Issues in class.UsersAPI.php - New Issues - Inspection of "Fix #53" - BurningFlipside/Profiles - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — develop (#54)

by Patrick

created 2017-12-06 00:30 UTC

api/v1/class.UsersAPI.php (9 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
require_once('class.UIDForgotEmail.php');

class UsersAPI extends Http\Rest\RestAPI
{
    public function setup($app)
    {
        $app->get('[/]', array($this, 'listUsers'));
        $app->post('[/]', array($this, 'createUser'));
        $app->get('/{uid}[/]', array($this, 'showUser'));
        $app->patch('/{uid}[/]', array($this, 'editUser'));
        $app->delete('/{uid}[/]', array($this, 'deleteUser'));
        $app->get('/{uid}/groups[/]', array($this, 'listGroupsForUser'));
        $app->post('/{uid}/Actions/link[/]', array($this, 'linkUser'));
        $app->post('/{uid}/Actions/reset_pass[/]', array($this, 'resetUserPassword'));
        $app->post('/Actions/check_email_available[/]', array($this, 'checkEmailAvailable'));
        $app->post('/Actions/check_uid_available[/]', array($this, 'checkUidAvailable'));
        $app->post('/Actions/remind_uid[/]', array($this, 'remindUid'));
    }

    public function listUsers($request, $response)
    {
        $odata = $request->getAttribute('odata', new \ODataParams(array()));
        if($this->validateIsAdmin($request, true) === false)

        {
            $users = array($this->user);
class MyClass { }

$x = new MyClass();
$x->foo = true;
            $users = $odata->filterArrayPerSelect($users);
        }
        else
        {
            $auth = AuthProvider::getInstance();
            $users = $auth->getUsersByFilter($odata->filter, $odata->select, $odata->top, $odata->skip, 
                                             $odata->orderby);
        }
        return $response->withJson($users);
    }

    protected function validateCanCreateUser($proposedUser, $auth, &$message)
    {
        $user = $auth->getUsersByFilter(new \Data\Filter('mail eq '.$proposedUser['mail']));
        if($user !== false && isset($user[0]))
        {
            $message = 'Email already exists!';
            return false;
        }
        $user = $auth->getUsersByFilter(new \Data\Filter('uid eq '.$proposedUser['uid']));
        if($user !== false && isset($user[0]))
        {
            $message = 'Username already exists!';
            return false;
        }
        return true;
    }

    protected function validEmail($email)
    {
        if(filter_var($email) === false)
        {
            return false;
        }
        $pos = strpos($email, '@');
        if($pos === false)
        {
            return false;
        }
        $domain = substr($email, $pos + 1);
        if(checkdnsrr($domain, 'MX') === false)
        {
            return false;
        }
        return true;
    }

    protected function getFailArray($message)
    {
        return array('res'=>false, 'message'=>$message);
    }

    public function createUser($request, $response)
    {
        $this->user = $request->getAttribute('user');
        //This one is different. If they are logged in fail...
        if($this->user !== false)
        {
            return $response->withStatus(404);
        }
        $obj = $request->getParsedBody();
        if(!isset($obj['captcha']))
        {
            return $response->withStatus(401);
        }
        $captcha = FlipSession::getVar('captcha');
        if($captcha === false)
        {
            return $response->withStatus(401);
        }
        if(!$captcha->is_answer_right($obj['captcha']))
        {
            return $response->withJson($this->getFailArray('Incorrect answer to CAPTCHA!'), 412);
        }
        $auth = AuthProvider::getInstance();
        $message = false;
        if($this->validateCanCreateUser($obj, $auth, $message) === false)
        {
            return $response->withJson($this->getFailArray($message), 412);
        }
        else if($this->validEmail($obj['mail']) === false)
        {
            return $response->withJson($this->getFailArray('Invalid Email Address!'));
        }
        $ret = $auth->createPendingUser($obj);
        if($ret == false)
        {
            return $response->withJson($this->getFailArray('Failed to save user registration!'), 500);
        }
        return $response->withJson($ret);
    }

    protected function userIsMe($request, $uid)
    {
        $this->user = $request->getAttribute('user');
        return ($uid === 'me' || ($this->user !== false && $uid === $this->user->uid));
    }

    protected function hasLeadAccess()
    {
        return ($this->user->isInGroupNamed('Leads') || $this->user->isInGroupNamed('CC') || $this->user->isInGroupNamed('AFs'));
    }

    protected function getUserByUIDReadOnly($request, $uid)

