Authentication - Code Metrics - Inspection of "Merge pull request #42 from chadicus/master" - traderinteractive/tol-api-php - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( d75a47...7295a1 )

by Chad

created 2018-03-07 18:47 UTC

Authentication A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	200
Duplicated Lines	0 %

Coupling/Cohesion

Components	2
Dependencies	5

Importance

Changes

Metric	Value
wmc	8
lcom	2
cbo	5
dl	0
loc	200
rs	10
c	0
b	0
f	0

6 Methods

Rating	Name	Size	Complexity
A	__construct()	4	1
B	createClientCredentials()	36	2
B	createOwnerCredentials()	46	2
A	parseTokenResponse()	15	1
A	getTokenRequest()	4	1
B	getRefreshTokenRequest()	24	1

<?php
namespace TraderInteractive\Api;

use TraderInteractive\Util;
use TraderInteractive\Util\Arrays;
use TraderInteractive\Util\Http;
use GuzzleHttp\Psr7\Request;
use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;

/**
 * Layer for OAuth2 Authentication
 */
final class Authentication
{
    /**
     * Function to create a Request object for obtaining a new token from the API
     *
     * @var callable
     */
    private $getTokenRequestFunc;

    /**
     * Private constructor to safeguard undeclared functions
     *
     * @param callable $getTokenRequestFunc Function to create a Request object for obtaining a new token from the API
     */
    private function __construct(callable $getTokenRequestFunc)
    {
        $this->getTokenRequestFunc = $getTokenRequestFunc;
    }

    /**
     * Creates a new instance of Authentication for Client Credentials grant type
     *
     * @param string $clientId        The oauth client id
     * @param string $clientSecret    The oauth client secret
     * @param string $refreshResource The refresh token resource of the API Only needed since apigee doesnt use the
     *                                token resource that is in the oauth2 spec
     * @param string $tokenResource   The access token resource of the API
     *
     * @return Authentication
     */
    public static function createClientCredentials(
        string $clientId,
        string $clientSecret,
        string $refreshResource = 'token',
        string $tokenResource = 'token'
    ) : Authentication {
        $getTokenRequestFunc = function (
            string $baseUrl,
            string $refreshToken = null
        ) use (
            $clientId,
            $clientSecret,
            $refreshResource,
            $tokenResource
        ) {
            if ($refreshToken !== null) {
                return self::getRefreshTokenRequest(
                    $baseUrl,
                    $clientId,
                    $clientSecret,
                    $refreshResource,
                    $refreshToken
                );
            }

            $data = ['client_id' => $clientId, 'client_secret' => $clientSecret, 'grant_type' => 'client_credentials'];
            return new Request(
                'POST',
                "{$baseUrl}/{$tokenResource}",
                ['Content-Type' => 'application/x-www-form-urlencoded'],
                Http::buildQueryString($data)
            );
        };

        return new self($getTokenRequestFunc);
    }

    /**
     * Creates a new instance of Authentication for Owner Credentials grant type
     *
     * @param string $clientId        The oauth client id
     * @param string $clientSecret    The oauth client secret
     * @param string $username        The oauth username
     * @param string $password        The oauth password
     * @param string $refreshResource The refresh token resource of the API. Only needed since apigee doesnt use the
     *                                token resource that is in the oauth2 spec
     * @param string $tokenResource   The access token resource of the API
     *
     * @return Authentication
     */
    public static function createOwnerCredentials(
        string $clientId,
        string $clientSecret,
        string $username,
        string $password,
        string $refreshResource = 'token',
        string $tokenResource = 'token'
    ) : Authentication {
        $getTokenRequestFunc = function (
            string $baseUrl,
            string $refreshToken = null
        ) use (
            $clientId,
            $clientSecret,
            $username,
            $password,
            $refreshResource,
            $tokenResource
        ) {
            if ($refreshToken !== null) {
                return self::getRefreshTokenRequest(
                    $baseUrl,
                    $clientId,
                    $clientSecret,
                    $refreshResource,
                    $refreshToken
                );
            }

