Failed Conditions
Pull Request — experimental/sf (#3434)
by
unknown
237:44 queued 227:26
created

ForgotController   A

Complexity

Total Complexity 17

Size/Duplication

Total Lines 230
Duplicated Lines 0 %

Coupling/Cohesion

Components 1
Dependencies 18

Test Coverage

Coverage 44.83%

Importance

Changes 0
Metric Value
dl 0
loc 230
rs 10
c 0
b 0
f 0
ccs 39
cts 87
cp 0.4483
wmc 17
lcom 1
cbo 18

4 Methods

Rating   Name   Duplication   Size   Complexity  
A __construct() 0 11 1
B index() 0 65 5
A complete() 0 8 2
C reset() 0 94 9
1
<?php
2
3
/*
4
 * This file is part of EC-CUBE
5
 *
6
 * Copyright(c) LOCKON CO.,LTD. All Rights Reserved.
7
 *
8
 * http://www.lockon.co.jp/
9
 *
10
 * For the full copyright and license information, please view the LICENSE
11
 * file that was distributed with this source code.
12
 */
13
14
namespace Eccube\Controller;
15
16
use Eccube\Event\EccubeEvents;
17
use Eccube\Event\EventArgs;
18
use Eccube\Form\Type\Front\ForgotType;
19
use Eccube\Form\Type\Front\ResetType;
20
use Eccube\Repository\CustomerRepository;
21
use Eccube\Service\MailService;
22
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
23
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
24
use Symfony\Component\HttpFoundation\Request;
25
use Symfony\Component\HttpKernel\Exception as HttpException;
26
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
27
use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
28
use Symfony\Component\Validator\Constraints as Assert;
29
use Symfony\Component\Validator\Validator\ValidatorInterface;
30
31
class ForgotController extends AbstractController
32
{
33
    /**
34
     * @var ValidatorInterface
35
     */
36
    protected $recursiveValidator;
37
38
    /**
39
     * @var MailService
40
     */
41
    protected $mailService;
42
43
    /**
44
     * @var CustomerRepository
45
     */
46
    protected $customerRepository;
47
48
    /**
49
     * @var EncoderFactoryInterface
50
     */
51
    protected $encoderFactory;
52
53
    /**
54
     * ForgotController constructor.
55
     *
56
     * @param ValidatorInterface $recursiveValidator
57
     * @param MailService $mailService
58
     * @param CustomerRepository $customerRepository
59
     * @param EncoderFactoryInterface $encoderFactory
60
     */
61 3
    public function __construct(
62
        ValidatorInterface $recursiveValidator,
63
        MailService $mailService,
64
        CustomerRepository $customerRepository,
65
        EncoderFactoryInterface $encoderFactory
66
    ) {
67 3
        $this->recursiveValidator = $recursiveValidator;
68 3
        $this->mailService = $mailService;
69 3
        $this->customerRepository = $customerRepository;
70 3
        $this->encoderFactory = $encoderFactory;
71
    }
72
73
    /**
74
     * パスワードリマインダ.
75
     *
76
     * @Route("/forgot", name="forgot")
77
     * @Template("Forgot/index.twig")
78
     */
79 1
    public function index(Request $request)
80
    {
81 1
        if ($this->isGranted('ROLE_USER')) {
82
            throw new HttpException\NotFoundHttpException();
83
        }
84
85 1
        $builder = $this->formFactory
86 1
            ->createNamedBuilder('', ForgotType::class);
87
88 1
        $event = new EventArgs(
89
            [
90 1
                'builder' => $builder,
91
            ],
92 1
            $request
93
        );
94 1
        $this->eventDispatcher->dispatch(EccubeEvents::FRONT_FORGOT_INDEX_INITIALIZE, $event);
95
96 1
        $form = $builder->getForm();
97 1
        $form->handleRequest($request);
98
99 1
        if ($form->isSubmitted() && $form->isValid()) {
100
            $Customer = $this->customerRepository
101
                ->getRegularCustomerByEmail($form->get('login_email')->getData());
102
103
            if (!is_null($Customer)) {
104
                // リセットキーの発行・有効期限の設定
105
                $Customer
106
                    ->setResetKey($this->customerRepository->getUniqueResetKey())
107
                    ->setResetExpire(new \DateTime('+'.$this->eccubeConfig['eccube_customer_reset_expire'].' min'));
108
109
                // リセットキーを更新
110
                $this->entityManager->persist($Customer);
111
                $this->entityManager->flush();
112
113
                $event = new EventArgs(
114
                    [
115
                        'form' => $form,
116
                        'Customer' => $Customer,
117
                    ],
118
                    $request
119
                );
120
                $this->eventDispatcher->dispatch(EccubeEvents::FRONT_FORGOT_INDEX_COMPLETE, $event);
121
122
                // 完了URLの生成
123
                $reset_url = $this->generateUrl('forgot_reset', ['reset_key' => $Customer->getResetKey()], UrlGeneratorInterface::ABSOLUTE_URL);
124
125
                // メール送信
126
                $this->mailService->sendPasswordResetNotificationMail($Customer, $reset_url);
127
128
                // ログ出力
129
                log_info('send reset password mail to:'."{$Customer->getId()} {$Customer->getEmail()} {$request->getClientIp()}");
130
            } else {
131
                log_warning(
132
                    'Un active customer try send reset password email: ',
133
                    ['Enter email' => $form->get('login_email')->getData()]
134
                );
135
            }
136
137
            return $this->redirectToRoute('forgot_complete');
138
        }
139
140
        return [
141 1
            'form' => $form->createView(),
142
        ];
143
    }
144
145
    /**
146
     * 再設定URL送信完了画面.
147
     *
148
     * @Route("/forgot/complete", name="forgot_complete")
149
     * @Template("Forgot/complete.twig")
150
     */
151
    public function complete(Request $request)
0 ignored issues
show
Unused Code introduced by
The parameter $request is not used and could be removed.

