Issues in class.UsersAPI.php - New Issues - Inspection of "Production Fixes" - BurningFlipside/Profiles - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 4f23d4...a4c187 )

by Patrick

created 2017-10-18 01:40 UTC

api/v1/class.UsersAPI.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
require_once('class.UIDForgotEmail.php');

class UsersAPI extends Http\Rest\RestAPI
{
    public function setup($app)
    {
        $app->get('[/]', array($this, 'listUsers'));
        $app->post('[/]', array($this, 'createUser'));
        $app->get('/{uid}[/]', array($this, 'showUser'));
        $app->patch('/{uid}[/]', array($this, 'editUser'));
        $app->delete('/{uid}[/]', array($this, 'deleteUser'));
        $app->get('/{uid}/groups[/]', array($this, 'listGroupsForUser'));
        $app->post('/{uid}/Actions/link[/]', array($this, 'linkUser'));
        $app->post('/{uid}/Actions/reset_pass[/]', array($this, 'resetUserPassword'));
        $app->post('/Actions/check_email_available[/]', array($this, 'checkEmailAvailable'));
        $app->post('/Actions/check_uid_available[/]', array($this, 'checkUidAvailable'));
        $app->post('/Actions/remind_uid[/]', array($this, 'remindUid'));
    }

    public function validateIsAdmin($request, $nonFatal = false)
    {
        $this->user = $request->getAttribute('user');
        if($this->user === false)
        {
            throw new Exception('Must be logged in', \Http\Rest\ACCESS_DENIED);
        }
        if(!$this->user->isInGroupNamed('LDAPAdmins'))
        {
            if($nonFatal)
            {
                return false;
            }
            throw new Exception('Must be Admin', \Http\Rest\ACCESS_DENIED);
        }
        return true;
    }

    public function listUsers($request, $response, $args)
    {
        $users = false;
        $odata = $request->getAttribute('odata', new \ODataParams(array()));
        if($this->validateIsAdmin($request, true) === false)
        {
            $users = array($this->user);
            $users = $odata->filterArrayPerSelect($users);
        }
        else
        {
            $auth = AuthProvider::getInstance();
            $users = $auth->getUsersByFilter($odata->filter, $odata->select, $odata->top, $odata->skip, 
                                             $odata->orderby);
        }
        return $response->withJson($users);
    }

    protected function validateCanCreateUser($proposedUser, $auth, &$message)
    {
        $user = $auth->getUsersByFilter(new \Data\Filter('mail eq '.$proposedUser->mail));
        if($user !== false && isset($user[0]))
        {
            $message = 'Email already exists!';
            return false;
        }
        $user = $auth->getUsersByFilter(new \Data\Filter('uid eq '.$proposedUser->uid));
        if($user !== false && isset($user[0]))
        {
            $message = 'Username already exists!';
            return false;
        }
        return true;
    }

    protected function validEmail($email)
    {
        if(filter_var($email) === false)
        {
            return false;
        }
        $pos = strpos($email, '@');
        if($pos === false)
        {
            return false;
        }
        $domain = substr($email, $pos+1);
        if(checkdnsrr($domain, 'MX') === false)
        {
            return false;
        }
        return true;
    }

    public function createUser($request, $response, $args)
    {
        $this->user = $request->getAttribute('user');
        //This one is different. If they are logged in fail...
        if($this->user !== false)
        {
            return $response->withStatus(404);
        }
        $obj = $request->getParsedBody();
        if(!isset($obj->captcha))
        {
            return $response->withStatus(401);
        }
        $captcha = FlipSession::getVar('captcha');
        if($captcha === false)
        {
            return $response->withStatus(401);
        }
        if(!$captcha->is_answer_right($obj->captcha))
        {
            return $response->withJson(array('res'=>false, 'message'=>'Incorrect answer to CAPTCHA!'), 412);
        }
        $auth = AuthProvider::getInstance();
        $message = false;
        if($this->validateCanCreateUser($obj, $auth, $message) === false)
        {
            return $response->withJson(array('res'=>false, 'message'=>$message), 412);
        }
        else if($this->validEmail($obj->mail) === false)
        {
            return $response->withJson(array('res'=>false, 'message'=>'Invalid Email Address!'));
        }
        $ret = $auth->createPendingUser($obj);
        if($ret == false)
        {
            return $response->withJson(array('res'=>false, 'message'=>'Failed to save user registration!'), 500);
        }
        return $response->withJson($ret);
    }

