Keycloak - Code Metrics - Inspection of "Merge pull request #3 from sdaoudi/sdaoudi-patch-1" - sdaoudi/oauth2-keycloak - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 38ceb0...7dd35a )

by DAOUDI

created 2021-06-07 08:55 UTC

Keycloak A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	277
Duplicated Lines	0 %

Coupling/Cohesion

Components	2
Dependencies	6

Test Coverage

Coverage

100%

Importance

Changes

Metric	Value
wmc	23
lcom	2
cbo	6
dl	0
loc	277
ccs	64
cts	64
cp	1
rs	10
c	0
b	0
f	0

17 Methods

Rating	Name	Size	Complexity
A	getBaseAuthorizationUrl()	4	1
A	getBaseAccessTokenUrl()	4	1
A	getResourceOwnerDetailsUrl()	4	1
A	getLogoutUrl()	7	1
A	getBaseLogoutUrl()	4	1
A	getBaseUrlWithRealm()	4	1
A	getDefaultScopes()	4	1
A	__construct()	8	2
A	decryptResponse()	21	3
A	getScopeSeparator()	4	1
A	checkResponse()	7	2
A	createResourceOwner()	4	1
A	getResourceOwner()	8	1
A	setEncryptionAlgorithm()	6	1
A	setEncryptionKey()	6	1
A	setEncryptionKeyPath()	10	2
A	usesEncryption()	4	2

<?php

namespace Stevenmaguire\OAuth2\Client\Provider;

use Exception;
use Firebase\JWT\JWT;
use League\OAuth2\Client\Provider\AbstractProvider;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use League\OAuth2\Client\Token\AccessToken;
use League\OAuth2\Client\Tool\BearerAuthorizationTrait;
use Psr\Http\Message\ResponseInterface;
use Stevenmaguire\OAuth2\Client\Provider\Exception\EncryptionConfigurationException;

class Keycloak extends AbstractProvider
{
    use BearerAuthorizationTrait;

    /**
     * Keycloak URL, eg. http://localhost:8080/auth.
     *
     * @var string
     */
    public $authServerUrl = null;

    /**
     * Realm name, eg. demo.
     *
     * @var string
     */
    public $realm = null;

    /**
     * Encryption algorithm.
     *
     * You must specify supported algorithms for your application. See
     * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
     * for a list of spec-compliant algorithms.
     *
     * @var string
     */
    public $encryptionAlgorithm = null;

    /**
     * Encryption key.
     *
     * @var string
     */
    public $encryptionKey = null;

    /**
     * Constructs an OAuth 2.0 service provider.
     *
     * @param array $options An array of options to set on this provider.
     *     Options include `clientId`, `clientSecret`, `redirectUri`, and `state`.
     *     Individual providers may introduce more options, as needed.
     * @param array $collaborators An array of collaborators that may be used to
     *     override this provider's default behavior. Collaborators include
     *     `grantFactory`, `requestFactory`, `httpClient`, and `randomFactory`.
     *     Individual providers may introduce more collaborators, as needed.
     */
    public function __construct(array $options = [], array $collaborators = [])
    {
        if (isset($options['encryptionKeyPath'])) {
            $this->setEncryptionKeyPath($options['encryptionKeyPath']);
            unset($options['encryptionKeyPath']);
        }
        parent::__construct($options, $collaborators);
    }

    /**
     * Attempts to decrypt the given response.
     *
     * @param  string|array|null $response
     *
     * @return string|array|null
     */
    public function decryptResponse($response)
    {
        if (!is_string($response)) {
            return $response;
        }

        if ($this->usesEncryption()) {
            return json_decode(
                json_encode(
                    JWT::decode(
                        $response,
                        $this->encryptionKey,
                        array($this->encryptionAlgorithm)
                    )
                ),
                true
            );
        }

        throw EncryptionConfigurationException::undeterminedEncryption();
    }

    /**
     * Get authorization url to begin OAuth flow
     *
     * @return string
     */
    public function getBaseAuthorizationUrl()
    {
        return $this->getBaseUrlWithRealm().'/protocol/openid-connect/auth';
    }

