AuthorizationCodeFlow::handleAccessTokenRequest() - Code Metrics - Inspection of "server" - php-guard/oauth-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed
Push — master ( c97e91...9a636e )

by Alexandre
created 2018-03-11 21:57 UTC
AuthorizationCodeFlow::handleAccessTokenRequest() D

↳ Parent: AuthorizationCodeFlow
Complexity

Conditions	13
Paths	17
Size

Total Lines	91
Code Lines	40
Duplication

Lines	0
Ratio	0 %
Importance

Changes
Metric	Value
cc	13
eloc	40
nc	17
nop	2
dl	0
loc	91
rs	4.9922
c	0
b	0
f	0
How to fix Long Method Complexity

<?php
/**
 * Created by PhpStorm.
 * User: Alexandre
 * Date: 07/03/2018
 * Time: 23:43
 */

namespace OAuth2\Extensions\PKCE\Flows;


use OAuth2\Endpoints\AuthorizationEndpoint;
use OAuth2\Endpoints\TokenEndpoint;
use OAuth2\Exceptions\OAuthException;
use OAuth2\Extensions\PKCE\Credentials\CodeChallenge;
use OAuth2\Extensions\PKCE\Storages\AuthorizationCodeStorageInterface;
use OAuth2\Roles\Clients\PublicClient;

/**
 * Class AuthorizationCodeFlow
 * @package OAuth2\Extensions\PKCE\Flows
 * @rfc https://tools.ietf.org/html/rfc7636
 */
class AuthorizationCodeFlow extends \OAuth2\Flows\AuthorizationCodeFlow
{
    /**
     * @var AuthorizationCodeStorageInterface
     */
    protected $authorizationCodeStorage;

    /**
     * AuthorizationCodeFlow constructor.
     * @param \OAuth2\Flows\AuthorizationCodeFlow $authorizationCodeFlow
     * @param AuthorizationCodeStorageInterface $authorizationCodeStorage
     */
    public function __construct(\OAuth2\Flows\AuthorizationCodeFlow $authorizationCodeFlow,
                                AuthorizationCodeStorageInterface $authorizationCodeStorage)
    {
        parent::__construct($authorizationCodeStorage);
                __construct($authorizationCodeStorage);
        $this->authorizationCodeStorage = $authorizationCodeStorage;
    }

    /**
     * @param AuthorizationEndpoint $authorizationEndpoint
     * @param array                 $requestData
     * @return array
     * @throws OAuthException
     */
    function handleAuthorizationRequest(AuthorizationEndpoint $authorizationEndpoint, array $requestData): array

    {
        $authorizationCode = $this->createAuthorizationCode($authorizationEndpoint);

        if (empty($requestData['code_challenge'])) {
            if ($authorizationEndpoint->getClient() instanceof PublicClient) {
                throw new OAuthException('invalid_request',
                    'The request is missing the required parameter code_challenge for public clients',
                    'https://tools.ietf.org/html/rfc7636#section-4.4');
            }
        } else {
            $codeChallengeMethod = empty($requestData['code_challenge_method']) ? 'plain' : $requestData['code_challenge_method'];
            if (!in_array($codeChallengeMethod, ['plain', 'S256'])) {
                throw new OAuthException('invalid_request',
                    'The request includes the invalid parameter code_challenge_method. Supported : plain, S256',
                    'https://tools.ietf.org/html/rfc7636#section-4');
            }

            $codeChallenge = new CodeChallenge($requestData['code_challenge'], $codeChallengeMethod);
            $this->authorizationCodeStorage->associate($codeChallenge, $authorizationCode);
        }

        return $this->saveAndGetResult($authorizationCode);
    }

    /**
     * @param TokenEndpoint $tokenEndpoint
     * @param array $requestData
     * @return array
     * @throws OAuthException
     */
    public function handleAccessTokenRequest(TokenEndpoint $tokenEndpoint, array $requestData): array
    {
        if (empty($requestData['code'])) {
            throw new OAuthException('invalid_request',
                'The request is missing the required parameter code',
                'https://tools.ietf.org/html/rfc7636#section-4.4');
        }
        $code = $requestData['code'];

        $authorizationCode = $this->authorizationCodeStorage->find($code);

