LDAPUser - Code Metrics - Inspection of "allow binddn as RO and RW" - BurningFlipside/CommonCode - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#24)

unknown

created 2017-02-27 20:58 UTC

LDAPUser B

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	276
Duplicated Lines	7.25 %

Coupling/Cohesion

Components	1
Dependencies	8

Importance

Changes

Metric	Value
dl	20
loc	276
rs	8.3673
c	0
b	0
f	0
wmc	45
lcom	1
cbo	8

18 Methods

Rating	Name	Duplication	Size	Complexity
A	isInListOrChild()	0	12	3
A	__construct()	0	5	1
A	checkChildGroup()	0	17	4
A	uidInMemberUid()	0	4	2
B	isInGroupNamed()	0	30	6
A	enableRead()	10	10	2
A	enableReadWrite()	10	10	2
A	getGroups()	0	19	4
A	addLoginProvider()	0	4	1
A	generateLDAPPass()	0	7	1
A	setPass()	0	17	3
A	validate_password()	0	4	1
A	validate_reset_hash()	0	8	3
A	from_name()	0	14	3
B	flushUser()	0	23	4
A	getHashFromUser()	0	8	2
A	getPasswordResetHash()	0	15	2
A	delete()	0	6	1

How to fix Duplicated Code Complexity

Duplicated Code

Duplicate code is one of the most pungent code smells. A rule that is often used is to re-structure code once it is duplicated in three or more places.

Common duplication problems, and corresponding solutions are:

If you have the same expression in different places: Extract expression to a method
If you have the same method in different sub-classes: Extract method, and pull up field to the parent class
If you have the same code in unrelated classes: Consider extracting the code to a new class, and injecting that class

Complex Class

Tip: Before tackling complexity, make sure that you eliminate any duplication first. This often can reduce the size of classes significantly.

Complex classes like LDAPUser often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.

Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.

While breaking up the class, it is a good idea to analyze how other classes use LDAPUser, and based on these observations, apply Extract Interface, too.

<?php
namespace Auth;

class LDAPUser extends User
{
    use LDAPCachableObject;
    use LDAPGettableObject;
    use LDAPSettableObject;

    private $ldapObj;
    private $server;

    /**
     * Initialize a LDAPUser object
     *
     * @param boolean|array|object $data The data to initialize the LDAPUser with or false for an empty User
     *
     * @SuppressWarnings("StaticAccess")
     */
    public function __construct($data = false)
    {
        $this->server = \LDAP\LDAPServer::getInstance();
        $this->initialize($data);
    }

    private function checkChildGroup($array)
    {
        $res = false;
        for($i = 0; $i < $array['count']; $i++)
        {
            if(strpos($array[$i], $this->server->group_base) !== false)
            {
                $dn = explode(',', $array[$i]);
                $res = $this->isInGroupNamed(substr($dn[0], 3));
                if($res)
                {
                    return $res;
                }
            }
        }
        return $res;
    }

    /**
     * @param string $listName The name of the list to search
     * @param Group $group The group to search inside
     * @param string $dn The distringuished name to search for
     */
    private function isInListOrChild($listName, $group, $dn)
    {
        if(!isset($group[$listName]))
        {
            return false;
        }
        if(in_array($dn, $group[$listName]))
        {
            return true;
        }
        return $this->checkChildGroup($group[$listName]);
    }

    private function uidInMemberUid($group, $uid)
    {
        return (isset($group['memberUid']) && in_array($uid, $group['memberUid']));
    }

    public function isInGroupNamed($name)
    {
        $filter = new \Data\Filter('cn eq '.$name);

        $auth = \AuthProvider::getInstance();
        $ldap = $auth->getMethodByName('Auth\LDAPAuthenticator');
        if($ldap !== false)
        {
            $server = $ldap->getAndBindServer(false);
        }
        $group = $server->read($this->server->group_base, $filter);
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}

        if(!empty($group))
        {
            $group = $group[0];
            $dn  = $this->ldapObj->dn;
            $uid = $this->ldapObj->uid[0];
            $ret = $this->isInListOrChild('member', $group, $dn);
            if($ret === false)
            {
                $ret = $this->isInListOrChild('uniquemember', $group, $dn);
            }
            if($ret === false && $this->uidInMemberUid($group, $uid))
            {
                return true;
            }
            return $ret;
        }
        return false;
    }

    protected $valueDefaults = array(
        'o' => 'Volunteer'
    );

    protected $multiValueProps = array(
        'title',
        'ou',
        'host'
    );

    protected $cachedOnlyProps = array(
        'uid'
    );