    /**
     * Get access token url to retrieve token
     *
     * @param  array $params
     *
     * @return string
     */
    public function getBaseAccessTokenUrl(array $params)
    {
        return $this->getBaseUrlWithRealm().'/protocol/openid-connect/token';
    }

    /**
     * Get provider url to fetch user details
     *
     * @param  AccessToken $token
     *
     * @return string
     */
    public function getResourceOwnerDetailsUrl(AccessToken $token)
    {
        return $this->getBaseUrlWithRealm().'/protocol/openid-connect/userinfo';
    }

    /**
     * Builds the logout URL.
     *
     * @param array $options
     * @return string Authorization URL
     */
    public function getLogoutUrl(array $options = [])
    {
        $base = $this->getBaseLogoutUrl();
        $params = $this->getAuthorizationParameters($options);
        $query = $this->getAuthorizationQuery($params);
        return $this->appendQuery($base, $query);
    }

    /**
     * Get logout url to logout of session token
     *
     * @return string
     */
    private function getBaseLogoutUrl()
    {
        return $this->getBaseUrlWithRealm() . '/protocol/openid-connect/logout';
    }

    /**
     * Creates base url from provider configuration.
     *
     * @return string
     */
    protected function getBaseUrlWithRealm()
    {
        return $this->authServerUrl.'/realms/'.$this->realm;
    }

    /**
     * Get the default scopes used by this provider.
     *
     * This should not be a complete list of all scopes, but the minimum
     * required for the provider user interface!
     *
     * @return string[]
     */
    protected function getDefaultScopes()
    {
        return ['profile', 'email'];
    }
    
    /**
     * Returns the string that should be used to separate scopes when building
     * the URL for requesting an access token.
     *
     * @return string Scope separator, defaults to ','
     */
    protected function getScopeSeparator()
    {
        return ' ';
    }
    
    /**
     * Check a provider response for errors.
     *
     * @throws IdentityProviderException
     * @param  ResponseInterface $response
     * @param  string $data Parsed response data
     * @return void
     */
    protected function checkResponse(ResponseInterface $response, $data)
    {
        if (!empty($data['error'])) {
            $error = $data['error'].': '.$data['error_description'];
            throw new IdentityProviderException($error, 0, $data);
        }
    }

    /**
     * Generate a user object from a successful user details request.
     *
     * @param array $response
     * @param AccessToken $token
     * @return KeycloakResourceOwner
     */
    protected function createResourceOwner(array $response, AccessToken $token)
    {
        return new KeycloakResourceOwner($response);
    }

    /**
     * Requests and returns the resource owner of given access token.
     *
     * @param  AccessToken $token
     * @return KeycloakResourceOwner
     */
    public function getResourceOwner(AccessToken $token)
    {
        $response = $this->fetchResourceOwnerDetails($token);

        $response = $this->decryptResponse($response);

        return $this->createResourceOwner($response, $token);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
    }

    /**
     * Updates expected encryption algorithm of Keycloak instance.
     *
     * @param string  $encryptionAlgorithm
     *
     * @return Keycloak
     */
    public function setEncryptionAlgorithm($encryptionAlgorithm)
    {
        $this->encryptionAlgorithm = $encryptionAlgorithm;

        return $this;
    }

    /**
     * Updates expected encryption key of Keycloak instance.
     *
     * @param string  $encryptionKey
     *
     * @return Keycloak
     */
    public function setEncryptionKey($encryptionKey)
    {
        $this->encryptionKey = $encryptionKey;

        return $this;
    }

    /**
     * Updates expected encryption key of Keycloak instance to content of given
     * file path.
     *
     * @param string  $encryptionKeyPath
     *
     * @return Keycloak
     */
    public function setEncryptionKeyPath($encryptionKeyPath)
    {
        try {
            $this->encryptionKey = file_get_contents($encryptionKeyPath);
        } catch (Exception $e) {
            // Not sure how to handle this yet.
        }

        return $this;
    }

    /**
     * Checks if provider is configured to use encryption.
     *
     * @return bool
     */
    public function usesEncryption()
    {
        return (bool) $this->encryptionAlgorithm && $this->encryptionKey;
    }
}


