AbstractGrant - Code Metrics - Inspection of "Added a check for unique access token constraint v..." - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#601)

unknown

created 2016-06-17 09:13 UTC

AbstractGrant C

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	403
Duplicated Lines	0 %

Coupling/Cohesion

Components	3
Dependencies	16

Importance

Changes	17
Bugs	9	Features	3

Metric	Value
wmc	43
c	17
b	9
f	3
lcom	3
cbo	16
dl	0
loc	403
rs	6.9799

21 Methods

Rating	Name	Size	Complexity
A	setClientRepository()	4	1
A	setAccessTokenRepository()	4	1
A	setScopeRepository()	4	1
A	setRefreshTokenRepository()	4	1
A	setAuthCodeRepository()	4	1
A	setUserRepository()	4	1
A	setRefreshTokenTTL()	4	1
C	validateClient()	50	8
B	validateScopes()	24	3
A	getRequestParameter()	6	2
A	getQueryStringParameter()	4	2
A	getCookieParameter()	4	2
A	getServerParameter()	4	2
A	issueAuthCode()	22	2
A	issueRefreshToken()	11	1
A	generateUniqueIdentifier()	15	4
A	canRespondToAccessTokenRequest()	9	2
A	canRespondToAuthorizationRequest()	4	1
A	validateAuthorizationRequest()	4	1
A	completeAuthorizationRequest()	4	1
B	issueAccessToken()	29	5

How to fix Complexity

<?php
/**
 * OAuth 2.0 Abstract grant.
 *
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */
namespace League\OAuth2\Server\Grant;

use League\Event\EmitterAwareTrait;
use League\OAuth2\Server\CryptTrait;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\ScopeEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Exception\UniqueAccessTokenIdentifierConstraintViolationException;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\Repositories\UserRepositoryInterface;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use Psr\Http\Message\ServerRequestInterface;

/**
 * Abstract grant class.
 */
abstract class AbstractGrant implements GrantTypeInterface
{
    use EmitterAwareTrait, CryptTrait;

    const SCOPE_DELIMITER_STRING = ' ';

    /**
     * @var ClientRepositoryInterface
     */
    protected $clientRepository;

    /**
     * @var AccessTokenRepositoryInterface
     */
    protected $accessTokenRepository;

    /**
     * @var ScopeRepositoryInterface
     */
    protected $scopeRepository;

    /**
     * @var \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface
     */
    protected $authCodeRepository;

    /**
     * @var \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface
     */
    protected $refreshTokenRepository;

    /**
     * @var \League\OAuth2\Server\Repositories\UserRepositoryInterface
     */
    protected $userRepository;

    /**
     * @var \DateInterval
     */
    protected $refreshTokenTTL;

    /**
     * @param ClientRepositoryInterface $clientRepository
     */
    public function setClientRepository(ClientRepositoryInterface $clientRepository)
    {
        $this->clientRepository = $clientRepository;
    }

    /**
     * @param AccessTokenRepositoryInterface $accessTokenRepository
     */
    public function setAccessTokenRepository(AccessTokenRepositoryInterface $accessTokenRepository)
    {
        $this->accessTokenRepository = $accessTokenRepository;
    }

    /**
     * @param ScopeRepositoryInterface $scopeRepository
     */
    public function setScopeRepository(ScopeRepositoryInterface $scopeRepository)
    {
        $this->scopeRepository = $scopeRepository;
    }

    /**
     * @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
     */
    public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
    {
        $this->refreshTokenRepository = $refreshTokenRepository;
    }

    /**
     * @param \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface $authCodeRepository
     */
    public function setAuthCodeRepository(AuthCodeRepositoryInterface $authCodeRepository)
    {
        $this->authCodeRepository = $authCodeRepository;
    }

    /**
     * @param \League\OAuth2\Server\Repositories\UserRepositoryInterface $userRepository
     */
    public function setUserRepository(UserRepositoryInterface $userRepository)
    {
        $this->userRepository = $userRepository;
    }

    /**
     * {@inheritdoc}
     */
    public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL)
    {
        $this->refreshTokenTTL = $refreshTokenTTL;
    }

