Issues in OAuth.php - New Issues - Inspection of "Fixed conding standards and improved code" - woocommerce/wc-api-php - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 3150c4...4cbb1c )

unknown

created 2016-10-26 18:33 UTC

src/WooCommerce/HttpClient/OAuth.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * WooCommerce oAuth1.0
 *
 * @category HttpClient
 * @package  Automattic/WooCommerce
 */

namespace Automattic\WooCommerce\HttpClient;

/**
 * oAuth1.0 class.
 *
 * @package Automattic/WooCommerce
 */
class OAuth
{

    /**
     * OAuth signature method algorithm.
     */
    const HASH_ALGORITHM = 'SHA256';

    /**
     * API endpoint URL.
     *
     * @var string
     */
    protected $url;

    /**
     * Consumer key.
     *
     * @var string
     */
    protected $consumerKey;

    /**
     * Consumer secret.
     *
     * @var string
     */
    protected $consumerSecret;

    /**
     * API version.
     *
     * @var array
     */
    protected $apiVersion;

    /**
     * Request method.
     *
     * @var string
     */
    protected $method;

    /**
     * Request parameters.
     *
     * @var array
     */
    protected $parameters;

    /**
     * Timestamp.
     *
     * @var string
     */
    protected $timestamp;

    /**
     * Initialize oAuth class.
     *
     * @param string $url            Store URL.
     * @param string $consumerKey    Consumer key.
     * @param string $consumerSecret Consumer Secret.
     * @param string $method         Request method.
     * @param string $apiVersion     API version.
     * @param array  $parameters     Request parameters.
     * @param string $timestamp      Timestamp.
     */
    public function __construct($url, $consumerKey, $consumerSecret, $apiVersion, $method, $parameters = [], $timestamp = '')
    {
        $this->url            = $url;
        $this->consumerKey    = $consumerKey;
        $this->consumerSecret = $consumerSecret;
        $this->apiVersion     = $apiVersion;

        $this->method         = $method;
        $this->parameters     = $parameters;
        $this->timestamp      = $timestamp;
    }

    /**
     * Normalize strings.
     *
     * @param string $string String to be normalized.
     *
     * @return string
     */
    protected function normalizeString($string)
    {
        return \str_replace('%', '%25', \rawurlencode(\rawurldecode($string)));
    }

    /**
     * Normalize parameters.
     *
     * @param array $parameters Parameters to normalize.
     *
     * @return array
     */
    protected function normalizeParameters($parameters)
    {
        $normalized = [];

        foreach ($parameters as $key => $value) {
            // Percent symbols (%) must be double-encoded.
            $key   = $this->normalizeString($key);
            $value = $this->normalizeString($value);

            $normalized[$key] = $value;
        }

        return $normalized;
    }

    /**
     * Process filters.
     *
     * @param array $parameters Request parameters.
     *
     * @return array
     */
    protected function processFilters($parameters)
    {
        if (isset($parameters['filter'])) {
            $filters = $parameters['filter'];
            unset($parameters['filter']);
            foreach ($filters as $filter => $value) {
                $parameters['filter[' . $filter . ']'] = $value;
            }
        }

        return $parameters;
    }

    /**
     * Get secret.
     *
     * @return string
     */
    protected function getSecret()
    {
        $secret = $this->consumerSecret;

        // Fix secret for v3 or later.
        if (!\in_array($this->apiVersion, ['v1', 'v2'])) {
            $secret .= '&';
        }

        return $secret;
    }

    /**
     * Generate oAuth1.0 signature.
     *
     * @param array $parameters Request parameters including oauth.
     *
     * @return string
     */
    protected function generateOauthSignature($parameters)
    {
        $baseRequestUri = \rawurlencode($this->url);

        // Extract filters.
        $parameters = $this->processFilters($parameters);

        // Normalize parameter key/values and sort them.
        $parameters = $this->normalizeParameters($parameters);
        \uksort($parameters, 'strcmp');

