Issues in PasswordGrant.php - All Issues - Inspection of "Merge pull request #1055 from Sephster/fix-client-..." - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 661e1f...1f20a4 )

by Andrew

created 2019-09-26 21:38 UTC

src/Grant/PasswordGrant.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * OAuth 2.0 Password grant.
 *
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server\Grant;

use DateInterval;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\UserRepositoryInterface;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ServerRequestInterface;

/**
 * Password grant class.
 */
class PasswordGrant extends AbstractGrant
{
    /**
     * @param UserRepositoryInterface         $userRepository
     * @param RefreshTokenRepositoryInterface $refreshTokenRepository
     */
    public function __construct(
        UserRepositoryInterface $userRepository,
        RefreshTokenRepositoryInterface $refreshTokenRepository
    ) {
        $this->setUserRepository($userRepository);
        $this->setRefreshTokenRepository($refreshTokenRepository);

        $this->refreshTokenTTL = new DateInterval('P1M');
    }

    /**
     * {@inheritdoc}
     */
    public function respondToAccessTokenRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
        DateInterval $accessTokenTTL
    ) {
        // Validate request
        $client = $this->validateClient($request);
        $scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
        $user = $this->validateUser($request, $client);

        // Finalize the requested scopes
        $finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $user->getIdentifier());

        // Issue and persist new access token
        $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $finalizedScopes);
        $this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
        $responseType->setAccessToken($accessToken);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}

        // Issue and persist new refresh token if given
        $refreshToken = $this->issueRefreshToken($accessToken);

        if ($refreshToken !== null) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request));
            $responseType->setRefreshToken($refreshToken);
        }

        return $responseType;
    }

    /**
     * @param ServerRequestInterface $request
     * @param ClientEntityInterface  $client
     *
     * @throws OAuthServerException
     *
     * @return UserEntityInterface
     */
    protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client)
    {
        $username = $this->getRequestParameter('username', $request);

        if (is_null($username)) {
            throw OAuthServerException::invalidRequest('username');
        }

        $password = $this->getRequestParameter('password', $request);

        if (is_null($password)) {
            throw OAuthServerException::invalidRequest('password');
        }

        $user = $this->userRepository->getUserEntityByUserCredentials(
            $username,
            $password,
            $this->getIdentifier(),
            $client
        );

        if ($user instanceof UserEntityInterface === false) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request));

            throw OAuthServerException::invalidGrant();
        }

        return $user;
    }

    /**
     * {@inheritdoc}
     */
    public function getIdentifier()
    {
        return 'password';
    }
}


1		<?php
2		/**
3		* OAuth 2.0 Password grant.
4		*
5		* @author Alex Bilbie <[email protected]>
6		* @copyright Copyright (c) Alex Bilbie
7		* @license http://mit-license.org/
8		*
9		* @link https://github.com/thephpleague/oauth2-server
10		*/
11
12		namespace League\OAuth2\Server\Grant;
13
14		use DateInterval;
15		use League\OAuth2\Server\Entities\ClientEntityInterface;
16		use League\OAuth2\Server\Entities\UserEntityInterface;
17		use League\OAuth2\Server\Exception\OAuthServerException;
18		use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
19		use League\OAuth2\Server\Repositories\UserRepositoryInterface;
20		use League\OAuth2\Server\RequestEvent;
21		use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
22		use Psr\Http\Message\ServerRequestInterface;
23
24		/**
25		* Password grant class.
26		*/
27		class PasswordGrant extends AbstractGrant
28		{
29		/**
30		* @param UserRepositoryInterface $userRepository
31		* @param RefreshTokenRepositoryInterface $refreshTokenRepository
32		*/
33	6	public function __construct(
34		UserRepositoryInterface $userRepository,
35		RefreshTokenRepositoryInterface $refreshTokenRepository
36		) {
37	6	$this->setUserRepository($userRepository);
38	6	$this->setRefreshTokenRepository($refreshTokenRepository);
39
40	6	$this->refreshTokenTTL = new DateInterval('P1M');
41	6	}
42
43		/**
44		* {@inheritdoc}
45		*/
46	5	public function respondToAccessTokenRequest(
47		ServerRequestInterface $request,
48		ResponseTypeInterface $responseType,
49		DateInterval $accessTokenTTL
50		) {
51		// Validate request
52	5	$client = $this->validateClient($request);
53	4	$scopes = $this->validateScopes($this->getRequestParameter('scope', $request, $this->defaultScope));
54	4	$user = $this->validateUser($request, $client);
55
56		// Finalize the requested scopes
57	2	$finalizedScopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $user->getIdentifier());
58
59		// Issue and persist new access token
60	2	$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $finalizedScopes);
61	2	$this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
62	2	$responseType->setAccessToken($accessToken);
		0 ignored issues – show Bug introduced 2017-11-14 00:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$accessToken` defined by `$this->issueAccessToken(...er(), $finalizedScopes)` on line `60` can be `null`; however, `League\OAuth2\Server\Res...rface::setAccessToken()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
63
64		// Issue and persist new refresh token if given
65	2	$refreshToken = $this->issueRefreshToken($accessToken);
66
67	2	if ($refreshToken !== null) {
68	1	$this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request));
69	1	$responseType->setRefreshToken($refreshToken);
70		}
71
72	2	return $responseType;
73		}
74
75		/**
76		* @param ServerRequestInterface $request
77		* @param ClientEntityInterface $client
78		*
79		* @throws OAuthServerException
80		*
81		* @return UserEntityInterface
82		*/
83	4	protected function validateUser(ServerRequestInterface $request, ClientEntityInterface $client)
84		{
85	4	$username = $this->getRequestParameter('username', $request);
86
87	4	if (is_null($username)) {
88		throw OAuthServerException::invalidRequest('username');
89		}
90
91	4	$password = $this->getRequestParameter('password', $request);
92
93	4	if (is_null($password)) {
94	1	throw OAuthServerException::invalidRequest('password');
95		}
96
97	3	$user = $this->userRepository->getUserEntityByUserCredentials(
98	3	$username,
99	3	$password,
100	3	$this->getIdentifier(),
101	3	$client
102		);
103
104	3	if ($user instanceof UserEntityInterface === false) {
105	1	$this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request));
106
107	1	throw OAuthServerException::invalidGrant();
108		}
109
110	2	return $user;
111		}
112
113		/**
114		* {@inheritdoc}
115		*/
116	5	public function getIdentifier()
117		{
118	5	return 'password';
119		}
120		}
121

thephpleague / oauth2-server

Push — master ( 661e1f...1f20a4 )

src/Grant/PasswordGrant.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like