DynamoDB::getPrivateKey() - Code Metrics - Inspection of "Merge pull request #816 from thongredweb/fix-trans..." - redCOMPONENT-COM/redCORE - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — develop ( a2c65d...283ac2 )

by Kristijan

created 2018-02-09 14:23 UTC

DynamoDB::getPrivateKey() A

↳ Parent: DynamoDB

Complexity

Conditions	2
Paths	2

Size

Total Lines	12
Code Lines	7

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	12
rs	9.4285
c	0
b	0
f	0
cc	2
eloc	7
nc	2
nop	1

<?php

namespace OAuth2\Storage;

use Aws\DynamoDb\DynamoDbClient;
filter:
    dependency_paths: ["lib/*"]

use OAuth2\OpenID\Storage\UserClaimsInterface;
use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
/**
 * DynamoDB storage for all storage types
 *
 * To use, install "aws/aws-sdk-php" via composer
 * <code>
 *  composer require aws/aws-sdk-php:dev-master
 * </code>
 *
 * Once this is done, instantiate the DynamoDB client
 * <code>
 *  $storage = new OAuth2\Storage\Dynamodb(array("key" => "YOURKEY", "secret" => "YOURSECRET", "region" => "YOURREGION"));
 * </code>
 *
 * Table :
 *  - oauth_access_tokens (primary hash key : access_token)
 *  - oauth_authorization_codes (primary hash key : authorization_code)
 *  - oauth_clients (primary hash key : client_id)
 *  - oauth_jwt (primary hash key : client_id, primary range key : subject)
 *  - oauth_public_keys (primary hash key : client_id)
 *  - oauth_refresh_tokens (primary hash key : refresh_token)
 *  - oauth_scopes (primary hash key : scope, secondary index : is_default-index hash key is_default)
 *  - oauth_users (primary hash key : username)
 *
 * @author Frederic AUGUSTE <frederic.auguste at gmail dot com>
 */
class DynamoDB implements
    AuthorizationCodeInterface,
    AccessTokenInterface,
    ClientCredentialsInterface,
    UserCredentialsInterface,
    RefreshTokenInterface,
    JwtBearerInterface,
    ScopeInterface,
    PublicKeyInterface,
    UserClaimsInterface,
    OpenIDAuthorizationCodeInterface
{
    protected $client;
    protected $config;

    public function __construct($connection, $config = array())
    {
        if (!($connection instanceof DynamoDbClient)) {
            if (!is_array($connection)) {
                throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region');
            }
            if (!array_key_exists("key",$connection) || !array_key_exists("secret",$connection) || !array_key_exists("region",$connection) ) {
                throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region');
            }
            $this->client = DynamoDbClient::factory(array(
                'key' => $connection["key"],
                'secret' => $connection["secret"],
                'region' =>$connection["region"]
            ));
        } else {
            $this->client = $connection;
        }

        $this->config = array_merge(array(
            'client_table' => 'oauth_clients',
            'access_token_table' => 'oauth_access_tokens',
            'refresh_token_table' => 'oauth_refresh_tokens',
            'code_table' => 'oauth_authorization_codes',
            'user_table' => 'oauth_users',
            'jwt_table'  => 'oauth_jwt',
            'scope_table'  => 'oauth_scopes',
            'public_key_table'  => 'oauth_public_keys',
        ), $config);
    }

    /* OAuth2\Storage\ClientCredentialsInterface */
    public function checkClientCredentials($client_id, $client_secret = null)
    {
        $result = $this->client->getItem(array(
            "TableName"=> $this->config['client_table'],
            "Key" => array('client_id'   => array('S' => $client_id))
        ));

        return  $result->count()==1 && $result["Item"]["client_secret"]["S"] == $client_secret;
    }

    public function isPublicClient($client_id)
    {
        $result = $this->client->getItem(array(
            "TableName"=> $this->config['client_table'],
            "Key" => array('client_id'   => array('S' => $client_id))
        ));

