Issues in AdminController.php (master) - Issues in master - 2amigos/yii2-usuario - Measure and Improve Code Quality continuously with Scrutinizer

Issues (103)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/User/Controller/AdminController.php (9 issues)

Labels

Severity

Major 9

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * This file is part of the 2amigos/yii2-usuario project.
 *
 * (c) 2amigOS! <http://2amigos.us/>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace Da\User\Controller;

use Da\User\Event\UserEvent;
use Da\User\Factory\MailFactory;
use Da\User\Filter\AccessRuleFilter;
use Da\User\Model\Profile;
use Da\User\Model\User;
use Da\User\Query\UserQuery;
use Da\User\Search\UserSearch;
use Da\User\Service\PasswordExpireService;
use Da\User\Service\PasswordRecoveryService;
use Da\User\Service\SwitchIdentityService;
use Da\User\Service\UserBlockService;
use Da\User\Service\UserConfirmationService;
use Da\User\Service\UserCreateService;
use Da\User\Traits\ContainerAwareTrait;
use Da\User\Traits\ModuleAwareTrait;
use Da\User\Validator\AjaxRequestModelValidator;
use Yii;
use yii\base\Module;
use yii\db\ActiveRecord;
use yii\filters\AccessControl;
use yii\filters\VerbFilter;
use yii\helpers\Url;
use yii\web\Controller;

class AdminController extends Controller
{
    use ContainerAwareTrait;
    use ModuleAwareTrait;

    /**
     * @var UserQuery
     */
    protected $userQuery;

    /**
     * AdminController constructor.
     *
     * @param string    $id
     * @param Module    $module
     * @param UserQuery $userQuery
     * @param array     $config
     */
    public function __construct($id, Module $module, UserQuery $userQuery, array $config = [])
    {
        $this->userQuery = $userQuery;
        parent::__construct($id, $module, $config);
    }

    /**
     * @param \yii\base\Action $action
     *
     * @return bool
     */
    public function beforeAction($action)
    {
        if (in_array($action->id, ['index', 'update', 'update-profile', 'info', 'assignments'], true)) {
            Url::remember('', 'actions-redirect');
        }

        return parent::beforeAction($action);
    }

    /**
     * {@inheritdoc}
     */
    public function behaviors()
    {
        return [
            'verbs' => [
                'class' => VerbFilter::class,
                'actions' => [
                    'delete' => ['post'],
                    'confirm' => ['post'],
                    'block' => ['post'],
                    'switch-identity' => ['post'],
                    'password-reset' => ['post'],
                    'force-password-change' => ['post'],
                ],
            ],
            'access' => [
                'class' => AccessControl::class,
                'ruleConfig' => [
                    'class' => AccessRuleFilter::class,
                ],
                'rules' => [
                    [
                        'allow' => true,
                        'actions' => ['switch-identity'],
                        'roles' => ['@'],
                    ],
                    [
                        'allow' => true,
                        'roles' => ['admin'],
                    ],
                ],
            ],
        ];
    }

    public function actionIndex()
    {
        $searchModel = $this->make(UserSearch::class);
        $dataProvider = $searchModel->search(Yii::$app->request->get());

        return $this->render(
            'index',
            [
                'dataProvider' => $dataProvider,
                'searchModel' => $searchModel,
            ]
        );
    }

    public function actionCreate()
    {
        /** @var User $user */
        $user = $this->make(User::class, [], ['scenario' => 'create']);

        /** @var UserEvent $event */
        $event = $this->make(UserEvent::class, [$user]);

        $this->make(AjaxRequestModelValidator::class, [$user])->validate();

        if ($user->load(Yii::$app->request->post()) && $user->validate()) {
            $this->trigger(UserEvent::EVENT_BEFORE_CREATE, $event);

