Issues in JwtGuard.php - All Issues - Inspection of "Clean up some duplicate code and put alias for Cla..." - wisoot/jwt-guard - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — develop ( 8c7de8...b64521 )

by Wisoot

created 2016-05-04 23:37 UTC

src/JwtGuard.php (2 issues)

Labels

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace WWON\JwtGuard;

use Illuminate\Auth\Events\Attempting;
use Illuminate\Auth\Events\Login;
use Illuminate\Auth\Events\Logout;
use Illuminate\Auth\GuardHelpers;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Contracts\Auth\UserProvider;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Config;
use WWON\JwtGuard\Exceptions\Exception;
use WWON\JwtGuard\Exceptions\InaccessibleException;
use WWON\JwtGuard\Exceptions\InvalidTokenException;
use WWON\JwtGuard\Exceptions\MalformedException;
use WWON\JwtGuard\Exceptions\TokenExpiredException;

class JwtGuard implements Guard
{

    use GuardHelpers;

    /**
     * @var string
     */
    protected $token;

    /**
     * @var bool
     */
    protected $isTokenRefreshable = false;

    /**
     * @var JwtService
     */
    protected $jwtService;

    /**
     * @var Request
     */
    protected $request;

    /**
     * Indicates if the logout method has been called.
     *
     * @var bool
     */
    protected $loggedOut = false;

    /**
     * JwtGuard constructor
     *
     * @param UserProvider $provider
     * @param JwtService $jwtService
     * @param Request|null $request
     */
    public function __construct(
        UserProvider $provider,
        JwtService $jwtService,
        Request $request = null
    ) {
        $this->provider = $provider;
        $this->jwtService = $jwtService;
        $this->request = $request;
    }

    /**
     * Get the currently authenticated user.
     *
     * @return \Illuminate\Contracts\Auth\Authenticatable|null
     */
    public function user()
    {
        // If we've already retrieved the user for the current request we can just
        // return it back immediately. We do not want to fetch the user data on
        // every call to this method because that would be tremendously slow.
        if ($this->user) {
            return $this->user;
        }

        if (!$token = $this->getBearerToken()) {
            return $this->user = null;
        }

        try {
            $this->user = $this->getUserByToken($token);
        } catch (InaccessibleException $e) {
            $this->isTokenRefreshable = true;
            $this->user = null;
        } catch (Exception $e) {
            $this->user = null;
        }

        return $this->user;
    }

    /**
     * Retrieve the user by the given payload.
     *
     * @param string $token
     * @return AuthenticatableContract|null
     * @throws InaccessibleException
     * @throws MalformedException
     * @throws TokenExpiredException
     * @throws InvalidTokenException
     */
    protected function getUserByToken($token)
    {
        $claim = $this->jwtService->getClaimFromToken($token);
        $user = $this->provider->retrieveById($claim->sub);

        if (!empty($user) && get_class($user) !== $claim->aud) {
            throw new InvalidTokenException;
        }

        return $user;
    }

    /**
     * Validate a user's credentials.
     *
     * @param array $credentials
     * @return bool
     */
    public function validate(array $credentials = [])
    {
        return $this->attempt($credentials, false);
    }

    /**
     * Attempt to authenticate a user using the given credentials.
     *
     * @param array $credentials
     * @param bool $login
     * @return bool
     */
    public function attempt(array $credentials = [], $login = true)
    {
        $this->fireAttemptEvent($credentials, $login);

        $user = $this->provider->retrieveByCredentials($credentials);

        // If an implementation of UserInterface was returned, we'll ask the provider
        // to validate the user against the given credentials, and if they are in
        // fact valid we'll log the users into the application and return true.
        if ($this->hasValidCredentials($user, $credentials)) {
            if ($login) {
                $this->login($user);
            }

            return true;
        }

        return false;
    }

    /**
     * Determine if the user matches the credentials.
     *
     * @param mixed $user
     * @param array $credentials
     * @return bool
     */
    protected function hasValidCredentials($user, $credentials)
    {
        return ! is_null($user) && $this->provider->validateCredentials($user, $credentials);
    }

    /**
     * Fire the attempt event with the arguments.
     *
     * @param array $credentials
     * @param bool $login
     * @return void
     */
    protected function fireAttemptEvent(array $credentials, $login)
    {
        if (isset($this->events)) {
            $this->events->fire(new Attempting(
                $credentials, false, $login
            ));
        }
    }

    /**
     * Register an authentication attempt event listener.
     *
     * @param mixed $callback
     * @return void
     */
    public function attempting($callback)
    {
        if (isset($this->events)) {
            $this->events->listen(Attempting::class, $callback);
        }
    }

