User::isApproved() - Code Metrics - Inspection of "Refactor #342 refactor internal user state as `loc..." - Sententiaregum/Sententiaregum - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 8a3e9b...ad7ada )

by Maximilian

created 2016-11-16 21:29 UTC

User::isApproved() A

↳ Parent: User

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	4
rs	10
c	0
b	0
f	0
cc	1
eloc	2
nc	1
nop	0

<?php

/*
 * This file is part of the Sententiaregum project.
 *
 * (c) Maximilian Bosch <[email protected]>
 * (c) Ben Bieler <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace AppBundle\Model\User;

use AppBundle\Model\User\Util\Date\DateTimeComparison;
use DateTime;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\ORM\Mapping as ORM;
use Ma27\ApiKeyAuthenticationBundle\Annotation as Auth;
use Ma27\ApiKeyAuthenticationBundle\Model\Password\PasswordHasherInterface;
use Ramsey\Uuid\Uuid;
use Serializable;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * User.
 *
 * @author Maximilian Bosch <[email protected]>
 *
 * @ORM\Entity(repositoryClass="AppBundle\Service\Doctrine\Repository\UserRepository")
 * @ORM\Table(name="User", indexes={
 *     @ORM\Index(name="user_lastAction", columns={"last_action"}),
 *     @ORM\Index(name="user_locale", columns={"locale"}),
 *     @ORM\Index(name="user_activation", columns={"username", "pendingActivation_activation_date"})
 * })
 * @ORM\Cache(usage="READ_WRITE", region="strict")
 */
class User implements UserInterface, Serializable
{
    const STATE_NEW                   = 'new';
    const STATE_APPROVED              = 'approved';
    const STATE_LOCKED                = 'locked';
    const MAX_FAILED_ATTEMPTS_FROM_IP = 3;
    const FAILED_AUTH_POOL            = 'failed_auths';
    const AUTH_ATTEMPT_POOL           = 'auth_attempts';

    /**
     * @var string
     *
     * @ORM\Id
     * @ORM\GeneratedValue(strategy="NONE")
     * @ORM\Column(name="id", type="guid")
     */
    private $id;

    /**
     * @var string
     *
     * @ORM\Column(name="username", type="string", length=50, unique=true)
     * @Auth\Login
     */
    private $username;

    /**
     * @var string
     *
     * @ORM\Column(name="password", type="string", length=500)
     * @Auth\Password
     */
    private $password;

    /**
     * @var string
     *
     * @ORM\Column(name="email", type="string", unique=true)
     */
    private $email;

    /**
     * @var string
     *
     * @ORM\Column(name="api_key", type="string", length=200, unique=true, nullable=true)
     * @Auth\ApiKey
     */
    private $apiKey;

    /**
     * @var DateTime
     *
     * @ORM\Column(name="last_action", type="datetime")
     * @Auth\LastAction
     */
    private $lastAction;

    /**
     * @var DateTime
     *
     * @ORM\Column(name="registration_date", type="datetime")
     */
    private $registrationDate;

    /**
     * @var string
     *
     * @ORM\Column(name="state", type="string")
     */
    private $state;

    /**
     * @var string
     *
     * @ORM\Column(name="about_text", type="string", nullable=true)
     */
    private $aboutText;

    /**
     * @var ArrayCollection
     *
     * @ORM\ManyToMany(targetEntity="AppBundle\Model\User\Role", indexBy="role")
     * @ORM\JoinTable(
     *     name="User2Role",
     *     joinColumns={@ORM\JoinColumn(name="userId")},
     *     inverseJoinColumns={@ORM\JoinColumn(name="roleId")}
     * )
     */
    private $roles;

    /**
     * @var ArrayCollection
     *
     * @ORM\ManyToMany(targetEntity="AppBundle\Model\User\User", indexBy="username", fetch="EXTRA_LAZY")
     * @ORM\JoinTable(
     *     name="Follower",
     *     joinColumns={@ORM\JoinColumn(name="userId")},
     *     inverseJoinColumns={@ORM\JoinColumn(name="followerId")}
     * )
     */
    private $following;

    /**
     * @var string
     *
     * @ORM\Column(name="locale", length=2)
     */
    private $locale = 'en';

    /**
     * @var PendingActivation
     *
     * @ORM\Embedded(class="AppBundle\Model\User\PendingActivation")
     */
    private $pendingActivation;

    /**
     * @var ArrayCollection
     *
     * @ORM\ManyToMany(
     *     targetEntity="AppBundle\Model\User\AuthenticationAttempt",
     *     indexBy="username",
     *     orphanRemoval=true,
     *     cascade={"persist"}
     * )
     * @ORM\JoinTable(
     *     name="FailedAuthAttempt2User",
     *     joinColumns={@ORM\JoinColumn(name="userId")},
     *     inverseJoinColumns={@ORM\JoinColumn(name="attemptId")}
     * )
     */
    private $failedAuthentications;

    /**
     * @var ArrayCollection
     *
     * @ORM\ManyToMany(
     *     targetEntity="AppBundle\Model\User\AuthenticationAttempt",
     *     indexBy="username",
     *     orphanRemoval=true,
     *     cascade={"persist"}
     * )
     * @ORM\JoinTable(
     *     name="Auth2User",
     *     joinColumns={@ORM\JoinColumn(name="userId")},
     *     inverseJoinColumns={@ORM\JoinColumn(name="attemptId")}
     * )
     */
    private $authentications;