        if ($result->count()==0) {
            return false ;
        }

        return empty($result["Item"]["client_secret"]);
    }

    /* OAuth2\Storage\ClientInterface */
    public function getClientDetails($client_id)
    {
        $result = $this->client->getItem(array(
            "TableName"=> $this->config['client_table'],
            "Key" => array('client_id'   => array('S' => $client_id))
        ));
        if ($result->count()==0) {
            return false ;
interface HasName {
    /** @return string */
    public function getName();
}

class Name {
    public $name;
}

class User implements HasName {
    /** @return string|Name */
    public function getName() {
        return new Name('foo'); // This is a violation of the ``HasName`` interface
                                // which only allows a string value to be returned.
    }
}
        }
        $result = $this->dynamo2array($result);
        foreach (array('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id') as $key => $val) {
            if (!array_key_exists ($val, $result)) {
                $result[$val] = null;
            }
        }

        return $result;
    }

    public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
    {
        $clientData = compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id');
        $clientData = array_filter($clientData, function ($value) { return !is_null($value); });

        $this->client->putItem(array(
            'TableName' =>  $this->config['client_table'],
            'Item' => $this->client->formatAttributes($clientData)
        ));

        return true;
    }

    public function checkRestrictedGrantType($client_id, $grant_type)
    {
        $details = $this->getClientDetails($client_id);
        if (isset($details['grant_types'])) {
            $grant_types = explode(' ', $details['grant_types']);

            return in_array($grant_type, (array) $grant_types);
        }

        // if grant_types are not defined, then none are restricted
        return true;
    }

    /* OAuth2\Storage\AccessTokenInterface */
    public function getAccessToken($access_token)
    {
        $result = $this->client->getItem(array(
            "TableName"=> $this->config['access_token_table'],
            "Key" => array('access_token'   => array('S' => $access_token))
        ));
        if ($result->count()==0) {
            return false ;
        }
        $token = $this->dynamo2array($result);
        if (array_key_exists ('expires', $token)) {
            $token['expires'] = strtotime($token['expires']);
        }

        return $token;
    }

    public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
    {
        // convert expires to datestring
        $expires = date('Y-m-d H:i:s', $expires);

        $clientData = compact('access_token', 'client_id', 'user_id', 'expires', 'scope');
        $clientData = array_filter($clientData, function ($value) { return !empty($value); });

        $this->client->putItem(array(
            'TableName' =>  $this->config['access_token_table'],
            'Item' => $this->client->formatAttributes($clientData)
        ));

        return true;

    }

    public function unsetAccessToken($access_token)
    {
        $this->client->deleteItem(array(
            'TableName' =>  $this->config['access_token_table'],
            'Key' => $this->client->formatAttributes(array("access_token" => $access_token))
        ));

        return true;
    }

    /* OAuth2\Storage\AuthorizationCodeInterface */
    public function getAuthorizationCode($code)
    {
        $result = $this->client->getItem(array(
            "TableName"=> $this->config['code_table'],
            "Key" => array('authorization_code'   => array('S' => $code))
        ));
        if ($result->count()==0) {
            return false ;
        }
        $token = $this->dynamo2array($result);
        if (!array_key_exists("id_token", $token )) {
            $token['id_token'] = null;
        }
        $token['expires'] = strtotime($token['expires']);

        return $token;

    }

    public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
    {
        // convert expires to datestring
        $expires = date('Y-m-d H:i:s', $expires);

        $clientData = compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'id_token', 'scope');
        $clientData = array_filter($clientData, function ($value) { return !empty($value); });

        $this->client->putItem(array(
            'TableName' =>  $this->config['code_table'],
            'Item' => $this->client->formatAttributes($clientData)
        ));

        return true;
    }

    public function expireAuthorizationCode($code)
    {

        $this->client->deleteItem(array(
            'TableName' =>  $this->config['code_table'],
            'Key' => $this->client->formatAttributes(array("authorization_code" => $code))
        ));

        return true;
    }

    /* OAuth2\Storage\UserCredentialsInterface */
    public function checkUserCredentials($username, $password)
    {
        if ($user = $this->getUser($username)) {
            return $this->checkPassword($user, $password);
        }

        return false;
    }

    public function getUserDetails($username)
    {
        return $this->getUser($username);
    }

