AuthorizationCodeFlow::createAuthorizationCode() - Code Metrics - Inspection of "server" - php-guard/oauth-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( c97e91...9a636e )

by Alexandre

created 2018-03-11 21:57 UTC

AuthorizationCodeFlow::createAuthorizationCode() A

↳ Parent: AuthorizationCodeFlow

Complexity

Conditions	1
Paths	1

Size

Total Lines	8
Code Lines	6

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	6
nc	1
nop	1
dl	0
loc	8
rs	9.4285
c	0
b	0
f	0

<?php
/**
 * Created by PhpStorm.
 * User: Alexandre
 * Date: 18/02/2018
 * Time: 18:08
 */

namespace OAuth2\Flows;


use OAuth2\Credentials\AuthorizationCodeInterface;
use OAuth2\Endpoints\AuthorizationEndpoint;
use OAuth2\Endpoints\TokenEndpoint;
use OAuth2\Exceptions\OAuthException;
use OAuth2\GrantTypes\AbstractGrantType;
//use OAuth2\Parameters\CodeParameterHandler;

//use OAuth2\Parameters\ParameterHandlerInterface;
use OAuth2\Storages\AccessTokenStorageInterface;
use OAuth2\Storages\AuthorizationCodeStorageInterface;
use OAuth2\Storages\RefreshTokenStorageInterface;

class AuthorizationCodeFlow extends AbstractGrantType implements FlowInterface
{
    protected $authorizationCodeStorage;
    /* *
     * @var ParameterHandlerInterface[]
     */
//    protected $accessTokenRequestParameters = [];


    public function __construct(AuthorizationCodeStorageInterface $authorizationCodeStorage,
                                AccessTokenStorageInterface $accessTokenStorage,
                                RefreshTokenStorageInterface $refreshTokenStorage)
    {
        parent::__construct($accessTokenStorage, $refreshTokenStorage);
        $this->authorizationCodeStorage = $authorizationCodeStorage;
//        $this->accessTokenRequestParameters = [

//            'code' => new CodeParameterHandler()
//        ];
    }

    function getResponseTypes(): array

    {
        return ['code'];
interface HasName {
    /** @return string */
    public function getName();
}

class Name {
    public $name;
}

class User implements HasName {
    /** @return string|Name */
    public function getName() {
        return new Name('foo'); // This is a violation of the ``HasName`` interface
                                // which only allows a string value to be returned.
    }
}
    }

    function handleAuthorizationRequest(AuthorizationEndpoint $authorizationEndpoint, array $requestData): array

    {
        $authorizationCode = $this->createAuthorizationCode($authorizationEndpoint);
        return $this->saveAndGetResult($authorizationCode);
    }

    protected function createAuthorizationCode(AuthorizationEndpoint $authorizationEndpoint)
    {
        return $this->authorizationCodeStorage->create(
            implode(' ', $authorizationEndpoint->getScopes()),
            $authorizationEndpoint->getClient()->getIdentifier(),
            $authorizationEndpoint->getResourceOwner()->getIdentifier(),
            $requestData['scope'] ?? null,

            $requestData['redirect_uri'] ?? null
        );
    }

    protected function saveAndGetResult(AuthorizationCodeInterface $authorizationCode)
    {
        $this->authorizationCodeStorage->save($authorizationCode);
        return ['code' => $authorizationCode->getCode()];
    }

    function getDefaultResponseMode(): string

    {
        return 'query';
    }

    function getUnsupportedResponseModes(): array

    {
        return [];
    }

    function getGrantTypes(): array

    {
        return ['authorization_code'];
interface HasName {
    /** @return string */
    public function getName();
}

class Name {
    public $name;
}

class User implements HasName {
    /** @return string|Name */
    public function getName() {
        return new Name('foo'); // This is a violation of the ``HasName`` interface
                                // which only allows a string value to be returned.
    }
}
    }

    /**
     * @param TokenEndpoint $tokenEndpoint
     * @param array $requestData
     * @return array
     * @throws OAuthException
     */
    function handleAccessTokenRequest(TokenEndpoint $tokenEndpoint, array $requestData): array

    {
//        foreach ($this->accessTokenRequestParameters as $accessTokenRequestParameter) {

//            $accessTokenRequestParameter->handle($tokenEndpoint, $requestData);
//        }
        if (empty($requestData['code'])) {
            throw new OAuthException('invalid_request',
                'The request is missing the required parameter code',
                'https://tools.ietf.org/html/rfc7636#section-4.4');
        }
        $code = $requestData['code'];

        $authorizationCode = $this->authorizationCodeStorage->find($code);

        /**
         * ensure that the authorization code was issued to the authenticated
         * confidential client, or if the client is public, ensure that the
         * code was issued to "client_id" in the request,
         */
        if (!$authorizationCode || $authorizationCode->getClientIdentifier() !== $tokenEndpoint->getClient()->getIdentifier()) {
            throw new OAuthException('invalid_grant',
                'The request includes the invalid parameter code',
                'https://tools.ietf.org/html/rfc7636#section-4.4');
        }

