CsrfHeaderCheckMiddleware::__construct() - Code Metrics - Inspection of "Merge pull request #1 from moufmouf/improvements" - thecodingmachine/csrf-header-check-middleware - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( c44d00...13b3c2 )

by David

created 2017-06-12 15:01 UTC

CsrfHeaderCheckMiddleware::__construct() A

↳ Parent: CsrfHeaderCheckMiddleware

Complexity

Conditions	1
Paths	1

Size

Total Lines	6
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	6
rs	9.4285
c	0
b	0
f	0
cc	1
eloc	4
nc	1
nop	3

<?php
declare(strict_types=1);

namespace TheCodingMachine\Middlewares;

use Interop\Http\ServerMiddleware\DelegateInterface;
use Interop\Http\ServerMiddleware\MiddlewareInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use TheCodingMachine\Middlewares\OriginFetchers\SourceOriginInterface;
use TheCodingMachine\Middlewares\OriginFetchers\TargetOriginInterface;
use TheCodingMachine\Middlewares\SafeRequests\IsSafeHttpRequestInterface;

/**
 * This class will check that all POST/PUT/DELETE... requests and verify that the "Origin" of the request is your own website.
 */
final class CsrfHeaderCheckMiddleware implements MiddlewareInterface
{
    /**
     * @var IsSafeHttpRequestInterface
     */
    private $isSafeHttpRequest;
    /**
     * @var TargetOriginInterface
     */
    private $targetOrigins;

    /**
     * @var SourceOriginInterface
     */
    private $sourceOrigin;

    const STRICT_COMPARE = true;

    /**
     * CsrfHeaderCheckMiddleware constructor.
     * @param IsSafeHttpRequestInterface $isSafeHttpRequest
     * @param TargetOriginInterface $targetOrigins
     * @param SourceOriginInterface $sourceOrigin
     */
    public function __construct(IsSafeHttpRequestInterface $isSafeHttpRequest, TargetOriginInterface $targetOrigins, SourceOriginInterface $sourceOrigin)
    {
        $this->isSafeHttpRequest = $isSafeHttpRequest;
        $this->targetOrigins = $targetOrigins;
        $this->sourceOrigin = $sourceOrigin;
    }

    /**
     * Process an incoming server request and return a response, optionally delegating
     * to the next middleware component to create the response.
     *
     * @param ServerRequestInterface $request
     * @param DelegateInterface $delegate
     * @return ResponseInterface
     * @throws CsrfHeaderCheckMiddlewareException
     */
    public function process(ServerRequestInterface $request, DelegateInterface $delegate)
    {
        $isSafeHttpRequest = $this->isSafeHttpRequest;
        if (!$isSafeHttpRequest($request)) {
            $sourceOrigin = $this->sourceOrigin;
            $targetOrigins = $this->targetOrigins;

            $source = $sourceOrigin($request);
            $targets = $targetOrigins($request);

            if (!in_array($source, $targets, self::STRICT_COMPARE)) {
                throw new CsrfHeaderCheckMiddlewareException('Potential CSRF attack stopped. Source origin and target origin do not match.');
            }
        }
        return $delegate->process($request);
    }
}


1			<?php
2			declare(strict_types=1);
3
4			namespace TheCodingMachine\Middlewares;
5
6			use Interop\Http\ServerMiddleware\DelegateInterface;
7			use Interop\Http\ServerMiddleware\MiddlewareInterface;
8			use Psr\Http\Message\ResponseInterface;
9			use Psr\Http\Message\ServerRequestInterface;
10			use TheCodingMachine\Middlewares\OriginFetchers\SourceOriginInterface;
11			use TheCodingMachine\Middlewares\OriginFetchers\TargetOriginInterface;
12			use TheCodingMachine\Middlewares\SafeRequests\IsSafeHttpRequestInterface;
13
14			/**
15			* This class will check that all POST/PUT/DELETE... requests and verify that the "Origin" of the request is your own website.
16			*/
17			final class CsrfHeaderCheckMiddleware implements MiddlewareInterface
18			{
19			/**
20			* @var IsSafeHttpRequestInterface
21			*/
22			private $isSafeHttpRequest;
23			/**
24			* @var TargetOriginInterface
25			*/
26			private $targetOrigins;
27
28			/**
29			* @var SourceOriginInterface
30			*/
31			private $sourceOrigin;
32
33			const STRICT_COMPARE = true;
34
35			/**
36			* CsrfHeaderCheckMiddleware constructor.
37			* @param IsSafeHttpRequestInterface $isSafeHttpRequest
38			* @param TargetOriginInterface $targetOrigins
39			* @param SourceOriginInterface $sourceOrigin
40			*/
41			public function __construct(IsSafeHttpRequestInterface $isSafeHttpRequest, TargetOriginInterface $targetOrigins, SourceOriginInterface $sourceOrigin)
42			{
43			$this->isSafeHttpRequest = $isSafeHttpRequest;
44			$this->targetOrigins = $targetOrigins;
45			$this->sourceOrigin = $sourceOrigin;
46			}
47
48			/**
49			* Process an incoming server request and return a response, optionally delegating
50			* to the next middleware component to create the response.
51			*
52			* @param ServerRequestInterface $request
53			* @param DelegateInterface $delegate
54			* @return ResponseInterface
55			* @throws CsrfHeaderCheckMiddlewareException
56			*/
57			public function process(ServerRequestInterface $request, DelegateInterface $delegate)
58			{
59			$isSafeHttpRequest = $this->isSafeHttpRequest;
60			if (!$isSafeHttpRequest($request)) {
61			$sourceOrigin = $this->sourceOrigin;
62			$targetOrigins = $this->targetOrigins;
63
64			$source = $sourceOrigin($request);
65			$targets = $targetOrigins($request);
66
67			if (!in_array($source, $targets, self::STRICT_COMPARE)) {
68			throw new CsrfHeaderCheckMiddlewareException('Potential CSRF attack stopped. Source origin and target origin do not match.');
69			}
70			}
71			return $delegate->process($request);
72			}
73			}
74

thecodingmachine / csrf-header-check-middleware

Push — master ( c44d00...13b3c2 )

CsrfHeaderCheckMiddleware::__construct() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like