            $data = [
                'client_id' => $clientId,
                'client_secret' => $clientSecret,
                'username' => $username,
                'password' => $password,
                'grant_type' => 'password',
            ];
            return new Request(
                'POST',
                "{$baseUrl}/{$tokenResource}",
                ['Content-Type' => 'application/x-www-form-urlencoded'],
                Http::buildQueryString($data)
            );
        };

        return new self($getTokenRequestFunc);
    }

    /**
     * Extracts an access token from the given API response
     *
     * @param ResponseInterface $response The API response containing the access token
     *
     * @return array Array containing the access token, refresh token and expires timestamp
     */
    public static function parseTokenResponse(ResponseInterface $response)
    {
        $parsedJson = json_decode((string)$response->getBody(), true);
        Util::ensureNot('invalid_client', Arrays::get($parsedJson, 'error'), 'Invalid Credentials');
        Util::ensure(
            200,
            $response->getStatusCode(),
            Arrays::get($parsedJson, 'error_description', 'Unknown API error')
        );
        return [
            $parsedJson['access_token'],
            Arrays::get($parsedJson, 'refresh_token'),
            time() + (int)$parsedJson['expires_in'],
        ];
    }

    /**
     * Creates a Request object for obtaining a new token from the API
     *
     * @param string      $baseUrl      The base url of the API
     * @param string|null $refreshToken The refresh token of the API
     *
     * @return RequestInterface
     */
    public function getTokenRequest(string $baseUrl, string $refreshToken = null) : RequestInterface
    {
        return call_user_func($this->getTokenRequestFunc, $baseUrl, $refreshToken);
    }

    /**
     * Build a refresh token request
     *
     * @param string $baseUrl API base url
     * @param string $clientId The client id
     * @param string $clientSecret The client secret
     * @param string $refreshResource The refresh token resource of the API
     *     Only needed since apigee doesnt use the token resource that is in the oauth2 spec
     * @param string $refreshToken The refresh token of the API
     *
     * @return RequestInterface The built token refresh request
     */
    private static function getRefreshTokenRequest(
        string $baseUrl,
        string $clientId,
        string $clientSecret,
        string $refreshResource,
        string $refreshToken
    ) : RequestInterface {
        //NOTE client_id and client_secret are needed for Apigee but are not in the oauth2 spec
        $data = [
            'client_id' => $clientId,
            'client_secret' => $clientSecret,
            'refresh_token' => $refreshToken,
            'grant_type' => 'refresh_token',
        ];

        //NOTE the oauth2 spec says the refresh resource should be the same as the token resource, which is impossible
        //in Apigee and why the $refreshResource variable exists
        return new Request(
            'POST',
            "{$baseUrl}/{$refreshResource}",
            ['Content-Type' => 'application/x-www-form-urlencoded'],
            Http::buildQueryString($data)
        );
    }
}


