Jwt::sendError() - Code Metrics - Inspection of "nymfonya/ci : disable tests on scrutinizer" - pierre-fromager/nymfonya - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 5c6447...c86f07 )

by Pierre

created 2020-12-28 04:34 UTC

Jwt::sendError() A

↳ Parent: Jwt

Complexity

Conditions	2
Paths	2

Size

Total Lines	12
Code Lines	9

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	8
CRAP Score	2.0054

Importance

Changes	3
Bugs	0	Features	2

Metric	Value
cc	2
eloc	9
c	3
b	0
f	2
nc	2
nop	2
dl	0
loc	12
ccs	8
cts	9
cp	0.8889
crap	2.0054
rs	9.9666

<?php

declare(strict_types=1);

namespace App\Middlewares;

use Nymfonya\Component\Container;
use Nymfonya\Component\Http\Interfaces\MiddlewareInterface;
use Nymfonya\Component\Http\Request;
use App\Component\Jwt\Token;
use App\Model\Users;

/**
 * App\Middleware\Jwt
 *
 * Intercept jwt header and auth if required
 */
class Jwt implements MiddlewareInterface
{
    use \App\Middlewares\Reuse\TInit;

    const _SIGN = 'X-Middleware-Jwt';
    const _PASSWORD = 'password';
    const _EMAIL = 'email';
    const _USER_STATUS = 'status';
    const _VALID = 'valid';
    const _AUTORIZATION = 'Authorization';
    const _ERROR = 'error';
    const _ERROR_MESSAGE = 'errorMessage';

    /**
     * peel
     *
     * @param array $container
     * @param \Closure $next
     * @return \Closure
     */
    public function peel(Container $container, \Closure $next)
    {
        $this->init($container);
        $this->process();
        return $next($container);
    }

    /**
     * process
     *
     */
    protected function process()
    {
        if ($this->enabled) {
            $this->response->getHeaderManager()->add(
                self::_SIGN,
                strval(microtime(true))
            );
            if ($this->required()) {
                if ($this->isValidAuthorization()) {
                    $toolJwtToken = new Token($this->config, $this->request);
                    try {
                        $tFrags = explode(' ', $this->headers[self::_AUTORIZATION]);
                        $decodedToken = $toolJwtToken->decode(trim($tFrags[1]));
                        if (isset($decodedToken->{Token::_DATA}->{Token::_DATA_ID})) {
                            $userId = $decodedToken->{Token::_DATA}->{Token::_DATA_ID};
                            $user = $this->getUser($userId);
                            if (!empty($user)) {
                                if ($this->isValidCredential($decodedToken, $user)) {
                                    $this->request->setSession('auth', $user, 'user');
                                } else {
                                    $this->sendError(403, 'bad credentials');
                                }
                            } else {
                                $this->sendError(403, 'bad user');
                            }
                        }
                    } catch (\Exception $e) {
                        $this->sendError(500, $e->getMessage());
                    }
                } else {
                    $this->sendError(403, 'Token required');
                }
            }
        }
    }

    /**
     * send response and die
     *
     * @param integer $errorCode
     * @return void
     */
    protected function sendError(int $errorCode, string $errMsg)
    {
        $errorMsg = [
            self::_ERROR => true,
            self::_ERROR_MESSAGE => 'Auth failed : ' . $errMsg
        ];
        $this->response
            ->setCode($errorCode)
            ->setContent($errorMsg)
            ->send();
        if (false === $this->request->isCli()) {
            $this->kernel->shutdown();
        }
    }

    /**
     * isPreflight
     *
     * @return bool
     */
    protected function isPreflight(): bool
    {
        $isOptionsMethod = ($this->request->getMethod() == Request::METHOD_OPTIONS);
        $corsHeadersKeys = array_keys($this->headers);
        $hasOrigin = in_array('Origin', $corsHeadersKeys);
        $hasACRequestMethod = in_array(
            'Access-Control-Request-Method',
            $corsHeadersKeys
        );
        return ($isOptionsMethod && $hasOrigin && $hasACRequestMethod);
    }

