HostHeader - Code Metrics - Inspection of "Merge pull request #1 from moufmouf/improvements" - thecodingmachine/csrf-header-check-middleware - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( c44d00...13b3c2 )

by David

created 2017-06-12 15:01 UTC

HostHeader A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	27
Duplicated Lines	0 %

Coupling/Cohesion

Components	0
Dependencies	2

Importance

Changes

Metric	Value
wmc	3
lcom	0
cbo	2
dl	0
loc	27
rs	10
c	0
b	0
f	0

2 Methods

Rating	Name	Duplication	Size	Complexity
A	__invoke()	0	10	2
A	removePortFromHost()	0	4	1

<?php


namespace TheCodingMachine\Middlewares\OriginFetchers;

use Psr\Http\Message\ServerRequestInterface;
use TheCodingMachine\Middlewares\CsrfHeaderCheckMiddlewareException;

/**
 * Reads the target origin from the "Host" HTTP 1.1 header.
 * Note: the "Host" header cannot be modified from Javascript.
 *
 * We do not rely on the "X-Forwarded-Host" header on purpose because this header can be tempered from JS.
 */
class HostHeader implements TargetOriginInterface
{
    use HeaderFetcher;

    /**
     * Returns an array of allowed domain names.
     * If the "source" origin matches one of these origins, the request is valid.
     *
     * @return string[]
     * @throws \TheCodingMachine\Middlewares\CsrfHeaderCheckMiddlewareException
     */
    public function __invoke(ServerRequestInterface $request): array
    {
        $host = $this->getHeaderLine($request, 'HOST');

        if (null === $host) {
            throw new CsrfHeaderCheckMiddlewareException('Could not find the HOST header in the HTTP request.');
        }

        return [ $this->removePortFromHost($host) ];
    }

    private function removePortFromHost(string $host)
    {
        return explode(':', $host)[0];
    }
}


1			<?php
2
3
4			namespace TheCodingMachine\Middlewares\OriginFetchers;
5
6			use Psr\Http\Message\ServerRequestInterface;
7			use TheCodingMachine\Middlewares\CsrfHeaderCheckMiddlewareException;
8
9			/**
10			* Reads the target origin from the "Host" HTTP 1.1 header.
11			* Note: the "Host" header cannot be modified from Javascript.
12			*
13			* We do not rely on the "X-Forwarded-Host" header on purpose because this header can be tempered from JS.
14			*/
15			class HostHeader implements TargetOriginInterface
16			{
17			use HeaderFetcher;
18
19			/**
20			* Returns an array of allowed domain names.
21			* If the "source" origin matches one of these origins, the request is valid.
22			*
23			* @return string[]
24			* @throws \TheCodingMachine\Middlewares\CsrfHeaderCheckMiddlewareException
25			*/
26			public function __invoke(ServerRequestInterface $request): array
27			{
28			$host = $this->getHeaderLine($request, 'HOST');
29
30			if (null === $host) {
31			throw new CsrfHeaderCheckMiddlewareException('Could not find the HOST header in the HTTP request.');
32			}
33
34			return [ $this->removePortFromHost($host) ];
35			}
36
37			private function removePortFromHost(string $host)
38			{
39			return explode(':', $host)[0];
40			}
41			}
42

thecodingmachine / csrf-header-check-middleware

Push — master ( c44d00...13b3c2 )

HostHeader A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

2 Methods

Duplication Side-by-Side

Filter issues like