    {
        if($this->userIsMe($request, $uid))
        {
            return $this->user;
        }
        if($this->user->isInGroupNamed('LDAPAdmins') || $this->hasLeadAccess())
        {
            $auth = \AuthProvider::getInstance();
            $filter = new \Data\Filter("uid eq $uid");
            $users = $auth->getUsersByFilter($filter);
            if(!empty($users))
            {
                return $users[0];
            }
        }
        return false;
    }

    protected function getUserByUID($request, $uid)

    {
        if($this->userIsMe($request, $uid))
        {
            return $this->user;
        }
        if($this->user->isInGroupNamed('LDAPAdmins'))
        {
            $auth = \AuthProvider::getInstance();
            $filter = new \Data\Filter("uid eq $uid");
            $users = $auth->getUsersByFilter($filter);
            if(!empty($users))
            {
                return $users[0];
            }
        }
        return false;
    }

    public function showUser($request, $response, $args)
    {
        $uid = $args['uid'];
        $user = $request->getAttribute('user');
        if($user === false)
        {
            if($_SERVER['SERVER_ADDR'] === $_SERVER['REMOTE_ADDR'])
            {
                $user = \AuthProvider::getInstance()->getUsersByFilter(new \Data\Filter("uid eq $uid"));
                if(empty($user))
                {
                    return $response->withStatus(404);
                }
                return $response->withJson($user[0]);
            } 
            return $response->withStatus(401);
        }
        $user = $this->getUserByUIDReadOnly($request, $uid);
        if($user === false)
        {
            return $response->withStatus(404);
        }
        if(!is_object($user) && isset($user[0]))
        {
            $user = $user[0];
        }
        if($request->getAttribute('format') === 'vcard')
        {
            $response = $response->withHeader('Content-Type', 'text/x-vCard');
            $response->getBody()->write($user->getVcard());
            return $response;
        }
        return $response->withJson($user);
    }

    protected function sendPasswordResetEmail($user)
    {
        $forwardedFor = false;
        if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
        {
            $forwardedFor = $_SERVER['HTTP_X_FORWARDED_FOR'];
        }
        $emailMsg = new PasswordHasBeenResetEmail($user, $_SERVER['REMOTE_ADDR'], $forwardedFor);
        $emailProvider = EmailProvider::getInstance();
        if($emailProvider->sendEmail($emailMsg) === false)
        {
            throw new \Exception('Unable to send password reset email!');
        }
    }

    protected function exceptionCodeToHttpCode($e)
    {
        if($e->getCode() === 3)
        {
            return 401;
        }
        return 500;
    }

    protected function getUser($request, $uid, $payload)
    {
        $this->user = $request->getAttribute('user');
        if($this->user === false)
        {
            if(isset($payload->hash))
            {
                $auth = AuthProvider::getInstance();
                $this->user = $auth->getUserByResetHash($payload->hash);
                return $this->user;
            }
            return false;
        }
        return $this->getUserByUID($request, $uid);
    }

    public function editUser($request, $response, $args)
    {
        $uid = 'me';
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        $obj = $request->getParsedBody();
        $user = $this->getUser($request, $uid, $obj);
        if($user === false)
        {
            return $response->withStatus(404);
        }
        try
        {
            if(isset($obj['old_uid']))
            {
                unset($obj['old_uid']);
            }
            unset($obj['uid']);
            $user->editUser($obj);
        }
        catch(\Exception $e)
        {
            return $response->withJson(array('error'=>array('msg'=>$e->getMessage(), 'stack'=>$e->getTraceAsString())), $this->exceptionCodeToHttpCode($e));
        }
        if($this->userIsMe($request, $uid))
        {
            \FlipSession::setUser($user);
        }
        if(isset($obj->password))
        {
            $this->sendPasswordResetEmail($user);
        }
        return $response->withJson(array('success'=>true));
    }

    public function deleteUser($request, $response, $args)
    {
        $uid = 'me';
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        $user = false;
        if($this->validateIsAdmin($request, true) === false && $this->userIsMe($request, $uid))