    /**
     * LDAP does not allow anonymous read
     *
     * @SuppressWarnings("StaticAccess")
     */
    protected function enableRead()

    {
        //Make sure we are bound in read mode
        $auth = \AuthProvider::getInstance();
        $ldap = $auth->getMethodByName('Auth\LDAPAuthenticator');
        if($ldap !== false)
        {
            $this->server = $ldap->getAndBindServer(false);
        }
    }

    /**
     * Allow write for the user
     *
     * @SuppressWarnings("StaticAccess")
     */
    protected function enableReadWrite()

    {
        //Make sure we are bound in write mode
        $auth = \AuthProvider::getInstance();
        $ldap = $auth->getMethodByName('Auth\LDAPAuthenticator');
        if($ldap !== false)
        {
            $this->server = $ldap->getAndBindServer(true);
        }
    }

    public function getGroups()
    {
        $this->enableRead();
        $res = array();
        $groups = $this->server->read($this->server->group_base);
        if(!empty($groups))
        {
            $count = count($groups);
            for($i = 0; $i < $count; $i++)
            {
                if($this->isInGroupNamed($groups[$i]['cn'][0]))
                {
                    array_push($res, new LDAPGroup($groups[$i]));
                }
            }
            return $res;
        }
        return false;
    }

    public function addLoginProvider($provider)
    {
        return $this->appendField('host', $provider);
    }

    private function generateLDAPPass($pass)
    {
        mt_srand((double)microtime() * 1000000);
        $salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
        $hash = base64_encode(pack('H*', sha1($pass.$salt)).$salt);
        return '{SSHA}'.$hash;
    }

    public function setPass($password)
    {
        $password = $this->generateLDAPPass($password);
        if(!is_object($this->ldapObj))
        {
            return $this->setFieldLocal('userPassword', $password);
        }
        $obj = array('dn'=>$this->ldapObj->dn);
        $obj['userPassword'] = $password;
        if(isset($this->ldapObj->uniqueidentifier))
        {
            $obj['uniqueIdentifier'] = null;
        }
        //Make sure we are bound in write mode
        $this->enableReadWrite();
        return $this->update($obj);
    }

    public function validate_password($password)
    {
        return $this->server->bind($this->ldapObj->dn, $password) !== false;
    }

    public function validate_reset_hash($hash)
    {
        if(isset($this->ldapObj->uniqueidentifier) && strcmp($this->ldapObj->uniqueidentifier[0], $hash) === 0)
        {
            return true;
        }
        return false;
    }

    public static function from_name($name, $data)
    {
        if($data === false)
        {
            throw new \Exception('data must be set for LDAPUser');
        }
        $filter = new \Data\Filter("uid eq $name");
        $user = $data->read($data->user_base, $filter);
        if(empty($user))
        {
            return false;
        }
        return new static($user[0]);
    }

    public function flushUser()
    {
        if(is_object($this->ldapObj))
        {
            //In this mode we are always up to date
            return true;
        }
        $obj = $this->ldapObj;
        $obj['objectClass'] = array('top', 'inetOrgPerson', 'extensibleObject');
        $obj['dn'] = 'uid='.$this->ldapObj['uid'].','.$this->server->user_base;
        if(!isset($obj['sn']))
        {
            $obj['sn'] = $obj['uid'];
        }
        if(!isset($obj['cn']))
        {
            $obj['cn'] = $obj['uid'];
        }
        //Make sure we are bound in write mode
        $this->enableReadWrite();
        $ret = $this->server->create($obj);
        return $ret;
    }

    private function getHashFromUser($ldapObj)
    {
        if(isset($ldapObj->userpassword))
        {
            return hash('sha512', $ldapObj->dn.';'.$ldapObj->userpassword[0].';'.$ldapObj->mail[0]);
        }
        return hash('sha512', $ldapObj->dn.';'.openssl_random_pseudo_bytes(10).';'.$ldapObj->mail[0]);
    }

    public function getPasswordResetHash()
    {
        $ldapObj = $this->server->read($this->server->user_base, new \Data\Filter('uid eq '.$this->uid));
        $ldapObj = $ldapObj[0];
        $hash = $this->getHashFromUser($ldapObj);
        $obj = array('dn'=>$this->ldapObj->dn);
        $obj['uniqueIdentifier'] = $hash;
        //Make sure we are bound in write mode
        $this->enableReadWrite();
        if($this->server->update($obj) === false)
        {
            throw new \Exception('Unable to create hash in LDAP object!');
        }
        return $hash;
    }

    public function delete()
    {
        //Make sure we are bound in write mode
        $this->enableReadWrite();
        return $this->server->delete($this->ldapObj->dn);
    }
}
/* vim: set tabstop=4 shiftwidth=4 expandtab: */