    /**
     * Validate the client.
     *
     * @param \Psr\Http\Message\ServerRequestInterface $request
     *
     * @throws \League\OAuth2\Server\Exception\OAuthServerException
     *
     * @return \League\OAuth2\Server\Entities\ClientEntityInterface
     */
    protected function validateClient(ServerRequestInterface $request)
    {
        $clientId = $this->getRequestParameter(
            'client_id',
            $request,
            $this->getServerParameter('PHP_AUTH_USER', $request)
        );
        if (is_null($clientId)) {
            throw OAuthServerException::invalidRequest('client_id');
        }

        // If the client is confidential require the client secret
        $clientSecret = $this->getRequestParameter(
            'client_secret',
            $request,
            $this->getServerParameter('PHP_AUTH_PW', $request)
        );

        $client = $this->clientRepository->getClientEntity(
            $clientId,
            $this->getIdentifier(),
            $clientSecret,
            true
        );

        if (!$client instanceof ClientEntityInterface) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
            throw OAuthServerException::invalidClient();
        }

        // If a redirect URI is provided ensure it matches what is pre-registered
        $redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
        if ($redirectUri !== null) {
            if (
                is_string($client->getRedirectUri())
                && (strcmp($client->getRedirectUri(), $redirectUri) !== 0)
            ) {
                $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
                throw OAuthServerException::invalidClient();
            } elseif (
                is_array($client->getRedirectUri())
                && in_array($redirectUri, $client->getRedirectUri()) === false
            ) {
                $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
                throw OAuthServerException::invalidClient();
            }
        }

        return $client;
    }

    /**
     * Validate scopes in the request.
     *
     * @param string $scopes
     * @param string $redirectUri
     *
     * @throws \League\OAuth2\Server\Exception\OAuthServerException
     *
     * @return \League\OAuth2\Server\Entities\ScopeEntityInterface[]
     */
    public function validateScopes(
        $scopes,
        $redirectUri = null
    ) {
        $scopesList = array_filter(
            explode(self::SCOPE_DELIMITER_STRING, trim($scopes)),
            function ($scope) {
                return !empty($scope);
            }
        );

        $scopes = [];
        foreach ($scopesList as $scopeItem) {
            $scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeItem);

            if (!$scope instanceof ScopeEntityInterface) {
                throw OAuthServerException::invalidScope($scopeItem, $redirectUri);
            }

            $scopes[] = $scope;
        }

        return $scopes;
    }

    /**
     * Retrieve request parameter.
     *
     * @param string                                   $parameter
     * @param \Psr\Http\Message\ServerRequestInterface $request
     * @param mixed                                    $default
     *
     * @return null|string
     */
    protected function getRequestParameter($parameter, ServerRequestInterface $request, $default = null)
    {
        $requestParameters = (array) $request->getParsedBody();

        return isset($requestParameters[$parameter]) ? $requestParameters[$parameter] : $default;
    }

    /**
     * Retrieve query string parameter.
     *
     * @param string                                   $parameter
     * @param \Psr\Http\Message\ServerRequestInterface $request
     * @param mixed                                    $default
     *
     * @return null|string
     */
    protected function getQueryStringParameter($parameter, ServerRequestInterface $request, $default = null)
    {
        return isset($request->getQueryParams()[$parameter]) ? $request->getQueryParams()[$parameter] : $default;
    }

    /**
     * Retrieve cookie parameter.
     *
     * @param string                                   $parameter
     * @param \Psr\Http\Message\ServerRequestInterface $request
     * @param mixed                                    $default
     *
     * @return null|string
     */
    protected function getCookieParameter($parameter, ServerRequestInterface $request, $default = null)
    {
        return isset($request->getCookieParams()[$parameter]) ? $request->getCookieParams()[$parameter] : $default;
    }

    /**
     * Retrieve server parameter.
     *
     * @param string                                   $parameter
     * @param \Psr\Http\Message\ServerRequestInterface $request
     * @param mixed                                    $default
     *
     * @return null|string
     */
    protected function getServerParameter($parameter, ServerRequestInterface $request, $default = null)
    {
        return isset($request->getServerParams()[$parameter]) ? $request->getServerParams()[$parameter] : $default;
    }

    /**
     * Issue an access token.
     *
     * @param \DateInterval                                         $accessTokenTTL
     * @param \League\OAuth2\Server\Entities\ClientEntityInterface  $client
     * @param string                                                $userIdentifier
     * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
     *
     * @return \League\OAuth2\Server\Entities\AccessTokenEntityInterface
     */
    protected function issueAccessToken(
        \DateInterval $accessTokenTTL,
        ClientEntityInterface $client,
        $userIdentifier,
        array $scopes = []
    ) {
        $maxGenerationAttempts = 10;

