CaptchaValidationHandler::authenticate() - Code Metrics - Inspection of "Added captcha validation support" - biurad/php-security - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( cc80b9...1640e1 )

by Divine Niiquaye

created 2022-05-18 10:48 UTC

CaptchaValidationHandler::authenticate() B

↳ Parent: CaptchaValidationHandler

Complexity

Conditions	7
Paths	7

Size

Total Lines	38
Code Lines	21

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	56

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	7
eloc	21
c	1
b	0
f	0
nc	7
nop	2
dl	0
loc	38
ccs	0
cts	22
cp	0
crap	56
rs	8.6506

<?php

declare(strict_types=1);

/*
 * This file is part of Biurad opensource projects.
 *
 * PHP version 7.4 and above required
 *
 * @author    Divine Niiquaye Ibok <[email protected]>
 * @copyright 2019 Biurad Group (https://biurad.com/)
 * @license   https://opensource.org/licenses/BSD-3-Clause License
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 */

namespace Biurad\Security\Handler;

use Biurad\Security\Helper;
use Psr\Http\Message\ServerRequestInterface;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;

/**
 * Request Captcha validation.
 *
 * @author Divine Niiquaye Ibok <[email protected]>
 */
class CaptchaValidationHandler
{
    public const RECAPTCHA = 'recaptcha';
    public const HCAPTCHA = 'hcaptcha';

    private array $validators = [
        self::RECAPTCHA => [null, ['g-recaptcha-response'], null],
        self::HCAPTCHA => [null, ['h-captcha-response'], null],
    ];

    /**
     * Add/Replace captcha validation.
     *
     * @param string            $type          The name of the captcha to use
     * @param string            $secret        The secret code to access
     * @param array<int,string> $parameterKeys The required parameters list from request body
     * @param callable|null     $handler       The handler is in form of: $handler($request, $credentials, $secret)
     */
    public function add(string $type, string $secret, array $parameterKeys = [], callable $handler = null): void
    {
        if ($validator = &$this->validators[$type] ?? null) {
            $secret = $validator[$secret] ?? $secret;
            $parameterKeys = \array_merge($validator[1] ?? [], $parameterKeys);
        }

        $validator = [$secret, $parameterKeys, $handler];
    }

    /**
     * Authenticate a request using captcha.
     */
    public function authenticate(ServerRequestInterface $request, string $type = self::RECAPTCHA): bool
    {
        [$secret, $parameters, $handler] = $this->validators[$type] ?? [null, [], null];
        $credentials = Helper::getParameterValues($request, $parameters);

        if (!isset($secret)) {
            throw new BadCredentialsException('Cannot authenticate request without secret key');
        }

        if (null !== $handler) {
            return $handler($request, $credentials, $secret);
        }

        if (self::RECAPTCHA === $type) {
            if (empty($captcha = $credentials['g-recaptcha-response'])) {
                return false;
            };

            $url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . \urlencode($secret) . '&response=' . \urlencode($captcha);
            $response = \file_get_contents($url);
            $responseKeys = \json_decode($response, true);

            return $responseKeys['success'] ?? false;
        }

        if (self::HCAPTCHA === $type) {
            if (empty($captcha = $credentials['h-captcha-response'])) {
                return false;
            };

            $url = 'https://hcaptcha.com/siteverify?secret=' . \urlencode($secret) . '&response=' . \urlencode($captcha) . '&remoteip=';
            $response = \file_get_contents($url . ($request->getServerParams()['REMOTE_ADDR'] ?? ''));
            $responseKeys = \json_decode($response, true);

            return $responseKeys['success'] ?? false;
        }

        return false;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* This file is part of Biurad opensource projects.
7			*
8			* PHP version 7.4 and above required
9			*
10			* @author Divine Niiquaye Ibok <[email protected]>
11			* @copyright 2019 Biurad Group (https://biurad.com/)
12			* @license https://opensource.org/licenses/BSD-3-Clause License
13			*
14			* For the full copyright and license information, please view the LICENSE
15			* file that was distributed with this source code.
16			*
17			*/
18
19			namespace Biurad\Security\Handler;
20
21			use Biurad\Security\Helper;
22			use Psr\Http\Message\ServerRequestInterface;
23			use Symfony\Component\Security\Core\Exception\BadCredentialsException;
24
25			/**
26			* Request Captcha validation.
27			*
28			* @author Divine Niiquaye Ibok <[email protected]>
29			*/
30			class CaptchaValidationHandler
31			{
32			public const RECAPTCHA = 'recaptcha';
33			public const HCAPTCHA = 'hcaptcha';
34
35			private array $validators = [
36			self::RECAPTCHA => [null, ['g-recaptcha-response'], null],
37			self::HCAPTCHA => [null, ['h-captcha-response'], null],
38			];
39
40			/**
41			* Add/Replace captcha validation.
42			*
43			* @param string $type The name of the captcha to use
44			* @param string $secret The secret code to access
45			* @param array<int,string> $parameterKeys The required parameters list from request body
46			* @param callable\|null $handler The handler is in form of: $handler($request, $credentials, $secret)
47			*/
48			public function add(string $type, string $secret, array $parameterKeys = [], callable $handler = null): void
49			{
50			if ($validator = &$this->validators[$type] ?? null) {
51			$secret = $validator[$secret] ?? $secret;
52			$parameterKeys = \array_merge($validator[1] ?? [], $parameterKeys);
53			}
54
55			$validator = [$secret, $parameterKeys, $handler];
56			}
57
58			/**
59			* Authenticate a request using captcha.
60			*/
61			public function authenticate(ServerRequestInterface $request, string $type = self::RECAPTCHA): bool
62			{
63			[$secret, $parameters, $handler] = $this->validators[$type] ?? [null, [], null];
64			$credentials = Helper::getParameterValues($request, $parameters);
65
66			if (!isset($secret)) {
67			throw new BadCredentialsException('Cannot authenticate request without secret key');
68			}
69
70			if (null !== $handler) {
71			return $handler($request, $credentials, $secret);
72			}
73
74			if (self::RECAPTCHA === $type) {
75			if (empty($captcha = $credentials['g-recaptcha-response'])) {
76			return false;
77			};
78
79			$url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . \urlencode($secret) . '&response=' . \urlencode($captcha);
80			$response = \file_get_contents($url);
81			$responseKeys = \json_decode($response, true);
82
83			return $responseKeys['success'] ?? false;
84			}
85
86			if (self::HCAPTCHA === $type) {
87			if (empty($captcha = $credentials['h-captcha-response'])) {
88			return false;
89			};
90
91			$url = 'https://hcaptcha.com/siteverify?secret=' . \urlencode($secret) . '&response=' . \urlencode($captcha) . '&remoteip=';
92			$response = \file_get_contents($url . ($request->getServerParams()['REMOTE_ADDR'] ?? ''));
93			$responseKeys = \json_decode($response, true);
94
95			return $responseKeys['success'] ?? false;
96			}
97
98			return false;
99			}
100			}
101

biurad / php-security

Push — master ( cc80b9...1640e1 )

CaptchaValidationHandler::authenticate() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like