AuthorizeController - Code Metrics - Inspection of "REDCORE-538 [Fix] Can not translate on Joomla 3.8...." - redCOMPONENT-COM/redCORE - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — develop (#816)

by Kristijan

created 2018-02-09 13:06 UTC

AuthorizeController F

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	368
Duplicated Lines	0 %

Importance

Changes

Metric	Value
wmc	67
dl	0
loc	368
rs	3.0612
c	0
b	0
f	0

13 Methods

Rating	Name	Size	Complexity
A	buildAuthorizeParameters()	12	1
A	getResponseType()	3	1
A	__construct()	15	2
A	setNotAuthorizedResponse()	5	1
F	buildUri()	23	12
A	getClientId()	3	1
A	getValidResponseTypes()	5	1
A	getState()	3	1
A	getRedirectUri()	3	1
A	getScope()	3	1
C	validateRedirectUri()	23	7
D	handleAuthorizeRequest()	43	9
D	validateAuthorizeRequest()	145	29

How to fix Complexity

<?php

namespace OAuth2\Controller;

use OAuth2\Storage\ClientInterface;
use OAuth2\ScopeInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
use OAuth2\Scope;

/**
 * @see OAuth2\Controller\AuthorizeControllerInterface
 */
class AuthorizeController implements AuthorizeControllerInterface
{
    private $scope;
    private $state;
    private $client_id;
    private $redirect_uri;
    private $response_type;

    protected $clientStorage;
    protected $responseTypes;
    protected $config;
    protected $scopeUtil;

    /**
     * @param OAuth2\Storage\ClientInterface $clientStorage REQUIRED Instance of OAuth2\Storage\ClientInterface to retrieve client information

     * @param array                          $responseTypes OPTIONAL Array of OAuth2\ResponseType\ResponseTypeInterface objects.  Valid array
     *                                                      keys are "code" and "token"
     * @param array                          $config        OPTIONAL Configuration options for the server
     *                                                      <code>
     *                                                      $config = array(
     *                                                      'allow_implicit' => false,            // if the controller should allow the "implicit" grant type
     *                                                      'enforce_state'  => true              // if the controller should require the "state" parameter
     *                                                      'require_exact_redirect_uri' => true, // if the controller should require an exact match on the "redirect_uri" parameter
     *                                                      'redirect_status_code' => 302,        // HTTP status code to use for redirect responses
     *                                                      );
     *                                                      </code>
     * @param OAuth2\ScopeInterface          $scopeUtil     OPTIONAL Instance of OAuth2\ScopeInterface to validate the requested scope

     */
    public function __construct(ClientInterface $clientStorage, array $responseTypes = array(), array $config = array(), ScopeInterface $scopeUtil = null)
    {
        $this->clientStorage = $clientStorage;
        $this->responseTypes = $responseTypes;
        $this->config = array_merge(array(
            'allow_implicit' => false,
            'enforce_state'  => true,
            'require_exact_redirect_uri' => true,
            'redirect_status_code' => 302,
        ), $config);

        if (is_null($scopeUtil)) {
            $scopeUtil = new Scope();
        }
        $this->scopeUtil = $scopeUtil;
    }

    public function handleAuthorizeRequest(RequestInterface $request, ResponseInterface $response, $is_authorized, $user_id = null)
    {
        if (!is_bool($is_authorized)) {
            throw new \InvalidArgumentException('Argument "is_authorized" must be a boolean.  This method must know if the user has granted access to the client.');
        }

        // We repeat this, because we need to re-validate. The request could be POSTed
        // by a 3rd-party (because we are not internally enforcing NONCEs, etc)
        if (!$this->validateAuthorizeRequest($request, $response)) {
            return;
        }

        // If no redirect_uri is passed in the request, use client's registered one
        if (empty($this->redirect_uri)) {
            $clientData              = $this->clientStorage->getClientDetails($this->client_id);
            $registered_redirect_uri = $clientData['redirect_uri'];
        }

        // the user declined access to the client's application
        if ($is_authorized === false) {
            $redirect_uri = $this->redirect_uri ?: $registered_redirect_uri;

            $this->setNotAuthorizedResponse($request, $response, $redirect_uri, $user_id);

            return;
        }

        // build the parameters to set in the redirect URI
        if (!$params = $this->buildAuthorizeParameters($request, $response, $user_id)) {
            return;
        }

        $authResult = $this->responseTypes[$this->response_type]->getAuthorizeResponse($params, $user_id);

        list($redirect_uri, $uri_params) = $authResult;

        if (empty($redirect_uri) && !empty($registered_redirect_uri)) {
            $redirect_uri = $registered_redirect_uri;
        }

        $uri = $this->buildUri($redirect_uri, $uri_params);

        // return redirect response
        $response->setRedirect($this->config['redirect_status_code'], $uri);
    }

    protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null)
    {
        $error = 'access_denied';
        $error_message = 'The user denied access to your application';
        $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->state, $error, $error_message);
    }

    /*
     * We have made this protected so this class can be extended to add/modify
     * these parameters
     */
    protected function buildAuthorizeParameters($request, $response, $user_id)
    {
        // @TODO: we should be explicit with this in the future
        $params = array(
            'scope'         => $this->scope,
            'state'         => $this->state,
            'client_id'     => $this->client_id,
            'redirect_uri'  => $this->redirect_uri,
            'response_type' => $this->response_type,
        );

        return $params;
    }

    public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response)
    {
        // Make sure a valid client id was supplied (we can not redirect because we were unable to verify the URI)
        if (!$client_id = $request->query('client_id', $request->request('client_id'))) {
            // We don't have a good URI to use
            $response->setError(400, 'invalid_client', "No client id supplied");

            return false;
        }

        // Get client details
        if (!$clientData = $this->clientStorage->getClientDetails($client_id)) {
            $response->setError(400, 'invalid_client', 'The client id supplied is invalid');

            return false;
        }

        $registered_redirect_uri = isset($clientData['redirect_uri']) ? $clientData['redirect_uri'] : '';

        // Make sure a valid redirect_uri was supplied. If specified, it must match the clientData URI.
        // @see http://tools.ietf.org/html/rfc6749#section-3.1.2
        // @see http://tools.ietf.org/html/rfc6749#section-4.1.2.1
        // @see http://tools.ietf.org/html/rfc6749#section-4.2.2.1
        if ($supplied_redirect_uri = $request->query('redirect_uri', $request->request('redirect_uri'))) {
            // validate there is no fragment supplied
            $parts = parse_url($supplied_redirect_uri);
            if (isset($parts['fragment']) && $parts['fragment']) {
                $response->setError(400, 'invalid_uri', 'The redirect URI must not contain a fragment');

                return false;
            }

            // validate against the registered redirect uri(s) if available
            if ($registered_redirect_uri && !$this->validateRedirectUri($supplied_redirect_uri, $registered_redirect_uri)) {
                $response->setError(400, 'redirect_uri_mismatch', 'The redirect URI provided is missing or does not match', '#section-3.1.2');

                return false;
            }
            $redirect_uri = $supplied_redirect_uri;
        } else {
            // use the registered redirect_uri if none has been supplied, if possible
            if (!$registered_redirect_uri) {
                $response->setError(400, 'invalid_uri', 'No redirect URI was supplied or stored');

                return false;
            }

            if (count(explode(' ', $registered_redirect_uri)) > 1) {
                $response->setError(400, 'invalid_uri', 'A redirect URI must be supplied when multiple redirect URIs are registered', '#section-3.1.2.3');

                return false;
            }
            $redirect_uri = $registered_redirect_uri;
        }

        // Select the redirect URI
        $response_type = $request->query('response_type', $request->request('response_type'));

        // for multiple-valued response types - make them alphabetical
        if (false !== strpos($response_type, ' ')) {
            $types = explode(' ', $response_type);
            sort($types);
            $response_type = ltrim(implode(' ', $types));
        }

        $state = $request->query('state', $request->request('state'));

