ImplicitGrant - Code Metrics - Inspection of "Split convertToJWT method in AccessTokenTrait to s..." - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#997)

by TEst

created 2019-02-18 06:27 UTC

ImplicitGrant A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	212
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	8

Test Coverage

Coverage

89.89%

Importance

Changes

Metric	Value
wmc	23
lcom	1
cbo	8
dl	0
loc	212
ccs	80
cts	89
cp	0.8989
rs	10
c	0
b	0
f	0

9 Methods

Rating	Name	Size	Complexity
A	__construct()	5	1
A	setRefreshTokenTTL()	4	1
A	setRefreshTokenRepository()	4	1
A	canRespondToAccessTokenRequest()	4	1
A	getIdentifier()	4	1
A	respondToAccessTokenRequest()	7	1
A	canRespondToAuthorizationRequest()	8	3
B	validateAuthorizationRequest()	58	9
B	completeAuthorizationRequest()	57	5

<?php
/**
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

namespace League\OAuth2\Server\Grant;

use DateInterval;
use DateTime;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use League\OAuth2\Server\ResponseTypes\RedirectResponse;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use LogicException;
use Psr\Http\Message\ServerRequestInterface;

class ImplicitGrant extends AbstractAuthorizeGrant
{
    /**
     * @var DateInterval
     */
    private $accessTokenTTL;

    /**
     * @var string
     */
    private $queryDelimiter;

    /**
     * @param DateInterval $accessTokenTTL
     * @param string       $queryDelimiter
     */
    public function __construct(DateInterval $accessTokenTTL, $queryDelimiter = '#')
    {
        $this->accessTokenTTL = $accessTokenTTL;
        $this->queryDelimiter = $queryDelimiter;
    }

    /**
     * @param DateInterval $refreshTokenTTL
     *
     * @throw LogicException
     */
    public function setRefreshTokenTTL(DateInterval $refreshTokenTTL)
    {
        throw new LogicException('The Implicit Grant does not return refresh tokens');
    }

    /**
     * @param RefreshTokenRepositoryInterface $refreshTokenRepository
     *
     * @throw LogicException
     */
    public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
    {
        throw new LogicException('The Implicit Grant does not return refresh tokens');
    }

    /**
     * {@inheritdoc}
     */
    public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
    {
        return false;
    }

    /**
     * Return the grant identifier that can be used in matching up requests.
     *
     * @return string
     */
    public function getIdentifier()
    {
        return 'implicit';
    }

    /**
     * Respond to an incoming request.
     *
     * @param ServerRequestInterface $request
     * @param ResponseTypeInterface  $responseType
     * @param DateInterval           $accessTokenTTL
     *
     * @return ResponseTypeInterface
     */
    public function respondToAccessTokenRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
        DateInterval $accessTokenTTL
    ) {
        throw new LogicException('This grant does not used this method');
    }

    /**
     * {@inheritdoc}
     */
    public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
    {
        return (
            isset($request->getQueryParams()['response_type'])
            && $request->getQueryParams()['response_type'] === 'token'
            && isset($request->getQueryParams()['client_id'])
        );
    }

    /**
     * {@inheritdoc}
     */
    public function validateAuthorizationRequest(ServerRequestInterface $request)
    {
        $clientId = $this->getQueryStringParameter(
            'client_id',
            $request,
            $this->getServerParameter('PHP_AUTH_USER', $request)
        );

        if (is_null($clientId)) {
            throw OAuthServerException::invalidRequest('client_id');
        }

        $client = $this->clientRepository->getClientEntity(
            $clientId,
            $this->getIdentifier(),
            null,
            false
        );

        if ($client instanceof ClientEntityInterface === false) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
            throw OAuthServerException::invalidClient();
        }

        $redirectUri = $this->getQueryStringParameter('redirect_uri', $request);

        if ($redirectUri !== null) {
            $this->validateRedirectUri($redirectUri, $client, $request);
        } elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1
            || empty($client->getRedirectUri())) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
            throw OAuthServerException::invalidClient();
        } else {
            $redirectUri = is_array($client->getRedirectUri())
                ? $client->getRedirectUri()[0]
                : $client->getRedirectUri();
        }

        $scopes = $this->validateScopes(
            $this->getQueryStringParameter('scope', $request, $this->defaultScope),
            $redirectUri
        );

        $stateParameter = $this->getQueryStringParameter('state', $request);

        $authorizationRequest = new AuthorizationRequest();
        $authorizationRequest->setGrantTypeId($this->getIdentifier());
        $authorizationRequest->setClient($client);
        $authorizationRequest->setRedirectUri($redirectUri);

        if ($stateParameter !== null) {
            $authorizationRequest->setState($stateParameter);
        }

        $authorizationRequest->setScopes($scopes);

        return $authorizationRequest;
    }

    /**
     * {@inheritdoc}
     */
    public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
    {
        if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
            throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
        }