    /* UserClaimsInterface */
    public function getUserClaims($user_id, $claims)
    {
        if (!$userDetails = $this->getUserDetails($user_id)) {
            return false;
        }

        $claims = explode(' ', trim($claims));
        $userClaims = array();

        // for each requested claim, if the user has the claim, set it in the response
        $validClaims = explode(' ', self::VALID_CLAIMS);
        foreach ($validClaims as $validClaim) {
            if (in_array($validClaim, $claims)) {
                if ($validClaim == 'address') {
                    // address is an object with subfields
                    $userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails);
                } else {
                    $userClaims = array_merge($userClaims, $this->getUserClaim($validClaim, $userDetails));
                }
            }
        }

        return $userClaims;
    }

    protected function getUserClaim($claim, $userDetails)
    {
        $userClaims = array();
        $claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim)));
        $claimValues = explode(' ', $claimValuesString);

        foreach ($claimValues as $value) {
            if ($value == 'email_verified') {
                $userClaims[$value] = $userDetails[$value]=='true' ? true : false;
            } else {
                $userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
            }
        }

        return $userClaims;
    }

    /* OAuth2\Storage\RefreshTokenInterface */
    public function getRefreshToken($refresh_token)
    {
        $result = $this->client->getItem(array(
            "TableName"=> $this->config['refresh_token_table'],
            "Key" => array('refresh_token'   => array('S' => $refresh_token))
        ));
        if ($result->count()==0) {
            return false ;
        }
        $token = $this->dynamo2array($result);
        $token['expires'] = strtotime($token['expires']);

        return $token;
    }

    public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
    {
        // convert expires to datestring
        $expires = date('Y-m-d H:i:s', $expires);

        $clientData = compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope');
        $clientData = array_filter($clientData, function ($value) { return !empty($value); });

        $this->client->putItem(array(
            'TableName' =>  $this->config['refresh_token_table'],
            'Item' => $this->client->formatAttributes($clientData)
        ));

        return true;
    }

    public function unsetRefreshToken($refresh_token)
    {
       $this->client->deleteItem(array(
            'TableName' =>  $this->config['refresh_token_table'],
            'Key' => $this->client->formatAttributes(array("refresh_token" => $refresh_token))
        ));

        return true;
    }

    // plaintext passwords are bad!  Override this for your application
    protected function checkPassword($user, $password)
    {
        return $user['password'] == sha1($password);
    }

    public function getUser($username)
    {
        $result = $this->client->getItem(array(
            "TableName"=> $this->config['user_table'],
            "Key" => array('username'   => array('S' => $username))
        ));
        if ($result->count()==0) {
            return false ;
        }
        $token = $this->dynamo2array($result);
        $token['user_id'] = $username;

        return $token;
    }

    public function setUser($username, $password, $first_name = null, $last_name = null)
    {
        // do not store in plaintext
        $password = sha1($password);

        $clientData = compact('username', 'password', 'first_name', 'last_name');
        $clientData = array_filter($clientData, function ($value) { return !is_null($value); });

        $this->client->putItem(array(
            'TableName' =>  $this->config['user_table'],
            'Item' => $this->client->formatAttributes($clientData)
        ));

        return true;