        $this->authorizationCodeStorage->revoke($code);

        /**
         * verify that the authorization code is valid
         */
        if ($authorizationCode->isExpired()) {
            throw new OAuthException('invalid_grant',
                'The request includes the invalid parameter code',
                'https://tools.ietf.org/html/rfc7636#section-4.4');
        }

        /**
         * ensure that the "redirect_uri" parameter is present if the
         * "redirect_uri" parameter was included in the initial authorization
         * request as described in Section 4.1.1, and if included ensure that
         * their values are identical.
         */
        if ($authorizationCode->getRedirectUri()) {
            if (empty($requestData['redirect_uri'])) {
                throw new OAuthException('invalid_request',
                    'The request is missing the required parameter redirect_uri',
                    'https://tools.ietf.org/html/rfc7636#section-4.1');
            }
            if ($requestData['redirect_uri'] !== $authorizationCode->getRedirectUri()) {
                throw new OAuthException('invalid_request',
                    'The request includes the invalid parameter redirect_uri',
                    'https://tools.ietf.org/html/rfc7636#section-4.1');
            }
        }

        return $this->issueTokens($authorizationCode->getScope(),
            $authorizationCode->getResourceOwnerIdentifier(), $authorizationCode->getCode());
    }
}

1			<?php
2			/**
3			* Created by PhpStorm.
4			* User: Alexandre
5			* Date: 18/02/2018
6			* Time: 18:08
7			*/
8
9			namespace OAuth2\Flows;
10
11
12			use OAuth2\Credentials\AuthorizationCodeInterface;
13			use OAuth2\Endpoints\AuthorizationEndpoint;
14			use OAuth2\Endpoints\TokenEndpoint;
15			use OAuth2\Exceptions\OAuthException;
16			use OAuth2\GrantTypes\AbstractGrantType;
17			//use OAuth2\Parameters\CodeParameterHandler;
			0 ignored issues – show Unused Code Comprehensibility introduced 2018-03-11 21:58 UTC by Report Bug Copy Issue Report `45%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
18			//use OAuth2\Parameters\ParameterHandlerInterface;
19			use OAuth2\Storages\AccessTokenStorageInterface;
20			use OAuth2\Storages\AuthorizationCodeStorageInterface;
21			use OAuth2\Storages\RefreshTokenStorageInterface;
22
23			class AuthorizationCodeFlow extends AbstractGrantType implements FlowInterface
24			{
25			protected $authorizationCodeStorage;
26			/* *
27			* @var ParameterHandlerInterface[]
28			*/
29			// protected $accessTokenRequestParameters = [];
			0 ignored issues – show Unused Code Comprehensibility introduced 2018-03-11 21:58 UTC by Report Bug Copy Issue Report `50%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
30
31			public function __construct(AuthorizationCodeStorageInterface $authorizationCodeStorage,
32			AccessTokenStorageInterface $accessTokenStorage,
33			RefreshTokenStorageInterface $refreshTokenStorage)
34			{
35			parent::__construct($accessTokenStorage, $refreshTokenStorage);
36			$this->authorizationCodeStorage = $authorizationCodeStorage;
37			// $this->accessTokenRequestParameters = [
			0 ignored issues – show Unused Code Comprehensibility introduced 2018-03-11 21:58 UTC by Report Bug Copy Issue Report `40%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
38			// 'code' => new CodeParameterHandler()
39			// ];
40			}
41
42			function getResponseTypes(): array
			0 ignored issues – show Best Practice introduced 2018-03-04 18:03 UTC by Report Bug Copy Issue Report It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
43			{
44			return ['code'];
			0 ignored issues – show Bug Best Practice introduced 2018-03-09 16:45 UTC by Report Bug Copy Issue Report The expression `return array('code')` returns the type `array<integer,string>` which is incompatible with the return type mandated by `OAuth2\Flows\FlowInterface::getResponseTypes()` of `OAuth2\ResponseTypes\ResponseTypeInterface[]`. In the issue above, the returned value is violating the contract defined by the mentioned interface. Let's take a look at an example: interface HasName { /** @return string / public function getName(); } class Name { public $name; } class User implements HasName { /* @return string\|Name */ public function getName() { return new Name('foo'); // This is a violation of the ``HasName`` interface // which only allows a string value to be returned. } } Loading history...
45			}
46
47			function handleAuthorizationRequest(AuthorizationEndpoint $authorizationEndpoint, array $requestData): array
			0 ignored issues – show Best Practice introduced 2018-03-07 22:41 UTC by Report Bug Copy Issue Report It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
48			{
49			$authorizationCode = $this->createAuthorizationCode($authorizationEndpoint);
50			return $this->saveAndGetResult($authorizationCode);
51			}
52
53			protected function createAuthorizationCode(AuthorizationEndpoint $authorizationEndpoint)
54			{
55			return $this->authorizationCodeStorage->create(
56			implode(' ', $authorizationEndpoint->getScopes()),
57			$authorizationEndpoint->getClient()->getIdentifier(),
58			$authorizationEndpoint->getResourceOwner()->getIdentifier(),