    /**
     * Factory that fills the required fields of the user.
     *
     * @param string                  $username
     * @param string                  $password
     * @param string                  $email
     * @param PasswordHasherInterface $passwordHasher
     *
     * @return User
     */
    public static function create(string $username, string $password, string $email, PasswordHasherInterface $passwordHasher): self
    {
        $user = new self();
        $user->setOrUpdatePassword($password, $passwordHasher);

        $user->username = $username;
        $user->email    = $email;

        return $user;
    }

    /**
     * Constructor.
     */
    private function __construct()
    {
        $this->id = Uuid::uuid4()->toString();

        $this->roles                 = new ArrayCollection();
        $this->following             = new ArrayCollection();
        $this->failedAuthentications = new ArrayCollection();
        $this->authentications       = new ArrayCollection();

        $this->registrationDate      = new DateTime();
        $this->lastAction            = new DateTime();

        $this->performStateTransition(self::STATE_NEW);
    }

    /**
     * Get id.
     *
     * @return string
     */
    public function getId(): string
    {
        return $this->id;
    }

    /**
     * Get username.
     *
     * @return string
     */
    public function getUsername(): string
    {
        return $this->username;
    }

    /**
     * Set password.
     *
     * @param string                  $password
     * @param PasswordHasherInterface $passwordHasher
     * @param string|null             $old
     *
     * @throws \InvalidArgumentException If the update fails.
     *
     * @return User
     */
    public function setOrUpdatePassword(string $password, PasswordHasherInterface $passwordHasher, string $old = null): self
    {
        if ($this->password && !$passwordHasher->compareWith($this->password, $old)) {
            throw new \InvalidArgumentException('Old password is invalid, but must be given to change it!');
        }

        $this->password = $passwordHasher->generateHash($password);

        return $this;
    }

    /**
     * Get password.
     *
     * @return string
     */
    public function getPassword(): string
    {
        return $this->password;
    }

    /**
     * Get email.
     *
     * @return string
     */
    public function getEmail(): string
    {
        return $this->email;
    }

    /**
     * Get apiKey.
     *
     * @return string
     */
    public function getApiKey()
    {
        return $this->apiKey;
    }

    /**
     * Set lastAction.
     *
     * @return User
     */
    public function updateLastAction(): self
    {
        $this->lastAction = new DateTime();

        return $this;
    }

    /**
     * Get lastAction.
     *
     * @return DateTime
     */
    public function getLastAction(): \DateTime
    {
        return $this->lastAction;
    }

    /**
     * Get registrationDate.
     *
     * @return DateTime
     */
    public function getRegistrationDate(): \DateTime
    {
        return $this->registrationDate;
    }

    /**
     * Set state.
     *
     * @param string $state
     * @param string $key
     *
     * @throws \InvalidArgumentException If no activation key is given.
     * @throws \LogicException           If a locked user receives an invalid state transition.
     *
     * @return User
     */
    public function performStateTransition(string $state, string $key = null): self
    {
        if (!in_array($state, [self::STATE_NEW, self::STATE_APPROVED, self::STATE_LOCKED], true)) {
            throw new \InvalidArgumentException('Invalid state!');
        }

        switch ($state) {
            case self::STATE_APPROVED:
                if (self::STATE_NEW === $this->state) {
                    if (($activationInfo = $this->pendingActivation) && $key !== $activationInfo->getKey()) {
                        throw new \InvalidArgumentException('Invalid activation key given!');
                    }

                    $this->removeActivationKey();
                }
                break;
            case self::STATE_LOCKED:
                if (self::STATE_NEW === $this->state) {
                    throw new \LogicException('Only approved users can be locked!');
                }
                break;
            default:
                $this->pendingActivation = new PendingActivation($this->getRegistrationDate());
        }

        $this->state = $state;

        return $this;
    }

    /**
     * Get state.
     *
     * @return string
     */
    public function getState(): string
    {
        return $this->state;
    }

    /**
     * Get locked.
     *
     * @return bool
     */
    public function isLocked(): bool
    {
        return $this->state === self::STATE_LOCKED;
    }

    /**
     * Checks if the current user is approved.
     *
     * @return bool
     */
    public function isApproved(): bool
    {
        return $this->state === self::STATE_APPROVED;
    }

    /**
     * Set aboutText.
     *
     * @param string $aboutText
     *
     * @return User
     */
    public function setAboutText($aboutText): self
    {
        $this->aboutText = (string) $aboutText;

        return $this;
    }

    /**
     * Get aboutText.
     *
     * @return string
     */
    public function getAboutText(): string
    {
        return $this->aboutText;
    }

    /**
     * Set activationKey.
     *
     * @param string $activationKey
     *
     * @return User
     */
    public function storeUniqueActivationKeyForNonApprovedUser(string $activationKey): self
    {
        if (self::STATE_APPROVED === $this->state || self::STATE_LOCKED === $this->state) {
            throw new \LogicException('Approved users cannot have an activation key!');
        }

        $this->pendingActivation->setKey($activationKey);

        return $this;
    }

    /**
     * Removes the activation key.
     *
     * @return User
     */
    public function removeActivationKey(): self
    {
        if (self::STATE_NEW !== $this->state) {
            throw new \LogicException('Only approved users can remove activation keys!');
        }