        $accessToken = $this->accessTokenRepository->getNewToken($client, $scopes, $userIdentifier);
        $accessToken->setClient($client);
        $accessToken->setUserIdentifier($userIdentifier);
        $accessToken->setExpiryDateTime((new \DateTime())->add($accessTokenTTL));

        foreach ($scopes as $scope) {
            $accessToken->addScope($scope);
        }

        while ($maxGenerationAttempts-- > 0) {
            $accessToken->setIdentifier($this->generateUniqueIdentifier());
            try {
                $this->accessTokenRepository->persistNewAccessToken($accessToken);
                return $accessToken;
            } catch (UniqueAccessTokenIdentifierConstraintViolationException $e) {
                if ($maxGenerationAttempts === 0) {
                    throw $e;
                }
            }
        }
    }

    /**
     * Issue an auth code.
     *
     * @param \DateInterval                                         $authCodeTTL
     * @param \League\OAuth2\Server\Entities\ClientEntityInterface  $client
     * @param string                                                $userIdentifier
     * @param string                                                $redirectUri
     * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
     *
     * @return \League\OAuth2\Server\Entities\AuthCodeEntityInterface
     */
    protected function issueAuthCode(
        \DateInterval $authCodeTTL,
        ClientEntityInterface $client,
        $userIdentifier,
        $redirectUri,
        array $scopes = []
    ) {
        $authCode = $this->authCodeRepository->getNewAuthCode();
        $authCode->setIdentifier($this->generateUniqueIdentifier());
        $authCode->setExpiryDateTime((new \DateTime())->add($authCodeTTL));
        $authCode->setClient($client);
        $authCode->setUserIdentifier($userIdentifier);
        $authCode->setRedirectUri($redirectUri);

        foreach ($scopes as $scope) {
            $authCode->addScope($scope);
        }

        $this->authCodeRepository->persistNewAuthCode($authCode);

        return $authCode;
    }

    /**
     * @param \League\OAuth2\Server\Entities\AccessTokenEntityInterface $accessToken
     *
     * @return \League\OAuth2\Server\Entities\RefreshTokenEntityInterface
     */
    protected function issueRefreshToken(AccessTokenEntityInterface $accessToken)
    {
        $refreshToken = $this->refreshTokenRepository->getNewRefreshToken();
        $refreshToken->setIdentifier($this->generateUniqueIdentifier());
        $refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL));
        $refreshToken->setAccessToken($accessToken);

        $this->refreshTokenRepository->persistNewRefreshToken($refreshToken);

        return $refreshToken;
    }

    /**
     * Generate a new unique identifier.
     *
     * @param int $length
     *
     * @throws \League\OAuth2\Server\Exception\OAuthServerException
     *
     * @return string
     */
    protected function generateUniqueIdentifier($length = 40)
    {
        try {
            return bin2hex(random_bytes($length));
            // @codeCoverageIgnoreStart
        } catch (\TypeError $e) {
            throw OAuthServerException::serverError('An unexpected error has occurred');
        } catch (\Error $e) {
            throw OAuthServerException::serverError('An unexpected error has occurred');
        } catch (\Exception $e) {
            // If you get this message, the CSPRNG failed hard.
            throw OAuthServerException::serverError('Could not generate a random string');
        }
        // @codeCoverageIgnoreEnd
    }

    /**
     * {@inheritdoc}
     */
    public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
    {
        $requestParameters = (array) $request->getParsedBody();

        return (
            array_key_exists('grant_type', $requestParameters)
            && $requestParameters['grant_type'] === $this->getIdentifier()
        );
    }

    /**
     * {@inheritdoc}
     */
    public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
    {
        return false;
    }

    /**
     * {@inheritdoc}
     */
    public function validateAuthorizationRequest(ServerRequestInterface $request)
    {
        throw new \LogicException('This grant cannot validate an authorization request');
    }

    /**
     * {@inheritdoc}
     */
    public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
    {
        throw new \LogicException('This grant cannot complete an authorization request');
    }
}


