RateLimiterFactory - Code Metrics - Inspection of "[FEATURE] Introduce rate limiter for failed logins" - TYPO3/TYPO3.CMS - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( ef2180...939003 )

unknown

created 2021-07-06 10:00 UTC

RateLimiterFactory A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	32
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
wmc	5
eloc	20
c	1
b	0
f	0
dl	0
loc	32
rs	10

2 Methods

Rating	Name	Duplication	Size	Complexity
A	createLoginRateLimiter()	0	24	4
A	isIpExcluded()	0	4	1

<?php

declare(strict_types=1);

/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */

namespace TYPO3\CMS\Core\RateLimiter;

use Psr\Http\Message\ServerRequestInterface;
use Symfony\Component\RateLimiter\LimiterInterface;
use Symfony\Component\RateLimiter\RateLimiterFactory as SymfonyRateLimiterFactory;
use Symfony\Component\RateLimiter\Storage\InMemoryStorage;
use TYPO3\CMS\Core\Authentication\AbstractUserAuthentication;
use TYPO3\CMS\Core\Http\NormalizedParams;
use TYPO3\CMS\Core\RateLimiter\Storage\CachingFrameworkStorage;
use TYPO3\CMS\Core\Utility\GeneralUtility;

/**
 * @internal This is not part of the official TYPO3 Core API due to a limitation of the experimental Symfony Rate Limiter API.
 */
class RateLimiterFactory
{
    public function createLoginRateLimiter(AbstractUserAuthentication $userAuthentication, ServerRequestInterface $request): LimiterInterface
    {
        $loginType = $userAuthentication->loginType;
        $normalizedParams = $request->getAttribute('normalizedParams') ?? NormalizedParams::createFromRequest($request);
        $remoteIp = $normalizedParams->getRemoteAddress();
        $limiterId = sha1('typo3-login-' . $loginType);
        $limit = (int)($GLOBALS['TYPO3_CONF_VARS'][$loginType]['loginRateLimit'] ?? 5);
        $interval = $GLOBALS['TYPO3_CONF_VARS'][$loginType]['loginRateLimitInterval'] ?? '15 minutes';

        // If not enabled, return a null limiter
        $enabled = !$this->isIpExcluded($loginType, $remoteIp) && $limit > 0;

        $config = [
            'id' => $limiterId,
            'policy' => ($enabled ? 'sliding_window' : 'no_limit'),
            'limit' => $limit,
            'interval' => $interval,
        ];
        $storage = ($enabled ? GeneralUtility::makeInstance(CachingFrameworkStorage::class) : new InMemoryStorage());
        $limiterFactory = new SymfonyRateLimiterFactory(
            $config,
            $storage
        );
        return $limiterFactory->create($remoteIp);
    }

    protected function isIpExcluded(string $loginType, string $remoteAddress): bool
    {
        $ipMask = trim($GLOBALS['TYPO3_CONF_VARS'][$loginType]['loginRateLimitIpExcludeList'] ?? '');
        return GeneralUtility::cmpIP($remoteAddress, $ipMask);
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* This file is part of the TYPO3 CMS project.
7			*
8			* It is free software; you can redistribute it and/or modify it under
9			* the terms of the GNU General Public License, either version 2
10			* of the License, or any later version.
11			*
12			* For the full copyright and license information, please read the
13			* LICENSE.txt file that was distributed with this source code.
14			*
15			* The TYPO3 project - inspiring people to share!
16			*/
17
18			namespace TYPO3\CMS\Core\RateLimiter;
19
20			use Psr\Http\Message\ServerRequestInterface;
21			use Symfony\Component\RateLimiter\LimiterInterface;
22			use Symfony\Component\RateLimiter\RateLimiterFactory as SymfonyRateLimiterFactory;
23			use Symfony\Component\RateLimiter\Storage\InMemoryStorage;
24			use TYPO3\CMS\Core\Authentication\AbstractUserAuthentication;
25			use TYPO3\CMS\Core\Http\NormalizedParams;
26			use TYPO3\CMS\Core\RateLimiter\Storage\CachingFrameworkStorage;
27			use TYPO3\CMS\Core\Utility\GeneralUtility;
28
29			/**
30			* @internal This is not part of the official TYPO3 Core API due to a limitation of the experimental Symfony Rate Limiter API.
31			*/
32			class RateLimiterFactory
33			{
34			public function createLoginRateLimiter(AbstractUserAuthentication $userAuthentication, ServerRequestInterface $request): LimiterInterface
35			{
36			$loginType = $userAuthentication->loginType;
37			$normalizedParams = $request->getAttribute('normalizedParams') ?? NormalizedParams::createFromRequest($request);
38			$remoteIp = $normalizedParams->getRemoteAddress();
39			$limiterId = sha1('typo3-login-' . $loginType);
40			$limit = (int)($GLOBALS['TYPO3_CONF_VARS'][$loginType]['loginRateLimit'] ?? 5);
41			$interval = $GLOBALS['TYPO3_CONF_VARS'][$loginType]['loginRateLimitInterval'] ?? '15 minutes';
42
43			// If not enabled, return a null limiter
44			$enabled = !$this->isIpExcluded($loginType, $remoteIp) && $limit > 0;
45
46			$config = [
47			'id' => $limiterId,
48			'policy' => ($enabled ? 'sliding_window' : 'no_limit'),
49			'limit' => $limit,
50			'interval' => $interval,
51			];
52			$storage = ($enabled ? GeneralUtility::makeInstance(CachingFrameworkStorage::class) : new InMemoryStorage());
53			$limiterFactory = new SymfonyRateLimiterFactory(
54			$config,
55			$storage
56			);
57			return $limiterFactory->create($remoteIp);
58			}
59
60			protected function isIpExcluded(string $loginType, string $remoteAddress): bool
61			{
62			$ipMask = trim($GLOBALS['TYPO3_CONF_VARS'][$loginType]['loginRateLimitIpExcludeList'] ?? '');
63			return GeneralUtility::cmpIP($remoteAddress, $ipMask);
64			}
65			}
66

TYPO3 / TYPO3.CMS

Push — master ( ef2180...939003 )

RateLimiterFactory A

Complexity

Size/Duplication

Importance

2 Methods

Duplication Side-by-Side

Filter issues like