        $finalRedirectUri = ($authorizationRequest->getRedirectUri() === null)
            ? is_array($authorizationRequest->getClient()->getRedirectUri())
                ? $authorizationRequest->getClient()->getRedirectUri()[0]
                : $authorizationRequest->getClient()->getRedirectUri()
            : $authorizationRequest->getRedirectUri();

        // The user approved the client, redirect them back with an access token
        if ($authorizationRequest->isAuthorizationApproved() === true) {
            // Finalize the requested scopes
            $finalizedScopes = $this->scopeRepository->finalizeScopes(
                $authorizationRequest->getScopes(),
                $this->getIdentifier(),
                $authorizationRequest->getClient(),
                $authorizationRequest->getUser()->getIdentifier()
            );

            $accessToken = $this->issueAccessToken(
                $this->accessTokenTTL,
                $authorizationRequest->getClient(),
                $authorizationRequest->getUser()->getIdentifier(),
                $finalizedScopes
            );

            $response = new RedirectResponse();
            $response->setRedirectUri(
                $this->makeRedirectUri(
                    $finalRedirectUri,
                    [
                        'access_token' => (string) $accessToken->convertToJWT($this->privateKey),
                        'token_type'   => 'Bearer',
                        'expires_in'   => $accessToken->getExpiryDateTime()->getTimestamp() - (new DateTime())->getTimestamp(),
                        'state'        => $authorizationRequest->getState(),
                    ],
                    $this->queryDelimiter
                )
            );

            return $response;
        }

        // The user denied the client, redirect them back with an error
        throw OAuthServerException::accessDenied(
            'The user denied the request',
            $this->makeRedirectUri(
                $finalRedirectUri,
                [
                    'state' => $authorizationRequest->getState(),
                ]
            )
        );
    }
}


