jwtValidate - Code Metrics - Inspection of "Resolving code block data types" - vince-scarpa/responsibleAPI - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Branch — master (e80214)

by Vince

created 2020-05-01 23:35 UTC

jwtValidate F

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	300
Duplicated Lines	0 %

Importance

Changes	3
Bugs	0	Features	0

Metric	Value
eloc	109
c	3
b	0
f	0
dl	0
loc	300
rs	3.6
wmc	60

14 Methods

Rating	Name	Size	Complexity
B	payload()	18	9
A	header()	11	4
A	signature()	28	6
A	nbf()	16	5
A	exp()	16	5
A	leeway()	3	1
A	typ()	8	4
B	sub()	26	7
A	alg()	12	5
A	algorithm()	6	2
A	iss()	16	5
A	iat()	16	5
A	timestamp()	3	1
A	getTimestamp()	3	1

How to fix Complexity

<?php
/**
 * ==================================
 * Responsible PHP API
 * ==================================
 *
 * @link Git https://github.com/vince-scarpa/responsibleAPI.git
 *
 * @api Responible API
 * @package responsible\core\oauth
 *
 * @author Vince scarpa <[email protected]>
 *
 */
namespace responsible\core\auth;

use responsible\core\encoder;
use responsible\core\exception;
use responsible\core\route;
use responsible\core\user;

class jwtValidate extends jwt
{
    /**
     * [$TIMESTAMP]
     * @var int
     */
    protected static $TIMESTAMP;

    /**
     * [$LEEWAY]
     * @var int
     */
    protected static $LEEWAY = 0;

    /**
     * [$ALGORITHM]
     * @var string
     */
    private static $ALGORITHM;

    /**
     * [header Validate the header object]
     * First segment of the token
     * @return bool
     */
    public static function header(array $headObject = [])
    {
        if (
            empty($headObject) ||
            !self::typ($headObject) ||
            !self::alg($headObject)
        ) {
            (new exception\errorException)
                ->setOptions(parent::$options)
                ->message(self::messages('denied_token'))
                ->error('UNAUTHORIZED');
        }
    }

    /**
     * [payload Validate the payload object]
     * Second segment of the token
     * @return bool
     */
    public static function payload(array $payloadObject = [])
    {
        if( isset($payloadObject['scope']) && $payloadObject['scope'] == 'anonymous' ) {
            return true;
        }

        if (
            !is_array($payloadObject) ||
            !self::iss($payloadObject) ||
            !self::sub($payloadObject) ||
            !self::iat($payloadObject) ||
            !self::nbf($payloadObject) ||
            !self::exp($payloadObject)
        ) {
            (new exception\errorException)
                ->setOptions(parent::$options)
                ->message(self::messages('denied_token'))
                ->error('UNAUTHORIZED');
        }
    }

    /**
     * [signature - Validate the signature object]
     * Third segment of the token
     * @return bool
     */
    public static function signature($jwtHead, $jwtPayload, $signature, $key)
    {
        if (empty($jwtHead) ||
            empty($jwtPayload) ||
            empty($signature) ||
            empty($key)
        ) {
            (new exception\errorException)
                ->setOptions(parent::$options)
                ->message(self::messages('denied_token'))
                ->error('UNAUTHORIZED');
        }

        $cipher = new encoder\cipher;

        $hashed = $cipher->encode(
            $cipher->hash(
                self::$ALGORITHM,
                $jwtHead . '.' . $jwtPayload,
                $key
            )
        );

        if (!$cipher->hashCompare($signature, $hashed)) {
            (new exception\errorException)
                ->setOptions(parent::$options)
                ->message(self::messages('denied_token'))
                ->error('UNAUTHORIZED');
        }
    }

    /**
     * [typ Issuer claim]
     *
     * @return bool
     */
    public static function typ($headObject)
    {
        if (!isset($headObject['typ']) ||
            (isset($headObject['typ']) && empty($headObject))
        ) {
            return;
        }
        return true;
    }

