DeviceCodeGrant::validateDeviceCode() - Code Metrics - Inspection of "Fix including interval in response of device autho..." - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#1410)

unknown

created 2024-11-14 18:47 UTC

DeviceCodeGrant::validateDeviceCode() A

↳ Parent: DeviceCodeGrant

Complexity

Conditions	6
Paths	6

Size

Total Lines	31
Code Lines	15

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	11
CRAP Score	6.1308

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	6
eloc	15
c	1
b	0
f	0
nc	6
nop	2
dl	0
loc	31
ccs	11
cts	13
cp	0.8462
crap	6.1308
rs	9.2222

<?php

/**
 * OAuth 2.0 Device Code grant.
 *
 * @author      Andrew Millington <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

declare(strict_types=1);

namespace League\OAuth2\Server\Grant;

use DateInterval;
use DateTimeImmutable;
use Error;
use Exception;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\DeviceCodeEntityInterface;
use League\OAuth2\Server\Entities\ScopeEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
use League\OAuth2\Server\Repositories\DeviceCodeRepositoryInterface;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\ResponseTypes\DeviceCodeResponse;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ServerRequestInterface;
use TypeError;

use function is_null;
use function random_int;
use function strlen;
use function time;

/**
 * Device Code grant class.
 */
class DeviceCodeGrant extends AbstractGrant
{
    protected DeviceCodeRepositoryInterface $deviceCodeRepository;
    private bool $includeVerificationUriComplete = false;
    private bool $intervalVisibility = false;
    private string $verificationUri;

    public function __construct(
        DeviceCodeRepositoryInterface $deviceCodeRepository,
        RefreshTokenRepositoryInterface $refreshTokenRepository,
        private DateInterval $deviceCodeTTL,
        string $verificationUri,
        private readonly int $defaultInterval = 5
    ) {
        $this->setDeviceCodeRepository($deviceCodeRepository);
        $this->setRefreshTokenRepository($refreshTokenRepository);

        $this->refreshTokenTTL = new DateInterval('P1M');

        $this->setVerificationUri($verificationUri);
    }

    /**
     * {@inheritdoc}
     */
    public function canRespondToDeviceAuthorizationRequest(ServerRequestInterface $request): bool
    {
        return true;
    }

    /**
     * {@inheritdoc}
     */
    public function respondToDeviceAuthorizationRequest(ServerRequestInterface $request): DeviceCodeResponse
    {
        $clientId = $this->getRequestParameter(
            'client_id',
            $request,
            $this->getServerParameter('PHP_AUTH_USER', $request)
        );

        if ($clientId === null) {
            throw OAuthServerException::invalidRequest('client_id');
        }

        $client = $this->getClientEntityOrFail($clientId, $request);

        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));

        $deviceCodeEntity = $this->issueDeviceCode(
            $this->deviceCodeTTL,
            $client,
            $this->verificationUri,
            $scopes
        );

        $response = new DeviceCodeResponse();

        if ($this->includeVerificationUriComplete === true) {
            $response->includeVerificationUriComplete();
        }

        if ($this->intervalVisibility === true) {
            $response->includeInterval();
        }

        $response->setDeviceCodeEntity($deviceCodeEntity);

        return $response;
    }

    /**
     * {@inheritdoc}
     */
    public function completeDeviceAuthorizationRequest(string $deviceCode, string $userId, bool $userApproved): void
    {
        $deviceCode = $this->deviceCodeRepository->getDeviceCodeEntityByDeviceCode($deviceCode);

        if ($deviceCode instanceof DeviceCodeEntityInterface === false) {
            throw OAuthServerException::invalidRequest('device_code', 'Device code does not exist');
        }

        if ($userId === '') {
            throw OAuthServerException::invalidRequest('user_id', 'User ID is required');
        }

        $deviceCode->setUserIdentifier($userId);
        $deviceCode->setUserApproved($userApproved);

        $this->deviceCodeRepository->persistDeviceCode($deviceCode);
    }

    /**
     * {@inheritdoc}
     */
    public function respondToAccessTokenRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
        DateInterval $accessTokenTTL
    ): ResponseTypeInterface {
        // Validate request
        $client = $this->validateClient($request);
        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
        $deviceCodeEntity = $this->validateDeviceCode($request, $client);

        // If device code has no user associated, respond with pending or slow down
        if (is_null($deviceCodeEntity->getUserIdentifier())) {
            $shouldSlowDown = false;

            if ($this->deviceCodePolledTooSoon($deviceCodeEntity) === true) {
                $deviceCodeEntity->setInterval($deviceCodeEntity->getInterval() + 5);