        {
            $user = $this->user;
        }
        else
        {
            $auth = AuthProvider::getInstance();
            $filter = new \Data\Filter("uid eq $uid");
            $user = $auth->getUsersByFilter($filter);
            if(empty($user))
            {
                $user = false;
            }
            else
            {
                $user = $user[0];
            }
        }
        if($user === false)
        {
            return $response->withStatus(404);
        }
        return $response->withJson($user->delete());
    }

    public function listGroupsForUser($request, $response, $args)
    {
        $uid = 'me';
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        $this->validateLoggedIn($request);
        $user = $this->getUserByUID($request, $uid);
        if($user === false)
        {
            return $response->withStatus(404);
        }
        $groups = $user->getGroups();
        if($groups === false)
        {
            $groups = array();
        }
        return $response->withJson($groups);
    }

    public function linkUser($request, $response, $args)
    {
        $uid = 'me';
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        $this->validateLoggedIn($request);
        $obj = $request->getParsedBody();
        if($this->userIsMe($request, $uid))
        {
            $this->user->addLoginProvider($obj->provider);
            AuthProvider::getInstance()->impersonateUser($this->user);
        }
        else if($this->user->isInGroupNamed("LDAPAdmins"))
        {
            $user = AuthProvider::getInstance()->getUser($uid);
            if($user === false)
            {
                return $response->withStatus(404);
            }
            $user->addLoginProvider($obj->provider);
        }
        else
        {
            return $response->withStatus(404);
        }
        return $response->withJson(array('success'=>true));
    }

    protected function getAllUsersByFilter($filter, &$pending)
    {
        $auth = AuthProvider::getInstance();
        $user = $auth->getUsersByFilter($filter);
        if(!empty($user))
        {
            $pending = false;
            return $user[0];
        }
        $user = $auth->getPendingUsersByFilter($filter);
        if(!empty($user))
        {
            $pending = true;
            return $user[0];
        }
        return false;
    }

    public function checkEmailAvailable($request, $response)
    {
        $params = $request->getQueryParams();
        $email = false;
        if(isset($params['email']))
        {
            $email = $params['email'];
        }
        if($email === false)

        {
            $params = $request->getParsedBody();
            if(isset($params['email']))
            {
                $email = $params['email'];
            }
            if($email === false)
            {
                return $response->withStatus(400);
            }
        }
        if(filter_var($email, FILTER_VALIDATE_EMAIL) === false || strpos($email, '@') === false)
        {
            return $response->withJson(false);
        }
        if(strstr($email, '+') !== false)
        {
            //Remove everything between the + and the @
            $begining = strpos($email, '+');
            $end = strpos($email, '@');
            $to_delete = substr($email, $begining, $end - $begining);
            $email = str_replace($to_delete, '', $email);
        }
        $filter = new \Data\Filter('mail eq '.$email);
        $pending = false;
        $user = $this->getAllUsersByFilter($filter, $pending);
        if($user === false)
        {
            return $response->withJson(true);
        }
        return $response->withJson(array('res'=>false, 'email'=>$user->mail, 'pending'=>$pending));
    }

    public function checkUidAvailable($request, $response)
    {
        $params = $request->getQueryParams();
        $uid = false;
        if(isset($params['uid']))
        {
            $uid = $params['uid'];
        }
        if($uid === false)

        {
            $params = $request->getParsedBody();
            if(isset($params['uid']))
            {
                $uid = $params['uid'];
            }
            if($uid === false)
            {
                return $response->withStatus(400);
            }
        }
        if(strpos($uid, '=') !== false || strpos($uid, ',') !== false)
        {
            return $response->withJson(false);
        }
        $filter = new \Data\Filter('uid eq '.$uid);
        $pending = false;
        $user = $this->getAllUsersByFilter($filter, $pending);
        if($user === false)
        {
            return $response->withJson(true);
        }
        return $response->withJson(array('res'=>false, 'uidl'=>$user->uid, 'pending'=>$pending));
    }

    public function resetUserPassword($request, $response, $args)
    {
        $uid = false;
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        else
        {
            return $response->withStatus(400);
        }
        $auth = AuthProvider::getInstance();
        $users = $auth->getUsersByFilter(new \Data\Filter('uid eq '.$uid));
        if(empty($users))
        {
            return $response->withStatus(404);
        }
        $email_msg = new PasswordResetEmail($users[0]);
        $email_provider = EmailProvider::getInstance();
        if($email_provider->sendEmail($email_msg) === false)
        {
            throw new \Exception('Unable to send email!');
        }
        return $response->withJson(true);
    }

    public function remindUid($request, $response, $args)

    {
        $params = $request->getQueryParams();
        $email = false;
        if(isset($params['email']))
        {
            $email = $params['email'];
        }
        if($email === false)