    /**
     * [alg Issuer claim]
     *
     * @return bool
     */
    public static function alg($headObject)
    {
        if (!isset($headObject['alg']) ||
            (isset($headObject['alg']) && empty($headObject)) &&
            self::getAlgorithm($headObject['alg'])
        ) {
            return;
        }

        self::algorithm($headObject['alg']);

        return true;
    }

    /**
     * [iss Issuer claim]
     *
     * @return bool
     */
    public static function iss($payloadObject)
    {
        if (!isset($payloadObject['iss']) ||
            (isset($payloadObject['iss']) && empty($payloadObject))
        ) {
            return;
        }

        $router = new route\router;
        $router->route();

        if ($payloadObject['iss'] !== $router->getIssuer(true)) {
            return;
        }

        return true;
    }

    /**
     * [sub Subject claim]
     * The Responsible API uses the "Subject" claim as a placeholder for account Ids
     *
     * @return bool
     */
    public static function sub($payloadObject)
    {
        if (!isset($payloadObject['sub']) ||
            (isset($payloadObject['sub']) && empty($payloadObject))
        ) {
            return;
        }

        $account = (object) (new user\user)
            ->setOptions(parent::$options)
            ->load($payloadObject['sub'], ['refreshToken' => false])
        ;

        if (empty($account)) {
            return;
        } else {
            if (!isset($account->account_id)) {
                return;
            }

            if ((int) $account->account_id !== (int) $payloadObject['sub']) {
                return;
            }
        }

        return true;
    }

    /**
     * [iat Issued at claim]
     *
     * @return bool
     */
    public static function iat($payloadObject)
    {
        if (!isset($payloadObject['iat']) ||
            (isset($payloadObject['iat']) && empty($payloadObject))
        ) {
            return;
        }

        if ($payloadObject['iat'] > self::getTimestamp()) {
            (new exception\errorException)
                ->setOptions(parent::$options)
                ->message(self::messages('not_ready'))
                ->error('NO_CONTENT');
        }

        return true;
    }

    /**
     * [nbf Not before claim]
     *
     * @return bool
     */
    public static function nbf($payloadObject)
    {
        if (!isset($payloadObject['nbf']) ||
            (isset($payloadObject['nbf']) && empty($payloadObject))
        ) {
            return;
        }

        if ($payloadObject['nbf'] > self::getTimestamp()) {
            (new exception\errorException)
                ->setOptions(parent::$options)
                ->message(self::messages('not_ready'))
                ->error('NO_CONTENT');
        }

        return true;
    }

    /**
     * [exp Expiration claim this optional so if its not set return true]
     *
     * @return bool
     */
    public static function exp($payloadObject)
    {
        if (!isset($payloadObject['exp']) ||
            (isset($payloadObject['exp']) && empty($payloadObject))
        ) {
            return true;
        }

        if ($payloadObject['exp'] <= (int) (self::$TIMESTAMP - self::$LEEWAY)) {
            (new exception\errorException)
                ->setOptions(parent::$options)
                ->message(self::messages('expired'))
                ->error('UNAUTHORIZED');
        }

        return true;
    }

    /**
     * [leeway Inherit the leeway offset]
     * @param  int $leeway [integer in seconds]
     * @return void
     */
    public static function leeway($leeway)
    {
        self::$LEEWAY = $leeway;
    }

    /**
     * [timestamp Inherit the current timestamp (now)]
     * @param  int $timestamp [integer in seconds]
     * @return void
     */
    public static function timestamp($timestamp)
    {
        self::$TIMESTAMP = $timestamp;
    }

    /**
     * [getTimestamp Add both the timestamp (now) and the leeway]
     * @return int
     */
    private static function getTimestamp()
    {
        return (int) (self::$TIMESTAMP + self::$LEEWAY);
    }

    /**
     * [algorithm Set the requested hash algorithm]
     * @return string
     */
    public static function algorithm($algo = 'SHA256')
    {
        if ($algo == 'HS256') {
            $algo = 'sha256';
        }
        self::$ALGORITHM = $algo;
    }
}


