RememberMeAuthenticator - Code Metrics - Inspection of "Added captcha validation support" - biurad/php-security - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( cc80b9...1640e1 )

by Divine Niiquaye

created 2022-05-18 10:48 UTC

RememberMeAuthenticator A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	115
Duplicated Lines	0 %

Test Coverage

Coverage

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	45
c	1
b	0
f	0
dl	0
loc	115
ccs	0
cts	45
cp	0
rs	10
wmc	21

7 Methods

Rating	Name	Size	Complexity
A	setToken()	3	1
A	clearCookies()	3	1
A	supports()	3	2
A	__construct()	10	1
B	authenticate()	43	10
A	failure()	13	5
A	getRememberMeHandler()	3	1

<?php

declare(strict_types=1);

/*
 * This file is part of Biurad opensource projects.
 *
 * PHP version 7.4 and above required
 *
 * @author    Divine Niiquaye Ibok <[email protected]>
 * @copyright 2019 Biurad Group (https://biurad.com/)
 * @license   https://opensource.org/licenses/BSD-3-Clause License
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 */

namespace Biurad\Security\Authenticator;

use Biurad\Security\Handler\RememberMeHandler;
use Biurad\Security\Interfaces\AuthenticatorInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Log\LoggerInterface;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Exception\CookieTheftException;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\Exception\UserNotFoundException;
use Symfony\Component\Security\Core\User\UserProviderInterface;

/**
 * The RememberMe *Authenticator* performs remember me authentication.
 *
 * @author Divine Niiquaye Ibok <[email protected]>
 */
class RememberMeAuthenticator implements AuthenticatorInterface
{
    private RememberMeHandler $rememberMeHandler;
    private UserProviderInterface $userProvider;
    private ?TokenInterface $token = null;
    private ?LoggerInterface $logger;
    private bool $allowMultipleRememberMeTokens;

    public function __construct(
        RememberMeHandler $rememberMeHandler,
        UserProviderInterface $userProvider,
        bool $allowMultipleRememberMeTokens = false,
        LoggerInterface $logger = null
    ) {
        $this->logger = $logger;
        $this->userProvider = $userProvider;
        $this->rememberMeHandler = $rememberMeHandler;
        $this->allowMultipleRememberMeTokens = $allowMultipleRememberMeTokens;
    }

    /**
     * {@inheritdoc}
     */
    public function setToken(?TokenInterface $token): void
    {
        $this->token = $token;
    }

    /**
     * {@inheritdoc}
     */
    public function supports(ServerRequestInterface $request): bool
    {
        return null === $this->token && 'GET' === $request->getMethod();
    }

    /**
     * {@inheritdoc}
     */
    public function authenticate(ServerRequestInterface $request, array $credentials): ?TokenInterface
    {
        $loadedUsers = $cookies = [];
        $identifiers = \explode('|', \urldecode($request->getCookieParams()[$this->rememberMeHandler->getUsersIdCookie()] ?? '')) ?: [];

        foreach ($identifiers as $identifier) {
            $rawCookie = $request->getCookieParams()[$this->rememberMeHandler->getCookieName() . $identifier] ?? null;

            if (null !== $rawCookie) {
                [$loadedUser, $cookie] = $this->rememberMeHandler->consumeRememberMeCookie($rawCookie, $this->userProvider);
                $loadedUsers[] = $loadedUser;

                if (null !== $cookie) {
                    $cookies[] = $cookie->withSecure('https' === $request->getUri()->getScheme());
                }
            }
        }

        if (!empty($loadedUsers)) {
            $firstUser = \array_shift($loadedUsers);
            $token = new RememberMeToken($firstUser, 'main', $this->rememberMeHandler->getSecret());

            if (\count($loadedUsers) > 0) {
                if (!$this->allowMultipleRememberMeTokens) {
                    throw new CookieTheftException('Multiple remember me tokens were received, but multiple tokens are not allowed.');
                }

                foreach ($loadedUsers as $user) {
                    $token = new SwitchUserToken($user, 'main', $user->getRoles(), $token);
                }
            }

            if (\count($cookies) > 0) {
                $token->setAttributes([
                    RememberMeHandler::REMEMBER_ME => $cookies,
                    RememberMeHandler::USERS_ID => $this->rememberMeHandler->getUsersIdCookie()
                ]);
            }

            return $token;
        }

        return null;
    }

    /**
     * {@inheritdoc}
     */
    public function failure(ServerRequestInterface $request, AuthenticationException $exception): ?ResponseInterface
    {
        if (null !== $this->logger) {
            if ($exception instanceof UserNotFoundException) {
                $this->logger->info('User for remember-me cookie not found.', ['exception' => $exception]);
            } elseif ($exception instanceof UnsupportedUserException) {
                $this->logger->warning('User class for remember-me cookie not supported.', ['exception' => $exception]);
            } elseif (!$exception instanceof CookieTheftException) {
                $this->logger->debug('Remember me authentication failed.', ['exception' => $exception]);
            }
        }

        return null;
    }

    /**
     * List of cookie which should be cleared if a user is logged out.
     *
     * @return array<int,Cookie>
     */
    public function clearCookies(ServerRequestInterface $request): array
    {
        return $this->rememberMeHandler->clearRememberMeCookies($request);
    }

