ClientRepository::validateClient() - Code Metrics - Inspection of "Prevent public clients from using the client_crede..." - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#1035)

by Matt

created 2019-07-22 22:24 UTC

ClientRepository::validateClient() A

↳ Parent: ClientRepository

Complexity

Conditions	4
Paths	3

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	23
rs	9.552
c	0
b	0
f	0
cc	4
nc	3
nop	3

<?php
/**
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace OAuth2ServerExamples\Repositories;

use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use OAuth2ServerExamples\Entities\ClientEntity;

class ClientRepository implements ClientRepositoryInterface
{
    const CLIENT_NAME = 'My Awesome App';
    const REDIRECT_URI = 'http://foo/bar';

    /**
     * {@inheritdoc}
     */
    public function getClientEntity($clientIdentifier)
    {
        $client = new ClientEntity();

        $client->setIdentifier($clientIdentifier);
        $client->setName(self::CLIENT_NAME);
        $client->setRedirectUri(self::REDIRECT_URI);

        return $client;
    }

    /**
     * {@inheritdoc}
     */
    public function validateClient($clientIdentifier, $clientSecret, $grantType)
    {
        $clients = [
            'myawesomeapp' => [
                'secret'          => password_hash('abc123', PASSWORD_BCRYPT),
                'name'            => self::CLIENT_NAME,
                'redirect_uri'    => self::REDIRECT_URI,
                'is_confidential' => true,
            ],
        ];

        // Check if client is registered
        if (array_key_exists($clientIdentifier, $clients) === false) {
            return;
        }

        if (
            $clients[$clientIdentifier]['is_confidential'] === true
            && password_verify($clientSecret, $clients[$clientIdentifier]['secret']) === false
        ) {
            return;
        }
    }
}


1			<?php
2			/**
3			* @author Alex Bilbie <[email protected]>
4			* @copyright Copyright (c) Alex Bilbie
5			* @license http://mit-license.org/
6			*
7			* @link https://github.com/thephpleague/oauth2-server
8			*/
9
10			namespace OAuth2ServerExamples\Repositories;
11
12			use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
13			use OAuth2ServerExamples\Entities\ClientEntity;
14
15			class ClientRepository implements ClientRepositoryInterface
16			{
17			const CLIENT_NAME = 'My Awesome App';
18			const REDIRECT_URI = 'http://foo/bar';
19
20			/**
21			* {@inheritdoc}
22			*/
23			public function getClientEntity($clientIdentifier)
24			{
25			$client = new ClientEntity();
26
27			$client->setIdentifier($clientIdentifier);
28			$client->setName(self::CLIENT_NAME);
29			$client->setRedirectUri(self::REDIRECT_URI);
30
31			return $client;
32			}
33
34			/**
35			* {@inheritdoc}
36			*/
37			public function validateClient($clientIdentifier, $clientSecret, $grantType)
38			{
39			$clients = [
40			'myawesomeapp' => [
41			'secret' => password_hash('abc123', PASSWORD_BCRYPT),
42			'name' => self::CLIENT_NAME,
43			'redirect_uri' => self::REDIRECT_URI,
44			'is_confidential' => true,
45			],
46			];
47
48			// Check if client is registered
49			if (array_key_exists($clientIdentifier, $clients) === false) {
50			return;
51			}
52
53			if (
54			$clients[$clientIdentifier]['is_confidential'] === true
55			&& password_verify($clientSecret, $clients[$clientIdentifier]['secret']) === false
56			) {
57			return;
58			}
59			}
60			}
61

thephpleague / oauth2-server

Pull Request — master (#1035)

ClientRepository::validateClient() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like