1			<?php
2			/**
3			* OAuth 2.0 Abstract grant.
4			*
5			* @author Alex Bilbie <[email protected]>
6			* @copyright Copyright (c) Alex Bilbie
7			* @license http://mit-license.org/
8			*
9			* @link https://github.com/thephpleague/oauth2-server
10			*/
11			namespace League\OAuth2\Server\Grant;
12
13			use League\Event\EmitterAwareTrait;
14			use League\OAuth2\Server\CryptTrait;
15			use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
16			use League\OAuth2\Server\Entities\ClientEntityInterface;
17			use League\OAuth2\Server\Entities\ScopeEntityInterface;
18			use League\OAuth2\Server\Exception\OAuthServerException;
19			use League\OAuth2\Server\Exception\UniqueAccessTokenIdentifierConstraintViolationException;
20			use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
21			use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
22			use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
23			use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
24			use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
25			use League\OAuth2\Server\Repositories\UserRepositoryInterface;
26			use League\OAuth2\Server\RequestEvent;
27			use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
28			use Psr\Http\Message\ServerRequestInterface;
29
30			/**
31			* Abstract grant class.
32			*/
33			abstract class AbstractGrant implements GrantTypeInterface
34			{
35			use EmitterAwareTrait, CryptTrait;
36
37			const SCOPE_DELIMITER_STRING = ' ';
38
39			/**
40			* @var ClientRepositoryInterface
41			*/
42			protected $clientRepository;
43
44			/**
45			* @var AccessTokenRepositoryInterface
46			*/
47			protected $accessTokenRepository;
48
49			/**
50			* @var ScopeRepositoryInterface
51			*/
52			protected $scopeRepository;
53
54			/**
55			* @var \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface
56			*/
57			protected $authCodeRepository;
58
59			/**
60			* @var \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface
61			*/
62			protected $refreshTokenRepository;
63
64			/**
65			* @var \League\OAuth2\Server\Repositories\UserRepositoryInterface
66			*/
67			protected $userRepository;
68
69			/**
70			* @var \DateInterval
71			*/
72			protected $refreshTokenTTL;
73
74			/**
75			* @param ClientRepositoryInterface $clientRepository
76			*/
77			public function setClientRepository(ClientRepositoryInterface $clientRepository)
78			{
79			$this->clientRepository = $clientRepository;
80			}
81
82			/**
83			* @param AccessTokenRepositoryInterface $accessTokenRepository
84			*/
85			public function setAccessTokenRepository(AccessTokenRepositoryInterface $accessTokenRepository)
86			{
87			$this->accessTokenRepository = $accessTokenRepository;
88			}
89
90			/**
91			* @param ScopeRepositoryInterface $scopeRepository
92			*/
93			public function setScopeRepository(ScopeRepositoryInterface $scopeRepository)
94			{
95			$this->scopeRepository = $scopeRepository;
96			}
97
98			/**
99			* @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
100			*/
101			public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
102			{
103			$this->refreshTokenRepository = $refreshTokenRepository;
104			}
105
106			/**
107			* @param \League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface $authCodeRepository
108			*/
109			public function setAuthCodeRepository(AuthCodeRepositoryInterface $authCodeRepository)
110			{
111			$this->authCodeRepository = $authCodeRepository;
112			}
113
114			/**
115			* @param \League\OAuth2\Server\Repositories\UserRepositoryInterface $userRepository
116			*/
117			public function setUserRepository(UserRepositoryInterface $userRepository)
118			{
119			$this->userRepository = $userRepository;
120			}
121
122			/**
123			* {@inheritdoc}
124			*/
125			public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL)
126			{
127			$this->refreshTokenTTL = $refreshTokenTTL;
128			}
129
130			/**
131			* Validate the client.
132			*
133			* @param \Psr\Http\Message\ServerRequestInterface $request
134			*
135			* @throws \League\OAuth2\Server\Exception\OAuthServerException
136			*
137			* @return \League\OAuth2\Server\Entities\ClientEntityInterface
138			*/
139			protected function validateClient(ServerRequestInterface $request)
140			{
141			$clientId = $this->getRequestParameter(
142			'client_id',
143			$request,
144			$this->getServerParameter('PHP_AUTH_USER', $request)
145			);
146			if (is_null($clientId)) {
147			throw OAuthServerException::invalidRequest('client_id');
148			}
149
150			// If the client is confidential require the client secret