                $shouldSlowDown = true;
            }

            $deviceCodeEntity->setLastPolledAt(new DateTimeImmutable());
            $this->deviceCodeRepository->persistDeviceCode($deviceCodeEntity);

            if ($shouldSlowDown) {
                throw OAuthServerException::slowDown(
                    interval: $this->intervalVisibility ? $deviceCodeEntity->getInterval() : null
                );
            }

            throw OAuthServerException::authorizationPending();
        }

        if ($deviceCodeEntity->getUserApproved() === false) {
            throw OAuthServerException::accessDenied();
        }

        // Finalize the requested scopes
        $finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $deviceCodeEntity->getUserIdentifier());

        // Issue and persist new access token
        $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $deviceCodeEntity->getUserIdentifier(), $finalizedScopes);
        $this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
        $responseType->setAccessToken($accessToken);

        // Issue and persist new refresh token if given
        $refreshToken = $this->issueRefreshToken($accessToken);

        if ($refreshToken !== null) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request));
            $responseType->setRefreshToken($refreshToken);
        }

        $this->deviceCodeRepository->revokeDeviceCode($deviceCodeEntity->getIdentifier());

        return $responseType;
    }

    /**
     * @throws OAuthServerException
     */
    protected function validateDeviceCode(ServerRequestInterface $request, ClientEntityInterface $client): DeviceCodeEntityInterface
    {
        $deviceCode = $this->getRequestParameter('device_code', $request);

        if (is_null($deviceCode)) {
            throw OAuthServerException::invalidRequest('device_code');
        }

        $deviceCodeEntity = $this->deviceCodeRepository->getDeviceCodeEntityByDeviceCode(
            $deviceCode
        );

        if ($deviceCodeEntity instanceof DeviceCodeEntityInterface === false) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request));

            throw OAuthServerException::invalidGrant();
        }

        if (time() > $deviceCodeEntity->getExpiryDateTime()->getTimestamp()) {
            throw OAuthServerException::expiredToken('device_code');
        }

        if ($this->deviceCodeRepository->isDeviceCodeRevoked($deviceCode) === true) {
            throw OAuthServerException::invalidRequest('device_code', 'Device code has been revoked');
        }

        if ($deviceCodeEntity->getClient()->getIdentifier() !== $client->getIdentifier()) {
            throw OAuthServerException::invalidRequest('device_code', 'Device code was not issued to this client');
        }

        return $deviceCodeEntity;
    }

    private function deviceCodePolledTooSoon(DeviceCodeEntityInterface $deviceCodeEntity): bool
    {
        $lastPoll = $deviceCodeEntity->getLastPolledAt();

        return $lastPoll !== null && $lastPoll->getTimestamp() + $deviceCodeEntity->getInterval() > time();
    }

    /**
     * Set the verification uri
     */
    public function setVerificationUri(string $verificationUri): void
    {
        $this->verificationUri = $verificationUri;
    }

    /**
     * {@inheritdoc}
     */
    public function getIdentifier(): string
    {
        return 'urn:ietf:params:oauth:grant-type:device_code';
    }

    private function setDeviceCodeRepository(DeviceCodeRepositoryInterface $deviceCodeRepository): void
    {
        $this->deviceCodeRepository = $deviceCodeRepository;
    }

    /**
     * Issue a device code.
     *
     * @param ScopeEntityInterface[] $scopes
     *
     * @throws OAuthServerException
     * @throws UniqueTokenIdentifierConstraintViolationException
     */
    protected function issueDeviceCode(
        DateInterval $deviceCodeTTL,
        ClientEntityInterface $client,
        string $verificationUri,
        array $scopes = [],
    ): DeviceCodeEntityInterface {
        $maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;

        $deviceCode = $this->deviceCodeRepository->getNewDeviceCode();
        $deviceCode->setExpiryDateTime((new DateTimeImmutable())->add($deviceCodeTTL));
        $deviceCode->setClient($client);
        $deviceCode->setVerificationUri($verificationUri);
        $deviceCode->setInterval($this->defaultInterval);

        foreach ($scopes as $scope) {
            $deviceCode->addScope($scope);
        }

        while ($maxGenerationAttempts-- > 0) {
            $deviceCode->setIdentifier($this->generateUniqueIdentifier());
            $deviceCode->setUserCode($this->generateUserCode());

            try {
                $this->deviceCodeRepository->persistDeviceCode($deviceCode);

                return $deviceCode;
            } catch (UniqueTokenIdentifierConstraintViolationException $e) {
                if ($maxGenerationAttempts === 0) {
                    throw $e;
                }
            }
        }

