Jabe\Engine\Impl\Identity\Db\DbIdentityServiceProvider

Complexity

Total Complexity

60

Size/Duplication

Total Lines	388
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

27 Methods

Rating	Name	Duplication	Size	Complexity
A	deleteTenantUserMembership()	0	15	2
A	deleteTenantMembershipsOfTenant()	0	3	1
A	isUserLocked()	0	15	3
A	deleteUser()	0	24	4
A	saveUser()	0	20	2
A	deleteGroup()	0	24	4
A	createTenantGroupMembership()	0	18	1
A	deleteTenant()	0	11	2
A	lockUser()	0	22	2
A	deleteTenantMembershipsOfGroup()	0	3	1
A	createMembership()	0	13	1
A	saveTenant()	0	15	2
A	saveGroup()	0	15	2
A	createNewTenant()	0	4	1
A	deleteTenantMembershipsOfUser()	0	3	1
A	deleteMembership()	0	12	2
A	unlockUser()	0	14	6
A	createDefaultMembershipAuthorizations()	0	4	2
B	createDefaultAuthorizations()	0	13	7
A	deleteTenantGroupMembership()	0	16	2
A	checkPassword()	0	17	5
A	deleteMembershipsByGroupId()	0	3	1
A	createNewGroup()	0	4	1
A	createTenantUserMembership()	0	18	1
A	createNewUser()	0	4	1
A	createDefaultTenantMembershipAuthorizations()	0	4	2
A	deleteMembershipsByUserId()	0	3	1

<?php

namespace Jabe\Engine\Impl\Identity\Db;

use Jabe\Engine\Authorization\{
    Permissions,
    Resources
};
use Jabe\Engine\Identity\{
    GroupInterface,
    TenantInterface,
    UserInterface
};
use Jabe\Engine\Impl\ProcessEngineLogger;
use Jabe\Engine\Impl\Cfg\ProcessEngineConfigurationImpl;
use Jabe\Engine\Impl\Context\Context;
use Jabe\Engine\Impl\Identity\{
    IdentityOperationResult,
    IndentityLogger,
    WritableIdentityProviderInterface
};
use Jabe\Engine\Impl\Persistence\Entity\{
    GroupEntity,
    MembershipEntity,
    TenantEntity,
    TenantMembershipEntity,
    UserEntity
};
use Jabe\Engine\Impl\Util\{
    ClockUtil,
    EnsureUtil
};

class DbIdentityServiceProvider extends DbReadOnlyIdentityServiceProvider implements WritableIdentityProviderInterface
{
    //protected static final IndentityLogger LOG = ProcessEngineLogger.INDENTITY_LOGGER;

    // users ////////////////////////////////////////////////////////

    public function createNewUser(string $userId): UserEntity
    {
        $this->checkAuthorization(Permissions::create(), Resources::user(), null);

null of type null is incompatible with the type string expected by parameter $resourceId of Jabe\Engine\Impl\Identity\Db\DbReadOnlyIdentityServiceProvider::checkAuthorization().

        return new UserEntity($userId);
    }

    public function saveUser(UserInterface $user): IdentityOperationResult
    {
        $userEntity = $user;

        // encrypt password
        $userEntity->encryptPassword();

The method encryptPassword() does not exist on Jabe\Engine\Identity\UserInterface. Since it exists in all sub-types, consider adding an abstract or default implementation to Jabe\Engine\Identity\UserInterface.

        $operation = null;
        if ($userEntity->getRevision() == 0) {

The method getRevision() does not exist on Jabe\Engine\Identity\UserInterface. Since it exists in all sub-types, consider adding an abstract or default implementation to Jabe\Engine\Identity\UserInterface.

            $operation = IdentityOperationResult::OPERATION_CREATE;
            $this->checkAuthorization(Permissions::create(), Resources::user(), null);

null of type null is incompatible with the type string expected by parameter $resourceId of Jabe\Engine\Impl\Identity\Db\DbReadOnlyIdentityServiceProvider::checkAuthorization().

            $this->getDbEntityManager()->insert($userEntity);
            $this->createDefaultAuthorizations($userEntity);
        } else {
            $operation = IdentityOperationResult::OPERATION_UPDATE;
            $this->checkAuthorization(Permissions::update(), Resources::user(), $user->getId());
            $this->getDbEntityManager()->merge($userEntity);
        }

        return new IdentityOperationResult($userEntity, $operation);

It seems like $userEntity can also be of type Jabe\Engine\Impl\Db\DbEntityInterface; however, parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct() does only seem to accept Serializable, maybe add an additional type check?