        $this->pendingActivation = null;

        return $this;
    }

    /**
     * Adds a role.
     *
     * @param Role $role
     *
     * @throws \InvalidArgumentException If the user is not approved.
     * @throws \LogicException           If the role is already attached.
     *
     * @return User
     */
    public function addRole(Role $role): self
    {
        if (!$this->isApproved()) {
            throw new \InvalidArgumentException('Cannot attach role on non-approved or locked user!');
        }

        if ($this->hasRole($role)) {
            throw new \LogicException(sprintf(
                'Role "%s" already attached at user "%s"!',
                $role->getRole(),
                $this->getUsername()
            ));
        }

        $this->roles->add($role);

        return $this;
    }

    /**
     * Removes a  role.
     *
     * @param Role $role
     *
     * @return User
     */
    public function removeRole(Role $role): self
    {
        if (!$this->hasRole($role)) {
            throw new \LogicException(sprintf('Cannot remove not existing role "%s"!', $role->getRole()));
        }

        $this->roles->removeElement($role);

        return $this;
    }

    /**
     * Checks whether the user has a role.
     *
     * @param Role $role
     *
     * @return bool
     */
    public function hasRole(Role $role): bool
    {
        return $this->roles->exists(function (int $index, Role $userRole) use ($role) {
            return $role->getRole() === $userRole->getRole();
        });
    }

    /**
     * Gets the roles.
     *
     * @return Role[]
     */
    public function getRoles(): array
    {
        return $this->roles->toArray();
    }

    /**
     * Add follower.
     *
     * @param User $user
     *
     * @return User
     */
    public function addFollowing(User $user): self
    {
        $this->following->add($user);

        return $this;
    }

    /**
     * Removes a follower.
     *
     * @param User $user
     *
     * @throws \LogicException If the following user doesn't exist.
     *
     * @return User
     */
    public function removeFollowing(User $user): self
    {
        if (!$this->follows($user)) {
            throw new \LogicException(sprintf(
                'Cannot remove relation with invalid user "%s"!', $user->getUsername()
            ));
        }

        $this->following->removeElement($user);

        return $this;
    }

    /**
     * Checks whether the current user follows a specific user.
     *
     * @param User $user
     *
     * @return bool
     */
    public function follows(User $user): bool
    {
        return $this->following->exists(function ($index, User $following) use ($user) {
            return $following->getId() === $user->getId();
        });
    }

    /**
     * Get followers.
     *
     * @return Role[]
     */
    public function getFollowing(): array
    {
        return $this->following->toArray();
    }

    /**
     * Get locale.
     *
     * @return string
     */
    public function getLocale(): string
    {
        return $this->locale;
    }

    /**
     * Set locale.
     *
     * @param string $locale
     *
     * @throws \InvalidArgumentException If the locale is invalid.
     *
     * @return User
     */
    public function modifyUserLocale(string $locale): self
    {
        if (!(bool) preg_match('/^([a-z]{2})$/', $locale)) {
            throw new \InvalidArgumentException('Invalid locale!');
        }

        $this->locale = (string) $locale;

        return $this;
    }

    /**
     * Get pendingActivation.
     *
     * @return PendingActivation
     */
    public function getPendingActivation()
    {
        return $this->pendingActivation;
    }

    /**
     * Checks whether the user ip is new and if true it will be persisted.
     *
     * @param string                                             $ip
     * @param \AppBundle\Model\User\Util\Date\DateTimeComparison $comparison
     *
     * @return bool
     */
    public function addAndValidateNewUserIp(string $ip, DateTimeComparison $comparison): bool
    {
        if (!($isKnown = $this->isKnownIp($ip))) {
            $attempt = new AuthenticationAttempt();
            $attempt
                ->setIp($ip)
                ->increaseAttemptCount();

            $this->authentications->add($attempt);
            $this->eraseKnownIpFromBadIPList($ip, $comparison);
        }

        return !$isKnown;
    }

    /**
     * Adds one ip of a failed authentication unless its authentication succeeded previously (users may mistype some
     * times).
     *
     * @param string $ip
     *
     * @return User
     */
    public function addFailedAuthenticationWithIp(string $ip): self
    {
        if (!$this->isKnownIp($ip)) {
            if (!($attempt = $this->getAuthAttemptModelByIp($ip, self::FAILED_AUTH_POOL))) {
                $attempt = new AuthenticationAttempt();
                $attempt->setIp($ip);

                $this->failedAuthentications->add($attempt);
            }

            $attempt->increaseAttemptCount();
        }

        return $this;
    }

    /**
     * Checks if one ip exceeds the attempt count.
     *
     * @param string             $ip
     * @param DateTimeComparison $comparison
     *
     * @return bool
     */
    public function exceedsIpFailedAuthAttemptMaximum(string $ip, DateTimeComparison $comparison): bool
    {
        if (!$this->isKnownIp($ip, self::FAILED_AUTH_POOL)) {
            return false;
        }

        return $this->needsAuthWarning($this->getAuthAttemptModelByIp($ip, self::FAILED_AUTH_POOL), $comparison);
    }

    /**
     * Serializes the internal dataset.
     *
     * @return string
     */
    public function serialize(): string
    {
        return serialize([
            $this->id,
            $this->username,
            $this->password,
            $this->email,
            $this->lastAction->getTimestamp(),
            $this->registrationDate->getTimestamp(),
            $this->apiKey,
            $this->state,
            $this->aboutText,
            $this->getRoles(),
            $this->getFollowing(),
            $this->authentications->toArray(),
            $this->failedAuthentications->toArray(),
        ]);
    }

    /**
     * Deserializes the data and re-creates the model.
     *
     * @param string $serialized
     */
    public function unserialize($serialized)
    {
        $data = unserialize($serialized);

