ImplicitGrant::canRespondToAccessTokenRequest() - Code Metrics - Inspection of "Introduce AuthorizationRequestInterface" - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#1110)

by Patrick

created 2020-04-16 19:20 UTC

ImplicitGrant::canRespondToAccessTokenRequest() A

↳ Parent: ImplicitGrant

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	2
CRAP Score	1

Importance

Changes

Metric	Value
cc	1
eloc	1
c	0
b	0
f	0
nc	1
nop	1
dl	0
loc	3
ccs	2
cts	2
cp	1
crap	1
rs	10

<?php
/**
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server\Grant;

use DateInterval;
use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use League\OAuth2\Server\RequestTypes\AuthorizationRequestInterface;
use League\OAuth2\Server\ResponseTypes\RedirectResponse;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use LogicException;
use Psr\Http\Message\ServerRequestInterface;

class ImplicitGrant extends AbstractAuthorizeGrant
{
    /**
     * @var DateInterval
     */
    private $accessTokenTTL;

    /**
     * @var string
     */
    private $queryDelimiter;

    /**
     * @param DateInterval $accessTokenTTL
     * @param string       $queryDelimiter
     */
    public function __construct(DateInterval $accessTokenTTL, $queryDelimiter = '#')
    {
        $this->accessTokenTTL = $accessTokenTTL;
        $this->queryDelimiter = $queryDelimiter;
    }

    /**
     * @param DateInterval $refreshTokenTTL
     *
     * @throw LogicException
     */
    public function setRefreshTokenTTL(DateInterval $refreshTokenTTL)
    {
        throw new LogicException('The Implicit Grant does not return refresh tokens');
    }

    /**
     * @param RefreshTokenRepositoryInterface $refreshTokenRepository
     *
     * @throw LogicException
     */
    public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
    {
        throw new LogicException('The Implicit Grant does not return refresh tokens');
    }

    /**
     * {@inheritdoc}
     */
    public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
    {
        return false;
    }

    /**
     * Return the grant identifier that can be used in matching up requests.
     *
     * @return string
     */
    public function getIdentifier()
    {
        return 'implicit';
    }

    /**
     * Respond to an incoming request.
     *
     * @param ServerRequestInterface $request
     * @param ResponseTypeInterface  $responseType
     * @param DateInterval           $accessTokenTTL
     *
     * @return ResponseTypeInterface
     */
    public function respondToAccessTokenRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
        DateInterval $accessTokenTTL
    ) {
        throw new LogicException('This grant does not used this method');
    }

    /**
     * {@inheritdoc}
     */
    public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
    {
        return (
            isset($request->getQueryParams()['response_type'])
            && $request->getQueryParams()['response_type'] === 'token'
            && isset($request->getQueryParams()['client_id'])
        );
    }

    /**
     * {@inheritdoc}
     */
    public function validateAuthorizationRequest(ServerRequestInterface $request)
    {
        $clientId = $this->getQueryStringParameter(
            'client_id',
            $request,
            $this->getServerParameter('PHP_AUTH_USER', $request)
        );

        if (\is_null($clientId)) {
            throw OAuthServerException::invalidRequest('client_id');
        }

        $client = $this->getClientEntityOrFail($clientId, $request);

        $redirectUri = $this->getQueryStringParameter('redirect_uri', $request);

        if ($redirectUri !== null) {
            $this->validateRedirectUri($redirectUri, $client, $request);
        } elseif (\is_array($client->getRedirectUri()) && \count($client->getRedirectUri()) !== 1

            || empty($client->getRedirectUri())) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
            throw OAuthServerException::invalidClient($request);
        } else {
            $redirectUri = \is_array($client->getRedirectUri())
                ? $client->getRedirectUri()[0]
                : $client->getRedirectUri();
        }

        $scopes = $this->validateScopes(
            $this->getQueryStringParameter('scope', $request, $this->defaultScope),
            $redirectUri
        );

        $stateParameter = $this->getQueryStringParameter('state', $request);

        $authorizationRequest = new AuthorizationRequest();
        $authorizationRequest->setGrantTypeId($this->getIdentifier());
        $authorizationRequest->setClient($client);
        $authorizationRequest->setRedirectUri($redirectUri);

        if ($stateParameter !== null) {
            $authorizationRequest->setState($stateParameter);
        }

        $authorizationRequest->setScopes($scopes);

        return $authorizationRequest;
    }

    /**
     * {@inheritdoc}
     */
    public function completeAuthorizationRequest(AuthorizationRequestInterface $authorizationRequest)
    {
        if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
            throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
        }

