Duplicate code is one of the most pungent code smells. A rule that is often used is to re-structure code once it is duplicated in three or more places.
Common duplication problems, and corresponding solutions are:
1 | <?php |
||
42 | class VettingController extends Controller |
||
43 | { |
||
44 | /** |
||
45 | * @Template |
||
46 | * @param Request $request |
||
47 | * @return array|Response |
||
48 | * |
||
49 | * @SuppressWarnings(PHPMD.CyclomaticComplexity) https://www.pivotaltracker.com/story/show/135045063 |
||
50 | * @SuppressWarnings(PHPMD.NPathComplexity) https://www.pivotaltracker.com/story/show/135045063 |
||
51 | */ |
||
52 | public function startProcedureAction(Request $request) |
||
53 | { |
||
54 | $this->denyAccessUnlessGranted(['ROLE_RA']); |
||
55 | $logger = $this->get('logger'); |
||
56 | |||
57 | $logger->notice('Vetting Procedure Search started'); |
||
58 | |||
59 | $command = new StartVettingProcedureCommand(); |
||
60 | |||
61 | $form = $this->createForm('ra_start_vetting_procedure', $command)->handleRequest($request); |
||
62 | |||
63 | if (!$form->isValid()) { |
||
64 | $logger->notice('No search submitted, displaying search by registration code form'); |
||
65 | |||
66 | return ['form' => $form->createView()]; |
||
67 | } |
||
68 | |||
69 | $secondFactor = $this->getSecondFactorService() |
||
70 | ->findVerifiedSecondFactorByRegistrationCode($command->registrationCode); |
||
71 | |||
72 | if ($secondFactor === null) { |
||
73 | $form->addError(new FormError('ra.form.start_vetting_procedure.unknown_registration_code')); |
||
74 | $logger->notice('Cannot start new vetting procedure, no second factor found'); |
||
75 | |||
76 | return ['form' => $form->createView()]; |
||
77 | } |
||
78 | |||
79 | if (!$this->isGranted('ROLE_SRAA') && $secondFactor->institution !== $this->getIdentity()->institution) { |
||
80 | $form->addError(new FormError('ra.form.start_vetting_procedure.different_institution_error')); |
||
81 | $logger->notice( |
||
82 | 'Cannot start new vetting procedure, registrant belongs to a different institution than RA' |
||
83 | ); |
||
84 | |||
85 | return ['form' => $form->createView()]; |
||
86 | } |
||
87 | |||
88 | $enabledSecondFactors = $this->container->getParameter('surfnet_stepup_ra.enabled_second_factors'); |
||
89 | if (!in_array($secondFactor->type, $enabledSecondFactors, true)) { |
||
90 | $logger->warning( |
||
91 | sprintf( |
||
92 | 'An RA attempted vetting of disabled second factor "%s" of type "%s"', |
||
93 | $secondFactor->id, |
||
94 | $secondFactor->type |
||
95 | ) |
||
96 | ); |
||
97 | |||
98 | return $this |
||
99 | ->render( |
||
100 | 'SurfnetStepupRaRaBundle:Vetting:secondFactorTypeDisabled.html.twig', |
||
101 | ['secondFactorType' => $secondFactor->type] |
||
102 | ) |
||
103 | ->setStatusCode(Response::HTTP_BAD_REQUEST); |
||
104 | } |
||
105 | |||
106 | /** @var SamlToken $token */ |
||
107 | $token = $this->get('security.token_storage')->getToken(); |
||
108 | $command->authorityId = $this->getIdentity()->id; |
||
109 | $command->authorityLoa = $token->getLoa(); |
||
110 | $command->secondFactor = $secondFactor; |
||
|
|||
111 | |||
112 | if (!$this->getVettingService()->isLoaSufficientToStartProcedure($command)) { |
||
113 | $form->addError(new FormError('ra.form.start_vetting_procedure.loa_insufficient')); |
||
114 | |||
115 | $logger->notice('Cannot start new vetting procedure, Authority LoA is insufficient'); |
||
116 | |||
117 | return ['form' => $form->createView()]; |
||
118 | } |
||
119 | |||