        $this->id                    = $data[0];
        $this->username              = $data[1];
        $this->password              = $data[2];
        $this->email                 = $data[3];
        $this->lastAction            = new DateTime(sprintf('@%s', $data[4]));
        $this->registrationDate      = new DateTime(sprintf('@%s', $data[5]));
        $this->apiKey                = $data[6];
        $this->state                 = $data[7];
        $this->aboutText             = $data[8];
        $this->roles                 = new ArrayCollection($data[9]);
        $this->following             = new ArrayCollection($data[10]);
        $this->authentications       = new ArrayCollection($data[11]);
        $this->failedAuthentications = new ArrayCollection($data[12]);
    }

    /**
     * {@inheritdoc}
     */
    public function getSalt()
    {
    }

    /**
     * {@inheritdoc}
     */
    public function eraseCredentials()
    {
    }

    /**
     * Checks whether the following ip is known.
     *
     * @param string $ip
     * @param string $dataSource
     *
     * @return bool
     */
    private function isKnownIp(string $ip, string $dataSource = self::AUTH_ATTEMPT_POOL): bool
    {
        return !empty($this->getAuthAttemptModelByIp($ip, $dataSource));
    }

    /**
     * Gets the auth model by the given ip.
     *
     * @param string $ip
     * @param string $dataSource
     *
     * @return AuthenticationAttempt|null
     */
    private function getAuthAttemptModelByIp($ip, string $dataSource = self::AUTH_ATTEMPT_POOL)
    {
        $authAttempt = null;
        $pool        = $dataSource === self::AUTH_ATTEMPT_POOL
            ? $this->authentications->toArray()
            : $this->failedAuthentications->toArray();

        /** @var AuthenticationAttempt $authenticationAttempt */
        foreach ($pool as $authenticationAttempt) {
            if ((string) $ip === $authenticationAttempt->getIp()) {
                $authAttempt = $authenticationAttempt;
                break;
            }
        }

        return $authAttempt;
    }

    /**
     * Checks if enough failed authentications are done in the past to rise an auth warning.
     *
     * @param AuthenticationAttempt                              $attempt
     * @param \AppBundle\Model\User\Util\Date\DateTimeComparison $comparison
     *
     * @return bool
     */
    private function needsAuthWarning(AuthenticationAttempt $attempt, DateTimeComparison $comparison): bool
    {
        $count = $attempt->getAttemptCount();
        if (self::MAX_FAILED_ATTEMPTS_FROM_IP <= $count) {
            if (($count - 3) === 0) {
                return true;
            }

            return !$this->isPreviouslyLoginFailed('-6 hours', $comparison, true);
        }

        return false;
    }

    /**
     * Erases user IPs from the blacklist.
     *
     * @param string             $ip
     * @param DateTimeComparison $comparison
     */
    private function eraseKnownIpFromBadIPList(string $ip, DateTimeComparison $comparison)
    {
        if ($this->isPreviouslyLoginFailed('-10 minutes', $comparison)) {
            // if it failed before the login, the login may be corrupted,
            // there the information should be kept. The next login won't erase it although there may
            // be a corruption since this will be called at the first login with a new IP only
            return;
        }

        /** @var AuthenticationAttempt $model */
        foreach ($this->failedAuthentications->toArray() as $model) {
            if ($ip === $model->getIp()) {
                $this->failedAuthentications->removeElement($model);
                break;
            }
        }
    }

    /**
     * Checks if the auth failed previously.
     *
     * @param string             $diff
     * @param bool               $ignoreLastAttempts
     * @param DateTimeComparison $comparison
     *
     * @return bool
     */
    private function isPreviouslyLoginFailed(string $diff, DateTimeComparison $comparison, bool $ignoreLastAttempts = false): bool
    {
        return $this->failedAuthentications->exists(
            function (int $index, AuthenticationAttempt $failedAttempt) use ($diff, $ignoreLastAttempts, $comparison) {
                $ipRange = $failedAttempt->getLastFailedAttemptTimesInRange();

                return $comparison(
                    $diff,
                    $failedAttempt->getIp() && $ignoreLastAttempts ? end($ipRange) : $failedAttempt->getLatestFailedAttemptTime()
                );
            }
        );
    }
}


