AuthorizationEndpoint::handleRequest() - Code Metrics - Inspection of "storages" - php-guard/oauth-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( e88490...575397 )

by Alexandre

created 2018-04-21 16:20 UTC

AuthorizationEndpoint::handleRequest() F

↳ Parent: AuthorizationEndpoint

Complexity

Conditions	20
Paths	733

Size

Total Lines	91
Code Lines	50

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	91
rs	2.3199
c	0
b	0
f	0
cc	20
eloc	50
nc	733
nop	1

3 Methods

Rating	Name	Size	Complexity
A	AuthorizationEndpoint::verifyConsent()	19	4
C	AuthorizationEndpoint::verifyResourceOwner()	30	8
F	AuthorizationEndpoint::verifyRequestData()	24	11

How to fix Long Method Complexity

<?php
/**
 * Created by PhpStorm.
 * User: Alexandre
 * Date: 18/02/2018
 * Time: 18:14
 */

namespace OAuth2\Extensions\OpenID\Endpoints;


use OAuth2\Exceptions\OAuthException;
use OAuth2\Extensions\OpenID\IdTokenManager;
use OAuth2\IdTokenInterface;
use OAuth2\ResponseModes\ResponseModeManager;
use OAuth2\ResponseTypes\ResponseTypeManager;
use OAuth2\Extensions\OpenID\Roles\ResourceOwnerInterface;
use OAuth2\ScopePolicy\ScopePolicyManager;
use OAuth2\Storages\ClientStorageInterface;
use Psr\Http\Message\ResponseInterface;


class AuthorizationEndpoint extends \OAuth2\Endpoints\AuthorizationEndpoint
{
    const DISPLAY_PAGE = 'page';
    const DISPLAY_POPUP = 'popup';
    const DISPLAY_TOUCH = 'touch';
    const DISPLAY_WAP = 'wap';

    const PROMPT_NONE = 'none';
    const PROMPT_LOGIN = 'login';
    const PROMPT_CONSENT = 'consent';
    const PROMPT_SELECT_ACCOUNT = 'select_account';
    /**
     * @var string|null
     */
    private $nonce;
    /**
     * @var string|null
     */
    private $display;
    /**
     * @var string|null
     */
    private $prompt;
    /**
     * @var int|null
     */
    private $maxAge;
    /**
     * @var string[]|null
     */
    private $uiLocales;
    /**
     * @var IdTokenInterface|null
     */
    private $idTokenHint;
    /**
     * @var string|null
     */
    private $loginHint;
    /**
     * @var string[]|null
     */
    private $acrValues;
    /**
     * @var ResourceOwnerInterface
     */
    private $resourceOwner;
    /**
     * @var IdTokenManager
     */
    private $idTokenManager;

    public function __construct(ResponseTypeManager $responseTypeManager, ResponseModeManager $responseModeManager,
                                ScopePolicyManager $scopePolicyManager, ResourceOwnerInterface $resourceOwner,
                                ClientStorageInterface $clientStorage, IdTokenManager $idTokenManager)
    {
        parent::__construct($responseTypeManager, $responseModeManager, $scopePolicyManager, $resourceOwner, $clientStorage);
        $this->resourceOwner = $resourceOwner;
        $this->idTokenManager = $idTokenManager;
    }

    /**
     * @return null|ResponseInterface
     * @throws OAuthException
     */
    protected function verifyResourceOwner(): ?ResponseInterface
    {
        if (!$this->resourceOwner->isAuthenticated(self::PROMPT_LOGIN)) {
        if (!$this->resourceOwner->isAuthenticated(/** @scrutinizer ignore-type */ self::PROMPT_LOGIN)) {
            if ($this->prompt == self::PROMPT_NONE) {
                throw new OAuthException('login_required');
            }

            // may throw interaction_required
            return $this->resourceOwner->authenticate($this->prompt == self::PROMPT_SELECT_ACCOUNT, $this->loginHint);
        }

        if($this->idTokenHint) {
            // check if user associated to this id token is the current user.
//                var_dump($this->idTokenHint['sub']);die;
            if($this->idTokenHint['sub'] !== $this->resourceOwner->getIdentifier()) {
                if($this->prompt == self::PROMPT_NONE) {
                    throw new OAuthException('invalid_request');
                }
                else {
                    throw new OAuthException('login_required');
                }
            }
        }

        if ($this->prompt == self::PROMPT_NONE &&
            $this->resourceOwner->isInteractionRequiredForConsent($this)) {
            throw new OAuthException('interaction_required');
        }

        return null;
    }

    /**
     * @return null|ResponseInterface
     * @throws OAuthException
     */
    protected function verifyConsent(): ?ResponseInterface
    {
        $consentGiven = $this->resourceOwner->hasGivenConsent($this->getClient(), $this->getScopes(),
            $this->prompt == self::PROMPT_CONSENT);

        if (is_null($consentGiven)) {
            if ($this->prompt == self::PROMPT_NONE) {
                throw new OAuthException('consent_required');
            }

            return $this->resourceOwner->obtainConsent($this->getClient(), $this->getScopes());
        }

        if (empty($consentGiven)) {
            throw new OAuthException('access_denied', 'The resource owner denied the request.',
                'https://tools.ietf.org/html/rfc6749#section-4.1');
        }

        return null;
    }

    /**
     * @param array $requestData
     * @throws OAuthException
     */
    protected function verifyRequestData(array $requestData)
    {
        parent::verifyRequestData($requestData);

        if (!in_array('openid', $this->getScopes())) {
            return;
        }

        $this->nonce = empty($requestData['nonce']) ? null : $requestData['nonce'];
        $this->display = empty($requestData['display']) ? null : $requestData['display'];
        $this->prompt = empty($requestData['prompt']) ? null : $requestData['prompt'];
        $this->maxAge = empty($requestData['max_age']) ? null : $requestData['max_age'];
        $this->uiLocales = empty($requestData['ui_locales']) ? null : explode(' ', $requestData['ui_locales']);

        if(!empty($requestData['id_token_hint'])) {
            try {
                $this->idTokenHint = $this->idTokenManager->decode($requestData['id_token_hint']);
            } catch (\Exception $exception) {
                throw new OAuthException('invalid_request', 'Failed to decode id_token_hint : '.$exception->getMessage());
            }
        }

        $this->loginHint = empty($requestData['login_hint']) ? null : $requestData['login_hint'];
        $this->acrValues = empty($requestData['acr_values']) ? null : explode(' ', $requestData['acr_values']);
    }

    /**
     * @return ResourceOwnerInterface
     */
    public function getResourceOwner(): \OAuth2\Roles\ResourceOwnerInterface
    {
        return parent::getResourceOwner();
    }

    /**
     * @return string|null
     */
    public function getNonce(): ?string
    {
        return $this->nonce;
    }

    /**
     * @return null|string
     */
    public function getDisplay(): ?string
    {
        return $this->display;
    }

    /**
     * @return null|string
     */
    public function getPrompt(): ?string
    {
        return $this->prompt;
    }

    /**
     * @return int|null
     */
    public function getMaxAge(): ?int
    {
        return $this->maxAge;
    }

    /**
     * @return null|string[]
     */
    public function getUiLocales(): ?array
    {
        return $this->uiLocales;
    }

    /**
     * @return null|IdTokenInterface
     */
    public function getIdTokenHint(): ?IdTokenInterface
    {
        return $this->idTokenHint;
    }

    /**
     * @return null|string
     */
    public function getLoginHint(): ?string
    {
        return $this->loginHint;
    }

    /**
     * @return null|string[]
     */
    public function getAcrValues(): ?array
    {
        return $this->acrValues;
    }
}

php-guard / oauth-server

Push — master ( e88490...575397 )

AuthorizationEndpoint::handleRequest() F

Complexity

Size

Duplication

Importance

3 Methods

How to fix Long Method Complexity

Long Method

Duplication Side-by-Side

Filter issues like