        $finalRedirectUri = ($authorizationRequest->getRedirectUri() === null)
            ? \is_array($authorizationRequest->getClient()->getRedirectUri())
                ? $authorizationRequest->getClient()->getRedirectUri()[0]
                : $authorizationRequest->getClient()->getRedirectUri()
            : $authorizationRequest->getRedirectUri();

        // The user approved the client, redirect them back with an access token
        if ($authorizationRequest->isAuthorizationApproved() === true) {
            // Finalize the requested scopes
            $finalizedScopes = $this->scopeRepository->finalizeScopes(
                $authorizationRequest->getScopes(),
                $this->getIdentifier(),
                $authorizationRequest->getClient(),
                $authorizationRequest->getUser()->getIdentifier()
            );

            $accessToken = $this->issueAccessToken(
                $this->accessTokenTTL,
                $authorizationRequest->getClient(),
                $authorizationRequest->getUser()->getIdentifier(),
                $finalizedScopes
            );

            $response = new RedirectResponse();
            $response->setRedirectUri(
                $this->makeRedirectUri(
                    $finalRedirectUri,
                    [
                        'access_token' => (string) $accessToken,
                        'token_type'   => 'Bearer',
                        'expires_in'   => $accessToken->getExpiryDateTime()->getTimestamp() - \time(),
                        'state'        => $authorizationRequest->getState(),
                    ],
                    $this->queryDelimiter
                )
            );

            return $response;
        }

        // The user denied the client, redirect them back with an error
        throw OAuthServerException::accessDenied(
            'The user denied the request',
            $this->makeRedirectUri(
                $finalRedirectUri,
                [
                    'state' => $authorizationRequest->getState(),
                ]
            )
        );
    }
}


