SecurityProfile   A
last analyzed

Complexity

Total Complexity 10

Size/Duplication

Total Lines 92
Duplicated Lines 0 %

Importance

Changes 0
Metric Value
wmc 10
eloc 17
dl 0
loc 92
rs 10
c 0
b 0
f 0

6 Methods

Rating   Name   Duplication   Size   Complexity  
A acl() 0 3 1
A authenticationErrors() 0 3 1
A processEntryPoint() 0 7 2
A handleAuthenticationSuccess() 0 3 1
A process() 0 12 4
A __construct() 0 8 1
1
<?php
2
3
/**
4
 * This file is part of web-stack
5
 *
6
 * For the full copyright and license information, please view the LICENSE
7
 * file that was distributed with this source code.
8
 */
9
10
declare(strict_types=1);
11
12
namespace Slick\WebStack\Domain\Security\Http\SecurityProfile;
13
14
use Slick\WebStack\Domain\Security\Authentication\Token\TokenStorageInterface;
15
use Slick\WebStack\Domain\Security\Http\AuthenticationEntryPointInterface;
16
use Slick\WebStack\Domain\Security\Http\AuthenticatorManagerInterface;
17
use Slick\WebStack\Domain\Security\Http\SecurityProfileInterface;
18
use Slick\WebStack\Domain\Security\UserInterface;
19
use Psr\Http\Message\ResponseInterface;
20
use Psr\Http\Message\ServerRequestInterface;
21
use Slick\Http\Message\Response;
22
23
/**
24
 * SecurityProfile
25
 *
26
 * @package Slick\WebStack\Domain\Security\Http\SecurityProfile
27
 */
28
class SecurityProfile implements SecurityProfileInterface
29
{
30
    use SecurityProfileTrait;
31
32
    public const REQUEST_TOKEN_KEY = '_security_token';
33
34
    /**
35
     * Creates a SecurityProfile
36
     *
37
     * @param string $matchExp
38
     * @param AuthenticatorManagerInterface $authenticatorManager
39
     * @param TokenStorageInterface<UserInterface> $tokenStorage
40
     * @param AuthenticationEntryPointInterface|null $entryPoint
41
     * @param array<string> $acl
42
     */
43
    public function __construct(
44
        string $matchExp,
45
        protected readonly AuthenticatorManagerInterface $authenticatorManager,
46
        protected readonly TokenStorageInterface $tokenStorage,
47
        private readonly ?AuthenticationEntryPointInterface $entryPoint = null,
48
        private readonly array $acl = []
49
    ) {
50
        $this->matchExp = $matchExp;
51
    }
52
53
    /**
54
     * Processes the given server request by authenticating it or delegating to the entry point.
55
     *
56
     * @param ServerRequestInterface $request The server request to process.
57
     * @return ResponseInterface|null Returns the authenticated response or null if authentication is not supported.
58
     */
59
    public function process(ServerRequestInterface $request): ?ResponseInterface
60
    {
61
        $supports = $this->authenticatorManager->supports($request);
62
        if (!$supports) {
0 ignored issues
show
Bug Best Practice introduced by
The expression $supports of type boolean|null is loosely compared to false; this is ambiguous if the boolean can be false. You might want to explicitly use !== null instead.

If an expression can have both false, and null as possible values. It is generally a good practice to always use strict comparison to clearly distinguish between those two values.

$a = canBeFalseAndNull();

// Instead of
if ( ! $a) { }

// Better use one of the explicit versions:
if ($a !== null) { }
if ($a !== false) { }
if ($a !== null && $a !== false) { }
Loading history...
63
              return null;
64
        }
65
66
        $response =  $this->authenticatorManager->authenticateRequest($request);
67
        if (is_null($response) || $response->getStatusCode() < 400) {
68
            $this->handleAuthenticationSuccess($request);
69
        }
70
        return $response;
71
    }
72
73
    /**
74
     * Processes the entry point for the given server request.
75
     *
76
     * If an entry point is defined, it will start the authentication process
77
     * using the provided server request. Otherwise, it returns a response with
78
     * a status code of 401 (Unauthorized).
79
     *
80
     * @param ServerRequestInterface $request The server request to process the entry point.
81
     * @return null|ResponseInterface Returns the response of the entry point or a response with
82
     *                           a status code of 401 (Unauthorized).
83
     */
84
    public function processEntryPoint(ServerRequestInterface $request): ?ResponseInterface
85
    {
86
        if ($this->entryPoint) {
87
            return $this->entryPoint->start($request);
88
        }
89
90
        return new Response(401, 'Unauthorized');
91
    }
92
93
    /**
94
     * Handles successful authentication by adding the token attribute to the request.
95
     *
96
     * @param ServerRequestInterface &$request The incoming request object.
97
     *
98
     * @return void
99
     */
100
    protected function handleAuthenticationSuccess(ServerRequestInterface &$request): void
101
    {
102
        $request = $request->withAttribute(self::REQUEST_TOKEN_KEY, $this->tokenStorage->getToken());
103
    }
104
105
    /**
106
     * @inheritDoc
107
     */
108
    
109
    public function authenticationErrors(): array
110
    {
111
        return $this->authenticatorManager->authenticationErrors();
112
    }
113
114
    /**
115
     * @inheritDoc
116
     */
117
    public function acl(): array
118
    {
119
        return $this->acl;
120
    }
121
}
122