UsersAPI::validateCanCreateUser() - Code Metrics - Inspection of "Fix Scruitinizer Code issues" - BurningFlipside/Profiles - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — develop (#51)

by Patrick

created 2017-06-21 03:35 UTC

UsersAPI::validateCanCreateUser() A

↳ Parent: UsersAPI

Complexity

Conditions	3
Paths	3

Size

Total Lines	16
Code Lines	10

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	3
eloc	10
nc	3
nop	3
dl	0
loc	16
rs	9.4285
c	0
b	0
f	0

<?php
class UsersAPI extends ProfilesAdminAPI
{
    public function setup($app)
    {
        $app->get('[/]', array($this, 'listUsers'));
        $app->post('[/]', array($this, 'createUser'));
        $app->get('/{uid}[/]', array($this, 'showUser'));
        $app->patch('/{uid}[/]', array($this, 'editUser'));
        $app->delete('/{uid}[/]', array($this, 'deleteUser'));
        $app->get('/{uid}/groups[/]', array($this, 'listGroupsForUser'));
        $app->post('/{uid}/Actions/link[/]', array($this, 'linkUser'));
        $app->post('/{uid}/Actions/reset_pass[/]', array($this, 'resetUserPassword'));
        $app->post('/Actions/check_email_available[/]', array($this, 'checkEmailAvailable'));
        $app->post('/Actions/check_uid_available[/]', array($this, 'checkUidAvailable'));
        $app->post('/Actions/remind_uid[/]', array($this, 'remindUid'));
    }

    public function listUsers($request, $response)
    {
        $odata = $request->getAttribute('odata', new \ODataParams(array()));
        if($this->validateIsAdmin($request, true) === false)
        {
            $users = array($this->user);
            $users = $odata->filterArrayPerSelect($users);
        }
        else
        {
            $auth = AuthProvider::getInstance();
            $users = $auth->getUsersByFilter($odata->filter, $odata->select, $odata->top, $odata->skip, 
                                             $odata->orderby);
        }
        return $response->withJson($users);
    }

    protected function validateCanCreateUser($proposedUser, $auth, &$message)
    {
        $user = $auth->getUsersByFilter(new \Data\Filter('mail eq '.$proposedUser->mail));
        if(!empty($user))
        {
            $message = 'Email already exists!';
            return false;
        }
        $user = $auth->getUsersByFilter(new \Data\Filter('uid eq '.$proposedUser->uid));
        if(!empty($user))
        {
            $message = 'Username already exists!';
            return false;
        }
        return true;
    }

    protected function validEmail($email)
    {
        if(filter_var($email) === false)
        {
            return false;
        }
        $pos = strpos($email, '@');
        if($pos === false)
        {
            return false;
        }
        $domain = substr($email, $pos + 1);
        if(checkdnsrr($domain, 'MX') === false)
        {
            return false;
        }
        return true;
    }

    protected function getFailArray($message)
    {
        return array('res'=>false, 'message'=>$message);
    }

    public function createUser($request, $response)
    {
        $this->user = $request->getAttribute('user');
        //This one is different. If they are logged in fail...
        if($this->user !== false)
        {
            return $response->withStatus(404);
        }
        $obj = $request->getParsedBody();
        if(!isset($obj->captcha))
        {
            return $response->withStatus(401);
        }
        $captcha = FlipSession::getVar('captcha');
        if($captcha === false)
        {
            return $response->withStatus(401);
        }
        if(!$captcha->is_answer_right($obj->captcha))
        {
            return $response->withJson($this->getFailArray('Incorrect answer to CAPTCHA!'), 412);
        }
        $auth = AuthProvider::getInstance();
        $message = false;
        if($this->validateCanCreateUser($obj, $auth, $message) === false)
        {
            return $response->withJson($this->getFailArray($message), 412);
        }
        else if($this->validEmail($obj->mail) === false)
        {
            return $response->withJson($this->getFailArray('Invalid Email Address!'));
        }
        $ret = $auth->createPendingUser($obj);
        if($ret == false)
        {
            return $response->withJson($this->getFailArray('Failed to save user registration!'), 500);
        }
        return $response->withJson($ret);
    }

    protected function userIsMe($request, $uid)
    {
        $this->user = $request->getAttribute('user');
        return ($uid === 'me' || ($this->user !== false && $uid === $this->user->uid));
    }

    protected function hasLeadAccess()
    {
        return ($this->user->isInGroupNamed('Leads') || $this->user->isInGroupNamed('CC') || $this->user->isInGroupNamed('AFs'));
    }

    protected function getUserByUIDReadOnly($request, $uid)