This check looks from parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
152
    {
153
        if ($this->isGranted('ROLE_USER')) {
154
            throw new HttpException\NotFoundHttpException();
155
        }
156
157
        return [];
158
    }
159
160
    /**
161
     * パスワード再発行実行画面.
162
     *
163
     * @Route("/forgot/reset/{reset_key}", name="forgot_reset")
164
     * @Template("Forgot/reset.twig")
165
     */
166 2
    public function reset(Request $request, $reset_key)
167
    {
168 2
        if ($this->isGranted('ROLE_USER')) {
169
            throw new HttpException\NotFoundHttpException();
170
        }
171
172 2
        $errors = $this->recursiveValidator->validate(
173 2
            $reset_key,
174
            [
175 2
                new Assert\NotBlank(),
176 2
                new Assert\Regex(
177
                    [
178 2
                        'pattern' => '/^[a-zA-Z0-9]+$/',
179
                    ]
180
                ),
181
            ]
182
        );
183
184 2
        $builder = $this->formFactory
185 2
            ->createNamedBuilder('', ResetType::class);
186
187 2
        $event = new EventArgs(
0 ignored issues
show
Unused Code introduced by
$event is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
188
            [
189 2
                'builder' => $builder,
190
            ],
191 2
            $request
192
        );
193
194 2
        $form = $builder->getForm();
195 2
        $form->handleRequest($request);
196 2
        $credential_error = null;
197
198 2
        if ('GET' === $request->getMethod()) {
199 2
            if (count($errors) > 0) {
200
                // リセットキーに異常がある場合
201 1
                throw new HttpException\AccessDeniedHttpException(trans('forgotcontroller.text.error.authorization'));
202
            }
203
204 1
            $Customer = $this->customerRepository
205 1
                ->getRegularCustomerByResetKey($reset_key);
206
207 1
            if (is_null($Customer)) {
208
                // リセットキーから会員データが取得できない場合
209 1
                throw new HttpException\NotFoundHttpException(trans('forgotcontroller.text.error.url'));
210
            }
211
        } elseif ($form->isSubmitted() && $form->isValid()) {
212
            // リセットキー・入力メールアドレスで会員情報検索
213
            $Customer = $this->customerRepository
214
                ->getRegularCustomerByResetKey($reset_key, $form->get('login_email')->getData());
215
            if (is_null($Customer) == false) {
0 ignored issues
show
Coding Style Best Practice introduced by
It seems like you are loosely comparing two booleans. Considering using the strict comparison === instead.

