AuthorizationServer::validateAuthorizationRequest() - Code Metrics - Inspection of "Add token revocation support" - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#995)

unknown

created 2019-02-08 20:06 UTC

validateAuthorizationRequest() A

↳ Parent: AuthorizationServer

Complexity

Conditions	3
Paths	3

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	5
CRAP Score	3

Importance

Changes

Metric	Value
c	0
b	0
f	0
dl	0
loc	10
ccs	5
cts	5
cp	1
rs	9.9332
cc	3
nc	3
nop	1
crap	3

<?php
/**
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server;

use DateInterval;
use Defuse\Crypto\Key;
use League\Event\EmitterAwareInterface;
use League\Event\EmitterAwareTrait;
use League\OAuth2\Server\RevokeTokenHandler;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\GrantTypeInterface;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use League\OAuth2\Server\ResponseTypes\AbstractResponseType;
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

class AuthorizationServer implements EmitterAwareInterface
{
    use EmitterAwareTrait;

    /**
     * @var GrantTypeInterface[]
     */
    protected $enabledGrantTypes = [];

    /**
     * @var RevokeTokenHandler
     */
    protected $revokeTokenHandler = null;

    /**
     * @var DateInterval[]
     */
    protected $grantTypeAccessTokenTTL = [];

    /**
     * @var CryptKey
     */
    protected $privateKey;

    /**
     * @var CryptKey
     */
    protected $publicKey;

    /**
     * @var ResponseTypeInterface
     */
    protected $responseType;

    /**
     * @var ClientRepositoryInterface
     */
    private $clientRepository;

    /**
     * @var AccessTokenRepositoryInterface
     */
    private $accessTokenRepository;

    /**
     * @var ScopeRepositoryInterface
     */
    private $scopeRepository;

    /**
     * @var string|Key
     */
    private $encryptionKey;

    /**
     * @var string
     */
    private $defaultScope = '';

    /**
     * New server instance.
     *
     * @param ClientRepositoryInterface      $clientRepository
     * @param AccessTokenRepositoryInterface $accessTokenRepository
     * @param ScopeRepositoryInterface       $scopeRepository
     * @param CryptKey|string                $privateKey
     * @param string|Key                     $encryptionKey
     * @param null|ResponseTypeInterface     $responseType
     */
    public function __construct(
        ClientRepositoryInterface $clientRepository,
        AccessTokenRepositoryInterface $accessTokenRepository,
        ScopeRepositoryInterface $scopeRepository,
        $privateKey,
        $encryptionKey,
        ResponseTypeInterface $responseType = null
    ) {
        $this->clientRepository = $clientRepository;
        $this->accessTokenRepository = $accessTokenRepository;
        $this->scopeRepository = $scopeRepository;

        if ($privateKey instanceof CryptKey === false) {
            $privateKey = new CryptKey($privateKey);
        }

        $this->privateKey = $privateKey;
        $this->encryptionKey = $encryptionKey;

        if ($responseType === null) {
            $responseType = new BearerTokenResponse();
        } else {
            $responseType = clone $responseType;
        }

        $this->responseType = $responseType;
    }

    /**
     * Enable a grant type on the server.
     *
     * @param GrantTypeInterface $grantType
     * @param null|DateInterval  $accessTokenTTL
     */
    public function enableGrantType(GrantTypeInterface $grantType, DateInterval $accessTokenTTL = null)
    {
        if ($accessTokenTTL instanceof DateInterval === false) {
            $accessTokenTTL = new DateInterval('PT1H');
        }

        $grantType->setAccessTokenRepository($this->accessTokenRepository);
        $grantType->setClientRepository($this->clientRepository);
        $grantType->setScopeRepository($this->scopeRepository);
        $grantType->setDefaultScope($this->defaultScope);
        $grantType->setPrivateKey($this->privateKey);
        $grantType->setEmitter($this->getEmitter());
        $grantType->setEncryptionKey($this->encryptionKey);

        $this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType;
        $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL;
    }