1			<?php
2			/**
3			* ==================================
4			* Responsible PHP API
5			* ==================================
6			*
7			* @link Git https://github.com/vince-scarpa/responsibleAPI.git
8			*
9			* @api Responible API
10			* @package responsible\core\oauth
11			*
12			* @author Vince scarpa <[email protected]>
13			*
14			*/
15			namespace responsible\core\auth;
16
17			use responsible\core\encoder;
18			use responsible\core\exception;
19			use responsible\core\route;
20			use responsible\core\user;
21
22			class jwtValidate extends jwt
23			{
24			/**
25			* [$TIMESTAMP]
26			* @var int
27			*/
28			protected static $TIMESTAMP;
29
30			/**
31			* [$LEEWAY]
32			* @var int
33			*/
34			protected static $LEEWAY = 0;
35
36			/**
37			* [$ALGORITHM]
38			* @var string
39			*/
40			private static $ALGORITHM;
41
42			/**
43			* [header Validate the header object]
44			* First segment of the token
45			* @return bool
46			*/
47			public static function header(array $headObject = [])
48			{
49			if (
50			empty($headObject) \|\|
51			!self::typ($headObject) \|\|
52			!self::alg($headObject)
53			) {
54			(new exception\errorException)
55			->setOptions(parent::$options)
56			->message(self::messages('denied_token'))
57			->error('UNAUTHORIZED');
58			}
59			}
60
61			/**
62			* [payload Validate the payload object]
63			* Second segment of the token
64			* @return bool
65			*/
66			public static function payload(array $payloadObject = [])
67			{
68			if( isset($payloadObject['scope']) && $payloadObject['scope'] == 'anonymous' ) {
69			return true;
70			}
71
72			if (
73			!is_array($payloadObject) \|\|
74			!self::iss($payloadObject) \|\|
75			!self::sub($payloadObject) \|\|
76			!self::iat($payloadObject) \|\|
77			!self::nbf($payloadObject) \|\|
78			!self::exp($payloadObject)
79			) {
80			(new exception\errorException)
81			->setOptions(parent::$options)
82			->message(self::messages('denied_token'))
83			->error('UNAUTHORIZED');
84			}
85			}
86
87			/**
88			* [signature - Validate the signature object]
89			* Third segment of the token
90			* @return bool
91			*/
92			public static function signature($jwtHead, $jwtPayload, $signature, $key)
93			{
94			if (empty($jwtHead) \|\|
95			empty($jwtPayload) \|\|
96			empty($signature) \|\|
97			empty($key)
98			) {
99			(new exception\errorException)
100			->setOptions(parent::$options)
101			->message(self::messages('denied_token'))
102			->error('UNAUTHORIZED');
103			}
104
105			$cipher = new encoder\cipher;
106
107			$hashed = $cipher->encode(
108			$cipher->hash(
109			self::$ALGORITHM,
110			$jwtHead . '.' . $jwtPayload,
111			$key
112			)
113			);
114
115			if (!$cipher->hashCompare($signature, $hashed)) {
116			(new exception\errorException)
117			->setOptions(parent::$options)
118			->message(self::messages('denied_token'))
119			->error('UNAUTHORIZED');
120			}
121			}
122
123			/**
124			* [typ Issuer claim]
125			*
126			* @return bool
127			*/
128			public static function typ($headObject)
129			{
130			if (!isset($headObject['typ']) \|\|
131			(isset($headObject['typ']) && empty($headObject))
132			) {
133			return;
134			}
135			return true;
136			}
137
138			/**
139			* [alg Issuer claim]
140			*
141			* @return bool
142			*/
143			public static function alg($headObject)
144			{
145			if (!isset($headObject['alg']) \|\|
146			(isset($headObject['alg']) && empty($headObject)) &&
147			self::getAlgorithm($headObject['alg'])
148			) {
149			return;
150			}
151
152			self::algorithm($headObject['alg']);
153
154			return true;
155			}
156
157			/**
158			* [iss Issuer claim]
159			*
160			* @return bool
161			*/
162			public static function iss($payloadObject)
163			{
164			if (!isset($payloadObject['iss']) \|\|
165			(isset($payloadObject['iss']) && empty($payloadObject))
