Issues in RegistrationController.php (master) - Issues in master - Spomky-Labs/u2f-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (16)

src/Controller/RegistrationController.php (3 issues)

Labels

Bug 2

Severity

<?php

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2018 Spomky-Labs
 *
 * This software may be modified and distributed under the terms
 * of the MIT license.  See the LICENSE file for details.
 */

namespace U2FAuthentication\Bundle\Controller;

use Symfony\Component\EventDispatcher\EventDispatcherInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use U2FAuthentication\Bundle\Event\Events;
use U2FAuthentication\Bundle\Event\RegistrationRequestIssuedEvent;
use U2FAuthentication\Bundle\Event\RegistrationResponseInvalidEvent;
use U2FAuthentication\Bundle\Event\RegistrationResponseValidatedEvent;
use U2FAuthentication\Bundle\Model\HasRegisteredKeys;
use U2FAuthentication\RegistrationRequest;
filter:
    dependency_paths: ["lib/*"]
use U2FAuthentication\RegistrationResponse;
filter:
    dependency_paths: ["lib/*"]

class RegistrationController
{
    /**
     * @var string
     */
    private $applicationId;

    /**
     * @var TokenStorageInterface
     */
    private $tokenStorage;

    /**
     * @var array
     */
    private $issuerCertificates;

    /**
     * @var EventDispatcherInterface
     */
    private $eventDispatcher;

    /**
     * RegistrationController constructor.
     *
     * @param EventDispatcherInterface $eventDispatcher
     * @param TokenStorageInterface    $tokenStorage
     * @param string                   $applicationId
     * @param array                    $issuerCertificates
     */
    public function __construct(EventDispatcherInterface $eventDispatcher, TokenStorageInterface $tokenStorage, string $applicationId, array $issuerCertificates)
    {
        $this->eventDispatcher = $eventDispatcher;
        $this->tokenStorage = $tokenStorage;
        $this->applicationId = $applicationId;
        $this->issuerCertificates = $issuerCertificates;
    }

    /**
     * @param Request $request
     *
     * @return JsonResponse
     */
    public function getRegistrationRequestAction(Request $request): JsonResponse
    {
        $user = $this->getUser();

        try {
            $registrationRequest = RegistrationRequest::create($this->applicationId, $user->getRegisteredKeys());
            $request->getSession()->set('U2F_REGISTRATION_REQUEST', $registrationRequest);
            $this->eventDispatcher->dispatch(
                Events::U2F_REGISTRATION_REQUEST_ISSUED,
                new RegistrationRequestIssuedEvent($user, $registrationRequest)
            );

            return new JsonResponse($registrationRequest);
        } catch (\Exception $e) {
            throw new HttpException(500, 'An error occurred during the creation of the registration request.', $e);
        }
    }

    /**
     * @param Request $request
     *
     * @return JsonResponse
     */
    public function postRegistrationRequestAction(Request $request): JsonResponse
    {
        $user = $this->getUser();
        $registrationRequest = $request->getSession()->get('U2F_REGISTRATION_REQUEST');
        if (!$registrationRequest instanceof RegistrationRequest) {
            throw new HttpException(400, 'The registration request is missing');
        }
        $request->getSession()->remove('U2F_REGISTRATION_REQUEST');

        $data = $request->request->all();
        $registrationResponse = RegistrationResponse::create($data);

        if (!$registrationResponse->isValid($registrationRequest, $this->issuerCertificates)) {
            $this->eventDispatcher->dispatch(
                Events::U2F_REGISTRATION_RESPONSE_INVALID,
                new RegistrationResponseInvalidEvent($user, $registrationResponse)
            );

            throw new HttpException(400, 'The registration response is invalid');
        }

        $this->eventDispatcher->dispatch(
            Events::U2F_REGISTRATION_RESPONSE_VALIDATED,
            new RegistrationResponseValidatedEvent($user, $registrationResponse)
        );

        return new JsonResponse(['registered' => 'ok'], 204);
    }

    /**
     * @return HasRegisteredKeys
     */
    private function getUser(): HasRegisteredKeys
    {
        $token = $this->tokenStorage->getToken();
        if (null === $token) {
            throw new AccessDeniedHttpException('The user must be connected');
        }
        $user = $token->getUser();
        if (null === $user) {

            throw new AccessDeniedHttpException('The user must be connected');
        }
        if (!$user instanceof HasRegisteredKeys) {
            throw new AccessDeniedHttpException('The user does not support the U2F keys');
        }

