Google2FA - Code Metrics - Inspection of "Update composer." - JC5/google2fa-laravel - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( c0d893...b5b87f )

by James

created 2020-07-28 18:28 UTC

Google2FA A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	308
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	13

Test Coverage

Coverage

73.79%

Importance

Changes

Metric	Value
wmc	38
lcom	1
cbo	13
dl	0
loc	308
ccs	76
cts	103
cp	0.7379
rs	9.36
c	0
b	0
f	0

21 Methods

Rating	Name	Size	Complexity
A	__construct()	6	1
A	boot()	6	1
A	getQRCodeBackend()	5	2
A	getGoogle2FASecretKey()	4	1
A	isActivated()	6	2
A	storeOldTimestamp()	6	2
A	getOldTimestamp()	6	2
A	keepAlive()	6	2
A	minutesSinceLastActivity()	6	1
A	noUserIsAuthenticated()	4	1
A	passwordExpired()	14	3
A	twoFactorAuthStillValid()	6	2
A	isEnabled()	4	1
A	login()	7	1
A	logout()	8	1
A	updateCurrentAuthTime()	4	1
A	verifyGoogle2FA()	10	2
A	verifyAndStoreOneTimePassword()	9	1
B	generateCookieToken()	35	6
A	setQrCodeBackend()	6	1
A	constructBackend()	17	4

<?php

declare(strict_types=1);

namespace PragmaRX\Google2FALaravel;

use Carbon\Carbon;
use Illuminate\Database\QueryException;
use Illuminate\Http\Request as IlluminateRequest;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Str;
use PragmaRX\Google2FALaravel\Events\LoggedOut;
use PragmaRX\Google2FALaravel\Events\OneTimePasswordExpired;
use PragmaRX\Google2FALaravel\Exceptions\InvalidSecretKey;
use PragmaRX\Google2FALaravel\Support\Auth;
use PragmaRX\Google2FALaravel\Support\Config;
use PragmaRX\Google2FALaravel\Support\Constants;
use PragmaRX\Google2FALaravel\Support\Request;
use PragmaRX\Google2FALaravel\Support\Session;
use PragmaRX\Google2FAQRCode\Google2FA as Google2FAService;

/**
 * Class Google2FA
 */
class Google2FA extends Google2FAService
{
    use Auth, Config, Request, Session;

    protected $qrCodeBackend;

    /**
     * Construct the correct backend.
     */
    protected function constructBackend(): void
    {
        switch ($this->getQRCodeBackend()) {
            case Constants::QRCODE_IMAGE_BACKEND_SVG:
                parent::__construct(new \BaconQrCode\Renderer\Image\SvgImageBackEnd());
                break;

            case Constants::QRCODE_IMAGE_BACKEND_EPS:
                parent::__construct(new \BaconQrCode\Renderer\Image\EpsImageBackEnd());
                break;

            case Constants::QRCODE_IMAGE_BACKEND_IMAGEMAGICK:
            default:
                parent::__construct();
                break;
        }
    }

    /**
     * Set the QRCode Backend.
     *
     * @param string $qrCodeBackend
     *
     * @return self
     */
    public function setQrCodeBackend(string $qrCodeBackend)
    {
        $this->qrCodeBackend = $qrCodeBackend;

        return $this;
    }

    /**
     * Authenticator constructor.
     *
     * @param IlluminateRequest $request
     */
    public function __construct(IlluminateRequest $request)
    {
        $this->boot($request);

        $this->constructBackend();
    }

    /**
     * Authenticator boot.
     *
     * @param $request
     *
     * @return Google2FA
     */
    public function boot($request)
    {
        $this->setRequest($request);

        return $this;
    }

    /**
     * The QRCode Backend.
     *
     * @return mixed
     */
    public function getQRCodeBackend()
    {
        return $this->qrCodeBackend
            ?: $this->config('qrcode_image_backend', Constants::QRCODE_IMAGE_BACKEND_IMAGEMAGICK);
    }

    /**
     * Get the user Google2FA secret.
     *
     * @throws InvalidSecretKey
     *
     * @return mixed
     */
    protected function getGoogle2FASecretKey()
    {
        return $this->getUser()->{$this->config('otp_secret_column')};
    }

    /**
     * Check if the 2FA is activated for the user.
     *
     * @return bool
     */
    public function isActivated()
    {
        $secret = $this->getGoogle2FASecretKey();

        return !is_null($secret) && !empty($secret);
    }

    /**
     * Store the old OTP timestamp.
     *
     * @param $key
     *
     * @return mixed
     */
    protected function storeOldTimestamp($key)
    {
        return $this->config('forbid_old_passwords') === true
            ? $this->sessionPut(Constants::SESSION_OTP_TIMESTAMP, $key)
            : $key;
    }

