Issues in ThrottlesLogins.php - New Issues - Inspection of "Merge branch 'add-support-for-laravel-7' of https:..." - Laravel-Backpack/CRUD - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 6a87fb...a42a1b )

by Cristian

created 2020-03-04 06:48 UTC

src/app/Library/Auth/ThrottlesLogins.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Backpack\CRUD\app\Library\Auth;

use Illuminate\Auth\Events\Lockout;
use Illuminate\Cache\RateLimiter;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Lang;
use Illuminate\Support\Str;
use Illuminate\Validation\ValidationException;

trait ThrottlesLogins
{
    /**
     * Determine if the user has too many failed login attempts.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return bool
     */
    protected function hasTooManyLoginAttempts(Request $request)
    {
        return $this->limiter()->tooManyAttempts(
            $this->throttleKey($request), $this->maxAttempts()
        );
    }

    /**
     * Increment the login attempts for the user.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return void
     */
    protected function incrementLoginAttempts(Request $request)
    {
        $this->limiter()->hit(
            $this->throttleKey($request), $this->decayMinutes() * 60
        );
    }

    /**
     * Redirect the user after determining they are locked out.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return void

     *
     * @throws \Illuminate\Validation\ValidationException
     */
    protected function sendLockoutResponse(Request $request)
    {
        $seconds = $this->limiter()->availableIn(
            $this->throttleKey($request)
        );

        throw ValidationException::withMessages([
            $this->username() => [Lang::get('auth.throttle', [
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
                'seconds' => $seconds,
                'minutes' => ceil($seconds / 60),
            ])],
        ])->status(Response::HTTP_TOO_MANY_REQUESTS);
    }

    /**
     * Clear the login locks for the given user credentials.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return void
     */
    protected function clearLoginAttempts(Request $request)
    {
        $this->limiter()->clear($this->throttleKey($request));
    }

    /**
     * Fire an event when a lockout occurs.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return void
     */
    protected function fireLockoutEvent(Request $request)
    {
        event(new Lockout($request));
    }

    /**
     * Get the throttle key for the given request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return string
     */
    protected function throttleKey(Request $request)
    {
        return Str::lower($request->input($this->username())).'|'.$request->ip();
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
    }

    /**
     * Get the rate limiter instance.
     *
     * @return \Illuminate\Cache\RateLimiter
     */
    protected function limiter()
    {
        return app(RateLimiter::class);
    }

    /**
     * Get the maximum number of attempts to allow.
     *
     * @return int
     */
    public function maxAttempts()
    {
        return property_exists($this, 'maxAttempts') ? $this->maxAttempts : 5;
class MyClass { }

$x = new MyClass();
$x->foo = true;
    }

    /**
     * Get the number of minutes to throttle for.
     *
     * @return int
     */
    public function decayMinutes()
    {
        return property_exists($this, 'decayMinutes') ? $this->decayMinutes : 1;
class MyClass { }

$x = new MyClass();
$x->foo = true;
    }
}


1			<?php
2
3			namespace Backpack\CRUD\app\Library\Auth;
4
5			use Illuminate\Auth\Events\Lockout;
6			use Illuminate\Cache\RateLimiter;
7			use Illuminate\Http\Request;
8			use Illuminate\Http\Response;
9			use Illuminate\Support\Facades\Lang;
10			use Illuminate\Support\Str;
11			use Illuminate\Validation\ValidationException;
12
13			trait ThrottlesLogins
14			{
15			/**
16			* Determine if the user has too many failed login attempts.
17			*
18			* @param \Illuminate\Http\Request $request
19			* @return bool
20			*/
21			protected function hasTooManyLoginAttempts(Request $request)
22			{
23			return $this->limiter()->tooManyAttempts(
24			$this->throttleKey($request), $this->maxAttempts()
25			);
26			}
27
28			/**
29			* Increment the login attempts for the user.
30			*
31			* @param \Illuminate\Http\Request $request
32			* @return void
33			*/
34			protected function incrementLoginAttempts(Request $request)
35			{
36			$this->limiter()->hit(
37			$this->throttleKey($request), $this->decayMinutes() * 60
38			);
39			}
40
41			/**
42			* Redirect the user after determining they are locked out.
43			*
44			* @param \Illuminate\Http\Request $request
45			* @return void
			0 ignored issues – show Documentation introduced 2020-03-04 06:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider making the return type a bit more specific; maybe use `NoType`. This check looks for the generic type `array` as a return type and suggests a more specific type. This type is inferred from the actual code. Loading history...
46			*
47			* @throws \Illuminate\Validation\ValidationException
48			*/
49			protected function sendLockoutResponse(Request $request)
50			{
51			$seconds = $this->limiter()->availableIn(
52			$this->throttleKey($request)
53			);
54
55			throw ValidationException::withMessages([
56			$this->username() => [Lang::get('auth.throttle', [
			0 ignored issues – show Bug introduced 2020-03-04 06:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `username()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
57			'seconds' => $seconds,
58			'minutes' => ceil($seconds / 60),
59			])],
60			])->status(Response::HTTP_TOO_MANY_REQUESTS);
61			}
62
63			/**
64			* Clear the login locks for the given user credentials.
65			*
66			* @param \Illuminate\Http\Request $request
67			* @return void
68			*/
69			protected function clearLoginAttempts(Request $request)
70			{
71			$this->limiter()->clear($this->throttleKey($request));
72			}
73
74			/**
75			* Fire an event when a lockout occurs.
76			*
77			* @param \Illuminate\Http\Request $request
78			* @return void
79			*/
80			protected function fireLockoutEvent(Request $request)
81			{
82			event(new Lockout($request));
83			}
84
85			/**
86			* Get the throttle key for the given request.
87			*
88			* @param \Illuminate\Http\Request $request
89			* @return string
90			*/
91			protected function throttleKey(Request $request)
92			{
93			return Str::lower($request->input($this->username())).'\|'.$request->ip();
			0 ignored issues – show Bug introduced 2020-03-04 06:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `username()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history... Bug introduced 2020-03-04 06:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$request->input($this->username())` targeting `Illuminate\Http\Concerns...ractsWithInput::input()` can also be of type `array` or `null`; however, `Illuminate\Support\Str::lower()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
94			}
95
96			/**
97			* Get the rate limiter instance.
98			*
99			* @return \Illuminate\Cache\RateLimiter
100			*/
101			protected function limiter()
102			{
103			return app(RateLimiter::class);
104			}
105
106			/**
107			* Get the maximum number of attempts to allow.
108			*
109			* @return int
110			*/
111			public function maxAttempts()
112			{
113			return property_exists($this, 'maxAttempts') ? $this->maxAttempts : 5;
			0 ignored issues – show Bug introduced 2020-03-04 06:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `maxAttempts` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
114			}
115
116			/**
117			* Get the number of minutes to throttle for.
118			*
119			* @return int
120			*/
121			public function decayMinutes()
122			{
123			return property_exists($this, 'decayMinutes') ? $this->decayMinutes : 1;
			0 ignored issues – show Bug introduced 2020-03-04 06:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `decayMinutes` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
124			}
125			}
126

Scrutinizer GitHub App not installed

Push — master ( 6a87fb...a42a1b )

src/app/Library/Auth/ThrottlesLogins.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Laravel-Backpack / CRUD

Scrutinizer GitHub App not installed

Push — master ( 6a87fb...a42a1b )

src/app/Library/Auth/ThrottlesLogins.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like