This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /* |
||
4 | * This file is part of the 2amigos/yii2-usuario project. |
||
5 | * |
||
6 | * (c) 2amigOS! <http://2amigos.us/> |
||
7 | * |
||
8 | * For the full copyright and license information, please view |
||
9 | * the LICENSE file that was distributed with this source code. |
||
10 | */ |
||
11 | |||
12 | namespace Da\User\Form; |
||
13 | |||
14 | use Da\User\Factory\EmailChangeStrategyFactory; |
||
15 | use Da\User\Helper\SecurityHelper; |
||
16 | use Da\User\Model\User; |
||
17 | use Da\User\Traits\ContainerAwareTrait; |
||
18 | use Da\User\Traits\ModuleAwareTrait; |
||
19 | use Yii; |
||
20 | use yii\base\InvalidConfigException; |
||
21 | use yii\base\InvalidParamException; |
||
22 | use yii\base\Model; |
||
23 | use yii\helpers\ArrayHelper; |
||
24 | |||
25 | class SettingsForm extends Model |
||
26 | { |
||
27 | use ModuleAwareTrait; |
||
28 | use ContainerAwareTrait; |
||
29 | |||
30 | /** |
||
31 | * @var string |
||
32 | */ |
||
33 | public $email; |
||
34 | /** |
||
35 | * @var string |
||
36 | */ |
||
37 | public $username; |
||
38 | /** |
||
39 | * @var string |
||
40 | */ |
||
41 | public $new_password; |
||
42 | /** |
||
43 | * @var string |
||
44 | */ |
||
45 | public $current_password; |
||
46 | /** |
||
47 | * @var SecurityHelper |
||
48 | */ |
||
49 | protected $securityHelper; |
||
50 | |||
51 | /** @var User */ |
||
52 | protected $user; |
||
53 | |||
54 | /** |
||
55 | * SettingsForm constructor. |
||
56 | * |
||
57 | * @param SecurityHelper $securityHelper |
||
58 | * @param array $config |
||
59 | */ |
||
60 | 1 | public function __construct(SecurityHelper $securityHelper, array $config = []) |
|
61 | { |
||
62 | 1 | $this->securityHelper = $securityHelper; |
|
63 | 1 | $config = ArrayHelper::merge( |
|
64 | [ |
||
65 | 1 | 'username' => $this->getUser()->username, |
|
0 ignored issues
–
show
|
|||
66 | 1 | 'email' => $this->getUser()->unconfirmed_email ?: $this->getUser()->email |
|
0 ignored issues
–
show
Accessing
unconfirmed_email on the interface yii\web\IdentityInterface suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
Accessing
email on the interface yii\web\IdentityInterface suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
67 | ], |
||
68 | 1 | $config |
|
69 | ); |
||
70 | 1 | parent::__construct($config); |
|
71 | 1 | } |
|
72 | |||
73 | /** |
||
74 | * @throws InvalidConfigException |
||
75 | * @throws InvalidParamException |
||
76 | * @return array |
||
77 | * |
||
78 | */ |
||
79 | 1 | public function rules() |
|
80 | { |
||
81 | return [ |
||
82 | 1 | 'usernameRequired' => ['username', 'required'], |
|
83 | 'usernameTrim' => ['username', 'filter', 'filter' => 'trim'], |
||
84 | 'usernameLength' => ['username', 'string', 'min' => 3, 'max' => 255], |
||
85 | 'usernamePattern' => ['username', 'match', 'pattern' => '/^[-a-zA-Z0-9_\.@]+$/'], |
||
86 | 'emailRequired' => ['email', 'required'], |
||
87 | 'emailTrim' => ['email', 'filter', 'filter' => 'trim'], |
||
88 | 'emailPattern' => ['email', 'email'], |
||
89 | 'emailUsernameUnique' => [ |
||
90 | ['email', 'username'], |
||
91 | 1 | 'unique', |
|
92 | 'when' => function ($model, $attribute) { |
||
93 | 1 | return $this->getUser()->$attribute !== $model->$attribute; |
|
94 | 1 | }, |
|
95 | 1 | 'targetClass' => $this->getClassMap()->get(User::class), |
|
96 | ], |
||
97 | 'newPasswordLength' => ['new_password', 'string', 'max' => 72, 'min' => 6], |
||
98 | 'currentPasswordRequired' => ['current_password', 'required'], |
||
99 | 'currentPasswordValidate' => [ |
||
100 | 1 | 'current_password', |
|
101 | function ($attribute) { |
||
102 | 1 | if (!$this->securityHelper->validatePassword($this->$attribute, $this->getUser()->password_hash)) { |
|
0 ignored issues
–
show
Accessing
password_hash on the interface yii\web\IdentityInterface suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
103 | 1 | $this->addError($attribute, Yii::t('usuario', 'Current password is not valid')); |
|
104 | } |
||
105 | 1 | }, |
|
106 | ], |
||
107 | ]; |
||
108 | } |
||
109 | |||
110 | /** |
||
111 | * {@inheritdoc} |
||
112 | */ |
||
113 | 1 | public function attributeLabels() |
|
114 | { |
||
115 | return [ |
||
116 | 1 | 'email' => Yii::t('usuario', 'Email'), |
|
117 | 1 | 'username' => Yii::t('usuario', 'Username'), |
|
118 | 1 | 'new_password' => Yii::t('usuario', 'New password'), |
|
119 | 1 | 'current_password' => Yii::t('usuario', 'Current password'), |
|
120 | ]; |
||
121 | } |
||
122 | |||
123 | /** |
||
124 | * @return User|null|\yii\web\IdentityInterface |
||
125 | */ |
||
126 | 1 | public function getUser() |
|
127 | { |
||
128 | 1 | if (null === $this->user) { |
|
129 | 1 | $this->user = Yii::$app->user->identity; |
|
130 | } |
||
131 | |||
132 | 1 | return $this->user; |
|
133 | } |
||
134 | |||
135 | /** |
||
136 | * Saves new account settings. |
||
137 | * |
||
138 | * @throws \Exception |
||
139 | * @return bool |
||
140 | * |
||
141 | */ |
||
142 | 1 | public function save() |
|
143 | { |
||
144 | 1 | if ($this->validate()) { |
|
145 | 1 | $user = $this->getUser(); |
|
146 | 1 | if ($user instanceof User) { |
|
147 | 1 | $user->scenario = 'settings'; |
|
148 | 1 | $user->username = $this->username; |
|
149 | 1 | $user->password = $this->new_password; |
|
150 | 1 | if ($this->email === $user->email && $user->unconfirmed_email !== null) { |
|
151 | 1 | $user->unconfirmed_email = null; |
|
152 | 1 | } elseif ($this->email !== $user->email) { |
|
153 | 1 | $strategy = EmailChangeStrategyFactory::makeByStrategyType( |
|
154 | 1 | $this->getModule()->emailChangeStrategy, |
|
155 | 1 | $this |
|
156 | ); |
||
157 | |||
158 | 1 | return $strategy->run(); |
|
159 | } |
||
160 | |||
161 | 1 | return $user->save(); |
|
162 | } |
||
163 | } |
||
164 | |||
165 | 1 | return false; |
|
166 | } |
||
167 | } |
||
168 |
If you access a property on an interface, you most likely code against a concrete implementation of the interface.
Available Fixes
Adding an additional type check:
Changing the type hint: