RefreshTokenGrant - Code Metrics - Inspection of "PasswordGrant.php, Fixing invalid credentials Exce..." - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#1102)

unknown

created 2020-04-01 15:39 UTC

RefreshTokenGrant A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	102
Duplicated Lines	0 %

Test Coverage

Coverage

Importance

Changes	3
Bugs	0	Features	0

Metric	Value
eloc	39
dl	0
loc	102
ccs	0
cts	61
cp	0
rs	10
c	3
b	0
f	0
wmc	12

4 Methods

Rating	Name	Size	Complexity
A	getIdentifier()	3	1
A	respondToAccessTokenRequest()	40	4
A	__construct()	5	1
A	validateOldRefreshToken()	29	6

<?php
/**
 * OAuth 2.0 Refresh token grant.
 *
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server\Grant;

use DateInterval;
use Exception;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ServerRequestInterface;

/**
 * Refresh token grant.
 */
class RefreshTokenGrant extends AbstractGrant
{
    /**
     * @param RefreshTokenRepositoryInterface $refreshTokenRepository
     */
    public function __construct(RefreshTokenRepositoryInterface $refreshTokenRepository)
    {
        $this->setRefreshTokenRepository($refreshTokenRepository);

        $this->refreshTokenTTL = new DateInterval('P1M');
    }

    /**
     * {@inheritdoc}
     */
    public function respondToAccessTokenRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
        DateInterval $accessTokenTTL
    ) {
        // Validate request
        $client = $this->validateClient($request);
        $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
        $scopes = $this->validateScopes($this->getRequestParameter(
            'scope',
            $request,
            \implode(self::SCOPE_DELIMITER_STRING, $oldRefreshToken['scopes']))
        );

        // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
        // the request doesn't include any new scopes
        foreach ($scopes as $scope) {
            if (\in_array($scope->getIdentifier(), $oldRefreshToken['scopes'], true) === false) {
                throw OAuthServerException::invalidScope($scope->getIdentifier());
            }
        }

        // Expire old tokens
        $this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
        $this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);

        // Issue and persist new access token
        $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $oldRefreshToken['user_id'], $scopes);
        $this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
        $responseType->setAccessToken($accessToken);

        // Issue and persist new refresh token if given
        $refreshToken = $this->issueRefreshToken($accessToken);

        if ($refreshToken !== null) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request));
            $responseType->setRefreshToken($refreshToken);
        }

        return $responseType;
    }

    /**
     * @param ServerRequestInterface $request
     * @param string                 $clientId
     *
     * @throws OAuthServerException
     *
     * @return array
     */
    protected function validateOldRefreshToken(ServerRequestInterface $request, $clientId)
    {
        $encryptedRefreshToken = $this->getRequestParameter('refresh_token', $request);
        if (\is_null($encryptedRefreshToken)) {
            throw OAuthServerException::invalidRequest('refresh_token');
        }

        // Validate refresh token
        try {
            $refreshToken = $this->decrypt($encryptedRefreshToken);
        } catch (Exception $e) {
            throw OAuthServerException::invalidRefreshToken('Cannot decrypt the refresh token', $e);
        }

        $refreshTokenData = \json_decode($refreshToken, true);
        if ($refreshTokenData['client_id'] !== $clientId) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_CLIENT_FAILED, $request));
            throw OAuthServerException::invalidRefreshToken('Token is not linked to client');
        }

        if ($refreshTokenData['expire_time'] < \time()) {
            throw OAuthServerException::invalidRefreshToken('Token has expired');
        }

        if ($this->refreshTokenRepository->isRefreshTokenRevoked($refreshTokenData['refresh_token_id']) === true) {
            throw OAuthServerException::invalidRefreshToken('Token has been revoked');
        }

        return $refreshTokenData;
    }

    /**
     * {@inheritdoc}
     */
    public function getIdentifier()
    {
        return 'refresh_token';
    }
}