    }

    public function deleteUser(string $userId): IdentityOperationResult
    {
        $this->checkAuthorization(Permissions::delete(), Resources::user(), $userId);
        $user = $this->findUserById($userId);
        if ($user != null) {
            $this->deleteMembershipsByUserId($userId);
            $this->deleteTenantMembershipsOfUser($userId);

            $this->deleteAuthorizations(Resources::user(), $userId);

            Context::getCommandContext()->runWithoutAuthorization(function () use ($scope, $userId) {

The variable $scope seems to be never defined.

                $tenants = $scope->createTenantQuery()->userMember($userId)->list();
                if (!empty($tenants)) {
                    foreach ($tenants as $tenant) {
                        $scope->deleteAuthorizationsForUser(Resources::tenant(), $tenant->getId(), $userId);
                    }
                }
                return null;
            });

            $this->getDbEntityManager()->delete($user);
            return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_DELETE);

null of type null is incompatible with the type Serializable expected by parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct().

        }
        return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_NONE);
    }

    public function checkPassword(string $userId, string $password): bool
    {
        $user = $this->findUserById($userId);
        if ($user == null || empty($password)) {
            return false;
        }

        if ($this->isUserLocked($user)) {
            return false;
        }

        if ($this->matchPassword($password, $user)) {
            $this->unlockUser($user);
            return true;
        } else {
            $this->lockUser($user);
            return false;
        }
    }

    protected function isUserLocked(UserEntity $user): bool
    {
        $processEngineConfiguration = Context::getProcessEngineConfiguration();

        $maxAttempts = $processEngineConfiguration->getLoginMaxAttempts();

The method getLoginMaxAttempts() does not exist on Jabe\Engine\Impl\Cfg\ProcessEngineConfigurationImpl.

        $attempts = $user->getAttempts();

        if ($attempts >= $maxAttempts) {
            return true;
        }

        $lockExpirationTime = $user->getLockExpirationTime();
        $currentTime = ClockUtil::getCurrentTime();

        return $lockExpirationTime !== null && (new \DateTime($lockExpirationTime)) > $currentTime;
    }

    protected function lockUser(UserEntity $user): void
    {
        $processEngineConfiguration = Context::getProcessEngineConfiguration();

        $max = $processEngineConfiguration->getLoginDelayMaxTime();

The method getLoginDelayMaxTime() does not exist on Jabe\Engine\Impl\Cfg\ProcessEngineConfigurationImpl.

        $baseTime = $processEngineConfiguration->getLoginDelayBase();

The method getLoginDelayBase() does not exist on Jabe\Engine\Impl\Cfg\ProcessEngineConfigurationImpl.

        $factor = $processEngineConfiguration->getLoginDelayFactor();

The method getLoginDelayFactor() does not exist on Jabe\Engine\Impl\Cfg\ProcessEngineConfigurationImpl.

        $attempts = $user->getAttempts() + 1;

        $delay = $baseTime * pow($factor, $attempts - 1);
        $delay = min($delay, $max);

        $currentTime = ClockUtil::getCurrentTime()->getTimestamp();
        $lockExpirationTime = (new \DateTime())->setTimestamp($currentTime + $delay);

        if ($attempts >= $processEngineConfiguration->getLoginMaxAttempts()) {
            //LOG.infoUserPermanentlyLocked(user.getId());
        } else {
            //LOG.infoUserTemporarilyLocked(user.getId(), lockExpirationTime);
        }

        $this->getIdentityInfoManager()->updateUserLock($user, $attempts, $lockExpirationTime);

$lockExpirationTime of type DateTime is incompatible with the type string expected by parameter $lockExpirationTime of Jabe\Engine\Impl\Persistence\Entity\IdentityInfoManager::updateUserLock().

    }

    public function unlockUser($userOrUserId): IdentityOperationResult
    {
        if (is_string($userOrUserId)) {
            $user = $this->findUserById($userOrUserId);
            if ($user != null) {
                return $this->unlockUser($user);
            }
            return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_NONE);

null of type null is incompatible with the type Serializable expected by parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct().

        } elseif ($userOrUserId instanceof UserEntity) {
            if ($user->getAttempts() > 0 || $user->getLockExpirationTime() !== null) {

The variable $user seems to be never defined.