    /**
     * Get the previous OTP timestamp.
     *
     * @return null|mixed
     */
    protected function getOldTimestamp()
    {
        return $this->config('forbid_old_passwords') === true
            ? $this->sessionGet(Constants::SESSION_OTP_TIMESTAMP)
            : null;
    }

    /**
     * Keep this OTP session alive.
     */
    protected function keepAlive()
    {
        if ($this->config('keep_alive')) {
            $this->updateCurrentAuthTime();
        }
    }

    /**
     * Get minutes since last activity.
     *
     * @return int
     */
    protected function minutesSinceLastActivity()
    {
        return Carbon::now()->diffInMinutes(
            $this->sessionGet(Constants::SESSION_AUTH_TIME)
        );
    }

    /**
     * Check if no user is authenticated using OTP.
     *
     * @return bool
     */
    protected function noUserIsAuthenticated()
    {
        return is_null($this->getUser());
    }

    /**
     * Check if OTP has expired.
     *
     * @return bool
     */
    protected function passwordExpired()
    {
        if (($minutes = $this->config('lifetime')) !== 0 && $this->minutesSinceLastActivity() > $minutes) {
            event(new OneTimePasswordExpired($this->getUser()));

            $this->logout();

            return true;
        }

        $this->keepAlive();

        return false;
    }

    /**
     * Verifies, in the current session, if a 2fa check has already passed.
     *
     * @return bool
     */
    protected function twoFactorAuthStillValid()
    {
        return
            (bool) $this->sessionGet(Constants::SESSION_AUTH_PASSED, false) &&
            !$this->passwordExpired();
    }

    /**
     * Check if the module is enabled.
     *
     * @return mixed
     */
    protected function isEnabled()
    {
        return $this->config('enabled');
    }

    /**
     * Set current auth as valid.
     */
    public function login()
    {
        $this->sessionPut(Constants::SESSION_AUTH_PASSED, true);
        $this->updateCurrentAuthTime();
        $this->generateCookieToken();

    }

    /**
     * OTP logout.
     */
    public function logout()
    {
        $user = $this->getUser();

        $this->sessionForget();

        event(new LoggedOut($user));
    }

    /**
     * Update the current auth time.
     */
    protected function updateCurrentAuthTime()
    {
        $this->sessionPut(Constants::SESSION_AUTH_TIME, Carbon::now()->toIso8601String());
    }

    /**
     * Verify the OTP.
     *
     * @param $secret
     * @param $one_time_password
     *
     * @return mixed
     */
    public function verifyGoogle2FA($secret, $one_time_password)
    {
        return $this->verifyKey(
                $secret,
                $one_time_password,
                $this->config('window'),
                null, // $timestamp
                $this->getOldTimestamp() ?: null
        );
    }

    /**
     * Verify the OTP and store the timestamp.
     *
     * @param $one_time_password
     *
     * @return mixed
     */
    protected function verifyAndStoreOneTimePassword($one_time_password)
    {
        return $this->storeOldTimeStamp(
            $this->verifyGoogle2FA(
                $this->getGoogle2FASecretKey(),
                $one_time_password
            )
        );
    }