    /**
     * isValidCredential
     *
     * @param object $decodedToken
     * @param array $user
     * @return boolean
     */
    protected function isValidCredential($decodedToken, $user): bool
    {
        $login = $decodedToken->{Token::_DATA}->{Token::_DATA_LOGIN};
        $passwordHash = $decodedToken->{Token::_DATA}->{Token::_DATA_PASSWORD_HASH};
        $checkLogin = ($login === $user[self::_EMAIL]);
        $checkPassword = password_verify($user[self::_PASSWORD], $passwordHash);
        $checkStatus = ($user[self::_USER_STATUS] === self::_VALID);
        return ($checkLogin && $checkPassword && $checkStatus);
    }

    /**
     * getUser
     *
     * @param int $userId
     * @return array
     */
    protected function getUser(int $userId): array
    {
        $authModel = new Users($this->config);
        $userList = $authModel->getById($userId);
        return isset($userList[0]) ? $userList[0] : $userList;
    }

    /**
     * isValidAuthorization
     *
     * @return boolean
     */
    protected function isValidAuthorization(): bool
    {
        return (isset($this->headers[self::_AUTORIZATION])
            && !empty($this->headers[self::_AUTORIZATION]));
    }

    /**
     * required
     *
     * @return boolean
     */
    protected function required(): bool
    {
        if (
            $this->request->isCli()
            && $this->request->getMethod() === Request::METHOD_TRACE
        ) {
            return false;
        }
        return (!$this->isExclude()
            && $this->requestUriPrefix() === $this->prefix
            && !$this->isPreflight());
    }

    /**
     * isExclude
     *
     * @return boolean
     */
    protected function isExclude(): bool
    {
        $disallowed = $this->configParams[self::_EXCLUDE];
        $count = count($disallowed);
        for ($c = 0; $c < $count; ++$c) {
            $composed = $this->prefix . $disallowed[$c];
            $isExclude = ($composed == $this->request->getUri());
            if ($isExclude) {
                return true;
            }
        }
        return false;
    }

