Issues in EAuthServiceBase.php (master) - Issues in master - shogodev/argilla - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1410)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

protected/extensions/eauth/EAuthServiceBase.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * EAuthServiceBase class file.
 *
 * @author Maxim Zemskov <[email protected]>
 * @link http://github.com/Nodge/yii-eauth/
 * @license http://www.opensource.org/licenses/bsd-license.php
 */

require_once 'IAuthService.php';

/**
 * EAuthServiceBase is a base class for providers.
 *
 * @package application.extensions.eauth
 */
abstract class EAuthServiceBase extends CComponent implements IAuthService {

	/**
	 * @var string the service name.
	 */
	protected $name;

	/**
	 *
	 * @var string the service title to display in views.
	 */
	protected $title;

	/**
	 * @var string the service type (e.g. OpenID, OAuth).
	 */
	protected $type;

	/**
	 * @var array arguments for the jQuery.eauth() javascript function.
	 */
	protected $jsArguments = array();

	/**
	 * @var array authorization attributes.
	 * @see getAttribute
	 * @see getItem
	 */
	protected $attributes = array();

	/**
	 * @var boolean whether user was successfuly authenticated.
	 * @see getIsAuthenticated
	 */
	protected $authenticated = false;

	/**
	 * @var boolean whether is attributes was fetched.
	 */
	private $fetched = false;

	/**
	 * @var EAuth the {@link EAuth} application component.
	 */
	private $component;

	/**
	 * @var string the redirect url after successful authorization.
	 */
	private $redirectUrl = '';

	/**
	 * @var string the redirect url after unsuccessful authorization (e.g. user canceled).
	 */
	private $cancelUrl = '';

	/**
	 * PHP getter magic method.
	 * This method is overridden so that service attributes can be accessed like properties.
	 *
	 * @param string $name property name.
	 * @return mixed property value.
	 * @see getAttribute
	 */
	public function __get($name) {
		if ($this->hasAttribute($name)) {
			return $this->getAttribute($name);
		}
		else {
			return parent::__get($name);
		}
	}

	/**
	 * Checks if a attribute value is null.
	 * This method overrides the parent implementation by checking
	 * if the attribute is null or not.
	 *
	 * @param string $name the attribute name.
	 * @return boolean whether the attribute value is null.
	 */
	public function __isset($name) {
		if ($this->hasAttribute($name)) {
			return true;
		}
		else {
			return parent::__isset($name);
		}
	}

	/**
	 * Initialize the component.
	 * Sets the default {@link redirectUrl} and {@link cancelUrl}.
	 *
	 * @param EAuth $component the component instance.
	 * @param array $options properties initialization.
	 */
	public function init($component, $options = array()) {
		if (isset($component)) {
			$this->setComponent($component);
		}

		$this->setRedirectUrl(Yii::app()->user->returnUrl);
		$server = Yii::app()->request->getHostInfo();
		$path = Yii::app()->request->getPathInfo();
		$this->setCancelUrl($server . '/' . $path);

		foreach ($options as $key => $val) {
			$this->$key = $val;
		}
	}

	/**
	 * Returns service name(id).
	 *
	 * @return string the service name(id).
	 */
	public function getServiceName() {
		return $this->name;
	}

	/**
	 * Returns service title.
	 *
	 * @return string the service title.
	 */
	public function getServiceTitle() {
		return Yii::t('eauth', $this->title);
	}

	/**
	 * Returns service type (e.g. OpenID, OAuth).
	 *
	 * @return string the service type (e.g. OpenID, OAuth).
	 */
	public function getServiceType() {
		return $this->type;
	}

	/**
	 * Returns arguments for the jQuery.eauth() javascript function.
	 *
	 * @return array the arguments for the jQuery.eauth() javascript function.
	 */
	public function getJsArguments() {
		return $this->jsArguments;
	}

	/**
	 * Sets {@link EAuth} application component
	 *
	 * @param EAuth $component the application auth component.
	 */
	public function setComponent($component) {
		$this->component = $component;
	}

	/**
	 * Returns the {@link EAuth} application component.
	 *
	 * @return EAuth the {@link EAuth} application component.
	 */
	public function getComponent() {
		return $this->component;
	}

