vince-scarpa /
responsibleAPI
| Total Complexity | 57 |
| Total Lines | 331 |
| Duplicated Lines | 0 % |
| Changes | 5 | ||
| Bugs | 0 | Features | 0 |
Complex classes like jwtValidate often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use jwtValidate, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 23 | class jwtValidate extends jwt |
||
| 24 | { |
||
| 25 | /** |
||
| 26 | * [$TIMESTAMP] |
||
| 27 | * @var int |
||
| 28 | */ |
||
| 29 | protected static $TIMESTAMP; |
||
| 30 | |||
| 31 | /** |
||
| 32 | * [$LEEWAY] |
||
| 33 | * @var int |
||
| 34 | */ |
||
| 35 | protected static $LEEWAY = 0; |
||
| 36 | |||
| 37 | /** |
||
| 38 | * [$ALGORITHM] |
||
| 39 | * @var string |
||
| 40 | */ |
||
| 41 | private static $ALGORITHM; |
||
| 42 | |||
| 43 | /** |
||
| 44 | * [$isPayloadValid Validation placeholders] |
||
| 45 | * @var array |
||
| 46 | */ |
||
| 47 | protected static $isPayloadValid = [ |
||
| 48 | "iss" => false, |
||
| 49 | "sub" => false, |
||
| 50 | "iat" => false, |
||
| 51 | "nbf" => false, |
||
| 52 | "exp" => false, |
||
| 53 | ]; |
||
| 54 | |||
| 55 | /** |
||
| 56 | * [header Validate the header object] |
||
| 57 | * First segment of the token |
||
| 58 | * @return bool |
||
| 59 | */ |
||
| 60 | public static function header(array $headObject = []) |
||
| 61 | { |
||
| 62 | if ( |
||
| 63 | empty($headObject) || |
||
| 64 | !self::typ($headObject) || |
||
| 65 | !self::alg($headObject) |
||
| 66 | ) { |
||
| 67 | (new exception\errorException) |
||
| 68 | ->setOptions(parent::$options) |
||
| 69 | ->message(self::messages('denied_token')) |
||
| 70 | ->error('UNAUTHORIZED'); |
||
| 71 | } |
||
| 72 | } |
||
| 73 | |||
| 74 | /** |
||
| 75 | * [payload Validate the payload object] |
||
| 76 | * Second segment of the token |
||
| 77 | * @return bool |
||
| 78 | */ |
||
| 79 | public static function payload(array $payloadObject = []) |
||
| 96 | } |
||
| 97 | } |
||
| 98 | |||
| 99 | /** |
||
| 100 | * Check if the scope is anonymous |
||
| 101 | * @return boolean |
||
| 102 | */ |
||
| 103 | private static function isAnonymousScope($payloadObject) |
||
| 104 | { |
||
| 105 | return (isset($payloadObject['scope']) && $payloadObject['scope'] == 'anonymous'); |
||
| 106 | } |
||
| 107 | |||
| 108 | /** |
||
| 109 | * [signature - Validate the signature object] |
||
| 110 | * Third segment of the token |
||
| 111 | * @return bool |
||
| 112 | */ |
||
| 113 | public static function signature($jwtHead, $jwtPayload, $signature, $key) |
||
| 141 | } |
||
| 142 | } |
||
| 143 | |||
| 144 | /** |
||
| 145 | * [typ Issuer claim] |
||
| 146 | * |
||
| 147 | * @return bool |
||
| 148 | */ |
||
| 149 | public static function typ($headObject) |
||
| 150 | { |
||
| 151 | if (!isset($headObject['typ']) || |
||
| 152 | (isset($headObject['typ']) && empty($headObject)) |
||
| 153 | ) { |
||
| 154 | return; |
||
| 155 | } |
||
| 156 | return true; |
||
| 157 | } |
||
| 158 | |||
| 159 | /** |
||
| 160 | * [alg Issuer claim] |
||
| 161 | * |
||
| 162 | * @return bool |
||
| 163 | */ |
||
| 164 | public static function alg($headObject) |
||
| 165 | { |
||
| 166 | if (!isset($headObject['alg']) || |
||
| 167 | (isset($headObject['alg']) && empty($headObject)) && |
||
| 168 | self::getAlgorithm($headObject['alg']) |
||
| 169 | ) { |
||
| 170 | return; |
||
| 171 | } |
||
| 172 | |||
| 173 | self::algorithm($headObject['alg']); |
||
| 174 | |||
| 175 | return true; |
||
| 176 | } |
||
| 177 | |||
| 178 | /** |
||
| 179 | * [iss Issuer claim] |
||
| 180 | * |
||
| 181 | * @return bool |
||
| 182 | */ |
||
| 183 | public static function iss($payloadObject) |
||
| 184 | { |
||
| 185 | if (!isset($payloadObject['iss']) || |
||
| 186 | (isset($payloadObject['iss']) && empty($payloadObject)) |
||
| 187 | ) { |
||
| 188 | return; |
||
| 189 | } |
||
| 190 | |||
