Issues in index.php - Fixed Issues - Inspection of "Update test to ensure token and verifier in reques..." - thephpleague/oauth1-trello - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( a6392d...aecc07 )

by Steven

created 2015-12-28 18:56 UTC

example/index.php (1 issue)

Labels

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

require dirname(__DIR__) . '/vendor/autoload.php';

session_start();

// Create a server instance. Provide your trello app identifier and secret.
$server = new \League\OAuth1\Client\Server\Trello([
    'identifier'              => '',
    'secret'                  => '',
    'callbackUri'             => 'http://localhost:9000/',
    // The following can be used to set defaults for the server
    'scope'                   => 'read,write,account',
    'expiration'              => '1day',
    'name'                    => 'Trello App'
]);

// Create some basic UI help
function display($data, $fullWidth = true) {
    if ($fullWidth) {
        echo '<pre style="background: #efefef; margin: 1%; padding: 1%;">';
    } else {
        echo '<pre style="background: #efefef; margin: 1%; padding: 1%; width: 46%; float: left; clear: none;">';
    }

    var_dump($data);


    echo '</pre>';
};

// Obtain Temporary Credentials and User Authorization
if (!isset($_GET['oauth_token'], $_GET['oauth_verifier'])) {

    if (!isset($_GET['start'])) {
        echo '<a href="/?start=true">Login</a>';
    } else {

        // First part of OAuth 1.0 authentication is to
        // obtain Temporary Credentials.
        $temporaryCredentials = $server->getTemporaryCredentials();

        // Store credentials in the session, we'll need them later
        $_SESSION['temporary_credentials'] = serialize($temporaryCredentials);
        session_write_close();

        // Second part of OAuth 1.0 authentication is to obtain User Authorization
        // by redirecting the resource owner to the login screen on the server.
        // Create an authorization url.
        $authorizationUrl = $server->getAuthorizationUrl($temporaryCredentials);

        // Redirect the user to the authorization URL. The user will be redirected
        // to the familiar login screen on the server, where they will login to
        // their account and authorize your app to access their data.
        header('Location: ' . $authorizationUrl);
        exit;
    }

// Obtain Token Credentials
} else {
    try {

        // Add a link to reset the flow
        echo '<a href="/">Reset</a>';

        // Retrieve the temporary credentials we saved before.
        $temporaryCredentials = unserialize($_SESSION['temporary_credentials']);

        // We will now obtain Token Credentials from the server.
        $tokenCredentials = $server->getTokenCredentials(
            $temporaryCredentials,
            $_GET['oauth_token'],
            $_GET['oauth_verifier']
        );

        // We have token credentials, which we may use in authenticated
        // requests against the service provider's API. Let's look at them.
        display( $tokenCredentials->getIdentifier() );
        display( $tokenCredentials->getSecret() );


        // Using the access token, we may look up details about the
        // resource owner.
        $resourceOwner = $server->getResourceOwner($tokenCredentials);

        // Let's view the details about the resource owner.
        display( $resourceOwner->toArray(), false );

        // The server provides a way to get an authenticated API request for
        // the service, using the access token; it returns an object conforming
        // to Psr\Http\Message\RequestInterface.
        //
        // Let's create a request to retrieve the details of the
        // resource owner's boards.
        $request = $server->getAuthenticatedRequest(
            'GET',
            'https://api.trello.com/1/members/me/boards',
            $tokenCredentials
        );

        $response = $server->getHttpClient()->send($request);

        $json = (string) $response->getBody();

        $payload = json_decode($json);

        // Let's view the details of the resource owner's boards.
        display( $payload, false );

    } catch (\League\OAuth1\Client\Exceptions\Exception $e) {

        // Failed to get the token credentials or user details.
        exit($e->getMessage());