    /**
     * Validate an authorization request
     *
     * @param ServerRequestInterface $request
     *
     * @throws OAuthServerException
     *
     * @return AuthorizationRequest
     */
    public function validateAuthorizationRequest(ServerRequestInterface $request)
    {
        foreach ($this->enabledGrantTypes as $grantType) {
            if ($grantType->canRespondToAuthorizationRequest($request)) {
                return $grantType->validateAuthorizationRequest($request);
            }
        }

        throw OAuthServerException::unsupportedGrantType();
    }

    /**
     * Complete an authorization request
     *
     * @param AuthorizationRequest $authRequest
     * @param ResponseInterface    $response
     *
     * @return ResponseInterface
     */
    public function completeAuthorizationRequest(AuthorizationRequest $authRequest, ResponseInterface $response)
    {
        return $this->enabledGrantTypes[$authRequest->getGrantTypeId()]
            ->completeAuthorizationRequest($authRequest)
            ->generateHttpResponse($response);
    }

    /**
     * Return an access token response.
     *
     * @param ServerRequestInterface $request
     * @param ResponseInterface      $response
     *
     * @throws OAuthServerException
     *
     * @return ResponseInterface
     */
    public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
    {
        foreach ($this->enabledGrantTypes as $grantType) {
            if (!$grantType->canRespondToAccessTokenRequest($request)) {
                continue;
            }
            $tokenResponse = $grantType->respondToAccessTokenRequest(
                $request,
                $this->getResponseType(),
                $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
            );

            if ($tokenResponse instanceof ResponseTypeInterface) {
                return $tokenResponse->generateHttpResponse($response);
            }
        }

        throw OAuthServerException::unsupportedGrantType();
    }

    /**
     * Enable the revoke token handler on the server.
     *
     * @param RevokeTokenHandler $handler
     */
    public function enableRevokeTokenHandler(RevokeTokenHandler $handler)
    {
        $handler->setAccessTokenRepository($this->accessTokenRepository);
        $handler->setClientRepository($this->clientRepository);
        $handler->setEncryptionKey($this->encryptionKey);
        $handler->setEmitter($this->getEmitter());

        $this->revokeTokenHandler = $handler;
    }

    /**
     * Return an revoke token response.
     *
     * @param ServerRequestInterface $request
     * @param ResponseInterface      $response
     *
     * @throws OAuthServerException
     *
     * @return ResponseInterface
     */
    public function respondToRevokeTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
    {
        if ($this->revokeTokenHandler !== null) {
            $revokeResponse = $this->revokeTokenHandler->respondToRevokeTokenRequest($request, $this->getResponseType());

            if ($revokeResponse instanceof ResponseTypeInterface) {
                return $revokeResponse->generateHttpResponse($response);
            }
        }

        $errorMessage = 'Token revocation not supported.';
        throw new OAuthServerException($errorMessage, 3, 'invalid_request', 400);
    }

    /**
     * Get the token type that grants will return in the HTTP response.
     *
     * @return ResponseTypeInterface
     */
    protected function getResponseType()
    {
        $responseType = clone $this->responseType;

        if ($responseType instanceof AbstractResponseType) {
            $responseType->setPrivateKey($this->privateKey);
        }

        $responseType->setEncryptionKey($this->encryptionKey);

        return $responseType;
    }

    /**
     * Set the default scope for the authorization server.
     *
     * @param string $defaultScope
     */
    public function setDefaultScope($defaultScope)
    {
        $this->defaultScope = $defaultScope;
    }
}


