Issues in ThrottlesLogins.php - New Issues - Inspection of "Merge branch 'add-support-for-laravel-7' of https:..." - Laravel-Backpack/CRUD - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 6a87fb...a42a1b )

by Cristian

created 2020-03-04 06:48 UTC

src/app/Library/Auth/ThrottlesLogins.php (1 issue)

Showing only issues like (Show All)

Check for mismatching type of a variable.

Bug Minor

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Backpack\CRUD\app\Library\Auth;

use Illuminate\Auth\Events\Lockout;
use Illuminate\Cache\RateLimiter;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Lang;
use Illuminate\Support\Str;
use Illuminate\Validation\ValidationException;

trait ThrottlesLogins
{
    /**
     * Determine if the user has too many failed login attempts.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return bool
     */
    protected function hasTooManyLoginAttempts(Request $request)
    {
        return $this->limiter()->tooManyAttempts(
            $this->throttleKey($request), $this->maxAttempts()
        );
    }

    /**
     * Increment the login attempts for the user.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return void
     */
    protected function incrementLoginAttempts(Request $request)
    {
        $this->limiter()->hit(
            $this->throttleKey($request), $this->decayMinutes() * 60
        );
    }

    /**
     * Redirect the user after determining they are locked out.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return void
     *
     * @throws \Illuminate\Validation\ValidationException
     */
    protected function sendLockoutResponse(Request $request)
    {
        $seconds = $this->limiter()->availableIn(
            $this->throttleKey($request)
        );

        throw ValidationException::withMessages([
            $this->username() => [Lang::get('auth.throttle', [
                'seconds' => $seconds,
                'minutes' => ceil($seconds / 60),
            ])],
        ])->status(Response::HTTP_TOO_MANY_REQUESTS);
    }

    /**
     * Clear the login locks for the given user credentials.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return void
     */
    protected function clearLoginAttempts(Request $request)
    {
        $this->limiter()->clear($this->throttleKey($request));
    }

    /**
     * Fire an event when a lockout occurs.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return void
     */
    protected function fireLockoutEvent(Request $request)
    {
        event(new Lockout($request));
    }

    /**
     * Get the throttle key for the given request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return string
     */
    protected function throttleKey(Request $request)
    {
        return Str::lower($request->input($this->username())).'|'.$request->ip();

    }

    /**
     * Get the rate limiter instance.
     *
     * @return \Illuminate\Cache\RateLimiter
     */
    protected function limiter()
    {
        return app(RateLimiter::class);
    }

    /**
     * Get the maximum number of attempts to allow.
     *
     * @return int
     */
    public function maxAttempts()
    {
        return property_exists($this, 'maxAttempts') ? $this->maxAttempts : 5;
    }

    /**
     * Get the number of minutes to throttle for.
     *
     * @return int
     */
    public function decayMinutes()
    {
        return property_exists($this, 'decayMinutes') ? $this->decayMinutes : 1;
    }
}


1			<?php
2
3			namespace Backpack\CRUD\app\Library\Auth;
4
5			use Illuminate\Auth\Events\Lockout;
6			use Illuminate\Cache\RateLimiter;
7			use Illuminate\Http\Request;
8			use Illuminate\Http\Response;
9			use Illuminate\Support\Facades\Lang;
10			use Illuminate\Support\Str;
11			use Illuminate\Validation\ValidationException;
12
13			trait ThrottlesLogins
14			{
15			/**
16			* Determine if the user has too many failed login attempts.
17			*
18			* @param \Illuminate\Http\Request $request
19			* @return bool
20			*/
21			protected function hasTooManyLoginAttempts(Request $request)
22			{
23			return $this->limiter()->tooManyAttempts(
24			$this->throttleKey($request), $this->maxAttempts()
25			);
26			}
27
28			/**
29			* Increment the login attempts for the user.
30			*
31			* @param \Illuminate\Http\Request $request
32			* @return void
33			*/
34			protected function incrementLoginAttempts(Request $request)
35			{
36			$this->limiter()->hit(
37			$this->throttleKey($request), $this->decayMinutes() * 60
38			);
39			}
40
41			/**
42			* Redirect the user after determining they are locked out.
43			*
44			* @param \Illuminate\Http\Request $request
45			* @return void
46			*
47			* @throws \Illuminate\Validation\ValidationException
48			*/
49			protected function sendLockoutResponse(Request $request)
50			{
51			$seconds = $this->limiter()->availableIn(
52			$this->throttleKey($request)
53			);
54
55			throw ValidationException::withMessages([
56			$this->username() => [Lang::get('auth.throttle', [
57			'seconds' => $seconds,
58			'minutes' => ceil($seconds / 60),
59			])],
60			])->status(Response::HTTP_TOO_MANY_REQUESTS);
61			}
62
63			/**
64			* Clear the login locks for the given user credentials.
65			*
66			* @param \Illuminate\Http\Request $request
67			* @return void
68			*/
69			protected function clearLoginAttempts(Request $request)
70			{
71			$this->limiter()->clear($this->throttleKey($request));
72			}
73
74			/**
75			* Fire an event when a lockout occurs.
76			*
77			* @param \Illuminate\Http\Request $request
78			* @return void
79			*/
80			protected function fireLockoutEvent(Request $request)
81			{
82			event(new Lockout($request));
83			}
84
85			/**
86			* Get the throttle key for the given request.
87			*
88			* @param \Illuminate\Http\Request $request
89			* @return string
90			*/
91			protected function throttleKey(Request $request)
92			{
93			return Str::lower($request->input($this->username())).'\|'.$request->ip();
			0 ignored issues – show Bug introduced 2020-03-04 06:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$request->input($this->username())` targeting `Illuminate\Http\Concerns...ractsWithInput::input()` can also be of type `array` or `null`; however, `Illuminate\Support\Str::lower()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
94			}
95
96			/**
97			* Get the rate limiter instance.
98			*
99			* @return \Illuminate\Cache\RateLimiter
100			*/
101			protected function limiter()
102			{
103			return app(RateLimiter::class);
104			}
105
106			/**
107			* Get the maximum number of attempts to allow.
108			*
109			* @return int
110			*/
111			public function maxAttempts()
112			{
113			return property_exists($this, 'maxAttempts') ? $this->maxAttempts : 5;
114			}
115
116			/**
117			* Get the number of minutes to throttle for.
118			*
119			* @return int
120			*/
121			public function decayMinutes()
122			{
123			return property_exists($this, 'decayMinutes') ? $this->decayMinutes : 1;
124			}
125			}
126

Scrutinizer GitHub App not installed

Push — master ( 6a87fb...a42a1b )

src/app/Library/Auth/ThrottlesLogins.php (1 issue)

Showing only issues like (Show All)

Introduced By

Upgrade to new PHP Analysis Engine

Laravel-Backpack / CRUD

Scrutinizer GitHub App not installed

Push — master ( 6a87fb...a42a1b )

src/app/Library/Auth/ThrottlesLogins.php (1 issue)

Showing only issues like (Show All)

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like