Test Failed
Pull Request — master (#52)
by Matthieu
17:46
created

JWTSecurityHelper::getJWTToken()   A

Complexity

Conditions 3
Paths 3

Size

Total Lines 11
Code Lines 5

Duplication

Lines 0
Ratio 0 %

Importance

Changes 1
Bugs 0 Features 0
Metric Value
cc 3
eloc 5
nc 3
nop 1
dl 0
loc 11
rs 10
c 1
b 0
f 0
1
<?php
2
3
declare(strict_types=1);
4
5
namespace AtlassianConnectBundle\Security;
6
7
use AtlassianConnectBundle\Service\QSHGenerator;
8
use Doctrine\ORM\EntityManagerInterface;
9
use Firebase\JWT\JWT;
10
use Symfony\Component\HttpFoundation\Request;
11
12
final class JWTSecurityHelper implements JWTSecurityHelperInterface
13
{
14
    /**
15
     * @var EntityManagerInterface
16
     */
17
    private $entityManager;
18
19
    /**
20
     * @var int|null
21
     */
22
    private $devTenant;
23
24
    /**
25
     * @var string
26
     */
27
    private $environment;
28
29
    /**
30
     * @var string
31
     */
32
    private $tenantEntityClass;
33
34
    public function __construct(
35
        EntityManagerInterface $entityManager,
36
        ?int $devTenant,
37
        string $environment,
38
        string $tenantEntityClass
39
    ) {
40
        $this->entityManager = $entityManager;
41
        $this->devTenant = $devTenant;
42
        $this->environment = $environment;
43
        $this->tenantEntityClass = $tenantEntityClass;
44
    }
45
46
    public function getJWTToken(Request $request): ?string
47
    {
48
        if ($request->query->has('jwt')) {
49
            return (string) $request->query->get('jwt');
50
        }
51
52
        if ($headerJWT = $this->findJWTInHeader($request)) {
53
            return $headerJWT;
54
        }
55
56
        return $this->findTenantJWT($request);
57
    }
58
59
    private function findJWTInHeader(Request $request): ?string
60
    {
61
        if ($request->headers->has('authorization')) {
62
            $authorizationHeaderArray = \explode(' ', $request->headers->get('authorization'));
63
64
            if (\count($authorizationHeaderArray) > 1) {
65
                return $authorizationHeaderArray[1];
66
            }
67
        }
68
69
        return null;
70
    }
71
72
    public function supportsRequest(Request $request): bool
73
    {
74
        return $request->query->has('jwt') ||
75
            $request->headers->has('authorization') ||
76
            ($this->devTenant && $this->environment === 'dev');
0 ignored issues
show
Bug Best Practice introduced by
The expression $this->devTenant of type integer|null is loosely compared to true; this is ambiguous if the integer can be 0. You might want to explicitly use !== null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For integer values, zero is a special case, in particular the following results might be unexpected:

0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
Loading history...
77
    }
78
79
    private function findTenantJWT(Request $request): ?string
80
    {
81
        if (!$this->devTenant || $this->environment  !== 'dev') {
0 ignored issues
show
Bug Best Practice introduced by
The expression $this->devTenant of type integer|null is loosely compared to false; this is ambiguous if the integer can be 0. You might want to explicitly use === null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For integer values, zero is a special case, in particular the following results might be unexpected:

0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
Loading history...
82
            return null;
83
        }
84
85
        $tenant = $this->entityManager
86
            ->getRepository($this->tenantEntityClass)
87
            ->find($this->devTenant);
88
89
        if (!$tenant) {
90
            throw new \RuntimeException(\sprintf('Cant find tenant with id %s - please set atlassian_connect.dev_tenant to false to disable dedicated dev tenant OR add valid id', $this->devTenant));
91
        }
92
93
        return JWT::encode([
94
            'iss' => $tenant->getClientKey(),
95
            'iat' => \time(),
96
            'exp' => \strtotime('+1 day'),
97
            'qsh' => QSHGenerator::generate($request->getRequestUri(), 'GET'),
98
            'sub' => 'admin',
99
        ], $tenant->getSharedSecret());
100
    }
101
}
102