SessionMiddleware::__construct() - Code Metrics - Inspection of "Move package to psr7-sessions org" - psr7-sessions/storageless - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#1)

by Marco

created 2016-09-13 14:09 UTC

SessionMiddleware::__construct() A

↳ Parent: SessionMiddleware

Complexity

Conditions	1
Paths	1

Size

Total Lines	19
Code Lines	17

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	10
CRAP Score	1

Importance

Changes

Metric	Value
dl	0
loc	19
ccs	10
cts	10
cp	1
rs	9.4285
c	0
b	0
f	0
cc	1
eloc	17
nc	1
nop	8
crap	1

How to fix Many Parameters

<?php
/*
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * This software consists of voluntary contributions made by many individuals
 * and is licensed under the MIT license.
 */

declare(strict_types=1);

namespace PSR7Session\Storageless\Http;

use Dflydev\FigCookies\FigResponseCookies;
use Dflydev\FigCookies\SetCookie;
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Parser;
use Lcobucci\JWT\Signer;
use Lcobucci\JWT\Token;
use Lcobucci\JWT\ValidationData;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use PSR7Session\Storageless\Time\CurrentTimeProviderInterface;
use PSR7Session\Storageless\Time\SystemCurrentTime;
use PSR7Session\Storageless\Session\DefaultSessionData;
use PSR7Session\Storageless\Session\LazySession;
use PSR7Session\Storageless\Session\SessionInterface;
use Zend\Stratigility\MiddlewareInterface;

final class SessionMiddleware implements MiddlewareInterface
{
    const ISSUED_AT_CLAIM      = 'iat';
    const SESSION_CLAIM        = 'session-data';
    const SESSION_ATTRIBUTE    = 'session';
    const DEFAULT_COOKIE       = 'slsession';
    const DEFAULT_REFRESH_TIME = 60;

    /**
     * @var Signer
     */
    private $signer;

    /**
     * @var string
     */
    private $signatureKey;

    /**
     * @var string
     */
    private $verificationKey;

    /**
     * @var int
     */
    private $expirationTime;

    /**
     * @var int
     */
    private $refreshTime;

    /**
     * @var Parser
     */
    private $tokenParser;

    /**
     * @var SetCookie
     */
    private $defaultCookie;

    /**
     * @var CurrentTimeProviderInterface
     */
    private $currentTimeProvider;

    /**
     * @param Signer                        $signer
     * @param string                        $signatureKey
     * @param string                        $verificationKey
     * @param SetCookie                     $defaultCookie
     * @param Parser                        $tokenParser
     * @param int                           $expirationTime
     * @param CurrentTimeProviderInterface  $currentTimeProvider
     * @param int                           $refreshTime
     */
    public function __construct(
        Signer $signer,
        string $signatureKey,
        string $verificationKey,
        SetCookie $defaultCookie,
        Parser $tokenParser,
        int $expirationTime,
        CurrentTimeProviderInterface $currentTimeProvider,
        int $refreshTime = self::DEFAULT_REFRESH_TIME
    ) {
        $this->signer              = $signer;
        $this->signatureKey        = $signatureKey;
        $this->verificationKey     = $verificationKey;
        $this->tokenParser         = $tokenParser;
        $this->defaultCookie       = clone $defaultCookie;
        $this->expirationTime      = $expirationTime;
        $this->currentTimeProvider = $currentTimeProvider;
        $this->refreshTime         = $refreshTime;
    }

    /**
     * This constructor simplifies instantiation when using HTTPS (REQUIRED!) and symmetric key encription
     *
     * @param string $symmetricKey
     * @param int    $expirationTime
     *
     * @return self
     */
    public static function fromSymmetricKeyDefaults(string $symmetricKey, int $expirationTime) : SessionMiddleware
    {
        return new self(
            new Signer\Hmac\Sha256(),
            $symmetricKey,
            $symmetricKey,
            SetCookie::create(self::DEFAULT_COOKIE)
                ->withSecure(true)
                ->withHttpOnly(true)
                ->withPath('/'),
            new Parser(),
            $expirationTime,
            new SystemCurrentTime()
        );
    }

