateKey);

        return [
            "access_token" => $accessToken,
            "expires_in"   => $this->config[ 'token' ][ 'lifetime' ],
            "token_type"   => $this->config[ 'token' ][ 'type' ],
            "scope"        => $payload[ 'scope' ],
        ];
    }

    // ------------------------------------------------------------------------

    /**
     * Authorization::createPayload
     *
     * @param \O2System\Security\Authentication\Oauth\Client\Account $client
     * @param array                                                  $scope
     *
     * @return array
     * @throws \Exception
     */
    protected function createPayload(Oauth\Client\Account $client, array $scope = [])
    {
        // token to encrypt
        $expires = time() + $this->config[ 'token' ][ 'lifetime' ];

        $id = Token::generate(40, Token::ALPHAHASH_STRING);
        $payload = [
            'id'         => $id,
            // the internal id of the token
            'jti'        => $id,
            // a unique token identifier for the token (JWT ID)
            'iss'        => $this->config[ 'issuer' ],
            // the id of the server who issued the token (Issuer)
            'aud'        => $client->id,

            // the id of the client who requested the token (Audience)
            'sub'        => ($this->user->offsetExists('id') ? $this->user->offsetGet('id') : null),
            // the id of the user for which the token was released (Subject)
            'exp'        => $expires,
            'iat'        => time(),
            'token_type' => $this->config[ 'token' ][ 'type' ],
            'scope'      => empty($scope) ? null : implode(' ', $scope),
        ];

        if ($client->offsetExists('metadata')) {
            if (is_array($client->metadata)) {

