1 | <?php |
||
2 | |||
3 | namespace Sludio\HelperBundle\Oauth\Client; |
||
4 | |||
5 | use League\OAuth2\Client\Token\AccessToken; |
||
6 | use Sludio\HelperBundle\Script\Security\Exception\ErrorException; |
||
7 | use Symfony\Component\HttpFoundation\RedirectResponse; |
||
8 | use Symfony\Component\HttpFoundation\RequestStack; |
||
9 | |||
10 | class OAuth2Client |
||
11 | { |
||
12 | const OAUTH2_SESSION_STATE_KEY = 'sludio_helper.oauth_client_state'; |
||
13 | |||
14 | protected $provider; |
||
15 | protected $requestStack; |
||
16 | protected $isStateless = true; |
||
17 | |||
18 | public function __construct($provider, RequestStack $requestStack) |
||
19 | { |
||
20 | $this->provider = $provider; |
||
21 | $this->requestStack = $requestStack; |
||
22 | } |
||
23 | |||
24 | public function setAsStateless() |
||
25 | { |
||
26 | $this->isStateless = true; |
||
27 | } |
||
28 | |||
29 | public function redirect(array $scopes = [], array $options = [], $token = null) |
||
30 | { |
||
31 | if (!empty($scopes)) { |
||
32 | $options['scope'] = $scopes; |
||
33 | } |
||
34 | |||
35 | if ($token) { |
||
36 | $options['token'] = $token; |
||
37 | } |
||
38 | |||
39 | $url = $this->provider->getAuthorizationUrl($options); |
||
40 | |||
41 | if (!$this->isStateless) { |
||
42 | $this->getSession()->set(self::OAUTH2_SESSION_STATE_KEY, $this->provider->getState()); |
||
43 | } |
||
44 | |||
45 | return new RedirectResponse($url); |
||
46 | } |
||
47 | |||
48 | protected function getSession() |
||
49 | { |
||
50 | $session = $this->getCurrentRequest()->getSession(); |
||
51 | |||
52 | if (!$session) { |
||
53 | throw new ErrorException('In order to use "state", you must have a session. Set the OAuth2Client to stateless to avoid state'); |
||
54 | } |
||
55 | |||
56 | return $session; |
||
57 | } |
||
58 | |||
59 | protected function getCurrentRequest() |
||
60 | { |
||
61 | $request = $this->requestStack->getCurrentRequest(); |
||
62 | |||
63 | if (!$request) { |
||
64 | throw new ErrorException('There is no "current request", and it is needed to perform this action'); |
||
65 | } |
||
66 | |||
67 | return $request; |
||
68 | } |
||
69 | |||
70 | public function fetchUser(array $attributes = []) |
||
71 | { |
||
72 | $token = $this->getAccessToken($attributes); |
||
73 | |||
74 | return $this->fetchUserFromToken($token); |
||
75 | } |
||
76 | |||
77 | public function getAccessToken(array $attributes = []) |
||
78 | { |
||
79 | if (!$this->isStateless) { |
||
80 | $expectedState = $this->getSession()->get(self::OAUTH2_SESSION_STATE_KEY); |
||
81 | $actualState = $this->getCurrentRequest()->query->get('state'); |
||
82 | if (!$actualState || ($actualState !== $expectedState)) { |
||
83 | throw new ErrorException('Invalid state: '.var_export($actualState, 1).var_export($expectedState, 1)); |
||
0 ignored issues
–
show
Are you sure the usage of
var_export($actualState, 1) is correct as it seems to always return null .
This check looks for function or method calls that always return null and whose return value is used. class A
{
function getObject()
{
return null;
}
}
$a = new A();
if ($a->getObject()) {
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.
Loading history...
|
|||
84 | } |
||
85 | } |
||
86 | |||
87 | $code = $this->getCurrentRequest()->get('code'); |
||
88 | |||
89 | if (!$code) { |
||
90 | throw new ErrorException('No "code" parameter was found'); |
||
91 | } |
||
92 | |||
93 | return $this->provider->getAccessToken('authorization_code', [ |
||
94 | 'code' => $code, |
||
95 | ], $attributes); |
||
96 | } |
||
97 | |||
98 | public function fetchUserFromToken(AccessToken $accessToken) |
||
99 | { |
||
100 | return $this->provider->getResourceOwner($accessToken); |
||
101 | } |
||
102 | |||
103 | public function getOAuth2Provider() |
||
104 | { |
||
105 | return $this->provider; |
||
106 | } |
||
107 | } |
||
108 |
This check looks for function or method calls that always return null and whose return value is used.
The method
getObject()
can return nothing but null, so it makes no sense to use the return value.The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.