UsersTable::validateInviteCode() - Code Metrics - Inspection of "Merge pull request #11567 from mrclay/11563_routes" - Elgg/Elgg - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( c0a3a7...3b84a4 )

by Jeroen

created 2018-01-08 10:08 UTC

UsersTable::validateInviteCode() A

↳ Parent: UsersTable

Complexity

Conditions	2
Paths	2

Size

Total Lines	9
Code Lines	5

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	6

Importance

Changes

Metric	Value
cc	2
eloc	5
nc	2
nop	2
dl	0
loc	9
rs	9.6666
c	0
b	0
f	0
ccs	0
cts	6
cp	0
crap	6

<?php

namespace Elgg\Database;

use Elgg\Config as Conf;
use Elgg\Database;
use ElggUser;
use RegistrationException;

/**
 * WARNING: API IN FLUX. DO NOT USE DIRECTLY.
 *
 * @access private
 *
 * @package    Elgg.Core
 * @subpackage Database
 * @since      1.10.0
 */
class UsersTable {

	use \Elgg\TimeUsing;

	/**
	 * @var Conf
	 */
	protected $config;

	/**
	 * @var Database
	 */
	protected $db;

	/**
	 * @var MetadataTable
	 */
	protected $metadata;

	/**
	 * Constructor
	 *
	 * @param Conf          $config   Config
	 * @param Database      $db       Database
	 * @param MetadataTable $metadata Metadata table
	 */
	public function __construct(Conf $config, Database $db, MetadataTable $metadata) {
		$this->config = $config;
		$this->db = $db;
		$this->metadata = $metadata;
	}

	/**
	 * Get user by username
	 *
	 * @param string $username The user's username
	 *
	 * @return ElggUser|false Depending on success
	 */
	public function getByUsername($username) {

		// Fixes #6052. Username is frequently sniffed from the path info, which,
		// unlike $_GET, is not URL decoded. If the username was not URL encoded,
		// this is harmless.
		$username = rawurldecode($username);

		if (!$username) {
			return false;
		}

		$entity =_elgg_services()->dataCache->usernames->load($username);
		if ($entity instanceof ElggUser) {
			return $entity;
		}

		$users = elgg_get_entities([
			'types' => 'user',
			'metadata_name_value_pairs' => [
				[
					'name' => 'username',
					'value' => $username,
				],
			],
			'limit' => 1,
		]);
		
		return $users ? $users[0] : false;
	}

	/**
	 * Get an array of users from an email address
	 *
	 * @param string $email Email address
	 * @return array
	 */
	public function getByEmail($email) {
		if (!$email) {
			return [];
		}
		
		$users = elgg_get_entities([
			'types' => 'user',
			'metadata_name_value_pairs' => [
				[
					'name' => 'email',
					'value' => $email,
				],
			],
			'limit' => 1,
		]);

		return $users ? : [];

	}

	/**
	 * Return users (or the number of them) who have been active within a recent period.
	 *
	 * @param array $options Array of options with keys:
	 *
	 *   seconds (int)  => Length of period (default 600 = 10min)
	 *   limit   (int)  => Limit (default 10)
	 *   offset  (int)  => Offset (default 0)
	 *   count   (bool) => Return a count instead of users? (default false)
	 *
	 * @return \ElggUser[]|int
	 */
	public function findActive(array $options = []) {
	
		$options = array_merge([
			'seconds' => 600,
			'limit' => $this->config->default_limit,
		], $options);

		// cast options we're sending to hook
		foreach (['seconds', 'limit', 'offset'] as $key) {
			$options[$key] = (int) $options[$key];
		}
		$options['count'] = (bool) $options['count'];

		// allow plugins to override
		$params = [
			'seconds' => $options['seconds'],
			'limit' => $options['limit'],
			'offset' => $options['offset'],
			'count' => $options['count'],
			'options' => $options,
		];
		$data = _elgg_services()->hooks->trigger('find_active_users', 'system', $params, null);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();
		// check null because the handler could legitimately return falsey values.
		if ($data !== null) {
			return $data;
		}

		$time = $this->getCurrentTime()->getTimestamp() - $options['seconds'];
		return elgg_get_entities([

			'type' => 'user',
			'limit' => $options['limit'],
			'offset' => $options['offset'],
			'count' => $options['count'],
			'wheres' => ["e.last_action >= {$time}"],
			'order_by' => "e.last_action desc",
		]);
	}

