WebDAVAuthentication::getPassword() - Code Metrics - Enalean/tuleap - Measure and Improve Code Quality continuously with Scrutinizer

WebDAVAuthentication::getPassword() A
last analyzed 2016-01-22 17:23 UTC

↳ Parent: WebDAVAuthentication

Complexity

Conditions	1
Paths	1

Size

Total Lines	5
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Metric	Value
dl	0
loc	5
rs	9.4285
cc	1
eloc	2
nc	1
nop	0

<?php
/**
 * Copyright (c) Enalean SAS, 2015. All Rights Reserved.
 * Copyright (c) STMicroelectronics, 2010. All Rights Reserved.
 *
 * This file is a part of Tuleap.
 *
 * Tuleap is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Tuleap is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Tuleap. If not, see <http://www.gnu.org/licenses/>.
 */

/**
 * Class of authentication
 */
class WebDAVAuthentication {

    /**
     * Authentication method
     *
     * Returns the authenticated user
     *
     * @return PFUser
     */
    function authenticate() {

        // test if username field is empty
        if (!$this->issetUsername()) {
            $this->setHeader();
        } else {
            $username = $this->getUsername();
            $password = $this->getPassword();
            $user = $this->getUser($username, $password);
            // Ask again for authentication if the user entered a wrong username or password
            // if fields are left blank the user is considered as anonymous unless Tuleap don't accept anonymous access
            if ($user->isAnonymous() && ($username || $password || ! ForgeConfig::areAnonymousAllowed())) {
                $this->setHeader();
            } else {
                return $user;
            }
        }
    }

    /**
     * Returns whether the username field is empty or not
     *
     * @return Boolean
     */
    function issetUsername() {

        return isset($_SERVER['PHP_AUTH_USER']);

    }

    /**
     * Sets the authentication header
     *
     * @return void
     */
    function setHeader() {

        header('WWW-Authenticate: Basic realm="'.$GLOBALS['sys_name'].' WebDAV Authentication"');
        header('HTTP/1.0 401 Unauthorized');

        // text returned when user hit cancel
        echo $GLOBALS['Language']->getText('plugin_webdav_common', 'authentication_required');

        // The HTTP_BasicAuth (and digest) will return a 401 statuscode.
        // If there is no die() after that, the server will just do it's thing as usual
        // and override it with it's own statuscode (200, 404, 207, 201, or whatever was appropriate).
        // So the die() actually makes sure that the php script doesn't continue if the client
        // has an incorrect or no username and password.
        die();


    }

    /**
     * Returns the content of username field
     *
     * @return String
     */
    function getUsername() {

        return $_SERVER['PHP_AUTH_USER'];

    }

    /**
     * Returns the content of password field
     *
     * @return String
     */
    function getPassword() {

        return $_SERVER['PHP_AUTH_PW'];

    }

    /**
     * Returns the authenticated user or anonymous user
     *
     * @param String $username
     *
     * @param String $password
     *
     * @return PFUser
     */
    function getUser($username, $password) {

        return UserManager::instance()->login($username, $password);

    }

}

?>


1			<?php
2			/**
3			* Copyright (c) Enalean SAS, 2015. All Rights Reserved.
4			* Copyright (c) STMicroelectronics, 2010. All Rights Reserved.
5			*
6			* This file is a part of Tuleap.
7			*
8			* Tuleap is free software; you can redistribute it and/or modify
9			* it under the terms of the GNU General Public License as published by
10			* the Free Software Foundation; either version 2 of the License, or
11			* (at your option) any later version.
12			*
13			* Tuleap is distributed in the hope that it will be useful,
14			* but WITHOUT ANY WARRANTY; without even the implied warranty of
15			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16			* GNU General Public License for more details.
17			*
18			* You should have received a copy of the GNU General Public License
19			* along with Tuleap. If not, see <http://www.gnu.org/licenses/>.
20			*/
21
22			/**
23			* Class of authentication
24			*/
25			class WebDAVAuthentication {
26
27			/**
28			* Authentication method
29			*
30			* Returns the authenticated user
31			*
32			* @return PFUser
33			*/
34			function authenticate() {
35
36			// test if username field is empty
37			if (!$this->issetUsername()) {
38			$this->setHeader();
39			} else {
40			$username = $this->getUsername();
41			$password = $this->getPassword();
42			$user = $this->getUser($username, $password);
43			// Ask again for authentication if the user entered a wrong username or password
44			// if fields are left blank the user is considered as anonymous unless Tuleap don't accept anonymous access
45			if ($user->isAnonymous() && ($username \|\| $password \|\| ! ForgeConfig::areAnonymousAllowed())) {
46			$this->setHeader();
47			} else {
48			return $user;
49			}
50			}
51			}
52
53			/**
54			* Returns whether the username field is empty or not
55			*
56			* @return Boolean
57			*/
58			function issetUsername() {
59
60			return isset($_SERVER['PHP_AUTH_USER']);
61
62			}
63
64			/**
65			* Sets the authentication header
66			*
67			* @return void
68			*/
69			function setHeader() {
70
71			header('WWW-Authenticate: Basic realm="'.$GLOBALS['sys_name'].' WebDAV Authentication"');
72			header('HTTP/1.0 401 Unauthorized');
73
74			// text returned when user hit cancel
75			echo $GLOBALS['Language']->getText('plugin_webdav_common', 'authentication_required');
76
77			// The HTTP_BasicAuth (and digest) will return a 401 statuscode.
78			// If there is no die() after that, the server will just do it's thing as usual
79			// and override it with it's own statuscode (200, 404, 207, 201, or whatever was appropriate).
80			// So the die() actually makes sure that the php script doesn't continue if the client
81			// has an incorrect or no username and password.
82			die();
			0 ignored issues – show Coding Style Compatibility introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report The method `setHeader()` contains an exit expression. An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an `exit` expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage. Loading history...
83
84			}
85
86			/**
87			* Returns the content of username field
88			*
89			* @return String
90			*/
91			function getUsername() {
92
93			return $_SERVER['PHP_AUTH_USER'];
94
95			}
96
97			/**
98			* Returns the content of password field
99			*
100			* @return String
101			*/
102			function getPassword() {
103
104			return $_SERVER['PHP_AUTH_PW'];
105
106			}
107
108			/**
109			* Returns the authenticated user or anonymous user
110			*
111			* @param String $username
112			*
113			* @param String $password
114			*
115			* @return PFUser
116			*/
117			function getUser($username, $password) {
118
119			return UserManager::instance()->login($username, $password);
120
121			}
122
123			}
124
125			?>
126

Enalean / tuleap

GitHub Access Token became invalid

WebDAVAuthentication::getPassword() A last analyzed 2016-01-22 17:23 UTC

Complexity

Size

Duplication

Duplication Side-by-Side

Filter issues like

WebDAVAuthentication::getPassword() A
last analyzed 2016-01-22 17:23 UTC