AbstractGrant - Code Metrics - Inspection of "Merge pull request #601 from zerkms/ISSUE-596_UNIQ..." - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 732162...df20da )

by Alex

created 2016-06-28 07:48 UTC

AbstractGrant C

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	449
Duplicated Lines	0 %

Coupling/Cohesion

Components	3
Dependencies	16

Importance

Changes	17
Bugs	9	Features	3

Metric	Value
wmc	54
c	17
b	9
f	3
lcom	3
cbo	16
dl	0
loc	449
rs	5.1026

22 Methods

Rating	Name	Size	Complexity
A	setClientRepository()	4	1
A	setAccessTokenRepository()	4	1
A	setScopeRepository()	4	1
A	setRefreshTokenRepository()	4	1
A	setAuthCodeRepository()	4	1
A	setUserRepository()	4	1
A	setRefreshTokenTTL()	4	1
C	validateClient()	44	8
B	validateScopes()	24	3
A	getRequestParameter()	6	2
B	getBasicAuthCredentials()	21	5
A	getQueryStringParameter()	4	2
A	getCookieParameter()	4	2
A	getServerParameter()	4	2
B	issueAccessToken()	29	5
B	issueAuthCode()	31	5
A	issueRefreshToken()	20	4
A	generateUniqueIdentifier()	15	4
A	canRespondToAccessTokenRequest()	9	2
A	canRespondToAuthorizationRequest()	4	1
A	validateAuthorizationRequest()	4	1
A	completeAuthorizationRequest()	4	1

How to fix Complexity

<?php
/**
 * OAuth 2.0 Abstract grant.
 *
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */
namespace League\OAuth2\Server\Grant;

use League\Event\EmitterAwareTrait;
use League\OAuth2\Server\CryptTrait;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\ScopeEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\Repositories\UserRepositoryInterface;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use Psr\Http\Message\ServerRequestInterface;

/**
 * Abstract grant class.
 */
abstract class AbstractGrant implements GrantTypeInterface
{
    use EmitterAwareTrait, CryptTrait;

    const SCOPE_DELIMITER_STRING = ' ';

    const MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS = 10;

    /**
     * @var ClientRepositoryInterface
     */
    protected $clientRepository;

    /**
     * @var AccessTokenRepositoryInterface
     */
    protected $accessTokenRepository;

    /**
     * @var ScopeRepositoryInterface
     */
    protected $scopeRepository;

    /**
     * @var \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface
     */
    protected $authCodeRepository;

    /**
     * @var \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface
     */
    protected $refreshTokenRepository;

    /**
     * @var \League\OAuth2\Server\Repositories\UserRepositoryInterface
     */
    protected $userRepository;

    /**
     * @var \DateInterval
     */
    protected $refreshTokenTTL;

    /**
     * @param ClientRepositoryInterface $clientRepository
     */
    public function setClientRepository(ClientRepositoryInterface $clientRepository)
    {
        $this->clientRepository = $clientRepository;
    }

    /**
     * @param AccessTokenRepositoryInterface $accessTokenRepository
     */
    public function setAccessTokenRepository(AccessTokenRepositoryInterface $accessTokenRepository)
    {
        $this->accessTokenRepository = $accessTokenRepository;
    }

    /**
     * @param ScopeRepositoryInterface $scopeRepository
     */
    public function setScopeRepository(ScopeRepositoryInterface $scopeRepository)
    {
        $this->scopeRepository = $scopeRepository;
    }

    /**
     * @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
     */
    public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
    {
        $this->refreshTokenRepository = $refreshTokenRepository;
    }

    /**
     * @param \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface $authCodeRepository
     */
    public function setAuthCodeRepository(AuthCodeRepositoryInterface $authCodeRepository)
    {
        $this->authCodeRepository = $authCodeRepository;
    }

    /**
     * @param \League\OAuth2\Server\Repositories\UserRepositoryInterface $userRepository
     */
    public function setUserRepository(UserRepositoryInterface $userRepository)
    {
        $this->userRepository = $userRepository;
    }