    {
        if($this->userIsMe($request, $uid))
        {
            return $this->user;
        }
        if($this->user->isInGroupNamed('LDAPAdmins') || $this->hasLeadAccess())
        {
            $auth = \AuthProvider::getInstance();
            $filter = new \Data\Filter("uid eq $uid");
            $users = $auth->getUsersByFilter($filter);
            if(!empty($users))
            {
                return $users[0];
            }
        }
        return false;
    }

    protected function getUserByUID($request, $uid)

    {
        if($this->userIsMe($request, $uid))
        {
            return $this->user;
        }
        if($this->user->isInGroupNamed('LDAPAdmins'))
        {
            $auth = \AuthProvider::getInstance();
            $filter = new \Data\Filter("uid eq $uid");
            $users = $auth->getUsersByFilter($filter);
            if(!empty($users))
            {
                return $users[0];
            }
        }
        return false;
    }

    public function showUser($request, $response, $args)
    {
        $uid = $args['uid'];
        $user = $request->getAttribute('user');
        if($user === false)
        {
            if($_SERVER['SERVER_ADDR'] === $_SERVER['REMOTE_ADDR'])
            {
                $user = \AuthProvider::getInstance()->getUsersByFilter(new \Data\Filter("uid eq $uid"));
                if(empty($user))
                {
                    return $response->withStatus(404);
                }
                return $response->withJson($user[0]);
            } 
            return $response->withStatus(401);
        }
        $user = $this->getUserByUIDReadOnly($request, $uid);
        if($user === false)
        {
            return $response->withStatus(404);
        }
        if(!is_object($user) && isset($user[0]))
        {
            $user = $user[0];
        }
        if($request->getAttribute('format') === 'vcard')
        {
            $response = $response->withHeader('Content-Type', 'text/x-vCard');
            $response->getBody()->write($user->getVcard());
            return $response;
        }
        return $response->withJson($user);
    }

    protected function sendPasswordResetEmail($user)
    {
        $forwardedFor = false;
        if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
        {
            $forwardedFor = $_SERVER['HTTP_X_FORWARDED_FOR'];
        }
        $emailMsg = new PasswordHasBeenResetEmail($user, $_SERVER['REMOTE_ADDR'], $forwardedFor);
        $emailProvider = EmailProvider::getInstance();
        if($emailProvider->sendEmail($emailMsg) === false)
        {
            throw new \Exception('Unable to send password reset email!');
        }
    }

    protected function exceptionCodeToHttpCode($e)
    {
        if($e->getCode() === 3)
        {
            return 401;
        }
        return 500;
    }

    protected function getUser($request, $uid, $payload)
    {
        $this->user = $request->getAttribute('user');
        if($this->user === false)
        {
            if(isset($payload->hash))
            {
                $auth = AuthProvider::getInstance();
                $this->user = $auth->getUserByResetHash($payload->hash);
                return $this->user;
            }
            return false;
        }
        return $this->getUserByUID($request, $uid);
    }

    public function editUser($request, $response, $args)
    {
        $uid = 'me';
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        $obj = $request->getParsedBody();
        $user = $this->getUser($request, $uid, $obj);
        if($user === false)
        {
            return $response->withStatus(404);
        }
        try
        {
            if(isset($obj->old_uid))
            {
                unset($obj->old_uid);
            }
            $user->editUser($obj);
        }
        catch(\Exception $e)
        {
            return $response->withJson($e, exceptionCodeToHttpCode($e));
        }
        if($this->userIsMe($request, $uid))
        {
            \FlipSession::setUser($user);
        }
        if(isset($obj->password))
        {
            $this->sendPasswordResetEmail($user);
        }
        return $response->withJson(array('success'=>true));
    }

