AuthorizationServer::respondToRevokeTokenRequest() - Code Metrics - Inspection of "Add token revocation support (RFC 7009)" - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#1135)

unknown

created 2020-09-30 16:57 UTC

AuthorizationServer::respondToRevokeTokenRequest() A

↳ Parent: AuthorizationServer

Complexity

Conditions	3
Paths	3

Size

Total Lines	12
Code Lines	6

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	7
CRAP Score	3

Importance

Changes

Metric	Value
cc	3
eloc	6
c	0
b	0
f	0
nc	3
nop	2
dl	0
loc	12
ccs	7
cts	7
cp	1
crap	3
rs	10

<?php
/**
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server;

use DateInterval;
use Defuse\Crypto\Key;
use League\Event\EmitterAwareInterface;
use League\Event\EmitterAwareTrait;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\GrantTypeInterface;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use League\OAuth2\Server\ResponseTypes\AbstractResponseType;
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

class AuthorizationServer implements EmitterAwareInterface
{
    use EmitterAwareTrait;

    /**
     * @var GrantTypeInterface[]
     */
    protected $enabledGrantTypes = [];

    /**
     * @var RevokeTokenHandler
     */
    protected $revokeTokenHandler = null;

    /**
     * @var DateInterval[]
     */
    protected $grantTypeAccessTokenTTL = [];

    /**
     * @var CryptKey
     */
    protected $privateKey;

    /**
     * @var CryptKey
     */
    protected $publicKey;

    /**
     * @var ResponseTypeInterface
     */
    protected $responseType;

    /**
     * @var ClientRepositoryInterface
     */
    private $clientRepository;

    /**
     * @var AccessTokenRepositoryInterface
     */
    private $accessTokenRepository;

    /**
     * @var ScopeRepositoryInterface
     */
    private $scopeRepository;

    /**
     * @var string|Key
     */
    private $encryptionKey;

    /**
     * @var string
     */
    private $defaultScope = '';

    /**
     * New server instance.
     *
     * @param ClientRepositoryInterface      $clientRepository
     * @param AccessTokenRepositoryInterface $accessTokenRepository
     * @param ScopeRepositoryInterface       $scopeRepository
     * @param CryptKey|string                $privateKey
     * @param string|Key                     $encryptionKey
     * @param null|ResponseTypeInterface     $responseType
     */
    public function __construct(
        ClientRepositoryInterface $clientRepository,
        AccessTokenRepositoryInterface $accessTokenRepository,
        ScopeRepositoryInterface $scopeRepository,
        $privateKey,
        $encryptionKey,
        ResponseTypeInterface $responseType = null
    ) {
        $this->clientRepository = $clientRepository;
        $this->accessTokenRepository = $accessTokenRepository;
        $this->scopeRepository = $scopeRepository;

        if ($privateKey instanceof CryptKey === false) {
            $privateKey = new CryptKey($privateKey);
        }

        $this->privateKey = $privateKey;
        $this->encryptionKey = $encryptionKey;

        if ($responseType === null) {
            $responseType = new BearerTokenResponse();
        } else {
            $responseType = clone $responseType;
        }

        $this->responseType = $responseType;
    }

    /**
     * Enable a grant type on the server.
     *
     * @param GrantTypeInterface $grantType
     * @param null|DateInterval  $accessTokenTTL
     */
    public function enableGrantType(GrantTypeInterface $grantType, DateInterval $accessTokenTTL = null)
    {
        if ($accessTokenTTL === null) {
            $accessTokenTTL = new DateInterval('PT1H');
        }

        $grantType->setAccessTokenRepository($this->accessTokenRepository);
        $grantType->setClientRepository($this->clientRepository);
        $grantType->setScopeRepository($this->scopeRepository);
        $grantType->setDefaultScope($this->defaultScope);
        $grantType->setPrivateKey($this->privateKey);
        $grantType->setEmitter($this->getEmitter());
        $grantType->setEncryptionKey($this->encryptionKey);

        $this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType;
        $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL;
    }