1		<?php
2		/**
3		* @author Alex Bilbie <[email protected]>
4		* @copyright Copyright (c) Alex Bilbie
5		* @license http://mit-license.org/
6		*
7		* @link https://github.com/thephpleague/oauth2-server
8		*/
9
10		namespace League\OAuth2\Server;
11
12		use DateInterval;
13		use Defuse\Crypto\Key;
14		use League\Event\EmitterAwareInterface;
15		use League\Event\EmitterAwareTrait;
16		use League\OAuth2\Server\RevokeTokenHandler;
17		use League\OAuth2\Server\Exception\OAuthServerException;
18		use League\OAuth2\Server\Grant\GrantTypeInterface;
19		use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
20		use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
21		use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
22		use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
23		use League\OAuth2\Server\ResponseTypes\AbstractResponseType;
24		use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
25		use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
26		use Psr\Http\Message\ResponseInterface;
27		use Psr\Http\Message\ServerRequestInterface;
28
29		class AuthorizationServer implements EmitterAwareInterface
30		{
31		use EmitterAwareTrait;
32
33		/**
34		* @var GrantTypeInterface[]
35		*/
36		protected $enabledGrantTypes = [];
37
38		/**
39		* @var RevokeTokenHandler
40		*/
41		protected $revokeTokenHandler = null;
42
43		/**
44		* @var DateInterval[]
45		*/
46		protected $grantTypeAccessTokenTTL = [];
47
48		/**
49		* @var CryptKey
50		*/
51		protected $privateKey;
52
53		/**
54		* @var CryptKey
55		*/
56		protected $publicKey;
57
58		/**
59		* @var ResponseTypeInterface
60		*/
61		protected $responseType;
62
63		/**
64		* @var ClientRepositoryInterface
65		*/
66		private $clientRepository;
67
68		/**
69		* @var AccessTokenRepositoryInterface
70		*/
71		private $accessTokenRepository;
72
73		/**
74		* @var ScopeRepositoryInterface
75		*/
76		private $scopeRepository;
77
78		/**
79		* @var string\|Key
80		*/
81		private $encryptionKey;
82
83		/**
84		* @var string
85		*/
86		private $defaultScope = '';
87
88		/**
89		* New server instance.
90		*
91		* @param ClientRepositoryInterface $clientRepository
92		* @param AccessTokenRepositoryInterface $accessTokenRepository
93		* @param ScopeRepositoryInterface $scopeRepository
94		* @param CryptKey\|string $privateKey
95		* @param string\|Key $encryptionKey
96		* @param null\|ResponseTypeInterface $responseType
97		*/
98	13	public function __construct(
99		ClientRepositoryInterface $clientRepository,
100		AccessTokenRepositoryInterface $accessTokenRepository,
101		ScopeRepositoryInterface $scopeRepository,
102		$privateKey,
103		$encryptionKey,
104		ResponseTypeInterface $responseType = null
105		) {
106	13	$this->clientRepository = $clientRepository;
107	13	$this->accessTokenRepository = $accessTokenRepository;
108	13	$this->scopeRepository = $scopeRepository;
109
110	13	if ($privateKey instanceof CryptKey === false) {
111	13	$privateKey = new CryptKey($privateKey);
112		}
113
114	13	$this->privateKey = $privateKey;
115	13	$this->encryptionKey = $encryptionKey;
116
117	13	if ($responseType === null) {
118	6	$responseType = new BearerTokenResponse();
119		} else {
120	7	$responseType = clone $responseType;
121		}
122
123	13	$this->responseType = $responseType;
124	13	}
125
126		/**
127		* Enable a grant type on the server.
128		*
129		* @param GrantTypeInterface $grantType
130		* @param null\|DateInterval $accessTokenTTL
131		*/
132	7	public function enableGrantType(GrantTypeInterface $grantType, DateInterval $accessTokenTTL = null)
133		{
134	7	if ($accessTokenTTL instanceof DateInterval === false) {
135	4	$accessTokenTTL = new DateInterval('PT1H');
136		}
137
138	7	$grantType->setAccessTokenRepository($this->accessTokenRepository);
139	7	$grantType->setClientRepository($this->clientRepository);
140	7	$grantType->setScopeRepository($this->scopeRepository);
141	7	$grantType->setDefaultScope($this->defaultScope);
142	7	$grantType->setPrivateKey($this->privateKey);
143	7	$grantType->setEmitter($this->getEmitter());
144	7	$grantType->setEncryptionKey($this->encryptionKey);
145
146	7	$this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType;
