SecurityController::revoke() - Code Metrics - Pterodactyl/Panel - Measure and Improve Code Quality continuously with Scrutinizer

SecurityController::revoke() A
last analyzed 2017-06-15 01:59 UTC

↳ Parent: SecurityController

Complexity

Conditions	1
Paths	1

Size

Total Lines	6
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	6
rs	9.4285
c	0
b	0
f	0
cc	1
eloc	3
nc	1
nop	2

<?php
/**
 * Pterodactyl - Panel
 * Copyright (c) 2015 - 2017 Dane Everitt <[email protected]>
 * Some Modifications (c) 2015 Dylan Seidt <[email protected]>.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

namespace Pterodactyl\Http\Controllers\Base;

use Alert;
use Google2FA;
use Illuminate\Http\Request;
use Pterodactyl\Models\Session;
use Pterodactyl\Http\Controllers\Controller;

class SecurityController extends Controller
{
    /**
     * Returns Security Management Page.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\View\View
     */
    public function index(Request $request)
    {
        return view('base.security', [

            'sessions' => Session::where('user_id', $request->user()->id)->get(),
        ]);
    }

    /**
     * Generates TOTP Secret and returns popup data for user to verify
     * that they can generate a valid response.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\JsonResponse
     */
    public function generateTotp(Request $request)
    {
        $user = $request->user();

        $user->totp_secret = Google2FA::generateSecretKey();
        $user->save();

        return response()->json([
            'qrImage' => Google2FA::getQRCodeGoogleUrl(
                'Pterodactyl',
                $user->email,
                $user->totp_secret
            ),
            'secret' => $user->totp_secret,
        ]);
    }

    /**
     * Verifies that 2FA token recieved is valid and will work on the account.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function setTotp(Request $request)
    {
        if (! $request->has('token')) {
            return response()->json([
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
                'error' => 'Request is missing token parameter.',
            ], 500);
        }

        $user = $request->user();
        if ($user->toggleTotp($request->input('token'))) {
            return response('true');
        }

        return response('false');
    }

    /**
     * Disables TOTP on an account.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\RedirectResponse
     */
    public function disableTotp(Request $request)

    {
        if (! $request->has('token')) {
            Alert::danger('Missing required `token` field in request.')->flash();

            return redirect()->route('account.security');
        }

        $user = $request->user();
        if ($user->toggleTotp($request->input('token'))) {
            return redirect()->route('account.security');
        }

        Alert::danger('The TOTP token provided was invalid.')->flash();

        return redirect()->route('account.security');
    }

    /**
     * Revokes a user session.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  int                       $id
     * @return \Illuminate\Http\RedirectResponse
     */
    public function revoke(Request $request, $id)
    {
        Session::where('user_id', $request->user()->id)->findOrFail($id)->delete();

        return redirect()->route('account.security');
    }
}


1		<?php
2		/**
3		* Pterodactyl - Panel
4		* Copyright (c) 2015 - 2017 Dane Everitt <[email protected]>
5		* Some Modifications (c) 2015 Dylan Seidt <[email protected]>.
6		*
7		* Permission is hereby granted, free of charge, to any person obtaining a copy
8		* of this software and associated documentation files (the "Software"), to deal
9		* in the Software without restriction, including without limitation the rights
10		* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11		* copies of the Software, and to permit persons to whom the Software is
12		* furnished to do so, subject to the following conditions:
13		*
14		* The above copyright notice and this permission notice shall be included in all
15		* copies or substantial portions of the Software.
16		*
17		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23		* SOFTWARE.
24		*/
25
26		namespace Pterodactyl\Http\Controllers\Base;
27
28		use Alert;
29		use Google2FA;
30		use Illuminate\Http\Request;
31		use Pterodactyl\Models\Session;
32		use Pterodactyl\Http\Controllers\Controller;
33
34		class SecurityController extends Controller
35		{
36		/**
37		* Returns Security Management Page.
38		*
39		* @param \Illuminate\Http\Request $request
40		* @return \Illuminate\View\View
41		*/
42		public function index(Request $request)
43		{
44		return view('base.security', [
		0 ignored issues – show Bug Compatibility introduced 2017-03-19 23:39 UTC by Report Bug Copy Issue Report The expression `view('base.security', ar...->user()->id)->get()));` of type `Illuminate\View\View\|Ill...\Contracts\View\Factory` adds the type `Illuminate\Contracts\View\Factory` to the return on line 44 which is incompatible with the return type documented by `Pterodactyl\Http\Control...curityController::index` of type `Illuminate\View\View`. Loading history...
45		'sessions' => Session::where('user_id', $request->user()->id)->get(),
46		]);
47		}
48
49		/**
50		* Generates TOTP Secret and returns popup data for user to verify
51		* that they can generate a valid response.
52		*
53		* @param \Illuminate\Http\Request $request
54		* @return \Illuminate\Http\JsonResponse
55		*/
56		public function generateTotp(Request $request)
57		{
58		$user = $request->user();
59
60		$user->totp_secret = Google2FA::generateSecretKey();
61		$user->save();
62
63		return response()->json([
64		'qrImage' => Google2FA::getQRCodeGoogleUrl(
65		'Pterodactyl',
66		$user->email,
67		$user->totp_secret
68		),
69		'secret' => $user->totp_secret,
70		]);
71		}
72
73		/**
74		* Verifies that 2FA token recieved is valid and will work on the account.
75		*
76		* @param \Illuminate\Http\Request $request
77		* @return \Illuminate\Http\Response
78		*/
79		public function setTotp(Request $request)
80		{
81		if (! $request->has('token')) {
82		return response()->json([
		0 ignored issues – show Bug Best Practice introduced 2017-01-21 21:00 UTC by Report Bug Copy Issue Report The return type of `return response()->json(...ken parameter.'), 500);` (`Illuminate\Http\JsonResponse`) is incompatible with the return type documented by `Pterodactyl\Http\Control...rityController::setTotp` of type `Illuminate\Http\Response`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
83		'error' => 'Request is missing token parameter.',
84		], 500);
85		}
86
87		$user = $request->user();
88		if ($user->toggleTotp($request->input('token'))) {
89		return response('true');
90		}
91
92		return response('false');
93		}
94
95		/**
96		* Disables TOTP on an account.
97		*
98		* @param \Illuminate\Http\Request $request
99		* @return \Illuminate\Http\RedirectResponse
100		*/
101	View Code Duplication	public function disableTotp(Request $request)
		0 ignored issues – show Duplication introduced 2017-05-06 03:17 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
102		{
103		if (! $request->has('token')) {
104		Alert::danger('Missing required `token` field in request.')->flash();
105
106		return redirect()->route('account.security');
107		}
108
109		$user = $request->user();
110		if ($user->toggleTotp($request->input('token'))) {
111		return redirect()->route('account.security');
112		}
113
114		Alert::danger('The TOTP token provided was invalid.')->flash();
115
116		return redirect()->route('account.security');
117		}
118
119		/**
120		* Revokes a user session.
121		*
122		* @param \Illuminate\Http\Request $request
123		* @param int $id
124		* @return \Illuminate\Http\RedirectResponse
125		*/
126		public function revoke(Request $request, $id)
127		{
128		Session::where('user_id', $request->user()->id)->findOrFail($id)->delete();
129
130		return redirect()->route('account.security');
131		}
132		}
133

Pterodactyl / Panel

GitHub Access Token became invalid

SecurityController::revoke() A last analyzed 2017-06-15 01:59 UTC

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like

SecurityController::revoke() A
last analyzed 2017-06-15 01:59 UTC