    /**
     * Validate an authorization request
     *
     * @param ServerRequestInterface $request
     *
     * @throws OAuthServerException
     *
     * @return AuthorizationRequest
     */
    public function validateAuthorizationRequest(ServerRequestInterface $request)
    {
        foreach ($this->enabledGrantTypes as $grantType) {
            if ($grantType->canRespondToAuthorizationRequest($request)) {
                return $grantType->validateAuthorizationRequest($request);
            }
        }

        throw OAuthServerException::unsupportedGrantType();
    }

    /**
     * Complete an authorization request
     *
     * @param AuthorizationRequest $authRequest
     * @param ResponseInterface    $response
     *
     * @return ResponseInterface
     */
    public function completeAuthorizationRequest(AuthorizationRequest $authRequest, ResponseInterface $response)
    {
        return $this->enabledGrantTypes[$authRequest->getGrantTypeId()]
            ->completeAuthorizationRequest($authRequest)
            ->generateHttpResponse($response);
    }

    /**
     * Return an access token response.
     *
     * @param ServerRequestInterface $request
     * @param ResponseInterface      $response
     *
     * @throws OAuthServerException
     *
     * @return ResponseInterface
     */
    public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
    {
        foreach ($this->enabledGrantTypes as $grantType) {
            if (!$grantType->canRespondToAccessTokenRequest($request)) {
                continue;
            }
            $tokenResponse = $grantType->respondToAccessTokenRequest(
                $request,
                $this->getResponseType(),
                $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
            );

            if ($tokenResponse instanceof ResponseTypeInterface) {
                return $tokenResponse->generateHttpResponse($response);
            }
        }

        throw OAuthServerException::unsupportedGrantType();
    }

    /**
     * Enable the revoke token handler on the server.
     *
     * @param RevokeTokenHandler $handler
     */
    public function enableRevokeTokenHandler(RevokeTokenHandler $handler)
    {
        $handler->setAccessTokenRepository($this->accessTokenRepository);
        $handler->setClientRepository($this->clientRepository);
        $handler->setEncryptionKey($this->encryptionKey);
        $handler->setEmitter($this->getEmitter());

        $this->revokeTokenHandler = $handler;
    }

    /**
     * Return an revoke token response.
     *
     * @param ServerRequestInterface $request
     * @param ResponseInterface      $response
     *
     * @throws OAuthServerException
     *
     * @return ResponseInterface
     */
    public function respondToRevokeTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
    {
        if ($this->revokeTokenHandler !== null) {
            $revokeResponse = $this->revokeTokenHandler->respondToRevokeTokenRequest($request, $this->getResponseType());

            if ($revokeResponse instanceof ResponseTypeInterface) {

                return $revokeResponse->generateHttpResponse($response);
            }
        }

        $errorMessage = 'Token revocation not supported.';
        throw new OAuthServerException($errorMessage, 3, 'invalid_request', 400);
    }

    /**
     * Get the token type that grants will return in the HTTP response.
     *
     * @return ResponseTypeInterface
     */
    protected function getResponseType()
    {
        $responseType = clone $this->responseType;

        if ($responseType instanceof AbstractResponseType) {
            $responseType->setPrivateKey($this->privateKey);
        }

        $responseType->setEncryptionKey($this->encryptionKey);

        return $responseType;
    }

    /**
     * Set the default scope for the authorization server.
     *
     * @param string $defaultScope
     */
    public function setDefaultScope($defaultScope)
    {
        $this->defaultScope = $defaultScope;
    }
}