	/**
	 * Sets redirect url after successful authorization.
	 *
	 * @param string url to redirect.
	 */
	public function setRedirectUrl($url) {
		$this->redirectUrl = $url;
	}

	/**
	 * Returns the redirect url after successful authorization.
	 *
	 * @return string the redirect url after successful authorization.
	 */
	public function getRedirectUrl() {
		return $this->redirectUrl;
	}

	/**
	 * Sets redirect url after unsuccessful authorization (e.g. user canceled).
	 *
	 * @param string url to redirect.
	 */
	public function setCancelUrl($url) {
		$this->cancelUrl = $url;
	}

	/**
	 * Returns the redirect url after unsuccessful authorization (e.g. user canceled).
	 *
	 * @return string the redirect url after unsuccessful authorization (e.g. user canceled).
	 */
	public function getCancelUrl() {
		return $this->cancelUrl;
	}

	/**
	 * Authenticate the user.
	 *
	 * @return boolean whether user was successfuly authenticated.
	 */
	public function authenticate() {
		return $this->getIsAuthenticated();
	}

	/**
	 * Whether user was successfuly authenticated.
	 *
	 * @return boolean whether user was successfuly authenticated.
	 */
	public function getIsAuthenticated() {
		return $this->authenticated;
	}

	/**
	 * Redirect to the url. If url is null, {@link redirectUrl} will be used.
	 *
	 * @param string $url url to redirect.
	 * @param array $params
	 */
	public function redirect($url = null, $params = array()) {
		$this->component->redirect(isset($url) ? $url : $this->redirectUrl, true, $params);
	}

	/**
	 * Redirect to the {@link cancelUrl} or simply close the popup window.
	 */
	public function cancel($url = null) {
		$this->component->redirect(isset($url) ? $url : $this->cancelUrl, !$this->component->popup);
	}

	/**
	 * Makes the curl request to the url.
	 *
	 * @param string $url url to request.
	 * @param array $options HTTP request options. Keys: query, data, referer.
	 * @param boolean $parseJson Whether to parse response in json format.
	 * @return stdClass the response.
	 */
	protected function makeRequest($url, $options = array(), $parseJson = true) {
		$ch = $this->initRequest($url, $options);

		$result = curl_exec($ch);
		$headers = curl_getinfo($ch);

		if (curl_errno($ch) > 0) {
			throw new EAuthException(curl_error($ch), curl_errno($ch));
		}

		if ($headers['http_code'] != 200) {
			Yii::log(
				'Invalid response http code: ' . $headers['http_code'] . '.' . PHP_EOL .
					'URL: ' . $url . PHP_EOL .
					'Options: ' . var_export($options, true) . PHP_EOL .
					'Result: ' . $result,
				CLogger::LEVEL_ERROR, 'application.extensions.eauth'
			);
			throw new EAuthException(Yii::t('eauth', 'Invalid response http code: {code}.', array('{code}' => $headers['http_code'])), $headers['http_code']);
		}

		curl_close($ch);

		if ($parseJson) {
			$result = $this->parseJson($result);
		}

		return $result;
	}

	/**
	 * Initializes a new session and return a cURL handle.
	 *
	 * @param string $url url to request.
	 * @param array $options HTTP request options. Keys: query, data, referer.
	 * @param boolean $parseJson Whether to parse response in json format.
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
	 * @return cURL handle.
	 */
	protected function initRequest($url, $options = array()) {
		$ch = curl_init();
		//curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // error with open_basedir or safe mode
		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($ch, CURLOPT_HEADER, 0);
		curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);

		if (isset($options['referer'])) {
			curl_setopt($ch, CURLOPT_REFERER, $options['referer']);
		}

		if (isset($options['headers'])) {
			curl_setopt($ch, CURLOPT_HTTPHEADER, $options['headers']);
		}

		if (isset($options['query'])) {
			$url_parts = parse_url($url);
			if (isset($url_parts['query'])) {
				$query = $url_parts['query'];
				if (strlen($query) > 0) {
					$query .= '&';
				}
				$query .= http_build_query($options['query']);
				$url = str_replace($url_parts['query'], $query, $url);
			}
			else {
				$url_parts['query'] = $options['query'];
				$new_query = http_build_query($url_parts['query']);
				$url .= '?' . $new_query;
			}
		}

