Passed
Push — master ( a038d0...28179e )
by Martynas
03:44 queued 02:05
created

Server::getBrokerSessionId()   A

Complexity

Conditions 3
Paths 2

Size

Total Lines 10
Code Lines 5

Duplication

Lines 0
Ratio 0 %

Importance

Changes 1
Bugs 0 Features 0
Metric Value
cc 3
eloc 5
c 1
b 0
f 0
nc 2
nop 0
dl 0
loc 10
rs 9.4285
1
<?php
2
3
use Zefy\SimpleSSO\SSOServer;
4
5
class Server extends SSOServer
6
{
7
    /**
8
     * All available brokers list.
9
     *
10
     * @var array
11
     */
12
    protected $brokers = [
13
        'broker1' => [
14
            'secret' => 's3cr3th4sh',
15
        ],
16
    ];
17
18
    /**
19
     * All available users.
20
     *
21
     * @var array
22
     */
23
    protected $users = [
24
        'user1' => [
25
            'password1'
26
        ],
27
    ];
28
29
    /**
30
     * Redirect to provided URL with query string.
31
     *
32
     * If $url is null, redirect to url which given in 'return_url'.
33
     *
34
     * @param string|null $url URL to be redirected.
35
     * @param array $parameters HTTP query string.
36
     * @param int $httpResponseCode HTTP response code for redirection.
37
     *
38
     * @return void
39
     */
40
    protected function redirect(?string $url = null, array $parameters = [], int $httpResponseCode = 307)
41
    {
42
        if (!$url) {
43
            $url = urldecode($_GET['return_url']);
44
        }
45
        $query = '';
46
        // Making URL query string if parameters given.
47
        if (!empty($parameters)) {
48
            $query = '?';
49
            if (parse_url($url, PHP_URL_QUERY)) {
50
                $query = '&';
51
            }
52
            $query .= http_build_query($parameters);
53
        }
54
        header('Location: ' . $url . $query);
55
        exit;
56
    }
57
58
    /**
59
     * Returning json response for the broker.
60
     *
61
     * @param null|array $response Response array which will be encoded to json.
62
     * @param int $httpResponseCode HTTP response code.
63
     *
64
     * @return string
65
     */
66
    protected function returnJson(?array $response = null, int $httpResponseCode = 200)
67
    {
68
        header('Content-Type: application/json');
69
        return json_encode($response);
70
    }
71
72
    /**
73
     * Authenticate using user credentials
74
     *
75
     * @param string $username
76
     * @param string $password
77
     *
78
     * @return bool
79
     */
80
    protected function authenticate(string $username, string $password)
81
    {
82
        if (!isset($this->users[$username]) || $this->users[$username]['password'] != $password) {
83
            return false;
84
        }
85
86
        return true;
87
    }
88
89
    /**
90
     * Get the secret key and other info of a broker
91
     *
92
     * @param string $brokerId
93
     *
94
     * @return null|array
95
     */
96
    protected function getBrokerInfo(string $brokerId)
97
    {
98
        if (!isset($this->brokers[$brokerId])) {
99
            return null;
100
        }
101
102
        return $this->brokers[$brokerId];
103
    }
104
105
    /**
106
     * Get the information about a user
107
     *
108
     * @param string $username
109
     *
110
     * @return array|object|null
111
     */
112
    protected function getUserInfo(string $username)
113
    {
114
        if (!isset($this->users[$username])) {
115
            return null;
116
        }
117
118
        return $this->users[$username];
119
    }
120
121
    /**
122
     * Returning user info for broker. Should return json or something like that.
123
     *
124
     * @param array|object $user Can be user object or array.
125
     *
126
     * @return mixed
127
     */
128
    protected function returnUserInfo($user)
129
    {
130
        return json_encode($user);
131
    }
132
133
    /**
134
     * Return session id sent from broker.
135
     *
136
     * @return null|string
137
     */
138
139
    protected function getBrokerSessionId()
140
    {
141
        $headers = getallheaders();
142
        if (isset($headers['Authorization']) &&  strpos($headers['Authorization'], 'Bearer') === 0) {
143
            $headers['Authorization'] = substr($headers['Authorization'], 7);
144
145
            return $headers['Authorization'];
146
        }
147
148
        return null;
149
    }
150
151
    /**
152
     * Start new session when user visits server.
153
     *
154
     * @return void
155
     */
156
    protected function startUserSession()
157
    {
158
        if (session_status() !== PHP_SESSION_ACTIVE) {
159
            session_start();
160
        }
161
    }
162
163
    /**
164
     * Set session data
165
     *
166
     * @param string $key
167
     * @param null|string $value
168
     *
169
     * @return void
170
     */
171
    protected function setSessionData(string $key, ?string $value = null)
172
    {
173
        if (!$value) {
174
            unset($_SESSION['key']);
175
            return;
176
        }
177
178
        $_SESSION[$key] = $value;
179
    }
180
181
    /**
182
     * Get data saved in session.
183
     *
184
     * @param string $key
185
     *
186
     * @return null|string
187
     */
188
    protected function getSessionData(string $key)
189
    {
190
        if ($key === 'id') {
191
            return session_id();
192
        }
193
194
        if (!isset($_SESSION[$key])) {
195
            return null;
196
        }
197
198
        return $_SESSION[$key];
199
    }
200
201
    /**
202
     * Start new session with specific session id.
203
     *
204
     * @param $sessionId
205
     *
206
     * @return void
207
     */
208
    protected function startSession(string $sessionId)
209
    {
210
        session_id($sessionId);
211
        session_start();
212
    }
213
214
    /**
215
     * Save broker session data to cache.
216
     *
217
     * @param string $brokerSessionId
218
     * @param string $sessionData
219
     *
220
     * @return void
221
     */
222
    protected function saveBrokerSessionData(string $brokerSessionId, string $sessionData)
223
    {
224
        /** This is basic example and you should do something better. */
225
226
        $cacheFile = fopen('broker_session_' . $brokerSessionId, 'w');
227
        fwrite($cacheFile, $sessionData);
0 ignored issues
show
Bug introduced by
It seems like $cacheFile can also be of type false; however, parameter $handle of fwrite() does only seem to accept resource, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

227
        fwrite(/** @scrutinizer ignore-type */ $cacheFile, $sessionData);
Loading history...
228
        fclose($cacheFile);
0 ignored issues
show
Bug introduced by
It seems like $cacheFile can also be of type false; however, parameter $handle of fclose() does only seem to accept resource, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

228
        fclose(/** @scrutinizer ignore-type */ $cacheFile);
Loading history...
229
    }
230
231
    /**
232
     * Get broker session data from cache.
233
     *
234
     * @param string $brokerSessionId
235
     *
236
     * @return null|string
237
     */
238
    protected function getBrokerSessionData(string $brokerSessionId)
239
    {
240
        /** This is basic example and you should do something better. */
241
242
        $cacheFileName = 'broker_session_' . $brokerSessionId;
243
244
        if (!file_exists($cacheFileName)) {
245
            return null;
246
        }
247
248
        if (time() - 3600 > filemtime($cacheFileName)) {
249
            unlink($cacheFileName);
250
251
            return null;
252
        }
253
254
        echo file_get_contents($cacheFileName);
255
    }
256
}
257