Issues in SessionSecurityListener.php - All Issues - Inspection of "[AllBundles] Switch from styleci to flintci" - Kunstmaan/KunstmaanBundlesCMS - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — 5.6 (#2830)

by Jeroen

created 2020-11-06 12:16 UTC

EventListener/SessionSecurityListener.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Jeroen Thora 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Kunstmaan\AdminBundle\EventListener;

use Psr\Log\LoggerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\HttpKernelInterface;

class SessionSecurityListener
{
    /**
     * @var LoggerInterface
     */
    private $logger;

    /**
     * @var bool
     */
    private $ipCheck;

    /**
     * @var bool
     */
    private $userAgentCheck;

    /**
     * @var string
     */
    private $ip;

    /**
     * @var string
     */
    private $userAgent;

    /**
     * @param bool $ipCheck
     * @param bool $userAgentCheck
     */
    public function __construct($ipCheck, $userAgentCheck, LoggerInterface $logger)
    {
        $this->ipCheck = $ipCheck;
        $this->userAgentCheck = $userAgentCheck;
        $this->logger = $logger;
    }

    /**
     * @param FilterResponseEvent|ResponseEvent $event
     */
    public function onKernelResponse($event)
    {
        if (!$event instanceof FilterResponseEvent && !$event instanceof ResponseEvent) {

            throw new \InvalidArgumentException(\sprintf('Expected instance of type %s, %s given', \class_exists(ResponseEvent::class) ? ResponseEvent::class : FilterResponseEvent::class, \is_object($event) ? \get_class($event) : \gettype($event)));
        }

        if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
            return;
        }

        // Make sure the ip and user agent is stored in the session
        $request = $event->getRequest();
        if ($request->hasSession() && $request->getSession()->isStarted()) {
            $session = $request->getSession();
            if ($this->ipCheck && !$session->has('kuma_ip')) {
                $session->set('kuma_ip', $this->getIp($request));
            }
            if ($this->userAgentCheck && !$session->has('kuma_ua')) {
                $session->set('kuma_ua', $this->getUserAgent($request));
            }
        }
    }

    public function onKernelRequest(GetResponseEvent $event)
    {
        if (!$event instanceof GetResponseEvent && !$event instanceof ResponseEvent) {

            throw new \InvalidArgumentException(\sprintf('Expected instance of type %s, %s given', \class_exists(ResponseEvent::class) ? ResponseEvent::class : GetResponseEvent::class, \is_object($event) ? \get_class($event) : \gettype($event)));
        }

        if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
            return;
        }

        $request = $event->getRequest();
        if ($request->hasSession() && $request->getSession()->isStarted()) {
            $session = $request->getSession();

            // Check that the ip matches
            if ($this->ipCheck && $session->has('kuma_ip') && $session->get('kuma_ip') != $this->getIp($request)) {
                $this->logger->error(sprintf(
                    "Session ip '%s' does not match with request ip '%s', invalidating the current session",
                    $session->get('kuma_ip'),
                    $this->getIp($request)
                ));
                $this->invalidateSession($session, $request);
            }

            // Check that the user agent matches
            if ($this->userAgentCheck && $session->has('kuma_ua') && $session->get('kuma_ua') != $this->getUserAgent($request)) {
                $this->logger->error(sprintf(
                    "Session user agent '%s' does not match with request user agent '%s', invalidating the current session",
                    $session->get('kuma_ua'),
                    $this->getUserAgent($request)
                ));
                $this->invalidateSession($session, $request);
            }
        }
    }

    private function invalidateSession(SessionInterface $session, Request $request)
    {
        $session->invalidate();
        $session->set('kuma_ip', $this->getIp($request));
        $session->set('kuma_ua', $this->getUserAgent($request));
    }

    /**
     * @return string
     */
    private function getIp(Request $request)
    {
        if (!$this->ip) {
            $forwarded = $request->server->get('HTTP_X_FORWARDED_FOR');
            if (\strlen($forwarded) > 0) {
                $parts = explode(',', $forwarded);
                $parts = array_map('trim', $parts);
                $parts = array_filter($parts);
                if (\count($parts) > 0) {
                    $ip = $parts[0];
                }
            }
            if (empty($ip)) {
                $ip = $request->getClientIp();
            }
            $this->ip = $ip;
        }

        return $this->ip;
    }

    /**
     * @return array|string
     */
    private function getUserAgent(Request $request)
    {
        if (!$this->userAgent) {
            $this->userAgent = $request->headers->get('User-Agent');
        }