    }

    /* ScopeInterface */
    public function scopeExists($scope)
    {
        $scope = explode(' ', $scope);
        $count = 0;
        foreach ($scope as $key => $val) {
            $result = $this->client->query(array(
                'TableName'     => $this->config['scope_table'],
                'Select'        => 'COUNT',
                'KeyConditions' => array(
                    'scope' => array(
                        'AttributeValueList' => array(array('S' => $val)),
                        'ComparisonOperator' => 'EQ'
                    )
                )
            ));
            $count += $result['Count'];
        }

        return $count == count($scope);
    }

    public function getDefaultScope($client_id = null)
    {

        $result = $this->client->query(array(
            'TableName' => $this->config['scope_table'],
            'IndexName' => 'is_default-index',
            'Select' => 'ALL_ATTRIBUTES',
            'KeyConditions' => array(
                'is_default' => array(
                    'AttributeValueList' => array(array('S' => 'true')),
                    'ComparisonOperator' => 'EQ',
                ),
            )
        ));
        $defaultScope = array();
        if ($result->count() > 0) {
            $array = $result->toArray();
            foreach ($array["Items"] as $item) {
                $defaultScope[]  = $item['scope']['S'];
            }

            return empty($defaultScope) ? null : implode(' ', $defaultScope);
        }

        return null;
    }

    /* JWTBearerInterface */
    public function getClientKey($client_id, $subject)
    {
        $result = $this->client->getItem(array(
            "TableName"=> $this->config['jwt_table'],
            "Key" => array('client_id'   => array('S' => $client_id), 'subject' => array('S' => $subject))
        ));
        if ($result->count()==0) {
            return false ;
        }
        $token = $this->dynamo2array($result);

        return $token['public_key'];
    }

    public function getClientScope($client_id)
    {
        if (!$clientDetails = $this->getClientDetails($client_id)) {
            return false;
        }

        if (isset($clientDetails['scope'])) {
            return $clientDetails['scope'];
        }

        return null;
    }

    public function getJti($client_id, $subject, $audience, $expires, $jti)
    {
        //TODO not use.
    }

    public function setJti($client_id, $subject, $audience, $expires, $jti)
    {
        //TODO not use.
    }

    /* PublicKeyInterface */
    public function getPublicKey($client_id = '0')
    {

        $result = $this->client->getItem(array(
            "TableName"=> $this->config['public_key_table'],
            "Key" => array('client_id'   => array('S' => $client_id))
        ));
        if ($result->count()==0) {
            return false ;
        }
        $token = $this->dynamo2array($result);

        return $token['public_key'];

    }

    public function getPrivateKey($client_id = '0')
    {
        $result = $this->client->getItem(array(
            "TableName"=> $this->config['public_key_table'],
            "Key" => array('client_id'   => array('S' => $client_id))
        ));
        if ($result->count()==0) {
            return false ;
        }
        $token = $this->dynamo2array($result);

        return $token['private_key'];
    }

    public function getEncryptionAlgorithm($client_id = null)
    {
        $result = $this->client->getItem(array(
            "TableName"=> $this->config['public_key_table'],
            "Key" => array('client_id'   => array('S' => $client_id))
        ));
        if ($result->count()==0) {
            return 'RS256' ;
        }
        $token = $this->dynamo2array($result);

        return $token['encryption_algorithm'];
    }

    /**
     * Transform dynamodb resultset to an array.
     * @param $dynamodbResult
     * @return $array
     */
    private function dynamo2array($dynamodbResult)
    {
        $result = array();
        foreach ($dynamodbResult["Item"] as $key => $val) {
            $result[$key] = $val["S"];
            $result[] = $val["S"];
        }