1		<?php
2
3		namespace Stevenmaguire\OAuth2\Client\Provider;
4
5		use Exception;
6		use Firebase\JWT\JWT;
7		use League\OAuth2\Client\Provider\AbstractProvider;
8		use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
9		use League\OAuth2\Client\Token\AccessToken;
10		use League\OAuth2\Client\Tool\BearerAuthorizationTrait;
11		use Psr\Http\Message\ResponseInterface;
12		use Stevenmaguire\OAuth2\Client\Provider\Exception\EncryptionConfigurationException;
13
14		class Keycloak extends AbstractProvider
15		{
16		use BearerAuthorizationTrait;
17
18		/**
19		* Keycloak URL, eg. http://localhost:8080/auth.
20		*
21		* @var string
22		*/
23		public $authServerUrl = null;
24
25		/**
26		* Realm name, eg. demo.
27		*
28		* @var string
29		*/
30		public $realm = null;
31
32		/**
33		* Encryption algorithm.
34		*
35		* You must specify supported algorithms for your application. See
36		* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
37		* for a list of spec-compliant algorithms.
38		*
39		* @var string
40		*/
41		public $encryptionAlgorithm = null;
42
43		/**
44		* Encryption key.
45		*
46		* @var string
47		*/
48		public $encryptionKey = null;
49
50		/**
51		* Constructs an OAuth 2.0 service provider.
52		*
53		* @param array $options An array of options to set on this provider.
54		* Options include `clientId`, `clientSecret`, `redirectUri`, and `state`.
55		* Individual providers may introduce more options, as needed.
56		* @param array $collaborators An array of collaborators that may be used to
57		* override this provider's default behavior. Collaborators include
58		* `grantFactory`, `requestFactory`, `httpClient`, and `randomFactory`.
59		* Individual providers may introduce more collaborators, as needed.
60		*/
61	28	public function __construct(array $options = [], array $collaborators = [])
62		{
63	28	if (isset($options['encryptionKeyPath'])) {
64	4	$this->setEncryptionKeyPath($options['encryptionKeyPath']);
65	4	unset($options['encryptionKeyPath']);
66	2	}
67	28	parent::__construct($options, $collaborators);
68	28	}
69
70		/**
71		* Attempts to decrypt the given response.
72		*
73		* @param string\|array\|null $response
74		*
75		* @return string\|array\|null
76		*/
77	6	public function decryptResponse($response)
78		{
79	6	if (!is_string($response)) {
80	2	return $response;
81		}
82
83	4	if ($this->usesEncryption()) {
84	2	return json_decode(
85	2	json_encode(
86	2	JWT::decode(
87	2	$response,
88	2	$this->encryptionKey,
89	2	array($this->encryptionAlgorithm)
90	1	)
91	1	),
92	1	true
93	1	);
94		}
95
96	2	throw EncryptionConfigurationException::undeterminedEncryption();
97		}
98
99		/**
100		* Get authorization url to begin OAuth flow
101		*
102		* @return string
103		*/
104	6	public function getBaseAuthorizationUrl()
105		{
106	6	return $this->getBaseUrlWithRealm().'/protocol/openid-connect/auth';
107		}
108
109		/**
110		* Get access token url to retrieve token
111		*
112		* @param array $params
113		*
114		* @return string
115		*/
116	12	public function getBaseAccessTokenUrl(array $params)
117		{
118	12	return $this->getBaseUrlWithRealm().'/protocol/openid-connect/token';
119		}
120
121		/**
122		* Get provider url to fetch user details
123		*
124		* @param AccessToken $token
125		*
126		* @return string
127		*/
128	6	public function getResourceOwnerDetailsUrl(AccessToken $token)
129		{
130	6	return $this->getBaseUrlWithRealm().'/protocol/openid-connect/userinfo';
131		}
132
133		/**
134		* Builds the logout URL.
135		*
136		* @param array $options
137		* @return string Authorization URL
138		*/
139	2	public function getLogoutUrl(array $options = [])
140		{
141	2	$base = $this->getBaseLogoutUrl();
142	2	$params = $this->getAuthorizationParameters($options);
143	2	$query = $this->getAuthorizationQuery($params);
144	2	return $this->appendQuery($base, $query);
145		}
146
147		/**
148		* Get logout url to logout of session token
149		*
150		* @return string
151		*/
152	2	private function getBaseLogoutUrl()
153		{