    /**
     * This constructor simplifies instantiation when using HTTPS (REQUIRED!) and asymmetric key encription
     * based on RSA keys
     *
     * @param string $privateRsaKey
     * @param string $publicRsaKey
     * @param int    $expirationTime
     *
     * @return self
     */
    public static function fromAsymmetricKeyDefaults(
        string $privateRsaKey,
        string $publicRsaKey,
        int $expirationTime
    ) : SessionMiddleware {
        return new self(
            new Signer\Rsa\Sha256(),
            $privateRsaKey,
            $publicRsaKey,
            SetCookie::create(self::DEFAULT_COOKIE)
                ->withSecure(true)
                ->withHttpOnly(true)
                ->withPath('/'),
            new Parser(),
            $expirationTime,
            new SystemCurrentTime()
        );
    }

    /**
     * {@inheritdoc}
     *
     * @throws \InvalidArgumentException
     * @throws \OutOfBoundsException
     */
    public function __invoke(Request $request, Response $response, callable $out = null) : Response
    {
        $token            = $this->parseToken($request);
        $sessionContainer = LazySession::fromContainerBuildingCallback(function () use ($token) : SessionInterface {
            return $this->extractSessionContainer($token);
        });

        if (null !== $out) {
            $response = $out($request->withAttribute(self::SESSION_ATTRIBUTE, $sessionContainer), $response);
        }

        return $this->appendToken($sessionContainer, $response, $token);
    }

    /**
     * Extract the token from the given request object
     *
     * @param Request $request
     *
     * @return Token|null
     */
    private function parseToken(Request $request)
    {
        $cookies    = $request->getCookieParams();
        $cookieName = $this->defaultCookie->getName();

        if (! isset($cookies[$cookieName])) {
            return null;
        }

        try {
            $token = $this->tokenParser->parse($cookies[$cookieName]);
        } catch (\InvalidArgumentException $invalidToken) {
            return null;
        }

        if (! $token->validate(new ValidationData())) {
            return null;
        }

        return $token;
    }

    /**
     * @param Token|null $token
     *
     * @return SessionInterface
     */
    public function extractSessionContainer(Token $token = null) : SessionInterface
    {
        try {
            if (null === $token || ! $token->verify($this->signer, $this->verificationKey)) {
                return DefaultSessionData::newEmptySession();
            }

            return DefaultSessionData::fromDecodedTokenData(
                (object) $token->getClaim(self::SESSION_CLAIM, new \stdClass())
            );
        } catch (\BadMethodCallException $invalidToken) {
            return DefaultSessionData::newEmptySession();
        }
    }

    /**
     * @param SessionInterface $sessionContainer
     * @param Response         $response
     * @param Token            $token
     *
     * @return Response
     *
     * @throws \InvalidArgumentException
     */
    private function appendToken(SessionInterface $sessionContainer, Response $response, Token $token = null) : Response
    {
        $sessionContainerChanged = $sessionContainer->hasChanged();

        if ($sessionContainerChanged && $sessionContainer->isEmpty()) {
            return FigResponseCookies::set($response, $this->getExpirationCookie());
        }

        if ($sessionContainerChanged || ($this->shouldTokenBeRefreshed($token) && ! $sessionContainer->isEmpty())) {
            return FigResponseCookies::set($response, $this->getTokenCookie($sessionContainer));
        }

        return $response;
    }

    /**
     * {@inheritDoc}
     */
    private function shouldTokenBeRefreshed(Token $token = null) : bool
    {
        if (null === $token) {
            return false;
        }

        if (! $token->hasClaim(self::ISSUED_AT_CLAIM)) {
            return false;
        }

        return $this->timestamp() >= ($token->getClaim(self::ISSUED_AT_CLAIM) + $this->refreshTime);
    }

