UserController::submitPassword() - Code Metrics - Inspection of "Updated File Links Controllers" - butcherman/Tech_Bench - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — dev5 ( da16e0...6692a0 )

by Ron

created 2020-04-12 21:58 UTC

UserController::submitPassword() A

↳ Parent: UserController

Complexity

Conditions	5
Paths	9

Size

Total Lines	53
Code Lines	27

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	25
CRAP Score	5

Importance

Changes

Metric	Value
cc	5
eloc	27
c	0
b	0
f	0
nc	9
nop	1
dl	0
loc	53
ccs	25
cts	25
cp	1
crap	5
rs	9.1768

How to fix Long Method

<?php

namespace App\Http\Controllers\Admin;

use App\User;
use Carbon\Carbon;
use App\UserSettings;
use App\UserRoleType;
use App\UserInitialize;
use Illuminate\Support\Str;
use Illuminate\Http\Request;
use Illuminate\Validation\Rule;
use App\Notifications\NewUserEmail;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Route;
use App\Http\Resources\UserCollection;
use App\Http\Resources\User as UserResource;
use Illuminate\Support\Facades\Notification;

class UserController extends Controller
{
    //  Constructor sets up middleware
    public function __construct()
    {
        $this->middleware('auth')->except('initializeUser', 'submitInitializeUser');
        $this->middleware(function($request, $next) {
            $this->authorize('hasAccess', 'Manage Users');
            return $next($request);
        });
    }

    //  Show the list of current users to edit
    public function index()
    {
        Log::debug('Route ' . Route::currentRouteName() . ' visited by ' . Auth::user()->full_name);

        $userList = User::with('LastUserLogin')->get()->makeVisible('user_id');
        $route    = 'admin.user.edit';

        Log::debug('User list:', $userList->toArray());

        return view('admin.userIndex', [
            'userList' => $userList,
            'route'    => $route,
        ]);
    }

    //  Check if a username is in use
    public function checkUser($username, $type)
    {
        Log::debug('Route '.Route::currentRouteName().' visited by '.Auth::user()->full_name.'. Submitted Data:', ['username' => $username, 'type' => $type]);

        $user = User::where($type, $username)->first();

        if(!$user)
        {
            Log::debug('Username '.$username.' is available for use');
            return response()->json(['duplicate' => false]);
        }

        Log::debug('Username '.$username.' is in use by '.$user->full_name);
        return response()->json([
            'duplicate' => true,
            'user'      => $user->full_name,
            'active'    => $user->deleted_at == null ? 1 : 0,
        ]);
    }

    //  Show the Add User form
    public function create()
    {
        Log::debug('Route ' . Route::currentRouteName() . ' visited by ' . Auth::user()->full_name);

        $roles = UserRoleType::all();
        $roleArr = [];
        //  Cycle through the roles and determine if admin and installer roles should be removed
        foreach($roles as $role)
        {
            if($role->role_id == 1 && Auth::user()->role_id != 1)
            {
                Log::debug('Installer Role skipped for User '.Auth::user()->full_name);
                continue;
            }
            else if($role->role_id == 2 && Auth::user()->role_id > 2)
            {
                Log::debug('Admin Role skipped for User '.Auth::user()->full_name);
                continue;
            }
            else
            {
                $roleArr[] = [
                    'value' => $role->role_id,
                    'text'  => $role->name,
                ];
            }
        }

        Log::debug('Role data gathered: ', $roleArr);
        return view('admin.newUser', [
            'roles' => $roleArr
        ]);
    }

    //  Submit the Add User form
    public function store(Request $request)
    {
        Log::debug('Route '.Route::currentRouteName().' visited by '.Auth::user()->full_name.'. Submitted Data:', $request->toArray());

        //  Validate the new user form
        $request->validate([
            'role'       => 'required|numeric|exists:user_role_types,role_id',
            'username'   => 'required|unique:users|regex:/^[a-zA-Z0-9_]*$/',
            'first_name' => 'required',
            'last_name'  => 'required',
            'email'      => 'required|unique:users',
        ]);

        //  Create the user
        $newUser = User::create([
            'role_id'    => $request->role,
            'username'   => $request->username,
            'first_name' => $request->first_name,
            'last_name'  => $request->last_name,
            'email'      => $request->email,
            'password'   => bcrypt(strtolower(Str::random(15))),
        ]);
        $userID = $newUser->user_id;
        Log::debug('New User created.  Data - ', $newUser->toArray());
        //  Create the user settings table
        UserSettings::create([
            'user_id' => $userID,
        ]);
        Log::debug('User Settings table created for user ID '.$userID);

        //  Create the setup user link
        $hash = strtolower(Str::random(30));
        UserInitialize::create([
            'username' => $request->username,
            'token'    => $hash
        ]);
        Log::debug('User Initialize link created for User ID '.$userID.'. New Link Hash - '.$hash);

        //  Email the new user
        Notification::send($newUser, new NewUserEmail($newUser, $hash));

        Log::notice('New user '.$newUser->first_name.' '.$newUser->last_name.' created by '.Auth::user()->full_name.'. User Data:', $newUser->toArray());

        // return redirect()->back()->with('success', 'New User Created');
        return response()->json(['success' => true]);
    }

    //  List all inactive users
    public function show($type)
    {
        Log::debug('Route ' . Route::currentRouteName() . ' visited by ' . Auth::user()->full_name);
        $route = '';

        if($type !== 'inactive')
        {
            Log::error('Someone tried to access the Inactive Users link with an improper argument - Argument: '.$type);
            return abort(404);
        }
        $userList = new UserCollection(User::onlyTrashed()->get()
                /** @scrutinizer ignore-call */
                ->makeVisible('user_id')
                ->makeVisible('deleted_at'));

        Log::debug('List of inactive users - ', array($userList));
        return view('admin.userDeleted', [
            'userList' => $userList,
            'route'    => $route,
        ]);
    }

    //  Reactivate a disabled user
    public function reactivateUser($id)
    {
        Log::debug('Route ' . Route::currentRouteName() . ' visited by ' . Auth::user()->full_name);
        User::withTrashed()->where('user_id', $id)->restore();

        Log::notice('User ID ' . $id . ' reactivated by ' . Auth::user()->full_name);
        return response()->json([
            'success' => true,
        ]);
    }

    //  Open the edit user form
    public function edit($id)
    {
        Log::debug('Route ' . Route::currentRouteName() . ' visited by ' . Auth::user()->full_name);

        $roles = UserRoleType::all();
        $user  = new UserResource(User::findOrFail($id));

        //  Make sure that the user is not trying to edit someone with more permissions
        if(($user->role_id == 1 || $user->role_id == 2) && Auth::user()->role_id <=2)
        {
            Log::warning('User '.Auth::user()->full_name.' tried to update user ID '.$id.' that has more permissions than they do.  This request was denied.');
            return abort(403);
        }

        Log::debug('User Data gathered - ', array($user));

        //  Good to go - get role information
        $roleArr = [];
        foreach ($roles as $role)
        {
            if ($role->role_id == 1 && Auth::user()->role_id != 1)
            {
                continue;
            }
            else if ($role->role_id == 2 && Auth::user()->role_id > 2)
            {
                continue;
            }
            else
            {
                // $roleArr[$role->role_id] = $role->name;
                $roleArr[] = [
                    'value' => $role->role_id,
                    'text'  => $role->name,
                ];
            }
        }

        Log::debug('Role Data gathered:', $roleArr);
        return view('admin.userEdit', [
            'roles' => $roleArr,
            'user'  => $user->
            /** @scrutinizer ignore-call */
            makeVisible(['user_id', 'username']),
        ]);
    }

    //  Submit the update user form
    public function update(Request $request, $id)
    {
        Log::debug('Route '.Route::currentRouteName().' visited by '.Auth::user()->full_name.'. Submitted Data:', $request->toArray());

        $request->validate([
            'username'   => [
                                'required',
                                Rule::unique('users')->ignore($id, 'user_id')
                            ],
            'first_name' => 'required',
            'last_name'  => 'required',
            'email'      => [
                                'required',
                                Rule::unique('users')->ignore($id, 'user_id')
                            ],
            'role'       => 'required',
        ]);

        //  Update the user data
        $user = User::findOrFail($id);
        if($user->role_id < Auth::user()->role_id)
        {
            Log::warning('User ' . Auth::user()->full_name . ' tried to update user ID ' . $id . ' that has more permissions than they do.  This request was denied.');
            return abort(403);
        }

        $user->update(
        [
            'username'   => $request->username,
            'first_name' => $request->first_name,
            'last_name'  => $request->last_name,
            'email'      => $request->email,
            'role_id'    => $request->role,
        ]);

        //  Update the user's role
        Log::info('User information for '.$request->first_name.' '.$request->last_name.' (ID: '.$id.') has been updated by '.Auth::user()->full_name);
        return response()->json(['success' => true]);
    }

    //  Submit the change password form
    public function submitPassword(Request $request)
    {
        Log::debug('Route '.Route::currentRouteName().' visited by '.Auth::user()->full_name);

        $request->validate([
            'password' => 'required|string|min:6|confirmed',
            'user_id'  => 'required',
        ]);

        if($request->force_change)
        {
            $nextChange = Carbon::now()->subDay();
        }
        else
        {
            $nextChange = config('auth.passwords.settings.expire') != null ? Carbon::now()->addDays(config('auth.passwords.settings.expire')) : null;
        }

        $user = User::find($request->user_id);

        //  Verify this is a valid user ID
        if (!$user)
        {
            $success = false;
            $reason  = 'Cannot find user with this ID';
        }
        //  Make sure that the user is not trying to deactivate someone with more permissions
        else if ($user->role_id < Auth::user()->role_id)
        {
            $success = false;
            $reason  = 'You cannot change password for a user with higher permissions that you.  If this user has locked themselves out, have then use the reset link on the login page.';
        }
        //  Good to go - update user password
        else
        {
            //  Update the user data
            $user->update(
            [
                'password'         => bcrypt($request->password),
                'password_expires' => $nextChange
            ]);
            $success = true;
            $reason  = 'Password for '.$user->full_name.' successfully reset.';
        }

        Log::notice('User ID-'.$request->user_id.' password chagned by '.Auth::user()->Full_name, [
            'success' => $success,
            'reason'  => $reason,
        ]);

        return response()->json([
            'success' => $success,
            'reason'  => $reason,
        ]);
    }

    //  Disable the user
    public function destroy($id)
    {
        Log::debug('Route ' . Route::currentRouteName() . ' visited by ' . Auth::user()->full_name);

        $user = User::find($id);

        //  Verify this is a valid user ID
        if(!$user)
        {
            $success = false;
            $reason  = 'Cannot find user with this ID';
        }
        //  Make suer that the user is not trying to deactivate themselves
        else if(Auth::user()->user_id == $id)
        {
            $success = false;
            $reason  = 'You cannot deactivate yourself';
        }
        //  Make sure that the user is not trying to deactivate someone with more permissions
        else if($user->role_id < Auth::user()->role_id)
        {
            $success = false;
            $reason  = 'You cannot deactivate a user with higher permissions that you.';
        }
        //  Good to go - deactivate user
        else
        {
            // $user->update(['active' => 0]);
            $user->delete();
            $success = true;
            $reason  = 'User '.$user->full_name.' successfully deactivated.';
        }

        Log::notice('User ID-'.$id.' disabled by '.Auth::user()->full_name, [
            'success' => $success,
            'reason'  => $reason,
        ]);

        return response()->json([
            'success' => $success,
            'reason'  => $reason,
        ]);
    }
}


1		<?php
2
3		namespace App\Http\Controllers\Admin;
4
5		use App\User;
6		use Carbon\Carbon;
7		use App\UserSettings;
8		use App\UserRoleType;
9		use App\UserInitialize;
10		use Illuminate\Support\Str;
11		use Illuminate\Http\Request;
12		use Illuminate\Validation\Rule;
13		use App\Notifications\NewUserEmail;
14		use Illuminate\Support\Facades\Log;
15		use Illuminate\Support\Facades\Auth;
16		use App\Http\Controllers\Controller;
17		use Illuminate\Support\Facades\Route;
18		use App\Http\Resources\UserCollection;
19		use App\Http\Resources\User as UserResource;
20		use Illuminate\Support\Facades\Notification;
21
22		class UserController extends Controller
23		{
24		// Constructor sets up middleware
25	142	public function __construct()
26		{
27	142	$this->middleware('auth')->except('initializeUser', 'submitInitializeUser');
28		$this->middleware(function($request, $next) {
29	122	$this->authorize('hasAccess', 'Manage Users');
30	102	return $next($request);
31	142	});
32	142	}
33
34		// Show the list of current users to edit
35	2	public function index()
36		{
37	2	Log::debug('Route ' . Route::currentRouteName() . ' visited by ' . Auth::user()->full_name);
38
39	2	$userList = User::with('LastUserLogin')->get()->makeVisible('user_id');
40	2	$route = 'admin.user.edit';
41
42	2	Log::debug('User list:', $userList->toArray());
43
44	2	return view('admin.userIndex', [
45	2	'userList' => $userList,
46	2	'route' => $route,
47		]);
48		}
49
50		// Check if a username is in use
51	12	public function checkUser($username, $type)
52		{
53	12	Log::debug('Route '.Route::currentRouteName().' visited by '.Auth::user()->full_name.'. Submitted Data:', ['username' => $username, 'type' => $type]);
54
55	12	$user = User::where($type, $username)->first();
56
57	12	if(!$user)
58		{
59	4	Log::debug('Username '.$username.' is available for use');
60	4	return response()->json(['duplicate' => false]);
61		}
62
63	8	Log::debug('Username '.$username.' is in use by '.$user->full_name);
64	8	return response()->json([
65	8	'duplicate' => true,
66	8	'user' => $user->full_name,
67	8	'active' => $user->deleted_at == null ? 1 : 0,
68		]);
69		}
70
71		// Show the Add User form
72	8	public function create()
73		{
74	8	Log::debug('Route ' . Route::currentRouteName() . ' visited by ' . Auth::user()->full_name);
75
76	8	$roles = UserRoleType::all();
77	8	$roleArr = [];
78		// Cycle through the roles and determine if admin and installer roles should be removed
79	8	foreach($roles as $role)
80		{
81	8	if($role->role_id == 1 && Auth::user()->role_id != 1)
82		{
83	4	Log::debug('Installer Role skipped for User '.Auth::user()->full_name);
84	4	continue;
85		}
86	8	else if($role->role_id == 2 && Auth::user()->role_id > 2)
87		{
88	2	Log::debug('Admin Role skipped for User '.Auth::user()->full_name);
89	2	continue;
90		}
91		else
92		{
93	8	$roleArr[] = [
94	8	'value' => $role->role_id,
95	8	'text' => $role->name,
96		];
97		}
98		}
99
100	8	Log::debug('Role data gathered: ', $roleArr);
101	8	return view('admin.newUser', [
102	8	'roles' => $roleArr
103		]);
104		}
105
106		// Submit the Add User form
107	16	public function store(Request $request)
108		{
109	16	Log::debug('Route '.Route::currentRouteName().' visited by '.Auth::user()->full_name.'. Submitted Data:', $request->toArray());
110
111		// Validate the new user form
112	16	$request->validate([
113	16	'role' => 'required\|numeric\|exists:user_role_types,role_id',
114		'username' => 'required\|unique:users\|regex:/^[a-zA-Z0-9_]*$/',
115		'first_name' => 'required',
116		'last_name' => 'required',
117		'email' => 'required\|unique:users',
118		]);
119
120		// Create the user
121	2	$newUser = User::create([
122	2	'role_id' => $request->role,
123	2	'username' => $request->username,
124	2	'first_name' => $request->first_name,
125	2	'last_name' => $request->last_name,
126	2	'email' => $request->email,
127	2	'password' => bcrypt(strtolower(Str::random(15))),
128		]);
129	2	$userID = $newUser->user_id;
130	2	Log::debug('New User created. Data - ', $newUser->toArray());
131		// Create the user settings table
132	2	UserSettings::create([
133	2	'user_id' => $userID,
134		]);
135	2	Log::debug('User Settings table created for user ID '.$userID);
136
137		// Create the setup user link
138	2	$hash = strtolower(Str::random(30));
139	2	UserInitialize::create([
140	2	'username' => $request->username,
141	2	'token' => $hash
142		]);
143	2	Log::debug('User Initialize link created for User ID '.$userID.'. New Link Hash - '.$hash);
144
145		// Email the new user
146	2	Notification::send($newUser, new NewUserEmail($newUser, $hash));
147
148	2	Log::notice('New user '.$newUser->first_name.' '.$newUser->last_name.' created by '.Auth::user()->full_name.'. User Data:', $newUser->toArray());
149
150		// return redirect()->back()->with('success', 'New User Created');
151	2	return response()->json(['success' => true]);
152		}
153
154		// List all inactive users
155	6	public function show($type)
156		{
157	6	Log::debug('Route ' . Route::currentRouteName() . ' visited by ' . Auth::user()->full_name);
158	6	$route = '';
159
160	6	if($type !== 'inactive')
161		{
162	2	Log::error('Someone tried to access the Inactive Users link with an improper argument - Argument: '.$type);
163	2	return abort(404);
164		}
165	4	$userList = new UserCollection(User::onlyTrashed()->get()
166		/** @scrutinizer ignore-call */
167	4	->makeVisible('user_id')
168	4	->makeVisible('deleted_at'));
169
170	4	Log::debug('List of inactive users - ', array($userList));
171	4	return view('admin.userDeleted', [
172	4	'userList' => $userList,
173	4	'route' => $route,
174		]);
175		}
176
177		// Reactivate a disabled user
178	4	public function reactivateUser($id)
179		{
180	4	Log::debug('Route ' . Route::currentRouteName() . ' visited by ' . Auth::user()->full_name);
181	4	User::withTrashed()->where('user_id', $id)->restore();
182
183	4	Log::notice('User ID ' . $id . ' reactivated by ' . Auth::user()->full_name);
184	4	return response()->json([
185	4	'success' => true,
186		]);
187		}
188
189		// Open the edit user form
190	12	public function edit($id)
191		{
192	12	Log::debug('Route ' . Route::currentRouteName() . ' visited by ' . Auth::user()->full_name);
193
194	12	$roles = UserRoleType::all();
195	12	$user = new UserResource(User::findOrFail($id));
196
197		// Make sure that the user is not trying to edit someone with more permissions
198	10	if(($user->role_id == 1 \|\| $user->role_id == 2) && Auth::user()->role_id <=2)
199		{
200	2	Log::warning('User '.Auth::user()->full_name.' tried to update user ID '.$id.' that has more permissions than they do. This request was denied.');
201	2	return abort(403);
202		}
203
204	8	Log::debug('User Data gathered - ', array($user));
205
206		// Good to go - get role information
207	8	$roleArr = [];
208	8	foreach ($roles as $role)
209		{
210	8	if ($role->role_id == 1 && Auth::user()->role_id != 1)
211		{
212	4	continue;
213		}
214	8	else if ($role->role_id == 2 && Auth::user()->role_id > 2)
215		{
216	2	continue;
217		}
218		else
219		{
220		// $roleArr[$role->role_id] = $role->name;
221	8	$roleArr[] = [
222	8	'value' => $role->role_id,
223	8	'text' => $role->name,
224		];
225		}
226		}
227
228	8	Log::debug('Role Data gathered:', $roleArr);
229	8	return view('admin.userEdit', [
230	8	'roles' => $roleArr,
231		'user' => $user->
232		/** @scrutinizer ignore-call */
233	8	makeVisible(['user_id', 'username']),
234		]);
235		}
236
237		// Submit the update user form
238	22	public function update(Request $request, $id)
239		{
240	22	Log::debug('Route '.Route::currentRouteName().' visited by '.Auth::user()->full_name.'. Submitted Data:', $request->toArray());
241
242	22	$request->validate([
243		'username' => [
244	22	'required',
245	22	Rule::unique('users')->ignore($id, 'user_id')
246		],
247	22	'first_name' => 'required',
248	22	'last_name' => 'required',
249		'email' => [
250	22	'required',
251	22	Rule::unique('users')->ignore($id, 'user_id')
252		],
253	22	'role' => 'required',
254		]);
255
256		// Update the user data