    protected function userIsMe($request, $uid)
    {
        $this->user = $request->getAttribute('user');
        return ($uid === 'me' || ($this->user !== false && $uid === $this->user->uid));
    }

    protected function getUserByUIDReadOnly($request, $uid)
    {
        if($this->userIsMe($request, $uid))
        {
            return $this->user;
        }
        if($this->user->isInGroupNamed('LDAPAdmins') || $this->hasLeadAccess($request))
        {
            $auth = \AuthProvider::getInstance();
            $filter = new \Data\Filter("uid eq $uid");
            $users = $auth->getUsersByFilter($filter);
            if($users !== false && isset($users[0]))
            {
                return $users[0];
            }
        }
        return false;
    }

    protected function getUserByUID($request, $uid)
    {
        if($this->userIsMe($request, $uid))
        {
            return $this->user;
        }
        if($this->user->isInGroupNamed('LDAPAdmins'))
        {
            $auth = \AuthProvider::getInstance();
            $filter = new \Data\Filter("uid eq $uid");
            $users = $auth->getUsersByFilter($filter);
            if($users !== false && isset($users[0]))
            {
                return $users[0];
            }
        }
        return false;
    }

    public function showUser($request, $response, $args)
    {
        $uid = $args['uid'];
        $user = $request->getAttribute('user');
        if($user === false)
        {
            if($_SERVER['SERVER_ADDR'] === $_SERVER['REMOTE_ADDR'])
            {
                $user = \AuthProvider::getInstance()->getUsersByFilter(new \Data\Filter("uid eq $uid"));
                if($user === false || !isset($user[0]))
                {
                    return $response->withStatus(404);
                }
                return $response->withJson($user[0]);
            } 
            return $response->withStatus(401);
        }
        $user = $this->getUserByUIDReadOnly($request, $uid);
        if($user === false)
        {
            return $response->withStatus(404);
        }
        if(!is_object($user) && isset($user[0]))
        {
            $user = $user[0];
        }
        if($request->getAttribute('format') === 'vcard')
        {
            $response = $response->withHeader('Content-Type', 'text/x-vCard');
            $response->getBody()->write($user->getVcard());
            return $response;
        }
        return $response->withJson($user);
    }

    protected function sendPasswordResetEmail($user)
    {
        $forwardedFor = false;
        if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
        {
            $forwardedFor = $_SERVER['HTTP_X_FORWARDED_FOR'];
        }
        $emailMsg = new PasswordHasBeenResetEmail($user, $_SERVER['REMOTE_ADDR'], $forwardedFor);
        $emailProvider = EmailProvider::getInstance();
        if($emailProvider->sendEmail($emailMsg) === false)
        {
            throw new \Exception('Unable to send password reset email!');
        }
    }

    protected function exceptionCodeToHttpCode($e)
    {
        if($e->getCode() === 3)
        {
            return 401;
        }
        return 500;
    }

    protected function getUser($request, $uid, $payload)
    {
        $this->user = $request->getAttribute('user');
        if($this->user === false)
        {
            if(isset($payload->hash))
            {
                $auth = AuthProvider::getInstance();
                $this->user = $auth->getUserByResetHash($payload->hash);
                return $this->user;
            }
            return false;
        }
        return $this->getUserByUID($request, $uid);
    }

    public function editUser($request, $response, $args)
    {
        $uid = 'me';
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        $obj = $request->getParsedBody();
        $user = $this->getUser($request, $uid, $obj);
        if($user === false)
        {
            return $response->withStatus(404);
        }
        try
        {
            if(isset($obj['old_uid']))
            {
                unset($obj['old_uid']);
            }
            unset($obj['uid']);
            $user->editUser($obj);
        }
        catch(\Exception $e)
        {
            return $response->withJson(array('error'=>array('msg'=>$e->getMessage(), 'stack'=>$e->getTraceAsString())), $this->exceptionCodeToHttpCode($e));
        }
        if($this->userIsMe($request, $uid))
        {
            \FlipSession::setUser($user);
        }
        if(isset($obj->password))
        {
            $this->sendPasswordResetEmail($user);
        }
        return $response->withJson(array('success'=>true));
    }