        return $this->userAgent;
    }
}


1			<?php
2
3			namespace Kunstmaan\AdminBundle\EventListener;
4
5			use Psr\Log\LoggerInterface;
6			use Symfony\Component\HttpFoundation\Request;
7			use Symfony\Component\HttpFoundation\Session\SessionInterface;
8			use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
9			use Symfony\Component\HttpKernel\Event\GetResponseEvent;
10			use Symfony\Component\HttpKernel\Event\ResponseEvent;
11			use Symfony\Component\HttpKernel\HttpKernelInterface;
12
13			class SessionSecurityListener
14			{
15			/**
16			* @var LoggerInterface
17			*/
18			private $logger;
19
20			/**
21			* @var bool
22			*/
23			private $ipCheck;
24
25			/**
26			* @var bool
27			*/
28			private $userAgentCheck;
29
30			/**
31			* @var string
32			*/
33			private $ip;
34
35			/**
36			* @var string
37			*/
38			private $userAgent;
39
40			/**
41			* @param bool $ipCheck
42			* @param bool $userAgentCheck
43			*/
44	3		public function __construct($ipCheck, $userAgentCheck, LoggerInterface $logger)
45			{
46	3		$this->ipCheck = $ipCheck;
47	3		$this->userAgentCheck = $userAgentCheck;
48	3		$this->logger = $logger;
49	3		}
50
51			/**
52			* @param FilterResponseEvent\|ResponseEvent $event
53			*/
54	2		public function onKernelResponse($event)
55			{
56	2	View Code Duplication	if (!$event instanceof FilterResponseEvent && !$event instanceof ResponseEvent) {
			0 ignored issues – show Duplication introduced 2019-12-06 15:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
57			throw new \InvalidArgumentException(\sprintf('Expected instance of type %s, %s given', \class_exists(ResponseEvent::class) ? ResponseEvent::class : FilterResponseEvent::class, \is_object($event) ? \get_class($event) : \gettype($event)));
58			}
59
60	2		if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
61	1		return;
62			}
63
64			// Make sure the ip and user agent is stored in the session
65	2		$request = $event->getRequest();
66	2		if ($request->hasSession() && $request->getSession()->isStarted()) {
67	2		$session = $request->getSession();
68	2		if ($this->ipCheck && !$session->has('kuma_ip')) {
69	2		$session->set('kuma_ip', $this->getIp($request));
70			}
71	2		if ($this->userAgentCheck && !$session->has('kuma_ua')) {
72	2		$session->set('kuma_ua', $this->getUserAgent($request));
73			}
74			}
75	2		}
76
77	1		public function onKernelRequest(GetResponseEvent $event)
78			{
79	1	View Code Duplication	if (!$event instanceof GetResponseEvent && !$event instanceof ResponseEvent) {
			0 ignored issues – show Duplication introduced 2019-12-06 15:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
80			throw new \InvalidArgumentException(\sprintf('Expected instance of type %s, %s given', \class_exists(ResponseEvent::class) ? ResponseEvent::class : GetResponseEvent::class, \is_object($event) ? \get_class($event) : \gettype($event)));
81			}
82
83	1		if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
84	1		return;
85			}
86
87	1		$request = $event->getRequest();
88	1		if ($request->hasSession() && $request->getSession()->isStarted()) {
89	1		$session = $request->getSession();
90
91			// Check that the ip matches
92	1	View Code Duplication	if ($this->ipCheck && $session->has('kuma_ip') && $session->get('kuma_ip') != $this->getIp($request)) {
93	1		$this->logger->error(sprintf(
94	1		"Session ip '%s' does not match with request ip '%s', invalidating the current session",
95	1		$session->get('kuma_ip'),
96	1		$this->getIp($request)
97			));
98	1		$this->invalidateSession($session, $request);
99			}
100
101			// Check that the user agent matches
102	1	View Code Duplication	if ($this->userAgentCheck && $session->has('kuma_ua') && $session->get('kuma_ua') != $this->getUserAgent($request)) {
103	1		$this->logger->error(sprintf(
104	1		"Session user agent '%s' does not match with request user agent '%s', invalidating the current session",
105	1		$session->get('kuma_ua'),
106	1		$this->getUserAgent($request)
107			));
108	1		$this->invalidateSession($session, $request);
109			}
110			}
111	1		}
112
113	1		private function invalidateSession(SessionInterface $session, Request $request)
114			{
115	1		$session->invalidate();
116	1		$session->set('kuma_ip', $this->getIp($request));
117	1		$session->set('kuma_ua', $this->getUserAgent($request));
118	1		}
119
120			/**
121			* @return string
122			*/
123	3		private function getIp(Request $request)
124			{
125	3		if (!$this->ip) {
126	3		$forwarded = $request->server->get('HTTP_X_FORWARDED_FOR');
127	3		if (\strlen($forwarded) > 0) {
128	2		$parts = explode(',', $forwarded);
129	2		$parts = array_map('trim', $parts);
130	2		$parts = array_filter($parts);
131	2		if (\count($parts) > 0) {
132	2		$ip = $parts[0];
133			}
134			}
135	3		if (empty($ip)) {
136	1		$ip = $request->getClientIp();
137			}
138	3		$this->ip = $ip;
139			}
140
141	3		return $this->ip;
142			}
143
144			/**
145			* @return array\|string
146			*/
147	3		private function getUserAgent(Request $request)
148			{
149	3		if (!$this->userAgent) {
150	3		$this->userAgent = $request->headers->get('User-Agent');
151			}
152
153	3		return $this->userAgent;
154			}
155			}
156

Kunstmaan / KunstmaanBundlesCMS

Pull Request — 5.6 (#2830)

EventListener/SessionSecurityListener.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like