1		<?php
2		namespace Auth;
3
4		class LDAPUser extends User
5		{
6		use LDAPCachableObject;
7		use LDAPGettableObject;
8		use LDAPSettableObject;
9
10		private $ldapObj;
11		private $server;
12
13		/**
14		* Initialize a LDAPUser object
15		*
16		* @param boolean\|array\|object $data The data to initialize the LDAPUser with or false for an empty User
17		*
18		* @SuppressWarnings("StaticAccess")
19		*/
20		public function __construct($data = false)
21		{
22		$this->server = \LDAP\LDAPServer::getInstance();
23		$this->initialize($data);
24		}
25
26		private function checkChildGroup($array)
27		{
28		$res = false;
29		for($i = 0; $i < $array['count']; $i++)
30		{
31		if(strpos($array[$i], $this->server->group_base) !== false)
32		{
33		$dn = explode(',', $array[$i]);
34		$res = $this->isInGroupNamed(substr($dn[0], 3));
35		if($res)
36		{
37		return $res;
38		}
39		}
40		}
41		return $res;
42		}
43
44		/**
45		* @param string $listName The name of the list to search
46		* @param Group $group The group to search inside
47		* @param string $dn The distringuished name to search for
48		*/
49		private function isInListOrChild($listName, $group, $dn)
50		{
51		if(!isset($group[$listName]))
52		{
53		return false;
54		}
55		if(in_array($dn, $group[$listName]))
56		{
57		return true;
58		}
59		return $this->checkChildGroup($group[$listName]);
60		}
61
62		private function uidInMemberUid($group, $uid)
63		{
64		return (isset($group['memberUid']) && in_array($uid, $group['memberUid']));
65		}
66
67		public function isInGroupNamed($name)
68		{
69		$filter = new \Data\Filter('cn eq '.$name);
70
71		$auth = \AuthProvider::getInstance();
72		$ldap = $auth->getMethodByName('Auth\LDAPAuthenticator');
73		if($ldap !== false)
74		{
75		$server = $ldap->getAndBindServer(false);
76		}
77		$group = $server->read($this->server->group_base, $filter);
		0 ignored issues – show Bug introduced 2017-02-27 17:32 UTC by Report Bug Copy Issue Report The variable `$server` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
78
79		if(!empty($group))
80		{
81		$group = $group[0];
82		$dn = $this->ldapObj->dn;
83		$uid = $this->ldapObj->uid[0];
84		$ret = $this->isInListOrChild('member', $group, $dn);
85		if($ret === false)
86		{
87		$ret = $this->isInListOrChild('uniquemember', $group, $dn);
88		}
89		if($ret === false && $this->uidInMemberUid($group, $uid))
90		{
91		return true;
92		}
93		return $ret;
94		}
95		return false;
96		}
97
98		protected $valueDefaults = array(
99		'o' => 'Volunteer'
100		);
101
102		protected $multiValueProps = array(
103		'title',
104		'ou',
105		'host'
106		);
107
108		protected $cachedOnlyProps = array(
109		'uid'
110		);
111
112		/**
113		* LDAP does not allow anonymous read
114		*
115		* @SuppressWarnings("StaticAccess")
116		*/
117	View Code Duplication	protected function enableRead()
		0 ignored issues – show Duplication introduced 2017-02-27 17:57 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
118		{
119		//Make sure we are bound in read mode
120		$auth = \AuthProvider::getInstance();
121		$ldap = $auth->getMethodByName('Auth\LDAPAuthenticator');
122		if($ldap !== false)
123		{
124		$this->server = $ldap->getAndBindServer(false);
125		}
126		}
127
128		/**
129		* Allow write for the user
130		*
131		* @SuppressWarnings("StaticAccess")
132		*/
133	View Code Duplication	protected function enableReadWrite()
		0 ignored issues – show Duplication introduced 2017-02-27 17:57 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
134		{
135		//Make sure we are bound in write mode
136		$auth = \AuthProvider::getInstance();
137		$ldap = $auth->getMethodByName('Auth\LDAPAuthenticator');
138		if($ldap !== false)
139		{
140		$this->server = $ldap->getAndBindServer(true);
141		}
142		}
143
144		public function getGroups()