When comparing two booleans, it is generally considered safer to use the strict comparison operator.

Loading history...
216
                // パスワードの発行・更新
217
                $encoder = $this->encoderFactory->getEncoder($Customer);
218
                $pass = $form->get('password')->getData();
219
                $Customer->setPassword($pass);
220
221
                // 発行したパスワードの暗号化
222
                if ($Customer->getSalt() === null) {
223
                    $Customer->setSalt($this->encoderFactory->getEncoder($Customer)->createSalt());
0 ignored issues
show
Bug introduced by
It seems like you code against a concrete implementation and not the interface Symfony\Component\Securi...asswordEncoderInterface as the method createSalt() does only exist in the following implementations of said interface: Eccube\Security\Core\Encoder\PasswordEncoder.

Let’s take a look at an example:

interface User
{
    /** @return string */
    public function getPassword();
}

class MyUser implements User
{
    public function getPassword()
    {
        // return something
    }

    public function getDisplayName()
    {
        // return some name.
    }
}

class AuthSystem
{
    public function authenticate(User $user)
    {
        $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
        // do something.
    }
}

In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break.

Available Fixes

  1. Change the type-hint for the parameter:

    class AuthSystem
    {
        public function authenticate(MyUser $user) { /* ... */ }
    }
    
  2. Add an additional type-check:

    class AuthSystem
    {
        public function authenticate(User $user)
        {
            if ($user instanceof MyUser) {
                $this->logger->info(/** ... */);
            }
    
            // or alternatively
            if ( ! $user instanceof MyUser) {
                throw new \LogicException(
                    '$user must be an instance of MyUser, '
                   .'other instances are not supported.'
                );
            }
    
        }
    }
    
Note: PHP Analyzer uses reverse abstract interpretation to narrow down the types inside the if block in such a case.
  1. Add the method to the interface:

    interface User
    {
        /** @return string */
        public function getPassword();
    
        /** @return string */
        public function getDisplayName();
    }
    
Loading history...
224
                }
225
                $encPass = $encoder->encodePassword($pass, $Customer->getSalt());
226
227
                // パスワードを更新
228
                $Customer->setPassword($encPass);
229
                // リセットキーをクリア
230
                $Customer->setResetKey(null);
231
232
                // パスワードを更新
233
                $this->entityManager->persist($Customer);
234
                $this->entityManager->flush();
235
236
                $event = new EventArgs(
237
                    [
238
                        'Customer' => $Customer,
239
                    ],
240
                    $request
241
                );
242
                $this->eventDispatcher->dispatch(EccubeEvents::FRONT_FORGOT_RESET_COMPLETE, $event);
243
244
                // 完了メッセージを設定
245
                $this->addFlash('password_reset_complete', trans('forgotcontroller.text.complete'));
246
247
                // ログインページへリダイレクト
248
                return $this->redirectToRoute('mypage_login');
249
            } else {
250
                // リセットキー・メールアドレスから会員データが取得できない場合
251
                $credential_error = trans('forgotcontroller.text.error.credentials');
252
            }
253
        }
254
255
        return [
256
            'error' => $credential_error,
257
            'form' => $form->createView(),
258
        ];
259
    }
260
}
261