Firesphere\BootstrapMFA\Authenticators\BootstrapMFAAuthenticator::validateBackupCode()

Complexity

Conditions	8
Paths	12

Size

Total Lines	40
Code Lines	21

Duplication

Lines	0
Ratio	0 %

Importance

Changes

0

<?php
    public function validateBackupCode($member, $token, &$result = null)
    {
        if (!$result) {
            $result = new ValidationResult();
        }
        $hashingMethod = Security::config()->get('password_encryption_algorithm');
        $token = Security::encrypt_password($token, $member->BackupSalt, $hashingMethod);

        /** @var BootstrapMFAProvider $provider */
        $provider = Injector::inst()->get(BootstrapMFAProvider::class);
        $provider->setMember($member);

It seems like $member can also be of type Firesphere\BootstrapMFA\Extensions\MemberExtension; however, parameter $member of Firesphere\BootstrapMFA\Providers\BootstrapMFAProvider::setMember() does only seem to accept SilverStripe\Security\Member, maybe add an additional type check?

        /** @var DataList|BackupCode[] $backupCodes */
        $backupCodes = $provider->fetchToken($token);

$token of type array<string,SilverStripe\Security\PasswordEncryptor|mixed|string> is incompatible with the type string expected by parameter $token of Firesphere\BootstrapMFA\Providers\BootstrapMFAProvider::fetchToken().

        // Stub, as the ValidationResult so far _could_ be valid, e.g. when not passed in
        $valid = false;
        foreach ($backupCodes as $backupCode) {
            /** @noinspection NotOptimalIfConditionsInspection */
            if ($backupCode &&
                $backupCode->exists() &&
                hash_equals($backupCode->Code, $token['password']) &&
                !$backupCode->Used
            ) {
                $backupCode->expire();
                // Reset the subclass authenticator results
                $result = ValidationResult::create();

                $valid = true;
            }
        }

        if ($valid) {
            return $member;

The expression return $member also could return the type Firesphere\BootstrapMFA\Extensions\MemberExtension which is incompatible with the documented return type SilverStripe\Security\Member|boolean.

        }

        $member->registerFailedLogin();

The method registerFailedLogin() does not exist on Firesphere\BootstrapMFA\Extensions\MemberExtension.

        $result->addError(_t(self::class . '.INVALIDTOKEN', 'Invalid token'));

        return false;
    }