Authentication::authUser() - Code Metrics - AOEpeople/aoe_ipauth - Measure and Improve Code Quality continuously with Scrutinizer

Authentication::authUser() A
last analyzed 2020-11-24 11:21 UTC

↳ Parent: Authentication

Complexity

Conditions	5
Paths	4

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	12
CRAP Score	5.0729

Importance

Changes

Metric	Value
dl	0
loc	25
rs	9.2088
c	0
b	0
f	0
ccs	12
cts	14
cp	0.8571
cc	5
nc	4
nop	1
crap	5.0729

<?php
namespace AOE\AoeIpauth\Typo3\Service;

/***************************************************************
 *  Copyright notice
 *
 *  (c) 2019 AOE GmbH <[email protected]>
 *
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
 *  free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  The GNU General Public License can be found at
 *  http://www.gnu.org/copyleft/gpl.html.
 *
 *  This script is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  This copyright notice MUST APPEAR in all copies of the script!
 ***************************************************************/

use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Core\Authentication\AbstractAuthenticationService;

/**
 * Class Authentication
 *
 * @package AOE\AoeIpauth\Typo3\Service
 */
class Authentication extends AbstractAuthenticationService
{

    /**
     * @var \AOE\AoeIpauth\Service\IpMatchingService
     */
    protected $ipMatchingService = null;

    /**
     * @var \AOE\AoeIpauth\Domain\Service\FeEntityService
     */
    protected $feEntityService = null;

    /**
     * @var \AOE\AoeIpauth\Domain\Service\IpService
     */
    protected $ipService = null;

    /**
     * Makes sure the TCA is readable, necessary for enableFields to work
     * Is de-facto called when using the Preview BE Module
     *
     * @return void
     */
    protected function safeguardContext()
    {
        if (!isset($GLOBALS['TSFE'])) {
            return;
        }

        if (!isset($GLOBALS['TCA'][\AOE\AoeIpauth\Domain\Service\FeEntityService::TABLE_USER])) {
            if (empty($GLOBALS['TSFE']->sys_page)) {
                $GLOBALS['TSFE']->sys_page = GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Page\\PageRepository');
            }
            if (version_compare(TYPO3_version, '7.0.0', '<')) {
                $GLOBALS['TSFE']->getCompressedTCarray();
            }
        }
    }

    /**
     * Gets the user automatically
     *
     * @return bool
     */
    public function getUser()
    {
        // Do not respond to non-fe users and login attempts
        if ('getUserFE' != $this->mode || 'login' == $this->login['status']) {
            return false;
        }

        $this->safeguardContext();

        $clientIp = $this->authInfo['REMOTE_ADDR'];
        $ipAuthenticatedUsers = $this->findAllUsersByIpAuthentication($clientIp);
        if (empty($ipAuthenticatedUsers)) {
            return false;
        }

        $user = array_pop($ipAuthenticatedUsers);
        return $user;
    }

    /**
     * Authenticate a user
     * Return 200 if the IP is right.
     * This means that no more checks are needed.
     * Otherwise authentication may fail because we may don't have a password.
     *
     * @param array Data of user.
     * @return int
     */
    public function authUser($user)
    {
        $this->safeguardContext();

        $authCode = 100;

        // Do not respond to non-fe users and login attempts
        if ('FE' != $this->authInfo['loginType'] || 'login' == $this->login['status']) {
            return $authCode;
        }
        if (!isset($user['uid'])) {
            return $authCode;
        }

        $clientIp = $this->authInfo['REMOTE_ADDR'];
        $userId = $user['uid'];

        $ipMatches = $this->doesCurrentUsersIpMatch($userId, $clientIp);

        if ($ipMatches) {
            $authCode = 200;
        }

        return $authCode;
    }

    /**
     * Get the group list
     *
     * @param string $user
     * @param array $knownGroups
     * @return array
     */
    public function getGroups($user, $knownGroups)

    {
        // Do not respond to non-FE group calls
        if ('getGroupsFE' != $this->mode) {
            return $knownGroups;
        }

        $this->safeguardContext();

        $clientIp = $this->authInfo['REMOTE_ADDR'];
        $ipAuthenticatedGroups = $this->findAllGroupsByIpAuthentication($clientIp);

        if (!empty($ipAuthenticatedGroups)) {
            $knownGroups = array_merge($ipAuthenticatedGroups, $knownGroups);
        }

        return $knownGroups;
    }

    /**
     * Returns TRUE if the userId's associated IPs match the client IP
     *
     * @param int $userId
     * @param string $clientIp
     * @return bool
     */
    protected function doesCurrentUsersIpMatch($userId, $clientIp)
    {
        $isMatch = false;
        $ips = $this->getIpService()->findIpsByFeUserId($userId);

        foreach ($ips as $ipWhitelist) {
            if ($this->getIpMatchingService()->isIpAllowed($clientIp, $ipWhitelist)) {
                $isMatch = true;
                break;
            }
        }
        return $isMatch;
    }