        // type and client_id are required
        if (!$response_type || !in_array($response_type, $this->getValidResponseTypes())) {
            $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'invalid_request', 'Invalid or missing response type', null);

            return false;
        }

        if ($response_type == self::RESPONSE_TYPE_AUTHORIZATION_CODE) {
            if (!isset($this->responseTypes['code'])) {
                $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unsupported_response_type', 'authorization code grant type not supported', null);

                return false;
            }
            if (!$this->clientStorage->checkRestrictedGrantType($client_id, 'authorization_code')) {
                $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unauthorized_client', 'The grant type is unauthorized for this client_id', null);

                return false;
            }
            if ($this->responseTypes['code']->enforceRedirect() && !$redirect_uri) {
                $response->setError(400, 'redirect_uri_mismatch', 'The redirect URI is mandatory and was not supplied');

                return false;
            }
        } else {
            if (!$this->config['allow_implicit']) {
                $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unsupported_response_type', 'implicit grant type not supported', null);

                return false;
            }
            if (!$this->clientStorage->checkRestrictedGrantType($client_id, 'implicit')) {
                $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unauthorized_client', 'The grant type is unauthorized for this client_id', null);

                return false;
            }
        }

        // validate requested scope if it exists
        $requestedScope = $this->scopeUtil->getScopeFromRequest($request);

        if ($requestedScope) {
            // restrict scope by client specific scope if applicable,
            // otherwise verify the scope exists
            $clientScope = $this->clientStorage->getClientScope($client_id);
            if ((is_null($clientScope) && !$this->scopeUtil->scopeExists($requestedScope))
                || ($clientScope && !$this->scopeUtil->checkScope($requestedScope, $clientScope))) {
                $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'invalid_scope', 'An unsupported scope was requested', null);

                return false;
            }
        } else {
            // use a globally-defined default scope
            $defaultScope = $this->scopeUtil->getDefaultScope($client_id);

            if (false === $defaultScope) {
                $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'invalid_client', 'This application requires you specify a scope parameter', null);

                return false;
            }

            $requestedScope = $defaultScope;
        }

        // Validate state parameter exists (if configured to enforce this)
        if ($this->config['enforce_state'] && !$state) {
            $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, null, 'invalid_request', 'The state parameter is required');

            return false;
        }

        // save the input data and return true
        $this->scope         = $requestedScope;
        $this->state         = $state;
        $this->client_id     = $client_id;
        // Only save the SUPPLIED redirect URI (@see http://tools.ietf.org/html/rfc6749#section-4.1.3)
        $this->redirect_uri  = $supplied_redirect_uri;
        $this->response_type = $response_type;

        return true;
    }

    /**
     * Build the absolute URI based on supplied URI and parameters.
     *
     * @param $uri    An absolute URI.
filter:
    dependency_paths: ["lib/*"]
     * @param $params Parameters to be append as GET.
filter:
    dependency_paths: ["lib/*"]
     *
     * @return
     * An absolute URI with supplied parameters.
     *
     * @ingroup oauth2_section_4
     */
    private function buildUri($uri, $params)
    {
        $parse_url = parse_url($uri);

        // Add our params to the parsed uri
        foreach ($params as $k => $v) {
            if (isset($parse_url[$k])) {
                $parse_url[$k] .= "&" . http_build_query($v, '', '&');
            } else {
                $parse_url[$k] = http_build_query($v, '', '&');
            }
        }

        // Put humpty dumpty back together
        return
            ((isset($parse_url["scheme"])) ? $parse_url["scheme"] . "://" : "")
            . ((isset($parse_url["user"])) ? $parse_url["user"]
            . ((isset($parse_url["pass"])) ? ":" . $parse_url["pass"] : "") . "@" : "")
            . ((isset($parse_url["host"])) ? $parse_url["host"] : "")
            . ((isset($parse_url["port"])) ? ":" . $parse_url["port"] : "")
            . ((isset($parse_url["path"])) ? $parse_url["path"] : "")
            . ((isset($parse_url["query"]) && !empty($parse_url['query'])) ? "?" . $parse_url["query"] : "")
            . ((isset($parse_url["fragment"])) ? "#" . $parse_url["fragment"] : "")
        ;
    }

    protected function getValidResponseTypes()
    {
        return array(
            self::RESPONSE_TYPE_ACCESS_TOKEN,
            self::RESPONSE_TYPE_AUTHORIZATION_CODE,
        );
    }