257	8	$user = User::findOrFail($id);
258	6	if($user->role_id < Auth::user()->role_id)
259		{
260	2	Log::warning('User ' . Auth::user()->full_name . ' tried to update user ID ' . $id . ' that has more permissions than they do. This request was denied.');
261	2	return abort(403);
262		}
263
264	4	$user->update(
265		[
266	4	'username' => $request->username,
267	4	'first_name' => $request->first_name,
268	4	'last_name' => $request->last_name,
269	4	'email' => $request->email,
270	4	'role_id' => $request->role,
271		]);
272
273		// Update the user's role
274	4	Log::info('User information for '.$request->first_name.' '.$request->last_name.' (ID: '.$id.') has been updated by '.Auth::user()->full_name);
275	4	return response()->json(['success' => true]);
276		}
277
278		// Submit the change password form
279	12	public function submitPassword(Request $request)
280		{
281	12	Log::debug('Route '.Route::currentRouteName().' visited by '.Auth::user()->full_name);
282
283	12	$request->validate([
284	12	'password' => 'required\|string\|min:6\|confirmed',
285		'user_id' => 'required',
286		]);
287
288	8	if($request->force_change)
289		{
290	6	$nextChange = Carbon::now()->subDay();
291		}
292		else
293		{
294	2	$nextChange = config('auth.passwords.settings.expire') != null ? Carbon::now()->addDays(config('auth.passwords.settings.expire')) : null;
295		}
296
297	8	$user = User::find($request->user_id);
298
299		// Verify this is a valid user ID
300	8	if (!$user)
301		{
302	2	$success = false;
303	2	$reason = 'Cannot find user with this ID';
304		}
305		// Make sure that the user is not trying to deactivate someone with more permissions
306	6	else if ($user->role_id < Auth::user()->role_id)
307		{
308	2	$success = false;
309	2	$reason = 'You cannot change password for a user with higher permissions that you. If this user has locked themselves out, have then use the reset link on the login page.';
310		}
311		// Good to go - update user password
312		else
313		{
314		// Update the user data
315	4	$user->update(
316		[
317	4	'password' => bcrypt($request->password),
318	4	'password_expires' => $nextChange
319		]);
320	4	$success = true;
321	4	$reason = 'Password for '.$user->full_name.' successfully reset.';
322		}
323
324	8	Log::notice('User ID-'.$request->user_id.' password chagned by '.Auth::user()->Full_name, [
325	8	'success' => $success,
326	8	'reason' => $reason,
327		]);
328
329	8	return response()->json([
330	8	'success' => $success,
331	8	'reason' => $reason,
332		]);
333		}
334
335		// Disable the user
336	8	public function destroy($id)
337		{
338	8	Log::debug('Route ' . Route::currentRouteName() . ' visited by ' . Auth::user()->full_name);
339
340	8	$user = User::find($id);
341
342		// Verify this is a valid user ID
343	8	if(!$user)
344		{
345	2	$success = false;
346	2	$reason = 'Cannot find user with this ID';
347		}
348		// Make suer that the user is not trying to deactivate themselves
349	6	else if(Auth::user()->user_id == $id)
350		{
351	2	$success = false;
352	2	$reason = 'You cannot deactivate yourself';
353		}
354		// Make sure that the user is not trying to deactivate someone with more permissions
355	4	else if($user->role_id < Auth::user()->role_id)
356		{
357	2	$success = false;
358	2	$reason = 'You cannot deactivate a user with higher permissions that you.';
359		}
360		// Good to go - deactivate user
361		else
362		{
363		// $user->update(['active' => 0]);
364	2	$user->delete();
365	2	$success = true;
366	2	$reason = 'User '.$user->full_name.' successfully deactivated.';
367		}
368
369	8	Log::notice('User ID-'.$id.' disabled by '.Auth::user()->full_name, [
370	8	'success' => $success,
371	8	'reason' => $reason,
372		]);
373
374	8	return response()->json([
375	8	'success' => $success,
376	8	'reason' => $reason,
377		]);
378		}
379		}
380

butcherman / Tech_Bench

Push — dev5 ( da16e0...6692a0 )

UserController::submitPassword() A

Complexity

Size

Duplication

Code Coverage

Importance

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like