AuthorizeController - Code Metrics - Inspection of "Upgrade to Symfony 3.4" - redelivre/login-cidadao - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#288)

by Guilherme

created 2018-08-23 19:16 UTC

AuthorizeController A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	204
Duplicated Lines	0 %

Importance

Changes

Metric	Value
eloc	89
dl	0
loc	204
rs	10
c	0
b	0
f	0
wmc	24

10 Methods

Rating	Name	Size	Complexity
A	authorizeAction()	3	1
A	getClient()	10	2
A	removeRemoteScope()	8	2
A	handleAuthorizeAction()	21	2
A	getOAuth2Server()	3	1
A	handleAuthorize()	13	1
A	getMetadata()	9	2
A	shouldWarnUntrusted()	21	6
A	validateAuthorizeAction()	59	5
A	getRequest()	11	2

<?php
/**
 * This file is part of the login-cidadao project or it's bundles.
 *
 * (c) Guilherme Donato <guilhermednt on github>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace LoginCidadao\OpenIDBundle\Controller;

use FOS\OAuthServerBundle\Event\OAuthEvent;
use LoginCidadao\CoreBundle\Model\PersonInterface;
use LoginCidadao\OpenIDBundle\Event\AuthorizationEvent;
use LoginCidadao\OpenIDBundle\LoginCidadaoOpenIDEvents;
use LoginCidadao\OpenIDBundle\Manager\ClientManager;
use LoginCidadao\OAuthBundle\Service\OrganizationService;
use LoginCidadao\OAuthBundle\Model\OrganizationInterface;
use LoginCidadao\OAuthBundle\Model\ClientInterface;
use OAuth2\Server;
use OAuth2\ServerBundle\Controller\AuthorizeController as BaseController;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Component\EventDispatcher\EventDispatcher;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RequestStack;

/**
 * Class AuthorizeController
 * @package LoginCidadao\OpenIDBundle\Controller
 * @codeCoverageIgnore
 */
class AuthorizeController extends BaseController
{

    /**
     * @Route("/openid/connect/authorize", name="_authorize_handle")
     * @Method({"POST"})
     */
    public function handleAuthorizeAction()
    {
        $request = $this->getRequest();
        $implodedScope = implode(' ', $request->request->get('scope'));
        $request->request->set('scope', $implodedScope);

        $isAuthorized = $request->request->has('accepted')
            || !$request->request->has('rejected');

        $response = $this->handleAuthorize($this->getOAuth2Server(), $isAuthorized);

        $event = new OAuthEvent(
            $this->getUser(),
            $this->getClient($request), $isAuthorized
        );

        /** @var EventDispatcherInterface $dispatcher */
        $dispatcher = $this->get('event_dispatcher');
        $dispatcher->dispatch(OAuthEvent::POST_AUTHORIZATION_PROCESS, $event);

        return $response;
    }

    /**
     * Render the Authorization fragment
     *
     * @Template()
     *
     * @deprecated
     */
    public function authorizeAction()
    {
        throw new \RuntimeException('This class should not be used!');
    }

    /**
     * @Route("/openid/connect/authorize", name="_authorize_validate")
     * @Method({"GET"})
     * @Template("LoginCidadaoOpenIDBundle:Authorize:authorize.html.twig")
     */
    public function validateAuthorizeAction()
    {
        $request = $this->getRequest();
        $client = $this->getClient($request);

        if (!$client instanceof \FOS\OAuthServerBundle\Model\ClientInterface) {
            return parent::validateAuthorizeAction();
        }

        /** @var PersonInterface $person */
        $person = $this->getUser();

        /** @var EventDispatcher $dispatcher */
        $dispatcher = $this->get('event_dispatcher');

        $event = new OAuthEvent($person, $client);
        $dispatcher->dispatch(OAuthEvent::PRE_AUTHORIZATION_PROCESS, $event);