    /**
     * {@inheritdoc}
     */
    public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL)
    {
        $this->refreshTokenTTL = $refreshTokenTTL;
    }

    /**
     * Validate the client.
     *
     * @param \Psr\Http\Message\ServerRequestInterface $request
     *
     * @throws \League\OAuth2\Server\Exception\OAuthServerException
     *
     * @return \League\OAuth2\Server\Entities\ClientEntityInterface
     */
    protected function validateClient(ServerRequestInterface $request)
    {
        list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request);

        $clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
        if (is_null($clientId)) {
            throw OAuthServerException::invalidRequest('client_id');
        }

        // If the client is confidential require the client secret
        $clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);

        $client = $this->clientRepository->getClientEntity(
            $clientId,
            $this->getIdentifier(),
            $clientSecret,
            true
        );

        if (!$client instanceof ClientEntityInterface) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
            throw OAuthServerException::invalidClient();
        }

        // If a redirect URI is provided ensure it matches what is pre-registered
        $redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
        if ($redirectUri !== null) {
            if (
                is_string($client->getRedirectUri())
                && (strcmp($client->getRedirectUri(), $redirectUri) !== 0)
            ) {
                $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
                throw OAuthServerException::invalidClient();
            } elseif (
                is_array($client->getRedirectUri())
                && in_array($redirectUri, $client->getRedirectUri()) === false
            ) {
                $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
                throw OAuthServerException::invalidClient();
            }
        }

        return $client;
    }

    /**
     * Validate scopes in the request.
     *
     * @param string $scopes
     * @param string $redirectUri
     *
     * @throws \League\OAuth2\Server\Exception\OAuthServerException
     *
     * @return \League\OAuth2\Server\Entities\ScopeEntityInterface[]
     */
    public function validateScopes(
        $scopes,
        $redirectUri = null
    ) {
        $scopesList = array_filter(
            explode(self::SCOPE_DELIMITER_STRING, trim($scopes)),
            function ($scope) {
                return !empty($scope);
            }
        );

        $scopes = [];
        foreach ($scopesList as $scopeItem) {
            $scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeItem);

            if (!$scope instanceof ScopeEntityInterface) {
                throw OAuthServerException::invalidScope($scopeItem, $redirectUri);
            }

            $scopes[] = $scope;
        }

        return $scopes;
    }

    /**
     * Retrieve request parameter.
     *
     * @param string                                   $parameter
     * @param \Psr\Http\Message\ServerRequestInterface $request
     * @param mixed                                    $default
     *
     * @return null|string
     */
    protected function getRequestParameter($parameter, ServerRequestInterface $request, $default = null)
    {
        $requestParameters = (array) $request->getParsedBody();

        return isset($requestParameters[$parameter]) ? $requestParameters[$parameter] : $default;
    }

    /**
     * Retrieve HTTP Basic Auth credentials with the Authorization header
     * of a request. First index of the returned array is the username,
     * second is the password (so list() will work). If the header does
     * not exist, or is otherwise an invalid HTTP Basic header, return
     * [null, null].
     *
     * @param \Psr\Http\Message\ServerRequestInterface $request
     * @return string[]|null[]
     */
    protected function getBasicAuthCredentials(ServerRequestInterface $request)
    {
        if (!$request->hasHeader('Authorization')) {
            return [null, null];
        }

        $header = $request->getHeader('Authorization')[0];
        if (strpos($header, 'Basic ') !== 0) {
            return [null, null];
        }

        if (!($decoded = base64_decode(substr($header, 6)))) {
            return [null, null];
        }

        if (strpos($decoded, ':') === false) {
            return [null, null]; // HTTP Basic header without colon isn't valid
        }

        return explode(':', $decoded, 2);
    }

    /**
     * Retrieve query string parameter.
     *
     * @param string                                   $parameter
     * @param \Psr\Http\Message\ServerRequestInterface $request
     * @param mixed                                    $default
     *
     * @return null|string
     */
    protected function getQueryStringParameter($parameter, ServerRequestInterface $request, $default = null)
    {
        return isset($request->getQueryParams()[$parameter]) ? $request->getQueryParams()[$parameter] : $default;
    }

