RefreshTokenGrant::validateOldRefreshToken() - Code Metrics - Inspection of "Remove the encrypted payload from AuthCode and Ref..." - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed
Pull Request — master (#1470)

unknown
created 2025-01-20 21:13 UTC
RefreshTokenGrant::validateOldRefreshToken() F

↳ Parent: RefreshTokenGrant
Complexity

Conditions	13
Paths	438
Size

Total Lines	67
Code Lines	38
Duplication

Lines	0
Ratio	0 %
Code Coverage

Tests	9
CRAP Score	13
Importance

Changes
Metric	Value
cc	13
eloc	38
c	0
b	0
f	0
nc	438
nop	2
dl	0
loc	67
ccs	9
cts	9
cp	1
crap	13
rs	3.2305
How to fix Long Method Complexity

<?php

/**
 * OAuth 2.0 Refresh token grant.
 *
 * @author      Alex Bilbie <[email protected]>
 * @copyright   Copyright (c) Alex Bilbie
 * @license     http://mit-license.org/
 *
 * @link        https://github.com/thephpleague/oauth2-server
 */

declare(strict_types=1);

namespace League\OAuth2\Server\Grant;

use DateInterval;
use DateTimeImmutable;
use Exception;
use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\RequestAccessTokenEvent;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\RequestRefreshTokenEvent;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ServerRequestInterface;

use function implode;
use function in_array;
use function json_decode;
use function time;

/**
 * Refresh token grant.
 */
class RefreshTokenGrant extends AbstractGrant
{
    public function __construct(RefreshTokenRepositoryInterface $refreshTokenRepository)
    {
        $this->setRefreshTokenRepository($refreshTokenRepository);

        $this->refreshTokenTTL = new DateInterval('P1M');
    }

    /**
     * {@inheritdoc}
     */
    public function respondToAccessTokenRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
        DateInterval $accessTokenTTL
    ): ResponseTypeInterface {
        // Validate request
        $client = $this->validateClient($request);
        $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());

        if ($oldRefreshToken == null) {
            // Probably should throw an exception here instead
            return $responseType;
        }

        $originalScopes = $oldRefreshToken->getScopes();
        $originalScopeArray = [];
        foreach ($originalScopes as $scopeEntity) {
            $originalScopeArray[$scopeEntity->getIdentifier()] = $scopeEntity->getIdentifier();
        }
        $originalScopeArray = array_values($originalScopeArray);

        $scopes = $this->validateScopes(
            $this->getRequestParameter(
                'scope',
                $request,
                implode(self::SCOPE_DELIMITER_STRING, $originalScopeArray)
            )
        );

        // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
        // the request doesn't include any new scopes
        foreach ($scopes as $scope) {
            if (in_array($scope->getIdentifier(), $originalScopeArray, true) === false) {
                throw OAuthServerException::invalidScope($scope->getIdentifier());
            }
        }

        $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client);

        // Expire old tokens
        $this->accessTokenRepository->revokeAccessToken($oldRefreshToken->getAccessToken()->getIdentifier());
        if ($this->revokeRefreshTokens) {
            $this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken->getIdentifier());
        }

        // Issue and persist new access token
        $userId = $oldRefreshToken->getUserIdentifier();
        if (is_int($userId)) {

            $userId = (string) $userId;
        }
        $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $userId, $scopes);
        $this->getEmitter()->emit(new RequestAccessTokenEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request, $accessToken));
        $responseType->setAccessToken($accessToken);

        // Issue and persist new refresh token if given
        $refreshToken = $this->issueRefreshToken($accessToken);

        if ($refreshToken !== null) {
            $this->getEmitter()->emit(new RequestRefreshTokenEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request, $refreshToken));
            $responseType->setRefreshToken($refreshToken);
        }

        return $responseType;
    }

    /**
     * @throws OAuthServerException
     *
     * @return RefreshTokenEntityInterface
     */
    protected function validateOldRefreshToken(ServerRequestInterface $request, string $clientId): ?RefreshTokenEntityInterface
    {
        $refreshTokenParam = $this->getRequestParameter('refresh_token', $request)
            ?? throw OAuthServerException::invalidRequest('refresh_token');

        // Validate refresh token
        if ($this->canUseCrypt()) {
            try {
                $refreshTokenJson = $this->decrypt($refreshTokenParam);
                $refreshTokenData = json_decode($refreshTokenJson, true);

                $refreshTokenEntity = $this->refreshTokenRepository->getNewRefreshToken();

                if ($refreshTokenEntity == null) {
                    return null;
                }

                if (isset($refreshTokenData['refresh_token_id'])) {
                    $refreshTokenEntity->setIdentifier($refreshTokenData['refresh_token_id']);
                }

                if (isset($refreshTokenData['expire_time'])) {
                    $expire = new DateTimeImmutable();
                    $expire = $expire->setTimestamp($refreshTokenData['expire_time']);
                    $refreshTokenEntity->setExpiryDateTime($expire);
                }

                if (isset($refreshTokenData['client_id'])) {
                    $client = $this->getClientEntityOrFail($refreshTokenData['client_id'], $request);
                    $refreshTokenEntity->setClient($client);
                }

                if (isset($refreshTokenData['scopes'])) {
                    $scopes = $this->validateScopes($refreshTokenData['scopes']);

                    $refreshTokenEntity->setScopes($scopes);
                }

                if (isset($refreshTokenData['user_id'])) {
                    $refreshTokenEntity->setUserIdentifier((string)$refreshTokenData['user_id']);
                }

                if (isset($refreshTokenData['access_token_id'])) {
                    $accessToken = $this->accessTokenRepository->getAccessTokenEntity($refreshTokenData['access_token_id']);
                    $refreshTokenEntity->setAccessToken($accessToken);
                    $refreshTokenEntity->setAccessToken(/** @scrutinizer ignore-type */ $accessToken);
                }
            } catch (Exception $e) {
                throw OAuthServerException::invalidRefreshToken('Cannot decrypt the refresh token', $e);
            }
        } else {
            $refreshTokenEntity = $this->refreshTokenRepository->getRefreshTokenEntity($refreshTokenParam);
        }

        if ($refreshTokenEntity->getClient()->getIdentifier() !== $clientId) {
        if ($refreshTokenEntity->/** @scrutinizer ignore-call */ getClient()->getIdentifier() !== $clientId) {
            $this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_CLIENT_FAILED, $request));
            throw OAuthServerException::invalidRefreshToken('Token is not linked to client');
        }

        if ($refreshTokenEntity->getExpiryDateTime()->getTimestamp() < time()) {
        if ($refreshTokenEntity->/** @scrutinizer ignore-call */ getExpiryDateTime()->getTimestamp() < time()) {
            throw OAuthServerException::invalidRefreshToken('Token has expired');
        }

        if ($this->refreshTokenRepository->isRefreshTokenRevoked($refreshTokenEntity->getIdentifier()) === true) {
        if ($this->refreshTokenRepository->isRefreshTokenRevoked($refreshTokenEntity->/** @scrutinizer ignore-call */ getIdentifier()) === true) {
            throw OAuthServerException::invalidRefreshToken('Token has been revoked');
        }

        return $refreshTokenEntity;

    }

    /**
     * {@inheritdoc}
     */
    public function getIdentifier(): string
    {
        return 'refresh_token';
    }
}

thephpleague / oauth2-server

Pull Request — master (#1470)

RefreshTokenGrant::validateOldRefreshToken() F

Complexity

Size

Duplication

Code Coverage

Importance

How to fix Long Method Complexity

Long Method

Duplication Side-by-Side

Filter issues like
