Sign upLogin

pac4j/pac4j

View on GitHub
Star

Showing 391 of 391 total issues

Method retrieveUserProfileFromToken has 43 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    @Override
    protected Optional<UserProfile> retrieveUserProfileFromToken(final WebContext context, final Token accessToken) {
        val profileDefinition = configuration.getProfileDefinition();
        val facebookConfiguration = (FacebookConfiguration) configuration;
        val profileUrl = profileDefinition.getProfileUrl(accessToken, configuration);
Severity: Minor
Found in pac4j-oauth/src/main/java/org/pac4j/oauth/profile/facebook/FacebookProfileCreator.java - About 1 hr to fix

    Similar blocks of code found in 3 locations. Consider refactoring.
    Open

    package org.pac4j.oauth.profile.yahoo;

import java.io.Serial;
import java.io.Serializable;
    Severity: Major
    Found in pac4j-oauth/src/main/java/org/pac4j/oauth/profile/yahoo/YahooEmail.java and 2 other locations - About 1 hr to fix
    pac4j-oauth/src/main/java/org/pac4j/oauth/profile/facebook/FacebookMusicData.java on lines 1..96
    pac4j-oauth/src/main/java/org/pac4j/oauth/profile/yahoo/YahooImage.java on lines 1..96

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 113.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 3 locations. Consider refactoring.
    Open

    package org.pac4j.oauth.profile.yahoo;

import java.io.Serial;
import java.io.Serializable;
    Severity: Major
    Found in pac4j-oauth/src/main/java/org/pac4j/oauth/profile/yahoo/YahooImage.java and 2 other locations - About 1 hr to fix
    pac4j-oauth/src/main/java/org/pac4j/oauth/profile/facebook/FacebookMusicData.java on lines 1..96
    pac4j-oauth/src/main/java/org/pac4j/oauth/profile/yahoo/YahooEmail.java on lines 1..96

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 113.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 3 locations. Consider refactoring.
    Open

    package org.pac4j.oauth.profile.facebook;

import java.io.Serial;
import java.io.Serializable;
    Severity: Major
    Found in pac4j-oauth/src/main/java/org/pac4j/oauth/profile/facebook/FacebookMusicData.java and 2 other locations - About 1 hr to fix
    pac4j-oauth/src/main/java/org/pac4j/oauth/profile/yahoo/YahooEmail.java on lines 1..96
    pac4j-oauth/src/main/java/org/pac4j/oauth/profile/yahoo/YahooImage.java on lines 1..96

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 113.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Method buildRedirectURL has 42 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

        protected String buildRedirectURL(final MessageContext messageContext, final String endpoint, final String message)
        throws MessageEncodingException {
        LOGGER.debug("Building URL to redirect client to");

        final URLBuilder urlBuilder;
    Severity: Minor
    Found in pac4j-saml/src/main/java/org/pac4j/saml/transport/Pac4jHTTPRedirectDeflateEncoder.java - About 1 hr to fix

      Method getBase64DecodedMessage has 41 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

          protected byte[] getBase64DecodedMessage() throws MessageDecodingException {
        Optional<String> encodedMessage = Optional.empty();
        for (val parameter : SAML_PARAMETERS) {
            encodedMessage = this.callContext.webContext().getRequestParameter(parameter);
            if (encodedMessage.isPresent()) {
      Severity: Minor
      Found in pac4j-saml/src/main/java/org/pac4j/saml/transport/AbstractPac4jDecoder.java - About 1 hr to fix

        Method convertAttributesToProfile has 40 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

            protected U convertAttributesToProfile(final List<Map<String, Object>> listStorageAttributes, final String username) {
        if (listStorageAttributes == null || listStorageAttributes.size() == 0) {
            return null;
        }
        val storageAttributes = listStorageAttributes.get(0);
        Severity: Minor
        Found in pac4j-core/src/main/java/org/pac4j/core/profile/service/AbstractProfileService.java - About 1 hr to fix

          Method callUserInfoEndpoint has a Cognitive Complexity of 13 (exceeds 5 allowed). Consider refactoring.
          Open

              public void callUserInfoEndpoint(final URI userInfoEndpointUri, final AccessToken accessToken, final UserProfile profile)
        throws IOException, ParseException, java.text.ParseException, UserInfoErrorResponseException {
        val opMetadata = configuration.getOpMetadataResolver().load();
        if (opMetadata.getUserInfoEndpointURI() != null && accessToken != null) {
            Request userInfoRequest = new UserInfoRequest(opMetadata.getUserInfoEndpointURI(), accessToken);
          Severity: Minor
          Found in pac4j-oidc/src/main/java/org/pac4j/oidc/profile/creator/OidcProfileCreator.java - About 1 hr to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method buildFormPostContentAction has a Cognitive Complexity of 13 (exceeds 5 allowed). Consider refactoring.
          Open

              public static RedirectionAction buildFormPostContentAction(final WebContext context, final String content) {
        // is this an automatic form post generated by OpenSAML?
        if (content != null && content.contains("onload=\"document.forms[0].submit()\"")) {
            val url = StringEscapeUtils.unescapeHtml4(substringBetween(content, "<form action=\"", "\" method=\"post\">"));
            if (isNotBlank(url)) {
          Severity: Minor
          Found in pac4j-core/src/main/java/org/pac4j/core/util/HttpActionHelper.java - About 1 hr to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method storeMetadata has 37 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

