RefreshTokenGrant::respondToAccessTokenRequest() - Code Metrics - Inspection of "Private claims implementation" - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#1122)

by Sebastian

created 2020-06-04 14:48 UTC

RefreshTokenGrant::respondToAccessTokenRequest() A

↳ Parent: RefreshTokenGrant

Complexity

Conditions	5
Paths	9

Size

Total Lines	56
Code Lines	31

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	27
CRAP Score	5.0952

Importance

Changes	3
Bugs	0	Features	0

Metric	Value
cc	5
eloc	31
nc	9
nop	3
dl	0
loc	56
ccs	27
cts	32
cp	0.8438
crap	5.0952
rs	9.1128
c	3
b	0
f	0

How to fix Long Method

<?php
/**
 * OAuth 2.0 Refresh token grant.
 *
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server\Grant;

use DateInterval;
use Exception;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ServerRequestInterface;

/**
 * Refresh token grant.
 */
class RefreshTokenGrant extends AbstractGrant
{
    /**
     * @param RefreshTokenRepositoryInterface $refreshTokenRepository
     */
    public function __construct(RefreshTokenRepositoryInterface $refreshTokenRepository)
    {
        $this->setRefreshTokenRepository($refreshTokenRepository);

        $this->refreshTokenTTL = new DateInterval('P1M');
    }

    /**
     * {@inheritdoc}
     */
    public function respondToAccessTokenRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
        DateInterval $accessTokenTTL
    ) {
        // Validate request
        $client = $this->validateClient($request);
        $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
        $scopes = $this->validateScopes($this->getRequestParameter(
            'scope',
            $request,
            \implode(self::SCOPE_DELIMITER_STRING, $oldRefreshToken['scopes']))
        );

        // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
        // the request doesn't include any new scopes
        foreach ($scopes as $scope) {
            if (\in_array($scope->getIdentifier(), $oldRefreshToken['scopes'], true) === false) {
                throw OAuthServerException::invalidScope($scope->getIdentifier());
            }
        }

        // Expire old tokens
        $this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
        $this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);

        $privateClaims = [];
        if ($this->claimRepository) {
            $privateClaims = $this->claimRepository->getClaims(
                $privateClaims,
                $this->getIdentifier(),
                $client,
                $oldRefreshToken['user_id']
            );
        }

        // Issue and persist new access token
        $accessToken = $this->issueAccessToken(
            $accessTokenTTL,
            $client,
            $oldRefreshToken['user_id'],
            $scopes,
            $privateClaims
        );
        $this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
        $responseType->setAccessToken($accessToken);

        // Issue and persist new refresh token if given
        $refreshToken = $this->issueRefreshToken($accessToken);

        if ($refreshToken !== null) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request));
            $responseType->setRefreshToken($refreshToken);
        }

        return $responseType;
    }

    /**
     * @param ServerRequestInterface $request
     * @param string                 $clientId
     *
     * @throws OAuthServerException
     *
     * @return array
     */
    protected function validateOldRefreshToken(ServerRequestInterface $request, $clientId)
    {
        $encryptedRefreshToken = $this->getRequestParameter('refresh_token', $request);
        if (\is_null($encryptedRefreshToken)) {
            throw OAuthServerException::invalidRequest('refresh_token');
        }

        // Validate refresh token
        try {
            $refreshToken = $this->decrypt($encryptedRefreshToken);
        } catch (Exception $e) {
            throw OAuthServerException::invalidRefreshToken('Cannot decrypt the refresh token', $e);
        }

        $refreshTokenData = \json_decode($refreshToken, true);
        if ($refreshTokenData['client_id'] !== $clientId) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_CLIENT_FAILED, $request));
            throw OAuthServerException::invalidRefreshToken('Token is not linked to client');
        }

        if ($refreshTokenData['expire_time'] < \time()) {
            throw OAuthServerException::invalidRefreshToken('Token has expired');
        }

        if ($this->refreshTokenRepository->isRefreshTokenRevoked($refreshTokenData['refresh_token_id']) === true) {
            throw OAuthServerException::invalidRefreshToken('Token has been revoked');
        }

        return $refreshTokenData;
    }

    /**
     * {@inheritdoc}
     */
    public function getIdentifier()
    {
        return 'refresh_token';
    }
}