		if (isset($options['data'])) {
			curl_setopt($ch, CURLOPT_POST, 1);
			curl_setopt($ch, CURLOPT_POSTFIELDS, $options['data']);
		}

		curl_setopt($ch, CURLOPT_URL, $url);
		return $ch;
	}

	/**
	 * Parse response from {@link makeRequest} in json format and check OAuth errors.
	 *
	 * @param string $response Json string.
	 * @return object result.
	 */
	protected function parseJson($response) {
		try {
			$result = json_decode($response);
			$error = $this->fetchJsonError($result);
			if (!isset($result)) {
				throw new EAuthException(Yii::t('eauth', 'Invalid response format.', array()), 500);
			}
			else {
				if (isset($error) && !empty($error['message'])) {
					throw new EAuthException($error['message'], $error['code']);
				}
				else {
					return $result;
				}
			}
		} catch (Exception $e) {
			throw new EAuthException($e->getMessage(), $e->getCode());
		}
	}

	/**
	 * Returns the error info from json.
	 *
	 * @param stdClass $json the json response.
	 * @return array the error array with 2 keys: code and message. Should be null if no errors.
	 */
	protected function fetchJsonError($json) {
		if (isset($json->error)) {
			return array(
				'code' => 500,
				'message' => 'Unknown error occurred.',
			);
		}
		else {
			return null;
		}
	}

	/**
	 * @return string a prefix for the name of the session variables storing eauth session data.
	 */
	protected function getStateKeyPrefix() {
		return '__eauth_' . $this->getServiceName() . '__';
	}

	/**
	 * Stores a variable in eauth session.
	 *
	 * @param string $key variable name.
	 * @param mixed $value variable value.
	 * @param mixed $defaultValue default value. If $value===$defaultValue, the variable will be
	 * removed from the session.
	 * @see getState
	 */
	protected function setState($key, $value, $defaultValue = null) {
		$session = Yii::app()->session;
		$key = $this->getStateKeyPrefix() . $key;
		if ($value === $defaultValue) {
			unset($session[$key]);
		}
		else {
			$session[$key] = $value;
		}
	}

	/**
	 * Returns a value indicating whether there is a state of the specified name.
	 *
	 * @param string $key state name.
	 * @return boolean whether there is a state of the specified name.
	 */
	protected function hasState($key) {
		$session = Yii::app()->session;
		$key = $this->getStateKeyPrefix() . $key;
		return isset($session[$key]);
	}

	/**
	 * Returns the value of a variable that is stored in eauth session.
	 *
	 * @param string $key variable name.
	 * @param mixed $defaultValue default value.
	 * @return mixed the value of the variable. If it doesn't exist in the session,
	 * the provided default value will be returned.
	 * @see setState
	 */
	protected function getState($key, $defaultValue = null) {
		$session = Yii::app()->session;
		$key = $this->getStateKeyPrefix() . $key;
		return isset($session[$key]) ? $session[$key] : $defaultValue;
	}

	/**
	 * Fetch attributes array.
	 *
	 * @return boolean whether the attributes was successfully fetched.
	 */
	protected function fetchAttributes() {
		return true;
	}

	/**
	 * Fetch attributes array.
	 * This function is internally used to handle fetched state.
	 */
	protected function _fetchAttributes() {
		if (!$this->fetched) {
			$this->fetched = true;
			$result = $this->fetchAttributes();
			if (isset($result)) {
				$this->fetched = $result;
			}
		}
	}

	/**
	 * Returns the user unique id.
	 *
	 * @return mixed the user id.
	 */
	public function getId() {
		$this->_fetchAttributes();
		// Check attribute for existance to avoid error.
		return isset($this->attributes['id']) ? $this->attributes['id'] : null;
	}

	/**
	 * Returns the array that contains all available authorization attributes.
	 *
	 * @return array the attributes.
	 */
	public function getAttributes() {
		$this->_fetchAttributes();
		$attributes = array();
		foreach ($this->attributes as $key => $val) {
			$attributes[$key] = $this->getAttribute($key);
		}
		return $attributes;
	}