    /**
     * Log a user into the application.
     *
     * @param \Illuminate\Contracts\Auth\Authenticatable $user
     * @return void
     */
    public function login(AuthenticatableContract $user)
    {
        $claim = new Claim([
            'sub' => $user->getAuthIdentifier(),
            'aud' => get_class($user),
            'refresh' => Config::get('jwt.refreshable')
        ]);

        $token = $this->jwtService->getTokenForClaim($claim);

        // If we have an event dispatcher instance set we will fire an event so that
        // any listeners will hook into the authentication events and run actions
        // based on the login and logout events fired from the guard instances.
        $this->fireLoginEvent($user);

        $this->setToken($token);
        $this->setUser($user);
    }

    /**
     * generateTokenForUser method
     *
     * @param string $token
     * @return string
     */
    protected function refreshTokenForUser($token)
    {
        try {
            $newToken = $this->jwtService->refreshToken($token);
        } catch (Exception $e) {
            $newToken = null;
        }

        return $newToken;
    }

    /**
     * Fire the login event if the dispatcher is set.
     *
     * @param \Illuminate\Contracts\Auth\Authenticatable $user
     * @param bool  $remember
     * @return void
     */
    protected function fireLoginEvent($user, $remember = false)
    {
        if (isset($this->events)) {
            $this->events->fire(new Login($user, $remember));
        }
    }

    /**
     * Log the given user ID into the application.
     *
     * @param mixed $id
     * @return \Illuminate\Contracts\Auth\Authenticatable
     */
    public function loginUsingId($id)
    {
        $this->login($user = $this->provider->retrieveById($id));

        return $user;
    }

    /**
     * Log the user out of the application.
     *
     * @return void
     */
    public function logout()
    {
        if (!$token = $this->getBearerToken()) {
            return;
        }

        try {
            $this->jwtService->invalidateToken($token);
        } catch (Exception $e) { }


        $this->logoutCurrentUser();
    }

    /**
     * log this user out from every token
     *
     * @return void
     */
    public function logoutAll()
    {
        if (!$token = $this->getBearerToken()) {
            return;
        }

        try {
            $user = $this->jwtService->getClaimFromToken($token);

            $this->jwtService->wipeUserTokens($user);

        } catch (Exception $e) { }


        $this->logoutCurrentUser();
    }

    /**
     * logoutCurrentUser method
     */
    protected function logoutCurrentUser()
    {
        if (isset($this->events)) {
            $this->events->fire(new Logout($this->user));
        }

        // Once we have fired the logout event we will clear the users out of memory
        // so they are no longer available as the user is no longer considered as
        // being signed into this application and should not be available here.
        $this->user = null;
        $this->token = null;
        $this->loggedOut = true;
    }

    /**
     * Refresh user token
     *
     * @return string|null
     */
    public function refreshToken()
    {
        if (!$token = $this->getBearerToken()) {
            return null;
        }

        $this->token = $this->refreshTokenForUser($token);

        return $this->token;
    }

    /**
     * setToken method
     *
     * @param string $token
     */
    public function setToken($token)
    {
        $this->token = $token;
    }

    /**
     * getToken method
     *
     * @return null|string
     */
    public function getToken()
    {
        return $this->token;
    }

    /**
     * isTokenRefreshable method
     */
    public function isTokenRefreshable()
    {
        return $this->isTokenRefreshable;
    }

    /**
     * getBearerToken method
     *
     * @return string|null
     */
    protected function getBearerToken()
    {
        $header = $this->request->header('Authorization', '');

        if (starts_with(strtolower($header), 'bearer ')) {
            return mb_substr($header, 7, null, 'UTF-8');
        }