    /**
     * Generate token, store in session.
     */
    private function generateCookieToken(): void
    {
        if (true === $this->config('store_in_cookie')) {
            // generate token and store in DB.
            // loop to prevent duplicates (you never know)
            $loops  = 0;
            $token  = null;
            $unique = false;
            $user   = $this->getUser();
            $expire = time() + (int)$this->config('cookie_lifetime');
            while ($loops < 10 && false === $unique) {
                $token = Str::random(64);
                try {
                    // store token in DB
                    DB::table('2fa_tokens')->insert(
                        [
                            'user_id'    => $user->id,
                            'expires_at' => date('Y-m-d H:i:s', $expire),
                            'token'      => $token,
                        ]
                    );
                } catch (QueryException $e) {
                    // token exists or DB error. Try again.
                    $loops++;
                    continue;
                }
                // break loop.
                $loops  = 20;
                $unique = true;
            }
            if (null !== $token) {
                $this->sessionPut(Constants::SESSION_TOKEN, $token);
            }
        }
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace PragmaRX\Google2FALaravel;
6
7		use Carbon\Carbon;
8		use Illuminate\Database\QueryException;
9		use Illuminate\Http\Request as IlluminateRequest;
10		use Illuminate\Support\Facades\DB;
11		use Illuminate\Support\Str;
12		use PragmaRX\Google2FALaravel\Events\LoggedOut;
13		use PragmaRX\Google2FALaravel\Events\OneTimePasswordExpired;
14		use PragmaRX\Google2FALaravel\Exceptions\InvalidSecretKey;
15		use PragmaRX\Google2FALaravel\Support\Auth;
16		use PragmaRX\Google2FALaravel\Support\Config;
17		use PragmaRX\Google2FALaravel\Support\Constants;
18		use PragmaRX\Google2FALaravel\Support\Request;
19		use PragmaRX\Google2FALaravel\Support\Session;
20		use PragmaRX\Google2FAQRCode\Google2FA as Google2FAService;
21
22		/**
23		* Class Google2FA
24		*/
25		class Google2FA extends Google2FAService
26		{
27		use Auth, Config, Request, Session;
28
29		protected $qrCodeBackend;
30
31		/**
32		* Construct the correct backend.
33		*/
34	12	protected function constructBackend(): void
35		{
36	12	switch ($this->getQRCodeBackend()) {
37	12	case Constants::QRCODE_IMAGE_BACKEND_SVG:
38	12	parent::__construct(new \BaconQrCode\Renderer\Image\SvgImageBackEnd());
39	12	break;
40
41		case Constants::QRCODE_IMAGE_BACKEND_EPS:
42		parent::__construct(new \BaconQrCode\Renderer\Image\EpsImageBackEnd());
43		break;
44
45		case Constants::QRCODE_IMAGE_BACKEND_IMAGEMAGICK:
46		default:
47		parent::__construct();
48		break;
49		}
50	12	}
51
52		/**
53		* Set the QRCode Backend.
54		*
55		* @param string $qrCodeBackend
56		*
57		* @return self
58		*/
59		public function setQrCodeBackend(string $qrCodeBackend)
60		{
61		$this->qrCodeBackend = $qrCodeBackend;
62
63		return $this;
64		}
65
66		/**
67		* Authenticator constructor.
68		*
69		* @param IlluminateRequest $request
70		*/
71	12	public function __construct(IlluminateRequest $request)
72		{
73	12	$this->boot($request);
74
75	12	$this->constructBackend();
76	12	}
77
78		/**
79		* Authenticator boot.
80		*
81		* @param $request
82		*
83		* @return Google2FA
84		*/
85	12	public function boot($request)
86		{
87	12	$this->setRequest($request);
88
89	12	return $this;
90		}
91
92		/**
93		* The QRCode Backend.
94		*
95		* @return mixed
96		*/
97	12	public function getQRCodeBackend()
98		{
99	12	return $this->qrCodeBackend
100	12	?: $this->config('qrcode_image_backend', Constants::QRCODE_IMAGE_BACKEND_IMAGEMAGICK);
101		}
102
103		/**
104		* Get the user Google2FA secret.
105		*
106		* @throws InvalidSecretKey
107		*
108		* @return mixed
109		*/
110	8	protected function getGoogle2FASecretKey()
111		{
112	8	return $this->getUser()->{$this->config('otp_secret_column')};
113		}
114
115		/**
116		* Check if the 2FA is activated for the user.
117		*
118		* @return bool
119		*/
120	8	public function isActivated()
121		{
122	8	$secret = $this->getGoogle2FASecretKey();
123
124	8	return !is_null($secret) && !empty($secret);
125		}
126
127		/**
128		* Store the old OTP timestamp.
129		*
130		* @param $key
131		*
132		* @return mixed
133		*/
134	5	protected function storeOldTimestamp($key)
135		{
136	5	return $this->config('forbid_old_passwords') === true
