PersonalAccessGrant::respondToAccessTokenRequest() - Code Metrics - Inspection of "Override grant classes and validate user" - rinvex/laravel-oauth - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — develop ( a4838f...d9bf78 )

by Abdelrahman

created 2021-02-28 06:01 UTC

PersonalAccessGrant::respondToAccessTokenRequest() A

↳ Parent: PersonalAccessGrant

Complexity

Conditions	1
Paths	1

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	23
rs	9.552
c	0
b	0
f	0
cc	1
nc	1
nop	3

<?php

declare(strict_types=1);

namespace Rinvex\OAuth\Grants;

use DateInterval;
use Psr\Http\Message\ServerRequestInterface;
use League\OAuth2\Server\Grant\AbstractGrant;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;

class PersonalAccessGrant extends AbstractGrant
{
    /**
     * Respond to an access token request.
     *
     * @param ServerRequestInterface $request
     * @param ResponseTypeInterface  $responseType
     * @param DateInterval           $accessTokenTTL
     *
     * @throws OAuthServerException
     *
     * @return ResponseTypeInterface
     */
    public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseTypeInterface $responseType, DateInterval $accessTokenTTL)
    {
        // Validate request
        $this->validateUser($request);
        $client = $this->validateClient($request);
        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request));

        // Finalize the requested scopes
        $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client);

        // Issue and persist access token
        $accessToken = $this->issueAccessToken(
            $accessTokenTTL,
            $client,
            $this->getRequestParameter('user_id', $request),
            $scopes
        );

        // Inject access token into response type
        $responseType->setAccessToken($accessToken);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}

        return $responseType;
    }

    /**
     * Validate the authorization code user.
     *
     * @param \Psr\Http\Message\ServerRequestInterface $request
     *
     * @throws \League\OAuth2\Server\Exception\OAuthServerException
     */
    protected function validateUser(ServerRequestInterface $request)
    {
        [$userType, $userId] = explode(':', $this->getRequestParameter('user_id', $request));


        if ($userType !== request()->user()->getMorphClass() || $userId !== request()->user()->getRouteKey()) {
            throw OAuthServerException::invalidRequest('user_id', 'This action is not authorized to this user');
        }
    }

    /**
     * {@inheritdoc}
     */
    public function getIdentifier()
    {
        return 'personal_access';
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace Rinvex\OAuth\Grants;
6
7			use DateInterval;
8			use Psr\Http\Message\ServerRequestInterface;
9			use League\OAuth2\Server\Grant\AbstractGrant;
10			use League\OAuth2\Server\Exception\OAuthServerException;
11			use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
12
13			class PersonalAccessGrant extends AbstractGrant
14			{
15			/**
16			* Respond to an access token request.
17			*
18			* @param ServerRequestInterface $request
19			* @param ResponseTypeInterface $responseType
20			* @param DateInterval $accessTokenTTL
21			*
22			* @throws OAuthServerException
23			*
24			* @return ResponseTypeInterface
25			*/
26			public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseTypeInterface $responseType, DateInterval $accessTokenTTL)
27			{
28			// Validate request
29			$this->validateUser($request);
30			$client = $this->validateClient($request);
31			$scopes = $this->validateScopes($this->getRequestParameter('scope', $request));
32
33			// Finalize the requested scopes
34			$scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client);
35
36			// Issue and persist access token
37			$accessToken = $this->issueAccessToken(
38			$accessTokenTTL,
39			$client,
40			$this->getRequestParameter('user_id', $request),
41			$scopes
42			);
43
44			// Inject access token into response type
45			$responseType->setAccessToken($accessToken);
			0 ignored issues – show Bug introduced 2021-01-18 07:09 UTC by Report Bug Copy Issue Report It seems like `$accessToken` defined by `$this->issueAccessToken(...d', $request), $scopes)` on line `37` can be `null`; however, `League\OAuth2\Server\Res...rface::setAccessToken()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
46
47			return $responseType;
48			}
49
50			/**
51			* Validate the authorization code user.
52			*
53			* @param \Psr\Http\Message\ServerRequestInterface $request
54			*
55			* @throws \League\OAuth2\Server\Exception\OAuthServerException
56			*/
57			protected function validateUser(ServerRequestInterface $request)
58			{
59			[$userType, $userId] = explode(':', $this->getRequestParameter('user_id', $request));
			0 ignored issues – show Bug introduced 2021-02-28 06:03 UTC by Report Bug Copy Issue Report The variable `$userType` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history... Bug introduced 2021-02-28 06:03 UTC by Report Bug Copy Issue Report The variable `$userId` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
60
61			if ($userType !== request()->user()->getMorphClass() \|\| $userId !== request()->user()->getRouteKey()) {
62			throw OAuthServerException::invalidRequest('user_id', 'This action is not authorized to this user');
63			}
64			}
65
66			/**
67			* {@inheritdoc}
68			*/
69			public function getIdentifier()
70			{
71			return 'personal_access';
72			}
73			}
74

rinvex / laravel-oauth

Push — develop ( a4838f...d9bf78 )

PersonalAccessGrant::respondToAccessTokenRequest() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like