1		<?php
2		/**
3		* @author Alex Bilbie <[email protected]>
4		* @copyright Copyright (c) Alex Bilbie
5		* @license http://mit-license.org/
6		*
7		* @link https://github.com/thephpleague/oauth2-server
8		*/
9
10		namespace League\OAuth2\Server\Grant;
11
12		use DateInterval;
13		use DateTime;
14		use League\OAuth2\Server\Entities\ClientEntityInterface;
15		use League\OAuth2\Server\Entities\UserEntityInterface;
16		use League\OAuth2\Server\Exception\OAuthServerException;
17		use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
18		use League\OAuth2\Server\RequestEvent;
19		use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
20		use League\OAuth2\Server\ResponseTypes\RedirectResponse;
21		use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
22		use LogicException;
23		use Psr\Http\Message\ServerRequestInterface;
24
25		class ImplicitGrant extends AbstractAuthorizeGrant
26		{
27		/**
28		* @var DateInterval
29		*/
30		private $accessTokenTTL;
31
32		/**
33		* @var string
34		*/
35		private $queryDelimiter;
36
37		/**
38		* @param DateInterval $accessTokenTTL
39		* @param string $queryDelimiter
40		*/
41	18	public function __construct(DateInterval $accessTokenTTL, $queryDelimiter = '#')
42		{
43	18	$this->accessTokenTTL = $accessTokenTTL;
44	18	$this->queryDelimiter = $queryDelimiter;
45	18	}
46
47		/**
48		* @param DateInterval $refreshTokenTTL
49		*
50		* @throw LogicException
51		*/
52	1	public function setRefreshTokenTTL(DateInterval $refreshTokenTTL)
53		{
54	1	throw new LogicException('The Implicit Grant does not return refresh tokens');
55		}
56
57		/**
58		* @param RefreshTokenRepositoryInterface $refreshTokenRepository
59		*
60		* @throw LogicException
61		*/
62	1	public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
63		{
64	1	throw new LogicException('The Implicit Grant does not return refresh tokens');
65		}
66
67		/**
68		* {@inheritdoc}
69		*/
70	1	public function canRespondToAccessTokenRequest(ServerRequestInterface $request)
71		{
72	1	return false;
73		}
74
75		/**
76		* Return the grant identifier that can be used in matching up requests.
77		*
78		* @return string
79		*/
80	10	public function getIdentifier()
81		{
82	10	return 'implicit';
83		}
84
85		/**
86		* Respond to an incoming request.
87		*
88		* @param ServerRequestInterface $request
89		* @param ResponseTypeInterface $responseType
90		* @param DateInterval $accessTokenTTL
91		*
92		* @return ResponseTypeInterface
93		*/
94	1	public function respondToAccessTokenRequest(
95		ServerRequestInterface $request,
96		ResponseTypeInterface $responseType,
97		DateInterval $accessTokenTTL
98		) {
99	1	throw new LogicException('This grant does not used this method');
100		}
101
102		/**
103		* {@inheritdoc}
104		*/
105	1	public function canRespondToAuthorizationRequest(ServerRequestInterface $request)
106		{
107		return (
108	1	isset($request->getQueryParams()['response_type'])
109	1	&& $request->getQueryParams()['response_type'] === 'token'
110	1	&& isset($request->getQueryParams()['client_id'])
111		);
112		}
113
114		/**
115		* {@inheritdoc}
116		*/
117	6	public function validateAuthorizationRequest(ServerRequestInterface $request)
118		{
119	6	$clientId = $this->getQueryStringParameter(
120	6	'client_id',
121	6	$request,
122	6	$this->getServerParameter('PHP_AUTH_USER', $request)
123		);
124
125	6	if (is_null($clientId)) {
126	1	throw OAuthServerException::invalidRequest('client_id');
127		}
128
129	5	$client = $this->clientRepository->getClientEntity(
130	5	$clientId,
131	5	$this->getIdentifier(),
132	5	null,
133	5	false
134		);
135
136	5	if ($client instanceof ClientEntityInterface === false) {
137	1	$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
138	1	throw OAuthServerException::invalidClient();
139		}
140
141	4	$redirectUri = $this->getQueryStringParameter('redirect_uri', $request);
142
143	4	if ($redirectUri !== null) {
144	4	$this->validateRedirectUri($redirectUri, $client, $request);
145		} elseif (is_array($client->getRedirectUri()) && count($client->getRedirectUri()) !== 1
146		\|\| empty($client->getRedirectUri())) {
147		$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
148		throw OAuthServerException::invalidClient();
149		} else {
150		$redirectUri = is_array($client->getRedirectUri())
151		? $client->getRedirectUri()[0]
152		: $client->getRedirectUri();
153		}
154
155	2	$scopes = $this->validateScopes(
156	2	$this->getQueryStringParameter('scope', $request, $this->defaultScope),
157	2	$redirectUri
158		);
159
160	2	$stateParameter = $this->getQueryStringParameter('state', $request);
161
162	2	$authorizationRequest = new AuthorizationRequest();
163	2	$authorizationRequest->setGrantTypeId($this->getIdentifier());
164	2	$authorizationRequest->setClient($client);
165	2	$authorizationRequest->setRedirectUri($redirectUri);
166
167	2	if ($stateParameter !== null) {
168		$authorizationRequest->setState($stateParameter);
169		}
170
171	2	$authorizationRequest->setScopes($scopes);
172
173	2	return $authorizationRequest;
174		}
175
176		/**
177		* {@inheritdoc}
178		*/
179	6	public function completeAuthorizationRequest(AuthorizationRequest $authorizationRequest)
180		{
181	6	if ($authorizationRequest->getUser() instanceof UserEntityInterface === false) {
182	1	throw new LogicException('An instance of UserEntityInterface should be set on the AuthorizationRequest');
183		}
184
185	5	$finalRedirectUri = ($authorizationRequest->getRedirectUri() === null)
186	5	? is_array($authorizationRequest->getClient()->getRedirectUri())
187		? $authorizationRequest->getClient()->getRedirectUri()[0]
188	5	: $authorizationRequest->getClient()->getRedirectUri()
189	5	: $authorizationRequest->getRedirectUri();
190
191		// The user approved the client, redirect them back with an access token
192	5	if ($authorizationRequest->isAuthorizationApproved() === true) {
193		// Finalize the requested scopes
194	4	$finalizedScopes = $this->scopeRepository->finalizeScopes(
195	4	$authorizationRequest->getScopes(),
196	4	$this->getIdentifier(),
197	4	$authorizationRequest->getClient(),
198	4	$authorizationRequest->getUser()->getIdentifier()
199		);
200
201	4	$accessToken = $this->issueAccessToken(
202	4	$this->accessTokenTTL,
203	4	$authorizationRequest->getClient(),
204	4	$authorizationRequest->getUser()->getIdentifier(),
205	4	$finalizedScopes
206		);
207
208	2	$response = new RedirectResponse();
209	2	$response->setRedirectUri(
210	2	$this->makeRedirectUri(
211	2	$finalRedirectUri,
212		[
213	2	'access_token' => (string) $accessToken->convertToJWT($this->privateKey),
214	2	'token_type' => 'Bearer',
215	2	'expires_in' => $accessToken->getExpiryDateTime()->getTimestamp() - (new DateTime())->getTimestamp(),
216	2	'state' => $authorizationRequest->getState(),
217		],
218	2	$this->queryDelimiter
219		)
220		);
221
222	2	return $response;
223		}
224
225		// The user denied the client, redirect them back with an error
226	1	throw OAuthServerException::accessDenied(
227	1	'The user denied the request',
228	1	$this->makeRedirectUri(
229	1	$finalRedirectUri,
230		[
231	1	'state' => $authorizationRequest->getState(),
232		]
233		)
234		);
235		}
236		}
237

thephpleague / oauth2-server

Pull Request — master (#997)

ImplicitGrant A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

9 Methods

Duplication Side-by-Side

Filter issues like