PasswordEncoder - Code Metrics - Inspection of "Travis CI の高速化" - EC-CUBE/ec-cube - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#1896)

by Kentaro

created 2016-10-28 13:02 UTC

PasswordEncoder A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	69
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	0

Test Coverage

Coverage

66.67%

Importance

Changes

Metric	Value
dl	0
loc	69
ccs	14
cts	21
cp	0.6667
rs	10
c	0
b	0
f	0
wmc	10
lcom	1
cbo	0

3 Methods

Rating	Name	Size	Complexity
A	__construct()	4	1
A	encodePassword()	13	3
B	isPasswordValid()	25	6

<?php
/*
 * This file is part of EC-CUBE
 *
 * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved.
 *
 * http://www.lockon.co.jp/
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */


namespace Eccube\Security\Core\Encoder;

use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;

class PasswordEncoder implements PasswordEncoderInterface

{

    /* @var $config array */
    public $config;

    public function __construct(array $config)

    {
        $this->config = $config;
    }

    /**
     * Encodes the raw password.
     *
     * @param string $raw  The password to encode
     * @param string $salt The salt
     *
     * @return string The encoded password
     */
    public function encodePassword($raw, $salt)
    {
        if ($salt == '') {
            $salt = $this->config['auth_magic'];
        }
        if ($this->config['auth_type'] == 'PLAIN') {
            $res = $raw;
        } else {
            $res = hash_hmac($this->config['password_hash_algos'], $raw . ':' . $this->config['auth_magic'], $salt);

        }

        return $res;
    }

    /**
     * Checks a raw password against an encoded password.
     *
     * @param string $encoded An encoded password
     * @param string $raw     A raw password
     * @param string $salt    The salt
     *
     * @return bool true if the password is valid, false otherwise
     */
    public function isPasswordValid($encoded, $raw, $salt)
    {
        if ($encoded == '') {
            return false;
        }

        if ($this->config['auth_type'] == 'PLAIN') {
            if ($raw === $encoded) {
                return true;
            }
        } else {
            // 旧バージョン(2.11未満)からの移行を考慮

            if (empty($salt)) {
                $hash = sha1($raw . ':' . $this->config['auth_magic']);

            } else {
                $hash = $this->encodePassword($raw, $salt);
            }

            if ($hash === $encoded) {
                return true;
            }
        }

        return false;
    }

}


1		<?php
2		/*
3		* This file is part of EC-CUBE
4		*
5		* Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved.
6		*
7		* http://www.lockon.co.jp/
8		*
9		* This program is free software; you can redistribute it and/or
10		* modify it under the terms of the GNU General Public License
11		* as published by the Free Software Foundation; either version 2
12		* of the License, or (at your option) any later version.
13		*
14		* This program is distributed in the hope that it will be useful,
15		* but WITHOUT ANY WARRANTY; without even the implied warranty of
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17		* GNU General Public License for more details.
18		*
19		* You should have received a copy of the GNU General Public License
20		* along with this program; if not, write to the Free Software
21		* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22		*/
23
24
25		namespace Eccube\Security\Core\Encoder;
26
27		use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;
28
29		class PasswordEncoder implements PasswordEncoderInterface
		0 ignored issues – show introduced 2015-11-21 02:41 UTC by Report Bug Copy Issue Report Missing class doc comment Loading history...
30		{
31
32		/* @var $config array */
33		public $config;
34
35	1064	public function __construct(array $config)
		0 ignored issues – show introduced 2015-11-21 02:41 UTC by Report Bug Copy Issue Report Missing function doc comment Loading history...
36		{
37	1064	$this->config = $config;
38		}
39
40		/**
41		* Encodes the raw password.
42		*
43		* @param string $raw The password to encode
44		* @param string $salt The salt
45		*
46		* @return string The encoded password
47		*/
48	468	public function encodePassword($raw, $salt)
49		{
50	468	if ($salt == '') {
51		$salt = $this->config['auth_magic'];
52		}
53	468	if ($this->config['auth_type'] == 'PLAIN') {
54		$res = $raw;
55		} else {
56	468	$res = hash_hmac($this->config['password_hash_algos'], $raw . ':' . $this->config['auth_magic'], $salt);
		0 ignored issues – show Coding Style introduced 2015-11-21 02:41 UTC by Report Bug Copy Issue Report Concat operator must not be surrounded by spaces Loading history...
57		}
58
59	468	return $res;
60		}
61
62		/**
63		* Checks a raw password against an encoded password.
64		*
65		* @param string $encoded An encoded password
66		* @param string $raw A raw password
67		* @param string $salt The salt
68		*
69		* @return bool true if the password is valid, false otherwise
70		*/
71	1	public function isPasswordValid($encoded, $raw, $salt)
72		{
73	1	if ($encoded == '') {
74		return false;
75		}
76
77	1	if ($this->config['auth_type'] == 'PLAIN') {
78		if ($raw === $encoded) {
79		return true;
80		}
81		} else {
82		// 旧バージョン(2.11未満)からの移行を考慮
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-02-05 00:57 UTC by Report Bug Copy Issue Report `43%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
83	1	if (empty($salt)) {
84		$hash = sha1($raw . ':' . $this->config['auth_magic']);
		0 ignored issues – show Coding Style introduced 2015-11-21 02:41 UTC by Report Bug Copy Issue Report Concat operator must not be surrounded by spaces Loading history...
85		} else {
86	1	$hash = $this->encodePassword($raw, $salt);
87		}
88
89	1	if ($hash === $encoded) {
90	1	return true;
91		}
92		}
93
94		return false;
95		}
96
97		}
98

EC-CUBE / ec-cube

Pull Request — master (#1896)

PasswordEncoder A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

3 Methods

Duplication Side-by-Side

Filter issues like