	/**
	 * Returns the authorization attribute value.
	 *
	 * @param string $key the attribute name.
	 * @param mixed $default the default value.
	 * @return mixed the attribute value.
	 */
	public function getAttribute($key, $default = null) {
		$this->_fetchAttributes();
		$getter = 'get' . $key;
		if (method_exists($this, $getter)) {
			return $this->$getter();
		}
		else {
			return isset($this->attributes[$key]) ? $this->attributes[$key] : $default;
		}
	}

	/**
	 * Whether the authorization attribute exists.
	 *
	 * @param string $key the attribute name.
	 * @return boolean true if attribute exists, false otherwise.
	 */
	public function hasAttribute($key) {
		$this->_fetchAttributes();
		return isset($this->attributes[$key]);
	}

	/**
	 * Returns the object with a human-readable representation of the current authorization.
	 *
	 * @return stdClass the object.
	 */
	public function getItem() {
		$item = new stdClass;
		$item->title = $this->getAttribute('name');
		if (empty($this->title)) {
			$item->title = $this->getId();
		}
		if ($this->hasAttribute('url')) {
			$item->url = $this->getAttribute('url');
		}
		return $item;
	}

	/**
	 * Returns the array that contains all available authorization attributes.
	 *
	 * @return array the attributes.
	 * @deprecated because getAttributes is more semantic.
	 */
	public function getItemAttributes() {
		return $this->getAttributes();
	}
}


GitHub Access Token became invalid

Issues (1410)