1			<?php
2
3			/*
4			* This file is part of the Sententiaregum project.
5			*
6			* (c) Maximilian Bosch <[email protected]>
7			* (c) Ben Bieler <[email protected]>
8			*
9			* For the full copyright and license information, please view the LICENSE
10			* file that was distributed with this source code.
11			*/
12
13			declare(strict_types=1);
14
15			namespace AppBundle\Model\User;
16
17			use AppBundle\Model\User\Util\Date\DateTimeComparison;
18			use DateTime;
19			use Doctrine\Common\Collections\ArrayCollection;
20			use Doctrine\ORM\Mapping as ORM;
21			use Ma27\ApiKeyAuthenticationBundle\Annotation as Auth;
22			use Ma27\ApiKeyAuthenticationBundle\Model\Password\PasswordHasherInterface;
23			use Ramsey\Uuid\Uuid;
24			use Serializable;
25			use Symfony\Component\Security\Core\User\UserInterface;
26
27			/**
28			* User.
29			*
30			* @author Maximilian Bosch <[email protected]>
31			*
32			* @ORM\Entity(repositoryClass="AppBundle\Service\Doctrine\Repository\UserRepository")
33			* @ORM\Table(name="User", indexes={
34			* @ORM\Index(name="user_lastAction", columns={"last_action"}),
35			* @ORM\Index(name="user_locale", columns={"locale"}),
36			* @ORM\Index(name="user_activation", columns={"username", "pendingActivation_activation_date"})
37			* })
38			* @ORM\Cache(usage="READ_WRITE", region="strict")
39			*/
40			class User implements UserInterface, Serializable
41			{
42			const STATE_NEW = 'new';
43			const STATE_APPROVED = 'approved';
44			const STATE_LOCKED = 'locked';
45			const MAX_FAILED_ATTEMPTS_FROM_IP = 3;
46			const FAILED_AUTH_POOL = 'failed_auths';
47			const AUTH_ATTEMPT_POOL = 'auth_attempts';
48
49			/**
50			* @var string
51			*
52			* @ORM\Id
53			* @ORM\GeneratedValue(strategy="NONE")
54			* @ORM\Column(name="id", type="guid")
55			*/
56			private $id;
57
58			/**
59			* @var string
60			*
61			* @ORM\Column(name="username", type="string", length=50, unique=true)
62			* @Auth\Login
63			*/
64			private $username;
65
66			/**
67			* @var string
68			*
69			* @ORM\Column(name="password", type="string", length=500)
70			* @Auth\Password
71			*/
72			private $password;
73
74			/**
75			* @var string
76			*
77			* @ORM\Column(name="email", type="string", unique=true)
78			*/
79			private $email;
80
81			/**
82			* @var string
83			*
84			* @ORM\Column(name="api_key", type="string", length=200, unique=true, nullable=true)
85			* @Auth\ApiKey
86			*/
87			private $apiKey;
88
89			/**
90			* @var DateTime
91			*
92			* @ORM\Column(name="last_action", type="datetime")
93			* @Auth\LastAction
94			*/
95			private $lastAction;
96
97			/**
98			* @var DateTime
99			*
100			* @ORM\Column(name="registration_date", type="datetime")
101			*/
102			private $registrationDate;
103
104			/**
105			* @var string
106			*
107			* @ORM\Column(name="state", type="string")
108			*/
109			private $state;
110
111			/**
112			* @var string
113			*
114			* @ORM\Column(name="about_text", type="string", nullable=true)
115			*/
116			private $aboutText;
117
118			/**
119			* @var ArrayCollection
120			*
121			* @ORM\ManyToMany(targetEntity="AppBundle\Model\User\Role", indexBy="role")
122			* @ORM\JoinTable(
123			* name="User2Role",
124			* joinColumns={@ORM\JoinColumn(name="userId")},
125			* inverseJoinColumns={@ORM\JoinColumn(name="roleId")}
126			* )
127			*/
128			private $roles;
129
130			/**
131			* @var ArrayCollection
132			*
133			* @ORM\ManyToMany(targetEntity="AppBundle\Model\User\User", indexBy="username", fetch="EXTRA_LAZY")
134			* @ORM\JoinTable(
135			* name="Follower",
136			* joinColumns={@ORM\JoinColumn(name="userId")},
137			* inverseJoinColumns={@ORM\JoinColumn(name="followerId")}
138			* )
139			*/
140			private $following;
141
142			/**
143			* @var string
144			*
145			* @ORM\Column(name="locale", length=2)
146			*/
147			private $locale = 'en';
148
149			/**
150			* @var PendingActivation
151			*
152			* @ORM\Embedded(class="AppBundle\Model\User\PendingActivation")
153			*/
154			private $pendingActivation;
155
156			/**
157			* @var ArrayCollection
158			*
159			* @ORM\ManyToMany(
160			* targetEntity="AppBundle\Model\User\AuthenticationAttempt",
161			* indexBy="username",
162			* orphanRemoval=true,
163			* cascade={"persist"}
164			* )
165			* @ORM\JoinTable(
166			* name="FailedAuthAttempt2User",
167			* joinColumns={@ORM\JoinColumn(name="userId")},
168			* inverseJoinColumns={@ORM\JoinColumn(name="attemptId")}
169			* )
170			*/
171			private $failedAuthentications;
172
173			/**
174			* @var ArrayCollection
175			*
176			* @ORM\ManyToMany(
177			* targetEntity="AppBundle\Model\User\AuthenticationAttempt",
178			* indexBy="username",
179			* orphanRemoval=true,
180			* cascade={"persist"}
181			* )
182			* @ORM\JoinTable(
183			* name="Auth2User",
184			* joinColumns={@ORM\JoinColumn(name="userId")},
185			* inverseJoinColumns={@ORM\JoinColumn(name="attemptId")}
186			* )
187			*/
188			private $authentications;
189
190			/**
191			* Factory that fills the required fields of the user.
192			*
193			* @param string $username
194			* @param string $password
195			* @param string $email
196			* @param PasswordHasherInterface $passwordHasher
197			*
198			* @return User
199			*/
200			public static function create(string $username, string $password, string $email, PasswordHasherInterface $passwordHasher): self
201			{
202			$user = new self();
203			$user->setOrUpdatePassword($password, $passwordHasher);
204
205			$user->username = $username;
