Issues in Impersonate.php (main) - Issues in main - LinkStackOrg/LinkStack - Measure and Improve Code Quality continuously with Scrutinizer

Issues (157)

app/Http/Middleware/Impersonate.php (8 issues)

Labels

Bug 7

Severity

<?php

namespace App\Http\Middleware;

use Illuminate\Support\Facades\Schema;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Str;
use App\Models\User;
use Closure;

class Impersonate
{
    public function handle($request, Closure $next)
    {
      if(Schema::hasColumn('users', 'auth_as')) {
        $adminUser = User::where('role', 'admin')->where(function ($query) {
            $query->where('auth_as', '!=', null)
                ->where('auth_as', '!=', '');
        })->first();

        if ($adminUser && is_numeric($adminUser->auth_as)) {

            $originalUserId = $adminUser->id;

            $impersonateUserId = is_numeric($adminUser->auth_as) ? $adminUser->auth_as : $adminUser->id;

            $impersonateUser = User::find($impersonateUserId);
            $impersonateUserName = $impersonateUser->name;

            if (Auth::user()->id === $originalUserId) {

                $token = Str::random(60);
                if (\Route::currentRouteName() !== 'authAs') {
                    $adminUser->remember_token = $token;

                    $adminUser->save();
                }

                Auth::loginUsingId($impersonateUserId);
                $request->session()->put('display_auth_nav', $token);
                $request->session()->save();
            }

            if ($request->session()->has('display_auth_nav')) {
                $dashboardUrl = url('dashboard');
                $authAsUrl = url('/auth-as');
                $csrfToken = csrf_token();
                $rememberTokenUser = User::find($originalUserId);
                $rememberToken = $rememberTokenUser->remember_token;
                $storageToken = $request->session()->get('display_auth_nav');

                if ($storageToken === $rememberToken) {
                    if (file_exists(base_path(findAvatar($impersonateUserId)))) {
                        $avatarUrl = url(findAvatar($impersonateUserId));
                    } elseif (file_exists(base_path("assets/linkstack/images/") . findFile('avatar'))) {
                        $avatarUrl = url("assets/linkstack/images/") . "/" . findFile('avatar');
                    } else {
                        $avatarUrl = asset('assets/linkstack/images/logo.svg');
                    }

                    $customHtml = <<<EOD
<style>
  .ibar {
    position: fixed;
    top: 0;
    left: 0;
    width: 100%;
    height: 67px;
    background-color: #4d4c51;
    z-index: 911;
    box-shadow: 0 1px 2px rgba(0, 0, 0, 0.1);
  }

  .itext1 {
    color: white;
    font-family: "Inter", sans-serif;
    font-size: 18px;
    display: flex;
    align-items: center;
    justify-content: space-between;
    padding: 17px 16px;
  }

  .itext1 span a {
    display: flex;
    align-items: center;
    justify-content: space-between;
  }

  .itext1 a {
    color: white;
    text-decoration: none;
  }

  .itext1 svg {
    width: 32px;
    height: 32px;
    fill: currentColor;
    margin-left: 8px;
    margin-bottom: 4px;
  }

  .iimg {
    width: 32px;
    height: 32px;
    margin-right: 8px;
    margin-bottom: 3px;
  }

  .irounded {
    border-radius: 50%;
  }

  body {
    padding-top: 60px; /* Add padding equal to the height of .ibar */
  }
</style>

<div class="ibar">
  <p class="itext1">
    <span>
      <a href="$dashboardUrl"><img alt="avatar" class="iimg irounded" src="$avatarUrl">$impersonateUserName</a>
    </span>
    <a style="cursor:pointer" onclick="document.getElementById('submitForm').submit(); return false;">
      <svg xmlns="http://www.w3.org/2000/svg" class="bi bi-x" viewBox="0 0 16 16">
        <path
          d="M4.646 4.646a.5.5 0 0 1 .708 0L8 7.293l2.646-2.647a.5.5 0 0 1 .708.708L8.707 8l2.647 2.646a.5.5 0 0 1-.708.708L8 8.707l-2.646 2.647a.5.5 0 0 1-.708-.708L7.293 8 4.646 5.354a.5.5 0 0 1 0-.708z"
        />
      </svg>
    </a>
  </p>
</div>