    public function deleteUser($request, $response, $args)
    {
        $uid = 'me';
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        $user = false;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
        if($this->validateIsAdmin($request, true) === false && $this->userIsMe($request, $uid))
        {
            $user = $this->user;
        }
        else
        {
            $auth = AuthProvider::getInstance();
            $filter = new \Data\Filter("uid eq $uid");
            $user = $auth->getUsersByFilter($filter);
            if(empty($user))
            {
                $user = false;
            }
            else
            {
                $user = $user[0];
            }
        }
        if($user === false)
        {
            return $response->withStatus(404);
        }
        return $response->withJson($user->delete());
    }

    public function listGroupsForUser($request, $response, $args)
    {
        $uid = 'me';
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        $this->validateLoggedIn($request);
        $user = $this->getUserByUID($request, $uid);
        if($user === false)
        {
            return $response->withStatus(404);
        }
        $groups = $user->getGroups();
        if($groups === false)
        {
            $groups = array();
        }
        return $response->withJson($groups);
    }

    public function linkUser($request, $response, $args)
    {
        $uid = 'me';
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        $this->validateLoggedIn($request);
        $obj = $request->getParsedBody();
        if($this->userIsMe($request, $uid))
        {
            $this->user->addLoginProvider($obj->provider);
            AuthProvider::getInstance()->impersonateUser($this->user);
        }
        else if($this->user->isInGroupNamed("LDAPAdmins"))
        {
            $user = AuthProvider::getInstance()->getUser($uid);
            if($user === false)
            {
                return $response->withStatus(404);
            }
            $user->addLoginProvider($obj->provider);
        }
        else
        {
            return $response->withStatus(404);
        }
        return $response->withJson(array('success'=>true));
    }

    protected function getAllUsersByFilter($filter, &$pending)
    {
        $auth = AuthProvider::getInstance();
        $user = $auth->getUsersByFilter($filter);
        if(!empty($user))
        {
            $pending = false;
            return $user[0];
        }
        $user = $auth->getPendingUsersByFilter($filter);
        if(!empty($user))
        {
            $pending = true;
            return $user[0];
        }
        return false;
    }

    public function checkEmailAvailable($request, $response)
    {
        $params = $request->getQueryParams();
        $email = false;
        if(isset($params['email']))
        {
            $email = $params['email'];
        }
        if($email === false)
        {
            return $response->withStatus(400);
        }
        if(filter_var($email, FILTER_VALIDATE_EMAIL) === false || strpos($email, '@') === false)
        {
            return $response->withJson(false);
        }
        if(strstr($email, '+') !== false)
        {
            //Remove everything between the + and the @
            $begining = strpos($email, '+');
            $end = strpos($email, '@');
            $to_delete = substr($email, $begining, $end - $begining);
            $email = str_replace($to_delete, '', $email);
        }
        $filter = new \Data\Filter('mail eq '.$email);
        $pending = false;
        $user = $this->getAllUsersByFilter($filter, $pending);
        if($user === false)
        {
            return $response->withJson(true);
        }
        return $response->withJson(array('res'=>false, 'email'=>$user->mail, 'pending'=>$pending));
    }

    public function checkUidAvailable($request, $response)
    {
        $params = $request->getQueryParams();
        $uid = false;
        if(isset($params['uid']))
        {
            $uid = $params['uid'];
        }
        if($uid === false)
        {
            return $response->withStatus(400);
        }
        if(strpos($uid, '=') !== false || strpos($uid, ',') !== false)
        {
            return $response->withJson(false);
        }
        $filter = new \Data\Filter('uid eq '.$uid);
        $pending = false;
        $user = $this->getAllUsersByFilter($filter, $pending);
        if($user === false)
        {
            return $response->withJson(true);
        }
        return $response->withJson(array('res'=>false, 'uidl'=>$user->uid, 'pending'=>$pending));
    }

    public function resetUserPassword($request, $response, $args)
    {
        $uid = false;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        else
        {
            return $response->withStatus(400);
        }
        $auth = AuthProvider::getInstance();
        $users = $auth->getUsersByFilter(new \Data\Filter('uid eq '.$uid));
        if(empty($users))
        {
            return $response->withStatus(404);
        }
        $email_msg = new PasswordResetEmail($users[0]);
        $email_provider = EmailProvider::getInstance();
        if($email_provider->sendEmail($email_msg) === false)
        {
            throw new \Exception('Unable to send email!');
        }
        return $response->withJson(true);
    }