    public function getRememberMeHandler(): RememberMeHandler
    {
        return $this->rememberMeHandler;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* This file is part of Biurad opensource projects.
7			*
8			* PHP version 7.4 and above required
9			*
10			* @author Divine Niiquaye Ibok <[email protected]>
11			* @copyright 2019 Biurad Group (https://biurad.com/)
12			* @license https://opensource.org/licenses/BSD-3-Clause License
13			*
14			* For the full copyright and license information, please view the LICENSE
15			* file that was distributed with this source code.
16			*
17			*/
18
19			namespace Biurad\Security\Authenticator;
20
21			use Biurad\Security\Handler\RememberMeHandler;
22			use Biurad\Security\Interfaces\AuthenticatorInterface;
23			use Psr\Http\Message\ResponseInterface;
24			use Psr\Http\Message\ServerRequestInterface;
25			use Psr\Log\LoggerInterface;
26			use Symfony\Component\HttpFoundation\Cookie;
27			use Symfony\Component\Security\Core\Authentication\Token\RememberMeToken;
28			use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
29			use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
30			use Symfony\Component\Security\Core\Exception\AuthenticationException;
31			use Symfony\Component\Security\Core\Exception\CookieTheftException;
32			use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
33			use Symfony\Component\Security\Core\Exception\UserNotFoundException;
34			use Symfony\Component\Security\Core\User\UserProviderInterface;
35
36			/**
37			* The RememberMe Authenticator performs remember me authentication.
38			*
39			* @author Divine Niiquaye Ibok <[email protected]>
40			*/
41			class RememberMeAuthenticator implements AuthenticatorInterface
42			{
43			private RememberMeHandler $rememberMeHandler;
44			private UserProviderInterface $userProvider;
45			private ?TokenInterface $token = null;
46			private ?LoggerInterface $logger;
47			private bool $allowMultipleRememberMeTokens;
48
49			public function __construct(
50			RememberMeHandler $rememberMeHandler,
51			UserProviderInterface $userProvider,
52			bool $allowMultipleRememberMeTokens = false,
53			LoggerInterface $logger = null
54			) {
55			$this->logger = $logger;
56			$this->userProvider = $userProvider;
57			$this->rememberMeHandler = $rememberMeHandler;
58			$this->allowMultipleRememberMeTokens = $allowMultipleRememberMeTokens;
59			}
60
61			/**
62			* {@inheritdoc}
63			*/
64			public function setToken(?TokenInterface $token): void
65			{
66			$this->token = $token;
67			}
68
69			/**
70			* {@inheritdoc}
71			*/
72			public function supports(ServerRequestInterface $request): bool
73			{
74			return null === $this->token && 'GET' === $request->getMethod();
75			}
76
77			/**
78			* {@inheritdoc}
79			*/
80			public function authenticate(ServerRequestInterface $request, array $credentials): ?TokenInterface
81			{
82			$loadedUsers = $cookies = [];
83			$identifiers = \explode('\|', \urldecode($request->getCookieParams()[$this->rememberMeHandler->getUsersIdCookie()] ?? '')) ?: [];
84
85			foreach ($identifiers as $identifier) {
86			$rawCookie = $request->getCookieParams()[$this->rememberMeHandler->getCookieName() . $identifier] ?? null;
87
88			if (null !== $rawCookie) {
89			[$loadedUser, $cookie] = $this->rememberMeHandler->consumeRememberMeCookie($rawCookie, $this->userProvider);
90			$loadedUsers[] = $loadedUser;
91
92			if (null !== $cookie) {
93			$cookies[] = $cookie->withSecure('https' === $request->getUri()->getScheme());
94			}
95			}
96			}
97
98			if (!empty($loadedUsers)) {
99			$firstUser = \array_shift($loadedUsers);
100			$token = new RememberMeToken($firstUser, 'main', $this->rememberMeHandler->getSecret());
101
102			if (\count($loadedUsers) > 0) {
103			if (!$this->allowMultipleRememberMeTokens) {
104			throw new CookieTheftException('Multiple remember me tokens were received, but multiple tokens are not allowed.');
105			}
106
107			foreach ($loadedUsers as $user) {
108			$token = new SwitchUserToken($user, 'main', $user->getRoles(), $token);
109			}
110			}
111
112			if (\count($cookies) > 0) {
113			$token->setAttributes([
114			RememberMeHandler::REMEMBER_ME => $cookies,
115			RememberMeHandler::USERS_ID => $this->rememberMeHandler->getUsersIdCookie()
116			]);
117			}
118
119			return $token;
120			}
121
122			return null;
123			}
124
125			/**
126			* {@inheritdoc}
127			*/
128			public function failure(ServerRequestInterface $request, AuthenticationException $exception): ?ResponseInterface
129			{
130			if (null !== $this->logger) {
131			if ($exception instanceof UserNotFoundException) {
132			$this->logger->info('User for remember-me cookie not found.', ['exception' => $exception]);
133			} elseif ($exception instanceof UnsupportedUserException) {
134			$this->logger->warning('User class for remember-me cookie not supported.', ['exception' => $exception]);
135			} elseif (!$exception instanceof CookieTheftException) {
136			$this->logger->debug('Remember me authentication failed.', ['exception' => $exception]);
137			}
138			}
139
140			return null;
141			}
142
143			/**
144			* List of cookie which should be cleared if a user is logged out.
145			*
146			* @return array<int,Cookie>
147			*/
148			public function clearCookies(ServerRequestInterface $request): array
149			{
150			return $this->rememberMeHandler->clearRememberMeCookies($request);
151			}
152
153			public function getRememberMeHandler(): RememberMeHandler
154			{
155			return $this->rememberMeHandler;
156			}
157			}
158

biurad / php-security

Push — master ( cc80b9...1640e1 )

RememberMeAuthenticator A

Complexity

Size/Duplication

Test Coverage

Importance

7 Methods

Duplication Side-by-Side

Filter issues like