php-guard /
oauth-server
| Conditions | 11 |
| Paths | 10 |
| Total Lines | 45 |
| Code Lines | 29 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 0 | ||
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 59 | function grant(ServerRequestInterface $request, ClientInterface $client): ResponseInterface |
||
| 60 | { |
||
| 61 | if (!$client instanceof RegisteredClient) { |
||
| 62 | throw new OAuthException('unauthorized_client', |
||
| 63 | 'Unauthorized client type', |
||
| 64 | 'https://tools.ietf.org/html/rfc6749#section-5.2'); |
||
| 65 | } |
||
| 66 | |||
| 67 | $refreshToken = $request->getParsedBody()['refresh_token'] ?? ''; |
||
| 68 | if(!$refreshToken) { |
||
| 69 | throw new OAuthException('invalid_request', 'Missing a required parameter : refresh_token', |
||
| 70 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
||
| 71 | } |
||
| 72 | |||
| 73 | $refreshToken = $this->refreshTokenStorage->get($refreshToken); |
||
| 74 | if(!$refreshToken || $refreshToken->getClientId() !== $client->getIdentifier()) { |
||
| 75 | throw new OAuthException('invalid_grant', 'Refresh token is invalid', |
||
| 76 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
||
| 77 | } |
||
| 78 | |||
| 79 | if(!is_null($refreshToken->getExpiresAt()) && $refreshToken->getExpiresAt() < time()) { |
||
| 80 | $this->refreshTokenStorage->revoke($refreshToken->getToken()); |
||
| 81 | |||
| 82 | throw new OAuthException('invalid_grant', 'Refresh token has expired', |
||
| 83 | 'https://tools.ietf.org/html/rfc6749#section-4.3'); |
||
| 84 | } |
||
| 85 | |||
| 86 | $includedScopes = isset($request->getParsedBody()['scope']) ? explode(' ', $request->getParsedBody()['scope']) : null; |
||
| 87 | if(is_array($includedScopes) && !empty(array_diff($includedScopes, explode(' ', $refreshToken->getToken())))) { |
||
| 88 | throw new OAuthException('invalid_scope', |
||
| 89 | 'Some of scope included are not granted for this token. Scope granted : ' . $refreshToken->getScope(), |
||
| 90 | 'https://tools.ietf.org/html/rfc6749#section-6'); |
||
| 91 | } |
||
| 92 | |||
| 93 | // issue an access token token and, optionally, a refresh token |
||
| 94 | $accessToken = $this->accessTokenStorage->create($client->getIdentifier(), $refreshToken->getUserId(), $refreshToken->getScope()); |
||
| 95 | $newRefreshToken = null; |
||
| 96 | if($this->configurationRepository->getConfig(Config::REGENERATE_REFRESH_TOKENS_AFTER_USE)) { |
||
| 97 | $this->refreshTokenStorage->revoke($refreshToken->getToken()); |
||
| 98 | $newRefreshToken = $this->refreshTokenStorage->create( |
||
| 99 | $refreshToken->getClientId(), $refreshToken->getUserId(), $refreshToken->getScope())->getToken(); |
||
| 100 | } |
||
| 101 | |||
| 102 | return new AccessTokenResponse($accessToken->getToken(), $accessToken->getType(), |
||
| 103 | $accessToken->getExpiresAt() - time(), $newRefreshToken); |
||
| 104 | } |
||
| 105 | } |
Loading history...
Adding explicit visibility (
private,protected, orpublic) is generally recommend to communicate to other developers how, and from where this method is intended to be used.