1		<?php
2		/**
3		* OAuth 2.0 Refresh token grant.
4		*
5		* @author Alex Bilbie <[email protected]>
6		* @copyright Copyright (c) Alex Bilbie
7		* @license http://mit-license.org/
8		*
9		* @link https://github.com/thephpleague/oauth2-server
10		*/
11
12		namespace League\OAuth2\Server\Grant;
13
14		use DateInterval;
15		use Exception;
16		use League\OAuth2\Server\Exception\OAuthServerException;
17		use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
18		use League\OAuth2\Server\RequestEvent;
19		use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
20		use Psr\Http\Message\ServerRequestInterface;
21
22		/**
23		* Refresh token grant.
24		*/
25		class RefreshTokenGrant extends AbstractGrant
26		{
27		/**
28		* @param RefreshTokenRepositoryInterface $refreshTokenRepository
29		*/
30	10	public function __construct(RefreshTokenRepositoryInterface $refreshTokenRepository)
31		{
32	10	$this->setRefreshTokenRepository($refreshTokenRepository);
33
34	10	$this->refreshTokenTTL = new DateInterval('P1M');
35	10	}
36
37		/**
38		* {@inheritdoc}
39		*/
40	9	public function respondToAccessTokenRequest(
41		ServerRequestInterface $request,
42		ResponseTypeInterface $responseType,
43		DateInterval $accessTokenTTL
44		) {
45		// Validate request
46	9	$client = $this->validateClient($request);
47	9	$oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
48	4	$scopes = $this->validateScopes($this->getRequestParameter(
49	4	'scope',
50	4	$request,
51	4	\implode(self::SCOPE_DELIMITER_STRING, $oldRefreshToken['scopes']))
52		);
53
54		// The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
55		// the request doesn't include any new scopes
56	4	foreach ($scopes as $scope) {
57	4	if (\in_array($scope->getIdentifier(), $oldRefreshToken['scopes'], true) === false) {
58	1	throw OAuthServerException::invalidScope($scope->getIdentifier());
59		}
60		}
61
62		// Expire old tokens
63	3	$this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
64	3	$this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);
65
66	3	$privateClaims = [];
67	3	if ($this->claimRepository) {
68		$privateClaims = $this->claimRepository->getClaims(
69		$privateClaims,
70		$this->getIdentifier(),
71		$client,
72		$oldRefreshToken['user_id']
73		);
74		}
75
76		// Issue and persist new access token
77	3	$accessToken = $this->issueAccessToken(
78	3	$accessTokenTTL,
79	3	$client,
80	3	$oldRefreshToken['user_id'],
81	3	$scopes,
82	3	$privateClaims
83		);
84	3	$this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
85	3	$responseType->setAccessToken($accessToken);
86
87		// Issue and persist new refresh token if given
88	3	$refreshToken = $this->issueRefreshToken($accessToken);
89
90	3	if ($refreshToken !== null) {
91	2	$this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request));
92	2	$responseType->setRefreshToken($refreshToken);
93		}
94
95	3	return $responseType;
96		}
97
98		/**
99		* @param ServerRequestInterface $request
100		* @param string $clientId
101		*
102		* @throws OAuthServerException
103		*
104		* @return array
105		*/
106	9	protected function validateOldRefreshToken(ServerRequestInterface $request, $clientId)
107		{
108	9	$encryptedRefreshToken = $this->getRequestParameter('refresh_token', $request);
109	9	if (\is_null($encryptedRefreshToken)) {
110	1	throw OAuthServerException::invalidRequest('refresh_token');
111		}
112
113		// Validate refresh token
114		try {
115	8	$refreshToken = $this->decrypt($encryptedRefreshToken);
116	1	} catch (Exception $e) {
117	1	throw OAuthServerException::invalidRefreshToken('Cannot decrypt the refresh token', $e);
118		}
119
120	7	$refreshTokenData = \json_decode($refreshToken, true);
121	7	if ($refreshTokenData['client_id'] !== $clientId) {
122	1	$this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_CLIENT_FAILED, $request));
123	1	throw OAuthServerException::invalidRefreshToken('Token is not linked to client');
124		}
125
126	6	if ($refreshTokenData['expire_time'] < \time()) {
127	1	throw OAuthServerException::invalidRefreshToken('Token has expired');
128		}
129
130	5	if ($this->refreshTokenRepository->isRefreshTokenRevoked($refreshTokenData['refresh_token_id']) === true) {
131	1	throw OAuthServerException::invalidRefreshToken('Token has been revoked');
132		}
133
134	4	return $refreshTokenData;
135		}
136
137		/**
138		* {@inheritdoc}
139		*/
140	10	public function getIdentifier()
141		{
142	10	return 'refresh_token';
143		}
144		}
145

thephpleague / oauth2-server

Pull Request — master (#1122)

RefreshTokenGrant::respondToAccessTokenRequest() A

Complexity

Size

Duplication

Code Coverage

Importance

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like