<form id="submitForm" action="$authAsUrl" method="POST" style="display: none;">
  <input type="hidden" name="_token" value="$csrfToken">
  <input type="hidden" name="token" value="$rememberToken">
  <input type="hidden" name="id" value="$originalUserId">
</form>

<script>
  function submitForm() {
    document.getElementById('submitForm').submit();
  }
</script>
EOD;
                } else {
                    $customHtml = "";
                }

                $response = $next($request);
                $content = $response->getContent();
                $modifiedContent = preg_replace('/<body([^>]*)>/', "<body$1>{$customHtml}", $content);
                $response->setContent($modifiedContent);

                return $response;
            } else {
                if ($request->session()->has('display_auth_nav')) {
                    $request->session()->forget('display_auth_nav');
                    Auth::logout();
                }
                return $next($request);
            }
        } else {
            return $next($request);
        }

      } else {
        return $next($request);
      }

    }
}


1			<?php
2
3			namespace App\Http\Middleware;
4
5			use Illuminate\Support\Facades\Schema;
6			use Illuminate\Support\Facades\Auth;
7			use Illuminate\Support\Str;
8			use App\Models\User;
9			use Closure;
10
11			class Impersonate
12			{
13			public function handle($request, Closure $next)
14			{
15			if(Schema::hasColumn('users', 'auth_as')) {
16			$adminUser = User::where('role', 'admin')->where(function ($query) {
17			$query->where('auth_as', '!=', null)
18			->where('auth_as', '!=', '');
19			})->first();
20
21			if ($adminUser && is_numeric($adminUser->auth_as)) {
			0 ignored issues – show Bug introduced 2024-01-15 17:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `auth_as` does not seem to exist on `Illuminate\Database\Eloq...Relations\HasOneThrough`. Loading history... Bug introduced 2024-01-15 17:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `auth_as` does not seem to exist on `Illuminate\Database\Eloq...elations\HasManyThrough`. Loading history...
22			$originalUserId = $adminUser->id;
			0 ignored issues – show Bug introduced 2024-01-15 17:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `id` does not seem to exist on `Illuminate\Database\Eloq...Relations\HasOneThrough`. Loading history... Bug introduced 2024-01-15 17:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `id` does not seem to exist on `Illuminate\Database\Eloq...elations\HasManyThrough`. Loading history...
23			$impersonateUserId = is_numeric($adminUser->auth_as) ? $adminUser->auth_as : $adminUser->id;
			0 ignored issues – show introduced 2024-01-15 17:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `is_numeric($adminUser->auth_as)` is always `true`. Loading history...
24			$impersonateUser = User::find($impersonateUserId);
25			$impersonateUserName = $impersonateUser->name;
26
27			if (Auth::user()->id === $originalUserId) {
			0 ignored issues – show Bug introduced 2024-01-15 17:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this Accessing `id` on the interface `Illuminate\Contracts\Auth\Authenticatable` suggest that you code against a concrete implementation. How about adding an `instanceof` check? Loading history...
28			$token = Str::random(60);
29			if (\Route::currentRouteName() !== 'authAs') {
30			$adminUser->remember_token = $token;
			0 ignored issues – show Bug introduced 2024-01-15 17:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `remember_token` does not seem to exist on `Illuminate\Database\Eloq...elations\HasManyThrough`. Loading history... Bug introduced 2024-01-15 17:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `remember_token` does not seem to exist on `Illuminate\Database\Eloq...Relations\HasOneThrough`. Loading history...