                $this->getIdentityInfoManager()->updateUserLock($user, 0, null);

null of type null is incompatible with the type string expected by parameter $lockExpirationTime of Jabe\Engine\Impl\Persistence\Entity\IdentityInfoManager::updateUserLock().

                return new IdentityOperationResult($user, IdentityOperationResult::OPERATION_UNLOCK);
            }
            return new IdentityOperationResult($user, IdentityOperationResult::OPERATION_NONE);
        }

In this branch, the function will implicitly return null which is incompatible with the type-hinted return Jabe\Engine\Impl\Identity\IdentityOperationResult. Consider adding a return statement or allowing null as return value.

    }

    // groups ////////////////////////////////////////////////////////

    public function createNewGroup(string $groupId): GroupEntity
    {
        $this->checkAuthorization(Permissions::create(), Resources::group(), null);

null of type null is incompatible with the type string expected by parameter $resourceId of Jabe\Engine\Impl\Identity\Db\DbReadOnlyIdentityServiceProvider::checkAuthorization().

        return new GroupEntity($groupId);
    }

    public function saveGroup(GroupInterface $group): IdentityOperationResult
    {
        $groupEntity = $group;
        $operation = null;
        if ($groupEntity->getRevision() == 0) {

The method getRevision() does not exist on Jabe\Engine\Identity\GroupInterface. Since it exists in all sub-types, consider adding an abstract or default implementation to Jabe\Engine\Identity\GroupInterface.

            $operation = IdentityOperationResult::OPERATION_CREATE;
            $this->checkAuthorization(Permissions::create(), Resources::group(), null);

null of type null is incompatible with the type string expected by parameter $resourceId of Jabe\Engine\Impl\Identity\Db\DbReadOnlyIdentityServiceProvider::checkAuthorization().

            $this->getDbEntityManager()->insert($groupEntity);
            $this->createDefaultAuthorizations($group);
        } else {
            $operation = IdentityOperationResult::OPERATION_UPDATE;
            $this->checkAuthorization(Permissions::update(), Resources::group(), $group->getId());
            $this->getDbEntityManager()->merge($groupEntity);
        }
        return new IdentityOperationResult($groupEntity, $operation);

It seems like $groupEntity can also be of type Jabe\Engine\Impl\Db\DbEntityInterface; however, parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct() does only seem to accept Serializable, maybe add an additional type check?

    }

    public function deleteGroup(string $groupId): IdentityOperationResult
    {
        $this->checkAuthorization(Permissions::delete(), Resources::group(), $groupId);
        $group = $this->findGroupById($groupId);
        if ($group !== null) {
            $this->deleteMembershipsByGroupId($groupId);
            $this->deleteTenantMembershipsOfGroup($groupId);

            $this->deleteAuthorizations(Resources::group(), $groupId);

            $scope = $this;
            Context::getCommandContext()->runWithoutAuthorization(function () use ($scope, $groupId) {
                $tenants = $scope->createTenantQuery()->groupMember($groupId)->list();
                if (!empty($tenants)) {
                    foreach ($tenants as $tenant) {
                        $this->deleteAuthorizationsForGroup(Resources::tenant(), $tenant->getId(), $groupId);
                    }
                }
                return null;
            });
            $this->getDbEntityManager()->delete(group);

The constant Jabe\Engine\Impl\Identity\Db\group was not found. Maybe you did not declare it correctly or list all dependencies?

            return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_DELETE);

null of type null is incompatible with the type Serializable expected by parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct().

        }
        return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_NONE);
    }

    // tenants //////////////////////////////////////////////////////

    public function createNewTenant(string $tenantId): TenantInterface
    {
        $this->checkAuthorization(Permissions::create(), Resources::tenant(), null);

null of type null is incompatible with the type string expected by parameter $resourceId of Jabe\Engine\Impl\Identity\Db\DbReadOnlyIdentityServiceProvider::checkAuthorization().

        return new TenantEntity($tenantId);
    }

    public function saveTenant(TenantInterface $tenant): IdentityOperationResult
    {
        $tenantEntity = $tenant;
        $operation = null;
        if ($tenantEntity->getRevision() == 0) {

The method getRevision() does not exist on Jabe\Engine\Identity\TenantInterface. Since it exists in all sub-types, consider adding an abstract or default implementation to Jabe\Engine\Identity\TenantInterface.

            $operation = IdentityOperationResult::OPERATION_CREATE;
            $this->checkAuthorization(Permissions::create(), Resources::tenant(), null);

null of type null is incompatible with the type string expected by parameter $resourceId of Jabe\Engine\Impl\Identity\Db\DbReadOnlyIdentityServiceProvider::checkAuthorization().

