ImplicitGrant::setRefreshTokenTTL() - Code Metrics - Inspection of "Private claims implementation" - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#1122)

by Sebastian

created 2020-07-16 21:56 UTC

ImplicitGrant::setRefreshTokenTTL() A

↳ Parent: ImplicitGrant

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	2
CRAP Score	1

Importance

Changes

Metric	Value
cc	1
eloc	1
c	0
b	0
f	0
nc	1
nop	1
dl	0
loc	3
ccs	2
cts	2
cp	1
crap	1
rs	10

<?php
/**
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server\Grant;

use DateInterval;
use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use League\OAuth2\Server\ResponseTypes\RedirectResponse;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use LogicException;
use Psr\Http\Message\ServerRequestInterface;

class ImplicitGrant extends AbstractAuthorizeGrant
{
    /**
     * @var DateInterval
     */
    private $accessTokenTTL;

    /**
     * @var string
     */
    private $queryDelimiter;

    /**
     * @param DateInterval $accessTokenTTL
     * @param string       $queryDelimiter
     */
    public function __construct(DateInterval $accessTokenTTL, $queryDelimiter = '#')
    {
        $this->accessTokenTTL = $accessTokenTTL;
        $this->queryDelimiter = $queryDelimiter;
    }

    /**
     * @param DateInterval $refreshTokenTTL
     *
     * @throw LogicException
     */
    public function setRefreshTokenTTL(DateInterval $refreshTokenTTL)
    {
        throw new LogicException('The Implicit Grant does not return refresh tokens');
    }

    /**
     * @param RefreshTokenRepositoryInterface $refreshTokenRepository
     *
     * @throw LogicException
     */
    public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
    {
        throw new LogicException('The Implicit Grant does not return refresh tokens');
    }

    /**
     * {@inheritdoc}
     */
    public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
    {
        return false;
    }

    /**
     * Return the grant identifier that can be used in matching up requests.
     *
     * @return string
     */
    public function getIdentifier()
    {
        return 'implicit';
    }

    /**
     * Respond to an incoming request.
     *
     * @param ServerRequestInterface $request
     * @param ResponseTypeInterface  $responseType
     * @param DateInterval           $accessTokenTTL
     *
     * @return ResponseTypeInterface
     */
    public function respondToAccessTokenRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
        DateInterval $accessTokenTTL
    ) {
        throw new LogicException('This grant does not used this method');
    }

    /**
     * {@inheritdoc}
     */
    public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
    {
        return (
            isset($request->getQueryParams()['response_type'])
            && $request->getQueryParams()['response_type'] === 'token'
            && isset($request->getQueryParams()['client_id'])
        );
    }

    /**
     * {@inheritdoc}
     */
    public function validateAuthorizationRequest(ServerRequestInterface $request)
    {
        $clientId = $this->getQueryStringParameter(
            'client_id',
            $request,
            $this->getServerParameter('PHP_AUTH_USER', $request)
        );

        if (\is_null($clientId)) {
            throw OAuthServerException::invalidRequest('client_id');
        }

        $client = $this->getClientEntityOrFail($clientId, $request);

        $redirectUri = $this->getQueryStringParameter('redirect_uri', $request);

        if ($redirectUri !== null) {
            $this->validateRedirectUri($redirectUri, $client, $request);
        } elseif (\is_array($client->getRedirectUri()) && \count($client->getRedirectUri()) !== 1

            || empty($client->getRedirectUri())) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
            throw OAuthServerException::invalidClient($request);
        } else {
            $redirectUri = \is_array($client->getRedirectUri())
                ? $client->getRedirectUri()[0]
                : $client->getRedirectUri();
        }

        $scopes = $this->validateScopes(
            $this->getQueryStringParameter('scope', $request, $this->defaultScope),
            $redirectUri
        );

        $stateParameter = $this->getQueryStringParameter('state', $request);

        $authorizationRequest = new AuthorizationRequest();
        $authorizationRequest->setGrantTypeId($this->getIdentifier());
        $authorizationRequest->setClient($client);
        $authorizationRequest->setRedirectUri($redirectUri);

        if ($stateParameter !== null) {
            $authorizationRequest->setState($stateParameter);
        }

        $authorizationRequest->setScopes($scopes);

        return $authorizationRequest;
    }

    /**
     * {@inheritdoc}
     */
    public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
    {
        if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
            throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
        }

        $finalRedirectUri = ($authorizationRequest->getRedirectUri() === null)
            ? \is_array($authorizationRequest->getClient()->getRedirectUri())
                ? $authorizationRequest->getClient()->getRedirectUri()[0]
                : $authorizationRequest->getClient()->getRedirectUri()
            : $authorizationRequest->getRedirectUri();