              @Override
    public boolean storeMetadata(final String metadata, final boolean force) throws Exception {
        if (metadataResource == null || CommonHelper.isBlank(metadata)) {
            logger.info("No metadata or resource is provided");
            return false;
          Severity: Minor
          Found in pac4j-saml/src/main/java/org/pac4j/saml/metadata/SAML2FileSystemMetadataGenerator.java - About 1 hr to fix

            Method extract has 37 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

                @Override
    public Optional<Credentials> extract(final CallContext ctx) {
        val webContext = ctx.webContext();

        var username = Optional.<String>empty();
            Severity: Minor
            Found in pac4j-core/src/main/java/org/pac4j/core/credentials/extractor/FormExtractor.java - About 1 hr to fix

              Method find has 37 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                  @Override
    public List<Client> find(final Clients clients, final WebContext context, final String clientNames) {
        final List<Client> result = new ArrayList<>();

        var securityClientNames = clientNames;
              Severity: Minor
              Found in pac4j-core/src/main/java/org/pac4j/core/client/finder/DefaultSecurityClientFinder.java - About 1 hr to fix

                Identical blocks of code found in 2 locations. Consider refactoring.
                Open

                    protected void postEncode(final MessageContext messageContext, final String endpointURL) throws MessageEncodingException {
        LOGGER.debug("Invoking Velocity template to create POST body");

        try {
            val velocityContext = new VelocityContext();
                Severity: Major
                Found in pac4j-saml/src/main/java/org/pac4j/saml/transport/Pac4jHTTPPostEncoder.java and 1 other location - About 1 hr to fix
                pac4j-saml/src/main/java/org/pac4j/saml/transport/Pac4jHTTPPostSimpleSignEncoder.java on lines 52..69

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 97.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Identical blocks of code found in 2 locations. Consider refactoring.
                Open

                    @Override
    protected void postEncode(final MessageContext messageContext, final String endpointURL) throws MessageEncodingException {
        LOGGER.debug("Invoking Velocity template to create POST body");

        try {
                Severity: Major
                Found in pac4j-saml/src/main/java/org/pac4j/saml/transport/Pac4jHTTPPostSimpleSignEncoder.java and 1 other location - About 1 hr to fix
                pac4j-saml/src/main/java/org/pac4j/saml/transport/Pac4jHTTPPostEncoder.java on lines 127..143

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 97.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Method matches has 36 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                    @Override
    public boolean matches(final CallContext ctx) {
        val webContext = ctx.webContext();

        CommonHelper.assertNotNull("csrfTokenGenerator", csrfTokenGenerator);
                Severity: Minor
                Found in pac4j-core/src/main/java/org/pac4j/core/matching/matcher/csrf/CsrfTokenGeneratorMatcher.java - About 1 hr to fix

                  Identical blocks of code found in 2 locations. Consider refactoring.
                  Open

                      @Override
    public StravaProfile extractUserProfile(String body) {
        val profile = (StravaProfile) newProfile();
        val json = JsonHelper.getFirstNode(body);
        if (json != null) {
                  Severity: Major
                  Found in pac4j-oauth/src/main/java/org/pac4j/oauth/profile/strava/StravaProfileDefinition.java and 1 other location - About 1 hr to fix
                  pac4j-oauth/src/main/java/org/pac4j/oauth/profile/ok/OkProfileDefinition.java on lines 115..128

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 96.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Identical blocks of code found in 2 locations. Consider refactoring.
                  Open

                      @Override
    public OkProfile extractUserProfile(String body) {
        val profile = (OkProfile) newProfile();
        var userNode = JsonHelper.getFirstNode(body);
        if (userNode != null) {
                  Severity: Major
                  Found in pac4j-oauth/src/main/java/org/pac4j/oauth/profile/ok/OkProfileDefinition.java and 1 other location - About 1 hr to fix
                  pac4j-oauth/src/main/java/org/pac4j/oauth/profile/strava/StravaProfileDefinition.java on lines 104..117

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 96.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Method matches has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.
                  Open

                      boolean matches(final String requestPath) {

        LOGGER.debug("request path to match: {}", requestPath);

        if (!includedPaths.isEmpty()) {
                  Severity: Minor
                  Found in pac4j-core/src/main/java/org/pac4j/core/matching/matcher/PathMatcher.java - About 1 hr to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  Method internalInit has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.
                  Open

                      @Override
    protected void internalInit(final boolean forceReinit) {
        // checks
        assertNotBlank("clientId", getClientId());
        if (!AUTHORIZATION_CODE_FLOWS.contains(responseType) && !IMPLICIT_FLOWS.contains(responseType)
                  Severity: Minor
                  Found in pac4j-oidc/src/main/java/org/pac4j/oidc/config/OidcConfiguration.java - About 1 hr to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  Method extractAttributes has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.
                  Open

                      protected void extractAttributes(final JsonNode json, final CasOAuthWrapperProfile profile) {
        // CAS <= v4.2
        if (json instanceof ArrayNode) {
            val nodes = json.iterator();
            while (nodes.hasNext()) {
                  Severity: Minor
                  Found in pac4j-oauth/src/main/java/org/pac4j/oauth/profile/casoauthwrapper/CasOAuthWrapperProfileDefinition.java - About 1 hr to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  Severity
                  Category
                  Status
                  Source
                  Language