        return null;
    }

}

1			<?php
2
3			namespace WWON\JwtGuard;
4
5			use Illuminate\Auth\Events\Attempting;
6			use Illuminate\Auth\Events\Login;
7			use Illuminate\Auth\Events\Logout;
8			use Illuminate\Auth\GuardHelpers;
9			use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
10			use Illuminate\Contracts\Auth\Guard;
11			use Illuminate\Contracts\Auth\UserProvider;
12			use Illuminate\Http\Request;
13			use Illuminate\Support\Facades\Config;
14			use WWON\JwtGuard\Exceptions\Exception;
15			use WWON\JwtGuard\Exceptions\InaccessibleException;
16			use WWON\JwtGuard\Exceptions\InvalidTokenException;
17			use WWON\JwtGuard\Exceptions\MalformedException;
18			use WWON\JwtGuard\Exceptions\TokenExpiredException;
19
20			class JwtGuard implements Guard
21			{
22
23			use GuardHelpers;
24
25			/**
26			* @var string
27			*/
28			protected $token;
29
30			/**
31			* @var bool
32			*/
33			protected $isTokenRefreshable = false;
34
35			/**
36			* @var JwtService
37			*/
38			protected $jwtService;
39
40			/**
41			* @var Request
42			*/
43			protected $request;
44
45			/**
46			* Indicates if the logout method has been called.
47			*
48			* @var bool
49			*/
50			protected $loggedOut = false;
51
52			/**
53			* JwtGuard constructor
54			*
55			* @param UserProvider $provider
56			* @param JwtService $jwtService
57			* @param Request\|null $request
58			*/
59			public function __construct(
60			UserProvider $provider,
61			JwtService $jwtService,
62			Request $request = null
63			) {
64			$this->provider = $provider;
65			$this->jwtService = $jwtService;
66			$this->request = $request;
67			}
68
69			/**
70			* Get the currently authenticated user.
71			*
72			* @return \Illuminate\Contracts\Auth\Authenticatable\|null
73			*/
74			public function user()
75			{
76			// If we've already retrieved the user for the current request we can just
77			// return it back immediately. We do not want to fetch the user data on
78			// every call to this method because that would be tremendously slow.
79			if ($this->user) {
80			return $this->user;
81			}
82
83			if (!$token = $this->getBearerToken()) {
84			return $this->user = null;
85			}
86
87			try {
88			$this->user = $this->getUserByToken($token);
89			} catch (InaccessibleException $e) {
90			$this->isTokenRefreshable = true;
91			$this->user = null;
92			} catch (Exception $e) {
93			$this->user = null;
94			}
95
96			return $this->user;
97			}
98
99			/**
100			* Retrieve the user by the given payload.
101			*
102			* @param string $token
103			* @return AuthenticatableContract\|null
104			* @throws InaccessibleException
105			* @throws MalformedException
106			* @throws TokenExpiredException
107			* @throws InvalidTokenException
108			*/
109			protected function getUserByToken($token)
110			{
111			$claim = $this->jwtService->getClaimFromToken($token);
112			$user = $this->provider->retrieveById($claim->sub);
113
114			if (!empty($user) && get_class($user) !== $claim->aud) {
115			throw new InvalidTokenException;
116			}
117
118			return $user;
119			}
120
121			/**
122			* Validate a user's credentials.
123			*
124			* @param array $credentials
125			* @return bool
126			*/
127			public function validate(array $credentials = [])
128			{
129			return $this->attempt($credentials, false);
130			}
131
132			/**
133			* Attempt to authenticate a user using the given credentials.
134			*
135			* @param array $credentials
136			* @param bool $login
137			* @return bool
138			*/
139			public function attempt(array $credentials = [], $login = true)
140			{
141			$this->fireAttemptEvent($credentials, $login);
142
143			$user = $this->provider->retrieveByCredentials($credentials);
144
145			// If an implementation of UserInterface was returned, we'll ask the provider
146			// to validate the user against the given credentials, and if they are in
147			// fact valid we'll log the users into the application and return true.
148			if ($this->hasValidCredentials($user, $credentials)) {
149			if ($login) {
150			$this->login($user);
151			}
152
153			return true;
154			}
155
156			return false;
157			}
158
159			/**
160			* Determine if the user matches the credentials.
161			*
162			* @param mixed $user
163			* @param array $credentials
164			* @return bool
165			*/
166			protected function hasValidCredentials($user, $credentials)
167			{
168			return ! is_null($user) && $this->provider->validateCredentials($user, $credentials);
169			}
170
171			/**
172			* Fire the attempt event with the arguments.
173			*
174			* @param array $credentials
175			* @param bool $login
176			* @return void
177			*/
178			protected function fireAttemptEvent(array $credentials, $login)
179			{
180			if (isset($this->events)) {
181			$this->events->fire(new Attempting(
182			$credentials, false, $login
183			));
184			}
185			}
186
187			/**
188			* Register an authentication attempt event listener.
189			*
190			* @param mixed $callback
191			* @return void
192			*/
