NNTmux /
newznab-tmux
| Conditions | 10 |
| Paths | 49 |
| Total Lines | 74 |
| Code Lines | 42 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 1 | ||
| Bugs | 0 | Features | 0 |
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 14 | public function handle(Request $request, Closure $next): mixed |
||
| 15 | { |
||
| 16 | // Check for trusted device cookie on incoming request |
||
| 17 | $trustedCookie = $request->cookie('2fa_trusted_device'); |
||
| 18 | |||
| 19 | if ($trustedCookie && auth()->check()) { |
||
| 20 | try { |
||
| 21 | $cookieData = json_decode($trustedCookie, true); |
||
|
Bug
introduced
by
|
|||
| 22 | |||
| 23 | // If cookie data is valid and user matches |
||
| 24 | if (json_last_error() === JSON_ERROR_NONE && |
||
| 25 | isset($cookieData['user_id'], $cookieData['token'], $cookieData['expires_at']) && |
||
| 26 | (int) $cookieData['user_id'] === (int) auth()->id() && |
||
| 27 | time() <= $cookieData['expires_at']) { |
||
| 28 | |||
| 29 | // Mark this user's session as having passed 2FA |
||
| 30 | session([config('google2fa.session_var') => true]); |
||
| 31 | session([config('google2fa.session_var').'.auth.passed_at' => time()]); |
||
| 32 | } |
||
| 33 | } catch (\Exception $e) { |
||
| 34 | Log::error('TrustedDevice2FAMiddleware - Error processing cookie', [ |
||
| 35 | 'error' => $e->getMessage(), |
||
| 36 | ]); |
||
| 37 | } |
||
| 38 | } |
||
| 39 | |||
| 40 | // Process the request |
||
| 41 | $response = $next($request); |
||
| 42 | |||
| 43 | // Check if we need to set a trusted device cookie |
||
| 44 | if ($request->session()->has('2fa_trusted_device_pending')) { |
||
| 45 | $cookieData = $request->session()->pull('2fa_trusted_device_pending'); |
||
| 46 | |||
| 47 | // Ensure cookie data is properly formatted |
||
| 48 | $cookieValue = json_encode($cookieData, JSON_UNESCAPED_SLASHES); |
||
| 49 | |||
| 50 | try { |
||
| 51 | // Create a cookie instance with proper settings for persistence |
||
| 52 | $cookie = cookie( |
||
| 53 | '2fa_trusted_device', // name |
||
| 54 | $cookieValue, // value |
||
| 55 | 60 * 24 * 30, // minutes (30 days) |
||
| 56 | '/', // path |
||
| 57 | null, // domain (null = current domain) |
||
| 58 | null, // secure (auto) |
||
| 59 | false, // httpOnly - allow JS access |
||
| 60 | false, // raw |
||
| 61 | 'lax' // sameSite |
||
| 62 | ); |
||
| 63 | |||
| 64 | // Add cookie to the response |
||
| 65 | $response->headers->setCookie($cookie); |
||
| 66 | |||
| 67 | // Backup approach - also set directly in PHP |
||
| 68 | $expiry = time() + (60 * 60 * 24 * 30); // 30 days |
||
| 69 | @setcookie('2fa_trusted_device', $cookieValue, [ |
||
| 70 | 'expires' => $expiry, |
||
| 71 | 'path' => '/', |
||
| 72 | 'domain' => '', |
||
| 73 | 'secure' => $request->secure(), |
||
| 74 | 'httponly' => false, |
||
| 75 | 'samesite' => 'Lax', |
||
| 76 | ]); |
||
| 77 | |||
| 78 | // Keep in session for backup access |
||
| 79 | $request->session()->put('2fa_trusted_device_value', $cookieValue); |
||
| 80 | } catch (\Exception $e) { |
||
| 81 | Log::error('TrustedDevice2FAMiddleware - Error setting cookie', [ |
||
| 82 | 'error' => $e->getMessage(), |
||
| 83 | ]); |
||
| 84 | } |
||
| 85 | } |
||
| 86 | |||
| 87 | return $response; |
||
| 88 | } |
||
| 90 |
Loading history...