    /**
     * Retrieve cookie parameter.
     *
     * @param string                                   $parameter
     * @param \Psr\Http\Message\ServerRequestInterface $request
     * @param mixed                                    $default
     *
     * @return null|string
     */
    protected function getCookieParameter($parameter, ServerRequestInterface $request, $default = null)
    {
        return isset($request->getCookieParams()[$parameter]) ? $request->getCookieParams()[$parameter] : $default;
    }

    /**
     * Retrieve server parameter.
     *
     * @param string                                   $parameter
     * @param \Psr\Http\Message\ServerRequestInterface $request
     * @param mixed                                    $default
     *
     * @return null|string
     */
    protected function getServerParameter($parameter, ServerRequestInterface $request, $default = null)
    {
        return isset($request->getServerParams()[$parameter]) ? $request->getServerParams()[$parameter] : $default;
    }

    /**
     * Issue an access token.
     *
     * @param \DateInterval                                         $accessTokenTTL
     * @param \League\OAuth2\Server\Entities\ClientEntityInterface  $client
     * @param string                                                $userIdentifier
     * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
     *
     * @return \League\OAuth2\Server\Entities\AccessTokenEntityInterface
     */
    protected function issueAccessToken(
        \DateInterval $accessTokenTTL,
        ClientEntityInterface $client,
        $userIdentifier,
        array $scopes = []
    ) {
        $maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;

        $accessToken = $this->accessTokenRepository->getNewToken($client, $scopes, $userIdentifier);
        $accessToken->setClient($client);
        $accessToken->setUserIdentifier($userIdentifier);
        $accessToken->setExpiryDateTime((new \DateTime())->add($accessTokenTTL));

        foreach ($scopes as $scope) {
            $accessToken->addScope($scope);
        }

        while ($maxGenerationAttempts-- > 0) {
            $accessToken->setIdentifier($this->generateUniqueIdentifier());
            try {
                $this->accessTokenRepository->persistNewAccessToken($accessToken);
                return $accessToken;
            } catch (UniqueTokenIdentifierConstraintViolationException $e) {
                if ($maxGenerationAttempts === 0) {
                    throw $e;
                }
            }
        }
    }

    /**
     * Issue an auth code.
     *
     * @param \DateInterval                                         $authCodeTTL
     * @param \League\OAuth2\Server\Entities\ClientEntityInterface  $client
     * @param string                                                $userIdentifier
     * @param string                                                $redirectUri
     * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
     *
     * @return \League\OAuth2\Server\Entities\AuthCodeEntityInterface
     */
    protected function issueAuthCode(
        \DateInterval $authCodeTTL,
        ClientEntityInterface $client,
        $userIdentifier,
        $redirectUri,
        array $scopes = []
    ) {
        $maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;

        $authCode = $this->authCodeRepository->getNewAuthCode();
        $authCode->setExpiryDateTime((new \DateTime())->add($authCodeTTL));
        $authCode->setClient($client);
        $authCode->setUserIdentifier($userIdentifier);
        $authCode->setRedirectUri($redirectUri);

        foreach ($scopes as $scope) {
            $authCode->addScope($scope);
        }

        while ($maxGenerationAttempts-- > 0) {
            $authCode->setIdentifier($this->generateUniqueIdentifier());
            try {
                $this->authCodeRepository->persistNewAuthCode($authCode);
                return $authCode;
            } catch (UniqueTokenIdentifierConstraintViolationException $e) {
                if ($maxGenerationAttempts === 0) {
                    throw $e;
                }
            }
        }
    }

    /**
     * @param \League\OAuth2\Server\Entities\AccessTokenEntityInterface $accessToken
     *
     * @return \League\OAuth2\Server\Entities\RefreshTokenEntityInterface
     */
    protected function issueRefreshToken(AccessTokenEntityInterface $accessToken)
    {
        $maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;