        {
            $params = $request->getParsedBody();
            if(isset($params['email']))
            {
                $email = $params['email'];
            }
            if($email === false)
            {
                return $response->withStatus(400);
            }
        }
        if(filter_var($email, FILTER_VALIDATE_EMAIL) === false)
        {
            return $response->withStatus(400);
        }
        $auth = AuthProvider::getInstance();
        $users = $auth->getUsersByFilter(new \Data\Filter('mail eq '.$email));
        if(empty($users))
        {
            return $response->withStatus(404);
        }
        $email_msg = new UIDForgotEmail($users[0]);
        $email_provider = EmailProvider::getInstance();
        if($email_provider->sendEmail($email_msg) === false)
        {
            throw new \Exception('Unable to send email!');
        }
    }
}
/* vim: set tabstop=4 shiftwidth=4 expandtab: */


1		<?php
2		require_once('class.UIDForgotEmail.php');
3
4		class UsersAPI extends Http\Rest\RestAPI
5		{
6		public function setup($app)
7		{
8		$app->get('[/]', array($this, 'listUsers'));
9		$app->post('[/]', array($this, 'createUser'));
10		$app->get('/{uid}[/]', array($this, 'showUser'));
11		$app->patch('/{uid}[/]', array($this, 'editUser'));
12		$app->delete('/{uid}[/]', array($this, 'deleteUser'));
13		$app->get('/{uid}/groups[/]', array($this, 'listGroupsForUser'));
14		$app->post('/{uid}/Actions/link[/]', array($this, 'linkUser'));
15		$app->post('/{uid}/Actions/reset_pass[/]', array($this, 'resetUserPassword'));
16		$app->post('/Actions/check_email_available[/]', array($this, 'checkEmailAvailable'));
17		$app->post('/Actions/check_uid_available[/]', array($this, 'checkUidAvailable'));
18		$app->post('/Actions/remind_uid[/]', array($this, 'remindUid'));
19		}
20
21		public function listUsers($request, $response)
22		{
23		$odata = $request->getAttribute('odata', new \ODataParams(array()));
24		if($this->validateIsAdmin($request, true) === false)
		0 ignored issues – show Bug introduced 2017-12-06 00:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `validateIsAdmin()` does not seem to exist on `object<UsersAPI>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
25		{
26		$users = array($this->user);
		0 ignored issues – show Bug introduced 2017-12-06 00:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `user` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
27		$users = $odata->filterArrayPerSelect($users);
28		}
29		else
30		{
31		$auth = AuthProvider::getInstance();
32		$users = $auth->getUsersByFilter($odata->filter, $odata->select, $odata->top, $odata->skip,
33		$odata->orderby);
34		}
35		return $response->withJson($users);
36		}
37
38		protected function validateCanCreateUser($proposedUser, $auth, &$message)
39		{
40		$user = $auth->getUsersByFilter(new \Data\Filter('mail eq '.$proposedUser['mail']));
41	View Code Duplication	if($user !== false && isset($user[0]))
42		{
43		$message = 'Email already exists!';
44		return false;
45		}
46		$user = $auth->getUsersByFilter(new \Data\Filter('uid eq '.$proposedUser['uid']));
47	View Code Duplication	if($user !== false && isset($user[0]))
48		{
49		$message = 'Username already exists!';
50		return false;
51		}
52		return true;
53		}
54
55		protected function validEmail($email)
56		{
57		if(filter_var($email) === false)
58		{
59		return false;
60		}
61		$pos = strpos($email, '@');
62		if($pos === false)
63		{
64		return false;
65		}
66		$domain = substr($email, $pos + 1);
67		if(checkdnsrr($domain, 'MX') === false)
68		{
69		return false;
70		}
71		return true;
72		}
73
74		protected function getFailArray($message)
75		{
76		return array('res'=>false, 'message'=>$message);
77		}
78
79		public function createUser($request, $response)
80		{
81		$this->user = $request->getAttribute('user');
82		//This one is different. If they are logged in fail...
83		if($this->user !== false)
84		{
85		return $response->withStatus(404);
86		}
87		$obj = $request->getParsedBody();
88		if(!isset($obj['captcha']))
89		{
90		return $response->withStatus(401);
91		}
92		$captcha = FlipSession::getVar('captcha');
93		if($captcha === false)