        return $result;
    }
}


1			<?php
2
3			namespace OAuth2\Storage;
4
5			use Aws\DynamoDb\DynamoDbClient;
			0 ignored issues – show Bug introduced 2017-11-09 09:31 UTC by Report Bug Copy Issue Report The type `Aws\DynamoDb\DynamoDbClient` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
6
7			use OAuth2\OpenID\Storage\UserClaimsInterface;
8			use OAuth2\OpenID\Storage\AuthorizationCodeInterface as OpenIDAuthorizationCodeInterface;
9			/**
10			* DynamoDB storage for all storage types
11			*
12			* To use, install "aws/aws-sdk-php" via composer
13			* <code>
14			* composer require aws/aws-sdk-php:dev-master
15			* </code>
16			*
17			* Once this is done, instantiate the DynamoDB client
18			* <code>
19			* $storage = new OAuth2\Storage\Dynamodb(array("key" => "YOURKEY", "secret" => "YOURSECRET", "region" => "YOURREGION"));
20			* </code>
21			*
22			* Table :
23			* - oauth_access_tokens (primary hash key : access_token)
24			* - oauth_authorization_codes (primary hash key : authorization_code)
25			* - oauth_clients (primary hash key : client_id)
26			* - oauth_jwt (primary hash key : client_id, primary range key : subject)
27			* - oauth_public_keys (primary hash key : client_id)
28			* - oauth_refresh_tokens (primary hash key : refresh_token)
29			* - oauth_scopes (primary hash key : scope, secondary index : is_default-index hash key is_default)
30			* - oauth_users (primary hash key : username)
31			*
32			* @author Frederic AUGUSTE <frederic.auguste at gmail dot com>
33			*/
34			class DynamoDB implements
35			AuthorizationCodeInterface,
36			AccessTokenInterface,
37			ClientCredentialsInterface,
38			UserCredentialsInterface,
39			RefreshTokenInterface,
40			JwtBearerInterface,
41			ScopeInterface,
42			PublicKeyInterface,
43			UserClaimsInterface,
44			OpenIDAuthorizationCodeInterface
45			{
46			protected $client;
47			protected $config;
48
49			public function __construct($connection, $config = array())
50			{
51			if (!($connection instanceof DynamoDbClient)) {
52			if (!is_array($connection)) {
53			throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region');
54			}
55			if (!array_key_exists("key",$connection) \|\| !array_key_exists("secret",$connection) \|\| !array_key_exists("region",$connection) ) {
56			throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region');
57			}
58			$this->client = DynamoDbClient::factory(array(
59			'key' => $connection["key"],
60			'secret' => $connection["secret"],
61			'region' =>$connection["region"]
62			));
63			} else {
64			$this->client = $connection;
65			}
66
67			$this->config = array_merge(array(
68			'client_table' => 'oauth_clients',
69			'access_token_table' => 'oauth_access_tokens',
70			'refresh_token_table' => 'oauth_refresh_tokens',
71			'code_table' => 'oauth_authorization_codes',
72			'user_table' => 'oauth_users',
73			'jwt_table' => 'oauth_jwt',
74			'scope_table' => 'oauth_scopes',
75			'public_key_table' => 'oauth_public_keys',
76			), $config);
77			}
78
79			/* OAuth2\Storage\ClientCredentialsInterface */
80			public function checkClientCredentials($client_id, $client_secret = null)
81			{
82			$result = $this->client->getItem(array(
83			"TableName"=> $this->config['client_table'],
84			"Key" => array('client_id' => array('S' => $client_id))
85			));
86
87			return $result->count()==1 && $result["Item"]["client_secret"]["S"] == $client_secret;
88			}
89
90			public function isPublicClient($client_id)
91			{
92			$result = $this->client->getItem(array(
93			"TableName"=> $this->config['client_table'],
94			"Key" => array('client_id' => array('S' => $client_id))
95			));
96
97			if ($result->count()==0) {
98			return false ;
99			}
100
101			return empty($result["Item"]["client_secret"]);
102			}
103
104			/* OAuth2\Storage\ClientInterface */
105			public function getClientDetails($client_id)
106			{
107			$result = $this->client->getItem(array(
108			"TableName"=> $this->config['client_table'],
109			"Key" => array('client_id' => array('S' => $client_id))
110			));
111			if ($result->count()==0) {
112			return false ;