	/**
	 * Registers a user, returning false if the username already exists
	 *
	 * @param string $username              The username of the new user
	 * @param string $password              The password
	 * @param string $name                  The user's display name
	 * @param string $email                 The user's email address
	 * @param bool   $allow_multiple_emails Allow the same email address to be
	 *                                      registered multiple times?
	 * @param string $subtype               Subtype of the user entity
	 *
	 * @return int|false The new user's GUID; false on failure
	 * @throws RegistrationException
	 */
	public function register($username, $password, $name, $email, $allow_multiple_emails = false, $subtype = null) {

		// no need to trim password
		$username = trim($username);
		$name = trim(strip_tags($name));
		$email = trim($email);

		// A little sanity checking
		if (empty($username) || empty($password) || empty($name) || empty($email)) {
			return false;
		}

		// Make sure a user with conflicting details hasn't registered and been disabled
		$access_status = access_get_show_hidden_status();
		access_show_hidden_entities(true);

		if (!validate_email_address($email)) {
			throw new RegistrationException(_elgg_services()->translator->translate('registration:emailnotvalid'));
		}

		if (!validate_password($password)) {
			throw new RegistrationException(_elgg_services()->translator->translate('registration:passwordnotvalid'));
		}

		if (!validate_username($username)) {
			throw new RegistrationException(_elgg_services()->translator->translate('registration:usernamenotvalid'));
		}

		if (get_user_by_username($username)) {
			throw new RegistrationException(_elgg_services()->translator->translate('registration:userexists'));
		}

		if ((!$allow_multiple_emails) && (get_user_by_email($email))) {
			throw new RegistrationException(_elgg_services()->translator->translate('registration:dupeemail'));
		}

		access_show_hidden_entities($access_status);

		// Create user
		$constructor = ElggUser::class;
		if (isset($subtype)) {
			$class = elgg_get_entity_class('user', $subtype);
			if ($class && class_exists($class) && is_subclass_of($class, ElggUser::class)) {
				$constructor = $class;
			}
		}

		$user = new $constructor();
		if (isset($subtype)) {
			$user->subtype = $subtype;
		}
		$user->username = $username;
		$user->email = $email;
		$user->name = $name;
		$user->access_id = ACCESS_PUBLIC;
		$user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created.
		$user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created.
		$user->language = _elgg_services()->translator->getCurrentLanguage();
		if ($user->save() === false) {
			return false;
		}
		
		// doing this after save to prevent metadata save notices on unwritable metadata password_hash
		$user->setPassword($password);

		// Turn on email notifications by default
		$user->setNotificationSetting('email', true);
	
		return $user->getGUID();
	}

	/**
	 * Generates a unique invite code for a user
	 *
	 * @param string $username The username of the user sending the invitation
	 *
	 * @return string Invite code
	 * @see validateInviteCode
	 */
	public function generateInviteCode($username) {
		$time = $this->getCurrentTime()->getTimestamp();
		return "$time." . _elgg_services()->hmac->getHmac([(int) $time, $username])->getToken();
	}

	/**
	 * Validate a user's invite code
	 *
	 * @param string $username The username
	 * @param string $code     The invite code
	 *
	 * @return bool
	 * @see generateInviteCode
	 */
	public function validateInviteCode($username, $code) {
		// validate the format of the token created by ->generateInviteCode()
		if (!preg_match('~^(\d+)\.([a-zA-Z0-9\-_]+)$~', $code, $m)) {
			return false;
		}
		$time = $m[1];
		$mac = $m[2];

		return _elgg_services()->hmac->getHmac([(int) $time, $username])->matchesToken($mac);
	}
}


