Server::__construct() - Code Metrics - Inspection of "fix" - php-guard/oauth-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 74eea6...77eee7 )

by Alexandre

created 2018-05-25 22:08 UTC

Server::__construct() B

↳ Parent: Server

Complexity

Conditions	1
Paths	1

Size

Total Lines	76
Code Lines	49

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	49
nc	1
nop	3
dl	0
loc	76
rs	8.9667
c	0
b	0
f	0

How to fix Long Method

<?php
/**
 * Created by PhpStorm.
 * User: Alexandre
 * Date: 10/03/2018
 * Time: 15:55
 */

namespace OAuth2;


use OAuth2\ClientAuthentication\ClientAuthenticationMethodManager;
use OAuth2\ClientAuthentication\ClientSecretBasicAuthenticationMethod;
use OAuth2\ClientAuthentication\ClientSecretPostAuthenticationMethod;
use OAuth2\Endpoints\AuthorizationEndpoint;
use OAuth2\Endpoints\AuthorizationRequestBuilder;
use OAuth2\Endpoints\TokenEndpoint;
use OAuth2\AuthorizationGrantTypes\Flows\AuthorizationCodeFlow;
use OAuth2\AuthorizationGrantTypes\Flows\ClientCredentialsFlow;
use OAuth2\AuthorizationGrantTypes\Flows\FlowManager;
use OAuth2\AuthorizationGrantTypes\Flows\ImplicitFlow;
use OAuth2\AuthorizationGrantTypes\Flows\ResourceOwnerPasswordCredentialsFlow;
use OAuth2\AuthorizationGrantTypes\GrantTypeManager;
use OAuth2\AuthorizationGrantTypes\RefreshTokenGrantType;
use OAuth2\ResponseModes\FragmentResponseMode;
use OAuth2\ResponseModes\QueryResponseMode;
use OAuth2\ResponseModes\ResponseModeManager;
use OAuth2\AuthorizationEndpointResponseTypes\ResponseTypeManager;
use OAuth2\Roles\ResourceOwnerInterface;
use OAuth2\ScopePolicy\ScopePolicyManager;
use OAuth2\Storages\StorageManager;

class Server
{
    protected $authorizationEndpoint;
    protected $tokenEndpoint;
    protected $responseTypeManager;
    protected $scopePolicyManager;
    protected $grantTypeManager;
    protected $clientAuthenticationMethodManager;
    protected $responseModeManager;
    protected $flowManager;

    public function __construct(Config $config,
                                StorageManager $storageManager,
                                ResourceOwnerInterface $resourceOwner)
    {
        $this->responseTypeManager = new ResponseTypeManager();
        $this->scopePolicyManager = new ScopePolicyManager($config);
        $this->grantTypeManager = new GrantTypeManager();

        $this->clientAuthenticationMethodManager = new ClientAuthenticationMethodManager($storageManager->getClientStorage());
        $this->clientAuthenticationMethodManager->addClientAuthenticationMethod('client_secret_basic',
            new ClientSecretBasicAuthenticationMethod($storageManager->getClientStorage()));
        $this->clientAuthenticationMethodManager->addClientAuthenticationMethod('client_secret_post',
            new ClientSecretPostAuthenticationMethod($storageManager->getClientStorage()));

//        $queryResponseMode = new QueryResponseMode();

        $this->responseModeManager = new ResponseModeManager();
        $this->responseModeManager->addResponseMode('query', new QueryResponseMode());
        $this->responseModeManager->addResponseMode('fragment', new FragmentResponseMode());

        // response_type : code
        // grant_type : authorization_code
        $authorizationCodeFlow = new AuthorizationCodeFlow(
            $config,
            $storageManager->getAuthorizationCodeStorage(),
            $storageManager->getAccessTokenStorage(),
            $storageManager->getRefreshTokenStorage()
        );

        // response_type : token
        $implicitFlow = new ImplicitFlow(
            $storageManager->getAccessTokenStorage(),
            $storageManager->getRefreshTokenStorage()
        );

        // grant_type : password
        $resourceOwnerPasswordCredentialsFlow = new ResourceOwnerPasswordCredentialsFlow(
            $this->scopePolicyManager,
            $storageManager->getResourceOwnerStorage(),
            $storageManager->getAccessTokenStorage(),
            $storageManager->getRefreshTokenStorage());

        // grant_type : client_credentials
        $clientCredentialsFlow = new ClientCredentialsFlow(
            $this->scopePolicyManager,
            $storageManager->getAccessTokenStorage(),
            $storageManager->getRefreshTokenStorage()
        );

        // grant_type : refresh_token
        $refreshTokenGrantType = new RefreshTokenGrantType(
            $storageManager->getAccessTokenStorage(),
            $storageManager->getRefreshTokenStorage(),
            $config,
            $this->scopePolicyManager
        );