            $mailService = MailFactory::makeWelcomeMailerService($user);

            if ($this->make(UserCreateService::class, [$user, $mailService])->run()) {
                Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'User has been created'));
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
                $this->trigger(UserEvent::EVENT_AFTER_CREATE, $event);
                return $this->redirect(['update', 'id' => $user->id]);
            }
            Yii::$app->session->setFlash('danger', Yii::t('usuario', 'User account could not be created.'));
        }

        return $this->render('create', ['user' => $user]);
    }

    public function actionUpdate($id)
    {
        $user = $this->userQuery->where(['id' => $id])->one();
        $user->setScenario('update');
        /** @var UserEvent $event */
        $event = $this->make(UserEvent::class, [$user]);

        $this->make(AjaxRequestModelValidator::class, [$user])->validate();

        if ($user->load(Yii::$app->request->post())) {
            $this->trigger(UserEvent::EVENT_BEFORE_ACCOUNT_UPDATE, $event);

            if ($user->save()) {
                Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'Account details have been updated'));
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
                $this->trigger(UserEvent::EVENT_AFTER_ACCOUNT_UPDATE, $event);

                return $this->refresh();
            }
        }

        return $this->render('_account', ['user' => $user]);
    }

    public function actionUpdateProfile($id)
    {
        /** @var User $user */
        $user = $this->userQuery->where(['id' => $id])->one();
        /** @var Profile $profile */
        $profile = $user->profile;
        if ($profile === null) {
            $profile = $this->make(Profile::class);
            $profile->link('user', $user);
        }
        /** @var UserEvent $event */
        $event = $this->make(UserEvent::class, [$user]);

        $this->make(AjaxRequestModelValidator::class, [$profile])->validate();

        if ($profile->load(Yii::$app->request->post())) {
            if ($profile->save()) {
                $this->trigger(UserEvent::EVENT_BEFORE_PROFILE_UPDATE, $event);
                Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'Profile details have been updated'));
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
                $this->trigger(UserEvent::EVENT_AFTER_PROFILE_UPDATE, $event);

                return $this->refresh();
            }
        }

        return $this->render(
            '_profile',
            [
                'user' => $user,
                'profile' => $profile,
            ]
        );
    }

    public function actionInfo($id)
    {
        /** @var User $user */
        $user = $this->userQuery->where(['id' => $id])->one();

        return $this->render(
            '_info',
            [
                'user' => $user,
            ]
        );
    }

    public function actionAssignments($id)
    {
        /** @var User $user */
        $user = $this->userQuery->where(['id' => $id])->one();

        return $this->render(
            '_assignments',
            [
                'user' => $user,
                'params' => Yii::$app->request->post(),
            ]
        );
    }

    public function actionConfirm($id)
    {
        /** @var User $user */
        $user = $this->userQuery->where(['id' => $id])->one();
        /** @var UserEvent $event */
        $event = $this->make(UserEvent::class, [$user]);

        $this->trigger(UserEvent::EVENT_BEFORE_CONFIRMATION, $event);

        if ($this->make(UserConfirmationService::class, [$user])->run()) {
            Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'User has been confirmed'));
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
            $this->trigger(UserEvent::EVENT_AFTER_CONFIRMATION, $event);
        } else {
            Yii::$app->getSession()->setFlash(
                'warning',
                Yii::t('usuario', 'Unable to confirm user. Please, try again.')
            );
        }

        return $this->redirect(Url::previous('actions-redirect'));
    }

    public function actionDelete($id)
    {
        if ((int)$id === Yii::$app->user->getId()) {
            Yii::$app->getSession()->setFlash('danger', Yii::t('usuario', 'You cannot remove your own account'));
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
        } else {
            /** @var User $user */
            $user = $this->userQuery->where(['id' => $id])->one();
            /** @var UserEvent $event */
            $event = $this->make(UserEvent::class, [$user]);
            $this->trigger(ActiveRecord::EVENT_BEFORE_DELETE, $event);