        $isAuthorized = $event->isAuthorizedClient();
        $askConsent = $request->get('prompt', null) == 'consent';

        if ($isAuthorized && !$askConsent) {
            return $this->handleAuthorize($this->getOAuth2Server(), $isAuthorized);
        }

        $authEvent = new AuthorizationEvent($person, $client, $request->get('scope'));
        $dispatcher->dispatch(LoginCidadaoOpenIDEvents::NEW_AUTHORIZATION_REQUEST, $authEvent);
        $remoteClaims = $authEvent->getRemoteClaims();

        /** @var OrganizationService $organizationService */
        $organizationService = $this->get('organization');
        $warnUntrusted = $this->shouldWarnUntrusted($client);
        $metadata = $this->getMetadata($client);
        $organization = $organizationService->getOrganization($metadata);

        // Call the lib's original Controller
        $parentResponse = parent::validateAuthorizeAction();
        if (!is_array($parentResponse)) {
            return $parentResponse;
        }
        $parentResponse['scopes'] = $this->removeRemoteScope($parentResponse['scopes']);

        $response = array_merge([
            'qs' => [
                'client_id' => $client->getPublicId(),
                'scope' => $parentResponse['scopes'],
                'response_type' => $request->get('response_type'),
                'redirect_uri' => $request->get('redirect_uri'),
                'state' => $request->get('state'),
                'nonce' => $request->get('nonce'),
            ],
            'remoteClaims' => $remoteClaims,
            'client' => $client,
            'metadata' => $metadata,
            'organization' => $organization,
            'warnUntrusted' => $warnUntrusted,
        ], $parentResponse);

        return $response;
    }

    private function handleAuthorize(Server $server, $isAuthorized)
    {
        /** @var \OAuth2\Request $request */
        $request = $this->get('oauth2.request');

        /** @var \OAuth2\Response $response */
        $response = $this->get('oauth2.response');

        return $server->handleAuthorizeRequest(
            $request,
            $response,
            $isAuthorized,
            $this->getUser()->getId()
        );
    }

    private function getClient($fullId)
    {
        if ($fullId instanceof Request) {
            $fullId = $fullId->get('client_id');
        }

        /** @var ClientManager $clientManager */
        $clientManager = $this->get('lc.client_manager');

        return $clientManager->getClientById($fullId);
    }

    private function shouldWarnUntrusted(ClientInterface $client = null)
    {
        $warnUntrusted = $this->getParameter('warn_untrusted');

        if ($client) {
            $metadata = $this->getMetadata($client);

            if ($metadata && $metadata->getOrganization() instanceof OrganizationInterface) {
                $isTrusted = $metadata->getOrganization()->isTrusted();
            } else {
                $isTrusted = false;
            }
        } else {
            $isTrusted = false;
        }

        if ($isTrusted || !$warnUntrusted) {
            return false; // do not warn
        }

        return true; // warn
    }

    private function getMetadata(ClientInterface $client = null)
    {
        if (!$client) {
            return null;
        }

        $repo = $this->getDoctrine()->getRepository('LoginCidadaoOpenIDBundle:ClientMetadata');

        return $repo->findOneBy(['client' => $client]);
    }

    /**
     * @return object|Server
     */
    private function getOAuth2Server()
    {
        return $this->get('oauth2.server');
    }

    /**
     * @param array $scopes
     * @return array
     */
    private function removeRemoteScope(array $scopes)
    {
        return array_filter($scopes, function ($scope) {
            if (preg_match('/^tag:/', $scope) === 1) {
                return false;
            }

            return true;
        });
    }

    private function getRequest(): Request
    {
        /** @var RequestStack $requestStack */
        $requestStack = $this->get('request_stack');
        $request = $requestStack->getCurrentRequest();