    }

}


1			<?php
2
3			require dirname(__DIR__) . '/vendor/autoload.php';
4
5			session_start();
6
7			// Create a server instance. Provide your trello app identifier and secret.
8			$server = new \League\OAuth1\Client\Server\Trello([
9			'identifier' => '',
10			'secret' => '',
11			'callbackUri' => 'http://localhost:9000/',
12			// The following can be used to set defaults for the server
13			'scope' => 'read,write,account',
14			'expiration' => '1day',
15			'name' => 'Trello App'
16			]);
17
18			// Create some basic UI help
19			function display($data, $fullWidth = true) {
20			if ($fullWidth) {
21			echo '<pre style="background: #efefef; margin: 1%; padding: 1%;">';
22			} else {
23			echo '<pre style="background: #efefef; margin: 1%; padding: 1%; width: 46%; float: left; clear: none;">';
24			}
25
26			var_dump($data);
			1 ignored issue – show Security Debugging Code introduced 2015-12-16 17:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this `var_dump($data);` looks like debug code. Are you sure you do not want to remove it? This might expose sensitive data. Loading history...
27
28			echo '</pre>';
29			};
30
31			// Obtain Temporary Credentials and User Authorization
32			if (!isset($_GET['oauth_token'], $_GET['oauth_verifier'])) {
33
34			if (!isset($_GET['start'])) {
35			echo '<a href="/?start=true">Login</a>';
36			} else {
37
38			// First part of OAuth 1.0 authentication is to
39			// obtain Temporary Credentials.
40			$temporaryCredentials = $server->getTemporaryCredentials();
41
42			// Store credentials in the session, we'll need them later
43			$_SESSION['temporary_credentials'] = serialize($temporaryCredentials);
44			session_write_close();
45
46			// Second part of OAuth 1.0 authentication is to obtain User Authorization
47			// by redirecting the resource owner to the login screen on the server.
48			// Create an authorization url.
49			$authorizationUrl = $server->getAuthorizationUrl($temporaryCredentials);
50
51			// Redirect the user to the authorization URL. The user will be redirected
52			// to the familiar login screen on the server, where they will login to
53			// their account and authorize your app to access their data.
54			header('Location: ' . $authorizationUrl);
55			exit;
56			}
57
58			// Obtain Token Credentials
59			} else {
60			try {
61
62			// Add a link to reset the flow
63			echo '<a href="/">Reset</a>';
64
65			// Retrieve the temporary credentials we saved before.
66			$temporaryCredentials = unserialize($_SESSION['temporary_credentials']);
67
68			// We will now obtain Token Credentials from the server.
69			$tokenCredentials = $server->getTokenCredentials(
70			$temporaryCredentials,
71			$_GET['oauth_token'],
72			$_GET['oauth_verifier']
73			);
74
75			// We have token credentials, which we may use in authenticated
76			// requests against the service provider's API. Let's look at them.
77			display( $tokenCredentials->getIdentifier() );
78			display( $tokenCredentials->getSecret() );
79
80
81			// Using the access token, we may look up details about the
82			// resource owner.
83			$resourceOwner = $server->getResourceOwner($tokenCredentials);
84
85			// Let's view the details about the resource owner.
86			display( $resourceOwner->toArray(), false );
87
88			// The server provides a way to get an authenticated API request for
89			// the service, using the access token; it returns an object conforming
90			// to Psr\Http\Message\RequestInterface.
91			//
92			// Let's create a request to retrieve the details of the
93			// resource owner's boards.
94			$request = $server->getAuthenticatedRequest(
95			'GET',
96			'https://api.trello.com/1/members/me/boards',
97			$tokenCredentials
98			);
99
100			$response = $server->getHttpClient()->send($request);
101
102			$json = (string) $response->getBody();
103
104			$payload = json_decode($json);
105
106			// Let's view the details of the resource owner's boards.
107			display( $payload, false );
108
109			} catch (\League\OAuth1\Client\Exceptions\Exception $e) {
110
111			// Failed to get the token credentials or user details.
112			exit($e->getMessage());
113
114			}
115
116			}
117

thephpleague / oauth1-trello

Push — master ( a6392d...aecc07 )

example/index.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like