120 | $procedureId = $this->getVettingService()->startProcedure($command); |
||
121 | |||
122 | $this->get('ra.procedure_logger') |
||
123 | ->forProcedure($procedureId) |
||
124 | ->notice(sprintf('Starting new Vetting Procedure for second factor of type "%s"', $secondFactor->type)); |
||
125 | |||
126 | $secondFactorType = new SecondFactorType($secondFactor->type); |
||
127 | if ($secondFactorType->isYubikey()) { |
||
128 | return $this->redirectToRoute('ra_vetting_yubikey_verify', ['procedureId' => $procedureId]); |
||
129 | } elseif ($secondFactorType->isSms()) { |
||
130 | return $this->redirectToRoute('ra_vetting_sms_send_challenge', ['procedureId' => $procedureId]); |
||
131 | } elseif ($this->getSecondFactorTypeService()->isGssf($secondFactorType)) { |
||
132 | return $this->redirectToRoute( |
||
133 | 'ra_vetting_gssf_initiate', |
||
134 | [ |
||
135 | 'procedureId' => $procedureId, |
||
136 | 'provider' => $secondFactor->type |
||
137 | ] |
||
138 | ); |
||
139 | } elseif ($secondFactorType->isU2f()) { |
||
140 | return $this->redirectToRoute('ra_vetting_u2f_start_authentication', ['procedureId' => $procedureId]); |
||
141 | } else { |
||
142 | throw new RuntimeException( |
||
143 | sprintf('RA does not support vetting procedure for second factor type "%s"', $secondFactor->type) |
||
144 | ); |
||
145 | } |
||
146 | } |
||
147 | |||
148 | public function cancelProcedureAction($procedureId) |
||
149 | { |
||
150 | $logger = $this->get('ra.procedure_logger')->forProcedure($procedureId); |
||
151 | |||
152 | View Code Duplication | if (!$this->getVettingService()->hasProcedure($procedureId)) { |
|
153 | $logger->notice(sprintf('Vetting procedure "%s" not found', $procedureId)); |
||
154 | throw new NotFoundHttpException(sprintf('Vetting procedure "%s" not found', $procedureId)); |
||
155 | } |
||
156 | |||
157 | $this->getVettingService()->cancelProcedure($procedureId); |
||
158 | $this->addFlash('info', $this->get('translator')->trans('ra.vetting.flash.cancelled')); |
||
159 | |||
160 | return $this->redirectToRoute('ra_vetting_search'); |
||
161 | } |
||
162 | |||
163 | /** |
||
164 | * @Template |
||
165 | * @param Request $request |
||
166 | * @param string $procedureId |
||
167 | * @return array|Response |
||
168 | */ |
||
169 | public function verifyIdentityAction(Request $request, $procedureId) |
||
170 | { |
||
171 | $this->denyAccessUnlessGranted(['ROLE_RA']); |
||
172 | |||
173 | $logger = $this->get('ra.procedure_logger')->forProcedure($procedureId); |
||
174 | $logger->notice('Verify Identity Form requested'); |
||
175 | |||
176 | View Code Duplication | if (!$this->getVettingService()->hasProcedure($procedureId)) { |
|
177 | $logger->notice(sprintf('Vetting procedure "%s" not found', $procedureId)); |
||
178 | throw new NotFoundHttpException(sprintf('Vetting procedure "%s" not found', $procedureId)); |
||
179 | } |
||
180 | |||
181 | $command = new VerifyIdentityCommand(); |
||
182 | $form = $this->createForm('ra_verify_identity', $command)->handleRequest($request); |
||
183 | |||
184 | /** @var SubmitButton $cancelButton */ |
||
185 | $cancelButton = $form->get('cancel'); |
||
186 | View Code Duplication | if ($cancelButton->isClicked()) { |
|
187 | $this->getVettingService()->cancelProcedure($procedureId); |
||
188 | $this->addFlash('info', $this->get('translator')->trans('ra.vetting.flash.cancelled')); |
||
189 | |||
190 | return $this->redirectToRoute('ra_vetting_search'); |
||
191 | } |
||
192 | |||
193 | $vettingService = $this->getVettingService(); |
||