193			public function attempting($callback)
194			{
195			if (isset($this->events)) {
196			$this->events->listen(Attempting::class, $callback);
197			}
198			}
199
200			/**
201			* Log a user into the application.
202			*
203			* @param \Illuminate\Contracts\Auth\Authenticatable $user
204			* @return void
205			*/
206			public function login(AuthenticatableContract $user)
207			{
208			$claim = new Claim([
209			'sub' => $user->getAuthIdentifier(),
210			'aud' => get_class($user),
211			'refresh' => Config::get('jwt.refreshable')
212			]);
213
214			$token = $this->jwtService->getTokenForClaim($claim);
215
216			// If we have an event dispatcher instance set we will fire an event so that
217			// any listeners will hook into the authentication events and run actions
218			// based on the login and logout events fired from the guard instances.
219			$this->fireLoginEvent($user);
220
221			$this->setToken($token);
222			$this->setUser($user);
223			}
224
225			/**
226			* generateTokenForUser method
227			*
228			* @param string $token
229			* @return string
230			*/
231			protected function refreshTokenForUser($token)
232			{
233			try {
234			$newToken = $this->jwtService->refreshToken($token);
235			} catch (Exception $e) {
236			$newToken = null;
237			}
238
239			return $newToken;
240			}
241
242			/**
243			* Fire the login event if the dispatcher is set.
244			*
245			* @param \Illuminate\Contracts\Auth\Authenticatable $user
246			* @param bool $remember
247			* @return void
248			*/
249			protected function fireLoginEvent($user, $remember = false)
250			{
251			if (isset($this->events)) {
252			$this->events->fire(new Login($user, $remember));
253			}
254			}
255
256			/**
257			* Log the given user ID into the application.
258			*
259			* @param mixed $id
260			* @return \Illuminate\Contracts\Auth\Authenticatable
261			*/
262			public function loginUsingId($id)
263			{
264			$this->login($user = $this->provider->retrieveById($id));
265
266			return $user;
267			}
268
269			/**
270			* Log the user out of the application.
271			*
272			* @return void
273			*/
274			public function logout()
275			{
276			if (!$token = $this->getBearerToken()) {
277			return;
278			}
279
280			try {
281			$this->jwtService->invalidateToken($token);
282			} catch (Exception $e) { }
			0 ignored issues – show Coding Style Comprehensibility introduced 2016-04-29 00:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider adding a comment why this CATCH block is empty. Loading history...
283
284			$this->logoutCurrentUser();
285			}
286
287			/**
288			* log this user out from every token
289			*
290			* @return void
291			*/
292			public function logoutAll()
293			{
294			if (!$token = $this->getBearerToken()) {
295			return;
296			}
297
298			try {
299			$user = $this->jwtService->getClaimFromToken($token);
300
301			$this->jwtService->wipeUserTokens($user);
302
303			} catch (Exception $e) { }
			0 ignored issues – show Coding Style Comprehensibility introduced 2016-04-29 00:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider adding a comment why this CATCH block is empty. Loading history...
304
305			$this->logoutCurrentUser();
306			}
307
308			/**
309			* logoutCurrentUser method
310			*/
311			protected function logoutCurrentUser()
312			{
313			if (isset($this->events)) {
314			$this->events->fire(new Logout($this->user));
315			}
316
317			// Once we have fired the logout event we will clear the users out of memory
318			// so they are no longer available as the user is no longer considered as
319			// being signed into this application and should not be available here.
320			$this->user = null;
321			$this->token = null;
322			$this->loggedOut = true;
323			}
324
325			/**
326			* Refresh user token
327			*
328			* @return string\|null
329			*/
330			public function refreshToken()
331			{
332			if (!$token = $this->getBearerToken()) {
333			return null;
334			}
335
336			$this->token = $this->refreshTokenForUser($token);
337
338			return $this->token;
339			}
340
341			/**
342			* setToken method
343			*
344			* @param string $token
345			*/
346			public function setToken($token)
347			{
348			$this->token = $token;
349			}
350
351			/**
352			* getToken method
353			*
354			* @return null\|string
355			*/
356			public function getToken()
357			{
358			return $this->token;
359			}
360
361			/**
362			* isTokenRefreshable method
363			*/
364			public function isTokenRefreshable()
365			{
366			return $this->isTokenRefreshable;
367			}
368
369			/**
370			* getBearerToken method
371			*
372			* @return string\|null
373			*/
374			protected function getBearerToken()
375			{
376			$header = $this->request->header('Authorization', '');
377
378			if (starts_with(strtolower($header), 'bearer ')) {
379			return mb_substr($header, 7, null, 'UTF-8');
380			}
381
382			return null;
383			}
384
385			}

wisoot / jwt-guard

Push — develop ( 8c7de8...b64521 )

src/JwtGuard.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like