    /**
     * Internal method for validating redirect URI supplied
     *
     * @param string $inputUri            The submitted URI to be validated
     * @param string $registeredUriString The allowed URI(s) to validate against.  Can be a space-delimited string of URIs to
     *                                    allow for multiple URIs
     *
     * @see http://tools.ietf.org/html/rfc6749#section-3.1.2
     */
    protected function validateRedirectUri($inputUri, $registeredUriString)
    {
        if (!$inputUri || !$registeredUriString) {
            return false; // if either one is missing, assume INVALID
        }

        $registered_uris = preg_split('/\s+/', $registeredUriString);
        foreach ($registered_uris as $registered_uri) {
            if ($this->config['require_exact_redirect_uri']) {
                // the input uri is validated against the registered uri using exact match
                if (strcmp($inputUri, $registered_uri) === 0) {
                    return true;
                }
            } else {
                // the input uri is validated against the registered uri using case-insensitive match of the initial string
                // i.e. additional query parameters may be applied
                if (strcasecmp(substr($inputUri, 0, strlen($registered_uri)), $registered_uri) === 0) {
                    return true;
                }
            }
        }

        return false;
    }

    /**
     * Convenience methods to access the parameters derived from the validated request
     */

    public function getScope()
    {
        return $this->scope;
    }

    public function getState()
    {
        return $this->state;
    }

    public function getClientId()
    {
        return $this->client_id;
    }

    public function getRedirectUri()
    {
        return $this->redirect_uri;
    }

    public function getResponseType()
    {
        return $this->response_type;
    }
}