            $this->getDbEntityManager()->insert($tenantEntity);
            $this->createDefaultAuthorizations($tenant);
        } else {
            $operation = IdentityOperationResult::OPERATION_UPDATE;
            $this->checkAuthorization(Permissions::update(), Resources::tenant(), $tenant->getId());
            $this->getDbEntityManager()->merge($tenantEntity);
        }
        return new IdentityOperationResult($tenantEntity, $operation);

It seems like $tenantEntity can also be of type Jabe\Engine\Impl\Db\DbEntityInterface; however, parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct() does only seem to accept Serializable, maybe add an additional type check?

    }

    public function deleteTenant(string $tenantId): IdentityOperationResult
    {
        $this->checkAuthorization(Permissions::delete(), Resources::tenant(), $tenantId);
        $tenant = $this->findTenantById($tenantId);
        if ($tenant !== null) {
            $this->deleteTenantMembershipsOfTenant($tenantId);
            $this->deleteAuthorizations(Resources::tenant(), $tenantId);
            $this->getDbEntityManager()->delete($tenant);
            return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_DELETE);

null of type null is incompatible with the type Serializable expected by parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct().

        }
        return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_NONE);
    }

    // membership //////////////////////////////////////////////////////

    public function createMembership(string $userId, string $groupId): IdentityOperationResult
    {
        $this->checkAuthorization(Permissions::create(), Resources::groupMembership(), $groupId);
        $user = $this->findUserById($userId);
        EnsureUtil::ensureNotNull("No user found with id '" . $userId . "'.", "user", $user);
        $group = $this->findGroupById($groupId);
        EnsureUtil::ensureNotNull("No group found with id '" . $groupId . "'.", "group", $group);
        $membership = new MembershipEntity();
        $membership->setUser($user);
        $membership->setGroup($group);
        $this->getDbEntityManager()->insert($membership);
        $this->createDefaultMembershipAuthorizations($userId, $groupId);
        return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_CREATE);

null of type null is incompatible with the type Serializable expected by parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct().

    }

    public function deleteMembership(string $userId, string $groupId): IdentityOperationResult
    {
        $this->checkAuthorization(Permissions::delete(), Resources::groupMembership(), $groupId);
        if ($this->existsMembership($userId, $groupId)) {
            $this->deleteAuthorizations(Resources::groupMembership(), $groupId);
            $parameters = [];
            $parameters["userId"] = $userId;
            $parameters["groupId"] = $groupId;
            $this->getDbEntityManager()->delete(MembershipEntity::class, "deleteMembership", $parameters);
            return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_DELETE);

null of type null is incompatible with the type Serializable expected by parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct().

        }
        return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_NONE);
    }

    protected function deleteMembershipsByUserId(string $userId): void
    {
        $this->getDbEntityManager()->delete(MembershipEntity::class, "deleteMembershipsByUserId", $userId);
    }

    protected function deleteMembershipsByGroupId(string $groupId): void
    {
        $this->getDbEntityManager()->delete(MembershipEntity::class, "deleteMembershipsByGroupId", $groupId);
    }

    public function createTenantUserMembership(string $tenantId, string $userId): IdentityOperationResult
    {
        $this->checkAuthorization(Permissions::create(), Resources::tenantMembership(), $tenantId);

        $tenant = $this->findTenantById($tenantId);
        $user = $this->findUserById($userId);

        EnsureUtil::ensureNotNull("No tenant found with id '" . $tenantId . "'.", "tenant", $tenant);
        EnsureUtil::ensureNotNull("No user found with id '" . $userId . "'.", "user", $user);

        $membership = new TenantMembershipEntity();
        $membership->setTenant($tenant);
        $membership->setUser($user);

        $this->getDbEntityManager()->insert($membership);

        $this->createDefaultTenantMembershipAuthorizations($tenant, $user);
        return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_CREATE);

null of type null is incompatible with the type Serializable expected by parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct().

    }

    public function createTenantGroupMembership(string $tenantId, string $groupId): IdentityOperationResult
    {
        $this->checkAuthorization(Permissions::create(), Resources::tenantMembership(), $tenantId);

        $tenant = $this->findTenantById($tenantId);
        $group = $this->findGroupById($groupId);

        EnsureUtil::ensureNotNull("No tenant found with id '" . $tenantId . "'.", "tenant", $tenant);
        EnsureUtil::ensureNotNull("No group found with id '" . $groupId . "'.", "group", $group);

        $membership = new TenantMembershipEntity();
        $membership->setTenant($tenant);
        $membership->setGroup($group);

        $this->getDbEntityManager()->insert($membership);

        $this->createDefaultTenantMembershipAuthorizations($tenant, $group);
        return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_CREATE);

null of type null is incompatible with the type Serializable expected by parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct().