    public function remindUid($request, $response)
    {
        $params = $request->getQueryParams();
        $email = false;
        if(isset($params['email']))
        {
            $email = $params['email'];
        }
        if($email === false)
        {
            return $response->withStatus(400);
        }
        if(filter_var($email, FILTER_VALIDATE_EMAIL) === false)
        {
            return $response->withStatus(400);
        }
        $auth = AuthProvider::getInstance();
        $users = $auth->getUsersByFilter(new \Data\Filter('mail eq '.$email));
        if(empty($users))
        {
            return $response->withStatus(404);
        }
        $email_msg = new UIDForgotEmail($users[0]);
        $email_provider = EmailProvider::getInstance();
        if($email_provider->sendEmail($email_msg) === false)
        {
            throw new \Exception('Unable to send email!');
        }
    }
}
/* vim: set tabstop=4 shiftwidth=4 expandtab: */


1		<?php
2		class UsersAPI extends ProfilesAdminAPI
3		{
4		public function setup($app)
5		{
6		$app->get('[/]', array($this, 'listUsers'));
7		$app->post('[/]', array($this, 'createUser'));
8		$app->get('/{uid}[/]', array($this, 'showUser'));
9		$app->patch('/{uid}[/]', array($this, 'editUser'));
10		$app->delete('/{uid}[/]', array($this, 'deleteUser'));
11		$app->get('/{uid}/groups[/]', array($this, 'listGroupsForUser'));
12		$app->post('/{uid}/Actions/link[/]', array($this, 'linkUser'));
13		$app->post('/{uid}/Actions/reset_pass[/]', array($this, 'resetUserPassword'));
14		$app->post('/Actions/check_email_available[/]', array($this, 'checkEmailAvailable'));
15		$app->post('/Actions/check_uid_available[/]', array($this, 'checkUidAvailable'));
16		$app->post('/Actions/remind_uid[/]', array($this, 'remindUid'));
17		}
18
19		public function listUsers($request, $response)
20		{
21		$odata = $request->getAttribute('odata', new \ODataParams(array()));
22		if($this->validateIsAdmin($request, true) === false)
23		{
24		$users = array($this->user);
25		$users = $odata->filterArrayPerSelect($users);
26		}
27		else
28		{
29		$auth = AuthProvider::getInstance();
30		$users = $auth->getUsersByFilter($odata->filter, $odata->select, $odata->top, $odata->skip,
31		$odata->orderby);
32		}
33		return $response->withJson($users);
34		}
35
36		protected function validateCanCreateUser($proposedUser, $auth, &$message)
37		{
38		$user = $auth->getUsersByFilter(new \Data\Filter('mail eq '.$proposedUser->mail));
39		if(!empty($user))
40		{
41		$message = 'Email already exists!';
42		return false;
43		}
44		$user = $auth->getUsersByFilter(new \Data\Filter('uid eq '.$proposedUser->uid));
45		if(!empty($user))
46		{
47		$message = 'Username already exists!';
48		return false;
49		}
50		return true;
51		}
52
53		protected function validEmail($email)
54		{
55		if(filter_var($email) === false)
56		{
57		return false;
58		}
59		$pos = strpos($email, '@');
60		if($pos === false)
61		{
62		return false;
63		}
64		$domain = substr($email, $pos + 1);
65		if(checkdnsrr($domain, 'MX') === false)
66		{
67		return false;
68		}
69		return true;
70		}
71
72		protected function getFailArray($message)
73		{
74		return array('res'=>false, 'message'=>$message);
75		}
76
77		public function createUser($request, $response)
78		{
79		$this->user = $request->getAttribute('user');
80		//This one is different. If they are logged in fail...
81		if($this->user !== false)
82		{
83		return $response->withStatus(404);
84		}
85		$obj = $request->getParsedBody();
86		if(!isset($obj->captcha))
87		{
88		return $response->withStatus(401);
89		}
90		$captcha = FlipSession::getVar('captcha');
91		if($captcha === false)
92		{
93		return $response->withStatus(401);
94		}
95		if(!$captcha->is_answer_right($obj->captcha))