        $refreshToken = $this->refreshTokenRepository->getNewRefreshToken();
        $refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL));
        $refreshToken->setAccessToken($accessToken);

        while ($maxGenerationAttempts-- > 0) {
            $refreshToken->setIdentifier($this->generateUniqueIdentifier());
            try {
                $this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
                return $refreshToken;
            } catch (UniqueTokenIdentifierConstraintViolationException $e) {
                if ($maxGenerationAttempts === 0) {
                    throw $e;
                }
            }
        }
    }

    /**
     * Generate a new unique identifier.
     *
     * @param int $length
     *
     * @throws \League\OAuth2\Server\Exception\OAuthServerException
     *
     * @return string
     */
    protected function generateUniqueIdentifier($length = 40)
    {
        try {
            return bin2hex(random_bytes($length));
            // @codeCoverageIgnoreStart
        } catch (\TypeError $e) {
            throw OAuthServerException::serverError('An unexpected error has occurred');
        } catch (\Error $e) {
            throw OAuthServerException::serverError('An unexpected error has occurred');
        } catch (\Exception $e) {
            // If you get this message, the CSPRNG failed hard.
            throw OAuthServerException::serverError('Could not generate a random string');
        }
        // @codeCoverageIgnoreEnd
    }

    /**
     * {@inheritdoc}
     */
    public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
    {
        $requestParameters = (array) $request->getParsedBody();

        return (
            array_key_exists('grant_type', $requestParameters)
            && $requestParameters['grant_type'] === $this->getIdentifier()
        );
    }

    /**
     * {@inheritdoc}
     */
    public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
    {
        return false;
    }

    /**
     * {@inheritdoc}
     */
    public function validateAuthorizationRequest(ServerRequestInterface $request)
    {
        throw new \LogicException('This grant cannot validate an authorization request');
    }

    /**
     * {@inheritdoc}
     */
    public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
    {
        throw new \LogicException('This grant cannot complete an authorization request');
    }
}