94		{
95		return $response->withStatus(401);
96		}
97		if(!$captcha->is_answer_right($obj['captcha']))
98		{
99		return $response->withJson($this->getFailArray('Incorrect answer to CAPTCHA!'), 412);
100		}
101		$auth = AuthProvider::getInstance();
102		$message = false;
103		if($this->validateCanCreateUser($obj, $auth, $message) === false)
104		{
105		return $response->withJson($this->getFailArray($message), 412);
106		}
107		else if($this->validEmail($obj['mail']) === false)
108		{
109		return $response->withJson($this->getFailArray('Invalid Email Address!'));
110		}
111		$ret = $auth->createPendingUser($obj);
112		if($ret == false)
113		{
114		return $response->withJson($this->getFailArray('Failed to save user registration!'), 500);
115		}
116		return $response->withJson($ret);
117		}
118
119		protected function userIsMe($request, $uid)
120		{
121		$this->user = $request->getAttribute('user');
122		return ($uid === 'me' \|\| ($this->user !== false && $uid === $this->user->uid));
123		}
124
125		protected function hasLeadAccess()
126		{
127		return ($this->user->isInGroupNamed('Leads') \|\| $this->user->isInGroupNamed('CC') \|\| $this->user->isInGroupNamed('AFs'));
128		}
129
130	View Code Duplication	protected function getUserByUIDReadOnly($request, $uid)
		0 ignored issues – show Duplication introduced 2017-10-17 17:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
131		{
132		if($this->userIsMe($request, $uid))
133		{
134		return $this->user;
135		}
136		if($this->user->isInGroupNamed('LDAPAdmins') \|\| $this->hasLeadAccess())
137		{
138		$auth = \AuthProvider::getInstance();
139		$filter = new \Data\Filter("uid eq $uid");
140		$users = $auth->getUsersByFilter($filter);
141		if(!empty($users))
142		{
143		return $users[0];
144		}
145		}
146		return false;
147		}
148
149	View Code Duplication	protected function getUserByUID($request, $uid)
		0 ignored issues – show Duplication introduced 2017-10-17 17:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
150		{
151		if($this->userIsMe($request, $uid))
152		{
153		return $this->user;
154		}
155		if($this->user->isInGroupNamed('LDAPAdmins'))
156		{
157		$auth = \AuthProvider::getInstance();
158		$filter = new \Data\Filter("uid eq $uid");
159		$users = $auth->getUsersByFilter($filter);
160		if(!empty($users))
161		{
162		return $users[0];
163		}
164		}
165		return false;
166		}
167
168		public function showUser($request, $response, $args)
169		{
170		$uid = $args['uid'];
171		$user = $request->getAttribute('user');
172		if($user === false)
173		{
174		if($_SERVER['SERVER_ADDR'] === $_SERVER['REMOTE_ADDR'])
175		{
176		$user = \AuthProvider::getInstance()->getUsersByFilter(new \Data\Filter("uid eq $uid"));
177		if(empty($user))
178		{
179		return $response->withStatus(404);
180		}
181		return $response->withJson($user[0]);
182		}
183		return $response->withStatus(401);
184		}
185		$user = $this->getUserByUIDReadOnly($request, $uid);
186		if($user === false)
187		{
188		return $response->withStatus(404);
189		}
190		if(!is_object($user) && isset($user[0]))
191		{
192		$user = $user[0];
193		}
194		if($request->getAttribute('format') === 'vcard')
195		{
196		$response = $response->withHeader('Content-Type', 'text/x-vCard');
197		$response->getBody()->write($user->getVcard());
198		return $response;
199		}
200		return $response->withJson($user);
201		}
202
203		protected function sendPasswordResetEmail($user)
204		{
205		$forwardedFor = false;
206		if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
207		{
208		$forwardedFor = $_SERVER['HTTP_X_FORWARDED_FOR'];
209		}
210		$emailMsg = new PasswordHasBeenResetEmail($user, $_SERVER['REMOTE_ADDR'], $forwardedFor);
211		$emailProvider = EmailProvider::getInstance();
212		if($emailProvider->sendEmail($emailMsg) === false)
213		{
214		throw new \Exception('Unable to send password reset email!');
215		}
216		}
217
218		protected function exceptionCodeToHttpCode($e)
219		{
220		if($e->getCode() === 3)
221		{
222		return 401;
223		}
224		return 500;
225		}
226
227		protected function getUser($request, $uid, $payload)
228		{
229		$this->user = $request->getAttribute('user');
230		if($this->user === false)