    }

    public function deleteTenantUserMembership(string $tenantId, string $userId): IdentityOperationResult
    {
        $this->checkAuthorization(Permissions::delete(), Resources::tenantMembership(), $tenantId);
        if ($this->existsTenantMembership($tenantId, $userId, null)) {

null of type null is incompatible with the type string expected by parameter $groupId of Jabe\Engine\Impl\Identity\Db\DbReadOnlyIdentityServiceProvider::existsTenantMembership().

            $this->deleteAuthorizations(Resources::tenantMembership(), $userId);

            $this->deleteAuthorizationsForUser(Resources::tenant(), $tenantId, $userId);

            $parameters = [];
            $parameters["tenantId"] = $tenantId;
            $parameters["userId"] = $userId;
            $this->getDbEntityManager()->delete(TenantMembershipEntity::class, "deleteTenantMembership", $parameters);
            return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_DELETE);

null of type null is incompatible with the type Serializable expected by parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct().

        }
        return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_NONE);
    }

    public function deleteTenantGroupMembership(string $tenantId, string $groupId): IdentityOperationResult
    {
        $this->checkAuthorization(Permissions::delete(), Resources::tenantMembership(), $tenantId);

        if ($this->existsTenantMembership($tenantId, null, $groupId)) {

null of type null is incompatible with the type string expected by parameter $userId of Jabe\Engine\Impl\Identity\Db\DbReadOnlyIdentityServiceProvider::existsTenantMembership().

            $this->deleteAuthorizations(Resources::tenantMembership(), $groupId);

            $this->deleteAuthorizationsForGroup(Resources::tenant(), $tenantId, $groupId);

            $parameters = [];
            $parameters["tenantId"] = $tenantId;
            $parameters["groupId"] = $groupId;
            $this->getDbEntityManager()->delete(TenantMembershipEntity::class, "deleteTenantMembership", $parameters);
            return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_DELETE);

null of type null is incompatible with the type Serializable expected by parameter $value of Jabe\Engine\Impl\Identity\IdentityOperationResult::__construct().

        }
        return new IdentityOperationResult(null, IdentityOperationResult::OPERATION_NONE);
    }

    protected function deleteTenantMembershipsOfUser(string $userId): void
    {
        $this->getDbEntityManager()->delete(TenantMembershipEntity::class, "deleteTenantMembershipsOfUser", $userId);
    }

    protected function deleteTenantMembershipsOfGroup(string $groupId): void
    {
        $this->getDbEntityManager()->delete(TenantMembershipEntity::class, "deleteTenantMembershipsOfGroup", $groupId);
    }

    protected function deleteTenantMembershipsOfTenant(string $tenant): void
    {
        $this->getDbEntityManager()->delete(TenantMembershipEntity::class, "deleteTenantMembershipsOfTenant", $tenant);
    }

    // authorizations ////////////////////////////////////////////////////////////

    protected function createDefaultAuthorizations(/*UserEntity|GroupInterface|TenantInterface*/$data): void
    {
        if ($data instanceof UserEntity) {
            if (Context::getProcessEngineConfiguration()->isAuthorizationEnabled()) {
                $this->saveDefaultAuthorizations($this->getResourceAuthorizationProvider()->newUser($data));
            }
        } elseif ($data instanceof GroupInterface) {
            if ($this->AuthorizationEnabled()) {

The method AuthorizationEnabled() does not exist on Jabe\Engine\Impl\Identity\Db\DbIdentityServiceProvider. Did you maybe mean isAuthorizationEnabled()?

                $this->saveDefaultAuthorizations($this->getResourceAuthorizationProvider()->newGroup($data));
            }
        } elseif ($data instanceof TenantInterface) {
            if ($this->AuthorizationEnabled()) {
                $this->saveDefaultAuthorizations($this->getResourceAuthorizationProvider()->newTenant($data));
            }
        }
    }

    protected function createDefaultMembershipAuthorizations(string $userId, string $groupId): void
    {
        if ($this->AuthorizationEnabled()) {
            $this->saveDefaultAuthorizations($this->getResourceAuthorizationProvider()->groupMembershipCreated($groupId, $userId));
        }
    }

    protected function createDefaultTenantMembershipAuthorizations(TenantInterface $tenant, /*UserInterface|GroupInterface*/$data): void
    {
        if ($this->AuthorizationEnabled()) {
            $this->saveDefaultAuthorizations($this->getResourceAuthorizationProvider()->tenantMembershipCreated($tenant, $data));
        }
    }
}