1			<?php
2			/**
3			* OAuth 2.0 Abstract grant.
4			*
5			* @author Alex Bilbie <[email protected]>
6			* @copyright Copyright (c) Alex Bilbie
7			* @license http://mit-license.org/
8			*
9			* @link https://github.com/thephpleague/oauth2-server
10			*/
11			namespace League\OAuth2\Server\Grant;
12
13			use League\Event\EmitterAwareTrait;
14			use League\OAuth2\Server\CryptTrait;
15			use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
16			use League\OAuth2\Server\Entities\ClientEntityInterface;
17			use League\OAuth2\Server\Entities\ScopeEntityInterface;
18			use League\OAuth2\Server\Exception\OAuthServerException;
19			use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
20			use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
21			use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
22			use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
23			use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
24			use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
25			use League\OAuth2\Server\Repositories\UserRepositoryInterface;
26			use League\OAuth2\Server\RequestEvent;
27			use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
28			use Psr\Http\Message\ServerRequestInterface;
29
30			/**
31			* Abstract grant class.
32			*/
33			abstract class AbstractGrant implements GrantTypeInterface
34			{
35			use EmitterAwareTrait, CryptTrait;
36
37			const SCOPE_DELIMITER_STRING = ' ';
38
39			const MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS = 10;
40
41			/**
42			* @var ClientRepositoryInterface
43			*/
44			protected $clientRepository;
45
46			/**
47			* @var AccessTokenRepositoryInterface
48			*/
49			protected $accessTokenRepository;
50
51			/**
52			* @var ScopeRepositoryInterface
53			*/
54			protected $scopeRepository;
55
56			/**
57			* @var \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface
58			*/
59			protected $authCodeRepository;
60
61			/**
62			* @var \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface
63			*/
64			protected $refreshTokenRepository;
65
66			/**
67			* @var \League\OAuth2\Server\Repositories\UserRepositoryInterface
68			*/
69			protected $userRepository;
70
71			/**
72			* @var \DateInterval
73			*/
74			protected $refreshTokenTTL;
75
76			/**
77			* @param ClientRepositoryInterface $clientRepository
78			*/
79			public function setClientRepository(ClientRepositoryInterface $clientRepository)
80			{
81			$this->clientRepository = $clientRepository;
82			}
83
84			/**
85			* @param AccessTokenRepositoryInterface $accessTokenRepository
86			*/
87			public function setAccessTokenRepository(AccessTokenRepositoryInterface $accessTokenRepository)
88			{
89			$this->accessTokenRepository = $accessTokenRepository;
90			}
91
92			/**
93			* @param ScopeRepositoryInterface $scopeRepository
94			*/
95			public function setScopeRepository(ScopeRepositoryInterface $scopeRepository)
96			{
97			$this->scopeRepository = $scopeRepository;
98			}
99
100			/**
101			* @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
102			*/
103			public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
104			{
105			$this->refreshTokenRepository = $refreshTokenRepository;
106			}
107
108			/**
109			* @param \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface $authCodeRepository
110			*/
111			public function setAuthCodeRepository(AuthCodeRepositoryInterface $authCodeRepository)
112			{
113			$this->authCodeRepository = $authCodeRepository;
114			}
115
116			/**
117			* @param \League\OAuth2\Server\Repositories\UserRepositoryInterface $userRepository
118			*/
119			public function setUserRepository(UserRepositoryInterface $userRepository)
120			{
121			$this->userRepository = $userRepository;
122			}
123
124			/**
125			* {@inheritdoc}
126			*/
127			public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL)
128			{
129			$this->refreshTokenTTL = $refreshTokenTTL;
130			}
131
132			/**
133			* Validate the client.
134			*
135			* @param \Psr\Http\Message\ServerRequestInterface $request
136			*
137			* @throws \League\OAuth2\Server\Exception\OAuthServerException
138			*
139			* @return \League\OAuth2\Server\Entities\ClientEntityInterface
140			*/
141			protected function validateClient(ServerRequestInterface $request)
142			{
143			list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request);
144
145			$clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
146			if (is_null($clientId)) {
147			throw OAuthServerException::invalidRequest('client_id');
148			}
149
150			// If the client is confidential require the client secret
151			$clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);
152
153			$client = $this->clientRepository->getClientEntity(
154			$clientId,
155			$this->getIdentifier(),
156			$clientSecret,
157			true
158			);
159
160			if (!$client instanceof ClientEntityInterface) {
161			$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
162			throw OAuthServerException::invalidClient();
163			}
164
165			// If a redirect URI is provided ensure it matches what is pre-registered
