clean code warning

Author: ivan-redooc

Diff for: src/behavior/ContentSecurityPolicy.php

@@ -0,0 +1,38 @@
+<?php
+
+namespace bicf\securityheaders\behavior;
+use yii\base\Behavior;
+
+/**
+ * Class HeaderContentSecurityPolicyAcl
+ * @package bicf\securityheaders\modules
+ */
+abstract class ContentSecurityPolicy extends Behavior
+{
+    protected static $token;
+
+    /**
+     * @param string $token
+     */
+    public static function setContentSecurityPolicyToken($token)
+    {
+        if(self::$token === null){
+            self::$token= $token;
+        } else {
+            throw new \UnexpectedValueException("Token already set!");
+        }
+    }
+
+    public static function getContentSecurityPolicyToken()
+    {
+        if(self::$token === null){
+            self::$token= \Yii::$app->security->generateRandomString();
+        }
+        return self::$token;
+    }
+
+    abstract public function getContentSecurityPolicyTokenValue();
+    abstract public function getContentSecurityPolicyTokenAttribute();
+    abstract public function getContentSecurityPolicyTokenHeader();
+    abstract public function getContentSecurityPolicyTokenArray();
+}

Diff for: src/behavior/ContentSecurityPolicyDummyBehavior.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace bicf\securityheaders\behavior;
+
+/**
+ * Class HeaderContentSecurityPolicyAcl
+ * @package bicf\securityheaders\modules
+ */
+class ContentSecurityPolicyDummyBehavior extends ContentSecurityPolicy
+{
+    public function getContentSecurityPolicyTokenValue()
+    {
+        return "";
+    }
+
+
+    public function getContentSecurityPolicyTokenAttribute()
+    {
+        return "";
+
+    }
+
+    public function getContentSecurityPolicyTokenHeader()
+    {
+        return "";
+
+    }
+
+    public function getContentSecurityPolicyTokenArray()
+    {
+        return [];
+    }
+
+
+}

Diff for: src/behavior/ContentSecurityPolicyNonceBehavior.php

@@ -7,25 +7,11 @@
  * Class HeaderContentSecurityPolicyAcl
  * @package bicf\securityheaders\modules
  */
-class ContentSecurityPolicyNonceBehavior extends Behavior
+class ContentSecurityPolicyNonceBehavior extends ContentSecurityPolicy
 {
-    private static $token;
-
-    public static function setContentSecurityPolicyToken($token)
+    public function getContentSecurityPolicyTokenValue()
     {
-        if(self::$token === null){
-            self::$token= $token;
-        } else {
-            throw new \UnexpectedValueException("Token already setted!");
-        }
-    }
-
-    public static function getContentSecurityPolicyToken()
-    {
-        if(self::$token === null){
-            self::$token= \Yii::$app->security->generateRandomString();
-        }
-        return self::$token;
+        return self::getContentSecurityPolicyToken();
     }
 
     public function getContentSecurityPolicyTokenAttribute()
@@ -43,7 +29,6 @@ public function getContentSecurityPolicyTokenHeader()
     public function getContentSecurityPolicyTokenArray()
     {
         return array('nonce'=>self::getContentSecurityPolicyToken());
-
     }
 
 

Diff for: src/components/Response.php

@@ -1,6 +1,7 @@
 <?php
 namespace bicf\securityheaders\components;
 use bicf\securityheaders\modules\HeaderModuleBase;
+use bicf\securityheaders\modules\HeaderModuleInterface;
 use Yii;
 
 /**
@@ -91,12 +92,13 @@ public function init()
     public $modules=array();
 
     /**
-     *
+     * @param $event
      */
     public static function addSecurityHeaders($event)
     {
         /** @var $event->sender \bicf\securityheaders\components\Response */
         foreach ($event->sender->modules as $module){
+            /** @var HeaderModuleInterface $module */
             $module->run();
         }
     }

Diff for: src/modules/HeaderAccessControlAllowOrigin.php

@@ -10,6 +10,10 @@ class HeaderAccessControlAllowOrigin extends HeaderModuleBase
 {
     public $value;
 
+    public function init()
+    {
+    }
+
     public function run()
     {
         if(!$this->enabled){

Diff for: src/modules/HeaderContentSecurityPolicyAcl.php

@@ -9,5 +9,8 @@
 class HeaderContentSecurityPolicyAcl extends HeaderContentSecurityPolicyBase
 {
     protected $headerName='Content-Security-Policy';
+    public function init()
+    {
+    }
 
 }

Diff for: src/modules/HeaderContentSecurityPolicyBase.php

@@ -2,8 +2,9 @@
 
 namespace bicf\securityheaders\modules;
 use bicf\securityheaders\behavior\ContentSecurityPolicyNonceBehavior;
+use bicf\securityheaders\behavior\ContentSecurityPolicyDummyBehavior;
 use bicf\securityheaders\components\SecureRequestInterface;
-use yii\web\Response;
+use bicf\securityheaders\components\Response;
 
 /**
  * Class HeaderContentSecurityPolicyBase
@@ -29,10 +30,13 @@ abstract class HeaderContentSecurityPolicyBase extends HeaderModuleBase
     public  $policies = array();
 
     /**
-     * @var bool
+     * @var bool create a beahvior that handle the nonce hash
      */
     public $nonceEnabled = true;
 
+    /** @var bool nonceFallback create a dummy behavior when $nonceEnabled is not enabled */
+    public $nonceFallback = false;
+
     /**
      * add the security header
      */
@@ -57,7 +61,10 @@ public function injectBehavior(Response $response)
     {
         // Avoid double attach
         if($this->nonceEnabled && $response->getBehavior(SecureRequestInterface::CSP_NONCE_BEHAVIOR) === null){
-            $rv = $response->attachBehavior(SecureRequestInterface::CSP_NONCE_BEHAVIOR,new ContentSecurityPolicyNonceBehavior() );
+            $response->attachBehavior(SecureRequestInterface::CSP_NONCE_BEHAVIOR,new ContentSecurityPolicyNonceBehavior() );
+        } elseif($this->nonceFallback) {
+            $response->attachBehavior(SecureRequestInterface::CSP_NONCE_BEHAVIOR,new ContentSecurityPolicyDummyBehavior() );
+
         }
     }
 

Diff for: src/modules/HeaderContentSecurityPolicyMonitor.php

@@ -10,6 +10,9 @@ class HeaderContentSecurityPolicyMonitor extends HeaderContentSecurityPolicyBase
 {
     protected $headerName='Content-Security-Policy-Report-Only';
 
+    public function init()
+    {
+    }
 
 
 }

Diff for: src/modules/HeaderModuleBase.php

@@ -9,8 +9,8 @@
 namespace bicf\securityheaders\modules;
 
 
+use bicf\securityheaders\components\Response;
 use yii\base\BaseObject;
-use yii\web\Response;
 
 /**
  * Class HeaderModuleBase

Diff for: src/modules/HeaderModuleInterface.php

@@ -9,7 +9,7 @@
 namespace bicf\securityheaders\modules;
 
 
-use yii\web\Response;
+use bicf\securityheaders\components\Response;
 
 interface HeaderModuleInterface
 {