AuthorizationEndpoint::getIdTokenHint() - Code Metrics - Inspection of "openid init implicit flow" - php-guard/oauth-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed
Push — master ( cd0cec...4b3abd )

by Alexandre
created 2018-03-14 22:12 UTC
AuthorizationEndpoint::getIdTokenHint() A

↳ Parent: AuthorizationEndpoint
Complexity

Conditions	1
Paths	1
Size

Total Lines	3
Code Lines	1
Duplication

Lines	0
Ratio	0 %
Importance

Changes
Metric	Value
dl	0
loc	3
rs	10
c	0
b	0
f	0
cc	1
eloc	1
nc	1
nop	0
<?php
/**
 * Created by PhpStorm.
 * User: Alexandre
 * Date: 18/02/2018
 * Time: 18:14
 */

namespace OAuth2\Extensions\OpenID\Endpoints;


use GuzzleHttp\Psr7\Response;
use OAuth2\Exceptions\OAuthException;
use OAuth2\Extensions\OpenID\IdTokenManager;
use OAuth2\IdTokenInterface;
use OAuth2\ResponseModes\ResponseModeManager;
use OAuth2\ResponseTypes\ResponseTypeManager;
use OAuth2\Extensions\OpenID\Roles\ResourceOwnerInterface;
use OAuth2\ScopePolicy\ScopePolicyManager;
use OAuth2\Storages\ClientStorageInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

class AuthorizationEndpoint extends \OAuth2\Endpoints\AuthorizationEndpoint
{
    const DISPLAY_PAGE = 'page';
    const DISPLAY_POPUP = 'popup';
    const DISPLAY_TOUCH = 'touch';
    const DISPLAY_WAP = 'wap';

    const PROMPT_NONE = 'none';
    const PROMPT_LOGIN = 'login';
    const PROMPT_CONSENT = 'consent';
    const PROMPT_SELECT_ACCOUNT = 'select_account';
    /**
     * @var mixed|null
     */
    private $nonce;
    /**
     * @var string|null
     */
    private $display;
    /**
     * @var string|null
     */
    private $prompt;
    /**
     * @var int|null
     */
    private $maxAge;
    /**
     * @var string[]|null
     */
    private $uiLocales;
    /**
     * @var IdTokenInterface|null
     */
    private $idTokenHint;
    /**
     * @var string|null
     */
    private $loginHint;
    /**
     * @var string[]|null
     */
    private $acrValues;
    /**
     * @var ResourceOwnerInterface
     */
    private $resourceOwner;
    /**
     * @var IdTokenManager
     */
    private $idTokenManager;

    public function __construct(ResponseTypeManager $responseTypeManager, ResponseModeManager $responseModeManager,
                                ScopePolicyManager $scopePolicyManager, ResourceOwnerInterface $resourceOwner,
                                ClientStorageInterface $clientStorage, IdTokenManager $idTokenManager)
    {
        parent::__construct($responseTypeManager, $responseModeManager, $scopePolicyManager, $resourceOwner, $clientStorage);
        $this->resourceOwner = $resourceOwner;
        $this->idTokenManager = $idTokenManager;
    }

    public function handleRequest(ServerRequestInterface $request): ResponseInterface
    {
        if ($request->getMethod() === 'GET') {
            $requestData = $request->getQueryParams();
        } else if ($request->getMethod() === 'POST') {
            $requestData = is_array($request->getParsedBody()) ? $request->getParsedBody() : [];
        } else {
            return new Response(404);
        }

        // Authentication Request Validation
        // The Authorization Server MUST validate all the OAuth 2.0 parameters according to the OAuth 2.0 specification.
        try {
            $this->verifyClient($requestData['client_id'] ?? null);
            $this->verifyRedirectUri($requestData['redirect_uri'] ?? null);
        } catch (OAuthException $e) {
            /**
             * If the Authorization Server encounters any error, it MUST return an error response, per Section 3.1.2.6.
             */

            return new Response(400, ['content-type' => 'application/json'], $e->jsonSerialize());
        }

        try {
            parent::verifyRequestData($requestData);

            if (in_array('openid', $this->getScopes())) {
                $this->verifyRequestData($requestData);
            }

            $this->getResponseType()->verifyAuthorizationRequest($this, $requestData);

            // Authorization Server Authenticates End-User
            if (!$this->resourceOwner->isAuthenticated(self::PROMPT_LOGIN)) {
            if (!$this->resourceOwner->isAuthenticated(/** @scrutinizer ignore-type */ self::PROMPT_LOGIN)) {
                if ($this->prompt == self::PROMPT_NONE) {
                    throw new OAuthException('login_required');
                }