        if ($request instanceof Request) {
            return $request;
        }

        throw new \RuntimeException("Request could not be found");
    }
}


1			<?php
2			/**
3			* This file is part of the login-cidadao project or it's bundles.
4			*
5			* (c) Guilherme Donato <guilhermednt on github>
6			*
7			* For the full copyright and license information, please view the LICENSE
8			* file that was distributed with this source code.
9			*/
10
11			namespace LoginCidadao\OpenIDBundle\Controller;
12
13			use FOS\OAuthServerBundle\Event\OAuthEvent;
14			use LoginCidadao\CoreBundle\Model\PersonInterface;
15			use LoginCidadao\OpenIDBundle\Event\AuthorizationEvent;
16			use LoginCidadao\OpenIDBundle\LoginCidadaoOpenIDEvents;
17			use LoginCidadao\OpenIDBundle\Manager\ClientManager;
18			use LoginCidadao\OAuthBundle\Service\OrganizationService;
19			use LoginCidadao\OAuthBundle\Model\OrganizationInterface;
20			use LoginCidadao\OAuthBundle\Model\ClientInterface;
21			use OAuth2\Server;
22			use OAuth2\ServerBundle\Controller\AuthorizeController as BaseController;
23			use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
24			use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
25			use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
26			use Symfony\Component\EventDispatcher\EventDispatcher;
27			use Symfony\Component\EventDispatcher\EventDispatcherInterface;
28			use Symfony\Component\HttpFoundation\Request;
29			use Symfony\Component\HttpFoundation\RequestStack;
30
31			/**
32			* Class AuthorizeController
33			* @package LoginCidadao\OpenIDBundle\Controller
34			* @codeCoverageIgnore
35			*/
36			class AuthorizeController extends BaseController
37			{
38
39			/**
40			* @Route("/openid/connect/authorize", name="_authorize_handle")
41			* @Method({"POST"})
42			*/
43			public function handleAuthorizeAction()
44			{
45			$request = $this->getRequest();
46			$implodedScope = implode(' ', $request->request->get('scope'));
47			$request->request->set('scope', $implodedScope);
48
49			$isAuthorized = $request->request->has('accepted')
50			\|\| !$request->request->has('rejected');
51
52			$response = $this->handleAuthorize($this->getOAuth2Server(), $isAuthorized);
53
54			$event = new OAuthEvent(
55			$this->getUser(),
56			$this->getClient($request), $isAuthorized
57			);
58
59			/** @var EventDispatcherInterface $dispatcher */
60			$dispatcher = $this->get('event_dispatcher');
61			$dispatcher->dispatch(OAuthEvent::POST_AUTHORIZATION_PROCESS, $event);
62
63			return $response;
64			}
65
66			/**
67			* Render the Authorization fragment
68			*
69			* @Template()
70			*
71			* @deprecated
72			*/
73			public function authorizeAction()
74			{
75			throw new \RuntimeException('This class should not be used!');
76			}
77
78			/**
79			* @Route("/openid/connect/authorize", name="_authorize_validate")
80			* @Method({"GET"})
81			* @Template("LoginCidadaoOpenIDBundle:Authorize:authorize.html.twig")
82			*/
83			public function validateAuthorizeAction()
84			{
85			$request = $this->getRequest();
86			$client = $this->getClient($request);
87
88			if (!$client instanceof \FOS\OAuthServerBundle\Model\ClientInterface) {
89			return parent::validateAuthorizeAction();
90			}
91
92			/** @var PersonInterface $person */
93			$person = $this->getUser();
94
95			/** @var EventDispatcher $dispatcher */
96			$dispatcher = $this->get('event_dispatcher');
97
98			$event = new OAuthEvent($person, $client);
99			$dispatcher->dispatch(OAuthEvent::PRE_AUTHORIZATION_PROCESS, $event);
100
101			$isAuthorized = $event->isAuthorizedClient();
102			$askConsent = $request->get('prompt', null) == 'consent';
103
104			if ($isAuthorized && !$askConsent) {
105			return $this->handleAuthorize($this->getOAuth2Server(), $isAuthorized);
106			}
107
108			$authEvent = new AuthorizationEvent($person, $client, $request->get('scope'));
