QRCode::setAllowInsecureCallToGoogleApis() - Code Metrics - Inspection of "Merge branch 'master' of https://github.com/antoni..." - antonioribeiro/google2fa - Measure and Improve Code Quality continuously with Scrutinizer

Test Failed

Push — master ( 3847f7...ca643e )

by Antonio Carlos

created 2018-03-07 18:49 UTC

QRCode::setAllowInsecureCallToGoogleApis() A

↳ Parent: QRCode

Complexity

Conditions	1
Paths	1

Size

Total Lines	5
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	2

Importance

Changes

Metric	Value
dl	0
loc	5
ccs	0
cts	0
cp	0
rs	9.4285
c	0
b	0
f	0
cc	1
eloc	2
nc	1
nop	1
crap	2

<?php

namespace PragmaRX\Google2FA\Support;

use BaconQrCode\Renderer\Image\Png;
use BaconQrCode\Writer as BaconQrCodeWriter;
use Exception;

trait QRCode
{
    /**
     * Sending your secret key to Google API is a security issue. Developer must explicitly allow it.
     */
    protected $allowInsecureCallToGoogleApis = false;

    /**
     * Creates a Google QR code url.
     *
     * @param string $company
     * @param string $holder
     * @param string $secret
     * @param int $size
     * @return string
     * @throws Exception
     */
    public function getQRCodeGoogleUrl($company, $holder, $secret, $size = 200)
    {
        if (! $this->allowInsecureCallToGoogleApis) {
            throw new Exception('It\'s not secure to send secret keys to Google Apis, you have to explicitly allow it by calling $google2fa->setAllowInsecureCallToGoogleApis(true).');
        }

        $url = $this->getQRCodeUrl($company, $holder, $secret);

        return Url::generateGoogleQRCodeUrl('https://chart.googleapis.com/', 'chart', 'chs='.$size.'x'.$size.'&chld=M|0&cht=qr&chl=', $url);
    }

    /**
     * Generates a QR code data url to display inline.
     *
     * @param string $company
     * @param string $holder
     * @param string $secret
     * @param int    $size
     * @param string $encoding Default to UTF-8
     *
     * @return string
     */
    public function getQRCodeInline($company, $holder, $secret, $size = 200, $encoding = 'utf-8')
    {
        $url = $this->getQRCodeUrl($company, $holder, $secret);

        $renderer = new Png();
        $renderer->setWidth($size);
        $renderer->setHeight($size);

        $bacon = new BaconQrCodeWriter($renderer);
        $data = $bacon->writeString($url, $encoding);

        return 'data:image/png;base64,'.base64_encode($data);
    }

    /**
     * Creates a QR code url.
     *
     * @param $company
     * @param $holder
     * @param $secret
     *
     * @return string
     */
    public function getQRCodeUrl($company, $holder, $secret)
    {
        return 'otpauth://totp/'.rawurlencode($company).':'.rawurlencode($holder).'?secret='.$secret.'&issuer='.rawurlencode($company).'';
    }

    /**
     * AllowInsecureCallToGoogleApis setter.
     *
     * @param mixed $allowInsecureCallToGoogleApis
     * @return QRCode
     */
    public function setAllowInsecureCallToGoogleApis($allowInsecureCallToGoogleApis)
    {
        $this->allowInsecureCallToGoogleApis = $allowInsecureCallToGoogleApis;

        return $this;
    }
}


1		<?php
2
3		namespace PragmaRX\Google2FA\Support;
4
5		use BaconQrCode\Renderer\Image\Png;
6		use BaconQrCode\Writer as BaconQrCodeWriter;
7		use Exception;
8
9		trait QRCode
10		{
11		/**
12		* Sending your secret key to Google API is a security issue. Developer must explicitly allow it.
13		*/
14		protected $allowInsecureCallToGoogleApis = false;
15
16		/**
17		* Creates a Google QR code url.
18		*
19		* @param string $company
20	1	* @param string $holder
21		* @param string $secret
22	1	* @param int $size
23		* @return string
24	1	* @throws Exception
25		*/
26		public function getQRCodeGoogleUrl($company, $holder, $secret, $size = 200)
27		{
28		if (! $this->allowInsecureCallToGoogleApis) {
29		throw new Exception('It\'s not secure to send secret keys to Google Apis, you have to explicitly allow it by calling $google2fa->setAllowInsecureCallToGoogleApis(true).');
30		}
31
32		$url = $this->getQRCodeUrl($company, $holder, $secret);
33
34		return Url::generateGoogleQRCodeUrl('https://chart.googleapis.com/', 'chart', 'chs='.$size.'x'.$size.'&chld=M\|0&cht=qr&chl=', $url);
35		}
36
37		/**
38	1	* Generates a QR code data url to display inline.
39		*
40	1	* @param string $company
41		* @param string $holder
42	1	* @param string $secret
43	1	* @param int $size
44	1	* @param string $encoding Default to UTF-8
45		*
46	1	* @return string
47	1	*/
48		public function getQRCodeInline($company, $holder, $secret, $size = 200, $encoding = 'utf-8')
49	1	{
50		$url = $this->getQRCodeUrl($company, $holder, $secret);
51
52		$renderer = new Png();
53		$renderer->setWidth($size);
54		$renderer->setHeight($size);
55
56		$bacon = new BaconQrCodeWriter($renderer);
57		$data = $bacon->writeString($url, $encoding);
58
59		return 'data:image/png;base64,'.base64_encode($data);
60		}
61	2
62		/**
63	2	* Creates a QR code url.
64		*
65		* @param $company
66		* @param $holder
67		* @param $secret
68		*
69		* @return string
70		*/
71		public function getQRCodeUrl($company, $holder, $secret)
72		{
73		return 'otpauth://totp/'.rawurlencode($company).':'.rawurlencode($holder).'?secret='.$secret.'&issuer='.rawurlencode($company).'';
74		}
75
76		/**
77		* AllowInsecureCallToGoogleApis setter.
78		*
79		* @param mixed $allowInsecureCallToGoogleApis
80		* @return QRCode
81		*/
82		public function setAllowInsecureCallToGoogleApis($allowInsecureCallToGoogleApis)
83		{
84		$this->allowInsecureCallToGoogleApis = $allowInsecureCallToGoogleApis;
85
86		return $this;
87		}
88		}
89

antonioribeiro / google2fa

Push — master ( 3847f7...ca643e )

QRCode::setAllowInsecureCallToGoogleApis() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like