BearerTokenValidator::isTokenExpired() - Code Metrics - Inspection of "Add introspection implementation" - thephpleague/oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#925)

unknown

created 2018-11-11 12:40 UTC

BearerTokenValidator::isTokenExpired() A

↳ Parent: BearerTokenValidator

Complexity

Conditions	1
Paths	1

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	3
CRAP Score	1

Importance

Changes

Metric	Value
dl	0
loc	6
ccs	3
cts	3
cp	1
rs	10
c	0
b	0
f	0
cc	1
nc	1
nop	1
crap	1

<?php

namespace League\OAuth2\Server\IntrospectionValidators;

use InvalidArgumentException;
use Lcobucci\JWT\Parser;
use Lcobucci\JWT\Signer\Keychain;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\Token;
use Lcobucci\JWT\ValidationData;
use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use Psr\Http\Message\ServerRequestInterface;

class BearerTokenValidator implements IntrospectionValidatorInterface
{
    /**
     * @var AccessTokenRepositoryInterface
     */
    private $accessTokenRepository;

    /**
     * @var \League\OAuth2\Server\CryptKey
     */
    protected $privateKey;

    /**
     * @param AccessTokenRepositoryInterface $accessTokenRepository
     */
    public function __construct(AccessTokenRepositoryInterface $accessTokenRepository)
    {
        $this->accessTokenRepository = $accessTokenRepository;
    }

    /**
     * Set the public key
     *
     * @param \League\OAuth2\Server\CryptKey $key
     */
    public function setPrivateKey(CryptKey $key)
    {
        $this->privateKey = $key;
    }

    /**
     * Validates the given token from the request
     *
     * @param ServerRequestInterface $request
     * @return bool
     */
    public function validateIntrospection(ServerRequestInterface $request)
    {
        try {
            $token = $this->getTokenFromRequest($request);
        } catch (InvalidArgumentException $e) {
            return false;
        }

        if (
            $this->isTokenRevoked($token) ||
            $this->isTokenExpired($token) ||
            $this->isTokenUnverified($token)
        ) {
            return false;
        }

        return true;
    }

    /**
     * Gets the token from the request body.
     *
     * @param ServerRequestInterface $request
     * @return Token
     */
    public function getTokenFromRequest(ServerRequestInterface $request)
    {
        $jwt = $request->getParsedBody()['token'] ?? null;

        return (new Parser())
            ->parse($jwt);
    }

    /**
     * Validate the JWT token.
     *
     * @param Token $token
     *
     * @return bool
     */
    private function isTokenUnverified(Token $token)
    {
        $keychain = new Keychain();

        $key = $keychain->getPrivateKey(
            $this->privateKey->getKeyPath(),
            $this->privateKey->getPassPhrase()
        );

        return $token->verify(new Sha256(), $key->getContent()) === false;
    }

    /**
     * Ensure access token hasn't expired
     *
     * @param Token $token
     *
     * @return bool
     */
    private function isTokenExpired(Token $token)
    {
        $data = new ValidationData(time());

        return ! $token->validate($data);
    }

    /**
     * Check if the given token is revoked.
     *
     * @param Token $token
     *
     * @return bool
     */
    private function isTokenRevoked(Token $token)
    {
        return $this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'));
    }
}


1		<?php
2
3		namespace League\OAuth2\Server\IntrospectionValidators;
4
5		use InvalidArgumentException;
6		use Lcobucci\JWT\Parser;
7		use Lcobucci\JWT\Signer\Keychain;
8		use Lcobucci\JWT\Signer\Rsa\Sha256;
9		use Lcobucci\JWT\Token;
10		use Lcobucci\JWT\ValidationData;
11		use League\OAuth2\Server\CryptKey;
12		use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
13		use Psr\Http\Message\ServerRequestInterface;
14
15		class BearerTokenValidator implements IntrospectionValidatorInterface
16		{
17		/**
18		* @var AccessTokenRepositoryInterface
19		*/
20		private $accessTokenRepository;
21
22		/**
23		* @var \League\OAuth2\Server\CryptKey
24		*/
25		protected $privateKey;
26
27		/**
28		* @param AccessTokenRepositoryInterface $accessTokenRepository
29		*/
30	4	public function __construct(AccessTokenRepositoryInterface $accessTokenRepository)
31		{
32	4	$this->accessTokenRepository = $accessTokenRepository;
33	4	}
34
35		/**
36		* Set the public key
37		*
38		* @param \League\OAuth2\Server\CryptKey $key
39		*/
40	2	public function setPrivateKey(CryptKey $key)
41		{
42	2	$this->privateKey = $key;
43	2	}
44
45		/**
46		* Validates the given token from the request
47		*
48		* @param ServerRequestInterface $request
49		* @return bool
50		*/
51	5	public function validateIntrospection(ServerRequestInterface $request)
52		{
53		try {
54	5	$token = $this->getTokenFromRequest($request);
55	1	} catch (InvalidArgumentException $e) {
56	1	return false;
57		}
58
59		if (
60	4	$this->isTokenRevoked($token) \|\|
61	3	$this->isTokenExpired($token) \|\|
62	4	$this->isTokenUnverified($token)
63		) {
64	3	return false;
65		}
66
67	1	return true;
68		}
69
70		/**
71		* Gets the token from the request body.
72		*
73		* @param ServerRequestInterface $request
74		* @return Token
75		*/
76		public function getTokenFromRequest(ServerRequestInterface $request)
77		{
78		$jwt = $request->getParsedBody()['token'] ?? null;
79
80		return (new Parser())
81		->parse($jwt);
82		}
83
84		/**
85		* Validate the JWT token.
86		*
87		* @param Token $token
88		*
89		* @return bool
90		*/
91	2	private function isTokenUnverified(Token $token)
92		{
93	2	$keychain = new Keychain();
94
95	2	$key = $keychain->getPrivateKey(
96	2	$this->privateKey->getKeyPath(),
97	2	$this->privateKey->getPassPhrase()
98		);
99
100	2	return $token->verify(new Sha256(), $key->getContent()) === false;
101		}
102
103		/**
104		* Ensure access token hasn't expired
105		*
106		* @param Token $token
107		*
108		* @return bool
109		*/
110	3	private function isTokenExpired(Token $token)
111		{
112	3	$data = new ValidationData(time());
113
114	3	return ! $token->validate($data);
115		}
116
117		/**
118		* Check if the given token is revoked.
119		*
120		* @param Token $token
121		*
122		* @return bool
123		*/
124	4	private function isTokenRevoked(Token $token)
125		{
126	4	return $this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'));
127		}
128		}
129

thephpleague / oauth2-server

Pull Request — master (#925)

BearerTokenValidator::isTokenExpired() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like