    /**
     * @param SessionInterface $sessionContainer
     *
     * @return SetCookie
     */
    private function getTokenCookie(SessionInterface $sessionContainer) : SetCookie
    {
        $timestamp = $this->timestamp();

        return $this
            ->defaultCookie
            ->withValue(
                (new Builder())
                    ->setIssuedAt($timestamp)
                    ->setExpiration($timestamp + $this->expirationTime)
                    ->set(self::SESSION_CLAIM, $sessionContainer)
                    ->sign($this->signer, $this->signatureKey)
                    ->getToken()
            )
            ->withExpires($timestamp + $this->expirationTime);
    }

    /**
     * @return SetCookie
     */
    private function getExpirationCookie() : SetCookie
    {
        $currentTimeProvider = $this->currentTimeProvider;
        $expirationDate      = $currentTimeProvider();
        $expirationDate      = $expirationDate->modify('-30 days');

        return $this
            ->defaultCookie
            ->withValue(null)
            ->withExpires($expirationDate->getTimestamp());
    }

    private function timestamp() : int
    {
        $currentTimeProvider = $this->currentTimeProvider;

        return $currentTimeProvider()->getTimestamp();
    }
}


1		<?php
2		/*
3		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
4		* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
5		* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
6		* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
7		* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
8		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
9		* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
10		* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
11		* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
12		* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
13		* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
14		*
15		* This software consists of voluntary contributions made by many individuals
16		* and is licensed under the MIT license.
17		*/
18
19		declare(strict_types=1);
20
21		namespace PSR7Session\Storageless\Http;
22
23		use Dflydev\FigCookies\FigResponseCookies;
24		use Dflydev\FigCookies\SetCookie;
25		use Lcobucci\JWT\Builder;
26		use Lcobucci\JWT\Parser;
27		use Lcobucci\JWT\Signer;
28		use Lcobucci\JWT\Token;
29		use Lcobucci\JWT\ValidationData;
30		use Psr\Http\Message\ResponseInterface as Response;
31		use Psr\Http\Message\ServerRequestInterface as Request;
32		use PSR7Session\Storageless\Time\CurrentTimeProviderInterface;
33		use PSR7Session\Storageless\Time\SystemCurrentTime;
34		use PSR7Session\Storageless\Session\DefaultSessionData;
35		use PSR7Session\Storageless\Session\LazySession;
36		use PSR7Session\Storageless\Session\SessionInterface;
37		use Zend\Stratigility\MiddlewareInterface;
38
39		final class SessionMiddleware implements MiddlewareInterface
40		{
41		const ISSUED_AT_CLAIM = 'iat';
42		const SESSION_CLAIM = 'session-data';
43		const SESSION_ATTRIBUTE = 'session';
44		const DEFAULT_COOKIE = 'slsession';
45		const DEFAULT_REFRESH_TIME = 60;
46
47		/**
48		* @var Signer
49		*/
50		private $signer;
51
52		/**
53		* @var string
54		*/
55		private $signatureKey;
56
57		/**
58		* @var string
59		*/
60		private $verificationKey;
61
62		/**
63		* @var int
64		*/
65		private $expirationTime;
66
67		/**
68		* @var int
69		*/
70		private $refreshTime;
71
72		/**
73		* @var Parser
74		*/
75		private $tokenParser;
76
77		/**
78		* @var SetCookie
79		*/
80		private $defaultCookie;