151			$clientSecret = $this->getRequestParameter(
152			'client_secret',
153			$request,
154			$this->getServerParameter('PHP_AUTH_PW', $request)
155			);
156
157			$client = $this->clientRepository->getClientEntity(
158			$clientId,
159			$this->getIdentifier(),
160			$clientSecret,
161			true
162			);
163
164			if (!$client instanceof ClientEntityInterface) {
165			$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
166			throw OAuthServerException::invalidClient();
167			}
168
169			// If a redirect URI is provided ensure it matches what is pre-registered
170			$redirectUri = $this->getRequestParameter('redirect_uri', $request, null);
171			if ($redirectUri !== null) {
172			if (
173			is_string($client->getRedirectUri())
174			&& (strcmp($client->getRedirectUri(), $redirectUri) !== 0)
175			) {
176			$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
177			throw OAuthServerException::invalidClient();
178			} elseif (
179			is_array($client->getRedirectUri())
180			&& in_array($redirectUri, $client->getRedirectUri()) === false
181			) {
182			$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
183			throw OAuthServerException::invalidClient();
184			}
185			}
186
187			return $client;
188			}
189
190			/**
191			* Validate scopes in the request.
192			*
193			* @param string $scopes
194			* @param string $redirectUri
195			*
196			* @throws \League\OAuth2\Server\Exception\OAuthServerException
197			*
198			* @return \League\OAuth2\Server\Entities\ScopeEntityInterface[]
199			*/
200			public function validateScopes(
201			$scopes,
202			$redirectUri = null
203			) {
204			$scopesList = array_filter(
205			explode(self::SCOPE_DELIMITER_STRING, trim($scopes)),
206			function ($scope) {
207			return !empty($scope);
208			}
209			);
210
211			$scopes = [];
212			foreach ($scopesList as $scopeItem) {
213			$scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeItem);
214
215			if (!$scope instanceof ScopeEntityInterface) {
216			throw OAuthServerException::invalidScope($scopeItem, $redirectUri);
217			}
218
219			$scopes[] = $scope;
220			}
221
222			return $scopes;
223			}
224
225			/**
226			* Retrieve request parameter.
227			*
228			* @param string $parameter
229			* @param \Psr\Http\Message\ServerRequestInterface $request
230			* @param mixed $default
231			*
232			* @return null\|string
233			*/
234			protected function getRequestParameter($parameter, ServerRequestInterface $request, $default = null)
235			{
236			$requestParameters = (array) $request->getParsedBody();
237
238			return isset($requestParameters[$parameter]) ? $requestParameters[$parameter] : $default;
239			}
240
241			/**
242			* Retrieve query string parameter.
243			*
244			* @param string $parameter
245			* @param \Psr\Http\Message\ServerRequestInterface $request
246			* @param mixed $default
247			*
248			* @return null\|string
249			*/
250			protected function getQueryStringParameter($parameter, ServerRequestInterface $request, $default = null)
251			{
252			return isset($request->getQueryParams()[$parameter]) ? $request->getQueryParams()[$parameter] : $default;
253			}
254
255			/**
256			* Retrieve cookie parameter.
257			*
258			* @param string $parameter
259			* @param \Psr\Http\Message\ServerRequestInterface $request
260			* @param mixed $default
261			*
262			* @return null\|string
263			*/
264			protected function getCookieParameter($parameter, ServerRequestInterface $request, $default = null)
265			{
266			return isset($request->getCookieParams()[$parameter]) ? $request->getCookieParams()[$parameter] : $default;
267			}
268
269			/**
270			* Retrieve server parameter.
271			*
272			* @param string $parameter
273			* @param \Psr\Http\Message\ServerRequestInterface $request
274			* @param mixed $default
275			*
276			* @return null\|string
277			*/
278			protected function getServerParameter($parameter, ServerRequestInterface $request, $default = null)
279			{
280			return isset($request->getServerParams()[$parameter]) ? $request->getServerParams()[$parameter] : $default;
281			}
282
283			/**
284			* Issue an access token.
285			*
286			* @param \DateInterval $accessTokenTTL
287			* @param \League\OAuth2\Server\Entities\ClientEntityInterface $client
288			* @param string $userIdentifier
289			* @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
290			*
291			* @return \League\OAuth2\Server\Entities\AccessTokenEntityInterface
292			*/
293			protected function issueAccessToken(
294			\DateInterval $accessTokenTTL,
295			ClientEntityInterface $client,
296			$userIdentifier,