96		{
97		return $response->withJson($this->getFailArray('Incorrect answer to CAPTCHA!'), 412);
98		}
99		$auth = AuthProvider::getInstance();
100		$message = false;
101		if($this->validateCanCreateUser($obj, $auth, $message) === false)
102		{
103		return $response->withJson($this->getFailArray($message), 412);
104		}
105		else if($this->validEmail($obj->mail) === false)
106		{
107		return $response->withJson($this->getFailArray('Invalid Email Address!'));
108		}
109		$ret = $auth->createPendingUser($obj);
110		if($ret == false)
111		{
112		return $response->withJson($this->getFailArray('Failed to save user registration!'), 500);
113		}
114		return $response->withJson($ret);
115		}
116
117		protected function userIsMe($request, $uid)
118		{
119		$this->user = $request->getAttribute('user');
120		return ($uid === 'me' \|\| ($this->user !== false && $uid === $this->user->uid));
121		}
122
123		protected function hasLeadAccess()
124		{
125		return ($this->user->isInGroupNamed('Leads') \|\| $this->user->isInGroupNamed('CC') \|\| $this->user->isInGroupNamed('AFs'));
126		}
127
128	View Code Duplication	protected function getUserByUIDReadOnly($request, $uid)
		0 ignored issues – show Duplication introduced 2017-06-20 14:43 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
129		{
130		if($this->userIsMe($request, $uid))
131		{
132		return $this->user;
133		}
134		if($this->user->isInGroupNamed('LDAPAdmins') \|\| $this->hasLeadAccess())
135		{
136		$auth = \AuthProvider::getInstance();
137		$filter = new \Data\Filter("uid eq $uid");
138		$users = $auth->getUsersByFilter($filter);
139		if(!empty($users))
140		{
141		return $users[0];
142		}
143		}
144		return false;
145		}
146
147	View Code Duplication	protected function getUserByUID($request, $uid)
		0 ignored issues – show Duplication introduced 2017-06-20 14:43 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
148		{
149		if($this->userIsMe($request, $uid))
150		{
151		return $this->user;
152		}
153		if($this->user->isInGroupNamed('LDAPAdmins'))
154		{
155		$auth = \AuthProvider::getInstance();
156		$filter = new \Data\Filter("uid eq $uid");
157		$users = $auth->getUsersByFilter($filter);
158		if(!empty($users))
159		{
160		return $users[0];
161		}
162		}
163		return false;
164		}
165
166		public function showUser($request, $response, $args)
167		{
168		$uid = $args['uid'];
169		$user = $request->getAttribute('user');
170		if($user === false)
171		{
172		if($_SERVER['SERVER_ADDR'] === $_SERVER['REMOTE_ADDR'])
173		{
174		$user = \AuthProvider::getInstance()->getUsersByFilter(new \Data\Filter("uid eq $uid"));
175		if(empty($user))
176		{
177		return $response->withStatus(404);
178		}
179		return $response->withJson($user[0]);
180		}
181		return $response->withStatus(401);
182		}
183		$user = $this->getUserByUIDReadOnly($request, $uid);
184		if($user === false)
185		{
186		return $response->withStatus(404);
187		}
188		if(!is_object($user) && isset($user[0]))
189		{
190		$user = $user[0];
191		}
192		if($request->getAttribute('format') === 'vcard')
193		{
194		$response = $response->withHeader('Content-Type', 'text/x-vCard');
195		$response->getBody()->write($user->getVcard());
196		return $response;
197		}
198		return $response->withJson($user);
199		}
200
201		protected function sendPasswordResetEmail($user)
202		{
203		$forwardedFor = false;
204		if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
205		{
206		$forwardedFor = $_SERVER['HTTP_X_FORWARDED_FOR'];
207		}
208		$emailMsg = new PasswordHasBeenResetEmail($user, $_SERVER['REMOTE_ADDR'], $forwardedFor);
209		$emailProvider = EmailProvider::getInstance();
210		if($emailProvider->sendEmail($emailMsg) === false)
211		{
212		throw new \Exception('Unable to send password reset email!');
213		}
214		}
215