147	7	$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL;
148	7	}
149
150		/**
151		* Validate an authorization request
152		*
153		* @param ServerRequestInterface $request
154		*
155		* @throws OAuthServerException
156		*
157		* @return AuthorizationRequest
158		*/
159	3	public function validateAuthorizationRequest(ServerRequestInterface $request)
160		{
161	3	foreach ($this->enabledGrantTypes as $grantType) {
162	2	if ($grantType->canRespondToAuthorizationRequest($request)) {
163	2	return $grantType->validateAuthorizationRequest($request);
164		}
165		}
166
167	1	throw OAuthServerException::unsupportedGrantType();
168		}
169
170		/**
171		* Complete an authorization request
172		*
173		* @param AuthorizationRequest $authRequest
174		* @param ResponseInterface $response
175		*
176		* @return ResponseInterface
177		*/
178	1	public function completeAuthorizationRequest(AuthorizationRequest $authRequest, ResponseInterface $response)
179		{
180	1	return $this->enabledGrantTypes[$authRequest->getGrantTypeId()]
181	1	->completeAuthorizationRequest($authRequest)
182	1	->generateHttpResponse($response);
183		}
184
185		/**
186		* Return an access token response.
187		*
188		* @param ServerRequestInterface $request
189		* @param ResponseInterface $response
190		*
191		* @throws OAuthServerException
192		*
193		* @return ResponseInterface
194		*/
195	4	public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
196		{
197	4	foreach ($this->enabledGrantTypes as $grantType) {
198	4	if (!$grantType->canRespondToAccessTokenRequest($request)) {
199	1	continue;
200		}
201	3	$tokenResponse = $grantType->respondToAccessTokenRequest(
202	3	$request,
203	3	$this->getResponseType(),
204	3	$this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
205		);
206
207	2	if ($tokenResponse instanceof ResponseTypeInterface) {
208	2	return $tokenResponse->generateHttpResponse($response);
209		}
210		}
211
212	1	throw OAuthServerException::unsupportedGrantType();
213		}
214
215		/**
216		* Enable the revoke token handler on the server.
217		*
218		* @param RevokeTokenHandler $handler
219		*/
220	1	public function enableRevokeTokenHandler(RevokeTokenHandler $handler)
221		{
222	1	$handler->setAccessTokenRepository($this->accessTokenRepository);
223	1	$handler->setClientRepository($this->clientRepository);
224	1	$handler->setEncryptionKey($this->encryptionKey);
225	1	$handler->setEmitter($this->getEmitter());
226
227	1	$this->revokeTokenHandler = $handler;
228	1	}
229
230		/**
231		* Return an revoke token response.
232		*
233		* @param ServerRequestInterface $request
234		* @param ResponseInterface $response
235		*
236		* @throws OAuthServerException
237		*
238		* @return ResponseInterface
239		*/
240	2	public function respondToRevokeTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
241		{
242	2	if ($this->revokeTokenHandler !== null) {
243	1	$revokeResponse = $this->revokeTokenHandler->respondToRevokeTokenRequest($request, $this->getResponseType());
244
245	1	if ($revokeResponse instanceof ResponseTypeInterface) {
246	1	return $revokeResponse->generateHttpResponse($response);
247		}
248		}
249
250	1	$errorMessage = 'Token revocation not supported.';
251	1	throw new OAuthServerException($errorMessage, 3, 'invalid_request', 400);
252		}
253
254		/**
255		* Get the token type that grants will return in the HTTP response.
256		*
257		* @return ResponseTypeInterface
258		*/
259	7	protected function getResponseType()
260		{
261	7	$responseType = clone $this->responseType;
262
263	7	if ($responseType instanceof AbstractResponseType) {
264	7	$responseType->setPrivateKey($this->privateKey);
265		}
266
267	7	$responseType->setEncryptionKey($this->encryptionKey);
268
269	7	return $responseType;
270		}
271
272		/**
273		* Set the default scope for the authorization server.
274		*
275		* @param string $defaultScope
276		*/
277	4	public function setDefaultScope($defaultScope)
278		{
279	4	$this->defaultScope = $defaultScope;
280	4	}
281		}
282

thephpleague / oauth2-server

Pull Request — master (#995)

validateAuthorizationRequest() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like