1		<?php
2		/**
3		* @author Alex Bilbie <[email protected]>
4		* @copyright Copyright (c) Alex Bilbie
5		* @license http://mit-license.org/
6		*
7		* @link https://github.com/thephpleague/oauth2-server
8		*/
9
10		namespace League\OAuth2\Server;
11
12		use DateInterval;
13		use Defuse\Crypto\Key;
14		use League\Event\EmitterAwareInterface;
15		use League\Event\EmitterAwareTrait;
16		use League\OAuth2\Server\Exception\OAuthServerException;
17		use League\OAuth2\Server\Grant\GrantTypeInterface;
18		use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
19		use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
20		use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
21		use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
22		use League\OAuth2\Server\ResponseTypes\AbstractResponseType;
23		use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
24		use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
25		use Psr\Http\Message\ResponseInterface;
26		use Psr\Http\Message\ServerRequestInterface;
27
28		class AuthorizationServer implements EmitterAwareInterface
29		{
30		use EmitterAwareTrait;
31
32		/**
33		* @var GrantTypeInterface[]
34		*/
35		protected $enabledGrantTypes = [];
36
37		/**
38		* @var RevokeTokenHandler
39		*/
40		protected $revokeTokenHandler = null;
41
42		/**
43		* @var DateInterval[]
44		*/
45		protected $grantTypeAccessTokenTTL = [];
46
47		/**
48		* @var CryptKey
49		*/
50		protected $privateKey;
51
52		/**
53		* @var CryptKey
54		*/
55		protected $publicKey;
56
57		/**
58		* @var ResponseTypeInterface
59		*/
60		protected $responseType;
61
62		/**
63		* @var ClientRepositoryInterface
64		*/
65		private $clientRepository;
66
67		/**
68		* @var AccessTokenRepositoryInterface
69		*/
70		private $accessTokenRepository;
71
72		/**
73		* @var ScopeRepositoryInterface
74		*/
75		private $scopeRepository;
76
77		/**
78		* @var string\|Key
79		*/
80		private $encryptionKey;
81
82		/**
83		* @var string
84		*/
85		private $defaultScope = '';
86
87		/**
88		* New server instance.
89		*
90		* @param ClientRepositoryInterface $clientRepository
91		* @param AccessTokenRepositoryInterface $accessTokenRepository
92		* @param ScopeRepositoryInterface $scopeRepository
93		* @param CryptKey\|string $privateKey
94		* @param string\|Key $encryptionKey
95		* @param null\|ResponseTypeInterface $responseType
96		*/
97	13	public function __construct(
98		ClientRepositoryInterface $clientRepository,
99		AccessTokenRepositoryInterface $accessTokenRepository,
100		ScopeRepositoryInterface $scopeRepository,
101		$privateKey,
102		$encryptionKey,
103		ResponseTypeInterface $responseType = null
104		) {
105	13	$this->clientRepository = $clientRepository;
106	13	$this->accessTokenRepository = $accessTokenRepository;
107	13	$this->scopeRepository = $scopeRepository;
108
109	13	if ($privateKey instanceof CryptKey === false) {
110	13	$privateKey = new CryptKey($privateKey);
111		}
112
113	13	$this->privateKey = $privateKey;
114	13	$this->encryptionKey = $encryptionKey;
115
116	13	if ($responseType === null) {
117	6	$responseType = new BearerTokenResponse();
118		} else {
119	7	$responseType = clone $responseType;
120		}
121
122	13	$this->responseType = $responseType;
123	13	}
124
125		/**
126		* Enable a grant type on the server.
127		*
128		* @param GrantTypeInterface $grantType
129		* @param null\|DateInterval $accessTokenTTL
130		*/
131	7	public function enableGrantType(GrantTypeInterface $grantType, DateInterval $accessTokenTTL = null)
132		{
133	7	if ($accessTokenTTL === null) {
134	4	$accessTokenTTL = new DateInterval('PT1H');
135		}
136
137	7	$grantType->setAccessTokenRepository($this->accessTokenRepository);
138	7	$grantType->setClientRepository($this->clientRepository);
139	7	$grantType->setScopeRepository($this->scopeRepository);
140	7	$grantType->setDefaultScope($this->defaultScope);
141	7	$grantType->setPrivateKey($this->privateKey);
142	7	$grantType->setEmitter($this->getEmitter());
143	7	$grantType->setEncryptionKey($this->encryptionKey);
144
145	7	$this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType;
146	7	$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL;
147	7	}
148
149		/**
150		* Validate an authorization request