            if ($user->delete()) {
0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
                Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'User has been deleted'));
                $this->trigger(ActiveRecord::EVENT_AFTER_DELETE, $event);
            } else {
                Yii::$app->getSession()->setFlash(
                    'warning',
                    Yii::t('usuario', 'Unable to delete user. Please, try again later.')
                );
            }
        }

        return $this->redirect(['index']);
    }

    public function actionBlock($id)
    {
        if ((int)$id === Yii::$app->user->getId()) {
            Yii::$app->getSession()->setFlash('danger', Yii::t('usuario', 'You cannot remove your own account'));
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
        } else {
            /** @var User $user */
            $user = $this->userQuery->where(['id' => $id])->one();
            /** @var UserEvent $event */
            $event = $this->make(UserEvent::class, [$user]);

            if ($this->make(UserBlockService::class, [$user, $event, $this])->run()) {
                Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'User block status has been updated.'));
            } else {
                Yii::$app->getSession()->setFlash('danger', Yii::t('usuario', 'Unable to update block status.'));
            }
        }

        return $this->redirect(Url::previous('actions-redirect'));
    }

    public function actionSwitchIdentity($id = null)
    {
        if (false === $this->module->enableSwitchIdentities) {
            Yii::$app->getSession()->setFlash('danger', Yii::t('usuario', 'Switch identities is disabled.'));
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}

            return $this->redirect(['index']);
        }

        $this->make(SwitchIdentityService::class, [$this, 2 => $id])->run();

        return $this->goHome();
    }

    public function actionPasswordReset($id)
    {
        /** @var User $user */
        $user = $this->userQuery->where(['id' => $id])->one();
        $mailService = MailFactory::makeRecoveryMailerService($user->email);
        if ($this->make(PasswordRecoveryService::class, [$user->email, $mailService])->run()) {
            Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'Recovery message sent'));
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
        } else {
            Yii::$app->getSession()->setFlash(
                'danger',
                Yii::t('usuario', 'Unable to send recovery message to the user')
            );
        }

        return $this->redirect(['index']);
    }
    
    /**
     * Forces the user to change password at next login
     * @param integer $id
     */
    public function actionForcePasswordChange($id)
    {
        /** @var User $user */
        $user = $this->userQuery->where(['id' => $id])->one();
        if ($this->make(PasswordExpireService::class, [$user])->run()) {
            Yii::$app->session->setFlash("success", Yii::t('usuario', 'User will be required to change password at next login'));
        } else {
            Yii::$app->session->setFlash("danger", Yii::t('usuario', 'There was an error in saving user'));
        }
        $this->redirect(['index']);
    }
}


Issues (103)

Security Analysis not enabled

src/User/Controller/AdminController.php (9 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