1			<?php
2			namespace TraderInteractive\Api;
3
4			use TraderInteractive\Util;
5			use TraderInteractive\Util\Arrays;
6			use TraderInteractive\Util\Http;
7			use GuzzleHttp\Psr7\Request;
8			use Psr\Http\Message\RequestInterface;
9			use Psr\Http\Message\ResponseInterface;
10
11			/**
12			* Layer for OAuth2 Authentication
13			*/
14			final class Authentication
15			{
16			/**
17			* Function to create a Request object for obtaining a new token from the API
18			*
19			* @var callable
20			*/
21			private $getTokenRequestFunc;
22
23			/**
24			* Private constructor to safeguard undeclared functions
25			*
26			* @param callable $getTokenRequestFunc Function to create a Request object for obtaining a new token from the API
27			*/
28			private function __construct(callable $getTokenRequestFunc)
29			{
30			$this->getTokenRequestFunc = $getTokenRequestFunc;
31			}
32
33			/**
34			* Creates a new instance of Authentication for Client Credentials grant type
35			*
36			* @param string $clientId The oauth client id
37			* @param string $clientSecret The oauth client secret
38			* @param string $refreshResource The refresh token resource of the API Only needed since apigee doesnt use the
39			* token resource that is in the oauth2 spec
40			* @param string $tokenResource The access token resource of the API
41			*
42			* @return Authentication
43			*/
44			public static function createClientCredentials(
45			string $clientId,
46			string $clientSecret,
47			string $refreshResource = 'token',
48			string $tokenResource = 'token'
49			) : Authentication {
50			$getTokenRequestFunc = function (
51			string $baseUrl,
52			string $refreshToken = null
53			) use (
54			$clientId,
55			$clientSecret,
56			$refreshResource,
57			$tokenResource
58			) {
59			if ($refreshToken !== null) {
60			return self::getRefreshTokenRequest(
61			$baseUrl,
62			$clientId,
63			$clientSecret,
64			$refreshResource,
65			$refreshToken
66			);
67			}
68
69			$data = ['client_id' => $clientId, 'client_secret' => $clientSecret, 'grant_type' => 'client_credentials'];
70			return new Request(
71			'POST',
72			"{$baseUrl}/{$tokenResource}",
73			['Content-Type' => 'application/x-www-form-urlencoded'],
74			Http::buildQueryString($data)
75			);
76			};
77
78			return new self($getTokenRequestFunc);
79			}
80
81			/**
82			* Creates a new instance of Authentication for Owner Credentials grant type
83			*
84			* @param string $clientId The oauth client id
85			* @param string $clientSecret The oauth client secret
86			* @param string $username The oauth username
87			* @param string $password The oauth password
88			* @param string $refreshResource The refresh token resource of the API. Only needed since apigee doesnt use the
89			* token resource that is in the oauth2 spec
90			* @param string $tokenResource The access token resource of the API
91			*
92			* @return Authentication
93			*/
94			public static function createOwnerCredentials(
95			string $clientId,
96			string $clientSecret,
97			string $username,
98			string $password,
99			string $refreshResource = 'token',
100			string $tokenResource = 'token'
101			) : Authentication {
102			$getTokenRequestFunc = function (
103			string $baseUrl,
104			string $refreshToken = null
105			) use (
106			$clientId,
107			$clientSecret,
108			$username,
109			$password,
110			$refreshResource,
111			$tokenResource
112			) {
113			if ($refreshToken !== null) {
114			return self::getRefreshTokenRequest(
115			$baseUrl,
116			$clientId,
117			$clientSecret,
118			$refreshResource,
119			$refreshToken
120			);
121			}
122
123			$data = [
124			'client_id' => $clientId,
125			'client_secret' => $clientSecret,
126			'username' => $username,
127			'password' => $password,
128			'grant_type' => 'password',
129			];
130			return new Request(
131			'POST',
132			"{$baseUrl}/{$tokenResource}",
133			['Content-Type' => 'application/x-www-form-urlencoded'],
134			Http::buildQueryString($data)
135			);
136			};
137
138			return new self($getTokenRequestFunc);
139			}
140
141			/**
142			* Extracts an access token from the given API response
143			*
144			* @param ResponseInterface $response The API response containing the access token
145			*
146			* @return array Array containing the access token, refresh token and expires timestamp
147			*/
148			public static function parseTokenResponse(ResponseInterface $response)
149			{
150			$parsedJson = json_decode((string)$response->getBody(), true);
151			Util::ensureNot('invalid_client', Arrays::get($parsedJson, 'error'), 'Invalid Credentials');
152			Util::ensure(
153			200,
154			$response->getStatusCode(),
155			Arrays::get($parsedJson, 'error_description', 'Unknown API error')
156			);
157			return [
158			$parsedJson['access_token'],
159			Arrays::get($parsedJson, 'refresh_token'),
160			time() + (int)$parsedJson['expires_in'],
161			];
162			}
163
164			/**
165			* Creates a Request object for obtaining a new token from the API
166			*
167			* @param string $baseUrl The base url of the API
168			* @param string\|null $refreshToken The refresh token of the API
169			*
170			* @return RequestInterface
171			*/
172			public function getTokenRequest(string $baseUrl, string $refreshToken = null) : RequestInterface
173			{
174			return call_user_func($this->getTokenRequestFunc, $baseUrl, $refreshToken);
175			}
176
177			/**
178			* Build a refresh token request
179			*
180			* @param string $baseUrl API base url
181			* @param string $clientId The client id
182			* @param string $clientSecret The client secret
183			* @param string $refreshResource The refresh token resource of the API
184			* Only needed since apigee doesnt use the token resource that is in the oauth2 spec
185			* @param string $refreshToken The refresh token of the API
186			*
187			* @return RequestInterface The built token refresh request
188			*/
189			private static function getRefreshTokenRequest(
190			string $baseUrl,
191			string $clientId,
192			string $clientSecret,
193			string $refreshResource,
194			string $refreshToken
195			) : RequestInterface {
196			//NOTE client_id and client_secret are needed for Apigee but are not in the oauth2 spec
197			$data = [
198			'client_id' => $clientId,
199			'client_secret' => $clientSecret,
200			'refresh_token' => $refreshToken,
201			'grant_type' => 'refresh_token',
202			];
203
204			//NOTE the oauth2 spec says the refresh resource should be the same as the token resource, which is impossible
205			//in Apigee and why the $refreshResource variable exists
206			return new Request(
207			'POST',
208			"{$baseUrl}/{$refreshResource}",
209			['Content-Type' => 'application/x-www-form-urlencoded'],
210			Http::buildQueryString($data)
211			);
212			}
213			}
214

traderinteractive / tol-api-php

Push — master ( d75a47...7295a1 )

Authentication A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

6 Methods

Duplication Side-by-Side

Filter issues like