151		*
152		* @param ServerRequestInterface $request
153		*
154		* @throws OAuthServerException
155		*
156		* @return AuthorizationRequest
157		*/
158	3	public function validateAuthorizationRequest(ServerRequestInterface $request)
159		{
160	3	foreach ($this->enabledGrantTypes as $grantType) {
161	2	if ($grantType->canRespondToAuthorizationRequest($request)) {
162	2	return $grantType->validateAuthorizationRequest($request);
163		}
164		}
165
166	1	throw OAuthServerException::unsupportedGrantType();
167		}
168
169		/**
170		* Complete an authorization request
171		*
172		* @param AuthorizationRequest $authRequest
173		* @param ResponseInterface $response
174		*
175		* @return ResponseInterface
176		*/
177	1	public function completeAuthorizationRequest(AuthorizationRequest $authRequest, ResponseInterface $response)
178		{
179	1	return $this->enabledGrantTypes[$authRequest->getGrantTypeId()]
180	1	->completeAuthorizationRequest($authRequest)
181	1	->generateHttpResponse($response);
182		}
183
184		/**
185		* Return an access token response.
186		*
187		* @param ServerRequestInterface $request
188		* @param ResponseInterface $response
189		*
190		* @throws OAuthServerException
191		*
192		* @return ResponseInterface
193		*/
194	4	public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
195		{
196	4	foreach ($this->enabledGrantTypes as $grantType) {
197	4	if (!$grantType->canRespondToAccessTokenRequest($request)) {
198	1	continue;
199		}
200	3	$tokenResponse = $grantType->respondToAccessTokenRequest(
201	3	$request,
202	3	$this->getResponseType(),
203	3	$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
204		);
205
206	2	if ($tokenResponse instanceof ResponseTypeInterface) {
207	2	return $tokenResponse->generateHttpResponse($response);
208		}
209		}
210
211	1	throw OAuthServerException::unsupportedGrantType();
212		}
213
214		/**
215		* Enable the revoke token handler on the server.
216		*
217		* @param RevokeTokenHandler $handler
218		*/
219	1	public function enableRevokeTokenHandler(RevokeTokenHandler $handler)
220		{
221	1	$handler->setAccessTokenRepository($this->accessTokenRepository);
222	1	$handler->setClientRepository($this->clientRepository);
223	1	$handler->setEncryptionKey($this->encryptionKey);
224	1	$handler->setEmitter($this->getEmitter());
225
226	1	$this->revokeTokenHandler = $handler;
227	1	}
228
229		/**
230		* Return an revoke token response.
231		*
232		* @param ServerRequestInterface $request
233		* @param ResponseInterface $response
234		*
235		* @throws OAuthServerException
236		*
237		* @return ResponseInterface
238		*/
239	2	public function respondToRevokeTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
240		{
241	2	if ($this->revokeTokenHandler !== null) {
242	1	$revokeResponse = $this->revokeTokenHandler->respondToRevokeTokenRequest($request, $this->getResponseType());
243
244	1	if ($revokeResponse instanceof ResponseTypeInterface) {
		0 ignored issues – show introduced 2020-08-27 17:05 UTC by Report Bug Copy Issue Report `$revokeResponse` is always a sub-type of `League\OAuth2\Server\Res...s\ResponseTypeInterface`. Loading history...
245	1	return $revokeResponse->generateHttpResponse($response);
246		}
247		}
248
249	1	$errorMessage = 'Token revocation not supported.';
250	1	throw new OAuthServerException($errorMessage, 3, 'invalid_request', 400);
251		}
252
253		/**
254		* Get the token type that grants will return in the HTTP response.
255		*
256		* @return ResponseTypeInterface
257		*/
258	7	protected function getResponseType()
259		{
260	7	$responseType = clone $this->responseType;
261
262	7	if ($responseType instanceof AbstractResponseType) {
263	7	$responseType->setPrivateKey($this->privateKey);
264		}
265
266	7	$responseType->setEncryptionKey($this->encryptionKey);
267
268	7	return $responseType;
269		}
270
271		/**
272		* Set the default scope for the authorization server.
273		*
274		* @param string $defaultScope
275		*/
276	4	public function setDefaultScope($defaultScope)
277		{
278	4	$this->defaultScope = $defaultScope;
279	4	}
280		}
281

thephpleague / oauth2-server

Pull Request — master (#1135)

AuthorizationServer::respondToRevokeTokenRequest() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like