1		<?php
2
3		namespace Elgg\Database;
4
5		use Elgg\Config as Conf;
6		use Elgg\Database;
7		use ElggUser;
8		use RegistrationException;
9
10		/**
11		* WARNING: API IN FLUX. DO NOT USE DIRECTLY.
12		*
13		* @access private
14		*
15		* @package Elgg.Core
16		* @subpackage Database
17		* @since 1.10.0
18		*/
19		class UsersTable {
20
21		use \Elgg\TimeUsing;
22
23		/**
24		* @var Conf
25		*/
26		protected $config;
27
28		/**
29		* @var Database
30		*/
31		protected $db;
32
33		/**
34		* @var MetadataTable
35		*/
36		protected $metadata;
37
38		/**
39		* Constructor
40		*
41		* @param Conf $config Config
42		* @param Database $db Database
43		* @param MetadataTable $metadata Metadata table
44		*/
45	4419	public function __construct(Conf $config, Database $db, MetadataTable $metadata) {
46	4419	$this->config = $config;
47	4419	$this->db = $db;
48	4419	$this->metadata = $metadata;
49	4419	}
50
51		/**
52		* Get user by username
53		*
54		* @param string $username The user's username
55		*
56		* @return ElggUser\|false Depending on success
57		*/
58	459	public function getByUsername($username) {
59
60		// Fixes #6052. Username is frequently sniffed from the path info, which,
61		// unlike $_GET, is not URL decoded. If the username was not URL encoded,
62		// this is harmless.
63	459	$username = rawurldecode($username);
64
65	459	if (!$username) {
66		return false;
67		}
68
69	459	$entity =_elgg_services()->dataCache->usernames->load($username);
70	459	if ($entity instanceof ElggUser) {
71	8	return $entity;
72		}
73
74	459	$users = elgg_get_entities([
75	459	'types' => 'user',
76		'metadata_name_value_pairs' => [
77		[
78	459	'name' => 'username',
79	459	'value' => $username,
80		],
81		],
82	459	'limit' => 1,
83		]);
84
85	459	return $users ? $users[0] : false;
86		}
87
88		/**
89		* Get an array of users from an email address
90		*
91		* @param string $email Email address
92		* @return array
93		*/
94	162	public function getByEmail($email) {
95	162	if (!$email) {
96		return [];
97		}
98
99	162	$users = elgg_get_entities([
100	162	'types' => 'user',
101		'metadata_name_value_pairs' => [
102		[
103	162	'name' => 'email',
104	162	'value' => $email,
105		],
106		],
107	162	'limit' => 1,
108		]);
109
110	162	return $users ? : [];
		0 ignored issues – show Bug Best Practice introduced 2017-11-20 23:56 UTC by Report Bug Copy Issue Report The expression `return $users ?: array()` also could return the type `integer` which is incompatible with the documented return type `array`. Loading history...
111		}
112
113		/**
114		* Return users (or the number of them) who have been active within a recent period.
115		*
116		* @param array $options Array of options with keys:
117		*
118		* seconds (int) => Length of period (default 600 = 10min)
119		* limit (int) => Limit (default 10)
120		* offset (int) => Offset (default 0)
121		* count (bool) => Return a count instead of users? (default false)
122		*
123		* @return \ElggUser[]\|int
124		*/
125	1	public function findActive(array $options = []) {
126
127	1	$options = array_merge([
128	1	'seconds' => 600,
129	1	'limit' => $this->config->default_limit,
130	1	], $options);
131
132		// cast options we're sending to hook
133	1	foreach (['seconds', 'limit', 'offset'] as $key) {
134	1	$options[$key] = (int) $options[$key];
135		}
136	1	$options['count'] = (bool) $options['count'];
137
138		// allow plugins to override
139		$params = [
140	1	'seconds' => $options['seconds'],
141	1	'limit' => $options['limit'],
142	1	'offset' => $options['offset'],
143	1	'count' => $options['count'],
144	1	'options' => $options,
145		];
146	1	$data = _elgg_services()->hooks->trigger('find_active_users', 'system', $params, null);
		0 ignored issues – show Bug introduced 2017-10-16 06:19 UTC by Report Bug Copy Issue Report Are you sure the assignment to `$data` is correct as `_elgg_services()->hooks-...system', $params, null)` targeting `Elgg\PluginHooksService::trigger()` seems to always return null. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
147		// check null because the handler could legitimately return falsey values.
148	1	if ($data !== null) {
149		return $data;
150		}
151
152	1	$time = $this->getCurrentTime()->getTimestamp() - $options['seconds'];
153	1	return elgg_get_entities([
		0 ignored issues – show Bug Best Practice introduced 2017-11-20 23:56 UTC by Report Bug Copy Issue Report The expression `return elgg_get_entities... 'e.last_action desc'))` could also return `false` which is incompatible with the documented return type `ElggUser[]\|integer`. Did you maybe forget to handle an error condition? If the returned type also contains false, it is an indicator that maybe an error condition leading to the specific return statement remains unhandled. Loading history...