Security Analysis not enabled

protected/extensions/eauth/EAuthServiceBase.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* EAuthServiceBase class file.
4			*
5			* @author Maxim Zemskov <[email protected]>
6			* @link http://github.com/Nodge/yii-eauth/
7			* @license http://www.opensource.org/licenses/bsd-license.php
8			*/
9
10			require_once 'IAuthService.php';
11
12			/**
13			* EAuthServiceBase is a base class for providers.
14			*
15			* @package application.extensions.eauth
16			*/
17			abstract class EAuthServiceBase extends CComponent implements IAuthService {
18
19			/**
20			* @var string the service name.
21			*/
22			protected $name;
23
24			/**
25			*
26			* @var string the service title to display in views.
27			*/
28			protected $title;
29
30			/**
31			* @var string the service type (e.g. OpenID, OAuth).
32			*/
33			protected $type;
34
35			/**
36			* @var array arguments for the jQuery.eauth() javascript function.
37			*/
38			protected $jsArguments = array();
39
40			/**
41			* @var array authorization attributes.
42			* @see getAttribute
43			* @see getItem
44			*/
45			protected $attributes = array();
46
47			/**
48			* @var boolean whether user was successfuly authenticated.
49			* @see getIsAuthenticated
50			*/
51			protected $authenticated = false;
52
53			/**
54			* @var boolean whether is attributes was fetched.
55			*/
56			private $fetched = false;
57
58			/**
59			* @var EAuth the {@link EAuth} application component.
60			*/
61			private $component;
62
63			/**
64			* @var string the redirect url after successful authorization.
65			*/
66			private $redirectUrl = '';
67
68			/**
69			* @var string the redirect url after unsuccessful authorization (e.g. user canceled).
70			*/
71			private $cancelUrl = '';
72
73			/**
74			* PHP getter magic method.
75			* This method is overridden so that service attributes can be accessed like properties.
76			*
77			* @param string $name property name.
78			* @return mixed property value.
79			* @see getAttribute
80			*/
81			public function __get($name) {
82			if ($this->hasAttribute($name)) {
83			return $this->getAttribute($name);
84			}
85			else {
86			return parent::__get($name);
87			}
88			}
89
90			/**
91			* Checks if a attribute value is null.
92			* This method overrides the parent implementation by checking
93			* if the attribute is null or not.
94			*
95			* @param string $name the attribute name.
96			* @return boolean whether the attribute value is null.
97			*/
98			public function __isset($name) {
99			if ($this->hasAttribute($name)) {
100			return true;
101			}
102			else {
103			return parent::__isset($name);
104			}
105			}
106
107			/**
108			* Initialize the component.
109			* Sets the default {@link redirectUrl} and {@link cancelUrl}.
110			*
111			* @param EAuth $component the component instance.
112			* @param array $options properties initialization.
113			*/
114			public function init($component, $options = array()) {
115			if (isset($component)) {
116			$this->setComponent($component);
117			}
118
119			$this->setRedirectUrl(Yii::app()->user->returnUrl);
120			$server = Yii::app()->request->getHostInfo();
121			$path = Yii::app()->request->getPathInfo();
122			$this->setCancelUrl($server . '/' . $path);
123
124			foreach ($options as $key => $val) {
125			$this->$key = $val;
126			}
127			}
128
129			/**
130			* Returns service name(id).
131			*
132			* @return string the service name(id).
133			*/
134			public function getServiceName() {
135			return $this->name;
136			}
137
138			/**
139			* Returns service title.
140			*
141			* @return string the service title.
142			*/
143			public function getServiceTitle() {
144			return Yii::t('eauth', $this->title);
145			}
146
147			/**
148			* Returns service type (e.g. OpenID, OAuth).
149			*
150			* @return string the service type (e.g. OpenID, OAuth).
151			*/
152			public function getServiceType() {
153			return $this->type;
154			}
155
156			/**
157			* Returns arguments for the jQuery.eauth() javascript function.
158			*
159			* @return array the arguments for the jQuery.eauth() javascript function.
160			*/
161			public function getJsArguments() {
162			return $this->jsArguments;
163			}
164
165			/**
166			* Sets {@link EAuth} application component
167			*
168			* @param EAuth $component the application auth component.
169			*/
170			public function setComponent($component) {
171			$this->component = $component;
172			}
173
174			/**
175			* Returns the {@link EAuth} application component.
176			*
177			* @return EAuth the {@link EAuth} application component.
178			*/
179			public function getComponent() {
180			return $this->component;
181			}
182
183			/**
184			* Sets redirect url after successful authorization.
185			*
186			* @param string url to redirect.
187			*/
188			public function setRedirectUrl($url) {
189			$this->redirectUrl = $url;
190			}
191
192			/**
193			* Returns the redirect url after successful authorization.
194			*
195			* @return string the redirect url after successful authorization.
196			*/
197			public function getRedirectUrl() {
198			return $this->redirectUrl;
199			}
200
201			/**
202			* Sets redirect url after unsuccessful authorization (e.g. user canceled).
203			*
204			* @param string url to redirect.
205			*/
206			public function setCancelUrl($url) {
207			$this->cancelUrl = $url;