206			$user->email = $email;
207
208			return $user;
209			}
210
211			/**
212			* Constructor.
213			*/
214			private function __construct()
215			{
216			$this->id = Uuid::uuid4()->toString();
217
218			$this->roles = new ArrayCollection();
219			$this->following = new ArrayCollection();
220			$this->failedAuthentications = new ArrayCollection();
221			$this->authentications = new ArrayCollection();
222
223			$this->registrationDate = new DateTime();
224			$this->lastAction = new DateTime();
225
226			$this->performStateTransition(self::STATE_NEW);
227			}
228
229			/**
230			* Get id.
231			*
232			* @return string
233			*/
234			public function getId(): string
235			{
236			return $this->id;
237			}
238
239			/**
240			* Get username.
241			*
242			* @return string
243			*/
244			public function getUsername(): string
245			{
246			return $this->username;
247			}
248
249			/**
250			* Set password.
251			*
252			* @param string $password
253			* @param PasswordHasherInterface $passwordHasher
254			* @param string\|null $old
255			*
256			* @throws \InvalidArgumentException If the update fails.
257			*
258			* @return User
259			*/
260			public function setOrUpdatePassword(string $password, PasswordHasherInterface $passwordHasher, string $old = null): self
261			{
262			if ($this->password && !$passwordHasher->compareWith($this->password, $old)) {
263			throw new \InvalidArgumentException('Old password is invalid, but must be given to change it!');
264			}
265
266			$this->password = $passwordHasher->generateHash($password);
267
268			return $this;
269			}
270
271			/**
272			* Get password.
273			*
274			* @return string
275			*/
276			public function getPassword(): string
277			{
278			return $this->password;
279			}
280
281			/**
282			* Get email.
283			*
284			* @return string
285			*/
286			public function getEmail(): string
287			{
288			return $this->email;
289			}
290
291			/**
292			* Get apiKey.
293			*
294			* @return string
295			*/
296			public function getApiKey()
297			{
298			return $this->apiKey;
299			}
300
301			/**
302			* Set lastAction.
303			*
304			* @return User
305			*/
306			public function updateLastAction(): self
307			{
308			$this->lastAction = new DateTime();
309
310			return $this;
311			}
312
313			/**
314			* Get lastAction.
315			*
316			* @return DateTime
317			*/
318			public function getLastAction(): \DateTime
319			{
320			return $this->lastAction;
321			}
322
323			/**
324			* Get registrationDate.
325			*
326			* @return DateTime
327			*/
328			public function getRegistrationDate(): \DateTime
329			{
330			return $this->registrationDate;
331			}
332
333			/**
334			* Set state.
335			*
336			* @param string $state
337			* @param string $key
338			*
339			* @throws \InvalidArgumentException If no activation key is given.
340			* @throws \LogicException If a locked user receives an invalid state transition.
341			*
342			* @return User
343			*/
344			public function performStateTransition(string $state, string $key = null): self
345			{
346			if (!in_array($state, [self::STATE_NEW, self::STATE_APPROVED, self::STATE_LOCKED], true)) {
347			throw new \InvalidArgumentException('Invalid state!');
348			}
349
350			switch ($state) {
351			case self::STATE_APPROVED:
352			if (self::STATE_NEW === $this->state) {
353			if (($activationInfo = $this->pendingActivation) && $key !== $activationInfo->getKey()) {
354			throw new \InvalidArgumentException('Invalid activation key given!');
355			}
356
357			$this->removeActivationKey();
358			}
359			break;
360			case self::STATE_LOCKED:
361			if (self::STATE_NEW === $this->state) {
362			throw new \LogicException('Only approved users can be locked!');
363			}
364			break;
365			default:
366			$this->pendingActivation = new PendingActivation($this->getRegistrationDate());
367			}
368
369			$this->state = $state;
370
371			return $this;
372			}
373
374			/**
375			* Get state.
376			*
377			* @return string
378			*/
379			public function getState(): string
380			{
381			return $this->state;
382			}
383
384			/**
385			* Get locked.
386			*
387			* @return bool
388			*/
389			public function isLocked(): bool
390			{
391			return $this->state === self::STATE_LOCKED;
392			}
393
394			/**
395			* Checks if the current user is approved.
396			*
397			* @return bool
398			*/
399			public function isApproved(): bool
400			{
401			return $this->state === self::STATE_APPROVED;
402			}
403
404			/**
405			* Set aboutText.
406			*
407			* @param string $aboutText
408			*
409			* @return User
410			*/
411			public function setAboutText($aboutText): self
412			{
413			$this->aboutText = (string) $aboutText;
414
415			return $this;
416			}
417
418			/**
419			* Get aboutText.
420			*
421			* @return string
422			*/
423			public function getAboutText(): string
424			{
425			return $this->aboutText;
426			}
427
428			/**
429			* Set activationKey.
430			*
431			* @param string $activationKey
432			*
433			* @return User
434			*/
435			public function storeUniqueActivationKeyForNonApprovedUser(string $activationKey): self
436			{
437			if (self::STATE_APPROVED === $this->state \|\| self::STATE_LOCKED === $this->state) {
438			throw new \LogicException('Approved users cannot have an activation key!');
439			}
440
441			$this->pendingActivation->setKey($activationKey);
442
443			return $this;
444			}
445
446			/**
447			* Removes the activation key.
448			*
449			* @return User
450			*/
451			public function removeActivationKey(): self