        // Set query string.
        $query = [];
        foreach ($parameters as $key => $value) {
            $query[] = $key . '%3D' . $value; // Join with equals sign.
        }

        $queryString  = \implode('%26', $query); // Join with ampersand.
        $stringToSign = $this->method . '&' . $baseRequestUri . '&' . $queryString;
        $secret       = $this->getSecret();

        return \base64_encode(\hash_hmac(self::HASH_ALGORITHM, $stringToSign, $secret, true));
    }

    /**
     * Sort parameters.
     *
     * @param array $parameters Parameters to sort in byte-order.
     *
     * @return array
     */
    protected function getSortedParameters($parameters)
    {
        \uksort($parameters, 'strcmp');

        foreach ($parameters as $key => $value) {
            if (\is_array($value)) {
                \uksort($parameters[$key], 'strcmp');
            }
        }

        return $parameters;
    }

    /**
     * Get oAuth1.0 parameters.
     *
     * @return string
     */
    public function getParameters()
    {
        $parameters = \array_merge($this->parameters, [
            'oauth_consumer_key'     => $this->consumerKey,
            'oauth_timestamp'        => $this->timestamp,
            'oauth_nonce'            => \sha1(\microtime()),
            'oauth_signature_method' => 'HMAC-' . self::HASH_ALGORITHM,
        ]);

        // The parameters above must be included in the signature generation.
        $parameters['oauth_signature'] = $this->generateOauthSignature($parameters);