			0 ignored issues – show Bug Best Practice introduced 2017-11-09 09:31 UTC by Report Bug Copy Issue Report The expression `return false` returns the type `false` which is incompatible with the return type mandated by `OAuth2\Storage\ClientInterface::getClientDetails()` of `array`. In the issue above, the returned value is violating the contract defined by the mentioned interface. Let's take a look at an example: interface HasName { /** @return string / public function getName(); } class Name { public $name; } class User implements HasName { /* @return string\|Name */ public function getName() { return new Name('foo'); // This is a violation of the ``HasName`` interface // which only allows a string value to be returned. } } Loading history...
113			}
114			$result = $this->dynamo2array($result);
115			foreach (array('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id') as $key => $val) {
116			if (!array_key_exists ($val, $result)) {
117			$result[$val] = null;
118			}
119			}
120
121			return $result;
122			}
123
124			public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
125			{
126			$clientData = compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id');
127			$clientData = array_filter($clientData, function ($value) { return !is_null($value); });
128
129			$this->client->putItem(array(
130			'TableName' => $this->config['client_table'],
131			'Item' => $this->client->formatAttributes($clientData)
132			));
133
134			return true;
135			}
136
137			public function checkRestrictedGrantType($client_id, $grant_type)
138			{
139			$details = $this->getClientDetails($client_id);
140			if (isset($details['grant_types'])) {
141			$grant_types = explode(' ', $details['grant_types']);
142
143			return in_array($grant_type, (array) $grant_types);
144			}
145
146			// if grant_types are not defined, then none are restricted
147			return true;
148			}
149
150			/* OAuth2\Storage\AccessTokenInterface */
151			public function getAccessToken($access_token)
152			{
153			$result = $this->client->getItem(array(
154			"TableName"=> $this->config['access_token_table'],
155			"Key" => array('access_token' => array('S' => $access_token))
156			));
157			if ($result->count()==0) {
158			return false ;
159			}
160			$token = $this->dynamo2array($result);
161			if (array_key_exists ('expires', $token)) {
162			$token['expires'] = strtotime($token['expires']);
163			}
164
165			return $token;
166			}
167
168			public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
169			{
170			// convert expires to datestring
171			$expires = date('Y-m-d H:i:s', $expires);
172
173			$clientData = compact('access_token', 'client_id', 'user_id', 'expires', 'scope');
174			$clientData = array_filter($clientData, function ($value) { return !empty($value); });
175
176			$this->client->putItem(array(
177			'TableName' => $this->config['access_token_table'],
178			'Item' => $this->client->formatAttributes($clientData)
179			));
180
181			return true;
182
183			}
184
185			public function unsetAccessToken($access_token)
186			{
187			$this->client->deleteItem(array(
188			'TableName' => $this->config['access_token_table'],
189			'Key' => $this->client->formatAttributes(array("access_token" => $access_token))
190			));
191
192			return true;
193			}
194
195			/* OAuth2\Storage\AuthorizationCodeInterface */
196			public function getAuthorizationCode($code)
197			{
198			$result = $this->client->getItem(array(
199			"TableName"=> $this->config['code_table'],
200			"Key" => array('authorization_code' => array('S' => $code))
201			));
202			if ($result->count()==0) {
203			return false ;
204			}
205			$token = $this->dynamo2array($result);
206			if (!array_key_exists("id_token", $token )) {
207			$token['id_token'] = null;
208			}
209			$token['expires'] = strtotime($token['expires']);
210
211			return $token;
212
213			}
214
215			public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
216			{
217			// convert expires to datestring
218			$expires = date('Y-m-d H:i:s', $expires);
219
220			$clientData = compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'id_token', 'scope');
221			$clientData = array_filter($clientData, function ($value) { return !empty($value); });
222
223			$this->client->putItem(array(
224			'TableName' => $this->config['code_table'],
225			'Item' => $this->client->formatAttributes($clientData)
226			));
227
228			return true;
229			}
230