        // This should never be hit. It is here to work around a PHPStan false error
        return $deviceCode;
    }

    /**
     * Generate a new user code.
     *
     * @throws OAuthServerException
     */
    protected function generateUserCode(int $length = 8): string
    {
        try {
            $userCode = '';
            $userCodeCharacters = 'BCDFGHJKLMNPQRSTVWXZ';

            while (strlen($userCode) < $length) {
                $userCode .= $userCodeCharacters[random_int(0, 19)];
            }

            return $userCode;
            // @codeCoverageIgnoreStart
        } catch (TypeError | Error $e) {
            throw OAuthServerException::serverError('An unexpected error has occurred', $e);
        } catch (Exception $e) {
            // If you get this message, the CSPRNG failed hard.
            throw OAuthServerException::serverError('Could not generate a random string', $e);
        }
        // @codeCoverageIgnoreEnd
    }

    public function setIntervalVisibility(bool $intervalVisibility): void
    {
        $this->intervalVisibility = $intervalVisibility;
    }

    public function getIntervalVisibility(): bool
    {
        return $this->intervalVisibility;
    }

    public function setIncludeVerificationUriComplete(bool $includeVerificationUriComplete): void
    {
        $this->includeVerificationUriComplete = $includeVerificationUriComplete;
    }
}


