We could not synchronize checks via GitHub's checks API since Scrutinizer's GitHub App is not installed for this repository.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Backpack\CRUD\app\Library\Auth; |
||
4 | |||
5 | use Illuminate\Auth\Events\Lockout; |
||
6 | use Illuminate\Cache\RateLimiter; |
||
7 | use Illuminate\Http\Request; |
||
8 | use Illuminate\Http\Response; |
||
9 | use Illuminate\Support\Facades\Lang; |
||
10 | use Illuminate\Support\Str; |
||
11 | use Illuminate\Validation\ValidationException; |
||
12 | |||
13 | trait ThrottlesLogins |
||
14 | { |
||
15 | /** |
||
16 | * Determine if the user has too many failed login attempts. |
||
17 | * |
||
18 | * @param \Illuminate\Http\Request $request |
||
19 | * @return bool |
||
20 | */ |
||
21 | protected function hasTooManyLoginAttempts(Request $request) |
||
22 | { |
||
23 | return $this->limiter()->tooManyAttempts( |
||
24 | $this->throttleKey($request), $this->maxAttempts() |
||
25 | ); |
||
26 | } |
||
27 | |||
28 | /** |
||
29 | * Increment the login attempts for the user. |
||
30 | * |
||
31 | * @param \Illuminate\Http\Request $request |
||
32 | * @return void |
||
33 | */ |
||
34 | protected function incrementLoginAttempts(Request $request) |
||
35 | { |
||
36 | $this->limiter()->hit( |
||
37 | $this->throttleKey($request), $this->decayMinutes() * 60 |
||
38 | ); |
||
39 | } |
||
40 | |||
41 | /** |
||
42 | * Redirect the user after determining they are locked out. |
||
43 | * |
||
44 | * @param \Illuminate\Http\Request $request |
||
45 | * @return void |
||
0 ignored issues
–
show
|
|||
46 | * |
||
47 | * @throws \Illuminate\Validation\ValidationException |
||
48 | */ |
||
49 | protected function sendLockoutResponse(Request $request) |
||
50 | { |
||
51 | $seconds = $this->limiter()->availableIn( |
||
52 | $this->throttleKey($request) |
||
53 | ); |
||
54 | |||
55 | throw ValidationException::withMessages([ |
||
56 | $this->username() => [Lang::get('auth.throttle', [ |
||
0 ignored issues
–
show
It seems like
username() must be provided by classes using this trait. How about adding it as abstract method to this trait?
This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable {
public function equalIds(Idable $other) {
return $this->getId() === $other->getId();
}
}
The trait Adding the
Loading history...
|
|||
57 | 'seconds' => $seconds, |
||
58 | 'minutes' => ceil($seconds / 60), |
||
59 | ])], |
||
60 | ])->status(Response::HTTP_TOO_MANY_REQUESTS); |
||
61 | } |
||
62 | |||
63 | /** |
||
64 | * Clear the login locks for the given user credentials. |
||
65 | * |
||
66 | * @param \Illuminate\Http\Request $request |
||
67 | * @return void |
||
68 | */ |
||
69 | protected function clearLoginAttempts(Request $request) |
||
70 | { |
||
71 | $this->limiter()->clear($this->throttleKey($request)); |
||
72 | } |
||
73 | |||
74 | /** |
||
75 | * Fire an event when a lockout occurs. |
||
76 | * |
||
77 | * @param \Illuminate\Http\Request $request |
||
78 | * @return void |
||
79 | */ |
||
80 | protected function fireLockoutEvent(Request $request) |
||
81 | { |
||
82 | event(new Lockout($request)); |
||
83 | } |
||
84 | |||
85 | /** |
||
86 | * Get the throttle key for the given request. |
||
87 | * |
||
88 | * @param \Illuminate\Http\Request $request |
||
89 | * @return string |
||
90 | */ |
||
91 | protected function throttleKey(Request $request) |
||
92 | { |
||
93 | return Str::lower($request->input($this->username())).'|'.$request->ip(); |
||
0 ignored issues
–
show
It seems like
username() must be provided by classes using this trait. How about adding it as abstract method to this trait?
This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable {
public function equalIds(Idable $other) {
return $this->getId() === $other->getId();
}
}
The trait Adding the
Loading history...
It seems like
$request->input($this->username()) targeting Illuminate\Http\Concerns...ractsWithInput::input() can also be of type array or null ; however, Illuminate\Support\Str::lower() does only seem to accept string , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
94 | } |
||
95 | |||
96 | /** |
||
97 | * Get the rate limiter instance. |
||
98 | * |
||
99 | * @return \Illuminate\Cache\RateLimiter |
||
100 | */ |
||
101 | protected function limiter() |
||
102 | { |
||
103 | return app(RateLimiter::class); |
||
104 | } |
||
105 | |||
106 | /** |
||
107 | * Get the maximum number of attempts to allow. |
||
108 | * |
||
109 | * @return int |
||
110 | */ |
||
111 | public function maxAttempts() |
||
112 | { |
||
113 | return property_exists($this, 'maxAttempts') ? $this->maxAttempts : 5; |
||
0 ignored issues
–
show
The property
maxAttempts does not exist. Did you maybe forget to declare it?
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { }
$x = new MyClass();
$x->foo = true;
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass {
public $foo;
}
$x = new MyClass();
$x->foo = true;
Loading history...
|
|||
114 | } |
||
115 | |||
116 | /** |
||
117 | * Get the number of minutes to throttle for. |
||
118 | * |
||
119 | * @return int |
||
120 | */ |
||
121 | public function decayMinutes() |
||
122 | { |
||
123 | return property_exists($this, 'decayMinutes') ? $this->decayMinutes : 1; |
||
0 ignored issues
–
show
The property
decayMinutes does not exist. Did you maybe forget to declare it?
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { }
$x = new MyClass();
$x->foo = true;
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass {
public $foo;
}
$x = new MyClass();
$x->foo = true;
Loading history...
|
|||
124 | } |
||
125 | } |
||
126 |
This check looks for the generic type
array
as a return type and suggests a more specific type. This type is inferred from the actual code.