231			public function expireAuthorizationCode($code)
232			{
233
234			$this->client->deleteItem(array(
235			'TableName' => $this->config['code_table'],
236			'Key' => $this->client->formatAttributes(array("authorization_code" => $code))
237			));
238
239			return true;
240			}
241
242			/* OAuth2\Storage\UserCredentialsInterface */
243			public function checkUserCredentials($username, $password)
244			{
245			if ($user = $this->getUser($username)) {
246			return $this->checkPassword($user, $password);
247			}
248
249			return false;
250			}
251
252			public function getUserDetails($username)
253			{
254			return $this->getUser($username);
255			}
256
257			/* UserClaimsInterface */
258			public function getUserClaims($user_id, $claims)
259			{
260			if (!$userDetails = $this->getUserDetails($user_id)) {
261			return false;
262			}
263
264			$claims = explode(' ', trim($claims));
265			$userClaims = array();
266
267			// for each requested claim, if the user has the claim, set it in the response
268			$validClaims = explode(' ', self::VALID_CLAIMS);
269			foreach ($validClaims as $validClaim) {
270			if (in_array($validClaim, $claims)) {
271			if ($validClaim == 'address') {
272			// address is an object with subfields
273			$userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails);
274			} else {
275			$userClaims = array_merge($userClaims, $this->getUserClaim($validClaim, $userDetails));
276			}
277			}
278			}
279
280			return $userClaims;
281			}
282
283			protected function getUserClaim($claim, $userDetails)
284			{
285			$userClaims = array();
286			$claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim)));
287			$claimValues = explode(' ', $claimValuesString);
288
289			foreach ($claimValues as $value) {
290			if ($value == 'email_verified') {
291			$userClaims[$value] = $userDetails[$value]=='true' ? true : false;
292			} else {
293			$userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
294			}
295			}
296
297			return $userClaims;
298			}
299
300			/* OAuth2\Storage\RefreshTokenInterface */
301			public function getRefreshToken($refresh_token)
302			{
303			$result = $this->client->getItem(array(
304			"TableName"=> $this->config['refresh_token_table'],
305			"Key" => array('refresh_token' => array('S' => $refresh_token))
306			));
307			if ($result->count()==0) {
308			return false ;
309			}
310			$token = $this->dynamo2array($result);
311			$token['expires'] = strtotime($token['expires']);
312
313			return $token;
314			}
315
316			public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
317			{
318			// convert expires to datestring
319			$expires = date('Y-m-d H:i:s', $expires);
320
321			$clientData = compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope');
322			$clientData = array_filter($clientData, function ($value) { return !empty($value); });
323
324			$this->client->putItem(array(
325			'TableName' => $this->config['refresh_token_table'],
326			'Item' => $this->client->formatAttributes($clientData)
327			));
328
329			return true;
330			}
331
332			public function unsetRefreshToken($refresh_token)
333			{
334			$this->client->deleteItem(array(
335			'TableName' => $this->config['refresh_token_table'],
336			'Key' => $this->client->formatAttributes(array("refresh_token" => $refresh_token))
337			));
338
339			return true;
340			}
341
342			// plaintext passwords are bad! Override this for your application
343			protected function checkPassword($user, $password)
344			{
345			return $user['password'] == sha1($password);
346			}
347
348			public function getUser($username)
349			{
350			$result = $this->client->getItem(array(
351			"TableName"=> $this->config['user_table'],
352			"Key" => array('username' => array('S' => $username))
353			));
354			if ($result->count()==0) {
355			return false ;
356			}
357			$token = $this->dynamo2array($result);
358			$token['user_id'] = $username;
359
360			return $token;
361			}
362
363			public function setUser($username, $password, $first_name = null, $last_name = null)
364			{
365			// do not store in plaintext
366			$password = sha1($password);
367
368			$clientData = compact('username', 'password', 'first_name', 'last_name');
369			$clientData = array_filter($clientData, function ($value) { return !is_null($value); });