154	2	return $this->getBaseUrlWithRealm() . '/protocol/openid-connect/logout';
155		}
156
157		/**
158		* Creates base url from provider configuration.
159		*
160		* @return string
161		*/
162	20	protected function getBaseUrlWithRealm()
163		{
164	20	return $this->authServerUrl.'/realms/'.$this->realm;
165		}
166
167		/**
168		* Get the default scopes used by this provider.
169		*
170		* This should not be a complete list of all scopes, but the minimum
171		* required for the provider user interface!
172		*
173		* @return string[]
174		*/
175	6	protected function getDefaultScopes()
176		{
177	6	return ['profile', 'email'];
178		}
179
180		/**
181		* Returns the string that should be used to separate scopes when building
182		* the URL for requesting an access token.
183		*
184		* @return string Scope separator, defaults to ','
185		*/
186	8	protected function getScopeSeparator()
187		{
188	8	return ' ';
189		}
190
191		/**
192		* Check a provider response for errors.
193		*
194		* @throws IdentityProviderException
195		* @param ResponseInterface $response
196		* @param string $data Parsed response data
197		* @return void
198		*/
199	10	protected function checkResponse(ResponseInterface $response, $data)
200		{
201	10	if (!empty($data['error'])) {
202	2	$error = $data['error'].': '.$data['error_description'];
203	2	throw new IdentityProviderException($error, 0, $data);
204		}
205	8	}
206
207		/**
208		* Generate a user object from a successful user details request.
209		*
210		* @param array $response
211		* @param AccessToken $token
212		* @return KeycloakResourceOwner
213		*/
214	4	protected function createResourceOwner(array $response, AccessToken $token)
215		{
216	4	return new KeycloakResourceOwner($response);
217		}
218
219		/**
220		* Requests and returns the resource owner of given access token.
221		*
222		* @param AccessToken $token
223		* @return KeycloakResourceOwner
224		*/
225	6	public function getResourceOwner(AccessToken $token)
226		{
227	6	$response = $this->fetchResourceOwnerDetails($token);
228
229	6	$response = $this->decryptResponse($response);
230
231	4	return $this->createResourceOwner($response, $token);
		0 ignored issues – show Bug introduced 2020-01-22 20:04 UTC by Report Bug Copy Issue Report It seems like `$response` defined by `$this->decryptResponse($response)` on line `229` can also be of type `null` or `string`; however, `Stevenmaguire\OAuth2\Cli...::createResourceOwner()` does only seem to accept `array`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
232		}
233
234		/**
235		* Updates expected encryption algorithm of Keycloak instance.
236		*
237		* @param string $encryptionAlgorithm
238		*
239		* @return Keycloak
240		*/
241	4	public function setEncryptionAlgorithm($encryptionAlgorithm)
242		{
243	4	$this->encryptionAlgorithm = $encryptionAlgorithm;
244
245	4	return $this;
246		}
247
248		/**
249		* Updates expected encryption key of Keycloak instance.
250		*
251		* @param string $encryptionKey
252		*
253		* @return Keycloak
254		*/
255	4	public function setEncryptionKey($encryptionKey)
256		{
257	4	$this->encryptionKey = $encryptionKey;
258
259	4	return $this;
260		}
261
262		/**
263		* Updates expected encryption key of Keycloak instance to content of given
264		* file path.
265		*
266		* @param string $encryptionKeyPath
267		*
268		* @return Keycloak
269		*/
270	4	public function setEncryptionKeyPath($encryptionKeyPath)
271		{
272		try {
273	4	$this->encryptionKey = file_get_contents($encryptionKeyPath);
274	3	} catch (Exception $e) {
275		// Not sure how to handle this yet.
276		}
277
278	4	return $this;
279		}
280
281		/**
282		* Checks if provider is configured to use encryption.
283		*
284		* @return bool
285		*/
286	4	public function usesEncryption()
287		{
288	4	return (bool) $this->encryptionAlgorithm && $this->encryptionKey;
289		}
290		}
291

sdaoudi / oauth2-keycloak

Push — master ( 38ceb0...7dd35a )

Keycloak A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

17 Methods

Duplication Side-by-Side

Filter issues like