1		<?php
2
3		/*
4		* This file is part of the 2amigos/yii2-usuario project.
5		*
6		* (c) 2amigOS! <http://2amigos.us/>
7		*
8		* For the full copyright and license information, please view
9		* the LICENSE file that was distributed with this source code.
10		*/
11
12		namespace Da\User\Controller;
13
14		use Da\User\Event\UserEvent;
15		use Da\User\Factory\MailFactory;
16		use Da\User\Filter\AccessRuleFilter;
17		use Da\User\Model\Profile;
18		use Da\User\Model\User;
19		use Da\User\Query\UserQuery;
20		use Da\User\Search\UserSearch;
21		use Da\User\Service\PasswordExpireService;
22		use Da\User\Service\PasswordRecoveryService;
23		use Da\User\Service\SwitchIdentityService;
24		use Da\User\Service\UserBlockService;
25		use Da\User\Service\UserConfirmationService;
26		use Da\User\Service\UserCreateService;
27		use Da\User\Traits\ContainerAwareTrait;
28		use Da\User\Traits\ModuleAwareTrait;
29		use Da\User\Validator\AjaxRequestModelValidator;
30		use Yii;
31		use yii\base\Module;
32		use yii\db\ActiveRecord;
33		use yii\filters\AccessControl;
34		use yii\filters\VerbFilter;
35		use yii\helpers\Url;
36		use yii\web\Controller;
37
38		class AdminController extends Controller
39		{
40		use ContainerAwareTrait;
41		use ModuleAwareTrait;
42
43		/**
44		* @var UserQuery
45		*/
46		protected $userQuery;
47
48		/**
49		* AdminController constructor.
50		*
51		* @param string $id
52		* @param Module $module
53		* @param UserQuery $userQuery
54		* @param array $config
55		*/
56	2	public function __construct($id, Module $module, UserQuery $userQuery, array $config = [])
57		{
58	2	$this->userQuery = $userQuery;
59	2	parent::__construct($id, $module, $config);
60	2	}
61
62		/**
63		* @param \yii\base\Action $action
64		*
65		* @return bool
66		*/
67	2	public function beforeAction($action)
68		{
69	2	if (in_array($action->id, ['index', 'update', 'update-profile', 'info', 'assignments'], true)) {
70	1	Url::remember('', 'actions-redirect');
71		}
72
73	2	return parent::beforeAction($action);
74		}
75
76		/**
77		* {@inheritdoc}
78		*/
79	2	public function behaviors()
80		{
81		return [
82	2	'verbs' => [
83		'class' => VerbFilter::class,
84		'actions' => [
85		'delete' => ['post'],
86		'confirm' => ['post'],
87		'block' => ['post'],
88		'switch-identity' => ['post'],
89		'password-reset' => ['post'],
90		'force-password-change' => ['post'],
91		],
92		],
93		'access' => [
94		'class' => AccessControl::class,
95		'ruleConfig' => [
96		'class' => AccessRuleFilter::class,
97		],
98		'rules' => [
99		[
100		'allow' => true,
101		'actions' => ['switch-identity'],
102		'roles' => ['@'],
103		],
104		[
105		'allow' => true,
106		'roles' => ['admin'],
107		],
108		],
109		],
110		];
111		}
112
113		public function actionIndex()
114		{
115		$searchModel = $this->make(UserSearch::class);
116		$dataProvider = $searchModel->search(Yii::$app->request->get());
117
118		return $this->render(
119		'index',
120		[
121		'dataProvider' => $dataProvider,
122		'searchModel' => $searchModel,
123		]
124		);
125		}
126
127	1	public function actionCreate()
128		{
129		/** @var User $user */
130	1	$user = $this->make(User::class, [], ['scenario' => 'create']);
131
132		/** @var UserEvent $event */
133	1	$event = $this->make(UserEvent::class, [$user]);
134
135	1	$this->make(AjaxRequestModelValidator::class, [$user])->validate();
136
137	1	if ($user->load(Yii::$app->request->post()) && $user->validate()) {
138	1	$this->trigger(UserEvent::EVENT_BEFORE_CREATE, $event);
139
140	1	$mailService = MailFactory::makeWelcomeMailerService($user);
141
142	1	if ($this->make(UserCreateService::class, [$user, $mailService])->run()) {
143		Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'User has been created'));
		0 ignored issues – show Bug introduced 2016-12-20 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getSession` does only exist in `yii\web\Application`, but not in `yii\console\Application`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
144		$this->trigger(UserEvent::EVENT_AFTER_CREATE, $event);
145		return $this->redirect(['update', 'id' => $user->id]);
146		}
147	1	Yii::$app->session->setFlash('danger', Yii::t('usuario', 'User account could not be created.'));
148		}
149
150	1	return $this->render('create', ['user' => $user]);
151		}
152
153	1	public function actionUpdate($id)
154		{