208			}
209
210			/**
211			* Returns the redirect url after unsuccessful authorization (e.g. user canceled).
212			*
213			* @return string the redirect url after unsuccessful authorization (e.g. user canceled).
214			*/
215			public function getCancelUrl() {
216			return $this->cancelUrl;
217			}
218
219			/**
220			* Authenticate the user.
221			*
222			* @return boolean whether user was successfuly authenticated.
223			*/
224			public function authenticate() {
225			return $this->getIsAuthenticated();
226			}
227
228			/**
229			* Whether user was successfuly authenticated.
230			*
231			* @return boolean whether user was successfuly authenticated.
232			*/
233			public function getIsAuthenticated() {
234			return $this->authenticated;
235			}
236
237			/**
238			* Redirect to the url. If url is null, {@link redirectUrl} will be used.
239			*
240			* @param string $url url to redirect.
241			* @param array $params
242			*/
243			public function redirect($url = null, $params = array()) {
244			$this->component->redirect(isset($url) ? $url : $this->redirectUrl, true, $params);
245			}
246
247			/**
248			* Redirect to the {@link cancelUrl} or simply close the popup window.
249			*/
250			public function cancel($url = null) {
251			$this->component->redirect(isset($url) ? $url : $this->cancelUrl, !$this->component->popup);
252			}
253
254			/**
255			* Makes the curl request to the url.
256			*
257			* @param string $url url to request.
258			* @param array $options HTTP request options. Keys: query, data, referer.
259			* @param boolean $parseJson Whether to parse response in json format.
260			* @return stdClass the response.
261			*/
262			protected function makeRequest($url, $options = array(), $parseJson = true) {
263			$ch = $this->initRequest($url, $options);
264
265			$result = curl_exec($ch);
266			$headers = curl_getinfo($ch);
267
268			if (curl_errno($ch) > 0) {
269			throw new EAuthException(curl_error($ch), curl_errno($ch));
270			}
271
272			if ($headers['http_code'] != 200) {
273			Yii::log(
274			'Invalid response http code: ' . $headers['http_code'] . '.' . PHP_EOL .
275			'URL: ' . $url . PHP_EOL .
276			'Options: ' . var_export($options, true) . PHP_EOL .
277			'Result: ' . $result,
278			CLogger::LEVEL_ERROR, 'application.extensions.eauth'
279			);
280			throw new EAuthException(Yii::t('eauth', 'Invalid response http code: {code}.', array('{code}' => $headers['http_code'])), $headers['http_code']);
281			}
282
283			curl_close($ch);
284
285			if ($parseJson) {
286			$result = $this->parseJson($result);
287			}
288
289			return $result;
290			}
291
292			/**
293			* Initializes a new session and return a cURL handle.
294			*
295			* @param string $url url to request.
296			* @param array $options HTTP request options. Keys: query, data, referer.
297			* @param boolean $parseJson Whether to parse response in json format.
			0 ignored issues – show Bug introduced 2015-11-25 11:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$parseJson`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
298			* @return cURL handle.
299			*/
300			protected function initRequest($url, $options = array()) {
301			$ch = curl_init();
302			//curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // error with open_basedir or safe mode
303			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
304			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
305			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
306			curl_setopt($ch, CURLOPT_HEADER, 0);
307			curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
308
309			if (isset($options['referer'])) {
310			curl_setopt($ch, CURLOPT_REFERER, $options['referer']);
311			}
312
313			if (isset($options['headers'])) {
314			curl_setopt($ch, CURLOPT_HTTPHEADER, $options['headers']);
315			}
316
317			if (isset($options['query'])) {
318			$url_parts = parse_url($url);
319			if (isset($url_parts['query'])) {
320			$query = $url_parts['query'];
321			if (strlen($query) > 0) {
322			$query .= '&';
323			}
324			$query .= http_build_query($options['query']);
325			$url = str_replace($url_parts['query'], $query, $url);
326			}
327			else {
328			$url_parts['query'] = $options['query'];
329			$new_query = http_build_query($url_parts['query']);
330			$url .= '?' . $new_query;
331			}
332			}
333
334			if (isset($options['data'])) {
335			curl_setopt($ch, CURLOPT_POST, 1);
336			curl_setopt($ch, CURLOPT_POSTFIELDS, $options['data']);
337			}
338
339			curl_setopt($ch, CURLOPT_URL, $url);
340			return $ch;
341			}
342
343			/**
344			* Parse response from {@link makeRequest} in json format and check OAuth errors.
345			*
346			* @param string $response Json string.
347			* @return object result.
348			*/
349			protected function parseJson($response) {
350			try {
351			$result = json_decode($response);
352			$error = $this->fetchJsonError($result);
353			if (!isset($result)) {
354			throw new EAuthException(Yii::t('eauth', 'Invalid response format.', array()), 500);
355			}
356			else {
357			if (isset($error) && !empty($error['message'])) {
358			throw new EAuthException($error['message'], $error['code']);
359			}
360			else {
361			return $result;
362			}
363			}
364			} catch (Exception $e) {
365			throw new EAuthException($e->getMessage(), $e->getCode());
366			}
367			}
368
369			/**