        return $this->getSortedParameters($parameters);
    }
}


1			<?php
2			/**
3			* WooCommerce oAuth1.0
4			*
5			* @category HttpClient
6			* @package Automattic/WooCommerce
7			*/
8
9			namespace Automattic\WooCommerce\HttpClient;
10
11			/**
12			* oAuth1.0 class.
13			*
14			* @package Automattic/WooCommerce
15			*/
16			class OAuth
17			{
18
19			/**
20			* OAuth signature method algorithm.
21			*/
22			const HASH_ALGORITHM = 'SHA256';
23
24			/**
25			* API endpoint URL.
26			*
27			* @var string
28			*/
29			protected $url;
30
31			/**
32			* Consumer key.
33			*
34			* @var string
35			*/
36			protected $consumerKey;
37
38			/**
39			* Consumer secret.
40			*
41			* @var string
42			*/
43			protected $consumerSecret;
44
45			/**
46			* API version.
47			*
48			* @var array
49			*/
50			protected $apiVersion;
51
52			/**
53			* Request method.
54			*
55			* @var string
56			*/
57			protected $method;
58
59			/**
60			* Request parameters.
61			*
62			* @var array
63			*/
64			protected $parameters;
65
66			/**
67			* Timestamp.
68			*
69			* @var string
70			*/
71			protected $timestamp;
72
73			/**
74			* Initialize oAuth class.
75			*
76			* @param string $url Store URL.
77			* @param string $consumerKey Consumer key.
78			* @param string $consumerSecret Consumer Secret.
79			* @param string $method Request method.
80			* @param string $apiVersion API version.
81			* @param array $parameters Request parameters.
82			* @param string $timestamp Timestamp.
83			*/
84			public function __construct($url, $consumerKey, $consumerSecret, $apiVersion, $method, $parameters = [], $timestamp = '')
85			{
86			$this->url = $url;
87			$this->consumerKey = $consumerKey;
88			$this->consumerSecret = $consumerSecret;
89			$this->apiVersion = $apiVersion;
			0 ignored issues – show Documentation Bug introduced 2016-10-26 18:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$apiVersion` of type `string` is incompatible with the declared type `array` of property `$apiVersion`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
90			$this->method = $method;
91			$this->parameters = $parameters;
92			$this->timestamp = $timestamp;
93			}
94
95			/**
96			* Normalize strings.
97			*
98			* @param string $string String to be normalized.
99			*
100			* @return string
101			*/
102			protected function normalizeString($string)
103			{
104			return \str_replace('%', '%25', \rawurlencode(\rawurldecode($string)));
105			}
106
107			/**
108			* Normalize parameters.
109			*
110			* @param array $parameters Parameters to normalize.
111			*
112			* @return array
113			*/
114			protected function normalizeParameters($parameters)
115			{
116			$normalized = [];
117
118			foreach ($parameters as $key => $value) {
119			// Percent symbols (%) must be double-encoded.
120			$key = $this->normalizeString($key);
121			$value = $this->normalizeString($value);
122
123			$normalized[$key] = $value;
124			}
125
126			return $normalized;
127			}
128
129			/**
130			* Process filters.
131			*
132			* @param array $parameters Request parameters.
133			*
134			* @return array
135			*/
136			protected function processFilters($parameters)
137			{
138			if (isset($parameters['filter'])) {
139			$filters = $parameters['filter'];
140			unset($parameters['filter']);
141			foreach ($filters as $filter => $value) {
142			$parameters['filter[' . $filter . ']'] = $value;
143			}
144			}
145
146			return $parameters;
147			}
148
149			/**
150			* Get secret.
151			*
152			* @return string
153			*/
154			protected function getSecret()
155			{
156			$secret = $this->consumerSecret;
157
158			// Fix secret for v3 or later.
159			if (!\in_array($this->apiVersion, ['v1', 'v2'])) {
160			$secret .= '&';
161			}
162
163			return $secret;
164			}
165
166			/**
167			* Generate oAuth1.0 signature.
168			*
169			* @param array $parameters Request parameters including oauth.
170			*
171			* @return string
172			*/
173			protected function generateOauthSignature($parameters)
174			{
175			$baseRequestUri = \rawurlencode($this->url);
176
177			// Extract filters.
178			$parameters = $this->processFilters($parameters);
179
180			// Normalize parameter key/values and sort them.
181			$parameters = $this->normalizeParameters($parameters);
182			\uksort($parameters, 'strcmp');
183
184			// Set query string.
185			$query = [];
186			foreach ($parameters as $key => $value) {
187			$query[] = $key . '%3D' . $value; // Join with equals sign.
188			}
189
190			$queryString = \implode('%26', $query); // Join with ampersand.
191			$stringToSign = $this->method . '&' . $baseRequestUri . '&' . $queryString;
192			$secret = $this->getSecret();
193
194			return \base64_encode(\hash_hmac(self::HASH_ALGORITHM, $stringToSign, $secret, true));
195			}
196
197			/**
198			* Sort parameters.
199			*
200			* @param array $parameters Parameters to sort in byte-order.
201			*
202			* @return array
203			*/
204			protected function getSortedParameters($parameters)
205			{
206			\uksort($parameters, 'strcmp');
207
208			foreach ($parameters as $key => $value) {
209			if (\is_array($value)) {
210			\uksort($parameters[$key], 'strcmp');
211			}
212			}
213
214			return $parameters;
215			}
216
217			/**
218			* Get oAuth1.0 parameters.
219			*
220			* @return string
221			*/
222			public function getParameters()
223			{
224			$parameters = \array_merge($this->parameters, [
225			'oauth_consumer_key' => $this->consumerKey,
226			'oauth_timestamp' => $this->timestamp,
227			'oauth_nonce' => \sha1(\microtime()),
228			'oauth_signature_method' => 'HMAC-' . self::HASH_ALGORITHM,
229			]);
230
231			// The parameters above must be included in the signature generation.
232			$parameters['oauth_signature'] = $this->generateOauthSignature($parameters);
233
234			return $this->getSortedParameters($parameters);
235			}
236			}
237

woocommerce / wc-api-php

Push — master ( 3150c4...4cbb1c )

src/WooCommerce/HttpClient/OAuth.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like