Issues in OAuth2Client.php - All Issues - Inspection of "fixes_0065" - ozo2003/HelperBundle - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 442a9a...3948f8 )

by Dāvis

created 2018-04-13 15:54 UTC

Oauth/Client/OAuth2Client.php (2 issues)

Labels

Bug 2

Severity

Minor 2

Dāvis Zālītis 2

<?php

namespace Sludio\HelperBundle\Oauth\Client;

use League\OAuth2\Client\Token\AccessToken;
use Sludio\HelperBundle\Script\Security\Exception\ErrorException;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\RequestStack;

class OAuth2Client
{
    const OAUTH2_SESSION_STATE_KEY = 'sludio_helper.oauth_client_state';

    protected $provider;
    protected $requestStack;
    protected $isStateless = true;

    public function __construct($provider, RequestStack $requestStack)
    {
        $this->provider = $provider;
        $this->requestStack = $requestStack;
    }

    public function setAsStateless()
    {
        $this->isStateless = true;
    }

    public function redirect(array $scopes = [], array $options = [], $token = null)
    {
        if (!empty($scopes)) {
            $options['scope'] = $scopes;
        }

        if ($token) {
            $options['token'] = $token;
        }

        $url = $this->provider->getAuthorizationUrl($options);

        if (!$this->isStateless) {
            $this->getSession()->set(self::OAUTH2_SESSION_STATE_KEY, $this->provider->getState());
        }

        return new RedirectResponse($url);
    }

    protected function getSession()
    {
        $session = $this->getCurrentRequest()->getSession();

        if (!$session) {
            throw new ErrorException('In order to use "state", you must have a session. Set the OAuth2Client to stateless to avoid state');
        }

        return $session;
    }

    protected function getCurrentRequest()
    {
        $request = $this->requestStack->getCurrentRequest();

        if (!$request) {
            throw new ErrorException('There is no "current request", and it is needed to perform this action');
        }

        return $request;
    }

    public function fetchUser(array $attributes = [])
    {
        $token = $this->getAccessToken($attributes);

        return $this->fetchUserFromToken($token);
    }

    public function getAccessToken(array $attributes = [])
    {
        if (!$this->isStateless) {
            $expectedState = $this->getSession()->get(self::OAUTH2_SESSION_STATE_KEY);
            $actualState = $this->getCurrentRequest()->query->get('state');
            if (!$actualState || ($actualState !== $expectedState)) {
                throw new ErrorException('Invalid state: '.var_export($actualState, 1).var_export($expectedState, 1));
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
            }
        }

        $code = $this->getCurrentRequest()->get('code');

        if (!$code) {
            throw new ErrorException('No "code" parameter was found');
        }

        return $this->provider->getAccessToken('authorization_code', [
            'code' => $code,
        ], $attributes);
    }

    public function fetchUserFromToken(AccessToken $accessToken)
    {
        return $this->provider->getResourceOwner($accessToken);
    }

    public function getOAuth2Provider()
    {
        return $this->provider;
    }
}


1			<?php
2
3			namespace Sludio\HelperBundle\Oauth\Client;
4
5			use League\OAuth2\Client\Token\AccessToken;
6			use Sludio\HelperBundle\Script\Security\Exception\ErrorException;
7			use Symfony\Component\HttpFoundation\RedirectResponse;
8			use Symfony\Component\HttpFoundation\RequestStack;
9
10			class OAuth2Client
11			{
12			const OAUTH2_SESSION_STATE_KEY = 'sludio_helper.oauth_client_state';
13
14			protected $provider;
15			protected $requestStack;
16			protected $isStateless = true;
17
18			public function __construct($provider, RequestStack $requestStack)
19			{
20			$this->provider = $provider;
21			$this->requestStack = $requestStack;
22			}
23
24			public function setAsStateless()
25			{
26			$this->isStateless = true;
27			}
28
29			public function redirect(array $scopes = [], array $options = [], $token = null)
30			{
31			if (!empty($scopes)) {
32			$options['scope'] = $scopes;
33			}
34
35			if ($token) {
36			$options['token'] = $token;
37			}
38
39			$url = $this->provider->getAuthorizationUrl($options);
40
41			if (!$this->isStateless) {
42			$this->getSession()->set(self::OAUTH2_SESSION_STATE_KEY, $this->provider->getState());
43			}
44
45			return new RedirectResponse($url);
46			}
47
48			protected function getSession()
49			{
50			$session = $this->getCurrentRequest()->getSession();
51
52			if (!$session) {
53			throw new ErrorException('In order to use "state", you must have a session. Set the OAuth2Client to stateless to avoid state');
54			}
55
56			return $session;
57			}
58
59			protected function getCurrentRequest()
60			{
61			$request = $this->requestStack->getCurrentRequest();
62
63			if (!$request) {
64			throw new ErrorException('There is no "current request", and it is needed to perform this action');
65			}
66
67			return $request;
68			}
69
70			public function fetchUser(array $attributes = [])
71			{
72			$token = $this->getAccessToken($attributes);
73
74			return $this->fetchUserFromToken($token);
75			}
76
77			public function getAccessToken(array $attributes = [])
78			{
79			if (!$this->isStateless) {
80			$expectedState = $this->getSession()->get(self::OAUTH2_SESSION_STATE_KEY);
81			$actualState = $this->getCurrentRequest()->query->get('state');
82			if (!$actualState \|\| ($actualState !== $expectedState)) {
83			throw new ErrorException('Invalid state: '.var_export($actualState, 1).var_export($expectedState, 1));
			0 ignored issues – show Bug introduced 2018-03-21 15:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the usage of `var_export($expectedState, 1)` is correct as it seems to always return `null`. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history... Bug introduced 2018-03-21 15:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the usage of `var_export($actualState, 1)` is correct as it seems to always return `null`. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
84			}
85			}
86
87			$code = $this->getCurrentRequest()->get('code');
88
89			if (!$code) {
90			throw new ErrorException('No "code" parameter was found');
91			}
92
93			return $this->provider->getAccessToken('authorization_code', [
94			'code' => $code,
95			], $attributes);
96			}
97
98			public function fetchUserFromToken(AccessToken $accessToken)
99			{
100			return $this->provider->getResourceOwner($accessToken);
101			}
102
103			public function getOAuth2Provider()
104			{
105			return $this->provider;
106			}
107			}
108

ozo2003 / HelperBundle

Push — master ( 442a9a...3948f8 )

Oauth/Client/OAuth2Client.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like