1		<?php
2		/**
3		* @author Alex Bilbie <[email protected]>
4		* @copyright Copyright (c) Alex Bilbie
5		* @license http://mit-license.org/
6		*
7		* @link https://github.com/thephpleague/oauth2-server
8		*/
9
10		namespace League\OAuth2\Server\Grant;
11
12		use DateInterval;
13		use League\OAuth2\Server\Entities\UserEntityInterface;
14		use League\OAuth2\Server\Exception\OAuthServerException;
15		use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
16		use League\OAuth2\Server\RequestEvent;
17		use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
18		use League\OAuth2\Server\RequestTypes\AuthorizationRequestInterface;
19		use League\OAuth2\Server\ResponseTypes\RedirectResponse;
20		use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
21		use LogicException;
22		use Psr\Http\Message\ServerRequestInterface;
23
24		class ImplicitGrant extends AbstractAuthorizeGrant
25		{
26		/**
27		* @var DateInterval
28		*/
29		private $accessTokenTTL;
30
31		/**
32		* @var string
33		*/
34		private $queryDelimiter;
35
36		/**
37		* @param DateInterval $accessTokenTTL
38		* @param string $queryDelimiter
39		*/
40	18	public function __construct(DateInterval $accessTokenTTL, $queryDelimiter = '#')
41		{
42	18	$this->accessTokenTTL = $accessTokenTTL;
43	18	$this->queryDelimiter = $queryDelimiter;
44	18	}
45
46		/**
47		* @param DateInterval $refreshTokenTTL
48		*
49		* @throw LogicException
50		*/
51	1	public function setRefreshTokenTTL(DateInterval $refreshTokenTTL)
52		{
53	1	throw new LogicException('The Implicit Grant does not return refresh tokens');
54		}
55
56		/**
57		* @param RefreshTokenRepositoryInterface $refreshTokenRepository
58		*
59		* @throw LogicException
60		*/
61	1	public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
62		{
63	1	throw new LogicException('The Implicit Grant does not return refresh tokens');
64		}
65
66		/**
67		* {@inheritdoc}
68		*/
69	1	public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
70		{
71	1	return false;
72		}
73
74		/**
75		* Return the grant identifier that can be used in matching up requests.
76		*
77		* @return string
78		*/
79	7	public function getIdentifier()
80		{
81	7	return 'implicit';
82		}
83
84		/**
85		* Respond to an incoming request.
86		*
87		* @param ServerRequestInterface $request
88		* @param ResponseTypeInterface $responseType
89		* @param DateInterval $accessTokenTTL
90		*
91		* @return ResponseTypeInterface
92		*/
93	1	public function respondToAccessTokenRequest(
94		ServerRequestInterface $request,
95		ResponseTypeInterface $responseType,
96		DateInterval $accessTokenTTL
97		) {
98	1	throw new LogicException('This grant does not used this method');
99		}
100
101		/**
102		* {@inheritdoc}
103		*/
104	1	public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
105		{
106		return (
107	1	isset($request->getQueryParams()['response_type'])
108	1	&& $request->getQueryParams()['response_type'] === 'token'
109	1	&& isset($request->getQueryParams()['client_id'])
110		);
111		}
112
113		/**
114		* {@inheritdoc}
115		*/
116	6	public function validateAuthorizationRequest(ServerRequestInterface $request)
117		{
118	6	$clientId = $this->getQueryStringParameter(
119	6	'client_id',
120	6	$request,
121	6	$this->getServerParameter('PHP_AUTH_USER', $request)
122		);
123
124	6	if (\is_null($clientId)) {
125	1	throw OAuthServerException::invalidRequest('client_id');
126		}
127
128	5	$client = $this->getClientEntityOrFail($clientId, $request);
129
130	4	$redirectUri = $this->getQueryStringParameter('redirect_uri', $request);
131
132	4	if ($redirectUri !== null) {
133	4	$this->validateRedirectUri($redirectUri, $client, $request);
134		} elseif (\is_array($client->getRedirectUri()) && \count($client->getRedirectUri()) !== 1
		0 ignored issues – show introduced 2019-11-29 22:44 UTC by Report Bug Copy Issue Report Consider adding parentheses for clarity. Current Interpretation: `(is_array($client->getRe...ient->getRedirectUri())`, Probably Intended Meaning: `is_array($client->getRed...ent->getRedirectUri()))` Loading history...
135		\|\| empty($client->getRedirectUri())) {
136		$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
137		throw OAuthServerException::invalidClient($request);
138		} else {
139		$redirectUri = \is_array($client->getRedirectUri())
140		? $client->getRedirectUri()[0]
141		: $client->getRedirectUri();
142		}
143
144	2	$scopes = $this->validateScopes(
145	2	$this->getQueryStringParameter('scope', $request, $this->defaultScope),
146	2	$redirectUri
147		);
148
149	2	$stateParameter = $this->getQueryStringParameter('state', $request);
150
151	2	$authorizationRequest = new AuthorizationRequest();
152	2	$authorizationRequest->setGrantTypeId($this->getIdentifier());
153	2	$authorizationRequest->setClient($client);
154	2	$authorizationRequest->setRedirectUri($redirectUri);
155
156	2	if ($stateParameter !== null) {
157		$authorizationRequest->setState($stateParameter);
158		}
159
160	2	$authorizationRequest->setScopes($scopes);
161
162	2	return $authorizationRequest;
163		}
164
165		/**
166		* {@inheritdoc}
167		*/
168	6	public function completeAuthorizationRequest(AuthorizationRequestInterface $authorizationRequest)
169		{
170	6	if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
171	1	throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
172		}
173
174	5	$finalRedirectUri = ($authorizationRequest->getRedirectUri() === null)
175	5	? \is_array($authorizationRequest->getClient()->getRedirectUri())
176		? $authorizationRequest->getClient()->getRedirectUri()[0]
177	5	: $authorizationRequest->getClient()->getRedirectUri()
178	5	: $authorizationRequest->getRedirectUri();
179
180		// The user approved the client, redirect them back with an access token
181	5	if ($authorizationRequest->isAuthorizationApproved() === true) {
182		// Finalize the requested scopes
183	4	$finalizedScopes = $this->scopeRepository->finalizeScopes(
184	4	$authorizationRequest->getScopes(),
185	4	$this->getIdentifier(),
186	4	$authorizationRequest->getClient(),
187	4	$authorizationRequest->getUser()->getIdentifier()
188		);
189
190	4	$accessToken = $this->issueAccessToken(
191	4	$this->accessTokenTTL,
192	4	$authorizationRequest->getClient(),
193	4	$authorizationRequest->getUser()->getIdentifier(),
194	4	$finalizedScopes
195		);
196
197	2	$response = new RedirectResponse();
198	2	$response->setRedirectUri(
199	2	$this->makeRedirectUri(
200	2	$finalRedirectUri,
201		[
202	2	'access_token' => (string) $accessToken,
203	2	'token_type' => 'Bearer',
204	2	'expires_in' => $accessToken->getExpiryDateTime()->getTimestamp() - \time(),
205	2	'state' => $authorizationRequest->getState(),
206		],
207	2	$this->queryDelimiter
208		)
209		);
210
211	2	return $response;
212		}
213
214		// The user denied the client, redirect them back with an error
215	1	throw OAuthServerException::accessDenied(
216	1	'The user denied the request',
217	1	$this->makeRedirectUri(
218	1	$finalRedirectUri,
219		[
220	1	'state' => $authorizationRequest->getState(),
221		]
222		)
223		);
224		}
225		}
226

thephpleague / oauth2-server

Pull Request — master (#1110)

ImplicitGrant::canRespondToAccessTokenRequest() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like