31			$adminUser->save();
32			}
33
34			Auth::loginUsingId($impersonateUserId);
35			$request->session()->put('display_auth_nav', $token);
36			$request->session()->save();
37			}
38
39			if ($request->session()->has('display_auth_nav')) {
40			$dashboardUrl = url('dashboard');
41			$authAsUrl = url('/auth-as');
42			$csrfToken = csrf_token();
43			$rememberTokenUser = User::find($originalUserId);
44			$rememberToken = $rememberTokenUser->remember_token;
45			$storageToken = $request->session()->get('display_auth_nav');
46
47			if ($storageToken === $rememberToken) {
48			if (file_exists(base_path(findAvatar($impersonateUserId)))) {
49			$avatarUrl = url(findAvatar($impersonateUserId));
50			} elseif (file_exists(base_path("assets/linkstack/images/") . findFile('avatar'))) {
51			$avatarUrl = url("assets/linkstack/images/") . "/" . findFile('avatar');
52			} else {
53			$avatarUrl = asset('assets/linkstack/images/logo.svg');
54			}
55
56			$customHtml = <<<EOD
57			<style>
58			.ibar {
59			position: fixed;
60			top: 0;
61			left: 0;
62			width: 100%;
63			height: 67px;
64			background-color: #4d4c51;
65			z-index: 911;
66			box-shadow: 0 1px 2px rgba(0, 0, 0, 0.1);
67			}
68
69			.itext1 {
70			color: white;
71			font-family: "Inter", sans-serif;
72			font-size: 18px;
73			display: flex;
74			align-items: center;
75			justify-content: space-between;
76			padding: 17px 16px;
77			}
78
79			.itext1 span a {
80			display: flex;
81			align-items: center;
82			justify-content: space-between;
83			}
84
85			.itext1 a {
86			color: white;
87			text-decoration: none;
88			}
89
90			.itext1 svg {
91			width: 32px;
92			height: 32px;
93			fill: currentColor;
94			margin-left: 8px;
95			margin-bottom: 4px;
96			}
97
98			.iimg {
99			width: 32px;
100			height: 32px;
101			margin-right: 8px;
102			margin-bottom: 3px;
103			}
104
105			.irounded {
106			border-radius: 50%;
107			}
108
109			body {
110			padding-top: 60px; /* Add padding equal to the height of .ibar */
111			}
112			</style>
113
114			<div class="ibar">
115			<p class="itext1">
116			<span>
117			<a href="$dashboardUrl"><img alt="avatar" class="iimg irounded" src="$avatarUrl">$impersonateUserName</a>
118			</span>
119			<a style="cursor:pointer" onclick="document.getElementById('submitForm').submit(); return false;">
120			<svg xmlns="http://www.w3.org/2000/svg" class="bi bi-x" viewBox="0 0 16 16">
121			<path
122			d="M4.646 4.646a.5.5 0 0 1 .708 0L8 7.293l2.646-2.647a.5.5 0 0 1 .708.708L8.707 8l2.647 2.646a.5.5 0 0 1-.708.708L8 8.707l-2.646 2.647a.5.5 0 0 1-.708-.708L7.293 8 4.646 5.354a.5.5 0 0 1 0-.708z"
123			/>
124			</svg>
125			</a>
126			</p>
127			</div>
128
129			<form id="submitForm" action="$authAsUrl" method="POST" style="display: none;">
130			<input type="hidden" name="_token" value="$csrfToken">
131			<input type="hidden" name="token" value="$rememberToken">
132			<input type="hidden" name="id" value="$originalUserId">
133			</form>
134
135			<script>
136			function submitForm() {
137			document.getElementById('submitForm').submit();
138			}
139			</script>
140			EOD;
141			} else {
142			$customHtml = "";
143			}
144
145			$response = $next($request);
146			$content = $response->getContent();
147			$modifiedContent = preg_replace('/<body([^>]*)>/', "<body$1>{$customHtml}", $content);
148			$response->setContent($modifiedContent);
149
150			return $response;
151			} else {
152			if ($request->session()->has('display_auth_nav')) {
153			$request->session()->forget('display_auth_nav');
154			Auth::logout();
155			}
156			return $next($request);
157			}
158			} else {
159			return $next($request);
160			}
161
162			} else {
163			return $next($request);
164			}
165
166			}
167			}
168

LinkStackOrg / LinkStack

Issues (157)

app/Http/Middleware/Impersonate.php (8 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like