                $payload = array_merge($client->metadata, $payload);
            }
        }

        return $payload;
    }
}

1			<?php
2			/**
3			* This file is part of the O2System Framework package.
4			*
5			* For the full copyright and license information, please view the LICENSE
6			* file that was distributed with this source code.
7			*
8			* @author Steeve Andrian Salim
9			* @copyright Copyright (c) Steeve Andrian Salim
10			*/
11
12			// ------------------------------------------------------------------------
13
14			namespace O2System\Security\Authentication\Oauth\User;
15
16			// ------------------------------------------------------------------------
17
18			use O2System\Security\Authentication;
19			use O2System\Security\Authentication\Oauth;
20			use O2System\Security\Generators\Token;
21			use O2System\Spl\Traits\Collectors\ConfigCollectorTrait;
22
23			/**
24			* Class Authorization
25			* @package O2System\Security\Authentication\Oauth\User
26			*/
27			class Authorization
28			{
29			use ConfigCollectorTrait;
30
31			/**
32			* Authorization::$user
33			*
34			* @var \O2System\Security\Authentication\Oauth\User\Account
35			*/
36			protected $user;
37
38			// ------------------------------------------------------------------------
39
40			/**
41			* Authorization::__construct
42			*
43			* @param \O2System\Security\Authentication\Oauth\User\Account $user
44			*/
45			public function __construct(Oauth\User\Account $user)
46			{
47			$this->user = $user;
48
49			$this->setConfig([
50			'issuer' => null,
51			'scope' => [],
52			'authorize' => [
53			'allow_implicit' => false,
54			'enforce_state' => true,
55			'require_exact_redirect_uri' => true,
56			'redirect_status_code' => 302,
57			],
58			'token' => [
59			'type' => 'bearer',
60			'lifetime' => 3600,
61			'refresh_lifetime' => 1209600,
62			],
63			]);
64			}
65
66			// ------------------------------------------------------------------------
67
68			/**
69			* Authorization::getRefreshToken
70			*
71			* Provide an unique refresh token
72			*
73			* Implementing classes may want to override this function to implement
74			* other refresh token generation schemes.
75			*
76			* @param \O2System\Security\Authentication\Oauth\Client\Account $client
77			* @param array $options
78			*
79			* @return array
80			* @throws \Exception
81			*/
82			public function getRefreshToken(Oauth\Client\Account $client, array $options = [])
83			{
84			return $this->getAccessToken($client, $options); // let's reuse the same scheme for token generation
85			}
86
87			// ------------------------------------------------------------------------
88
89			/**
90			* Authorization::getAccessToken
91			*
92			* Provide an unique access token.
93			*
94			* Implementing classes may want to override this function to implement
95			* other access token generation schemes.
96			*
97			* @param \O2System\Security\Authentication\Oauth\Client\Account $client
98			* @param array $options
99			*
100			* @return array
101			* @throws \Exception
102			*/
103			public function getAccessToken(Oauth\Client\Account $client, array $options = [])
104			{
105			$privateKey = null;
106			if ($client->offsetExists('private_key')) {
107			$privateKey = $client->offsetGet('private_key');
108			}
109
110			$scope = $this->config[ 'token' ][ 'scope' ];
111			if (isset($options[ 'scope' ])) {
112			if (is_array($options[ 'scope' ])) {
113			$scope = array_merge($scope, $options[ 'scope' ]);
114			}
115			}
116
117			if (isset($options[ 'lifetime' ])) {
118			$this->config[ 'token' ][ 'lifetime' ] = $options[ 'lifetime' ];
119			}
120
121			if (isset($options[ 'refresh_lifetime' ])) {
122			$this->config[ 'token' ][ 'refresh_lifetime' ] = $options[ 'refresh_lifetime' ];
123			}
124
125			$payload = $this->createPayload($client, $scope);
126
127			$jsonWebToken = new Authentication\JsonWebToken();
128			$accessToken = $jsonWebToken->encode($payload, $privateKey);
129
130			return [
131			"access_token" => $accessToken,
132			"expires_in" => $this->config[ 'token' ][ 'lifetime' ],
133			"token_type" => $this->config[ 'token' ][ 'type' ],
134			"scope" => $payload[ 'scope' ],
135			];
136			}
137
138			// ------------------------------------------------------------------------
139
140			/**
141			* Authorization::createPayload
142			*
143			* @param \O2System\Security\Authentication\Oauth\Client\Account $client
144			* @param array $scope
145			*
146			* @return array
147			* @throws \Exception
148			*/
149			protected function createPayload(Oauth\Client\Account $client, array $scope = [])
150			{
151			// token to encrypt
152			$expires = time() + $this->config[ 'token' ][ 'lifetime' ];
153
154			$id = Token::generate(40, Token::ALPHAHASH_STRING);
155			$payload = [
156			'id' => $id,
157			// the internal id of the token
158			'jti' => $id,
159			// a unique token identifier for the token (JWT ID)
160			'iss' => $this->config[ 'issuer' ],
161			// the id of the server who issued the token (Issuer)
162			'aud' => $client->id,
			0 ignored issues – show Bug Best Practice introduced 2019-02-09 04:13 UTC by Report Bug Copy Issue Report The property `id` does not exist on `O2System\Security\Authen...on\Oauth\Client\Account`. Since you implemented `__get`, consider adding a @property annotation. Loading history...
163			// the id of the client who requested the token (Audience)
164			'sub' => ($this->user->offsetExists('id') ? $this->user->offsetGet('id') : null),
165			// the id of the user for which the token was released (Subject)
166			'exp' => $expires,
167			'iat' => time(),
168			'token_type' => $this->config[ 'token' ][ 'type' ],
169			'scope' => empty($scope) ? null : implode(' ', $scope),
170			];
171
172			if ($client->offsetExists('metadata')) {
173			if (is_array($client->metadata)) {
			0 ignored issues – show Bug Best Practice introduced 2019-02-09 04:13 UTC by Report Bug Copy Issue Report The property `metadata` does not exist on `O2System\Security\Authen...on\Oauth\Client\Account`. Since you implemented `__get`, consider adding a @property annotation. Loading history...
174			$payload = array_merge($client->metadata, $payload);
175			}
176			}
177
178			return $payload;
179			}
180			}

o2system / security

GitHub Access Token became invalid

Push — master ( 500279...2f8c13 )

Authorization::createPayload() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like