    /**
     * Finds all users with IP authentication enabled
     *
     * @param string $ip
     * @return array
     */
    protected function findAllUsersByIpAuthentication($ip)
    {
        $users = $this->getFeEntityService()->findAllUsersAuthenticatedByIp($ip);
        return $users;
    }

    /**
     * Finds all groups with IP authentication enabled
     *
     * @param string $ip
     * @return array
     */
    protected function findAllGroupsByIpAuthentication($ip)
    {
        $groups = $this->getFeEntityService()->findAllGroupsAuthenticatedByIp($ip);
        return $groups;
    }

    /**
     * @return \AOE\AoeIpauth\Domain\Service\FeEntityService
     */
    protected function getFeEntityService()
    {
        if (null === $this->feEntityService) {
            $this->feEntityService = GeneralUtility::makeInstance('AOE\\AoeIpauth\\Domain\\Service\\FeEntityService');
        }
        return $this->feEntityService;
    }

    /**
     * @return \AOE\AoeIpauth\Domain\Service\IpService
     */
    protected function getIpService()
    {
        if (null === $this->ipService) {
            $this->ipService = GeneralUtility::makeInstance('AOE\\AoeIpauth\\Domain\\Service\\IpService');
        }
        return $this->ipService;
    }

    /**
     * @return \AOE\AoeIpauth\Service\IpMatchingService
     */
    protected function getIpMatchingService()
    {
        if (null === $this->ipMatchingService) {
            $this->ipMatchingService = GeneralUtility::makeInstance('AOE\\AoeIpauth\\Service\\IpMatchingService');
        }
        return $this->ipMatchingService;
    }
}