        $this->flowManager = new FlowManager($this->responseTypeManager, $this->grantTypeManager);
        $this->flowManager->addFlow($authorizationCodeFlow);
        $this->flowManager->addFlow($implicitFlow);
        $this->flowManager->addFlow($resourceOwnerPasswordCredentialsFlow);
        $this->flowManager->addFlow($clientCredentialsFlow);

        $this->grantTypeManager->addGrantType('refresh_token', $refreshTokenGrantType);

        $authorizationRequestBuilder = new AuthorizationRequestBuilder(
            $storageManager->getClientStorage(),
            $this->responseTypeManager,
            $this->responseModeManager,
            $this->scopePolicyManager
        );
        $this->authorizationEndpoint = new AuthorizationEndpoint($authorizationRequestBuilder, $resourceOwner);

        $this->tokenEndpoint = new TokenEndpoint(
            $storageManager->getClientStorage(),
            $this->grantTypeManager,
            $this->clientAuthenticationMethodManager);
    }

    /**
     * @return AuthorizationEndpoint
     */
    public function getAuthorizationEndpoint(): AuthorizationEndpoint
    {
        return $this->authorizationEndpoint;
    }

    /**
     * @return TokenEndpoint
     */
    public function getTokenEndpoint(): TokenEndpoint
    {
        return $this->tokenEndpoint;
    }

    /**
     * @return bool
     *
     * @see https://tools.ietf.org/html/rfc6749#section-3.1.2.1
     *
     *  Endpoint Request Confidentiality
     *
     *     The redirection endpoint SHOULD require the use of TLS as described
     * in Section 1.6 when the requested response type is "code" or "token",
     * or when the redirection request will result in the transmission of
     * sensitive credentials over an open network.  This specification does
     * not mandate the use of TLS because at the time of this writing,
     * requiring clients to deploy TLS is a significant hurdle for many
     * client developers.  If TLS is not available, the authorization server
     * SHOULD warn the resource owner about the insecure endpoint prior to
     * redirection (e.g., display a message during the authorization
     * request).
     *
     * Lack of transport-layer security can have a severe impact on the
     * security of the client and the protected resources it is authorized
     * to access.  The use of transport-layer security is particularly
     * critical when the authorization process is used as a form of
     * delegated end-user authentication by the client (e.g., third-party
     * sign-in service).
     * @deprecated
     */
    public function isSecure()
    {
        return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443;
    }
}

1			<?php
2			/**
3			* Created by PhpStorm.
4			* User: Alexandre
5			* Date: 10/03/2018
6			* Time: 15:55
7			*/
8
9			namespace OAuth2;
10
11
12			use OAuth2\ClientAuthentication\ClientAuthenticationMethodManager;
13			use OAuth2\ClientAuthentication\ClientSecretBasicAuthenticationMethod;
14			use OAuth2\ClientAuthentication\ClientSecretPostAuthenticationMethod;
15			use OAuth2\Endpoints\AuthorizationEndpoint;
16			use OAuth2\Endpoints\AuthorizationRequestBuilder;
17			use OAuth2\Endpoints\TokenEndpoint;
18			use OAuth2\AuthorizationGrantTypes\Flows\AuthorizationCodeFlow;
19			use OAuth2\AuthorizationGrantTypes\Flows\ClientCredentialsFlow;
20			use OAuth2\AuthorizationGrantTypes\Flows\FlowManager;
21			use OAuth2\AuthorizationGrantTypes\Flows\ImplicitFlow;
22			use OAuth2\AuthorizationGrantTypes\Flows\ResourceOwnerPasswordCredentialsFlow;
23			use OAuth2\AuthorizationGrantTypes\GrantTypeManager;
24			use OAuth2\AuthorizationGrantTypes\RefreshTokenGrantType;
25			use OAuth2\ResponseModes\FragmentResponseMode;
26			use OAuth2\ResponseModes\QueryResponseMode;
27			use OAuth2\ResponseModes\ResponseModeManager;
28			use OAuth2\AuthorizationEndpointResponseTypes\ResponseTypeManager;
29			use OAuth2\Roles\ResourceOwnerInterface;
30			use OAuth2\ScopePolicy\ScopePolicyManager;
31			use OAuth2\Storages\StorageManager;
32
33			class Server
34			{
35			protected $authorizationEndpoint;
36			protected $tokenEndpoint;
37			protected $responseTypeManager;
38			protected $scopePolicyManager;
39			protected $grantTypeManager;
40			protected $clientAuthenticationMethodManager;
41			protected $responseModeManager;
42			protected $flowManager;
43
44			public function __construct(Config $config,
45			StorageManager $storageManager,
46			ResourceOwnerInterface $resourceOwner)
47			{
48			$this->responseTypeManager = new ResponseTypeManager();
49			$this->scopePolicyManager = new ScopePolicyManager($config);
50			$this->grantTypeManager = new GrantTypeManager();
51
52			$this->clientAuthenticationMethodManager = new ClientAuthenticationMethodManager($storageManager->getClientStorage());
53			$this->clientAuthenticationMethodManager->addClientAuthenticationMethod('client_secret_basic',
54			new ClientSecretBasicAuthenticationMethod($storageManager->getClientStorage()));
55			$this->clientAuthenticationMethodManager->addClientAuthenticationMethod('client_secret_post',
56			new ClientSecretPostAuthenticationMethod($storageManager->getClientStorage()));
57
58			// $queryResponseMode = new QueryResponseMode();
			0 ignored issues – show Unused Code Comprehensibility introduced 2018-05-25 20:21 UTC by Report Bug Copy Issue Report `46%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
59			$this->responseModeManager = new ResponseModeManager();
60			$this->responseModeManager->addResponseMode('query', new QueryResponseMode());
61			$this->responseModeManager->addResponseMode('fragment', new FragmentResponseMode());
62
63			// response_type : code
64			// grant_type : authorization_code
65			$authorizationCodeFlow = new AuthorizationCodeFlow(
66			$config,
67			$storageManager->getAuthorizationCodeStorage(),
68			$storageManager->getAccessTokenStorage(),
69			$storageManager->getRefreshTokenStorage()
70			);
71
72			// response_type : token
73			$implicitFlow = new ImplicitFlow(
74			$storageManager->getAccessTokenStorage(),
75			$storageManager->getRefreshTokenStorage()
76			);
77
78			// grant_type : password
79			$resourceOwnerPasswordCredentialsFlow = new ResourceOwnerPasswordCredentialsFlow(
80			$this->scopePolicyManager,
81			$storageManager->getResourceOwnerStorage(),
82			$storageManager->getAccessTokenStorage(),
83			$storageManager->getRefreshTokenStorage());
84
85			// grant_type : client_credentials
86			$clientCredentialsFlow = new ClientCredentialsFlow(
87			$this->scopePolicyManager,
88			$storageManager->getAccessTokenStorage(),
89			$storageManager->getRefreshTokenStorage()
90			);
91
92			// grant_type : refresh_token
93			$refreshTokenGrantType = new RefreshTokenGrantType(
94			$storageManager->getAccessTokenStorage(),
95			$storageManager->getRefreshTokenStorage(),
96			$config,
97			$this->scopePolicyManager
98			);
99
100			$this->flowManager = new FlowManager($this->responseTypeManager, $this->grantTypeManager);
101			$this->flowManager->addFlow($authorizationCodeFlow);
102			$this->flowManager->addFlow($implicitFlow);
103			$this->flowManager->addFlow($resourceOwnerPasswordCredentialsFlow);
104			$this->flowManager->addFlow($clientCredentialsFlow);
105
106			$this->grantTypeManager->addGrantType('refresh_token', $refreshTokenGrantType);
107
108			$authorizationRequestBuilder = new AuthorizationRequestBuilder(
109			$storageManager->getClientStorage(),
110			$this->responseTypeManager,
111			$this->responseModeManager,
112			$this->scopePolicyManager
113			);
114			$this->authorizationEndpoint = new AuthorizationEndpoint($authorizationRequestBuilder, $resourceOwner);
115
116			$this->tokenEndpoint = new TokenEndpoint(
117			$storageManager->getClientStorage(),
118			$this->grantTypeManager,
119			$this->clientAuthenticationMethodManager);
120			}
121
122			/**
123			* @return AuthorizationEndpoint
124			*/
125			public function getAuthorizationEndpoint(): AuthorizationEndpoint
126			{
127			return $this->authorizationEndpoint;
128			}
129
130			/**
131			* @return TokenEndpoint
132			*/
133			public function getTokenEndpoint(): TokenEndpoint
134			{
135			return $this->tokenEndpoint;
136			}
137
138			/**
139			* @return bool
140			*
141			* @see https://tools.ietf.org/html/rfc6749#section-3.1.2.1
142			*
143			* Endpoint Request Confidentiality
144			*
145			* The redirection endpoint SHOULD require the use of TLS as described
146			* in Section 1.6 when the requested response type is "code" or "token",
147			* or when the redirection request will result in the transmission of
148			* sensitive credentials over an open network. This specification does
149			* not mandate the use of TLS because at the time of this writing,
150			* requiring clients to deploy TLS is a significant hurdle for many
151			* client developers. If TLS is not available, the authorization server
152			* SHOULD warn the resource owner about the insecure endpoint prior to
153			* redirection (e.g., display a message during the authorization
154			* request).
155			*
156			* Lack of transport-layer security can have a severe impact on the
157			* security of the client and the protected resources it is authorized
158			* to access. The use of transport-layer security is particularly
159			* critical when the authorization process is used as a form of
160			* delegated end-user authentication by the client (e.g., third-party
161			* sign-in service).
162			* @deprecated
163			*/
164			public function isSecure()
165			{
166			return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') \|\| $_SERVER['SERVER_PORT'] == 443;
167			}
168			}

php-guard / oauth-server

Push — master ( 74eea6...77eee7 )

Server::__construct() B

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like