        /**
         * ensure that the authorization code was issued to the authenticated
         * confidential client, or if the client is public, ensure that the
         * code was issued to "client_id" in the request,
         */
        if (!$authorizationCode || $authorizationCode->getClientIdentifier() !== $tokenEndpoint->getClient()->getIdentifier()) {
            throw new OAuthException('invalid_grant',
                'The request includes the invalid parameter code',
                'https://tools.ietf.org/html/rfc7636#section-4.4');
        }

        $this->authorizationCodeStorage->revoke($code);

        /**
         * verify that the authorization code is valid
         */
        if ($authorizationCode->isExpired()) {
            throw new OAuthException('invalid_grant',
                'The request includes the invalid parameter code. The code has expired',
                'https://tools.ietf.org/html/rfc7636#section-4.4');
        }

        /**
         * ensure that the "redirect_uri" parameter is present if the
         * "redirect_uri" parameter was included in the initial authorization
         * request as described in Section 4.1.1, and if included ensure that
         * their values are identical.
         */
        if ($authorizationCode->getRedirectUri()) {
            if (empty($requestData['redirect_uri'])) {
                throw new OAuthException('invalid_request',
                    'The request is missing the required parameter redirect_uri',
                    'https://tools.ietf.org/html/rfc7636#section-4.1');
            }
            if ($requestData['redirect_uri'] !== $authorizationCode->getRedirectUri()) {
                throw new OAuthException('invalid_request',
                    'The request includes the invalid parameter redirect_uri',
                    'https://tools.ietf.org/html/rfc7636#section-4.1');
            }
        }

        $codeChallenge = $this->authorizationCodeStorage->getCodeChallenge($authorizationCode);

        if ($codeChallenge && $codeChallenge->getCodeChallenge()) {
            if (empty($requestData['code_verifier'])) {
                throw new OAuthException('invalid_request',
                    'The request is missing the required parameter code_verifier',
                    'https://tools.ietf.org/html/rfc7636#section-4.4');
            }

            if ($codeChallenge->getCodeChallengeMethod() === 'S256') {
                /**
                 * If the "code_challenge_method" from Section 4.3 was "S256", the
                 * received "code_verifier" is hashed by SHA-256, base64url-encoded, and
                 * then compared to the "code_challenge", i.e.:
                 */
                $hashedCodeVerifier = self::base64url_encode(hash('sha256', $requestData['code_verifier']));
            } else {
                /**
                 * If the "code_challenge_method" from Section 4.3 was "plain", they are
                 * compared directly, i.e.:
                 */
                $hashedCodeVerifier = $requestData['code_verifier'];
            }

            /**
             * If the values are equal, the token endpoint MUST continue processing
             * as normal (as defined by OAuth 2.0 [RFC6749]).  If the values are not
             * equal, an error response indicating "invalid_grant" as described in
             * Section 5.2 of [RFC6749] MUST be returned.
             */
            if ($hashedCodeVerifier !== $codeChallenge->getCodeChallenge()) {
                throw new OAuthException('invalid_grant',
                    'The request includes the invalid parameter code_verifier',
                    'https://tools.ietf.org/html/rfc7636#section-4.4');
            }
        }

        return $tokenEndpoint->issueTokens($authorizationCode->getScope(),
        return $tokenEndpoint->/** @scrutinizer ignore-call */ issueTokens($authorizationCode->getScope(),
            $authorizationCode->getResourceOwnerIdentifier(), $authorizationCode->getCode());
    }

    /**
     * @param $data
     * @return string
     * @src https://gist.github.com/nathggns/6652997
     */
    public static function base64url_encode($data)
    {
        return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
    }

    /**
     * @param      $data
     * @param bool $pad
     * @return bool|string
     * @src https://gist.github.com/nathggns/6652997
     */
    public static function base64url_decode($data, $pad = false)
    {
        $data = strtr($data, '-_', '+/');
        if ($pad) {
            $data = str_pad($data, strlen($data) + (4 - strlen($data) % 4) % 4);
        }
        return base64_decode($data);
    }

}
php-guard / oauth-server

Push — master ( c97e91...9a636e )

AuthorizationCodeFlow::handleAccessTokenRequest() D

Complexity

Size

Duplication

Importance

How to fix Long Method Complexity

Long Method

Duplication Side-by-Side

Filter issues like