1		<?php
2		namespace AOE\AoeIpauth\Typo3\Service;
3
4		/***************************************************************
5		* Copyright notice
6		*
7		* (c) 2019 AOE GmbH <[email protected]>
8		*
9		* All rights reserved
10		*
11		* This script is part of the TYPO3 project. The TYPO3 project is
12		* free software; you can redistribute it and/or modify
13		* it under the terms of the GNU General Public License as published by
14		* the Free Software Foundation; either version 3 of the License, or
15		* (at your option) any later version.
16		*
17		* The GNU General Public License can be found at
18		* http://www.gnu.org/copyleft/gpl.html.
19		*
20		* This script is distributed in the hope that it will be useful,
21		* but WITHOUT ANY WARRANTY; without even the implied warranty of
22		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23		* GNU General Public License for more details.
24		*
25		* This copyright notice MUST APPEAR in all copies of the script!
26		***************************************************************/
27
28		use TYPO3\CMS\Core\Utility\GeneralUtility;
29		use TYPO3\CMS\Core\Authentication\AbstractAuthenticationService;
30
31		/**
32		* Class Authentication
33		*
34		* @package AOE\AoeIpauth\Typo3\Service
35		*/
36		class Authentication extends AbstractAuthenticationService
37		{
38
39		/**
40		* @var \AOE\AoeIpauth\Service\IpMatchingService
41		*/
42		protected $ipMatchingService = null;
43
44		/**
45		* @var \AOE\AoeIpauth\Domain\Service\FeEntityService
46		*/
47		protected $feEntityService = null;
48
49		/**
50		* @var \AOE\AoeIpauth\Domain\Service\IpService
51		*/
52		protected $ipService = null;
53
54		/**
55		* Makes sure the TCA is readable, necessary for enableFields to work
56		* Is de-facto called when using the Preview BE Module
57		*
58		* @return void
59	6	*/
60		protected function safeguardContext()
61	6	{
62	6	if (!isset($GLOBALS['TSFE'])) {
63		return;
64		}
65
66		if (!isset($GLOBALS['TCA'][\AOE\AoeIpauth\Domain\Service\FeEntityService::TABLE_USER])) {
67		if (empty($GLOBALS['TSFE']->sys_page)) {
68		$GLOBALS['TSFE']->sys_page = GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Page\\PageRepository');
69		}
70		if (version_compare(TYPO3_version, '7.0.0', '<')) {
71		$GLOBALS['TSFE']->getCompressedTCarray();
72		}
73		}
74		}
75
76		/**
77		* Gets the user automatically
78		*
79		* @return bool
80	3	*/
81		public function getUser()
82		{
83	3	// Do not respond to non-fe users and login attempts
84		if ('getUserFE' != $this->mode \|\| 'login' == $this->login['status']) {
85		return false;
86		}
87	3
88		$this->safeguardContext();
89	3
90	3	$clientIp = $this->authInfo['REMOTE_ADDR'];
91		$ipAuthenticatedUsers = $this->findAllUsersByIpAuthentication($clientIp);
92	3	if (empty($ipAuthenticatedUsers)) {
93	1	return false;
94		}
95
96	2	$user = array_pop($ipAuthenticatedUsers);
97	2	return $user;
98		}
99
100		/**
101		* Authenticate a user
102		* Return 200 if the IP is right.
103		* This means that no more checks are needed.
104		* Otherwise authentication may fail because we may don't have a password.
105		*
106		* @param array Data of user.
107		* @return int
108		*/
109	2	public function authUser($user)
110		{
111	2	$this->safeguardContext();
112
113	2	$authCode = 100;
114
115		// Do not respond to non-fe users and login attempts
116	2	if ('FE' != $this->authInfo['loginType'] \|\| 'login' == $this->login['status']) {
117		return $authCode;
118		}
119	2	if (!isset($user['uid'])) {
120		return $authCode;
121		}
122
123	2	$clientIp = $this->authInfo['REMOTE_ADDR'];
124	2	$userId = $user['uid'];
125
126	2	$ipMatches = $this->doesCurrentUsersIpMatch($userId, $clientIp);
127
128	2	if ($ipMatches) {
129	1	$authCode = 200;
130	1	}
131
132	2	return $authCode;
133		}
134
135		/**
136		* Get the group list
137		*
138		* @param string $user
139		* @param array $knownGroups
140		* @return array
141		*/
142	1	public function getGroups($user, $knownGroups)
		0 ignored issues – show Unused Code introduced 2017-09-07 15:36 UTC by Report Bug Copy Issue Report The parameter `$user` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
143		{
144		// Do not respond to non-FE group calls
145	1	if ('getGroupsFE' != $this->mode) {
146		return $knownGroups;
147		}
148
149	1	$this->safeguardContext();
150
151	1	$clientIp = $this->authInfo['REMOTE_ADDR'];
152	1	$ipAuthenticatedGroups = $this->findAllGroupsByIpAuthentication($clientIp);
153
154	1	if (!empty($ipAuthenticatedGroups)) {
155	1	$knownGroups = array_merge($ipAuthenticatedGroups, $knownGroups);
156	1	}
157
158	1	return $knownGroups;
159		}
160
161		/**
162		* Returns TRUE if the userId's associated IPs match the client IP
163		*
164		* @param int $userId
165		* @param string $clientIp
166		* @return bool
167		*/
168		protected function doesCurrentUsersIpMatch($userId, $clientIp)
169		{
170		$isMatch = false;
171		$ips = $this->getIpService()->findIpsByFeUserId($userId);
172
173		foreach ($ips as $ipWhitelist) {
174		if ($this->getIpMatchingService()->isIpAllowed($clientIp, $ipWhitelist)) {
175		$isMatch = true;
176		break;
177		}
178		}
179		return $isMatch;
180		}
181
182		/**
183		* Finds all users with IP authentication enabled
184		*
185		* @param string $ip
186		* @return array
187		*/
188		protected function findAllUsersByIpAuthentication($ip)
189		{
190		$users = $this->getFeEntityService()->findAllUsersAuthenticatedByIp($ip);
191		return $users;
192		}
193
194		/**
195		* Finds all groups with IP authentication enabled
196		*
197		* @param string $ip
198		* @return array
199		*/
200		protected function findAllGroupsByIpAuthentication($ip)
201		{
202		$groups = $this->getFeEntityService()->findAllGroupsAuthenticatedByIp($ip);
203		return $groups;
204		}
205
206		/**
207		* @return \AOE\AoeIpauth\Domain\Service\FeEntityService
208		*/
209		protected function getFeEntityService()
210		{
211		if (null === $this->feEntityService) {
212		$this->feEntityService = GeneralUtility::makeInstance('AOE\\AoeIpauth\\Domain\\Service\\FeEntityService');
213		}
214		return $this->feEntityService;
215		}
216
217		/**
218		* @return \AOE\AoeIpauth\Domain\Service\IpService
219		*/
220		protected function getIpService()
221		{
222		if (null === $this->ipService) {
223		$this->ipService = GeneralUtility::makeInstance('AOE\\AoeIpauth\\Domain\\Service\\IpService');
224		}
225		return $this->ipService;
226		}
227
228		/**
229		* @return \AOE\AoeIpauth\Service\IpMatchingService
230		*/
231		protected function getIpMatchingService()
232		{
233		if (null === $this->ipMatchingService) {
234		$this->ipMatchingService = GeneralUtility::makeInstance('AOE\\AoeIpauth\\Service\\IpMatchingService');
235		}
236		return $this->ipMatchingService;
237		}
238		}
239

AOEpeople / aoe_ipauth

Authentication::authUser() A last analyzed 2020-11-24 11:21 UTC

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like

Authentication::authUser() A
last analyzed 2020-11-24 11:21 UTC