452			{
453			if (self::STATE_NEW !== $this->state) {
454			throw new \LogicException('Only approved users can remove activation keys!');
455			}
456
457			$this->pendingActivation = null;
458
459			return $this;
460			}
461
462			/**
463			* Adds a role.
464			*
465			* @param Role $role
466			*
467			* @throws \InvalidArgumentException If the user is not approved.
468			* @throws \LogicException If the role is already attached.
469			*
470			* @return User
471			*/
472			public function addRole(Role $role): self
473			{
474			if (!$this->isApproved()) {
475			throw new \InvalidArgumentException('Cannot attach role on non-approved or locked user!');
476			}
477
478			if ($this->hasRole($role)) {
479			throw new \LogicException(sprintf(
480			'Role "%s" already attached at user "%s"!',
481			$role->getRole(),
482			$this->getUsername()
483			));
484			}
485
486			$this->roles->add($role);
487
488			return $this;
489			}
490
491			/**
492			* Removes a role.
493			*
494			* @param Role $role
495			*
496			* @return User
497			*/
498			public function removeRole(Role $role): self
499			{
500			if (!$this->hasRole($role)) {
501			throw new \LogicException(sprintf('Cannot remove not existing role "%s"!', $role->getRole()));
502			}
503
504			$this->roles->removeElement($role);
505
506			return $this;
507			}
508
509			/**
510			* Checks whether the user has a role.
511			*
512			* @param Role $role
513			*
514			* @return bool
515			*/
516			public function hasRole(Role $role): bool
517			{
518			return $this->roles->exists(function (int $index, Role $userRole) use ($role) {
519			return $role->getRole() === $userRole->getRole();
520			});
521			}
522
523			/**
524			* Gets the roles.
525			*
526			* @return Role[]
527			*/
528			public function getRoles(): array
529			{
530			return $this->roles->toArray();
531			}
532
533			/**
534			* Add follower.
535			*
536			* @param User $user
537			*
538			* @return User
539			*/
540			public function addFollowing(User $user): self
541			{
542			$this->following->add($user);
543
544			return $this;
545			}
546
547			/**
548			* Removes a follower.
549			*
550			* @param User $user
551			*
552			* @throws \LogicException If the following user doesn't exist.
553			*
554			* @return User
555			*/
556			public function removeFollowing(User $user): self
557			{
558			if (!$this->follows($user)) {
559			throw new \LogicException(sprintf(
560			'Cannot remove relation with invalid user "%s"!', $user->getUsername()
561			));
562			}
563
564			$this->following->removeElement($user);
565
566			return $this;
567			}
568
569			/**
570			* Checks whether the current user follows a specific user.
571			*
572			* @param User $user
573			*
574			* @return bool
575			*/
576			public function follows(User $user): bool
577			{
578			return $this->following->exists(function ($index, User $following) use ($user) {
579			return $following->getId() === $user->getId();
580			});
581			}
582
583			/**
584			* Get followers.
585			*
586			* @return Role[]
587			*/
588			public function getFollowing(): array
589			{
590			return $this->following->toArray();
591			}
592
593			/**
594			* Get locale.
595			*
596			* @return string
597			*/
598			public function getLocale(): string
599			{
600			return $this->locale;
601			}
602
603			/**
604			* Set locale.
605			*
606			* @param string $locale
607			*
608			* @throws \InvalidArgumentException If the locale is invalid.
609			*
610			* @return User
611			*/
612			public function modifyUserLocale(string $locale): self
613			{
614			if (!(bool) preg_match('/^([a-z]{2})$/', $locale)) {
615			throw new \InvalidArgumentException('Invalid locale!');
616			}
617
618			$this->locale = (string) $locale;
619
620			return $this;
621			}
622
623			/**
624			* Get pendingActivation.
625			*
626			* @return PendingActivation
627			*/
628			public function getPendingActivation()
629			{
630			return $this->pendingActivation;
631			}
632
633			/**
634			* Checks whether the user ip is new and if true it will be persisted.
635			*
636			* @param string $ip
637			* @param \AppBundle\Model\User\Util\Date\DateTimeComparison $comparison
638			*
639			* @return bool
640			*/
641			public function addAndValidateNewUserIp(string $ip, DateTimeComparison $comparison): bool
642			{
643			if (!($isKnown = $this->isKnownIp($ip))) {
644			$attempt = new AuthenticationAttempt();
645			$attempt
646			->setIp($ip)
647			->increaseAttemptCount();
648
649			$this->authentications->add($attempt);
650			$this->eraseKnownIpFromBadIPList($ip, $comparison);
651			}
652
653			return !$isKnown;
654			}
655
656			/**
657			* Adds one ip of a failed authentication unless its authentication succeeded previously (users may mistype some
658			* times).
659			*
660			* @param string $ip
661			*
662			* @return User
663			*/
664			public function addFailedAuthenticationWithIp(string $ip): self
665			{
666			if (!$this->isKnownIp($ip)) {
667			if (!($attempt = $this->getAuthAttemptModelByIp($ip, self::FAILED_AUTH_POOL))) {
668			$attempt = new AuthenticationAttempt();
669			$attempt->setIp($ip);
670
671			$this->failedAuthentications->add($attempt);
672			}
673
674			$attempt->increaseAttemptCount();
675			}
676
677			return $this;
678			}
679
680			/**
681			* Checks if one ip exceeds the attempt count.
682			*
683			* @param string $ip
684			* @param DateTimeComparison $comparison
685			*
686			* @return bool
687			*/