                // may throw interaction_required
                return $this->resourceOwner->authenticate($this->prompt == self::PROMPT_SELECT_ACCOUNT, $this->loginHint);
            }

            if($this->idTokenHint) {
                //check if user associated to this id token is the current user.
                var_dump($this->idTokenHint['sub']);die;
interface ReturnsInt {
    public function returnsIntHinted(): int;
}

class MyClass implements ReturnsInt {
    public function returnsIntHinted(): int
    {
        if (foo()) {
            return 123;
        }
        // here: null is implicitly returned
    }
}
                if($this->idTokenHint['sub'] !== $this->resourceOwner->getIdentifier()) {
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}
                    if($this->prompt == self::PROMPT_NONE) {
                        throw new OAuthException('invalid_request');
                    }
                    else {
                        throw new OAuthException('login_required');
                    }
                }
            }

            if ($this->prompt == self::PROMPT_NONE &&
                $this->resourceOwner->isInteractionRequiredForConsent($this)) {
                throw new OAuthException('interaction_required');
            }

            $consentGiven = $this->resourceOwner->hasGivenConsent($this->getClient(), $this->getScopes(),
                $this->prompt == self::PROMPT_CONSENT);

            if (is_null($consentGiven)) {
                if ($this->prompt == self::PROMPT_NONE) {
                    throw new OAuthException('consent_required');
                }

                return $this->resourceOwner->obtainConsent($this->getClient(), $this->getScopes());
            }

            if (empty($consentGiven)) {
                throw new OAuthException('access_denied', 'The resource owner denied the request.',
                    'https://tools.ietf.org/html/rfc6749#section-4.1');
            }

            $responseData = $this->getResponseType()->handleAuthorizationRequest($this, $requestData);
        } catch (OAuthException $e) {
            /**
             * If the Authorization Server encounters any error, it MUST return an error response, per Section 3.1.2.6.
             */
            $responseData = [
                'error' => $e->getError()
            ];
            if ($e->getErrorDescription()) {
                $responseData['error_description'] = $e->getErrorDescription();
            }
            if ($e->getErrorUri()) {
                $responseData['error_uri'] = $e->getErrorUri();
            }
        }

        if (!empty($this->getState())) {
            $responseData['state'] = $this->getState();
        }

        return $this->getResponseMode()->buildResponse($this, $requestData, $responseData);
    }


    /**
     * @param array $requestData
     * @throws OAuthException
     */
    public function verifyRequestData(array $requestData)
    {
        $this->nonce = empty($requestData['state']) ? null : $requestData['state'];
        $this->display = empty($requestData['display']) ? null : $requestData['display'];
        $this->prompt = empty($requestData['prompt']) ? null : $requestData['prompt'];
        $this->maxAge = empty($requestData['max_age']) ? null : $requestData['max_age'];
        $this->uiLocales = empty($requestData['ui_locales']) ? null : explode(' ', $requestData['ui_locales']);

        if(!empty($requestData['id_token_hint'])) {
            try {
                $this->idTokenHint = $this->idTokenManager->decode($requestData['id_token_hint']);
            } catch (\Exception $exception) {
                throw new OAuthException('invalid_request', 'Failed to decode id_token_hint : '.$exception->getMessage());
            }
        }

        $this->loginHint = empty($requestData['login_hint']) ? null : $requestData['login_hint'];
        $this->acrValues = empty($requestData['acr_values']) ? null : explode(' ', $requestData['acr_values']);
    }

    /**
     * @return mixed|null
     */
    public function getNonce(): ?mixed
filter:
    dependency_paths: ["lib/*"]
    {
        return $this->nonce;
    }

    /**
     * @return null|string
     */
    public function getDisplay(): ?string
    {
        return $this->display;
    }

    /**
     * @return null|string
     */
    public function getPrompt(): ?string
    {
        return $this->prompt;
    }

    /**
     * @return int|null
     */
    public function getMaxAge(): ?int
    {
        return $this->maxAge;
    }

    /**
     * @return null|string[]
     */
    public function getUiLocales(): ?array
    {
        return $this->uiLocales;
    }

    /**
     * @return null|IdTokenInterface
     */
    public function getIdTokenHint(): ?IdTokenInterface
    {
        return $this->idTokenHint;
    }

    /**
     * @return null|string
     */
    public function getLoginHint(): ?string
    {
        return $this->loginHint;
    }

    /**
     * @return null|string[]
     */
    public function getAcrValues(): ?array
    {
        return $this->acrValues;
    }
}
php-guard / oauth-server

Push — master ( cd0cec...4b3abd )

AuthorizationEndpoint::getIdTokenHint() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like