370
371			$this->client->putItem(array(
372			'TableName' => $this->config['user_table'],
373			'Item' => $this->client->formatAttributes($clientData)
374			));
375
376			return true;
377
378			}
379
380			/* ScopeInterface */
381			public function scopeExists($scope)
382			{
383			$scope = explode(' ', $scope);
384			$count = 0;
385			foreach ($scope as $key => $val) {
386			$result = $this->client->query(array(
387			'TableName' => $this->config['scope_table'],
388			'Select' => 'COUNT',
389			'KeyConditions' => array(
390			'scope' => array(
391			'AttributeValueList' => array(array('S' => $val)),
392			'ComparisonOperator' => 'EQ'
393			)
394			)
395			));
396			$count += $result['Count'];
397			}
398
399			return $count == count($scope);
400			}
401
402			public function getDefaultScope($client_id = null)
403			{
404
405			$result = $this->client->query(array(
406			'TableName' => $this->config['scope_table'],
407			'IndexName' => 'is_default-index',
408			'Select' => 'ALL_ATTRIBUTES',
409			'KeyConditions' => array(
410			'is_default' => array(
411			'AttributeValueList' => array(array('S' => 'true')),
412			'ComparisonOperator' => 'EQ',
413			),
414			)
415			));
416			$defaultScope = array();
417			if ($result->count() > 0) {
418			$array = $result->toArray();
419			foreach ($array["Items"] as $item) {
420			$defaultScope[] = $item['scope']['S'];
421			}
422
423			return empty($defaultScope) ? null : implode(' ', $defaultScope);
424			}
425
426			return null;
427			}
428
429			/* JWTBearerInterface */
430			public function getClientKey($client_id, $subject)
431			{
432			$result = $this->client->getItem(array(
433			"TableName"=> $this->config['jwt_table'],
434			"Key" => array('client_id' => array('S' => $client_id), 'subject' => array('S' => $subject))
435			));
436			if ($result->count()==0) {
437			return false ;
438			}
439			$token = $this->dynamo2array($result);
440
441			return $token['public_key'];
442			}
443
444			public function getClientScope($client_id)
445			{
446			if (!$clientDetails = $this->getClientDetails($client_id)) {
447			return false;
448			}
449
450			if (isset($clientDetails['scope'])) {
451			return $clientDetails['scope'];
452			}
453
454			return null;
455			}
456
457			public function getJti($client_id, $subject, $audience, $expires, $jti)
458			{
459			//TODO not use.
460			}
461
462			public function setJti($client_id, $subject, $audience, $expires, $jti)
463			{
464			//TODO not use.
465			}
466
467			/* PublicKeyInterface */
468			public function getPublicKey($client_id = '0')
469			{
470
471			$result = $this->client->getItem(array(
472			"TableName"=> $this->config['public_key_table'],
473			"Key" => array('client_id' => array('S' => $client_id))
474			));
475			if ($result->count()==0) {
476			return false ;
477			}
478			$token = $this->dynamo2array($result);
479
480			return $token['public_key'];
481
482			}
483
484			public function getPrivateKey($client_id = '0')
485			{
486			$result = $this->client->getItem(array(
487			"TableName"=> $this->config['public_key_table'],
488			"Key" => array('client_id' => array('S' => $client_id))
489			));
490			if ($result->count()==0) {
491			return false ;
492			}
493			$token = $this->dynamo2array($result);
494
495			return $token['private_key'];
496			}
497
498			public function getEncryptionAlgorithm($client_id = null)
499			{
500			$result = $this->client->getItem(array(
501			"TableName"=> $this->config['public_key_table'],
502			"Key" => array('client_id' => array('S' => $client_id))
503			));
504			if ($result->count()==0) {
505			return 'RS256' ;
506			}
507			$token = $this->dynamo2array($result);
508
509			return $token['encryption_algorithm'];
510			}
511
512			/**
513			* Transform dynamodb resultset to an array.
514			* @param $dynamodbResult
515			* @return $array
516			*/
517			private function dynamo2array($dynamodbResult)
518			{
519			$result = array();
520			foreach ($dynamodbResult["Item"] as $key => $val) {
521			$result[$key] = $val["S"];
522			$result[] = $val["S"];
523			}
524
525			return $result;
526			}
527			}
528

redCOMPONENT-COM / redCORE

Push — develop ( a2c65d...283ac2 )

DynamoDB::getPrivateKey() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like