166			$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
167			if ($redirectUri !== null) {
168			if (
169			is_string($client->getRedirectUri())
170			&& (strcmp($client->getRedirectUri(), $redirectUri) !== 0)
171			) {
172			$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
173			throw OAuthServerException::invalidClient();
174			} elseif (
175			is_array($client->getRedirectUri())
176			&& in_array($redirectUri, $client->getRedirectUri()) === false
177			) {
178			$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
179			throw OAuthServerException::invalidClient();
180			}
181			}
182
183			return $client;
184			}
185
186			/**
187			* Validate scopes in the request.
188			*
189			* @param string $scopes
190			* @param string $redirectUri
191			*
192			* @throws \League\OAuth2\Server\Exception\OAuthServerException
193			*
194			* @return \League\OAuth2\Server\Entities\ScopeEntityInterface[]
195			*/
196			public function validateScopes(
197			$scopes,
198			$redirectUri = null
199			) {
200			$scopesList = array_filter(
201			explode(self::SCOPE_DELIMITER_STRING, trim($scopes)),
202			function ($scope) {
203			return !empty($scope);
204			}
205			);
206
207			$scopes = [];
208			foreach ($scopesList as $scopeItem) {
209			$scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeItem);
210
211			if (!$scope instanceof ScopeEntityInterface) {
212			throw OAuthServerException::invalidScope($scopeItem, $redirectUri);
213			}
214
215			$scopes[] = $scope;
216			}
217
218			return $scopes;
219			}
220
221			/**
222			* Retrieve request parameter.
223			*
224			* @param string $parameter
225			* @param \Psr\Http\Message\ServerRequestInterface $request
226			* @param mixed $default
227			*
228			* @return null\|string
229			*/
230			protected function getRequestParameter($parameter, ServerRequestInterface $request, $default = null)
231			{
232			$requestParameters = (array) $request->getParsedBody();
233
234			return isset($requestParameters[$parameter]) ? $requestParameters[$parameter] : $default;
235			}
236
237			/**
238			* Retrieve HTTP Basic Auth credentials with the Authorization header
239			* of a request. First index of the returned array is the username,
240			* second is the password (so list() will work). If the header does
241			* not exist, or is otherwise an invalid HTTP Basic header, return
242			* [null, null].
243			*
244			* @param \Psr\Http\Message\ServerRequestInterface $request
245			* @return string[]\|null[]
246			*/
247			protected function getBasicAuthCredentials(ServerRequestInterface $request)
248			{
249			if (!$request->hasHeader('Authorization')) {
250			return [null, null];
251			}
252
253			$header = $request->getHeader('Authorization')[0];
254			if (strpos($header, 'Basic ') !== 0) {
255			return [null, null];
256			}
257
258			if (!($decoded = base64_decode(substr($header, 6)))) {
259			return [null, null];
260			}
261
262			if (strpos($decoded, ':') === false) {
263			return [null, null]; // HTTP Basic header without colon isn't valid
264			}
265
266			return explode(':', $decoded, 2);
267			}
268
269			/**
270			* Retrieve query string parameter.
271			*
272			* @param string $parameter
273			* @param \Psr\Http\Message\ServerRequestInterface $request
274			* @param mixed $default
275			*
276			* @return null\|string
277			*/
278			protected function getQueryStringParameter($parameter, ServerRequestInterface $request, $default = null)
279			{
280			return isset($request->getQueryParams()[$parameter]) ? $request->getQueryParams()[$parameter] : $default;
281			}
282
283			/**
284			* Retrieve cookie parameter.
285			*
286			* @param string $parameter
287			* @param \Psr\Http\Message\ServerRequestInterface $request
288			* @param mixed $default
289			*
290			* @return null\|string
291			*/
292			protected function getCookieParameter($parameter, ServerRequestInterface $request, $default = null)
293			{
294			return isset($request->getCookieParams()[$parameter]) ? $request->getCookieParams()[$parameter] : $default;
295			}
296
297			/**
298			* Retrieve server parameter.
299			*
300			* @param string $parameter
301			* @param \Psr\Http\Message\ServerRequestInterface $request
302			* @param mixed $default
303			*
304			* @return null\|string
305			*/
306			protected function getServerParameter($parameter, ServerRequestInterface $request, $default = null)
307			{
308			return isset($request->getServerParams()[$parameter]) ? $request->getServerParams()[$parameter] : $default;
309			}
310
311			/**
312			* Issue an access token.
313			*
314			* @param \DateInterval $accessTokenTTL
315			* @param \League\OAuth2\Server\Entities\ClientEntityInterface $client
316			* @param string $userIdentifier
317			* @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
318			*
319			* @return \League\OAuth2\Server\Entities\AccessTokenEntityInterface
320			*/
321			protected function issueAccessToken(
322			\DateInterval $accessTokenTTL,
323			ClientEntityInterface $client,
324			$userIdentifier,
325			array $scopes = []
326			) {
327			$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