155	1	$user = $this->userQuery->where(['id' => $id])->one();
156	1	$user->setScenario('update');
157		/** @var UserEvent $event */
158	1	$event = $this->make(UserEvent::class, [$user]);
159
160	1	$this->make(AjaxRequestModelValidator::class, [$user])->validate();
161
162	1	if ($user->load(Yii::$app->request->post())) {
163	1	$this->trigger(UserEvent::EVENT_BEFORE_ACCOUNT_UPDATE, $event);
164
165	1	if ($user->save()) {
166	1	Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'Account details have been updated'));
		0 ignored issues – show Bug introduced 2016-12-20 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getSession` does only exist in `yii\web\Application`, but not in `yii\console\Application`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
167	1	$this->trigger(UserEvent::EVENT_AFTER_ACCOUNT_UPDATE, $event);
168
169	1	return $this->refresh();
170		}
171		}
172
173	1	return $this->render('_account', ['user' => $user]);
174		}
175
176		public function actionUpdateProfile($id)
177		{
178		/** @var User $user */
179		$user = $this->userQuery->where(['id' => $id])->one();
180		/** @var Profile $profile */
181		$profile = $user->profile;
182		if ($profile === null) {
183		$profile = $this->make(Profile::class);
184		$profile->link('user', $user);
185		}
186		/** @var UserEvent $event */
187		$event = $this->make(UserEvent::class, [$user]);
188
189		$this->make(AjaxRequestModelValidator::class, [$profile])->validate();
190
191		if ($profile->load(Yii::$app->request->post())) {
192		if ($profile->save()) {
193		$this->trigger(UserEvent::EVENT_BEFORE_PROFILE_UPDATE, $event);
194		Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'Profile details have been updated'));
		0 ignored issues – show Bug introduced 2016-12-20 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getSession` does only exist in `yii\web\Application`, but not in `yii\console\Application`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
195		$this->trigger(UserEvent::EVENT_AFTER_PROFILE_UPDATE, $event);
196
197		return $this->refresh();
198		}
199		}
200
201		return $this->render(
202		'_profile',
203		[
204		'user' => $user,
205		'profile' => $profile,
206		]
207		);
208		}
209
210		public function actionInfo($id)
211		{
212		/** @var User $user */
213		$user = $this->userQuery->where(['id' => $id])->one();
214
215		return $this->render(
216		'_info',
217		[
218		'user' => $user,
219		]
220		);
221		}
222
223		public function actionAssignments($id)
224		{
225		/** @var User $user */
226		$user = $this->userQuery->where(['id' => $id])->one();
227
228		return $this->render(
229		'_assignments',
230		[
231		'user' => $user,
232		'params' => Yii::$app->request->post(),
233		]
234		);
235		}
236
237		public function actionConfirm($id)
238		{
239		/** @var User $user */
240		$user = $this->userQuery->where(['id' => $id])->one();
241		/** @var UserEvent $event */
242		$event = $this->make(UserEvent::class, [$user]);
243
244		$this->trigger(UserEvent::EVENT_BEFORE_CONFIRMATION, $event);
245
246		if ($this->make(UserConfirmationService::class, [$user])->run()) {
247		Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'User has been confirmed'));
		0 ignored issues – show Bug introduced 2016-12-20 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getSession` does only exist in `yii\web\Application`, but not in `yii\console\Application`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
248		$this->trigger(UserEvent::EVENT_AFTER_CONFIRMATION, $event);
249		} else {
250		Yii::$app->getSession()->setFlash(
251		'warning',
252		Yii::t('usuario', 'Unable to confirm user. Please, try again.')
253		);
254		}
255
256		return $this->redirect(Url::previous('actions-redirect'));
257		}
258
259		public function actionDelete($id)
260		{
261		if ((int)$id === Yii::$app->user->getId()) {
262		Yii::$app->getSession()->setFlash('danger', Yii::t('usuario', 'You cannot remove your own account'));
		0 ignored issues – show Bug introduced 2016-12-20 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getSession` does only exist in `yii\web\Application`, but not in `yii\console\Application`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
263		} else {
264		/** @var User $user */
265		$user = $this->userQuery->where(['id' => $id])->one();
266		/** @var UserEvent $event */
267		$event = $this->make(UserEvent::class, [$user]);