    /**
     * uriPrefix
     *
     * @return string
     */
    protected function requestUriPrefix(): string
    {
        return substr($this->request->getUri(), 0, strlen($this->prefix));
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace App\Middlewares;
6
7		use Nymfonya\Component\Container;
8		use Nymfonya\Component\Http\Interfaces\MiddlewareInterface;
9		use Nymfonya\Component\Http\Request;
10		use App\Component\Jwt\Token;
11		use App\Model\Users;
12
13		/**
14		* App\Middleware\Jwt
15		*
16		* Intercept jwt header and auth if required
17		*/
18		class Jwt implements MiddlewareInterface
19		{
20		use \App\Middlewares\Reuse\TInit;
21
22		const _SIGN = 'X-Middleware-Jwt';
23		const _PASSWORD = 'password';
24		const _EMAIL = 'email';
25		const _USER_STATUS = 'status';
26		const _VALID = 'valid';
27		const _AUTORIZATION = 'Authorization';
28		const _ERROR = 'error';
29		const _ERROR_MESSAGE = 'errorMessage';
30
31		/**
32		* peel
33		*
34		* @param array $container
35		* @param \Closure $next
36		* @return \Closure
37		*/
38	15	public function peel(Container $container, \Closure $next)
39		{
40	15	$this->init($container);
41	15	$this->process();
42	15	return $next($container);
43		}
44
45		/**
46		* process
47		*
48		*/
49	5	protected function process()
50		{
51	5	if ($this->enabled) {
52	5	$this->response->getHeaderManager()->add(
53	5	self::_SIGN,
54	5	strval(microtime(true))
55		);
56	5	if ($this->required()) {
57	5	if ($this->isValidAuthorization()) {
58	4	$toolJwtToken = new Token($this->config, $this->request);
59		try {
60	4	$tFrags = explode(' ', $this->headers[self::_AUTORIZATION]);
61	4	$decodedToken = $toolJwtToken->decode(trim($tFrags[1]));
62	4	if (isset($decodedToken->{Token::_DATA}->{Token::_DATA_ID})) {
63	4	$userId = $decodedToken->{Token::_DATA}->{Token::_DATA_ID};
64	4	$user = $this->getUser($userId);
65	4	if (!empty($user)) {
66	2	if ($this->isValidCredential($decodedToken, $user)) {
67	1	$this->request->setSession('auth', $user, 'user');
68		} else {
69	2	$this->sendError(403, 'bad credentials');
70		}
71		} else {
72	4	$this->sendError(403, 'bad user');
73		}
74		}
75		} catch (\Exception $e) {
76	4	$this->sendError(500, $e->getMessage());
77		}
78		} else {
79	1	$this->sendError(403, 'Token required');
80		}
81		}
82		}
83		}
84
85		/**
86		* send response and die
87		*
88		* @param integer $errorCode
89		* @return void
90		*/
91	1	protected function sendError(int $errorCode, string $errMsg)
92		{
93		$errorMsg = [
94	1	self::_ERROR => true,
95	1	self::_ERROR_MESSAGE => 'Auth failed : ' . $errMsg
96		];
97	1	$this->response
98	1	->setCode($errorCode)
99	1	->setContent($errorMsg)
100	1	->send();
101	1	if (false === $this->request->isCli()) {
102		$this->kernel->shutdown();
103		}
104		}
105
106		/**
107		* isPreflight
108		*
109		* @return bool
110		*/
111	1	protected function isPreflight(): bool
112		{
113	1	$isOptionsMethod = ($this->request->getMethod() == Request::METHOD_OPTIONS);
114	1	$corsHeadersKeys = array_keys($this->headers);
115	1	$hasOrigin = in_array('Origin', $corsHeadersKeys);
116	1	$hasACRequestMethod = in_array(
117	1	'Access-Control-Request-Method',
118		$corsHeadersKeys
119		);
120	1	return ($isOptionsMethod && $hasOrigin && $hasACRequestMethod);
121		}
122
123		/**
124		* isValidCredential
125		*
126		* @param object $decodedToken
127		* @param array $user
128		* @return boolean
129		*/
130	1	protected function isValidCredential($decodedToken, $user): bool
131		{
132	1	$login = $decodedToken->{Token::_DATA}->{Token::_DATA_LOGIN};
133	1	$passwordHash = $decodedToken->{Token::_DATA}->{Token::_DATA_PASSWORD_HASH};
134	1	$checkLogin = ($login === $user[self::_EMAIL]);
135	1	$checkPassword = password_verify($user[self::_PASSWORD], $passwordHash);
136	1	$checkStatus = ($user[self::_USER_STATUS] === self::_VALID);
137	1	return ($checkLogin && $checkPassword && $checkStatus);
138		}
139
140		/**
141		* getUser
142		*
143		* @param int $userId
144		* @return array
145		*/
146	1	protected function getUser(int $userId): array
147		{
148	1	$authModel = new Users($this->config);
149	1	$userList = $authModel->getById($userId);
150	1	return isset($userList[0]) ? $userList[0] : $userList;
151		}
152
153		/**
154		* isValidAuthorization
155		*
156		* @return boolean
157		*/
158	1	protected function isValidAuthorization(): bool
159		{
160	1	return (isset($this->headers[self::_AUTORIZATION])
161	1	&& !empty($this->headers[self::_AUTORIZATION]));
162		}
163
164		/**
165		* required
166		*
167		* @return boolean
168		*/
169	1	protected function required(): bool
170		{
171		if (
172	1	$this->request->isCli()
173	1	&& $this->request->getMethod() === Request::METHOD_TRACE
174		) {
175	1	return false;
176		}
177		return (!$this->isExclude()
178		&& $this->requestUriPrefix() === $this->prefix
179		&& !$this->isPreflight());
180		}
181
182		/**
183		* isExclude
184		*
185		* @return boolean
186		*/
187	1	protected function isExclude(): bool
188		{
189	1	$disallowed = $this->configParams[self::_EXCLUDE];
190	1	$count = count($disallowed);
191	1	for ($c = 0; $c < $count; ++$c) {
192	1	$composed = $this->prefix . $disallowed[$c];
193	1	$isExclude = ($composed == $this->request->getUri());
194	1	if ($isExclude) {
195	1	return true;
196		}
197		}
198	1	return false;
199		}
200
201		/**
202		* uriPrefix
203		*
204		* @return string
205		*/
206	1	protected function requestUriPrefix(): string
207		{
208	1	return substr($this->request->getUri(), 0, strlen($this->prefix));
209		}
210		}
211

pierre-fromager / nymfonya

Push — master ( 5c6447...c86f07 )

Jwt::sendError() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like