59			$requestData['scope'] ?? null,
			0 ignored issues – show Comprehensibility Best Practice introduced 2018-03-11 21:58 UTC by Report Bug Copy Issue Report The variable `$requestData` seems to never exist and therefore `isset` should always be `false`. Loading history...
60			$requestData['redirect_uri'] ?? null
61			);
62			}
63
64			protected function saveAndGetResult(AuthorizationCodeInterface $authorizationCode)
65			{
66			$this->authorizationCodeStorage->save($authorizationCode);
67			return ['code' => $authorizationCode->getCode()];
68			}
69
70			function getDefaultResponseMode(): string
			0 ignored issues – show Best Practice introduced 2018-03-04 18:03 UTC by Report Bug Copy Issue Report It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
71			{
72			return 'query';
73			}
74
75			function getUnsupportedResponseModes(): array
			0 ignored issues – show Best Practice introduced 2018-03-04 18:03 UTC by Report Bug Copy Issue Report It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
76			{
77			return [];
78			}
79
80			function getGrantTypes(): array
			0 ignored issues – show Best Practice introduced 2018-03-09 16:45 UTC by Report Bug Copy Issue Report It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
81			{
82			return ['authorization_code'];
			0 ignored issues – show Bug Best Practice introduced 2018-03-11 21:58 UTC by Report Bug Copy Issue Report The expression `return array('authorization_code')` returns the type `array<integer,string>` which is incompatible with the return type mandated by `OAuth2\Flows\FlowInterface::getGrantTypes()` of `OAuth2\GrantTypes\GrantTypeInterface[]`. In the issue above, the returned value is violating the contract defined by the mentioned interface. Let's take a look at an example: interface HasName { /** @return string / public function getName(); } class Name { public $name; } class User implements HasName { /* @return string\|Name */ public function getName() { return new Name('foo'); // This is a violation of the ``HasName`` interface // which only allows a string value to be returned. } } Loading history...
83			}
84
85			/**
86			* @param TokenEndpoint $tokenEndpoint
87			* @param array $requestData
88			* @return array
89			* @throws OAuthException
90			*/
91			function handleAccessTokenRequest(TokenEndpoint $tokenEndpoint, array $requestData): array
			0 ignored issues – show Best Practice introduced 2018-03-08 21:31 UTC by Report Bug Copy Issue Report It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
92			{
93			// foreach ($this->accessTokenRequestParameters as $accessTokenRequestParameter) {
			0 ignored issues – show Unused Code Comprehensibility introduced 2018-03-11 21:58 UTC by Report Bug Copy Issue Report `59%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
94			// $accessTokenRequestParameter->handle($tokenEndpoint, $requestData);
95			// }
96			if (empty($requestData['code'])) {
97			throw new OAuthException('invalid_request',
98			'The request is missing the required parameter code',
99			'https://tools.ietf.org/html/rfc7636#section-4.4');
100			}
101			$code = $requestData['code'];
102
103			$authorizationCode = $this->authorizationCodeStorage->find($code);
104
105			/**
106			* ensure that the authorization code was issued to the authenticated
107			* confidential client, or if the client is public, ensure that the
108			* code was issued to "client_id" in the request,
109			*/
110			if (!$authorizationCode \|\| $authorizationCode->getClientIdentifier() !== $tokenEndpoint->getClient()->getIdentifier()) {
111			throw new OAuthException('invalid_grant',
112			'The request includes the invalid parameter code',
113			'https://tools.ietf.org/html/rfc7636#section-4.4');
114			}
115
116			$this->authorizationCodeStorage->revoke($code);
117
118			/**
119			* verify that the authorization code is valid
120			*/
121			if ($authorizationCode->isExpired()) {
122			throw new OAuthException('invalid_grant',
123			'The request includes the invalid parameter code',
124			'https://tools.ietf.org/html/rfc7636#section-4.4');
125			}
126
127			/**
128			* ensure that the "redirect_uri" parameter is present if the
129			* "redirect_uri" parameter was included in the initial authorization
130			* request as described in Section 4.1.1, and if included ensure that
131			* their values are identical.
132			*/
133			if ($authorizationCode->getRedirectUri()) {
134			if (empty($requestData['redirect_uri'])) {
135			throw new OAuthException('invalid_request',
136			'The request is missing the required parameter redirect_uri',
137			'https://tools.ietf.org/html/rfc7636#section-4.1');
138			}
139			if ($requestData['redirect_uri'] !== $authorizationCode->getRedirectUri()) {
140			throw new OAuthException('invalid_request',
141			'The request includes the invalid parameter redirect_uri',
142			'https://tools.ietf.org/html/rfc7636#section-4.1');
143			}
144			}
145
146			return $this->issueTokens($authorizationCode->getScope(),
147			$authorizationCode->getResourceOwnerIdentifier(), $authorizationCode->getCode());
148			}
149			}

php-guard / oauth-server

Push — master ( c97e91...9a636e )

AuthorizationCodeFlow::createAuthorizationCode() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like