297			array $scopes = []
298			) {
299			$maxGenerationAttempts = 10;
300
301			$accessToken = $this->accessTokenRepository->getNewToken($client, $scopes, $userIdentifier);
302			$accessToken->setClient($client);
303			$accessToken->setUserIdentifier($userIdentifier);
304			$accessToken->setExpiryDateTime((new \DateTime())->add($accessTokenTTL));
305
306			foreach ($scopes as $scope) {
307			$accessToken->addScope($scope);
308			}
309
310			while ($maxGenerationAttempts-- > 0) {
311			$accessToken->setIdentifier($this->generateUniqueIdentifier());
312			try {
313			$this->accessTokenRepository->persistNewAccessToken($accessToken);
314			return $accessToken;
315			} catch (UniqueAccessTokenIdentifierConstraintViolationException $e) {
316			if ($maxGenerationAttempts === 0) {
317			throw $e;
318			}
319			}
320			}
321			}
322
323			/**
324			* Issue an auth code.
325			*
326			* @param \DateInterval $authCodeTTL
327			* @param \League\OAuth2\Server\Entities\ClientEntityInterface $client
328			* @param string $userIdentifier
329			* @param string $redirectUri
330			* @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
331			*
332			* @return \League\OAuth2\Server\Entities\AuthCodeEntityInterface
333			*/
334			protected function issueAuthCode(
335			\DateInterval $authCodeTTL,
336			ClientEntityInterface $client,
337			$userIdentifier,
338			$redirectUri,
339			array $scopes = []
340			) {
341			$authCode = $this->authCodeRepository->getNewAuthCode();
342			$authCode->setIdentifier($this->generateUniqueIdentifier());
343			$authCode->setExpiryDateTime((new \DateTime())->add($authCodeTTL));
344			$authCode->setClient($client);
345			$authCode->setUserIdentifier($userIdentifier);
346			$authCode->setRedirectUri($redirectUri);
347
348			foreach ($scopes as $scope) {
349			$authCode->addScope($scope);
350			}
351
352			$this->authCodeRepository->persistNewAuthCode($authCode);
353
354			return $authCode;
355			}
356
357			/**
358			* @param \League\OAuth2\Server\Entities\AccessTokenEntityInterface $accessToken
359			*
360			* @return \League\OAuth2\Server\Entities\RefreshTokenEntityInterface
361			*/
362			protected function issueRefreshToken(AccessTokenEntityInterface $accessToken)
363			{
364			$refreshToken = $this->refreshTokenRepository->getNewRefreshToken();
365			$refreshToken->setIdentifier($this->generateUniqueIdentifier());
366			$refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL));
367			$refreshToken->setAccessToken($accessToken);
368
369			$this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
370
371			return $refreshToken;
372			}
373
374			/**
375			* Generate a new unique identifier.
376			*
377			* @param int $length
378			*
379			* @throws \League\OAuth2\Server\Exception\OAuthServerException
380			*
381			* @return string
382			*/
383			protected function generateUniqueIdentifier($length = 40)
384			{
385			try {
386			return bin2hex(random_bytes($length));
387			// @codeCoverageIgnoreStart
388			} catch (\TypeError $e) {
389			throw OAuthServerException::serverError('An unexpected error has occurred');
390			} catch (\Error $e) {
391			throw OAuthServerException::serverError('An unexpected error has occurred');
392			} catch (\Exception $e) {
393			// If you get this message, the CSPRNG failed hard.
394			throw OAuthServerException::serverError('Could not generate a random string');
395			}
396			// @codeCoverageIgnoreEnd
397			}
398
399			/**
400			* {@inheritdoc}
401			*/
402			public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
403			{
404			$requestParameters = (array) $request->getParsedBody();
405
406			return (
407			array_key_exists('grant_type', $requestParameters)
408			&& $requestParameters['grant_type'] === $this->getIdentifier()
409			);
410			}
411
412			/**
413			* {@inheritdoc}
414			*/
415			public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
416			{
417			return false;
418			}
419
420			/**
421			* {@inheritdoc}
422			*/
423			public function validateAuthorizationRequest(ServerRequestInterface $request)
424			{
425			throw new \LogicException('This grant cannot validate an authorization request');
426			}
427
428			/**
429			* {@inheritdoc}
430			*/
431			public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
432			{
433			throw new \LogicException('This grant cannot complete an authorization request');
434			}
435			}
436

thephpleague / oauth2-server

Pull Request — master (#601)

AbstractGrant C

Complexity

Size/Duplication

Coupling/Cohesion

Importance

21 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like