231		{
232		if(isset($payload->hash))
233		{
234		$auth = AuthProvider::getInstance();
235		$this->user = $auth->getUserByResetHash($payload->hash);
236		return $this->user;
237		}
238		return false;
239		}
240		return $this->getUserByUID($request, $uid);
241		}
242
243		public function editUser($request, $response, $args)
244		{
245		$uid = 'me';
246		if(isset($args['uid']))
247		{
248		$uid = $args['uid'];
249		}
250		$obj = $request->getParsedBody();
251		$user = $this->getUser($request, $uid, $obj);
252		if($user === false)
253		{
254		return $response->withStatus(404);
255		}
256		try
257		{
258		if(isset($obj['old_uid']))
259		{
260		unset($obj['old_uid']);
261		}
262		unset($obj['uid']);
263		$user->editUser($obj);
264		}
265		catch(\Exception $e)
266		{
267		return $response->withJson(array('error'=>array('msg'=>$e->getMessage(), 'stack'=>$e->getTraceAsString())), $this->exceptionCodeToHttpCode($e));
268		}
269		if($this->userIsMe($request, $uid))
270		{
271		\FlipSession::setUser($user);
272		}
273		if(isset($obj->password))
274		{
275		$this->sendPasswordResetEmail($user);
276		}
277		return $response->withJson(array('success'=>true));
278		}
279
280		public function deleteUser($request, $response, $args)
281		{
282		$uid = 'me';
283		if(isset($args['uid']))
284		{
285		$uid = $args['uid'];
286		}
287		$user = false;
288		if($this->validateIsAdmin($request, true) === false && $this->userIsMe($request, $uid))
		0 ignored issues – show Bug introduced 2017-12-06 00:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `validateIsAdmin()` does not seem to exist on `object<UsersAPI>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
289		{
290		$user = $this->user;
291		}
292		else
293		{
294		$auth = AuthProvider::getInstance();
295		$filter = new \Data\Filter("uid eq $uid");
296		$user = $auth->getUsersByFilter($filter);
297		if(empty($user))
298		{
299		$user = false;
300		}
301		else
302		{
303		$user = $user[0];
304		}
305		}
306		if($user === false)
307		{
308		return $response->withStatus(404);
309		}
310		return $response->withJson($user->delete());
311		}
312
313		public function listGroupsForUser($request, $response, $args)
314		{
315		$uid = 'me';
316		if(isset($args['uid']))
317		{
318		$uid = $args['uid'];
319		}
320		$this->validateLoggedIn($request);
321		$user = $this->getUserByUID($request, $uid);
322		if($user === false)
323		{
324		return $response->withStatus(404);
325		}
326		$groups = $user->getGroups();
327		if($groups === false)
328		{
329		$groups = array();
330		}
331		return $response->withJson($groups);
332		}
333
334		public function linkUser($request, $response, $args)
335		{
336		$uid = 'me';
337		if(isset($args['uid']))
338		{
339		$uid = $args['uid'];
340		}
341		$this->validateLoggedIn($request);
342		$obj = $request->getParsedBody();
343		if($this->userIsMe($request, $uid))
344		{
345		$this->user->addLoginProvider($obj->provider);
346		AuthProvider::getInstance()->impersonateUser($this->user);
347		}
348		else if($this->user->isInGroupNamed("LDAPAdmins"))
349		{
350		$user = AuthProvider::getInstance()->getUser($uid);
351		if($user === false)
352		{
353		return $response->withStatus(404);
354		}
355		$user->addLoginProvider($obj->provider);
356		}
357		else
358		{
359		return $response->withStatus(404);
360		}
361		return $response->withJson(array('success'=>true));
362		}
363
364		protected function getAllUsersByFilter($filter, &$pending)
365		{
366		$auth = AuthProvider::getInstance();
367		$user = $auth->getUsersByFilter($filter);
368		if(!empty($user))
369		{
370		$pending = false;
371		return $user[0];
372		}
373		$user = $auth->getPendingUsersByFilter($filter);
374		if(!empty($user))
375		{
376		$pending = true;
377		return $user[0];
378		}
379		return false;
380		}
381
382		public function checkEmailAvailable($request, $response)
383		{
384		$params = $request->getQueryParams();
385		$email = false;
386		if(isset($params['email']))
387		{
388		$email = $params['email'];
389		}
390	View Code Duplication	if($email === false)
		0 ignored issues – show Duplication introduced 2017-10-18 01:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
391		{
