Issues in Token.php (master) - Issues in master - o2system/security - Measure and Improve Code Quality continuously with Scrutinizer

Issues (170)

src/Authentication/Oauth/Token.php (7 issues)

Labels

Severity

<?php
/**
 * This file is part of the O2System Framework package.
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * @author         Steeve Andrian Salim
 * @copyright      Copyright (c) Steeve Andrian Salim
 */

// ------------------------------------------------------------------------

namespace O2System\Security\Authentication\Oauth;

// ------------------------------------------------------------------------

use O2System\Psr\Http\Server\MethodInterface;
use O2System\Security\Encoders\Base64;
use O2System\Security\Encoders\Json;
use O2System\Security\Generators\Signature;
use O2System\Spl\Traits\Collectors\ErrorCollectorTrait;

/**
 * Class Token
 * @package O2System\Security\Authentication\Oauth
 */
class Token implements MethodInterface
{
    use ErrorCollectorTrait;

    protected $consumer;

    public function __construct(Consumer $consumer)
    {
        $this->consumer = $consumer;
    }

    // ------------------------------------------------------------------------

    /**
     * Token::getVerifier
     *
     * Gets Token oauth_verifier code.
     *
     * @return bool|string
     */
    public function getVerifier()
    {
        if ( ! empty($this->key) && ! empty($this->secret)) {
            $key = rawurlencode($this->key);

            $secret = rawurlencode($this->secret);


            return base64_encode($key . ':' . $secret);
        }

        return false;
    }

    // ------------------------------------------------------------------------

    /**
     * Token::getRequest
     *
     * Gets OAuth Request Token.
     *
     * @return array|bool Returns FALSE if failed.
     */
    public function getRequest($callbackUrl, $httpMethod = self::HTTP_POST)
    {
        $algorithm = 'HMAC-SHA1';

        if (false === ($signature = Base64::decode($this->consumer->secret))) {
            $this->addError(400, 'Invalid Consumer Secret');

            return false;
        }

        if (false === ($signature = Json::decode($signature))) {

            $this->addError(400, 'Invalid Consumer Secret');

            return false;
        }

        $signature->callbackUrl = $callbackUrl;

        $signature->httpMethod = $httpMethod;

        $algorithm = $signature->algorithm;

        if (false !== ($payload = Base64::decode($this->consumer->key))) {
            $payload = Json::decode($payload)->getArrayCopy();
        }

        if ($payload) {
            $payload[ 'timestamp' ] = time();

            $segments[] = Base64::encode(Json::encode($signature));

            $segments[] = $token = Base64::encode(Signature::generate([
                'payload' => Base64::encode(Json::encode($payload)),
                'token'   => \OAuthProvider::generateToken(strlen($this->consumer->secret), true),
            ], $this->consumer->key, $algorithm));

            $secret = Base64::encode(Signature::generate($segments, $this->consumer->key, $algorithm));

            return [
                'oauth_token'        => $token,
                'oauth_token_secret' => $secret,
            ];
        }