    public function deleteUser($request, $response, $args)
    {
        $uid = 'me';
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        $user = false;
        if($this->validateIsAdmin($request, true) === false && $this->userIsMe($request, $uid))
        {
            $user = $this->user;
        }
        else
        {
            $auth = AuthProvider::getInstance();
            $filter = new \Data\Filter("uid eq $uid");
            $user = $auth->getUsersByFilter($filter);
            if(empty($user))
            {
                $user = false;
            }
            else
            {
                $user = $user[0];
            }
        }
        if($user === false)
        {
            return $response->withStatus(404);
        }
        return $response->withJson($user->delete());
    }

    public function listGroupsForUser($request, $response, $args)
    {
        $uid = 'me';
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        $this->validateLoggedIn($request);
        $user = $this->getUserByUID($request, $uid);
        if($user === false)
        {
            return $response->withStatus(404);
        }
        $groups = $user->getGroups();
        if($groups === false)
        {
            $groups = array();
        }
        return $response->withJson($groups);
    }

    public function linkUser($request, $response, $args)
    {
        $uid = 'me';
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        $this->validateLoggedIn($request);
        $obj = $request->getParsedBody();
        if($this->userIsMe($request, $uid))
        {
            $this->user->addLoginProvider($obj->provider);
            AuthProvider::getInstance()->impersonateUser($app->user);
        }
        else if($this->user->isInGroupNamed("LDAPAdmins"))
        {
            $user = AuthProvider::getInstance()->getUser($uid);
            if($user === false)
            {
                return $response->withStatus(404);
            }
            $user->addLoginProvider($obj->provider);
        }
        else
        {
            return $response->withStatus(404);
        }
        return $response->withJson(array('success'=>true));
    }

    protected function getAllUsersByFilter($filter, &$pending)
    {
        $auth = AuthProvider::getInstance();
        $user = $auth->getUsersByFilter($filter);
        if($user !== false && isset($user[0]))
        {
            $pending = false;
            return $user[0];
        }
        $user = $auth->getPendingUsersByFilter($filter);
        if($user !== false && isset($user[0]))
        {
            $pending = true;
            return $user[0];
        }
        return false;
    }

    public function checkEmailAvailable($request, $response, $args)
    {
        $params = $request->getQueryParams();
        $email = false;
        if(isset($params['email']))
        {
            $email = $params['email'];
        }
        if($email === false)

        {
            $params = $request->getParsedBody();
            if(isset($params['email']))
            {
                $email = $params['email'];
            }
            if($email === false)
            {
                return $response->withStatus(400);
            }
        }
        if(filter_var($email, FILTER_VALIDATE_EMAIL) === false || strpos($email, '@') === false)
        {
            return $response->withJson(false);
        }
        if(strstr($email, '+') !== false)
        {
            //Remove everything between the + and the @
            $begining = strpos($email, '+');
            $end = strpos($email, '@');
            $to_delete = substr($email, $begining, $end - $begining);
            $email = str_replace($to_delete, '', $email);
        }
        $filter = new \Data\Filter('mail eq '.$email);
        $pending = false;
        $user = $this->getAllUsersByFilter($filter, $pending);
        if($user === false)
        {
            return $response->withJson(true);
        }
        return $response->withJson(array('res'=>false, 'email'=>$user->mail, 'pending'=>$pending));
    }

    public function checkUidAvailable($request, $response, $args)
    {
        $params = $request->getQueryParams();
        $uid = false;
        if(isset($params['uid']))
        {
            $uid = $params['uid'];
        }
        if($uid === false)
        {
            return $response->withStatus(400);
        }
        if(strpos($uid, '=') !== false || strpos($uid, ',') !== false)
        {
            return $response->withJson(false);
        }
        $filter = new \Data\Filter('uid eq '.$uid);
        $pending = false;
        $user = $this->getAllUsersByFilter($filter, $pending);
        if($user === false)
        {
            return $response->withJson(true);
        }
        return $response->withJson(array('res'=>false, 'uidl'=>$user->uid, 'pending'=>$pending));
    }

    public function resetUserPassword($request, $response, $args)
    {
        $uid = false;
        if(isset($args['uid']))
        {
            $uid = $args['uid'];
        }
        else
        {
            return $response->withStatus(400);
        }
        $auth = AuthProvider::getInstance();
        $users = $auth->getUsersByFilter(new \Data\Filter('uid eq '.$uid));
        if($users === false || !isset($users[0]))
        {
            return $response->withStatus(404);
        }
        $email_msg = new PasswordResetEmail($users[0]);
        $email_provider = EmailProvider::getInstance();
        if($email_provider->sendEmail($email_msg) === false)
        {
            throw new \Exception('Unable to send email!');
        }
        return $response->withJson(true);
    }

    public function remindUid($request, $response, $args)