1		<?php
2
3		/**
4		* OAuth 2.0 Device Code grant.
5		*
6		* @author Andrew Millington <[email protected]>
7		* @copyright Copyright (c) Alex Bilbie
8		* @license http://mit-license.org/
9		*
10		* @link https://github.com/thephpleague/oauth2-server
11		*/
12
13		declare(strict_types=1);
14
15		namespace League\OAuth2\Server\Grant;
16
17		use DateInterval;
18		use DateTimeImmutable;
19		use Error;
20		use Exception;
21		use League\OAuth2\Server\Entities\ClientEntityInterface;
22		use League\OAuth2\Server\Entities\DeviceCodeEntityInterface;
23		use League\OAuth2\Server\Entities\ScopeEntityInterface;
24		use League\OAuth2\Server\Exception\OAuthServerException;
25		use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
26		use League\OAuth2\Server\Repositories\DeviceCodeRepositoryInterface;
27		use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
28		use League\OAuth2\Server\RequestEvent;
29		use League\OAuth2\Server\ResponseTypes\DeviceCodeResponse;
30		use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
31		use Psr\Http\Message\ServerRequestInterface;
32		use TypeError;
33
34		use function is_null;
35		use function random_int;
36		use function strlen;
37		use function time;
38
39		/**
40		* Device Code grant class.
41		*/
42		class DeviceCodeGrant extends AbstractGrant
43		{
44		protected DeviceCodeRepositoryInterface $deviceCodeRepository;
45		private bool $includeVerificationUriComplete = false;
46		private bool $intervalVisibility = false;
47		private string $verificationUri;
48
49	17	public function __construct(
50		DeviceCodeRepositoryInterface $deviceCodeRepository,
51		RefreshTokenRepositoryInterface $refreshTokenRepository,
52		private DateInterval $deviceCodeTTL,
53		string $verificationUri,
54		private readonly int $defaultInterval = 5
55		) {
56	17	$this->setDeviceCodeRepository($deviceCodeRepository);
57	17	$this->setRefreshTokenRepository($refreshTokenRepository);
58
59	17	$this->refreshTokenTTL = new DateInterval('P1M');
60
61	17	$this->setVerificationUri($verificationUri);
62		}
63
64		/**
65		* {@inheritdoc}
66		*/
67	2	public function canRespondToDeviceAuthorizationRequest(ServerRequestInterface $request): bool
68		{
69	2	return true;
70		}
71
72		/**
73		* {@inheritdoc}
74		*/
75	7	public function respondToDeviceAuthorizationRequest(ServerRequestInterface $request): DeviceCodeResponse
76		{
77	7	$clientId = $this->getRequestParameter(
78	7	'client_id',
79	7	$request,
80	7	$this->getServerParameter('PHP_AUTH_USER', $request)
81	7	);
82
83	7	if ($clientId === null) {
84	2	throw OAuthServerException::invalidRequest('client_id');
85		}
86
87	5	$client = $this->getClientEntityOrFail($clientId, $request);
88
89	4	$scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
90
91	4	$deviceCodeEntity = $this->issueDeviceCode(
92	4	$this->deviceCodeTTL,
93	4	$client,
94	4	$this->verificationUri,
95	4	$scopes
96	4	);
97
98	4	$response = new DeviceCodeResponse();
99
100	4	if ($this->includeVerificationUriComplete === true) {
101	1	$response->includeVerificationUriComplete();
102		}
103
104	4	if ($this->intervalVisibility === true) {
105		$response->includeInterval();
106	4	}
107
108		$response->setDeviceCodeEntity($deviceCodeEntity);
109
110		return $response;
111		}
112	3
113		/**
114	3	* {@inheritdoc}
115		*/
116	3	public function completeDeviceAuthorizationRequest(string $deviceCode, string $userId, bool $userApproved): void
117		{
118		$deviceCode = $this->deviceCodeRepository->getDeviceCodeEntityByDeviceCode($deviceCode);
119
120	3	if ($deviceCode instanceof DeviceCodeEntityInterface === false) {
121		throw OAuthServerException::invalidRequest('device_code', 'Device code does not exist');
122		}
123
124	3	if ($userId === '') {
125	3	throw OAuthServerException::invalidRequest('user_id', 'User ID is required');
126		}
127	3
128		$deviceCode->setUserIdentifier($userId);
129		$deviceCode->setUserApproved($userApproved);
130
131		$this->deviceCodeRepository->persistDeviceCode($deviceCode);
132		}
133	7
134		/**
135		* {@inheritdoc}
136		*/
137		public function respondToAccessTokenRequest(
138		ServerRequestInterface $request,
139	7	ResponseTypeInterface $responseType,
140	6	DateInterval $accessTokenTTL
141	6	): ResponseTypeInterface {
142		// Validate request
143	3	$client = $this->validateClient($request);
144	3	$scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
145		$deviceCodeEntity = $this->validateDeviceCode($request, $client);
146
147	3	// If device code has no user associated, respond with pending or slow down
148	1	if (is_null($deviceCodeEntity->getUserIdentifier())) {
149		$shouldSlowDown = false;
150
151	2	if ($this->deviceCodePolledTooSoon($deviceCodeEntity) === true) {
152	1	$deviceCodeEntity->setInterval($deviceCodeEntity->getInterval() + 5);
153
154		$shouldSlowDown = true;
155		}
156	1
157		$deviceCodeEntity->setLastPolledAt(new DateTimeImmutable());
158		$this->deviceCodeRepository->persistDeviceCode($deviceCodeEntity);
159	1
160	1	if ($shouldSlowDown) {
161	1	throw OAuthServerException::slowDown(
162		interval: $this->intervalVisibility ? $deviceCodeEntity->getInterval() : null
163		);
164	1	}
165
166	1	throw OAuthServerException::authorizationPending();
167	1	}
168	1
169		if ($deviceCodeEntity->getUserApproved() === false) {
170		throw OAuthServerException::accessDenied();
171	1	}
172
173	1	// Finalize the requested scopes
174		$finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $deviceCodeEntity->getUserIdentifier());
175
176		// Issue and persist new access token