81
82		/**
83		* @var CurrentTimeProviderInterface
84		*/
85		private $currentTimeProvider;
86
87		/**
88		* @param Signer $signer
89		* @param string $signatureKey
90		* @param string $verificationKey
91		* @param SetCookie $defaultCookie
92		* @param Parser $tokenParser
93		* @param int $expirationTime
94		* @param CurrentTimeProviderInterface $currentTimeProvider
95		* @param int $refreshTime
96		*/
97	7	public function __construct(
98		Signer $signer,
99		string $signatureKey,
100		string $verificationKey,
101		SetCookie $defaultCookie,
102		Parser $tokenParser,
103		int $expirationTime,
104		CurrentTimeProviderInterface $currentTimeProvider,
105		int $refreshTime = self::DEFAULT_REFRESH_TIME
106		) {
107	7	$this->signer = $signer;
108	7	$this->signatureKey = $signatureKey;
109	7	$this->verificationKey = $verificationKey;
110	7	$this->tokenParser = $tokenParser;
111	7	$this->defaultCookie = clone $defaultCookie;
112	7	$this->expirationTime = $expirationTime;
113	7	$this->currentTimeProvider = $currentTimeProvider;
114	7	$this->refreshTime = $refreshTime;
115	7	}
116
117		/**
118		* This constructor simplifies instantiation when using HTTPS (REQUIRED!) and symmetric key encription
119		*
120		* @param string $symmetricKey
121		* @param int $expirationTime
122		*
123		* @return self
124		*/
125	1	public static function fromSymmetricKeyDefaults(string $symmetricKey, int $expirationTime) : SessionMiddleware
126		{
127	1	return new self(
128	1	new Signer\Hmac\Sha256(),
129		$symmetricKey,
130		$symmetricKey,
131	1	SetCookie::create(self::DEFAULT_COOKIE)
132	1	->withSecure(true)
133	1	->withHttpOnly(true)
134	1	->withPath('/'),
135	1	new Parser(),
136		$expirationTime,
137	1	new SystemCurrentTime()
138		);
139		}
140
141		/**
142		* This constructor simplifies instantiation when using HTTPS (REQUIRED!) and asymmetric key encription
143		* based on RSA keys
144		*
145		* @param string $privateRsaKey
146		* @param string $publicRsaKey
147		* @param int $expirationTime
148		*
149		* @return self
150		*/
151	1	public static function fromAsymmetricKeyDefaults(
152		string $privateRsaKey,
153		string $publicRsaKey,
154		int $expirationTime
155		) : SessionMiddleware {
156	1	return new self(
157	1	new Signer\Rsa\Sha256(),
158		$privateRsaKey,
159		$publicRsaKey,
160	1	SetCookie::create(self::DEFAULT_COOKIE)
161	1	->withSecure(true)
162	1	->withHttpOnly(true)
163	1	->withPath('/'),
164	1	new Parser(),
165		$expirationTime,
166	1	new SystemCurrentTime()
167		);
168		}
169
170		/**
171		* {@inheritdoc}
172		*
173		* @throws \InvalidArgumentException
174		* @throws \OutOfBoundsException
175		*/
176	40	public function __invoke(Request $request, Response $response, callable $out = null) : Response
177		{
178	40	$token = $this->parseToken($request);
179	40	$sessionContainer = LazySession::fromContainerBuildingCallback(function () use ($token) : SessionInterface {
180	38	return $this->extractSessionContainer($token);
181	40	});
182
183	40	if (null !== $out) {
184	38	$response = $out($request->withAttribute(self::SESSION_ATTRIBUTE, $sessionContainer), $response);
185		}
186
187	40	return $this->appendToken($sessionContainer, $response, $token);
188		}
189
190		/**
191		* Extract the token from the given request object
192		*
193		* @param Request $request
194		*
195		* @return Token\|null
196		*/
197	40	private function parseToken(Request $request)
198		{
199	40	$cookies = $request->getCookieParams();
200	40	$cookieName = $this->defaultCookie->getName();
201
202	40	if (! isset($cookies[$cookieName])) {
203	22	return null;
204		}
205
206		try {
207	28	$token = $this->tokenParser->parse($cookies[$cookieName]);
208	3	} catch (\InvalidArgumentException $invalidToken) {
209	3	return null;
210		}
211
212	25	if (! $token->validate(new ValidationData())) {
213	6	return null;
214		}
215
216	19	return $token;
217		}
218
219		/**
220		* @param Token\|null $token
221		*
222		* @return SessionInterface
223		*/
224	38	public function extractSessionContainer(Token $token = null) : SessionInterface
225		{
226		try {
227	38	if (null === $token \|\| ! $token->verify($this->signer, $this->verificationKey)) {
228	31	return DefaultSessionData::newEmptySession();
229		}
230
231	13	return DefaultSessionData::fromDecodedTokenData(
232	13	(object) $token->getClaim(self::SESSION_CLAIM, new \stdClass())
233		);
234	3	} catch (\BadMethodCallException $invalidToken) {
235	3	return DefaultSessionData::newEmptySession();
236		}
237		}
238
239		/**
240		* @param SessionInterface $sessionContainer
241		* @param Response $response
242		* @param Token $token
243		*
244		* @return Response
245		*
246		* @throws \InvalidArgumentException
247		*/
248	40	private function appendToken(SessionInterface $sessionContainer, Response $response, Token $token = null) : Response
249		{
250	40	$sessionContainerChanged = $sessionContainer->hasChanged();
251
252	40	if ($sessionContainerChanged && $sessionContainer->isEmpty()) {
253	3	return FigResponseCookies::set($response, $this->getExpirationCookie());
254		}
255
256	40	if ($sessionContainerChanged \|\| ($this->shouldTokenBeRefreshed($token) && ! $sessionContainer->isEmpty())) {
257	17	return FigResponseCookies::set($response, $this->getTokenCookie($sessionContainer));
258		}
259
260	27	return $response;
261		}
262
263		/**
264		* {@inheritDoc}
265		*/
266	28	private function shouldTokenBeRefreshed(Token $token = null) : bool
267		{
268	28	if (null === $token) {
269	15	return false;
270		}
271
272	13	if (! $token->hasClaim(self::ISSUED_AT_CLAIM)) {
273	4	return false;
274		}
275
276	9	return $this->timestamp() >= ($token->getClaim(self::ISSUED_AT_CLAIM) + $this->refreshTime);
277		}
278
279		/**
280		* @param SessionInterface $sessionContainer
281		*
282		* @return SetCookie
283		*/
284	17	private function getTokenCookie(SessionInterface $sessionContainer) : SetCookie
285		{
286	17	$timestamp = $this->timestamp();
287
288		return $this
289	17	->defaultCookie
290	17	->withValue(
291	17	(new Builder())
292	17	->setIssuedAt($timestamp)
293	17	->setExpiration($timestamp + $this->expirationTime)
294	17	->set(self::SESSION_CLAIM, $sessionContainer)
295	17	->sign($this->signer, $this->signatureKey)
296	17	->getToken()
297		)
298	17	->withExpires($timestamp + $this->expirationTime);
299		}
300
301		/**
302		* @return SetCookie
303		*/
304	3	private function getExpirationCookie() : SetCookie
305		{
306	3	$currentTimeProvider = $this->currentTimeProvider;
307	3	$expirationDate = $currentTimeProvider();
308	3	$expirationDate = $expirationDate->modify('-30 days');
309
310		return $this
311	3	->defaultCookie
312	3	->withValue(null)
313	3	->withExpires($expirationDate->getTimestamp());
314		}
315
316	21	private function timestamp() : int
317		{
318	21	$currentTimeProvider = $this->currentTimeProvider;
319
320	21	return $currentTimeProvider()->getTimestamp();
321		}
322		}
323

psr7-sessions / storageless

Pull Request — master (#1)

SessionMiddleware::__construct() A

Complexity

Size

Duplication

Code Coverage

Importance

How to fix Many Parameters

Many Parameters

Duplication Side-by-Side

Filter issues like