        return false;
    }

    // ------------------------------------------------------------------------
}

1			<?php
2			/**
3			* This file is part of the O2System Framework package.
4			*
5			* For the full copyright and license information, please view the LICENSE
6			* file that was distributed with this source code.
7			*
8			* @author Steeve Andrian Salim
9			* @copyright Copyright (c) Steeve Andrian Salim
10			*/
11
12			// ------------------------------------------------------------------------
13
14			namespace O2System\Security\Authentication\Oauth;
15
16			// ------------------------------------------------------------------------
17
18			use O2System\Psr\Http\Server\MethodInterface;
19			use O2System\Security\Encoders\Base64;
20			use O2System\Security\Encoders\Json;
21			use O2System\Security\Generators\Signature;
22			use O2System\Spl\Traits\Collectors\ErrorCollectorTrait;
23
24			/**
25			* Class Token
26			* @package O2System\Security\Authentication\Oauth
27			*/
28			class Token implements MethodInterface
29			{
30			use ErrorCollectorTrait;
31
32			protected $consumer;
33
34			public function __construct(Consumer $consumer)
35			{
36			$this->consumer = $consumer;
37			}
38
39			// ------------------------------------------------------------------------
40
41			/**
42			* Token::getVerifier
43			*
44			* Gets Token oauth_verifier code.
45			*
46			* @return bool\|string
47			*/
48			public function getVerifier()
49			{
50			if ( ! empty($this->key) && ! empty($this->secret)) {
51			$key = rawurlencode($this->key);
			0 ignored issues – show Bug Best Practice introduced 2019-04-09 06:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `key` does not exist on `O2System\Security\Authentication\Oauth\Token`. Did you maybe forget to declare it? Loading history...
52			$secret = rawurlencode($this->secret);
			0 ignored issues – show Bug Best Practice introduced 2019-04-09 06:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `secret` does not exist on `O2System\Security\Authentication\Oauth\Token`. Did you maybe forget to declare it? Loading history...
53
54			return base64_encode($key . ':' . $secret);
55			}
56
57			return false;
58			}
59
60			// ------------------------------------------------------------------------
61
62			/**
63			* Token::getRequest
64			*
65			* Gets OAuth Request Token.
66			*
67			* @return array\|bool Returns FALSE if failed.
68			*/
69			public function getRequest($callbackUrl, $httpMethod = self::HTTP_POST)
70			{
71			$algorithm = 'HMAC-SHA1';
			0 ignored issues – show Unused Code introduced 2019-02-09 04:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$algorithm` is dead and can be removed. Loading history...
72			if (false === ($signature = Base64::decode($this->consumer->secret))) {
73			$this->addError(400, 'Invalid Consumer Secret');
74
75			return false;
76			}
77
78			if (false === ($signature = Json::decode($signature))) {
			0 ignored issues – show introduced 2019-02-09 04:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `false === $signature = O...son::decode($signature)` is always `false`. Loading history...
79			$this->addError(400, 'Invalid Consumer Secret');
80
81			return false;
82			}
83
84			$signature->callbackUrl = $callbackUrl;
			0 ignored issues – show Bug introduced 2019-04-09 06:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `callbackUrl` does not seem to exist on `O2System\Spl\DataStructures\SplArrayObject`. Loading history...
85			$signature->httpMethod = $httpMethod;
			0 ignored issues – show Bug introduced 2019-04-09 06:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `httpMethod` does not seem to exist on `O2System\Spl\DataStructures\SplArrayObject`. Loading history...
86			$algorithm = $signature->algorithm;
87
88			if (false !== ($payload = Base64::decode($this->consumer->key))) {
89			$payload = Json::decode($payload)->getArrayCopy();
90			}
91
92			if ($payload) {
93			$payload[ 'timestamp' ] = time();
94
95			$segments[] = Base64::encode(Json::encode($signature));
			0 ignored issues – show Comprehensibility Best Practice introduced 2019-02-09 04:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$segments` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$segments = array();` before regardless. Loading history...
96			$segments[] = $token = Base64::encode(Signature::generate([
97			'payload' => Base64::encode(Json::encode($payload)),
98			'token' => \OAuthProvider::generateToken(strlen($this->consumer->secret), true),
99			], $this->consumer->key, $algorithm));
100
101			$secret = Base64::encode(Signature::generate($segments, $this->consumer->key, $algorithm));
102
103			return [
104			'oauth_token' => $token,
105			'oauth_token_secret' => $secret,
106			];
107			}
108
109			return false;
110			}
111
112			// ------------------------------------------------------------------------
113			}

GitHub Access Token became invalid

Issues (170)

src/Authentication/Oauth/Token.php (7 issues)

Labels

Severity

Introduced By

o2system / security

GitHub Access Token became invalid

Issues (170)

src/Authentication/Oauth/Token.php (7 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like