IdTokenResponse::getBuilder() - Code Metrics - Inspection of "Moved JWT builder in IdTokenResponse to protected..." - steverhoades/oauth2-openid-connect-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#23)

by Sergio

created 2018-11-11 16:46 UTC

IdTokenResponse::getBuilder() A

↳ Parent: IdTokenResponse

Complexity

Conditions	1
Paths	1

Size

Total Lines	11
Code Lines	7

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	8
CRAP Score	1

Importance

Changes

Metric	Value
eloc	7
dl	0
loc	11
ccs	8
cts	8
cp	1
rs	10
c	0
b	0
f	0
cc	1
nc	1
nop	2
crap	1

<?php
/**
 * @author Steve Rhoades <[email protected]>
 * @license http://opensource.org/licenses/MIT MIT
 */
namespace OpenIDConnectServer;

use OpenIDConnectServer\Repositories\IdentityProviderInterface;
use OpenIDConnectServer\Entities\ClaimSetInterface;
use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
use League\OAuth2\Server\Entities\ScopeEntityInterface;
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
use Lcobucci\JWT\Signer\Key;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\Builder;

class IdTokenResponse extends BearerTokenResponse
{
    /**
     * @var IdentityProviderInterface
     */
    protected $identityProvider;

    /**
     * @var ClaimExtractor
     */
    protected $claimExtractor;

    public function __construct(
        IdentityProviderInterface $identityProvider,
        ClaimExtractor $claimExtractor
    ) {
        $this->identityProvider = $identityProvider;
        $this->claimExtractor   = $claimExtractor;
    }

    protected function getBuilder(AccessTokenEntityInterface $accessToken, UserEntityInterface $userEntity)
    {
        // Add required id_token claims
        $builder = (new Builder())
            ->setAudience($accessToken->getClient()->getIdentifier())
            ->setIssuer('https://' . $_SERVER['HTTP_HOST'])
            ->setIssuedAt(time())
            ->setExpiration($accessToken->getExpiryDateTime()->getTimestamp())
            ->setSubject($userEntity->getIdentifier());

        return $builder;
    }

    /**
     * @param AccessTokenEntityInterface $accessToken
     * @return array
     */
    protected function getExtraParams(AccessTokenEntityInterface $accessToken)
    {
        if (false === $this->isOpenIDRequest($accessToken->getScopes())) {
            return [];
        }

        /** @var UserEntityInterface $userEntity */
        $userEntity = $this->identityProvider->getUserEntityByIdentifier($accessToken->getUserIdentifier());

        if (false === is_a($userEntity, UserEntityInterface::class)) {
            throw new \RuntimeException('UserEntity must implement UserEntityInterface');
        } else if (false === is_a($userEntity, ClaimSetInterface::class)) {
            throw new \RuntimeException('UserEntity must implement ClaimSetInterface');
        }

        // Add required id_token claims
        $builder = $this->getBuilder($accessToken, $userEntity);

        // Need a claim factory here to reduce the number of claims by provided scope.
        $claims = $this->claimExtractor->extract($accessToken->getScopes(), $userEntity->getClaims());

        foreach ($claims as $claimName => $claimValue) {
            $builder->set($claimName, $claimValue);
        }

        $token = $builder
            ->sign(new Sha256(), new Key($this->privateKey->getKeyPath(), $this->privateKey->getPassPhrase()))
            ->getToken();

        return [
            'id_token' => (string) $token
        ];
    }

    /**
     * @param ScopeEntityInterface[] $scopes
     * @return bool
     */
    private function isOpenIDRequest($scopes)
    {
        // Verify scope and make sure openid exists.
        $valid  = false;

        foreach ($scopes as $scope) {
            if ($scope->getIdentifier() === 'openid') {
                $valid = true;
                break;
            }
        }

