BearerTokenValidator::setPrivateKey() - Code Metrics - Inspection of "Add introspection implementation" - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#925)

unknown

created 2018-11-11 12:43 UTC

BearerTokenValidator::setPrivateKey() A

↳ Parent: BearerTokenValidator

Complexity

Conditions	1
Paths	1

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	3
CRAP Score	1

Importance

Changes

Metric	Value
dl	0
loc	4
ccs	3
cts	3
cp	1
rs	10
c	0
b	0
f	0
cc	1
nc	1
nop	1
crap	1

<?php

namespace League\OAuth2\Server\IntrospectionValidators;

use InvalidArgumentException;
use Lcobucci\JWT\Parser;
use Lcobucci\JWT\Signer\Keychain;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\Token;
use Lcobucci\JWT\ValidationData;
use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use Psr\Http\Message\ServerRequestInterface;

class BearerTokenValidator implements IntrospectionValidatorInterface
{
    /**
     * @var AccessTokenRepositoryInterface
     */
    private $accessTokenRepository;

    /**
     * @var \League\OAuth2\Server\CryptKey
     */
    protected $privateKey;

    /**
     * @param AccessTokenRepositoryInterface $accessTokenRepository
     */
    public function __construct(AccessTokenRepositoryInterface $accessTokenRepository)
    {
        $this->accessTokenRepository = $accessTokenRepository;
    }

    /**
     * Set the public key
     *
     * @param \League\OAuth2\Server\CryptKey $key
     */
    public function setPrivateKey(CryptKey $key)
    {
        $this->privateKey = $key;
    }

    /**
     * Validates the given token from the request
     *
     * @param ServerRequestInterface $request
     *
     * @return bool
     */
    public function validateIntrospection(ServerRequestInterface $request)
    {
        try {
            $token = $this->getTokenFromRequest($request);
        } catch (InvalidArgumentException $e) {
            return false;
        }

        if (
            $this->isTokenRevoked($token) ||
            $this->isTokenExpired($token) ||
            $this->isTokenUnverified($token)
        ) {
            return false;
        }

        return true;
    }

    /**
     * Gets the token from the request body.
     *
     * @param ServerRequestInterface $request
     *
     * @return Token
     */
    public function getTokenFromRequest(ServerRequestInterface $request)
    {
        $jwt = $request->getParsedBody()['token'] ?? null;

        return (new Parser())
            ->parse($jwt);
    }

    /**
     * Validate the JWT token.
     *
     * @param Token $token
     *
     * @return bool
     */
    private function isTokenUnverified(Token $token)
    {
        $keychain = new Keychain();

        $key = $keychain->getPrivateKey(
            $this->privateKey->getKeyPath(),
            $this->privateKey->getPassPhrase()
        );

        return $token->verify(new Sha256(), $key->getContent()) === false;
    }

    /**
     * Ensure access token hasn't expired
     *
     * @param Token $token
     *
     * @return bool
     */
    private function isTokenExpired(Token $token)
    {
        $data = new ValidationData(time());

        return !$token->validate($data);
    }

    /**
     * Check if the given token is revoked.
     *
     * @param Token $token
     *
     * @return bool
     */
    private function isTokenRevoked(Token $token)
    {
        return $this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'));
    }
}


1		<?php
2
3		namespace League\OAuth2\Server\IntrospectionValidators;
4
5		use InvalidArgumentException;
6		use Lcobucci\JWT\Parser;
7		use Lcobucci\JWT\Signer\Keychain;
8		use Lcobucci\JWT\Signer\Rsa\Sha256;
9		use Lcobucci\JWT\Token;
10		use Lcobucci\JWT\ValidationData;
11		use League\OAuth2\Server\CryptKey;
12		use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
13		use Psr\Http\Message\ServerRequestInterface;
14
15		class BearerTokenValidator implements IntrospectionValidatorInterface
16		{
17		/**
18		* @var AccessTokenRepositoryInterface
19		*/
20		private $accessTokenRepository;
21
22		/**
23		* @var \League\OAuth2\Server\CryptKey
24		*/
25		protected $privateKey;
26
27		/**
28		* @param AccessTokenRepositoryInterface $accessTokenRepository
29		*/
30	4	public function __construct(AccessTokenRepositoryInterface $accessTokenRepository)
31		{
32	4	$this->accessTokenRepository = $accessTokenRepository;
33	4	}
34
35		/**
36		* Set the public key
37		*
38		* @param \League\OAuth2\Server\CryptKey $key
39		*/
40	2	public function setPrivateKey(CryptKey $key)
41		{
42	2	$this->privateKey = $key;
43	2	}
44
45		/**
46		* Validates the given token from the request
47		*
48		* @param ServerRequestInterface $request
49		*
50		* @return bool
51		*/
52	5	public function validateIntrospection(ServerRequestInterface $request)
53		{
54		try {
55	5	$token = $this->getTokenFromRequest($request);
56	1	} catch (InvalidArgumentException $e) {
57	1	return false;
58		}
59
60		if (
61	4	$this->isTokenRevoked($token) \|\|
62	3	$this->isTokenExpired($token) \|\|
63	4	$this->isTokenUnverified($token)
64		) {
65	3	return false;
66		}
67
68	1	return true;
69		}
70
71		/**
72		* Gets the token from the request body.
73		*
74		* @param ServerRequestInterface $request
75		*
76		* @return Token
77		*/
78		public function getTokenFromRequest(ServerRequestInterface $request)
79		{
80		$jwt = $request->getParsedBody()['token'] ?? null;
81
82		return (new Parser())
83		->parse($jwt);
84		}
85
86		/**
87		* Validate the JWT token.
88		*
89		* @param Token $token
90		*
91		* @return bool
92		*/
93	2	private function isTokenUnverified(Token $token)
94		{
95	2	$keychain = new Keychain();
96
97	2	$key = $keychain->getPrivateKey(
98	2	$this->privateKey->getKeyPath(),
99	2	$this->privateKey->getPassPhrase()
100		);
101
102	2	return $token->verify(new Sha256(), $key->getContent()) === false;
103		}
104
105		/**
106		* Ensure access token hasn't expired
107		*
108		* @param Token $token
109		*
110		* @return bool
111		*/
112	3	private function isTokenExpired(Token $token)
113		{
114	3	$data = new ValidationData(time());
115
116	3	return !$token->validate($data);
117		}
118
119		/**
120		* Check if the given token is revoked.
121		*
122		* @param Token $token
123		*
124		* @return bool
125		*/
126	4	private function isTokenRevoked(Token $token)
127		{
128	4	return $this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'));
129		}
130		}
131

thephpleague / oauth2-server

Pull Request — master (#925)

BearerTokenValidator::setPrivateKey() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like