154	1	'type' => 'user',
155	1	'limit' => $options['limit'],
156	1	'offset' => $options['offset'],
157	1	'count' => $options['count'],
158	1	'wheres' => ["e.last_action >= {$time}"],
159	1	'order_by' => "e.last_action desc",
160		]);
161		}
162
163		/**
164		* Registers a user, returning false if the username already exists
165		*
166		* @param string $username The username of the new user
167		* @param string $password The password
168		* @param string $name The user's display name
169		* @param string $email The user's email address
170		* @param bool $allow_multiple_emails Allow the same email address to be
171		* registered multiple times?
172		* @param string $subtype Subtype of the user entity
173		*
174		* @return int\|false The new user's GUID; false on failure
175		* @throws RegistrationException
176		*/
177	162	public function register($username, $password, $name, $email, $allow_multiple_emails = false, $subtype = null) {
178
179		// no need to trim password
180	162	$username = trim($username);
181	162	$name = trim(strip_tags($name));
182	162	$email = trim($email);
183
184		// A little sanity checking
185	162	if (empty($username) \|\| empty($password) \|\| empty($name) \|\| empty($email)) {
186		return false;
187		}
188
189		// Make sure a user with conflicting details hasn't registered and been disabled
190	162	$access_status = access_get_show_hidden_status();
191	162	access_show_hidden_entities(true);
192
193	162	if (!validate_email_address($email)) {
194		throw new RegistrationException(_elgg_services()->translator->translate('registration:emailnotvalid'));
195		}
196
197	162	if (!validate_password($password)) {
198		throw new RegistrationException(_elgg_services()->translator->translate('registration:passwordnotvalid'));
199		}
200
201	162	if (!validate_username($username)) {
202		throw new RegistrationException(_elgg_services()->translator->translate('registration:usernamenotvalid'));
203		}
204
205	162	if (get_user_by_username($username)) {
206		throw new RegistrationException(_elgg_services()->translator->translate('registration:userexists'));
207		}
208
209	162	if ((!$allow_multiple_emails) && (get_user_by_email($email))) {
210		throw new RegistrationException(_elgg_services()->translator->translate('registration:dupeemail'));
211		}
212
213	162	access_show_hidden_entities($access_status);
214
215		// Create user
216	162	$constructor = ElggUser::class;
217	162	if (isset($subtype)) {
218	160	$class = elgg_get_entity_class('user', $subtype);
219	160	if ($class && class_exists($class) && is_subclass_of($class, ElggUser::class)) {
220		$constructor = $class;
221		}
222		}
223
224	162	$user = new $constructor();
225	162	if (isset($subtype)) {
226	160	$user->subtype = $subtype;
227		}
228	162	$user->username = $username;
229	162	$user->email = $email;
230	162	$user->name = $name;
231	162	$user->access_id = ACCESS_PUBLIC;
232	162	$user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created.
233	162	$user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created.
234	162	$user->language = _elgg_services()->translator->getCurrentLanguage();
235	162	if ($user->save() === false) {
236		return false;
237		}
238
239		// doing this after save to prevent metadata save notices on unwritable metadata password_hash
240	162	$user->setPassword($password);
241
242		// Turn on email notifications by default
243	162	$user->setNotificationSetting('email', true);
244
245	162	return $user->getGUID();
246		}
247
248		/**
249		* Generates a unique invite code for a user
250		*
251		* @param string $username The username of the user sending the invitation
252		*
253		* @return string Invite code
254		* @see validateInviteCode
255		*/
256		public function generateInviteCode($username) {
257		$time = $this->getCurrentTime()->getTimestamp();
258		return "$time." . _elgg_services()->hmac->getHmac([(int) $time, $username])->getToken();
259		}
260
261		/**
262		* Validate a user's invite code
263		*
264		* @param string $username The username
265		* @param string $code The invite code
266		*
267		* @return bool
268		* @see generateInviteCode
269		*/
270		public function validateInviteCode($username, $code) {
271		// validate the format of the token created by ->generateInviteCode()
272		if (!preg_match('~^(\d+)\.([a-zA-Z0-9\-_]+)$~', $code, $m)) {
273		return false;
274		}
275		$time = $m[1];
276		$mac = $m[2];
277
278		return _elgg_services()->hmac->getHmac([(int) $time, $username])->matchesToken($mac);
279		}
280		}
281

Elgg / Elgg

Push — master ( c0a3a7...3b84a4 )

UsersTable::validateInviteCode() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like