    {
        $params = $request->getQueryParams();
        $email = false;
        if(isset($params['email']))
        {
            $email = $params['email'];
        }
        if($email === false)

        {
            $params = $request->getParsedBody();
            if(isset($params['email']))
            {
                $email = $params['email'];
            }
            if($email === false)
            {
                return $response->withStatus(400);
            }
        }
        if(filter_var($email, FILTER_VALIDATE_EMAIL) === false)
        {
            return $response->withStatus(400);
        }
        $auth = AuthProvider::getInstance();
        $users = $auth->getUsersByFilter(new \Data\Filter('mail eq '.$email));
        if($users === false || !isset($users[0]))
        {
            return $response->withStatus(404);
        }
        $email_msg = new UIDForgotEmail($users[0]);
        $email_provider = EmailProvider::getInstance();
        if($email_provider->sendEmail($email_msg) === false)
        {
            throw new \Exception('Unable to send email!');
        }
    }
}
/* vim: set tabstop=4 shiftwidth=4 expandtab: */


1		<?php
2		require_once('class.UIDForgotEmail.php');
3
4		class UsersAPI extends Http\Rest\RestAPI
5		{
6		public function setup($app)
7		{
8		$app->get('[/]', array($this, 'listUsers'));
9		$app->post('[/]', array($this, 'createUser'));
10		$app->get('/{uid}[/]', array($this, 'showUser'));
11		$app->patch('/{uid}[/]', array($this, 'editUser'));
12		$app->delete('/{uid}[/]', array($this, 'deleteUser'));
13		$app->get('/{uid}/groups[/]', array($this, 'listGroupsForUser'));
14		$app->post('/{uid}/Actions/link[/]', array($this, 'linkUser'));
15		$app->post('/{uid}/Actions/reset_pass[/]', array($this, 'resetUserPassword'));
16		$app->post('/Actions/check_email_available[/]', array($this, 'checkEmailAvailable'));
17		$app->post('/Actions/check_uid_available[/]', array($this, 'checkUidAvailable'));
18		$app->post('/Actions/remind_uid[/]', array($this, 'remindUid'));
19		}
20
21	View Code Duplication	public function validateIsAdmin($request, $nonFatal = false)
22		{
23		$this->user = $request->getAttribute('user');
24		if($this->user === false)
25		{
26		throw new Exception('Must be logged in', \Http\Rest\ACCESS_DENIED);
27		}
28		if(!$this->user->isInGroupNamed('LDAPAdmins'))
29		{
30		if($nonFatal)
31		{
32		return false;
33		}
34		throw new Exception('Must be Admin', \Http\Rest\ACCESS_DENIED);
35		}
36		return true;
37		}
38
39		public function listUsers($request, $response, $args)
40		{
41		$users = false;
42		$odata = $request->getAttribute('odata', new \ODataParams(array()));
43		if($this->validateIsAdmin($request, true) === false)
44		{
45		$users = array($this->user);
46		$users = $odata->filterArrayPerSelect($users);
47		}
48		else
49		{
50		$auth = AuthProvider::getInstance();
51		$users = $auth->getUsersByFilter($odata->filter, $odata->select, $odata->top, $odata->skip,
52		$odata->orderby);
53		}
54		return $response->withJson($users);
55		}
56
57		protected function validateCanCreateUser($proposedUser, $auth, &$message)
58		{
59		$user = $auth->getUsersByFilter(new \Data\Filter('mail eq '.$proposedUser->mail));
60	View Code Duplication	if($user !== false && isset($user[0]))
61		{
62		$message = 'Email already exists!';
63		return false;
64		}
65		$user = $auth->getUsersByFilter(new \Data\Filter('uid eq '.$proposedUser->uid));
66	View Code Duplication	if($user !== false && isset($user[0]))
67		{
68		$message = 'Username already exists!';
69		return false;
70		}
71		return true;
72		}
73
74	View Code Duplication	protected function validEmail($email)
75		{
76		if(filter_var($email) === false)
77		{
78		return false;
79		}
80		$pos = strpos($email, '@');
81		if($pos === false)
82		{
83		return false;
84		}
85		$domain = substr($email, $pos+1);
86		if(checkdnsrr($domain, 'MX') === false)
87		{
88		return false;
89		}
90		return true;
91		}
92
93		public function createUser($request, $response, $args)
94		{
95		$this->user = $request->getAttribute('user');
