ResetsPasswords::reset() - Code Metrics - Inspection of "Fix #6 Prevent password reset bypassing email conf..." - beyondcode/laravel-confirm-email - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#7)

unknown

created 2018-05-26 00:15 UTC

ResetsPasswords::reset() B

↳ Parent: ResetsPasswords

Complexity

Conditions	3
Paths	3

Size

Total Lines	35
Code Lines	14

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	35
rs	8.8571
cc	3
eloc	14
nc	3
nop	1

<?php

namespace BeyondCode\EmailConfirmation\Traits;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Password;

trait ResetsPasswords
{
    use \Illuminate\Foundation\Auth\ResetsPasswords;

    /**
     * Reset the given user's password.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
     */
    public function reset(Request $request)
    {
        $this->validate($request, $this->rules(), $this->validationErrorMessages());
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}

        $user = $this->broker()->getUser($this->credentials($request));

        // If the user hasn't confirmed their email address,
        // we will redirect them back with their error message.
        if (is_null($user->confirmed_at)) {

            session(['confirmation_user_id' => $user->getKey()]);

            return redirect()->back()->with(
                'confirmation', __('confirmation::confirmation.not_confirmed', [
                    'resend_link' => route('auth.resend_confirmation')
                ])
            );
        }

        // Here we will attempt to reset the user's password. If it is successful we
        // will update the password on an actual user model and persist it to the
        // database. Otherwise we will parse the error and return the response.
        $response = $this->broker()->reset(
            $this->credentials($request), function ($user, $password) {
            $this->resetPassword($user, $password);
        }
        );

        // If the password was successfully reset, we will redirect the user back to
        // the application's home authenticated view. If there is an error we can
        // redirect them back to where they came from with their error message.
        return $response == Password::PASSWORD_RESET
            ? $this->sendResetResponse($response)
            : $this->sendResetFailedResponse($request, $response);
    }
}

1			<?php
2
3			namespace BeyondCode\EmailConfirmation\Traits;
4
5			use Illuminate\Http\Request;
6			use Illuminate\Support\Facades\Password;
7
8			trait ResetsPasswords
9			{
10			use \Illuminate\Foundation\Auth\ResetsPasswords;
11
12			/**
13			* Reset the given user's password.
14			*
15			* @param \Illuminate\Http\Request $request
16			* @return \Illuminate\Http\RedirectResponse\|\Illuminate\Http\JsonResponse
17			*/
18			public function reset(Request $request)
19			{
20			$this->validate($request, $this->rules(), $this->validationErrorMessages());
			0 ignored issues – show Bug introduced 2018-05-26 00:17 UTC by Report Bug Copy Issue Report It seems like `validate()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
21
22			$user = $this->broker()->getUser($this->credentials($request));
23
24			// If the user hasn't confirmed their email address,
25			// we will redirect them back with their error message.
26			if (is_null($user->confirmed_at)) {
27
28			session(['confirmation_user_id' => $user->getKey()]);
29
30			return redirect()->back()->with(
31			'confirmation', __('confirmation::confirmation.not_confirmed', [
32			'resend_link' => route('auth.resend_confirmation')
33			])
34			);
35			}
36
37			// Here we will attempt to reset the user's password. If it is successful we
38			// will update the password on an actual user model and persist it to the
39			// database. Otherwise we will parse the error and return the response.
40			$response = $this->broker()->reset(
41			$this->credentials($request), function ($user, $password) {
42			$this->resetPassword($user, $password);
43			}
44			);
45
46			// If the password was successfully reset, we will redirect the user back to
47			// the application's home authenticated view. If there is an error we can
48			// redirect them back to where they came from with their error message.
49			return $response == Password::PASSWORD_RESET
50			? $this->sendResetResponse($response)
51			: $this->sendResetFailedResponse($request, $response);
52			}
53			}

beyondcode / laravel-confirm-email

Pull Request — master (#7)

ResetsPasswords::reset() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like