HttpBasicAuthenticationPlugin::getCredentials() - Code Metrics - Inspection of "WIP: Add support for an input stream to HttpReques..." - Vectorface/SnappyRouter - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — dev (#11)

unknown

created 2016-06-24 18:53 UTC

HttpBasicAuthenticationPlugin::getCredentials() A

↳ Parent: HttpBasicAuthenticationPlugin

Complexity

Conditions	2
Paths	2

Size

Total Lines	7
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	4
CRAP Score	2

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	7
ccs	4
cts	4
cp	1
rs	9.4285
cc	2
eloc	4
nc	2
nop	0
crap	2

<?php

namespace Vectorface\SnappyRouter\Plugin\Authentication;

use Vectorface\SnappyRouter\Exception\UnauthorizedException;
use Vectorface\SnappyRouter\Handler\AbstractHandler;

/**
 * A plugin to make use of PHP's built-in Auth support to provide HTTP/Basic authentication.
 *
 * Note: This class expects the AuthMechanism DI key set to an AuthenticatorInterface instance.
 *
 * @copyright Copyright (c) 2014, VectorFace, Inc.
 * @author J. Anderson <[email protected]>
 * @author Dan Bruce   <[email protected]>
 */
class HttpBasicAuthenticationPlugin extends AbstractAuthenticationPlugin
{
    /** The authentication realm, usually presented to the user in a
        username/password dialog box. */
    private $realm = "Authentication Required";

    /**
     * Create a new HTTP/Basic Authentication plugin.
     *
     * @param array $options An associative array of options. Supports AuthMechanism and realm options.
     */
    public function __construct($options)
    {
        parent::__construct($options);

        if (!empty($options['realm'])) {
            $this->realm = $options['realm'];
        }
    }

    /**
     * Invoked directly after the router decides which handler will be used.
     * @param AbstractHandler $handler The handler selected by the router.
     */
    public function afterHandlerSelected(AbstractHandler $handler)
    {
        try {
            parent::afterHandlerSelected($handler);
        } catch (UnauthorizedException $e) {
            @header(sprintf('WWW-Authenticate: Basic realm="%s"', $this->realm));
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
            throw $e;
        }
    }

    /**
     * Extract credentials from the request, PHP's PHP_AUTH_(USER|PW) server variables in this case.
     *
     * @return mixed An array of credentials; A username and password pair, or false if credentials aren't available
     */
    public function getCredentials()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if (isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
            return array($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
        }
        return false;
    }
}


1		<?php
2
3		namespace Vectorface\SnappyRouter\Plugin\Authentication;
4
5		use Vectorface\SnappyRouter\Exception\UnauthorizedException;
6		use Vectorface\SnappyRouter\Handler\AbstractHandler;
7
8		/**
9		* A plugin to make use of PHP's built-in Auth support to provide HTTP/Basic authentication.
10		*
11		* Note: This class expects the AuthMechanism DI key set to an AuthenticatorInterface instance.
12		*
13		* @copyright Copyright (c) 2014, VectorFace, Inc.
14		* @author J. Anderson <[email protected]>
15		* @author Dan Bruce <[email protected]>
16		*/
17		class HttpBasicAuthenticationPlugin extends AbstractAuthenticationPlugin
18		{
19		/** The authentication realm, usually presented to the user in a
20		username/password dialog box. */
21		private $realm = "Authentication Required";
22
23		/**
24		* Create a new HTTP/Basic Authentication plugin.
25		*
26		* @param array $options An associative array of options. Supports AuthMechanism and realm options.
27		*/
28	1	public function __construct($options)
29		{
30	1	parent::__construct($options);
31
32	1	if (!empty($options['realm'])) {
33	1	$this->realm = $options['realm'];
34	1	}
35	1	}
36
37		/**
38		* Invoked directly after the router decides which handler will be used.
39		* @param AbstractHandler $handler The handler selected by the router.
40		*/
41	1	public function afterHandlerSelected(AbstractHandler $handler)
42		{
43		try {
44	1	parent::afterHandlerSelected($handler);
45	1	} catch (UnauthorizedException $e) {
46	1	@header(sprintf('WWW-Authenticate: Basic realm="%s"', $this->realm));
		0 ignored issues – show Security Best Practice introduced 2016-04-26 14:02 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
47	1	throw $e;
48		}
49	1	}
50
51		/**
52		* Extract credentials from the request, PHP's PHP_AUTH_(USER\|PW) server variables in this case.
53		*
54		* @return mixed An array of credentials; A username and password pair, or false if credentials aren't available
55		*/
56	1	public function getCredentials()
		0 ignored issues – show Coding Style introduced 2016-04-26 14:02 UTC by Report Bug Copy Issue Report `getCredentials` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
57		{
58	1	if (isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
59	1	return array($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
60		}
61	1	return false;
62		}
63		}
64

Vectorface / SnappyRouter

Pull Request — dev (#11)

HttpBasicAuthenticationPlugin::getCredentials() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like