        // The user approved the client, redirect them back with an access token
        if ($authorizationRequest->isAuthorizationApproved() === true) {
            // Finalize the requested scopes
            $finalizedScopes = $this->scopeRepository->finalizeScopes(
                $authorizationRequest->getScopes(),
                $this->getIdentifier(),
                $authorizationRequest->getClient(),
                $authorizationRequest->getUser()->getIdentifier()
            );

            $privateClaims = [];
            if ($this->claimRepository) {
                $privateClaims = $this->claimRepository->getClaims(
                    $this->getIdentifier(),
                    $authorizationRequest->getClient(),
                    $authorizationRequest->getUser()->getIdentifier()
                );
            }

            $accessToken = $this->issueAccessToken(
                $this->accessTokenTTL,
                $authorizationRequest->getClient(),
                $authorizationRequest->getUser()->getIdentifier(),
                $finalizedScopes,
                $privateClaims
            );

            $response = new RedirectResponse();
            $response->setRedirectUri(
                $this->makeRedirectUri(
                    $finalRedirectUri,
                    [
                        'access_token' => (string) $accessToken,
                        'token_type'   => 'Bearer',
                        'expires_in'   => $accessToken->getExpiryDateTime()->getTimestamp() - \time(),
                        'state'        => $authorizationRequest->getState(),
                    ],
                    $this->queryDelimiter
                )
            );

            return $response;
        }

        // The user denied the client, redirect them back with an error
        throw OAuthServerException::accessDenied(
            'The user denied the request',
            $this->makeRedirectUri(
                $finalRedirectUri,
                [
                    'state' => $authorizationRequest->getState(),
                ]
            )
        );
    }
}