194 | $commonName = $vettingService->getIdentityCommonName($procedureId); |
||
195 | |||
196 | $showForm = function ($error = null) use ($form, $commonName) { |
||
197 | if ($error) { |
||
198 | $form->addError(new FormError($error)); |
||
199 | } |
||
200 | |||
201 | return ['commonName' => $commonName, 'form' => $form->createView()]; |
||
202 | }; |
||
203 | |||
204 | if (!$form->isValid()) { |
||
205 | $logger->notice('Verify Identity Form not submitted, displaying form'); |
||
206 | |||
207 | return $showForm(); |
||
208 | } |
||
209 | |||
210 | try { |
||
211 | $vettingService->verifyIdentity($procedureId, $command); |
||
212 | } catch (DomainException $e) { |
||
213 | $this->get('logger')->error( |
||
214 | "RA attempted to verify identity, but the vetting procedure does not allow it", |
||
215 | ['exception' => $e, 'procedure' => $procedureId] |
||
216 | ); |
||
217 | |||
218 | return $showForm('ra.verify_identity.identity_verification_failed'); |
||
219 | } |
||
220 | |||
221 | try { |
||
222 | $vetting = $vettingService->vet($procedureId); |
||
223 | if ($vetting->isSuccessful()) { |
||
224 | $logger->notice('Identity Verified, vetting completed'); |
||
225 | |||
226 | return $this->redirectToRoute('ra_vetting_completed', ['procedureId' => $procedureId]); |
||
227 | } |
||
228 | |||
229 | $logger->error('RA attempted to vet second factor, but the command failed'); |
||
230 | |||
231 | if (in_array(VettingService::REGISTRATION_CODE_EXPIRED_ERROR, $vetting->getErrors())) { |
||
232 | $registrationCodeExpiredError = $this->getTranslator() |
||
233 | ->trans( |
||
234 | 'ra.verify_identity.registration_code_expired', |
||
235 | [ |
||
236 | '%self_service_url%' => $this->getParameter('surfnet_stepup_ra.self_service_url'), |
||
237 | ] |
||
238 | ); |
||
239 | |||
240 | return $showForm($registrationCodeExpiredError); |
||
241 | } |
||
242 | |||
243 | return $showForm('ra.verify_identity.second_factor_vetting_failed'); |
||
244 | } catch (DomainException $e) { |
||
245 | $logger->error( |
||
246 | "RA attempted to vet second factor, but the vetting procedure didn't allow it", |
||
247 | ['exception' => $e] |
||
248 | ); |
||
249 | |||
250 | return $showForm('ra.verify_identity.second_factor_vetting_failed'); |
||
251 | } |
||
252 | } |
||
253 | |||
254 | /** |
||
255 | * @Template |
||
256 | */ |
||
257 | public function vettingCompletedAction() |
||
261 | |||
262 | /** |
||
263 | * @return SecondFactorService |
||
264 | */ |
||
265 | private function getSecondFactorService() |
||
269 | |||
270 | /** |
||
271 | * @return SecondFactorTypeService |
||
272 | */ |
||
273 | private function getSecondFactorTypeService() |
||
274 | { |
||
275 | return $this->get('surfnet_stepup.service.second_factor_type'); |
||
276 | } |
||
277 | |||
278 | /** |
||
279 | * @return VettingService |
||
280 | */ |
||
281 | private function getVettingService() |
||
285 | |||
286 | /** |
||
287 | * @return \Surfnet\StepupMiddlewareClientBundle\Identity\Dto\Identity |
||
288 | */ |
||
289 | private function getIdentity() |
||
293 | |||
294 | /** |
||
295 | * @return TranslatorInterface |
||
296 | */ |
||
297 | private function getTranslator() |
||
301 | } |
||
302 |
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly.
For example, imagine you have a variable
$accountId
that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to theid
property of an instance of theAccount
class. This class holds a proper account, so the id value must no longer be false.Either this assignment is in error or a type check should be added for that assignment.