216		protected function exceptionCodeToHttpCode($e)
217		{
218		if($e->getCode() === 3)
219		{
220		return 401;
221		}
222		return 500;
223		}
224
225		protected function getUser($request, $uid, $payload)
226		{
227		$this->user = $request->getAttribute('user');
228		if($this->user === false)
229		{
230		if(isset($payload->hash))
231		{
232		$auth = AuthProvider::getInstance();
233		$this->user = $auth->getUserByResetHash($payload->hash);
234		return $this->user;
235		}
236		return false;
237		}
238		return $this->getUserByUID($request, $uid);
239		}
240
241		public function editUser($request, $response, $args)
242		{
243		$uid = 'me';
244		if(isset($args['uid']))
245		{
246		$uid = $args['uid'];
247		}
248		$obj = $request->getParsedBody();
249		$user = $this->getUser($request, $uid, $obj);
250		if($user === false)
251		{
252		return $response->withStatus(404);
253		}
254		try
255		{
256		if(isset($obj->old_uid))
257		{
258		unset($obj->old_uid);
259		}
260		$user->editUser($obj);
261		}
262		catch(\Exception $e)
263		{
264		return $response->withJson($e, exceptionCodeToHttpCode($e));
265		}
266		if($this->userIsMe($request, $uid))
267		{
268		\FlipSession::setUser($user);
269		}
270		if(isset($obj->password))
271		{
272		$this->sendPasswordResetEmail($user);
273		}
274		return $response->withJson(array('success'=>true));
275		}
276
277		public function deleteUser($request, $response, $args)
278		{
279		$uid = 'me';
280		if(isset($args['uid']))
281		{
282		$uid = $args['uid'];
283		}
284		$user = false;
		0 ignored issues – show Unused Code introduced 2017-06-20 14:43 UTC by Report Bug Copy Issue Report `$user` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
285		if($this->validateIsAdmin($request, true) === false && $this->userIsMe($request, $uid))
286		{
287		$user = $this->user;
288		}
289		else
290		{
291		$auth = AuthProvider::getInstance();
292		$filter = new \Data\Filter("uid eq $uid");
293		$user = $auth->getUsersByFilter($filter);
294		if(empty($user))
295		{
296		$user = false;
297		}
298		else
299		{
300		$user = $user[0];
301		}
302		}
303		if($user === false)
304		{
305		return $response->withStatus(404);
306		}
307		return $response->withJson($user->delete());
308		}
309
310		public function listGroupsForUser($request, $response, $args)
311		{
312		$uid = 'me';
313		if(isset($args['uid']))
314		{
315		$uid = $args['uid'];
316		}
317		$this->validateLoggedIn($request);
318		$user = $this->getUserByUID($request, $uid);
319		if($user === false)
320		{
321		return $response->withStatus(404);
322		}
323		$groups = $user->getGroups();
324		if($groups === false)
325		{
326		$groups = array();
327		}
328		return $response->withJson($groups);
329		}
330
331		public function linkUser($request, $response, $args)
332		{
333		$uid = 'me';
334		if(isset($args['uid']))
335		{
336		$uid = $args['uid'];
337		}
338		$this->validateLoggedIn($request);
339		$obj = $request->getParsedBody();
340		if($this->userIsMe($request, $uid))
341		{
342		$this->user->addLoginProvider($obj->provider);
343		AuthProvider::getInstance()->impersonateUser($this->user);
344		}
345		else if($this->user->isInGroupNamed("LDAPAdmins"))
346		{
347		$user = AuthProvider::getInstance()->getUser($uid);
348		if($user === false)
349		{
350		return $response->withStatus(404);
351		}
352		$user->addLoginProvider($obj->provider);
353		}
354		else
355		{
356		return $response->withStatus(404);
357		}
358		return $response->withJson(array('success'=>true));
359		}
360
361		protected function getAllUsersByFilter($filter, &$pending)
362		{
363		$auth = AuthProvider::getInstance();
364		$user = $auth->getUsersByFilter($filter);
365		if(!empty($user))
366		{
367		$pending = false;
368		return $user[0];
369		}
370		$user = $auth->getPendingUsersByFilter($filter);
