PasswordPwnedListValidator - Code Metrics - Inspection of "Add PwnedListValidator" - AnthonyPorthouse/password - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 8e03fe...2e168d )

by Anthony

created 2018-02-28 14:33 UTC

PasswordPwnedListValidator A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	55
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	1

Test Coverage

Coverage

Importance

Changes

Metric	Value
wmc	7
lcom	1
cbo	1
dl	0
loc	55
ccs	0
cts	27
cp	0
rs	10
c	0
b	0
f	0

3 Methods

Rating	Name	Size	Complexity
A	__construct()	5	1
A	validate()	16	4
A	getBlacklistPasswords()	10	2

<?php
declare(strict_types=1);

namespace Porthou\Password\Validators;

use Generator;
use Porthou\Password\PasswordException;

class PasswordPwnedListValidator
{
    /** @var string $file */
    private $file;

    /** @var int $minimumThreshold */
    private $minimumThreshold;

    /**
     * PasswordPwnedListValidator constructor.
     *
     * @param string $file the path to the blacklist file
     * @param int $minimumThreshold How many times a password must appear before we consider it invalid
     * @see https://haveibeenpwned.com/Passwords for access to the list of passwords to be used with this validator.
     */
    public function __construct(string $file, $minimumThreshold = 50)
    {
        $this->file = $file;
        $this->minimumThreshold = $minimumThreshold;
    }

    /** {@inheritdoc} */
    public function validate(string $password): bool
    {
        $passwordHash = sha1($password);

        foreach ($this->getBlacklistPasswords() as $badPassword) {
            [$badHash, $count] = $badPassword;

            if (
                $passwordHash === $badHash
                && $count >= $this->minimumThreshold
            ) {
                throw new PasswordException('Password has been pwned.');
            }
        }

        return true;
    }

    /**
     * Iterates over and yields each blacklisted password
     *
     * @return Generator
     */
    private function getBlacklistPasswords(): Generator
    {
        $fh = fopen($this->file, 'rb');

        while (($password = fgets($fh)) !== false) {
            yield explode(':', trim($password));
        }

        fclose($fh);
    }
}


1			<?php
2			declare(strict_types=1);
3
4			namespace Porthou\Password\Validators;
5
6			use Generator;
7			use Porthou\Password\PasswordException;
8
9			class PasswordPwnedListValidator
10			{
11			/** @var string $file */
12			private $file;
13
14			/** @var int $minimumThreshold */
15			private $minimumThreshold;
16
17			/**
18			* PasswordPwnedListValidator constructor.
19			*
20			* @param string $file the path to the blacklist file
21			* @param int $minimumThreshold How many times a password must appear before we consider it invalid
22			* @see https://haveibeenpwned.com/Passwords for access to the list of passwords to be used with this validator.
23			*/
24			public function __construct(string $file, $minimumThreshold = 50)
25			{
26			$this->file = $file;
27			$this->minimumThreshold = $minimumThreshold;
28			}
29
30			/** {@inheritdoc} */
31			public function validate(string $password): bool
32			{
33			$passwordHash = sha1($password);
34
35			foreach ($this->getBlacklistPasswords() as $badPassword) {
36			[$badHash, $count] = $badPassword;
			0 ignored issues – show Bug introduced 2018-02-28 14:35 UTC by Report Bug Copy Issue Report The variable `$badHash` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history... Bug introduced 2018-02-28 14:35 UTC by Report Bug Copy Issue Report The variable `$count` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
37			if (
38			$passwordHash === $badHash
39			&& $count >= $this->minimumThreshold
40			) {
41			throw new PasswordException('Password has been pwned.');
42			}
43			}
44
45			return true;
46			}
47
48			/**
49			* Iterates over and yields each blacklisted password
50			*
51			* @return Generator
52			*/
53			private function getBlacklistPasswords(): Generator
54			{
55			$fh = fopen($this->file, 'rb');
56
57			while (($password = fgets($fh)) !== false) {
58			yield explode(':', trim($password));
59			}
60
61			fclose($fh);
62			}
63			}
64

AnthonyPorthouse / password

Push — master ( 8e03fe...2e168d )

PasswordPwnedListValidator A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

3 Methods

Duplication Side-by-Side

Filter issues like