1			<?php
2
3			namespace OAuth2\Controller;
4
5			use OAuth2\Storage\ClientInterface;
6			use OAuth2\ScopeInterface;
7			use OAuth2\RequestInterface;
8			use OAuth2\ResponseInterface;
9			use OAuth2\Scope;
10
11			/**
12			* @see OAuth2\Controller\AuthorizeControllerInterface
13			*/
14			class AuthorizeController implements AuthorizeControllerInterface
15			{
16			private $scope;
17			private $state;
18			private $client_id;
19			private $redirect_uri;
20			private $response_type;
21
22			protected $clientStorage;
23			protected $responseTypes;
24			protected $config;
25			protected $scopeUtil;
26
27			/**
28			* @param OAuth2\Storage\ClientInterface $clientStorage REQUIRED Instance of OAuth2\Storage\ClientInterface to retrieve client information
			0 ignored issues – show Bug introduced 2017-11-09 09:31 UTC by Report Bug Copy Issue Report The type `OAuth2\Controller\OAuth2\Storage\ClientInterface` was not found. Did you mean `OAuth2\Storage\ClientInterface`? If so, make sure to prefix the type with `\`. Loading history...
29			* @param array $responseTypes OPTIONAL Array of OAuth2\ResponseType\ResponseTypeInterface objects. Valid array
30			* keys are "code" and "token"
31			* @param array $config OPTIONAL Configuration options for the server
32			* <code>
33			* $config = array(
34			* 'allow_implicit' => false, // if the controller should allow the "implicit" grant type
35			* 'enforce_state' => true // if the controller should require the "state" parameter
36			* 'require_exact_redirect_uri' => true, // if the controller should require an exact match on the "redirect_uri" parameter
37			* 'redirect_status_code' => 302, // HTTP status code to use for redirect responses
38			* );
39			* </code>
40			* @param OAuth2\ScopeInterface $scopeUtil OPTIONAL Instance of OAuth2\ScopeInterface to validate the requested scope
			0 ignored issues – show Bug introduced 2017-11-09 09:31 UTC by Report Bug Copy Issue Report The type `OAuth2\Controller\OAuth2\ScopeInterface` was not found. Did you mean `OAuth2\ScopeInterface`? If so, make sure to prefix the type with `\`. Loading history...
41			*/
42			public function __construct(ClientInterface $clientStorage, array $responseTypes = array(), array $config = array(), ScopeInterface $scopeUtil = null)
43			{
44			$this->clientStorage = $clientStorage;
45			$this->responseTypes = $responseTypes;
46			$this->config = array_merge(array(
47			'allow_implicit' => false,
48			'enforce_state' => true,
49			'require_exact_redirect_uri' => true,
50			'redirect_status_code' => 302,
51			), $config);
52
53			if (is_null($scopeUtil)) {
54			$scopeUtil = new Scope();
55			}
56			$this->scopeUtil = $scopeUtil;
57			}
58
59			public function handleAuthorizeRequest(RequestInterface $request, ResponseInterface $response, $is_authorized, $user_id = null)
60			{
61			if (!is_bool($is_authorized)) {
62			throw new \InvalidArgumentException('Argument "is_authorized" must be a boolean. This method must know if the user has granted access to the client.');
63			}
64
65			// We repeat this, because we need to re-validate. The request could be POSTed
66			// by a 3rd-party (because we are not internally enforcing NONCEs, etc)
67			if (!$this->validateAuthorizeRequest($request, $response)) {
68			return;
69			}
70
71			// If no redirect_uri is passed in the request, use client's registered one
72			if (empty($this->redirect_uri)) {
73			$clientData = $this->clientStorage->getClientDetails($this->client_id);
74			$registered_redirect_uri = $clientData['redirect_uri'];
75			}
76
77			// the user declined access to the client's application
78			if ($is_authorized === false) {
79			$redirect_uri = $this->redirect_uri ?: $registered_redirect_uri;
			0 ignored issues – show Comprehensibility Best Practice introduced 2017-11-09 09:31 UTC by Report Bug Copy Issue Report The variable `$registered_redirect_uri` does not seem to be defined for all execution paths leading up to this point. Loading history...
80			$this->setNotAuthorizedResponse($request, $response, $redirect_uri, $user_id);
81
82			return;
83			}
84
85			// build the parameters to set in the redirect URI
86			if (!$params = $this->buildAuthorizeParameters($request, $response, $user_id)) {
87			return;
88			}
89
90			$authResult = $this->responseTypes[$this->response_type]->getAuthorizeResponse($params, $user_id);
91
92			list($redirect_uri, $uri_params) = $authResult;
93
94			if (empty($redirect_uri) && !empty($registered_redirect_uri)) {
95			$redirect_uri = $registered_redirect_uri;
96			}
97
98			$uri = $this->buildUri($redirect_uri, $uri_params);
99
100			// return redirect response
101			$response->setRedirect($this->config['redirect_status_code'], $uri);
102			}
103
104			protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null)
105			{
106			$error = 'access_denied';
107			$error_message = 'The user denied access to your application';
108			$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->state, $error, $error_message);
109			}
110
111			/*
112			* We have made this protected so this class can be extended to add/modify
113			* these parameters
114			*/
115			protected function buildAuthorizeParameters($request, $response, $user_id)
116			{
