AuthenticateSessionL8::storePasswordHashInSession() - Code Metrics - Inspection of "fix for L8 authenticates sessions middleware" - Laravel-Backpack/CRUD - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — fix-l8 ( 69db27 )

by Pedro

created 2022-12-17 12:04 UTC

storePasswordHashInSession() A

↳ Parent: AuthenticateSessionL8

Complexity

Conditions	2
Paths	2

Size

Total Lines	8
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	1	Features	0

Metric	Value
cc	2
eloc	4
c	1
b	1
f	0
nc	2
nop	1
dl	0
loc	8
rs	10

<?php

namespace Backpack\CRUD\app\Http\Middleware;

use Closure;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Contracts\Auth\Factory as AuthFactory;

class AuthenticateSessionL8
{
    /**
     * The authentication factory implementation.
     *
     * @var \Illuminate\Contracts\Auth\Factory
     */
    protected $auth;

    protected $user;

    /**
     * Create a new middleware instance.
     *
     * @param  \Illuminate\Contracts\Auth\Factory  $auth
     * @return void
     */
    public function __construct(AuthFactory $auth)
    {
        $this->auth = $auth;
        $this->user = backpack_user();
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (! $request->hasSession() || ! $this->user) {
            return $next($request);
        }

        if ($this->guard()->viaRemember()) {
            $passwordHash = explode('|', $request->cookies->get($this->guard()->getRecallerName()))[2] ?? null;

            if (! $passwordHash || $passwordHash != $this->user->getAuthPassword()) {
                $this->logout($request);
            }
        }

        if (! $request->session()->has('password_hash_'.backpack_guard_name())) {
            $this->storePasswordHashInSession($request);
        }

        if ($request->session()->get('password_hash_'.backpack_guard_name()) !== $this->user->getAuthPassword()) {
            $this->logout($request);
        }

        return tap($next($request), function () use ($request) {
            if (! is_null($this->guard()->user())) {
                $this->storePasswordHashInSession($request);
            }
        });
    }

    /**
     * Store the user's current password hash in the session.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return void
     */
    protected function storePasswordHashInSession($request)
    {
        if (! $this->user) {
            return;
        }

        $request->session()->put([
            'password_hash_'.backpack_guard_name() => $this->user->getAuthPassword(),
        ]);
    }

    /**
     * Log the user out of the application.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return void
     *
     * @throws \Illuminate\Auth\AuthenticationException
     */
    protected function logout($request)
    {
        $this->guard()->logoutCurrentDevice();

        $request->session()->flush();

        \Alert::error('Your password was changed in another browser session. Please login again using the new password.')->flash();
filter:
    dependency_paths: ["lib/*"]

        throw new AuthenticationException('Unauthenticated.', [backpack_guard_name()], backpack_url('login'));
    }

    /**
     * Get the guard instance that should be used by the middleware.
     *
     * @return \Illuminate\Contracts\Auth\Factory|\Illuminate\Contracts\Auth\Guard
     */
    protected function guard()
    {
        return $this->auth;
    }
}


1			<?php
2
3			namespace Backpack\CRUD\app\Http\Middleware;
4
5			use Closure;
6			use Illuminate\Auth\AuthenticationException;
7			use Illuminate\Contracts\Auth\Factory as AuthFactory;
8
9			class AuthenticateSessionL8
10			{
11			/**
12			* The authentication factory implementation.
13			*
14			* @var \Illuminate\Contracts\Auth\Factory
15			*/
16			protected $auth;
17
18			protected $user;
19
20			/**
21			* Create a new middleware instance.
22			*
23			* @param \Illuminate\Contracts\Auth\Factory $auth
24			* @return void
25			*/
26			public function __construct(AuthFactory $auth)
27			{
28			$this->auth = $auth;
29			$this->user = backpack_user();
30			}
31
32			/**
33			* Handle an incoming request.
34			*
35			* @param \Illuminate\Http\Request $request
36			* @param \Closure $next
37			* @return mixed
38			*/
39			public function handle($request, Closure $next)
40			{
41			if (! $request->hasSession() \|\| ! $this->user) {
42			return $next($request);
43			}
44
45			if ($this->guard()->viaRemember()) {
46			$passwordHash = explode('\|', $request->cookies->get($this->guard()->getRecallerName()))[2] ?? null;
47
48			if (! $passwordHash \|\| $passwordHash != $this->user->getAuthPassword()) {
49			$this->logout($request);
50			}
51			}
52
53			if (! $request->session()->has('password_hash_'.backpack_guard_name())) {
54			$this->storePasswordHashInSession($request);
55			}
56
57			if ($request->session()->get('password_hash_'.backpack_guard_name()) !== $this->user->getAuthPassword()) {
58			$this->logout($request);
59			}
60
61			return tap($next($request), function () use ($request) {
62			if (! is_null($this->guard()->user())) {
63			$this->storePasswordHashInSession($request);
64			}
65			});
66			}
67
68			/**
69			* Store the user's current password hash in the session.
70			*
71			* @param \Illuminate\Http\Request $request
72			* @return void
73			*/
74			protected function storePasswordHashInSession($request)
75			{
76			if (! $this->user) {
77			return;
78			}
79
80			$request->session()->put([
81			'password_hash_'.backpack_guard_name() => $this->user->getAuthPassword(),
82			]);
83			}
84
85			/**
86			* Log the user out of the application.
87			*
88			* @param \Illuminate\Http\Request $request
89			* @return void
90			*
91			* @throws \Illuminate\Auth\AuthenticationException
92			*/
93			protected function logout($request)
94			{
95			$this->guard()->logoutCurrentDevice();
96
97			$request->session()->flush();
98
99			\Alert::error('Your password was changed in another browser session. Please login again using the new password.')->flash();
			0 ignored issues – show Bug introduced 2022-11-08 12:00 UTC by Report Bug Copy Issue Report The type `Alert` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
100
101			throw new AuthenticationException('Unauthenticated.', [backpack_guard_name()], backpack_url('login'));
102			}
103
104			/**
105			* Get the guard instance that should be used by the middleware.
106			*
107			* @return \Illuminate\Contracts\Auth\Factory\|\Illuminate\Contracts\Auth\Guard
108			*/
109			protected function guard()
110			{
111			return $this->auth;
112			}
113			}
114

Laravel-Backpack / CRUD

Scrutinizer GitHub App not installed

Push — fix-l8 ( 69db27 )

storePasswordHashInSession() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like