109			$dispatcher->dispatch(LoginCidadaoOpenIDEvents::NEW_AUTHORIZATION_REQUEST, $authEvent);
110			$remoteClaims = $authEvent->getRemoteClaims();
111
112			/** @var OrganizationService $organizationService */
113			$organizationService = $this->get('organization');
114			$warnUntrusted = $this->shouldWarnUntrusted($client);
115			$metadata = $this->getMetadata($client);
116			$organization = $organizationService->getOrganization($metadata);
117
118			// Call the lib's original Controller
119			$parentResponse = parent::validateAuthorizeAction();
120			if (!is_array($parentResponse)) {
121			return $parentResponse;
122			}
123			$parentResponse['scopes'] = $this->removeRemoteScope($parentResponse['scopes']);
124
125			$response = array_merge([
126			'qs' => [
127			'client_id' => $client->getPublicId(),
128			'scope' => $parentResponse['scopes'],
129			'response_type' => $request->get('response_type'),
130			'redirect_uri' => $request->get('redirect_uri'),
131			'state' => $request->get('state'),
132			'nonce' => $request->get('nonce'),
133			],
134			'remoteClaims' => $remoteClaims,
135			'client' => $client,
136			'metadata' => $metadata,
137			'organization' => $organization,
138			'warnUntrusted' => $warnUntrusted,
139			], $parentResponse);
140
141			return $response;
142			}
143
144			private function handleAuthorize(Server $server, $isAuthorized)
145			{
146			/** @var \OAuth2\Request $request */
147			$request = $this->get('oauth2.request');
148
149			/** @var \OAuth2\Response $response */
150			$response = $this->get('oauth2.response');
151
152			return $server->handleAuthorizeRequest(
153			$request,
154			$response,
155			$isAuthorized,
156			$this->getUser()->getId()
157			);
158			}
159
160			private function getClient($fullId)
161			{
162			if ($fullId instanceof Request) {
163			$fullId = $fullId->get('client_id');
164			}
165
166			/** @var ClientManager $clientManager */
167			$clientManager = $this->get('lc.client_manager');
168
169			return $clientManager->getClientById($fullId);
170			}
171
172			private function shouldWarnUntrusted(ClientInterface $client = null)
173			{
174			$warnUntrusted = $this->getParameter('warn_untrusted');
175
176			if ($client) {
177			$metadata = $this->getMetadata($client);
178
179			if ($metadata && $metadata->getOrganization() instanceof OrganizationInterface) {
180			$isTrusted = $metadata->getOrganization()->isTrusted();
181			} else {
182			$isTrusted = false;
183			}
184			} else {
185			$isTrusted = false;
186			}
187
188			if ($isTrusted \|\| !$warnUntrusted) {
189			return false; // do not warn
190			}
191
192			return true; // warn
193			}
194
195			private function getMetadata(ClientInterface $client = null)
196			{
197			if (!$client) {
198			return null;
199			}
200
201			$repo = $this->getDoctrine()->getRepository('LoginCidadaoOpenIDBundle:ClientMetadata');
202
203			return $repo->findOneBy(['client' => $client]);
204			}
205
206			/**
207			* @return object\|Server
208			*/
209			private function getOAuth2Server()
210			{
211			return $this->get('oauth2.server');
212			}
213
214			/**
215			* @param array $scopes
216			* @return array
217			*/
218			private function removeRemoteScope(array $scopes)
219			{
220			return array_filter($scopes, function ($scope) {
221			if (preg_match('/^tag:/', $scope) === 1) {
222			return false;
223			}
224
225			return true;
226			});
227			}
228
229			private function getRequest(): Request
230			{
231			/** @var RequestStack $requestStack */
232			$requestStack = $this->get('request_stack');
233			$request = $requestStack->getCurrentRequest();
234
235			if ($request instanceof Request) {
236			return $request;
237			}
238
239			throw new \RuntimeException("Request could not be found");
240			}
241			}
242

redelivre / login-cidadao

Pull Request — master (#288)

AuthorizeController A

Complexity

Size/Duplication

Importance

10 Methods

Duplication Side-by-Side

Filter issues like