177		$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $deviceCodeEntity->getUserIdentifier(), $finalizedScopes);
178		$this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
179	6	$responseType->setAccessToken($accessToken);
180
181	6	// Issue and persist new refresh token if given
182		$refreshToken = $this->issueRefreshToken($accessToken);
183	6
184	1	if ($refreshToken !== null) {
185		$this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request));
186		$responseType->setRefreshToken($refreshToken);
187	5	}
188	5
189	5	$this->deviceCodeRepository->revokeDeviceCode($deviceCodeEntity->getIdentifier());
190
191	5	return $responseType;
192		}
193
194		/**
195		* @throws OAuthServerException
196		*/
197	5	protected function validateDeviceCode(ServerRequestInterface $request, ClientEntityInterface $client): DeviceCodeEntityInterface
198	1	{
199		$deviceCode = $this->getRequestParameter('device_code', $request);
200
201	4	if (is_null($deviceCode)) {
202		throw OAuthServerException::invalidRequest('device_code');
203		}
204
205	4	$deviceCodeEntity = $this->deviceCodeRepository->getDeviceCodeEntityByDeviceCode(
206		$deviceCode
207		);
208
209	4	if ($deviceCodeEntity instanceof DeviceCodeEntityInterface === false) {
210	1	$this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request));
211
212		throw OAuthServerException::invalidGrant();
213	3	}
214
215		if (time() > $deviceCodeEntity->getExpiryDateTime()->getTimestamp()) {
216	4	throw OAuthServerException::expiredToken('device_code');
217		}
218	4
219		if ($this->deviceCodeRepository->isDeviceCodeRevoked($deviceCode) === true) {
220		throw OAuthServerException::invalidRequest('device_code', 'Device code has been revoked');
221		}
222
223		if ($deviceCodeEntity->getClient()->getIdentifier() !== $client->getIdentifier()) {
224	17	throw OAuthServerException::invalidRequest('device_code', 'Device code was not issued to this client');
225		}
226	17
227		return $deviceCodeEntity;
228		}
229
230		private function deviceCodePolledTooSoon(DeviceCodeEntityInterface $deviceCodeEntity): bool
231		{
232	8	$lastPoll = $deviceCodeEntity->getLastPolledAt();
233
234	8	return $lastPoll !== null && $lastPoll->getTimestamp() + $deviceCodeEntity->getInterval() > time();
235		}
236
237	17	/**
238		* Set the verification uri
239	17	*/
240		public function setVerificationUri(string $verificationUri): void
241		{
242		$this->verificationUri = $verificationUri;
243		}
244
245		/**
246		* {@inheritdoc}
247		*/
248		public function getIdentifier(): string
249		{
250	4	return 'urn:ietf:params:oauth:grant-type:device_code';
251		}
252
253		private function setDeviceCodeRepository(DeviceCodeRepositoryInterface $deviceCodeRepository): void
254		{
255		$this->deviceCodeRepository = $deviceCodeRepository;
256	4	}
257
258	4	/**
259	4	* Issue a device code.
260	4	*
261	4	* @param ScopeEntityInterface[] $scopes
262		*
263	4	* @throws OAuthServerException
264	1	* @throws UniqueTokenIdentifierConstraintViolationException
265		*/
266		protected function issueDeviceCode(
267	4	DateInterval $deviceCodeTTL,
268	4	ClientEntityInterface $client,
269		string $verificationUri,
270		array $scopes = [],
271	4	): DeviceCodeEntityInterface {
272	4	$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
273	4
274		$deviceCode = $this->deviceCodeRepository->getNewDeviceCode();
275		$deviceCode->setExpiryDateTime((new DateTimeImmutable())->add($deviceCodeTTL));
276	4	$deviceCode->setClient($client);
277		$deviceCode->setVerificationUri($verificationUri);
278	4	$deviceCode->setInterval($this->defaultInterval);
279
280		foreach ($scopes as $scope) {
281		$deviceCode->addScope($scope);
282		}
283
284		while ($maxGenerationAttempts-- > 0) {
285		$deviceCode->setIdentifier($this->generateUniqueIdentifier());
286		$deviceCode->setUserCode($this->generateUserCode());
287
288		try {
289		$this->deviceCodeRepository->persistDeviceCode($deviceCode);
290
291		return $deviceCode;
292		} catch (UniqueTokenIdentifierConstraintViolationException $e) {
293		if ($maxGenerationAttempts === 0) {
294		throw $e;
295	4	}
296		}
297		}
298	4
299	4	// This should never be hit. It is here to work around a PHPStan false error
300		return $deviceCode;
301	4	}
302	4
303		/**
304		* Generate a new user code.
305	4	*
306		* @throws OAuthServerException
307		*/
308		protected function generateUserCode(int $length = 8): string
309		{
310		try {
311		$userCode = '';
312		$userCodeCharacters = 'BCDFGHJKLMNPQRSTVWXZ';
313
314		while (strlen($userCode) < $length) {
315		$userCode .= $userCodeCharacters[random_int(0, 19)];
316	1	}
317
318	1	return $userCode;
319		// @codeCoverageIgnoreStart
320		} catch (TypeError \| Error $e) {
321	4	throw OAuthServerException::serverError('An unexpected error has occurred', $e);
322		} catch (Exception $e) {
323	4	// If you get this message, the CSPRNG failed hard.
324		throw OAuthServerException::serverError('Could not generate a random string', $e);
325		}
326	1	// @codeCoverageIgnoreEnd
327		}
328	1
329		public function setIntervalVisibility(bool $intervalVisibility): void
330		{
331		$this->intervalVisibility = $intervalVisibility;
332		}
333
334		public function getIntervalVisibility(): bool
335		{
336		return $this->intervalVisibility;
337		}
338
339		public function setIncludeVerificationUriComplete(bool $includeVerificationUriComplete): void
340		{
341		$this->includeVerificationUriComplete = $includeVerificationUriComplete;
342		}
343		}
344

thephpleague / oauth2-server

Pull Request — master (#1410)

DeviceCodeGrant::validateDeviceCode() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like