| 191 | $router = new route\router; |
||
| 192 | $router->route(); |
||
| 193 | |||
| 194 | if ($payloadObject['iss'] !== $router->getIssuer(true)) { |
||
| 195 | return; |
||
| 196 | } |
||
| 197 | |||
| 198 | self::$isPayloadValid['iss'] = true; |
||
| 199 | return true; |
||
| 200 | } |
||
| 201 | |||
| 202 | /** |
||
| 203 | * [sub Subject claim] |
||
| 204 | * The Responsible API uses the "Subject" claim as a placeholder for account Ids |
||
| 205 | * |
||
| 206 | * @return bool |
||
| 207 | */ |
||
| 208 | public static function sub($payloadObject) |
||
| 209 | { |
||
| 210 | $server = new server([], parent::$options); |
||
| 211 | if ($server->isMockTest()) { |
||
| 212 | self::$isPayloadValid['sub'] = true; |
||
| 213 | return true; |
||
| 214 | } |
||
| 215 | |||
| 216 | if (!isset($payloadObject['sub']) || |
||
| 217 | (isset($payloadObject['sub']) && empty($payloadObject)) |
||
| 218 | ) { |
||
| 219 | return; |
||
| 220 | } |
||
| 221 | |||
| 222 | $account = (object) (new user\user) |
||
| 223 | ->setOptions(parent::$options) |
||
| 224 | ->load($payloadObject['sub'], ['refreshToken' => false]) |
||
| 225 | ; |
||
| 226 | |||
| 227 | if (empty($account)) { |
||
| 228 | return; |
||
| 229 | } else { |
||
| 230 | if (!isset($account->account_id)) { |
||
| 231 | return; |
||
| 232 | } |
||
| 233 | |||
| 234 | if ((int) $account->account_id !== (int) $payloadObject['sub']) { |
||
| 235 | return; |
||
| 236 | } |
||
| 237 | } |
||
| 238 | |||
| 239 | self::$isPayloadValid['sub'] = true; |
||
| 240 | return true; |
||
| 241 | } |
||
| 242 | |||
| 243 | /** |
||
| 244 | * [iat Issued at claim] |
||
| 245 | * |
||
| 246 | * @return bool |
||
| 247 | */ |
||
| 248 | public static function iat($payloadObject) |
||
| 249 | { |
||
| 250 | if (!isset($payloadObject['iat']) || |
||
| 251 | (isset($payloadObject['iat']) && empty($payloadObject)) |
||
| 252 | ) { |
||
| 253 | return; |
||
| 254 | } |
||
| 255 | |||
| 256 | if ($payloadObject['iat'] > self::getTimestamp()) { |
||
| 257 | (new exception\errorException) |
||
| 258 | ->setOptions(parent::$options) |
||
| 259 | ->message(self::messages('not_ready')) |
||
| 260 | ->error('NO_CONTENT'); |
||
| 261 | } |
||
| 262 | |||
| 263 | self::$isPayloadValid['iat'] = true; |
||
| 264 | return true; |
||
| 265 | } |
||
| 266 | |||
| 267 | /** |
||
| 268 | * [nbf Not before claim] |
||
| 269 | * |
||
| 270 | * @return bool |
||
| 271 | */ |
||
| 272 | public static function nbf($payloadObject) |
||
| 289 | } |
||
| 290 | |||
| 291 | /** |
||
| 292 | * [exp Expiration claim this optional so if its not set return true] |
||
| 293 | * |
||
| 294 | * @return bool |
||
| 295 | */ |
||
| 296 | public static function exp($payloadObject) |
||
| 313 | } |
||
| 314 | |||
| 315 | /** |
||
| 316 | * [leeway Inherit the leeway offset] |
||
| 317 | * @param int $leeway [integer in seconds] |
||
| 318 | * @return void |
||
| 319 | */ |
||
| 320 | public static function leeway($leeway) |
||
| 323 | } |
||
| 324 | |||
| 325 | /** |
||
| 326 | * [timestamp Inherit the current timestamp (now)] |
||
| 327 | * @param int $timestamp [integer in seconds] |
||
| 328 | * @return void |
||
| 329 | */ |
||
| 330 | public static function timestamp($timestamp) |
||
| 331 | { |
||
| 332 | self::$TIMESTAMP = $timestamp; |
||
| 333 | } |
||
| 334 | |||
| 335 | /** |
||
| 336 | * [getTimestamp Add both the timestamp (now) and the leeway] |
||
| 337 | * @return int |
||
| 338 | */ |
||
| 339 | private static function getTimestamp() |
||
| 340 | { |
||
| 341 | return (int) (self::$TIMESTAMP + self::$LEEWAY); |
||
| 342 | } |
||
| 343 | |||
| 344 | /** |
||
| 345 | * [algorithm Set the requested hash algorithm] |
||
| 346 | * @return string |
||
| 347 | */ |
||
| 348 | public static function algorithm($algo = 'SHA256') |
||
| 354 | } |
||
| 355 | } |
||
| 356 |