328
329			$accessToken = $this->accessTokenRepository->getNewToken($client, $scopes, $userIdentifier);
330			$accessToken->setClient($client);
331			$accessToken->setUserIdentifier($userIdentifier);
332			$accessToken->setExpiryDateTime((new \DateTime())->add($accessTokenTTL));
333
334			foreach ($scopes as $scope) {
335			$accessToken->addScope($scope);
336			}
337
338			while ($maxGenerationAttempts-- > 0) {
339			$accessToken->setIdentifier($this->generateUniqueIdentifier());
340			try {
341			$this->accessTokenRepository->persistNewAccessToken($accessToken);
342			return $accessToken;
343			} catch (UniqueTokenIdentifierConstraintViolationException $e) {
344			if ($maxGenerationAttempts === 0) {
345			throw $e;
346			}
347			}
348			}
349			}
350
351			/**
352			* Issue an auth code.
353			*
354			* @param \DateInterval $authCodeTTL
355			* @param \League\OAuth2\Server\Entities\ClientEntityInterface $client
356			* @param string $userIdentifier
357			* @param string $redirectUri
358			* @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
359			*
360			* @return \League\OAuth2\Server\Entities\AuthCodeEntityInterface
361			*/
362			protected function issueAuthCode(
363			\DateInterval $authCodeTTL,
364			ClientEntityInterface $client,
365			$userIdentifier,
366			$redirectUri,
367			array $scopes = []
368			) {
369			$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
370
371			$authCode = $this->authCodeRepository->getNewAuthCode();
372			$authCode->setExpiryDateTime((new \DateTime())->add($authCodeTTL));
373			$authCode->setClient($client);
374			$authCode->setUserIdentifier($userIdentifier);
375			$authCode->setRedirectUri($redirectUri);
376
377			foreach ($scopes as $scope) {
378			$authCode->addScope($scope);
379			}
380
381			while ($maxGenerationAttempts-- > 0) {
382			$authCode->setIdentifier($this->generateUniqueIdentifier());
383			try {
384			$this->authCodeRepository->persistNewAuthCode($authCode);
385			return $authCode;
386			} catch (UniqueTokenIdentifierConstraintViolationException $e) {
387			if ($maxGenerationAttempts === 0) {
388			throw $e;
389			}
390			}
391			}
392			}
393
394			/**
395			* @param \League\OAuth2\Server\Entities\AccessTokenEntityInterface $accessToken
396			*
397			* @return \League\OAuth2\Server\Entities\RefreshTokenEntityInterface
398			*/
399			protected function issueRefreshToken(AccessTokenEntityInterface $accessToken)
400			{
401			$maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
402
403			$refreshToken = $this->refreshTokenRepository->getNewRefreshToken();
404			$refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL));
405			$refreshToken->setAccessToken($accessToken);
406
407			while ($maxGenerationAttempts-- > 0) {
408			$refreshToken->setIdentifier($this->generateUniqueIdentifier());
409			try {
410			$this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
411			return $refreshToken;
412			} catch (UniqueTokenIdentifierConstraintViolationException $e) {
413			if ($maxGenerationAttempts === 0) {
414			throw $e;
415			}
416			}
417			}
418			}
419
420			/**
421			* Generate a new unique identifier.
422			*
423			* @param int $length
424			*
425			* @throws \League\OAuth2\Server\Exception\OAuthServerException
426			*
427			* @return string
428			*/
429			protected function generateUniqueIdentifier($length = 40)
430			{
431			try {
432			return bin2hex(random_bytes($length));
433			// @codeCoverageIgnoreStart
434			} catch (\TypeError $e) {
435			throw OAuthServerException::serverError('An unexpected error has occurred');
436			} catch (\Error $e) {
437			throw OAuthServerException::serverError('An unexpected error has occurred');
438			} catch (\Exception $e) {
439			// If you get this message, the CSPRNG failed hard.
440			throw OAuthServerException::serverError('Could not generate a random string');
441			}
442			// @codeCoverageIgnoreEnd
443			}
444
445			/**
446			* {@inheritdoc}
447			*/
448			public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
449			{
450			$requestParameters = (array) $request->getParsedBody();
451
452			return (
453			array_key_exists('grant_type', $requestParameters)
454			&& $requestParameters['grant_type'] === $this->getIdentifier()
455			);
456			}
457
458			/**
459			* {@inheritdoc}
460			*/
461			public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
462			{
463			return false;
464			}
465
466			/**
467			* {@inheritdoc}
468			*/
469			public function validateAuthorizationRequest(ServerRequestInterface $request)
470			{
471			throw new \LogicException('This grant cannot validate an authorization request');
472			}
473
474			/**
475			* {@inheritdoc}
476			*/
477			public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
478			{
479			throw new \LogicException('This grant cannot complete an authorization request');
480			}
481			}
482

thephpleague / oauth2-server

Push — master ( 732162...df20da )

AbstractGrant C

Complexity

Size/Duplication

Coupling/Cohesion

Importance

22 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like