Issues in ProfileSecurityController.php (master) - Issues in master - NNTmux/newznab-tmux - Measure and Improve Code Quality continuously with Scrutinizer

Issues (374)

app/Http/Controllers/ProfileSecurityController.php (2 issues)

Labels

Bug 2

Severity

Major 2

<?php

namespace App\Http\Controllers;

use App\Models\User;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;

/**
 * Controller specifically for handling profile security operations
 * like 2FA management with no dependencies on other profile functions
 */
class ProfileSecurityController extends BasePageController
{
    /**
     * Disable 2FA for the authenticated user from the profile page
     * This is separate from the main profile edit functionality
     *
     * @return JsonResponse|RedirectResponse
     */
    public function disable2fa(Request $request)
    {
        // Simple validation - only password is required
        $validated = $request->validate([
            'current_password' => 'required',
        ]);

        // Check if password is correct
        if (! Hash::check($validated['current_password'], Auth::user()->password)) {

            if ($request->expectsJson() || $request->ajax()) {
                return response()->json([
                    'success' => false,
                    'message' => 'Your password does not match. Please try again.',
                ]);
            }

            return redirect()
                ->to('profileedit#security')
                ->with('error_2fa', 'Your password does not match. Please try again.');
        }

        // Get the user and disable 2FA
        $user = Auth::user();
        if ($user->passwordSecurity) {

            $user->passwordSecurity->google2fa_enable = 0;
            $user->passwordSecurity->save();

            if ($request->expectsJson() || $request->ajax()) {
                return response()->json([
                    'success' => true,
                    'message' => '2FA has been successfully disabled.',
                ]);
            }

            return redirect()
                ->to('profileedit#security')
                ->with('success_2fa', '2FA has been successfully disabled.');
        }

        if ($request->expectsJson() || $request->ajax()) {
            return response()->json([
                'success' => false,
                'message' => 'No 2FA configuration found for this user.',
            ]);
        }

        return redirect()
            ->to('profileedit#security')
            ->with('error_2fa', 'No 2FA configuration found for this user.');
    }
}


1			<?php
2
3			namespace App\Http\Controllers;
4
5			use App\Models\User;
6			use Illuminate\Http\JsonResponse;
7			use Illuminate\Http\RedirectResponse;
8			use Illuminate\Http\Request;
9			use Illuminate\Support\Facades\Auth;
10			use Illuminate\Support\Facades\Hash;
11
12			/**
13			* Controller specifically for handling profile security operations
14			* like 2FA management with no dependencies on other profile functions
15			*/
16			class ProfileSecurityController extends BasePageController
17			{
18			/**
19			* Disable 2FA for the authenticated user from the profile page
20			* This is separate from the main profile edit functionality
21			*
22			* @return JsonResponse\|RedirectResponse
23			*/
24			public function disable2fa(Request $request)
25			{
26			// Simple validation - only password is required
27			$validated = $request->validate([
28			'current_password' => 'required',
29			]);
30
31			// Check if password is correct
32			if (! Hash::check($validated['current_password'], Auth::user()->password)) {
			0 ignored issues – show Bug introduced 2025-06-05 15:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this Accessing `password` on the interface `Illuminate\Contracts\Auth\Authenticatable` suggest that you code against a concrete implementation. How about adding an `instanceof` check? Loading history...
33			if ($request->expectsJson() \|\| $request->ajax()) {
34			return response()->json([
35			'success' => false,
36			'message' => 'Your password does not match. Please try again.',
37			]);
38			}
39
40			return redirect()
41			->to('profileedit#security')
42			->with('error_2fa', 'Your password does not match. Please try again.');
43			}
44
45			// Get the user and disable 2FA
46			$user = Auth::user();
47			if ($user->passwordSecurity) {
			0 ignored issues – show Bug introduced 2025-06-05 15:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this Accessing `passwordSecurity` on the interface `Illuminate\Contracts\Auth\Authenticatable` suggest that you code against a concrete implementation. How about adding an `instanceof` check? Loading history...
48			$user->passwordSecurity->google2fa_enable = 0;
49			$user->passwordSecurity->save();
50
51			if ($request->expectsJson() \|\| $request->ajax()) {
52			return response()->json([
53			'success' => true,
54			'message' => '2FA has been successfully disabled.',
55			]);
56			}
57
58			return redirect()
59			->to('profileedit#security')
60			->with('success_2fa', '2FA has been successfully disabled.');
61			}
62
63			if ($request->expectsJson() \|\| $request->ajax()) {
64			return response()->json([
65			'success' => false,
66			'message' => 'No 2FA configuration found for this user.',
67			]);
68			}
69
70			return redirect()
71			->to('profileedit#security')
72			->with('error_2fa', 'No 2FA configuration found for this user.');
73			}
74			}
75

NNTmux / newznab-tmux

Issues (374)

app/Http/Controllers/ProfileSecurityController.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like