96		//This one is different. If they are logged in fail...
97		if($this->user !== false)
98		{
99		return $response->withStatus(404);
100		}
101		$obj = $request->getParsedBody();
102		if(!isset($obj->captcha))
103		{
104		return $response->withStatus(401);
105		}
106		$captcha = FlipSession::getVar('captcha');
107		if($captcha === false)
108		{
109		return $response->withStatus(401);
110		}
111		if(!$captcha->is_answer_right($obj->captcha))
112		{
113		return $response->withJson(array('res'=>false, 'message'=>'Incorrect answer to CAPTCHA!'), 412);
114		}
115		$auth = AuthProvider::getInstance();
116		$message = false;
117		if($this->validateCanCreateUser($obj, $auth, $message) === false)
118		{
119		return $response->withJson(array('res'=>false, 'message'=>$message), 412);
120		}
121	View Code Duplication	else if($this->validEmail($obj->mail) === false)
122		{
123		return $response->withJson(array('res'=>false, 'message'=>'Invalid Email Address!'));
124		}
125		$ret = $auth->createPendingUser($obj);
126	View Code Duplication	if($ret == false)
127		{
128		return $response->withJson(array('res'=>false, 'message'=>'Failed to save user registration!'), 500);
129		}
130		return $response->withJson($ret);
131		}
132
133		protected function userIsMe($request, $uid)
134		{
135		$this->user = $request->getAttribute('user');
136		return ($uid === 'me' \|\| ($this->user !== false && $uid === $this->user->uid));
137		}
138
139	View Code Duplication	protected function getUserByUIDReadOnly($request, $uid)
140		{
141		if($this->userIsMe($request, $uid))
142		{
143		return $this->user;
144		}
145		if($this->user->isInGroupNamed('LDAPAdmins') \|\| $this->hasLeadAccess($request))
146		{
147		$auth = \AuthProvider::getInstance();
148		$filter = new \Data\Filter("uid eq $uid");
149		$users = $auth->getUsersByFilter($filter);
150		if($users !== false && isset($users[0]))
151		{
152		return $users[0];
153		}
154		}
155		return false;
156		}
157
158	View Code Duplication	protected function getUserByUID($request, $uid)
159		{
160		if($this->userIsMe($request, $uid))
161		{
162		return $this->user;
163		}
164		if($this->user->isInGroupNamed('LDAPAdmins'))
165		{
166		$auth = \AuthProvider::getInstance();
167		$filter = new \Data\Filter("uid eq $uid");
168		$users = $auth->getUsersByFilter($filter);
169		if($users !== false && isset($users[0]))
170		{
171		return $users[0];
172		}
173		}
174		return false;
175		}
176
177		public function showUser($request, $response, $args)
178		{
179		$uid = $args['uid'];
180		$user = $request->getAttribute('user');
181		if($user === false)
182		{
183		if($_SERVER['SERVER_ADDR'] === $_SERVER['REMOTE_ADDR'])
184		{
185		$user = \AuthProvider::getInstance()->getUsersByFilter(new \Data\Filter("uid eq $uid"));
186		if($user === false \|\| !isset($user[0]))
187		{
188		return $response->withStatus(404);
189		}
190		return $response->withJson($user[0]);
191		}
192		return $response->withStatus(401);
193		}
194		$user = $this->getUserByUIDReadOnly($request, $uid);
195		if($user === false)
196		{
197		return $response->withStatus(404);
198		}
199		if(!is_object($user) && isset($user[0]))
200		{
201		$user = $user[0];
202		}
203		if($request->getAttribute('format') === 'vcard')
204		{
205		$response = $response->withHeader('Content-Type', 'text/x-vCard');
206		$response->getBody()->write($user->getVcard());
207		return $response;
208		}
209		return $response->withJson($user);
210		}
211
212		protected function sendPasswordResetEmail($user)
213		{
214		$forwardedFor = false;
215		if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
216		{
217		$forwardedFor = $_SERVER['HTTP_X_FORWARDED_FOR'];
218		}
219		$emailMsg = new PasswordHasBeenResetEmail($user, $_SERVER['REMOTE_ADDR'], $forwardedFor);
220		$emailProvider = EmailProvider::getInstance();
221		if($emailProvider->sendEmail($emailMsg) === false)
222		{
223		throw new \Exception('Unable to send password reset email!');
224		}
225		}
226
227		protected function exceptionCodeToHttpCode($e)
228		{
229		if($e->getCode() === 3)
230		{
231		return 401;
232		}