371		if(!empty($user))
372		{
373		$pending = true;
374		return $user[0];
375		}
376		return false;
377		}
378
379		public function checkEmailAvailable($request, $response)
380		{
381		$params = $request->getQueryParams();
382		$email = false;
383		if(isset($params['email']))
384		{
385		$email = $params['email'];
386		}
387		if($email === false)
388		{
389		return $response->withStatus(400);
390		}
391		if(filter_var($email, FILTER_VALIDATE_EMAIL) === false \|\| strpos($email, '@') === false)
392		{
393		return $response->withJson(false);
394		}
395		if(strstr($email, '+') !== false)
396		{
397		//Remove everything between the + and the @
398		$begining = strpos($email, '+');
399		$end = strpos($email, '@');
400		$to_delete = substr($email, $begining, $end - $begining);
401		$email = str_replace($to_delete, '', $email);
402		}
403		$filter = new \Data\Filter('mail eq '.$email);
404		$pending = false;
405		$user = $this->getAllUsersByFilter($filter, $pending);
406		if($user === false)
407		{
408		return $response->withJson(true);
409		}
410		return $response->withJson(array('res'=>false, 'email'=>$user->mail, 'pending'=>$pending));
411		}
412
413		public function checkUidAvailable($request, $response)
414		{
415		$params = $request->getQueryParams();
416		$uid = false;
417		if(isset($params['uid']))
418		{
419		$uid = $params['uid'];
420		}
421		if($uid === false)
422		{
423		return $response->withStatus(400);
424		}
425		if(strpos($uid, '=') !== false \|\| strpos($uid, ',') !== false)
426		{
427		return $response->withJson(false);
428		}
429		$filter = new \Data\Filter('uid eq '.$uid);
430		$pending = false;
431		$user = $this->getAllUsersByFilter($filter, $pending);
432		if($user === false)
433		{
434		return $response->withJson(true);
435		}
436		return $response->withJson(array('res'=>false, 'uidl'=>$user->uid, 'pending'=>$pending));
437		}
438
439		public function resetUserPassword($request, $response, $args)
440		{
441		$uid = false;
		0 ignored issues – show Unused Code introduced 2017-06-20 14:43 UTC by Report Bug Copy Issue Report `$uid` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
442		if(isset($args['uid']))
443		{
444		$uid = $args['uid'];
445		}
446		else
447		{
448		return $response->withStatus(400);
449		}
450		$auth = AuthProvider::getInstance();
451		$users = $auth->getUsersByFilter(new \Data\Filter('uid eq '.$uid));
452		if(empty($users))
453		{
454		return $response->withStatus(404);
455		}
456		$email_msg = new PasswordResetEmail($users[0]);
457		$email_provider = EmailProvider::getInstance();
458		if($email_provider->sendEmail($email_msg) === false)
459		{
460		throw new \Exception('Unable to send email!');
461		}
462		return $response->withJson(true);
463		}
464
465		public function remindUid($request, $response)
466		{
467		$params = $request->getQueryParams();
468		$email = false;
469		if(isset($params['email']))
470		{
471		$email = $params['email'];
472		}
473		if($email === false)
474		{
475		return $response->withStatus(400);
476		}
477		if(filter_var($email, FILTER_VALIDATE_EMAIL) === false)
478		{
479		return $response->withStatus(400);
480		}
481		$auth = AuthProvider::getInstance();
482		$users = $auth->getUsersByFilter(new \Data\Filter('mail eq '.$email));
483		if(empty($users))
484		{
485		return $response->withStatus(404);
486		}
487		$email_msg = new UIDForgotEmail($users[0]);
488		$email_provider = EmailProvider::getInstance();
489		if($email_provider->sendEmail($email_msg) === false)
490		{
491		throw new \Exception('Unable to send email!');
492		}
493		}
494		}
495		/* vim: set tabstop=4 shiftwidth=4 expandtab: */
496

BurningFlipside / Profiles

Pull Request — develop (#51)

UsersAPI::validateCanCreateUser() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like