688			public function exceedsIpFailedAuthAttemptMaximum(string $ip, DateTimeComparison $comparison): bool
689			{
690			if (!$this->isKnownIp($ip, self::FAILED_AUTH_POOL)) {
691			return false;
692			}
693
694			return $this->needsAuthWarning($this->getAuthAttemptModelByIp($ip, self::FAILED_AUTH_POOL), $comparison);
695			}
696
697			/**
698			* Serializes the internal dataset.
699			*
700			* @return string
701			*/
702			public function serialize(): string
703			{
704			return serialize([
705			$this->id,
706			$this->username,
707			$this->password,
708			$this->email,
709			$this->lastAction->getTimestamp(),
710			$this->registrationDate->getTimestamp(),
711			$this->apiKey,
712			$this->state,
713			$this->aboutText,
714			$this->getRoles(),
715			$this->getFollowing(),
716			$this->authentications->toArray(),
717			$this->failedAuthentications->toArray(),
718			]);
719			}
720
721			/**
722			* Deserializes the data and re-creates the model.
723			*
724			* @param string $serialized
725			*/
726			public function unserialize($serialized)
727			{
728			$data = unserialize($serialized);
729
730			$this->id = $data[0];
731			$this->username = $data[1];
732			$this->password = $data[2];
733			$this->email = $data[3];
734			$this->lastAction = new DateTime(sprintf('@%s', $data[4]));
735			$this->registrationDate = new DateTime(sprintf('@%s', $data[5]));
736			$this->apiKey = $data[6];
737			$this->state = $data[7];
738			$this->aboutText = $data[8];
739			$this->roles = new ArrayCollection($data[9]);
740			$this->following = new ArrayCollection($data[10]);
741			$this->authentications = new ArrayCollection($data[11]);
742			$this->failedAuthentications = new ArrayCollection($data[12]);
743			}
744
745			/**
746			* {@inheritdoc}
747			*/
748			public function getSalt()
749			{
750			}
751
752			/**
753			* {@inheritdoc}
754			*/
755			public function eraseCredentials()
756			{
757			}
758
759			/**
760			* Checks whether the following ip is known.
761			*
762			* @param string $ip
763			* @param string $dataSource
764			*
765			* @return bool
766			*/
767			private function isKnownIp(string $ip, string $dataSource = self::AUTH_ATTEMPT_POOL): bool
768			{
769			return !empty($this->getAuthAttemptModelByIp($ip, $dataSource));
770			}
771
772			/**
773			* Gets the auth model by the given ip.
774			*
775			* @param string $ip
776			* @param string $dataSource
777			*
778			* @return AuthenticationAttempt\|null
779			*/
780			private function getAuthAttemptModelByIp($ip, string $dataSource = self::AUTH_ATTEMPT_POOL)
781			{
782			$authAttempt = null;
783			$pool = $dataSource === self::AUTH_ATTEMPT_POOL
784			? $this->authentications->toArray()
785			: $this->failedAuthentications->toArray();
786
787			/** @var AuthenticationAttempt $authenticationAttempt */
788			foreach ($pool as $authenticationAttempt) {
789			if ((string) $ip === $authenticationAttempt->getIp()) {
790			$authAttempt = $authenticationAttempt;
791			break;
792			}
793			}
794
795			return $authAttempt;
796			}
797
798			/**
799			* Checks if enough failed authentications are done in the past to rise an auth warning.
800			*
801			* @param AuthenticationAttempt $attempt
802			* @param \AppBundle\Model\User\Util\Date\DateTimeComparison $comparison
803			*
804			* @return bool
805			*/
806			private function needsAuthWarning(AuthenticationAttempt $attempt, DateTimeComparison $comparison): bool
807			{
808			$count = $attempt->getAttemptCount();
809			if (self::MAX_FAILED_ATTEMPTS_FROM_IP <= $count) {
810			if (($count - 3) === 0) {
811			return true;
812			}
813
814			return !$this->isPreviouslyLoginFailed('-6 hours', $comparison, true);
815			}
816
817			return false;
818			}
819
820			/**
821			* Erases user IPs from the blacklist.
822			*
823			* @param string $ip
824			* @param DateTimeComparison $comparison
825			*/
826			private function eraseKnownIpFromBadIPList(string $ip, DateTimeComparison $comparison)
827			{
828			if ($this->isPreviouslyLoginFailed('-10 minutes', $comparison)) {
829			// if it failed before the login, the login may be corrupted,
830			// there the information should be kept. The next login won't erase it although there may
831			// be a corruption since this will be called at the first login with a new IP only
832			return;
833			}
834
835			/** @var AuthenticationAttempt $model */
836			foreach ($this->failedAuthentications->toArray() as $model) {
837			if ($ip === $model->getIp()) {
838			$this->failedAuthentications->removeElement($model);
839			break;
840			}
841			}
842			}
843
844			/**
845			* Checks if the auth failed previously.
846			*
847			* @param string $diff
848			* @param bool $ignoreLastAttempts
849			* @param DateTimeComparison $comparison
850			*
851			* @return bool
852			*/
853			private function isPreviouslyLoginFailed(string $diff, DateTimeComparison $comparison, bool $ignoreLastAttempts = false): bool
854			{
855			return $this->failedAuthentications->exists(
856			function (int $index, AuthenticationAttempt $failedAttempt) use ($diff, $ignoreLastAttempts, $comparison) {
857			$ipRange = $failedAttempt->getLastFailedAttemptTimesInRange();
858
859			return $comparison(
860			$diff,
861			$failedAttempt->getIp() && $ignoreLastAttempts ? end($ipRange) : $failedAttempt->getLatestFailedAttemptTime()
862			);
863			}
864			);
865			}
866			}
867

Sententiaregum / Sententiaregum

Push — master ( 8a3e9b...ad7ada )

User::isApproved() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like