117			// @TODO: we should be explicit with this in the future
118			$params = array(
119			'scope' => $this->scope,
120			'state' => $this->state,
121			'client_id' => $this->client_id,
122			'redirect_uri' => $this->redirect_uri,
123			'response_type' => $this->response_type,
124			);
125
126			return $params;
127			}
128
129			public function validateAuthorizeRequest(RequestInterface $request, ResponseInterface $response)
130			{
131			// Make sure a valid client id was supplied (we can not redirect because we were unable to verify the URI)
132			if (!$client_id = $request->query('client_id', $request->request('client_id'))) {
133			// We don't have a good URI to use
134			$response->setError(400, 'invalid_client', "No client id supplied");
135
136			return false;
137			}
138
139			// Get client details
140			if (!$clientData = $this->clientStorage->getClientDetails($client_id)) {
141			$response->setError(400, 'invalid_client', 'The client id supplied is invalid');
142
143			return false;
144			}
145
146			$registered_redirect_uri = isset($clientData['redirect_uri']) ? $clientData['redirect_uri'] : '';
147
148			// Make sure a valid redirect_uri was supplied. If specified, it must match the clientData URI.
149			// @see http://tools.ietf.org/html/rfc6749#section-3.1.2
150			// @see http://tools.ietf.org/html/rfc6749#section-4.1.2.1
151			// @see http://tools.ietf.org/html/rfc6749#section-4.2.2.1
152			if ($supplied_redirect_uri = $request->query('redirect_uri', $request->request('redirect_uri'))) {
153			// validate there is no fragment supplied
154			$parts = parse_url($supplied_redirect_uri);
155			if (isset($parts['fragment']) && $parts['fragment']) {
156			$response->setError(400, 'invalid_uri', 'The redirect URI must not contain a fragment');
157
158			return false;
159			}
160
161			// validate against the registered redirect uri(s) if available
162			if ($registered_redirect_uri && !$this->validateRedirectUri($supplied_redirect_uri, $registered_redirect_uri)) {
163			$response->setError(400, 'redirect_uri_mismatch', 'The redirect URI provided is missing or does not match', '#section-3.1.2');
164
165			return false;
166			}
167			$redirect_uri = $supplied_redirect_uri;
168			} else {
169			// use the registered redirect_uri if none has been supplied, if possible
170			if (!$registered_redirect_uri) {
171			$response->setError(400, 'invalid_uri', 'No redirect URI was supplied or stored');
172
173			return false;
174			}
175
176			if (count(explode(' ', $registered_redirect_uri)) > 1) {
177			$response->setError(400, 'invalid_uri', 'A redirect URI must be supplied when multiple redirect URIs are registered', '#section-3.1.2.3');
178
179			return false;
180			}
181			$redirect_uri = $registered_redirect_uri;
182			}
183
184			// Select the redirect URI
185			$response_type = $request->query('response_type', $request->request('response_type'));
186
187			// for multiple-valued response types - make them alphabetical
188			if (false !== strpos($response_type, ' ')) {
189			$types = explode(' ', $response_type);
190			sort($types);
191			$response_type = ltrim(implode(' ', $types));
192			}
193
194			$state = $request->query('state', $request->request('state'));
195
196			// type and client_id are required
197			if (!$response_type \|\| !in_array($response_type, $this->getValidResponseTypes())) {
198			$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'invalid_request', 'Invalid or missing response type', null);
199
200			return false;
201			}
202
203			if ($response_type == self::RESPONSE_TYPE_AUTHORIZATION_CODE) {
204			if (!isset($this->responseTypes['code'])) {
205			$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unsupported_response_type', 'authorization code grant type not supported', null);
206
207			return false;
208			}
209			if (!$this->clientStorage->checkRestrictedGrantType($client_id, 'authorization_code')) {
210			$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unauthorized_client', 'The grant type is unauthorized for this client_id', null);
211
212			return false;
213			}
214			if ($this->responseTypes['code']->enforceRedirect() && !$redirect_uri) {
215			$response->setError(400, 'redirect_uri_mismatch', 'The redirect URI is mandatory and was not supplied');
216
217			return false;
218			}
219			} else {
220			if (!$this->config['allow_implicit']) {
221			$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unsupported_response_type', 'implicit grant type not supported', null);
222
223			return false;
224			}
225			if (!$this->clientStorage->checkRestrictedGrantType($client_id, 'implicit')) {
226			$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'unauthorized_client', 'The grant type is unauthorized for this client_id', null);
227
228			return false;
229			}
230			}
231
232			// validate requested scope if it exists
233			$requestedScope = $this->scopeUtil->getScopeFromRequest($request);
234
235			if ($requestedScope) {
236			// restrict scope by client specific scope if applicable,
237			// otherwise verify the scope exists
238			$clientScope = $this->clientStorage->getClientScope($client_id);
239			if ((is_null($clientScope) && !$this->scopeUtil->scopeExists($requestedScope))