1		<?php
2		/**
3		* @author Alex Bilbie <[email protected]>
4		* @copyright Copyright (c) Alex Bilbie
5		* @license http://mit-license.org/
6		*
7		* @link https://github.com/thephpleague/oauth2-server
8		*/
9
10		namespace League\OAuth2\Server\Grant;
11
12		use DateInterval;
13		use League\OAuth2\Server\Entities\UserEntityInterface;
14		use League\OAuth2\Server\Exception\OAuthServerException;
15		use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
16		use League\OAuth2\Server\RequestEvent;
17		use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
18		use League\OAuth2\Server\ResponseTypes\RedirectResponse;
19		use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
20		use LogicException;
21		use Psr\Http\Message\ServerRequestInterface;
22
23		class ImplicitGrant extends AbstractAuthorizeGrant
24		{
25		/**
26		* @var DateInterval
27		*/
28		private $accessTokenTTL;
29
30		/**
31		* @var string
32		*/
33		private $queryDelimiter;
34
35		/**
36		* @param DateInterval $accessTokenTTL
37		* @param string $queryDelimiter
38		*/
39	18	public function __construct(DateInterval $accessTokenTTL, $queryDelimiter = '#')
40		{
41	18	$this->accessTokenTTL = $accessTokenTTL;
42	18	$this->queryDelimiter = $queryDelimiter;
43	18	}
44
45		/**
46		* @param DateInterval $refreshTokenTTL
47		*
48		* @throw LogicException
49		*/
50	1	public function setRefreshTokenTTL(DateInterval $refreshTokenTTL)
51		{
52	1	throw new LogicException('The Implicit Grant does not return refresh tokens');
53		}
54
55		/**
56		* @param RefreshTokenRepositoryInterface $refreshTokenRepository
57		*
58		* @throw LogicException
59		*/
60	1	public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
61		{
62	1	throw new LogicException('The Implicit Grant does not return refresh tokens');
63		}
64
65		/**
66		* {@inheritdoc}
67		*/
68	1	public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
69		{
70	1	return false;
71		}
72
73		/**
74		* Return the grant identifier that can be used in matching up requests.
75		*
76		* @return string
77		*/
78	7	public function getIdentifier()
79		{
80	7	return 'implicit';
81		}
82
83		/**
84		* Respond to an incoming request.
85		*
86		* @param ServerRequestInterface $request
87		* @param ResponseTypeInterface $responseType
88		* @param DateInterval $accessTokenTTL
89		*
90		* @return ResponseTypeInterface
91		*/
92	1	public function respondToAccessTokenRequest(
93		ServerRequestInterface $request,
94		ResponseTypeInterface $responseType,
95		DateInterval $accessTokenTTL
96		) {
97	1	throw new LogicException('This grant does not used this method');
98		}
99
100		/**
101		* {@inheritdoc}
102		*/
103	1	public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
104		{
105		return (
106	1	isset($request->getQueryParams()['response_type'])
107	1	&& $request->getQueryParams()['response_type'] === 'token'
108	1	&& isset($request->getQueryParams()['client_id'])
109		);
110		}
111
112		/**
113		* {@inheritdoc}
114		*/
115	6	public function validateAuthorizationRequest(ServerRequestInterface $request)
116		{
117	6	$clientId = $this->getQueryStringParameter(
118	6	'client_id',
119		$request,
120	6	$this->getServerParameter('PHP_AUTH_USER', $request)
121		);
122
123	6	if (\is_null($clientId)) {
124	1	throw OAuthServerException::invalidRequest('client_id');
125		}
126
127	5	$client = $this->getClientEntityOrFail($clientId, $request);
128
129	4	$redirectUri = $this->getQueryStringParameter('redirect_uri', $request);
130
131	4	if ($redirectUri !== null) {
132	4	$this->validateRedirectUri($redirectUri, $client, $request);
133		} elseif (\is_array($client->getRedirectUri()) && \count($client->getRedirectUri()) !== 1
		0 ignored issues – show introduced 2019-11-29 22:44 UTC by Report Bug Copy Issue Report Consider adding parentheses for clarity. Current Interpretation: `(is_array($client->getRe...ient->getRedirectUri())`, Probably Intended Meaning: `is_array($client->getRed...ent->getRedirectUri()))` Loading history...
134		\|\| empty($client->getRedirectUri())) {
135		$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
136		throw OAuthServerException::invalidClient($request);
137		} else {
138		$redirectUri = \is_array($client->getRedirectUri())
139		? $client->getRedirectUri()[0]
140		: $client->getRedirectUri();
141		}
142
143	2	$scopes = $this->validateScopes(
144	2	$this->getQueryStringParameter('scope', $request, $this->defaultScope),
145		$redirectUri
146		);
147
148	2	$stateParameter = $this->getQueryStringParameter('state', $request);
149
150	2	$authorizationRequest = new AuthorizationRequest();
151	2	$authorizationRequest->setGrantTypeId($this->getIdentifier());
152	2	$authorizationRequest->setClient($client);
153	2	$authorizationRequest->setRedirectUri($redirectUri);
154
155	2	if ($stateParameter !== null) {
156		$authorizationRequest->setState($stateParameter);
157		}
158
159	2	$authorizationRequest->setScopes($scopes);
160
161	2	return $authorizationRequest;
162		}
163
164		/**
165		* {@inheritdoc}
166		*/
167	6	public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
168		{
169	6	if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
170	1	throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
171		}
172
173	5	$finalRedirectUri = ($authorizationRequest->getRedirectUri() === null)
174	5	? \is_array($authorizationRequest->getClient()->getRedirectUri())
175		? $authorizationRequest->getClient()->getRedirectUri()[0]
176	5	: $authorizationRequest->getClient()->getRedirectUri()
177	5	: $authorizationRequest->getRedirectUri();
178
179		// The user approved the client, redirect them back with an access token
180	5	if ($authorizationRequest->isAuthorizationApproved() === true) {
181		// Finalize the requested scopes
182	4	$finalizedScopes = $this->scopeRepository->finalizeScopes(
183	4	$authorizationRequest->getScopes(),
184	4	$this->getIdentifier(),
185	4	$authorizationRequest->getClient(),
186	4	$authorizationRequest->getUser()->getIdentifier()
187		);
188
189	4	$privateClaims = [];
190	4	if ($this->claimRepository) {
191	1	$privateClaims = $this->claimRepository->getClaims(
192	1	$this->getIdentifier(),
193	1	$authorizationRequest->getClient(),
194	1	$authorizationRequest->getUser()->getIdentifier()
195		);
196		}
197
198	4	$accessToken = $this->issueAccessToken(
199	4	$this->accessTokenTTL,
200	4	$authorizationRequest->getClient(),
201	4	$authorizationRequest->getUser()->getIdentifier(),
202		$finalizedScopes,
203		$privateClaims
204		);
205
206	2	$response = new RedirectResponse();
207	2	$response->setRedirectUri(
208	2	$this->makeRedirectUri(
209	2	$finalRedirectUri,
210		[
211	2	'access_token' => (string) $accessToken,
212	2	'token_type' => 'Bearer',
213	2	'expires_in' => $accessToken->getExpiryDateTime()->getTimestamp() - \time(),
214	2	'state' => $authorizationRequest->getState(),
215		],
216	2	$this->queryDelimiter
217		)
218		);
219
220	2	return $response;
221		}
222
223		// The user denied the client, redirect them back with an error
224	1	throw OAuthServerException::accessDenied(
225	1	'The user denied the request',
226	1	$this->makeRedirectUri(
227	1	$finalRedirectUri,
228		[
229	1	'state' => $authorizationRequest->getState(),
230		]
231		)
232		);
233		}
234		}
235

thephpleague / oauth2-server

Pull Request — master (#1122)

ImplicitGrant::setRefreshTokenTTL() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like