TokenValidator - Code Metrics - Inspection of "fix namespace, s/phpunit/sugared-phpunit/ and simp..." - schnittstabil/csrf-tokenservice - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 6157a8...e866d1 )

by Michael

created 2016-04-04 18:15 UTC

TokenValidator A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	100
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	1

Importance

Changes	1
Bugs	1	Features	0

Metric	Value
wmc	11
c	1
b	1
f	0
lcom	1
cbo	1
dl	0
loc	100
rs	10

4 Methods

Rating	Name	Size	Complexity
A	__construct()	5	1
A	__invoke()	12	3
B	parse()	30	4
A	validatePayload()	16	3

<?php

namespace Schnittstabil\Csrf\TokenService;

use Base64Url\Base64Url;

/**
 * A TokenValidator.
 */
class TokenValidator
{
    protected $sign;
    protected $base64url;

    /**
     * Create a new TokenValidator.
     *
     * @param callable $sign Callable used for generating the token signatures.
     */
    public function __construct(callable $sign)
    {
        $this->sign = $sign;
        $this->base64url = new Base64Url();
    }

    /**
     * Determine constraint violations of a CSRF token.
     *
     * @param string $token The token to validate.
     * @param int    $now   The current time, defaults to `time()`.
     *
     * @return InvalidArgumentException[] Constraint violations; if $token is valid, an empty array.
     */
    public function __invoke($token, $now = null)
    {
        $parseResult = $this->parse($token);
        $violations = $parseResult->violations;
        $payload = $parseResult->payload;

        if ($violations) {
            return $violations;
        }

        return array_merge($violations, $this->validatePayload($payload, $now ?: time()));
    }

    /**
     * Parse a CSRF token.
     *
     * @param string $token The token to parse.
     *
     * @return \stdClass Parse result containing payload and constraint violations.
     */
    protected function parse($token)
    {
        // craving for PHP7 Anonymous Classes - in the meantime we use stdClass as result...
        $result = new \stdClass();
        $result->violations = [];
        $result->payload = null;
        $segments = explode('.', $token);

        if (count($segments) !== 2) {
            $result->violations[] = new \InvalidArgumentException('Wrong number of segments');

            return $result;
        }

        list($payloadBase64, $signature) = $segments;

        $sign = $this->sign;

        if ($signature !== $sign($payloadBase64)) {
            $result->violations[] = new \InvalidArgumentException('Signature verification failed');
        }

        $result->payload = json_decode($this->base64url->decode($payloadBase64));

        if (!($result->payload instanceof \stdClass)) {
            $result->violations[] = new \InvalidArgumentException('Invalid payload encoding');
        }

        return $result;
    }

    /**
     * Validate the payload of a CSRF token.
     *
     * @param \stdClass $payload The token payload to validate.
     * @param int       $now     The current time, defaults to `time()`.
     *
     * @return InvalidArgumentException[] Constraint violations; if $payload is valid, an empty array.
     */
    protected function validatePayload(\stdClass $payload, $now = null)
    {
        $violations = [];

        if ($payload->exp < $now) {

            $exp = date(\DateTime::ISO8601, $payload->exp);
            $violations[] = new \InvalidArgumentException('Token already expired at '.$exp);
        }

        if ($now < $payload->iat) {

            $issuedAt = date(\DateTime::ISO8601, $payload->iat);
            $violations[] = new \InvalidArgumentException('Cannot handle token prior to '.$issuedAt);
        }

        return $violations;
    }
}


1			<?php
2
3			namespace Schnittstabil\Csrf\TokenService;
4
5			use Base64Url\Base64Url;
6
7			/**
8			* A TokenValidator.
9			*/
10			class TokenValidator
11			{
12			protected $sign;
13			protected $base64url;
14
15			/**
16			* Create a new TokenValidator.
17			*
18			* @param callable $sign Callable used for generating the token signatures.
19			*/
20			public function __construct(callable $sign)
21			{
22			$this->sign = $sign;
23			$this->base64url = new Base64Url();
24			}
25
26			/**
27			* Determine constraint violations of a CSRF token.
28			*
29			* @param string $token The token to validate.
30			* @param int $now The current time, defaults to `time()`.
31			*
32			* @return InvalidArgumentException[] Constraint violations; if $token is valid, an empty array.
33			*/
34			public function __invoke($token, $now = null)
35			{
36			$parseResult = $this->parse($token);
37			$violations = $parseResult->violations;
38			$payload = $parseResult->payload;
39
40			if ($violations) {
41			return $violations;
42			}
43
44			return array_merge($violations, $this->validatePayload($payload, $now ?: time()));
45			}
46
47			/**
48			* Parse a CSRF token.
49			*
50			* @param string $token The token to parse.
51			*
52			* @return \stdClass Parse result containing payload and constraint violations.
53			*/
54			protected function parse($token)
55			{
56			// craving for PHP7 Anonymous Classes - in the meantime we use stdClass as result...
57			$result = new \stdClass();
58			$result->violations = [];
59			$result->payload = null;
60			$segments = explode('.', $token);
61
62			if (count($segments) !== 2) {
63			$result->violations[] = new \InvalidArgumentException('Wrong number of segments');
64
65			return $result;
66			}
67
68			list($payloadBase64, $signature) = $segments;
69
70			$sign = $this->sign;
71
72			if ($signature !== $sign($payloadBase64)) {
73			$result->violations[] = new \InvalidArgumentException('Signature verification failed');
74			}
75
76			$result->payload = json_decode($this->base64url->decode($payloadBase64));
77
78			if (!($result->payload instanceof \stdClass)) {
79			$result->violations[] = new \InvalidArgumentException('Invalid payload encoding');
80			}
81
82			return $result;
83			}
84
85			/**
86			* Validate the payload of a CSRF token.
87			*
88			* @param \stdClass $payload The token payload to validate.
89			* @param int $now The current time, defaults to `time()`.
90			*
91			* @return InvalidArgumentException[] Constraint violations; if $payload is valid, an empty array.
92			*/
93			protected function validatePayload(\stdClass $payload, $now = null)
94			{
95			$violations = [];
96
97			if ($payload->exp < $now) {
			1 ignored issue – show Duplication introduced 2016-04-04 18:23 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
98			$exp = date(\DateTime::ISO8601, $payload->exp);
99			$violations[] = new \InvalidArgumentException('Token already expired at '.$exp);
100			}
101
102			if ($now < $payload->iat) {
			1 ignored issue – show Duplication introduced 2016-04-04 18:23 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
103			$issuedAt = date(\DateTime::ISO8601, $payload->iat);
104			$violations[] = new \InvalidArgumentException('Cannot handle token prior to '.$issuedAt);
105			}
106
107			return $violations;
108			}
109			}
110

schnittstabil / csrf-tokenservice

Push — master ( 6157a8...e866d1 )

TokenValidator A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

4 Methods

Duplication Side-by-Side

Filter issues like