268		$this->trigger(ActiveRecord::EVENT_BEFORE_DELETE, $event);
269
270		if ($user->delete()) {
		0 ignored issues – show Bug Best Practice introduced 2016-12-20 20:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$user->delete()` of type `false\|integer` is loosely compared to `true`; this is ambiguous if the integer can be zero. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `integer` values, zero is a special case, in particular the following results might be unexpected: 0 == false // true 0 == null // true 123 == false // false 123 == null // false // It is often better to use strict comparison 0 === false // false 0 === null // false Loading history...
271		Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'User has been deleted'));
272		$this->trigger(ActiveRecord::EVENT_AFTER_DELETE, $event);
273		} else {
274		Yii::$app->getSession()->setFlash(
275		'warning',
276		Yii::t('usuario', 'Unable to delete user. Please, try again later.')
277		);
278		}
279		}
280
281		return $this->redirect(['index']);
282		}
283
284		public function actionBlock($id)
285		{
286		if ((int)$id === Yii::$app->user->getId()) {
287		Yii::$app->getSession()->setFlash('danger', Yii::t('usuario', 'You cannot remove your own account'));
		0 ignored issues – show Bug introduced 2017-01-11 16:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getSession` does only exist in `yii\web\Application`, but not in `yii\console\Application`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
288		} else {
289		/** @var User $user */
290		$user = $this->userQuery->where(['id' => $id])->one();
291		/** @var UserEvent $event */
292		$event = $this->make(UserEvent::class, [$user]);
293
294		if ($this->make(UserBlockService::class, [$user, $event, $this])->run()) {
295		Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'User block status has been updated.'));
296		} else {
297		Yii::$app->getSession()->setFlash('danger', Yii::t('usuario', 'Unable to update block status.'));
298		}
299		}
300
301		return $this->redirect(Url::previous('actions-redirect'));
302		}
303
304		public function actionSwitchIdentity($id = null)
305		{
306		if (false === $this->module->enableSwitchIdentities) {
307		Yii::$app->getSession()->setFlash('danger', Yii::t('usuario', 'Switch identities is disabled.'));
		0 ignored issues – show Bug introduced 2017-07-18 21:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getSession` does only exist in `yii\web\Application`, but not in `yii\console\Application`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
308
309		return $this->redirect(['index']);
310		}
311
312		$this->make(SwitchIdentityService::class, [$this, 2 => $id])->run();
313
314		return $this->goHome();
315		}
316
317		public function actionPasswordReset($id)
318		{
319		/** @var User $user */
320		$user = $this->userQuery->where(['id' => $id])->one();
321		$mailService = MailFactory::makeRecoveryMailerService($user->email);
322		if ($this->make(PasswordRecoveryService::class, [$user->email, $mailService])->run()) {
323		Yii::$app->getSession()->setFlash('success', Yii::t('usuario', 'Recovery message sent'));
		0 ignored issues – show Bug introduced 2018-09-20 14:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getSession` does only exist in `yii\web\Application`, but not in `yii\console\Application`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
324		} else {
325		Yii::$app->getSession()->setFlash(
326		'danger',
327		Yii::t('usuario', 'Unable to send recovery message to the user')
328		);
329		}
330
331		return $this->redirect(['index']);
332		}
333
334		/**
335		* Forces the user to change password at next login
336		* @param integer $id
337		*/
338		public function actionForcePasswordChange($id)
339		{
340		/** @var User $user */
341		$user = $this->userQuery->where(['id' => $id])->one();
342		if ($this->make(PasswordExpireService::class, [$user])->run()) {
343		Yii::$app->session->setFlash("success", Yii::t('usuario', 'User will be required to change password at next login'));
344		} else {
345		Yii::$app->session->setFlash("danger", Yii::t('usuario', 'There was an error in saving user'));
346		}
347		$this->redirect(['index']);
348		}
349		}
350

2amigos / yii2-usuario

Issues (103)

Security Analysis not enabled

src/User/Controller/AdminController.php (9 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like