392		$params = $request->getParsedBody();
393		if(isset($params['email']))
394		{
395		$email = $params['email'];
396		}
397		if($email === false)
398		{
399		return $response->withStatus(400);
400		}
401		}
402		if(filter_var($email, FILTER_VALIDATE_EMAIL) === false \|\| strpos($email, '@') === false)
403		{
404		return $response->withJson(false);
405		}
406		if(strstr($email, '+') !== false)
407		{
408		//Remove everything between the + and the @
409		$begining = strpos($email, '+');
410		$end = strpos($email, '@');
411		$to_delete = substr($email, $begining, $end - $begining);
412		$email = str_replace($to_delete, '', $email);
413		}
414		$filter = new \Data\Filter('mail eq '.$email);
415		$pending = false;
416		$user = $this->getAllUsersByFilter($filter, $pending);
417		if($user === false)
418		{
419		return $response->withJson(true);
420		}
421		return $response->withJson(array('res'=>false, 'email'=>$user->mail, 'pending'=>$pending));
422		}
423
424		public function checkUidAvailable($request, $response)
425		{
426		$params = $request->getQueryParams();
427		$uid = false;
428		if(isset($params['uid']))
429		{
430		$uid = $params['uid'];
431		}
432	View Code Duplication	if($uid === false)
		0 ignored issues – show Duplication introduced 2017-10-18 01:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
433		{
434		$params = $request->getParsedBody();
435		if(isset($params['uid']))
436		{
437		$uid = $params['uid'];
438		}
439		if($uid === false)
440		{
441		return $response->withStatus(400);
442		}
443		}
444		if(strpos($uid, '=') !== false \|\| strpos($uid, ',') !== false)
445		{
446		return $response->withJson(false);
447		}
448		$filter = new \Data\Filter('uid eq '.$uid);
449		$pending = false;
450		$user = $this->getAllUsersByFilter($filter, $pending);
451		if($user === false)
452		{
453		return $response->withJson(true);
454		}
455		return $response->withJson(array('res'=>false, 'uidl'=>$user->uid, 'pending'=>$pending));
456		}
457
458		public function resetUserPassword($request, $response, $args)
459		{
460		$uid = false;
461		if(isset($args['uid']))
462		{
463		$uid = $args['uid'];
464		}
465		else
466		{
467		return $response->withStatus(400);
468		}
469		$auth = AuthProvider::getInstance();
470		$users = $auth->getUsersByFilter(new \Data\Filter('uid eq '.$uid));
471		if(empty($users))
472		{
473		return $response->withStatus(404);
474		}
475		$email_msg = new PasswordResetEmail($users[0]);
476		$email_provider = EmailProvider::getInstance();
477		if($email_provider->sendEmail($email_msg) === false)
478		{
479		throw new \Exception('Unable to send email!');
480		}
481		return $response->withJson(true);
482		}
483
484		public function remindUid($request, $response, $args)
		0 ignored issues – show Unused Code introduced 2017-10-18 01:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$args` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
485		{
486		$params = $request->getQueryParams();
487		$email = false;
488		if(isset($params['email']))
489		{
490		$email = $params['email'];
491		}
492	View Code Duplication	if($email === false)
		0 ignored issues – show Duplication introduced 2017-12-06 00:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
493		{
494		$params = $request->getParsedBody();
495		if(isset($params['email']))
496		{
497		$email = $params['email'];
498		}
499		if($email === false)
500		{
501		return $response->withStatus(400);
502		}
503		}
504		if(filter_var($email, FILTER_VALIDATE_EMAIL) === false)
505		{
506		return $response->withStatus(400);
507		}
508		$auth = AuthProvider::getInstance();
509		$users = $auth->getUsersByFilter(new \Data\Filter('mail eq '.$email));
510		if(empty($users))
511		{
512		return $response->withStatus(404);
513		}
514		$email_msg = new UIDForgotEmail($users[0]);
515		$email_provider = EmailProvider::getInstance();
516		if($email_provider->sendEmail($email_msg) === false)
517		{
518		throw new \Exception('Unable to send email!');
519		}
520		}
521		}
522		/* vim: set tabstop=4 shiftwidth=4 expandtab: */
523

BurningFlipside / Profiles

Pull Request — develop (#54)

api/v1/class.UsersAPI.php (9 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like