145		{
146		$this->enableRead();
147		$res = array();
148		$groups = $this->server->read($this->server->group_base);
149		if(!empty($groups))
150		{
151		$count = count($groups);
152		for($i = 0; $i < $count; $i++)
153		{
154		if($this->isInGroupNamed($groups[$i]['cn'][0]))
155		{
156		array_push($res, new LDAPGroup($groups[$i]));
157		}
158		}
159		return $res;
160		}
161		return false;
162		}
163
164		public function addLoginProvider($provider)
165		{
166		return $this->appendField('host', $provider);
167		}
168
169		private function generateLDAPPass($pass)
170		{
171		mt_srand((double)microtime() * 1000000);
172		$salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
173		$hash = base64_encode(pack('H*', sha1($pass.$salt)).$salt);
174		return '{SSHA}'.$hash;
175		}
176
177		public function setPass($password)
178		{
179		$password = $this->generateLDAPPass($password);
180		if(!is_object($this->ldapObj))
181		{
182		return $this->setFieldLocal('userPassword', $password);
183		}
184		$obj = array('dn'=>$this->ldapObj->dn);
185		$obj['userPassword'] = $password;
186		if(isset($this->ldapObj->uniqueidentifier))
187		{
188		$obj['uniqueIdentifier'] = null;
189		}
190		//Make sure we are bound in write mode
191		$this->enableReadWrite();
192		return $this->update($obj);
193		}
194
195		public function validate_password($password)
196		{
197		return $this->server->bind($this->ldapObj->dn, $password) !== false;
198		}
199
200		public function validate_reset_hash($hash)
201		{
202		if(isset($this->ldapObj->uniqueidentifier) && strcmp($this->ldapObj->uniqueidentifier[0], $hash) === 0)
203		{
204		return true;
205		}
206		return false;
207		}
208
209		public static function from_name($name, $data)
210		{
211		if($data === false)
212		{
213		throw new \Exception('data must be set for LDAPUser');
214		}
215		$filter = new \Data\Filter("uid eq $name");
216		$user = $data->read($data->user_base, $filter);
217		if(empty($user))
218		{
219		return false;
220		}
221		return new static($user[0]);
222		}
223
224		public function flushUser()
225		{
226		if(is_object($this->ldapObj))
227		{
228		//In this mode we are always up to date
229		return true;
230		}
231		$obj = $this->ldapObj;
232		$obj['objectClass'] = array('top', 'inetOrgPerson', 'extensibleObject');
233		$obj['dn'] = 'uid='.$this->ldapObj['uid'].','.$this->server->user_base;
234		if(!isset($obj['sn']))
235		{
236		$obj['sn'] = $obj['uid'];
237		}
238		if(!isset($obj['cn']))
239		{
240		$obj['cn'] = $obj['uid'];
241		}
242		//Make sure we are bound in write mode
243		$this->enableReadWrite();
244		$ret = $this->server->create($obj);
245		return $ret;
246		}
247
248		private function getHashFromUser($ldapObj)
249		{
250		if(isset($ldapObj->userpassword))
251		{
252		return hash('sha512', $ldapObj->dn.';'.$ldapObj->userpassword[0].';'.$ldapObj->mail[0]);
253		}
254		return hash('sha512', $ldapObj->dn.';'.openssl_random_pseudo_bytes(10).';'.$ldapObj->mail[0]);
255		}
256
257		public function getPasswordResetHash()
258		{
259		$ldapObj = $this->server->read($this->server->user_base, new \Data\Filter('uid eq '.$this->uid));
260		$ldapObj = $ldapObj[0];
261		$hash = $this->getHashFromUser($ldapObj);
262		$obj = array('dn'=>$this->ldapObj->dn);
263		$obj['uniqueIdentifier'] = $hash;
264		//Make sure we are bound in write mode
265		$this->enableReadWrite();
266		if($this->server->update($obj) === false)
267		{
268		throw new \Exception('Unable to create hash in LDAP object!');
269		}
270		return $hash;
271		}
272
273		public function delete()
274		{
275		//Make sure we are bound in write mode
276		$this->enableReadWrite();
277		return $this->server->delete($this->ldapObj->dn);
278		}
279		}
280		/* vim: set tabstop=4 shiftwidth=4 expandtab: */
281

BurningFlipside / CommonCode