        return $user;
    }
}


1			<?php
2
3			/*
4			* The MIT License (MIT)
5			*
6			* Copyright (c) 2018 Spomky-Labs
7			*
8			* This software may be modified and distributed under the terms
9			* of the MIT license. See the LICENSE file for details.
10			*/
11
12			namespace U2FAuthentication\Bundle\Controller;
13
14			use Symfony\Component\EventDispatcher\EventDispatcherInterface;
15			use Symfony\Component\HttpFoundation\JsonResponse;
16			use Symfony\Component\HttpFoundation\Request;
17			use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
18			use Symfony\Component\HttpKernel\Exception\HttpException;
19			use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
20			use U2FAuthentication\Bundle\Event\Events;
21			use U2FAuthentication\Bundle\Event\RegistrationRequestIssuedEvent;
22			use U2FAuthentication\Bundle\Event\RegistrationResponseInvalidEvent;
23			use U2FAuthentication\Bundle\Event\RegistrationResponseValidatedEvent;
24			use U2FAuthentication\Bundle\Model\HasRegisteredKeys;
25			use U2FAuthentication\RegistrationRequest;
			0 ignored issues – show Bug introduced 2018-09-13 21:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `U2FAuthentication\RegistrationRequest` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
26			use U2FAuthentication\RegistrationResponse;
			0 ignored issues – show Bug introduced 2018-09-13 21:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `U2FAuthentication\RegistrationResponse` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
27
28			class RegistrationController
29			{
30			/**
31			* @var string
32			*/
33			private $applicationId;
34
35			/**
36			* @var TokenStorageInterface
37			*/
38			private $tokenStorage;
39
40			/**
41			* @var array
42			*/
43			private $issuerCertificates;
44
45			/**
46			* @var EventDispatcherInterface
47			*/
48			private $eventDispatcher;
49
50			/**
51			* RegistrationController constructor.
52			*
53			* @param EventDispatcherInterface $eventDispatcher
54			* @param TokenStorageInterface $tokenStorage
55			* @param string $applicationId
56			* @param array $issuerCertificates
57			*/
58			public function __construct(EventDispatcherInterface $eventDispatcher, TokenStorageInterface $tokenStorage, string $applicationId, array $issuerCertificates)
59			{
60			$this->eventDispatcher = $eventDispatcher;
61			$this->tokenStorage = $tokenStorage;
62			$this->applicationId = $applicationId;
63			$this->issuerCertificates = $issuerCertificates;
64			}
65
66			/**
67			* @param Request $request
68			*
69			* @return JsonResponse
70			*/
71			public function getRegistrationRequestAction(Request $request): JsonResponse
72			{
73			$user = $this->getUser();
74
75			try {
76			$registrationRequest = RegistrationRequest::create($this->applicationId, $user->getRegisteredKeys());
77			$request->getSession()->set('U2F_REGISTRATION_REQUEST', $registrationRequest);
78			$this->eventDispatcher->dispatch(
79			Events::U2F_REGISTRATION_REQUEST_ISSUED,
80			new RegistrationRequestIssuedEvent($user, $registrationRequest)
81			);
82
83			return new JsonResponse($registrationRequest);
84			} catch (\Exception $e) {
85			throw new HttpException(500, 'An error occurred during the creation of the registration request.', $e);
86			}
87			}
88
89			/**
90			* @param Request $request
91			*
92			* @return JsonResponse
93			*/
94			public function postRegistrationRequestAction(Request $request): JsonResponse
95			{
96			$user = $this->getUser();
97			$registrationRequest = $request->getSession()->get('U2F_REGISTRATION_REQUEST');
98			if (!$registrationRequest instanceof RegistrationRequest) {
99			throw new HttpException(400, 'The registration request is missing');
100			}
101			$request->getSession()->remove('U2F_REGISTRATION_REQUEST');
102
103			$data = $request->request->all();
104			$registrationResponse = RegistrationResponse::create($data);
105
106			if (!$registrationResponse->isValid($registrationRequest, $this->issuerCertificates)) {
107			$this->eventDispatcher->dispatch(
108			Events::U2F_REGISTRATION_RESPONSE_INVALID,
109			new RegistrationResponseInvalidEvent($user, $registrationResponse)
110			);
111
112			throw new HttpException(400, 'The registration response is invalid');
113			}
114
115			$this->eventDispatcher->dispatch(
116			Events::U2F_REGISTRATION_RESPONSE_VALIDATED,
117			new RegistrationResponseValidatedEvent($user, $registrationResponse)
118			);
119
120			return new JsonResponse(['registered' => 'ok'], 204);
121			}
122
123			/**
124			* @return HasRegisteredKeys
125			*/
126			private function getUser(): HasRegisteredKeys
127			{
128			$token = $this->tokenStorage->getToken();
129			if (null === $token) {
130			throw new AccessDeniedHttpException('The user must be connected');
131			}
132			$user = $token->getUser();
133			if (null === $user) {
			0 ignored issues – show introduced 2018-09-13 21:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `null === $user` is always `false`. Loading history...
134			throw new AccessDeniedHttpException('The user must be connected');
135			}
136			if (!$user instanceof HasRegisteredKeys) {
137			throw new AccessDeniedHttpException('The user does not support the U2F keys');
138			}
139
140			return $user;
141			}
142			}
143

Spomky-Labs / u2f-bundle

Issues (16)

src/Controller/RegistrationController.php (3 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like