BearerTokenValidator::setPublicKey() - Code Metrics - Inspection of "add PSR15/PSR-17 compliant middleware" - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#1029)

by Andrew

created 2019-11-10 12:53 UTC

BearerTokenValidator::setPublicKey() A

↳ Parent: BearerTokenValidator

Complexity

Conditions	1
Paths	1

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	3
CRAP Score	1

Importance

Changes

Metric	Value
c	0
b	0
f	0
dl	0
loc	4
ccs	3
cts	3
cp	1
rs	10
cc	1
nc	1
nop	1
crap	1

<?php
/**
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server\AuthorizationValidators;

use BadMethodCallException;
use InvalidArgumentException;
use Lcobucci\JWT\Parser;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\ValidationData;
use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\CryptTrait;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use Psr\Http\Message\ServerRequestInterface;
use RuntimeException;

class BearerTokenValidator implements AuthorizationValidatorInterface
{
    use CryptTrait;

    /**
     * @var AccessTokenRepositoryInterface
     */
    private $accessTokenRepository;

    /**
     * @var CryptKey
     */
    protected $publicKey;

    /**
     * @param AccessTokenRepositoryInterface $accessTokenRepository
     */
    public function __construct(AccessTokenRepositoryInterface $accessTokenRepository)
    {
        $this->accessTokenRepository = $accessTokenRepository;
    }

    /**
     * Set the public key
     *
     * @param CryptKey $key
     */
    public function setPublicKey(CryptKey $key)
    {
        $this->publicKey = $key;
    }

    /**
     * {@inheritdoc}
     */
    public function validateAuthorization(ServerRequestInterface $request)
    {
        if ($request->hasHeader('authorization') === false) {
            throw OAuthServerException::accessDenied('Missing "Authorization" header');
        }

        $header = $request->getHeader('authorization');
        $jwt = trim((string) preg_replace('/^(?:\s+)?Bearer\s/', '', $header[0]));

        try {
            // Attempt to parse and validate the JWT
            $token = (new Parser())->parse($jwt);
            try {
                if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) {
                    throw OAuthServerException::accessDenied('Access token could not be verified');
                }
            } catch (BadMethodCallException $exception) {
                throw OAuthServerException::accessDenied('Access token is not signed', null, $exception);
            }

            // Ensure access token hasn't expired
            $data = new ValidationData();
            $data->setCurrentTime(time());

            if ($token->validate($data) === false) {
                throw OAuthServerException::accessDenied('Access token is invalid');
            }

            // Check if token has been revoked
            if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) {
                throw OAuthServerException::accessDenied('Access token has been revoked');
            }

            // Return the request with additional attributes
            return $request
                ->withAttribute('oauth_access_token_id', $token->getClaim('jti'))
                ->withAttribute('oauth_client_id', $token->getClaim('aud'))
                ->withAttribute('oauth_user_id', $token->getClaim('sub'))
                ->withAttribute('oauth_scopes', $token->getClaim('scopes'));
        } catch (InvalidArgumentException $exception) {
            // JWT couldn't be parsed so return the request as is
            throw OAuthServerException::accessDenied($exception->getMessage(), null, $exception);
        } catch (RuntimeException $exception) {
            //JWR couldn't be parsed so return the request as is
            throw OAuthServerException::accessDenied('Error while decoding to JSON', null, $exception);
        }
    }
}


1		<?php
2		/**
3		* @author Alex Bilbie <[email protected]>
4		* @copyright Copyright (c) Alex Bilbie
5		* @license http://mit-license.org/
6		*
7		* @link https://github.com/thephpleague/oauth2-server
8		*/
9
10		namespace League\OAuth2\Server\AuthorizationValidators;
11
12		use BadMethodCallException;
13		use InvalidArgumentException;
14		use Lcobucci\JWT\Parser;
15		use Lcobucci\JWT\Signer\Rsa\Sha256;
16		use Lcobucci\JWT\ValidationData;
17		use League\OAuth2\Server\CryptKey;
18		use League\OAuth2\Server\CryptTrait;
19		use League\OAuth2\Server\Exception\OAuthServerException;
20		use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
21		use Psr\Http\Message\ServerRequestInterface;
22		use RuntimeException;
23
24		class BearerTokenValidator implements AuthorizationValidatorInterface
25		{
26		use CryptTrait;
27
28		/**
29		* @var AccessTokenRepositoryInterface
30		*/
31		private $accessTokenRepository;
32
33		/**
34		* @var CryptKey
35		*/
36		protected $publicKey;
37
38		/**
39		* @param AccessTokenRepositoryInterface $accessTokenRepository
40		*/
41	1	public function __construct(AccessTokenRepositoryInterface $accessTokenRepository)
42		{
43	1	$this->accessTokenRepository = $accessTokenRepository;
44	1	}
45
46		/**
47		* Set the public key
48		*
49		* @param CryptKey $key
50		*/
51	1	public function setPublicKey(CryptKey $key)
52		{
53	1	$this->publicKey = $key;
54	1	}
55
56		/**
57		* {@inheritdoc}
58		*/
59	1	public function validateAuthorization(ServerRequestInterface $request)
60		{
61	1	if ($request->hasHeader('authorization') === false) {
62		throw OAuthServerException::accessDenied('Missing "Authorization" header');
63		}
64
65	1	$header = $request->getHeader('authorization');
66	1	$jwt = trim((string) preg_replace('/^(?:\s+)?Bearer\s/', '', $header[0]));
67
68		try {
69		// Attempt to parse and validate the JWT
70	1	$token = (new Parser())->parse($jwt);
71		try {
72	1	if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) {
73		throw OAuthServerException::accessDenied('Access token could not be verified');
74		}
75	1	} catch (BadMethodCallException $exception) {
76	1	throw OAuthServerException::accessDenied('Access token is not signed', null, $exception);
77		}
78
79		// Ensure access token hasn't expired
80		$data = new ValidationData();
81		$data->setCurrentTime(time());
82
83		if ($token->validate($data) === false) {
84		throw OAuthServerException::accessDenied('Access token is invalid');
85		}
86
87		// Check if token has been revoked
88		if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) {
89		throw OAuthServerException::accessDenied('Access token has been revoked');
90		}
91
92		// Return the request with additional attributes
93		return $request
94		->withAttribute('oauth_access_token_id', $token->getClaim('jti'))
95		->withAttribute('oauth_client_id', $token->getClaim('aud'))
96		->withAttribute('oauth_user_id', $token->getClaim('sub'))
97		->withAttribute('oauth_scopes', $token->getClaim('scopes'));
98	1	} catch (InvalidArgumentException $exception) {
99		// JWT couldn't be parsed so return the request as is
100		throw OAuthServerException::accessDenied($exception->getMessage(), null, $exception);
101	1	} catch (RuntimeException $exception) {
102		//JWR couldn't be parsed so return the request as is
103		throw OAuthServerException::accessDenied('Error while decoding to JSON', null, $exception);
104		}
105		}
106		}
107

thephpleague / oauth2-server

Pull Request — master (#1029)

BearerTokenValidator::setPublicKey() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like