ClientCredentialsGrant - Code Metrics - Inspection of "Prevent public clients from using the client_crede..." - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#1035)

by Matt

created 2019-07-22 22:24 UTC

ClientCredentialsGrant A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	47
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	7

Test Coverage

Coverage

86.67%

Importance

Changes

Metric	Value
wmc	3
lcom	1
cbo	7
dl	0
loc	47
rs	10
c	0
b	0
f	0
ccs	13
cts	15
cp	0.8667

2 Methods

Rating	Name	Duplication	Size	Complexity
A	respondToAccessTokenRequest()	0	33	2
A	getIdentifier()	0	4	1

<?php
/**
 * OAuth 2.0 Client credentials grant.
 *
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server\Grant;

use DateInterval;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ServerRequestInterface;

/**
 * Client credentials grant class.
 */
class ClientCredentialsGrant extends AbstractGrant
{
    /**
     * {@inheritdoc}
     */
    public function respondToAccessTokenRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
        DateInterval $accessTokenTTL
    ) {
        list($clientId) = $this->getClientCredentials($request);

        $client = $this->getClientEntityOrFail($clientId, $request);

        if (!$client->isConfidential()) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
            throw OAuthServerException::invalidClient($request);
        }

        // Validate request
        $this->validateClient($request);

        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));

        // Finalize the requested scopes
        $finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client);

        // Issue and persist access token
        $accessToken = $this->issueAccessToken($accessTokenTTL, $client, null, $finalizedScopes);

        // Send event to emitter
        $this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));

        // Inject access token into response type
        $responseType->setAccessToken($accessToken);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}

        return $responseType;
    }

    /**
     * {@inheritdoc}
     */
    public function getIdentifier()
    {
        return 'client_credentials';
    }
}


1		<?php
2		/**
3		* OAuth 2.0 Client credentials grant.
4		*
5		* @author Alex Bilbie <[email protected]>
6		* @copyright Copyright (c) Alex Bilbie
7		* @license http://mit-license.org/
8		*
9		* @link https://github.com/thephpleague/oauth2-server
10		*/
11
12		namespace League\OAuth2\Server\Grant;
13
14		use DateInterval;
15		use League\OAuth2\Server\Exception\OAuthServerException;
16		use League\OAuth2\Server\RequestEvent;
17		use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
18		use Psr\Http\Message\ServerRequestInterface;
19
20		/**
21		* Client credentials grant class.
22		*/
23		class ClientCredentialsGrant extends AbstractGrant
24		{
25		/**
26		* {@inheritdoc}
27		*/
28	4	public function respondToAccessTokenRequest(
29		ServerRequestInterface $request,
30		ResponseTypeInterface $responseType,
31		DateInterval $accessTokenTTL
32		) {
33	4	list($clientId) = $this->getClientCredentials($request);
34
35	4	$client = $this->getClientEntityOrFail($clientId, $request);
36
37	3	if (!$client->isConfidential()) {
38		$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
39		throw OAuthServerException::invalidClient($request);
40		}
41
42		// Validate request
43	3	$this->validateClient($request);
44
45	3	$scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
46
47		// Finalize the requested scopes
48	3	$finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client);
49
50		// Issue and persist access token
51	3	$accessToken = $this->issueAccessToken($accessTokenTTL, $client, null, $finalizedScopes);
52
53		// Send event to emitter
54	3	$this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
55
56		// Inject access token into response type
57	3	$responseType->setAccessToken($accessToken);
		0 ignored issues – show Bug introduced 2017-11-14 00:51 UTC by Report Bug Copy Issue Report It seems like `$accessToken` defined by `$this->issueAccessToken(...null, $finalizedScopes)` on line `51` can be `null`; however, `League\OAuth2\Server\Res...rface::setAccessToken()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
58
59	3	return $responseType;
60		}
61
62		/**
63		* {@inheritdoc}
64		*/
65	6	public function getIdentifier()
66		{
67	6	return 'client_credentials';
68		}
69		}
70

thephpleague / oauth2-server

Pull Request — master (#1035)

ClientCredentialsGrant A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

2 Methods

Duplication Side-by-Side

Filter issues like