        return $valid;
    }

}


1		<?php
2		/**
3		* @author Steve Rhoades <[email protected]>
4		* @license http://opensource.org/licenses/MIT MIT
5		*/
6		namespace OpenIDConnectServer;
7
8		use OpenIDConnectServer\Repositories\IdentityProviderInterface;
9		use OpenIDConnectServer\Entities\ClaimSetInterface;
10		use League\OAuth2\Server\Entities\UserEntityInterface;
11		use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
12		use League\OAuth2\Server\Entities\ScopeEntityInterface;
13		use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
14		use Lcobucci\JWT\Signer\Key;
15		use Lcobucci\JWT\Signer\Rsa\Sha256;
16		use Lcobucci\JWT\Builder;
17
18		class IdTokenResponse extends BearerTokenResponse
19		{
20		/**
21		* @var IdentityProviderInterface
22		*/
23		protected $identityProvider;
24
25		/**
26		* @var ClaimExtractor
27		*/
28		protected $claimExtractor;
29
30	5	public function __construct(
31		IdentityProviderInterface $identityProvider,
32		ClaimExtractor $claimExtractor
33		) {
34	5	$this->identityProvider = $identityProvider;
35	5	$this->claimExtractor = $claimExtractor;
36	5	}
37
38	2	protected function getBuilder(AccessTokenEntityInterface $accessToken, UserEntityInterface $userEntity)
39		{
40		// Add required id_token claims
41	2	$builder = (new Builder())
42	2	->setAudience($accessToken->getClient()->getIdentifier())
43	2	->setIssuer('https://' . $_SERVER['HTTP_HOST'])
44	2	->setIssuedAt(time())
45	2	->setExpiration($accessToken->getExpiryDateTime()->getTimestamp())
46	2	->setSubject($userEntity->getIdentifier());
47
48	2	return $builder;
49		}
50
51		/**
52		* @param AccessTokenEntityInterface $accessToken
53		* @return array
54		*/
55	5	protected function getExtraParams(AccessTokenEntityInterface $accessToken)
56		{
57	5	if (false === $this->isOpenIDRequest($accessToken->getScopes())) {
58	1	return [];
59		}
60
61		/** @var UserEntityInterface $userEntity */
62	4	$userEntity = $this->identityProvider->getUserEntityByIdentifier($accessToken->getUserIdentifier());
63
64	4	if (false === is_a($userEntity, UserEntityInterface::class)) {
65	1	throw new \RuntimeException('UserEntity must implement UserEntityInterface');
66	3	} else if (false === is_a($userEntity, ClaimSetInterface::class)) {
67	1	throw new \RuntimeException('UserEntity must implement ClaimSetInterface');
68		}
69
70		// Add required id_token claims
71	2	$builder = $this->getBuilder($accessToken, $userEntity);
72
73		// Need a claim factory here to reduce the number of claims by provided scope.
74	2	$claims = $this->claimExtractor->extract($accessToken->getScopes(), $userEntity->getClaims());
75
76	2	foreach ($claims as $claimName => $claimValue) {
77	1	$builder->set($claimName, $claimValue);
78		}
79
80		$token = $builder
81	2	->sign(new Sha256(), new Key($this->privateKey->getKeyPath(), $this->privateKey->getPassPhrase()))
82	2	->getToken();
83
84		return [
85	2	'id_token' => (string) $token
86		];
87		}
88
89		/**
90		* @param ScopeEntityInterface[] $scopes
91		* @return bool
92		*/
93	5	private function isOpenIDRequest($scopes)
94		{
95		// Verify scope and make sure openid exists.
96	5	$valid = false;
97
98	5	foreach ($scopes as $scope) {
99	5	if ($scope->getIdentifier() === 'openid') {
100	4	$valid = true;
101	5	break;
102		}
103		}
104
105	5	return $valid;
106		}
107
108		}
109

steverhoades / oauth2-openid-connect-server

Pull Request — master (#23)

IdTokenResponse::getBuilder() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like