233		return 500;
234		}
235
236		protected function getUser($request, $uid, $payload)
237		{
238		$this->user = $request->getAttribute('user');
239		if($this->user === false)
240		{
241		if(isset($payload->hash))
242		{
243		$auth = AuthProvider::getInstance();
244		$this->user = $auth->getUserByResetHash($payload->hash);
245		return $this->user;
246		}
247		return false;
248		}
249		return $this->getUserByUID($request, $uid);
250		}
251
252		public function editUser($request, $response, $args)
253		{
254		$uid = 'me';
255		if(isset($args['uid']))
256		{
257		$uid = $args['uid'];
258		}
259		$obj = $request->getParsedBody();
260		$user = $this->getUser($request, $uid, $obj);
261		if($user === false)
262		{
263		return $response->withStatus(404);
264		}
265		try
266		{
267		if(isset($obj['old_uid']))
268		{
269		unset($obj['old_uid']);
270		}
271		unset($obj['uid']);
272		$user->editUser($obj);
273		}
274		catch(\Exception $e)
275		{
276		return $response->withJson(array('error'=>array('msg'=>$e->getMessage(), 'stack'=>$e->getTraceAsString())), $this->exceptionCodeToHttpCode($e));
277		}
278		if($this->userIsMe($request, $uid))
279		{
280		\FlipSession::setUser($user);
281		}
282		if(isset($obj->password))
283		{
284		$this->sendPasswordResetEmail($user);
285		}
286		return $response->withJson(array('success'=>true));
287		}
288
289		public function deleteUser($request, $response, $args)
290		{
291		$uid = 'me';
292		if(isset($args['uid']))
293		{
294		$uid = $args['uid'];
295		}
296		$user = false;
297		if($this->validateIsAdmin($request, true) === false && $this->userIsMe($request, $uid))
298		{
299		$user = $this->user;
300		}
301		else
302		{
303		$auth = AuthProvider::getInstance();
304		$filter = new \Data\Filter("uid eq $uid");
305		$user = $auth->getUsersByFilter($filter);
306		if(empty($user))
307		{
308		$user = false;
309		}
310		else
311		{
312		$user = $user[0];
313		}
314		}
315		if($user === false)
316		{
317		return $response->withStatus(404);
318		}
319		return $response->withJson($user->delete());
320		}
321
322		public function listGroupsForUser($request, $response, $args)
323		{
324		$uid = 'me';
325		if(isset($args['uid']))
326		{
327		$uid = $args['uid'];
328		}
329		$this->validateLoggedIn($request);
330		$user = $this->getUserByUID($request, $uid);
331		if($user === false)
332		{
333		return $response->withStatus(404);
334		}
335		$groups = $user->getGroups();
336		if($groups === false)
337		{
338		$groups = array();
339		}
340		return $response->withJson($groups);
341		}
342
343		public function linkUser($request, $response, $args)
344		{
345		$uid = 'me';
346		if(isset($args['uid']))
347		{
348		$uid = $args['uid'];
349		}
350		$this->validateLoggedIn($request);
351		$obj = $request->getParsedBody();
352		if($this->userIsMe($request, $uid))
353		{
354		$this->user->addLoginProvider($obj->provider);
355		AuthProvider::getInstance()->impersonateUser($app->user);
356		}
357		else if($this->user->isInGroupNamed("LDAPAdmins"))
358		{
359		$user = AuthProvider::getInstance()->getUser($uid);
360		if($user === false)
361		{
362		return $response->withStatus(404);
363		}
364		$user->addLoginProvider($obj->provider);
365		}
366		else
367		{
368		return $response->withStatus(404);
369		}
370		return $response->withJson(array('success'=>true));
371		}
372
373		protected function getAllUsersByFilter($filter, &$pending)
374		{
375		$auth = AuthProvider::getInstance();
376		$user = $auth->getUsersByFilter($filter);
377	View Code Duplication	if($user !== false && isset($user[0]))
378		{
379		$pending = false;
380		return $user[0];
381		}
382		$user = $auth->getPendingUsersByFilter($filter);
383	View Code Duplication	if($user !== false && isset($user[0]))
384		{
385		$pending = true;
386		return $user[0];
387		}
388		return false;
389		}
390
391		public function checkEmailAvailable($request, $response, $args)
392		{
393		$params = $request->getQueryParams();
394		$email = false;
395		if(isset($params['email']))
396		{
397		$email = $params['email'];
398		}
399	View Code Duplication	if($email === false)