240			\|\| ($clientScope && !$this->scopeUtil->checkScope($requestedScope, $clientScope))) {
241			$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'invalid_scope', 'An unsupported scope was requested', null);
242
243			return false;
244			}
245			} else {
246			// use a globally-defined default scope
247			$defaultScope = $this->scopeUtil->getDefaultScope($client_id);
248
249			if (false === $defaultScope) {
250			$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $state, 'invalid_client', 'This application requires you specify a scope parameter', null);
251
252			return false;
253			}
254
255			$requestedScope = $defaultScope;
256			}
257
258			// Validate state parameter exists (if configured to enforce this)
259			if ($this->config['enforce_state'] && !$state) {
260			$response->setRedirect($this->config['redirect_status_code'], $redirect_uri, null, 'invalid_request', 'The state parameter is required');
261
262			return false;
263			}
264
265			// save the input data and return true
266			$this->scope = $requestedScope;
267			$this->state = $state;
268			$this->client_id = $client_id;
269			// Only save the SUPPLIED redirect URI (@see http://tools.ietf.org/html/rfc6749#section-4.1.3)
270			$this->redirect_uri = $supplied_redirect_uri;
271			$this->response_type = $response_type;
272
273			return true;
274			}
275
276			/**
277			* Build the absolute URI based on supplied URI and parameters.
278			*
279			* @param $uri An absolute URI.
			0 ignored issues – show Bug introduced 2017-11-09 09:31 UTC by Report Bug Copy Issue Report The type `OAuth2\Controller\An` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
280			* @param $params Parameters to be append as GET.
			0 ignored issues – show Bug introduced 2017-11-09 09:31 UTC by Report Bug Copy Issue Report The type `OAuth2\Controller\Parameters` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
281			*
282			* @return
283			* An absolute URI with supplied parameters.
284			*
285			* @ingroup oauth2_section_4
286			*/
287			private function buildUri($uri, $params)
288			{
289			$parse_url = parse_url($uri);
290
291			// Add our params to the parsed uri
292			foreach ($params as $k => $v) {
293			if (isset($parse_url[$k])) {
294			$parse_url[$k] .= "&" . http_build_query($v, '', '&');
295			} else {
296			$parse_url[$k] = http_build_query($v, '', '&');
297			}
298			}
299
300			// Put humpty dumpty back together
301			return
302			((isset($parse_url["scheme"])) ? $parse_url["scheme"] . "://" : "")
303			. ((isset($parse_url["user"])) ? $parse_url["user"]
304			. ((isset($parse_url["pass"])) ? ":" . $parse_url["pass"] : "") . "@" : "")
305			. ((isset($parse_url["host"])) ? $parse_url["host"] : "")
306			. ((isset($parse_url["port"])) ? ":" . $parse_url["port"] : "")
307			. ((isset($parse_url["path"])) ? $parse_url["path"] : "")
308			. ((isset($parse_url["query"]) && !empty($parse_url['query'])) ? "?" . $parse_url["query"] : "")
309			. ((isset($parse_url["fragment"])) ? "#" . $parse_url["fragment"] : "")
310			;
311			}
312
313			protected function getValidResponseTypes()
314			{
315			return array(
316			self::RESPONSE_TYPE_ACCESS_TOKEN,
317			self::RESPONSE_TYPE_AUTHORIZATION_CODE,
318			);
319			}
320
321			/**
322			* Internal method for validating redirect URI supplied
323			*
324			* @param string $inputUri The submitted URI to be validated
325			* @param string $registeredUriString The allowed URI(s) to validate against. Can be a space-delimited string of URIs to
326			* allow for multiple URIs
327			*
328			* @see http://tools.ietf.org/html/rfc6749#section-3.1.2
329			*/
330			protected function validateRedirectUri($inputUri, $registeredUriString)
331			{
332			if (!$inputUri \|\| !$registeredUriString) {
333			return false; // if either one is missing, assume INVALID
334			}
335
336			$registered_uris = preg_split('/\s+/', $registeredUriString);
337			foreach ($registered_uris as $registered_uri) {
338			if ($this->config['require_exact_redirect_uri']) {
339			// the input uri is validated against the registered uri using exact match
340			if (strcmp($inputUri, $registered_uri) === 0) {
341			return true;
342			}
343			} else {
344			// the input uri is validated against the registered uri using case-insensitive match of the initial string
345			// i.e. additional query parameters may be applied
346			if (strcasecmp(substr($inputUri, 0, strlen($registered_uri)), $registered_uri) === 0) {
347			return true;
348			}
349			}
350			}
351
352			return false;
353			}
354
355			/**
356			* Convenience methods to access the parameters derived from the validated request
357			*/
358
359			public function getScope()
360			{
361			return $this->scope;
362			}
363
364			public function getState()
365			{
366			return $this->state;
367			}
368
369			public function getClientId()
370			{
371			return $this->client_id;
372			}
373
374			public function getRedirectUri()
375			{
376			return $this->redirect_uri;
377			}
378
379			public function getResponseType()
380			{
381			return $this->response_type;
382			}
383			}
384

redCOMPONENT-COM / redCORE

Pull Request — develop (#816)

AuthorizeController F

Complexity

Size/Duplication

Importance

13 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like