1			<?php
2			/**
3			* OAuth 2.0 Refresh token grant.
4			*
5			* @author Alex Bilbie <[email protected]>
6			* @copyright Copyright (c) Alex Bilbie
7			* @license http://mit-license.org/
8			*
9			* @link https://github.com/thephpleague/oauth2-server
10			*/
11
12			namespace League\OAuth2\Server\Grant;
13
14			use DateInterval;
15			use Exception;
16			use League\OAuth2\Server\Exception\OAuthServerException;
17			use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
18			use League\OAuth2\Server\RequestEvent;
19			use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
20			use Psr\Http\Message\ServerRequestInterface;
21
22			/**
23			* Refresh token grant.
24			*/
25			class RefreshTokenGrant extends AbstractGrant
26			{
27			/**
28			* @param RefreshTokenRepositoryInterface $refreshTokenRepository
29			*/
30			public function __construct(RefreshTokenRepositoryInterface $refreshTokenRepository)
31			{
32			$this->setRefreshTokenRepository($refreshTokenRepository);
33
34			$this->refreshTokenTTL = new DateInterval('P1M');
35			}
36
37			/**
38			* {@inheritdoc}
39			*/
40			public function respondToAccessTokenRequest(
41			ServerRequestInterface $request,
42			ResponseTypeInterface $responseType,
43			DateInterval $accessTokenTTL
44			) {
45			// Validate request
46			$client = $this->validateClient($request);
47			$oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
48			$scopes = $this->validateScopes($this->getRequestParameter(
49			'scope',
50			$request,
51			\implode(self::SCOPE_DELIMITER_STRING, $oldRefreshToken['scopes']))
52			);
53
54			// The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
55			// the request doesn't include any new scopes
56			foreach ($scopes as $scope) {
57			if (\in_array($scope->getIdentifier(), $oldRefreshToken['scopes'], true) === false) {
58			throw OAuthServerException::invalidScope($scope->getIdentifier());
59			}
60			}
61
62			// Expire old tokens
63			$this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
64			$this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);
65
66			// Issue and persist new access token
67			$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $oldRefreshToken['user_id'], $scopes);
68			$this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
69			$responseType->setAccessToken($accessToken);
70
71			// Issue and persist new refresh token if given
72			$refreshToken = $this->issueRefreshToken($accessToken);
73
74			if ($refreshToken !== null) {
75			$this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request));
76			$responseType->setRefreshToken($refreshToken);
77			}
78
79			return $responseType;
80			}
81
82			/**
83			* @param ServerRequestInterface $request
84			* @param string $clientId
85			*
86			* @throws OAuthServerException
87			*
88			* @return array
89			*/
90			protected function validateOldRefreshToken(ServerRequestInterface $request, $clientId)
91			{
92			$encryptedRefreshToken = $this->getRequestParameter('refresh_token', $request);
93			if (\is_null($encryptedRefreshToken)) {
94			throw OAuthServerException::invalidRequest('refresh_token');
95			}
96
97			// Validate refresh token
98			try {
99			$refreshToken = $this->decrypt($encryptedRefreshToken);
100			} catch (Exception $e) {
101			throw OAuthServerException::invalidRefreshToken('Cannot decrypt the refresh token', $e);
102			}
103
104			$refreshTokenData = \json_decode($refreshToken, true);
105			if ($refreshTokenData['client_id'] !== $clientId) {
106			$this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_CLIENT_FAILED, $request));
107			throw OAuthServerException::invalidRefreshToken('Token is not linked to client');
108			}
109
110			if ($refreshTokenData['expire_time'] < \time()) {
111			throw OAuthServerException::invalidRefreshToken('Token has expired');
112			}
113
114			if ($this->refreshTokenRepository->isRefreshTokenRevoked($refreshTokenData['refresh_token_id']) === true) {
115			throw OAuthServerException::invalidRefreshToken('Token has been revoked');
116			}
117
118			return $refreshTokenData;
119			}
120
121			/**
122			* {@inheritdoc}
123			*/
124			public function getIdentifier()
125			{
126			return 'refresh_token';
127			}
128			}
129

thephpleague / oauth2-server

Pull Request — master (#1102)

RefreshTokenGrant A

Complexity

Size/Duplication

Test Coverage

Importance

4 Methods

Duplication Side-by-Side

Filter issues like