137	1	? $this->sessionPut(Constants::SESSION_OTP_TIMESTAMP, $key)
138	5	: $key;
139		}
140
141		/**
142		* Get the previous OTP timestamp.
143		*
144		* @return null\|mixed
145		*/
146	6	protected function getOldTimestamp()
147		{
148	6	return $this->config('forbid_old_passwords') === true
149	1	? $this->sessionGet(Constants::SESSION_OTP_TIMESTAMP)
150	6	: null;
151		}
152
153		/**
154		* Keep this OTP session alive.
155		*/
156	4	protected function keepAlive()
157		{
158	4	if ($this->config('keep_alive')) {
159	4	$this->updateCurrentAuthTime();
160		}
161	4	}
162
163		/**
164		* Get minutes since last activity.
165		*
166		* @return int
167		*/
168	1	protected function minutesSinceLastActivity()
169		{
170	1	return Carbon::now()->diffInMinutes(
171	1	$this->sessionGet(Constants::SESSION_AUTH_TIME)
172		);
173		}
174
175		/**
176		* Check if no user is authenticated using OTP.
177		*
178		* @return bool
179		*/
180	7	protected function noUserIsAuthenticated()
181		{
182	7	return is_null($this->getUser());
183		}
184
185		/**
186		* Check if OTP has expired.
187		*
188		* @return bool
189		*/
190	4	protected function passwordExpired()
191		{
192	4	if (($minutes = $this->config('lifetime')) !== 0 && $this->minutesSinceLastActivity() > $minutes) {
193	1	event(new OneTimePasswordExpired($this->getUser()));
194
195	1	$this->logout();
196
197	1	return true;
198		}
199
200	4	$this->keepAlive();
201
202	4	return false;
203		}
204
205		/**
206		* Verifies, in the current session, if a 2fa check has already passed.
207		*
208		* @return bool
209		*/
210	7	protected function twoFactorAuthStillValid()
211		{
212		return
213	7	(bool) $this->sessionGet(Constants::SESSION_AUTH_PASSED, false) &&
214	7	!$this->passwordExpired();
215		}
216
217		/**
218		* Check if the module is enabled.
219		*
220		* @return mixed
221		*/
222	7	protected function isEnabled()
223		{
224	7	return $this->config('enabled');
225		}
226
227		/**
228		* Set current auth as valid.
229		*/
230	5	public function login()
231		{
232	5	$this->sessionPut(Constants::SESSION_AUTH_PASSED, true);
233	5	$this->updateCurrentAuthTime();
234	5	$this->generateCookieToken();
235
236	5	}
237
238		/**
239		* OTP logout.
240		*/
241	3	public function logout()
242		{
243	3	$user = $this->getUser();
244
245	3	$this->sessionForget();
246
247	3	event(new LoggedOut($user));
248	3	}
249
250		/**
251		* Update the current auth time.
252		*/
253	5	protected function updateCurrentAuthTime()
254		{
255	5	$this->sessionPut(Constants::SESSION_AUTH_TIME, Carbon::now()->toIso8601String());
256	5	}
257
258		/**
259		* Verify the OTP.
260		*
261		* @param $secret
262		* @param $one_time_password
263		*
264		* @return mixed
265		*/
266	6	public function verifyGoogle2FA($secret, $one_time_password)
267		{
268	6	return $this->verifyKey(
269	6	$secret,
270		$one_time_password,
271	6	$this->config('window'),
272	6	null, // $timestamp
273	6	$this->getOldTimestamp() ?: null
274		);
275		}
276
277		/**
278		* Verify the OTP and store the timestamp.
279		*
280		* @param $one_time_password
281		*
282		* @return mixed
283		*/
284	5	protected function verifyAndStoreOneTimePassword($one_time_password)
285		{
286	5	return $this->storeOldTimeStamp(
287	5	$this->verifyGoogle2FA(
288	5	$this->getGoogle2FASecretKey(),
289		$one_time_password
290		)
291		);
292		}
293
294		/**
295		* Generate token, store in session.
296		*/
297	5	private function generateCookieToken(): void
298		{
299	5	if (true === $this->config('store_in_cookie')) {
300		// generate token and store in DB.
301		// loop to prevent duplicates (you never know)
302		$loops = 0;
303		$token = null;
304		$unique = false;
305		$user = $this->getUser();
306		$expire = time() + (int)$this->config('cookie_lifetime');
307		while ($loops < 10 && false === $unique) {
308		$token = Str::random(64);
309		try {
310		// store token in DB
311		DB::table('2fa_tokens')->insert(
312		[
313		'user_id' => $user->id,
314		'expires_at' => date('Y-m-d H:i:s', $expire),
315		'token' => $token,
316		]
317		);
318		} catch (QueryException $e) {
319		// token exists or DB error. Try again.
320		$loops++;
321		continue;
322		}
323		// break loop.
324		$loops = 20;
325		$unique = true;
326		}
327		if (null !== $token) {
328		$this->sessionPut(Constants::SESSION_TOKEN, $token);
329		}
330		}
331	5	}
332		}
333

JC5 / google2fa-laravel

GitHub Access Token became invalid

Push — master ( c0d893...b5b87f )

Google2FA A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

21 Methods

Duplication Side-by-Side

Filter issues like