		0 ignored issues – show Duplication introduced 2017-10-18 01:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
400		{
401		$params = $request->getParsedBody();
402		if(isset($params['email']))
403		{
404		$email = $params['email'];
405		}
406		if($email === false)
407		{
408		return $response->withStatus(400);
409		}
410		}
411		if(filter_var($email, FILTER_VALIDATE_EMAIL) === false \|\| strpos($email, '@') === false)
412		{
413		return $response->withJson(false);
414		}
415		if(strstr($email, '+') !== false)
416		{
417		//Remove everything between the + and the @
418		$begining = strpos($email, '+');
419		$end = strpos($email, '@');
420		$to_delete = substr($email, $begining, $end - $begining);
421		$email = str_replace($to_delete, '', $email);
422		}
423		$filter = new \Data\Filter('mail eq '.$email);
424		$pending = false;
425		$user = $this->getAllUsersByFilter($filter, $pending);
426		if($user === false)
427		{
428		return $response->withJson(true);
429		}
430		return $response->withJson(array('res'=>false, 'email'=>$user->mail, 'pending'=>$pending));
431		}
432
433		public function checkUidAvailable($request, $response, $args)
434		{
435		$params = $request->getQueryParams();
436		$uid = false;
437		if(isset($params['uid']))
438		{
439		$uid = $params['uid'];
440		}
441		if($uid === false)
442		{
443		return $response->withStatus(400);
444		}
445		if(strpos($uid, '=') !== false \|\| strpos($uid, ',') !== false)
446		{
447		return $response->withJson(false);
448		}
449		$filter = new \Data\Filter('uid eq '.$uid);
450		$pending = false;
451		$user = $this->getAllUsersByFilter($filter, $pending);
452		if($user === false)
453		{
454		return $response->withJson(true);
455		}
456		return $response->withJson(array('res'=>false, 'uidl'=>$user->uid, 'pending'=>$pending));
457		}
458
459		public function resetUserPassword($request, $response, $args)
460		{
461		$uid = false;
462		if(isset($args['uid']))
463		{
464		$uid = $args['uid'];
465		}
466		else
467		{
468		return $response->withStatus(400);
469		}
470		$auth = AuthProvider::getInstance();
471		$users = $auth->getUsersByFilter(new \Data\Filter('uid eq '.$uid));
472		if($users === false \|\| !isset($users[0]))
473		{
474		return $response->withStatus(404);
475		}
476		$email_msg = new PasswordResetEmail($users[0]);
477		$email_provider = EmailProvider::getInstance();
478		if($email_provider->sendEmail($email_msg) === false)
479		{
480		throw new \Exception('Unable to send email!');
481		}
482		return $response->withJson(true);
483		}
484
485		public function remindUid($request, $response, $args)
		0 ignored issues – show Unused Code introduced 2017-10-18 01:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$args` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
486		{
487		$params = $request->getQueryParams();
488		$email = false;
489		if(isset($params['email']))
490		{
491		$email = $params['email'];
492		}
493	View Code Duplication	if($email === false)
		0 ignored issues – show Duplication introduced 2017-10-18 01:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
494		{
495		$params = $request->getParsedBody();
496		if(isset($params['email']))
497		{
498		$email = $params['email'];
499		}
500		if($email === false)
501		{
502		return $response->withStatus(400);
503		}
504		}
505		if(filter_var($email, FILTER_VALIDATE_EMAIL) === false)
506		{
507		return $response->withStatus(400);
508		}
509		$auth = AuthProvider::getInstance();
510		$users = $auth->getUsersByFilter(new \Data\Filter('mail eq '.$email));
511		if($users === false \|\| !isset($users[0]))
512		{
513		return $response->withStatus(404);
514		}
515		$email_msg = new UIDForgotEmail($users[0]);
516		$email_provider = EmailProvider::getInstance();
517		if($email_provider->sendEmail($email_msg) === false)
518		{
519		throw new \Exception('Unable to send email!');
520		}
521		}
522		}
523		/* vim: set tabstop=4 shiftwidth=4 expandtab: */
524

BurningFlipside / Profiles

Push — master ( 4f23d4...a4c187 )

api/v1/class.UsersAPI.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like