166			) {
167			return;
168			}
169
170			$router = new route\router;
171			$router->route();
172
173			if ($payloadObject['iss'] !== $router->getIssuer(true)) {
174			return;
175			}
176
177			return true;
178			}
179
180			/**
181			* [sub Subject claim]
182			* The Responsible API uses the "Subject" claim as a placeholder for account Ids
183			*
184			* @return bool
185			*/
186			public static function sub($payloadObject)
187			{
188			if (!isset($payloadObject['sub']) \|\|
189			(isset($payloadObject['sub']) && empty($payloadObject))
190			) {
191			return;
192			}
193
194			$account = (object) (new user\user)
195			->setOptions(parent::$options)
196			->load($payloadObject['sub'], ['refreshToken' => false])
197			;
198
199			if (empty($account)) {
200			return;
201			} else {
202			if (!isset($account->account_id)) {
203			return;
204			}
205
206			if ((int) $account->account_id !== (int) $payloadObject['sub']) {
207			return;
208			}
209			}
210
211			return true;
212			}
213
214			/**
215			* [iat Issued at claim]
216			*
217			* @return bool
218			*/
219			public static function iat($payloadObject)
220			{
221			if (!isset($payloadObject['iat']) \|\|
222			(isset($payloadObject['iat']) && empty($payloadObject))
223			) {
224			return;
225			}
226
227			if ($payloadObject['iat'] > self::getTimestamp()) {
228			(new exception\errorException)
229			->setOptions(parent::$options)
230			->message(self::messages('not_ready'))
231			->error('NO_CONTENT');
232			}
233
234			return true;
235			}
236
237			/**
238			* [nbf Not before claim]
239			*
240			* @return bool
241			*/
242			public static function nbf($payloadObject)
243			{
244			if (!isset($payloadObject['nbf']) \|\|
245			(isset($payloadObject['nbf']) && empty($payloadObject))
246			) {
247			return;
248			}
249
250			if ($payloadObject['nbf'] > self::getTimestamp()) {
251			(new exception\errorException)
252			->setOptions(parent::$options)
253			->message(self::messages('not_ready'))
254			->error('NO_CONTENT');
255			}
256
257			return true;
258			}
259
260			/**
261			* [exp Expiration claim this optional so if its not set return true]
262			*
263			* @return bool
264			*/
265			public static function exp($payloadObject)
266			{
267			if (!isset($payloadObject['exp']) \|\|
268			(isset($payloadObject['exp']) && empty($payloadObject))
269			) {
270			return true;
271			}
272
273			if ($payloadObject['exp'] <= (int) (self::$TIMESTAMP - self::$LEEWAY)) {
274			(new exception\errorException)
275			->setOptions(parent::$options)
276			->message(self::messages('expired'))
277			->error('UNAUTHORIZED');
278			}
279
280			return true;
281			}
282
283			/**
284			* [leeway Inherit the leeway offset]
285			* @param int $leeway [integer in seconds]
286			* @return void
287			*/
288			public static function leeway($leeway)
289			{
290			self::$LEEWAY = $leeway;
291			}
292
293			/**
294			* [timestamp Inherit the current timestamp (now)]
295			* @param int $timestamp [integer in seconds]
296			* @return void
297			*/
298			public static function timestamp($timestamp)
299			{
300			self::$TIMESTAMP = $timestamp;
301			}
302
303			/**
304			* [getTimestamp Add both the timestamp (now) and the leeway]
305			* @return int
306			*/
307			private static function getTimestamp()
308			{
309			return (int) (self::$TIMESTAMP + self::$LEEWAY);
310			}
311
312			/**
313			* [algorithm Set the requested hash algorithm]
314			* @return string
315			*/
316			public static function algorithm($algo = 'SHA256')
317			{
318			if ($algo == 'HS256') {
319			$algo = 'sha256';
320			}
321			self::$ALGORITHM = $algo;
322			}
323			}
324

vince-scarpa / responsibleAPI

Branch — master (e80214)

jwtValidate F

Complexity

Size/Duplication

Importance

14 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like