370			* Returns the error info from json.
371			*
372			* @param stdClass $json the json response.
373			* @return array the error array with 2 keys: code and message. Should be null if no errors.
374			*/
375			protected function fetchJsonError($json) {
376			if (isset($json->error)) {
377			return array(
378			'code' => 500,
379			'message' => 'Unknown error occurred.',
380			);
381			}
382			else {
383			return null;
384			}
385			}
386
387			/**
388			* @return string a prefix for the name of the session variables storing eauth session data.
389			*/
390			protected function getStateKeyPrefix() {
391			return '__eauth_' . $this->getServiceName() . '__';
392			}
393
394			/**
395			* Stores a variable in eauth session.
396			*
397			* @param string $key variable name.
398			* @param mixed $value variable value.
399			* @param mixed $defaultValue default value. If $value===$defaultValue, the variable will be
400			* removed from the session.
401			* @see getState
402			*/
403			protected function setState($key, $value, $defaultValue = null) {
404			$session = Yii::app()->session;
405			$key = $this->getStateKeyPrefix() . $key;
406			if ($value === $defaultValue) {
407			unset($session[$key]);
408			}
409			else {
410			$session[$key] = $value;
411			}
412			}
413
414			/**
415			* Returns a value indicating whether there is a state of the specified name.
416			*
417			* @param string $key state name.
418			* @return boolean whether there is a state of the specified name.
419			*/
420			protected function hasState($key) {
421			$session = Yii::app()->session;
422			$key = $this->getStateKeyPrefix() . $key;
423			return isset($session[$key]);
424			}
425
426			/**
427			* Returns the value of a variable that is stored in eauth session.
428			*
429			* @param string $key variable name.
430			* @param mixed $defaultValue default value.
431			* @return mixed the value of the variable. If it doesn't exist in the session,
432			* the provided default value will be returned.
433			* @see setState
434			*/
435			protected function getState($key, $defaultValue = null) {
436			$session = Yii::app()->session;
437			$key = $this->getStateKeyPrefix() . $key;
438			return isset($session[$key]) ? $session[$key] : $defaultValue;
439			}
440
441			/**
442			* Fetch attributes array.
443			*
444			* @return boolean whether the attributes was successfully fetched.
445			*/
446			protected function fetchAttributes() {
447			return true;
448			}
449
450			/**
451			* Fetch attributes array.
452			* This function is internally used to handle fetched state.
453			*/
454			protected function _fetchAttributes() {
455			if (!$this->fetched) {
456			$this->fetched = true;
457			$result = $this->fetchAttributes();
458			if (isset($result)) {
459			$this->fetched = $result;
460			}
461			}
462			}
463
464			/**
465			* Returns the user unique id.
466			*
467			* @return mixed the user id.
468			*/
469			public function getId() {
470			$this->_fetchAttributes();
471			// Check attribute for existance to avoid error.
472			return isset($this->attributes['id']) ? $this->attributes['id'] : null;
473			}
474
475			/**
476			* Returns the array that contains all available authorization attributes.
477			*
478			* @return array the attributes.
479			*/
480			public function getAttributes() {
481			$this->_fetchAttributes();
482			$attributes = array();
483			foreach ($this->attributes as $key => $val) {
484			$attributes[$key] = $this->getAttribute($key);
485			}
486			return $attributes;
487			}
488
489			/**
490			* Returns the authorization attribute value.
491			*
492			* @param string $key the attribute name.
493			* @param mixed $default the default value.
494			* @return mixed the attribute value.
495			*/
496			public function getAttribute($key, $default = null) {
497			$this->_fetchAttributes();
498			$getter = 'get' . $key;
499			if (method_exists($this, $getter)) {
500			return $this->$getter();
501			}
502			else {
503			return isset($this->attributes[$key]) ? $this->attributes[$key] : $default;
504			}
505			}
506
507			/**
508			* Whether the authorization attribute exists.
509			*
510			* @param string $key the attribute name.
511			* @return boolean true if attribute exists, false otherwise.
512			*/
513			public function hasAttribute($key) {
514			$this->_fetchAttributes();
515			return isset($this->attributes[$key]);
516			}
517
518			/**
519			* Returns the object with a human-readable representation of the current authorization.
520			*
521			* @return stdClass the object.
522			*/
523			public function getItem() {
524			$item = new stdClass;
525			$item->title = $this->getAttribute('name');
526			if (empty($this->title)) {
527			$item->title = $this->getId();
528			}
529			if ($this->hasAttribute('url')) {
530			$item->url = $this->getAttribute('url');
531			}
532			return $item;
533			}
534
535			/**
536			* Returns the array that contains all available authorization attributes.
537			*
538			* @return array the attributes.
539			* @deprecated because getAttributes is more semantic.
540			*/
541			public function getItemAttributes() {
542			return $this->getAttributes();
543			}
544			}
545

shogodev / argilla

GitHub Access Token became invalid

Issues (1410)

Security Analysis not enabled

protected/extensions/eauth/EAuthServiceBase.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like