View GitHub Repository laravel-magiclink

Schedule Inspection
Subscribe
Passed
Pull Request — master (#39)
by Cesar
04:28
created

AskForAccessCode::isAccessCodeValid()   A

↳ Parent: AskForAccessCode

Complexity

Conditions 2
Paths 2

Size

Total Lines 9
Code Lines 4

Duplication

Lines 0
Ratio 0 %

Importance

Changes 1
Bugs 0 Features 0
Metric Value
eloc 4
c 1
b 0
f 0
dl 0
loc 9
rs 10
cc 2
nc 2
nop 2
1 
<?php
2 

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    3
                

                                    
                                                    
                
                
                
namespace MagicLink\Middlewares;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    4
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    5
                

                                    
                                                    
                
                
                
use Closure;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    6
                

                                    
                                                    
                
                
                
use Illuminate\Contracts\Encryption\DecryptException;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    7
                

                                    
                                                    
                
                
                
use Illuminate\Http\Request;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    8
                

                                    
                                                    
                
                
                
use Illuminate\Support\Facades\Hash;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    9
                

                                    
                                                    
                
                
                
use MagicLink\MagicLink;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    10
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    11
                

                                    
                                                    
                
                
                
class AskForAccessCode

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    12
                

                                    
                                                    
                
                
                
{

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    13
                

                                    
                                                    
                
                
                
    /**

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    14
                

                                    
                                                    
                
                
                
     * Handle an incoming request.

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    15
                

                                    
                                                    
                
                
                
     *

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    16
                

                                    
                                                    
                
                
                
     * @param  \Illuminate\Http\Request  $request

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    17
                

                                    
                                                    
                
                
                
     * @param  \Closure  $next

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    18
                

                                    
                                                    
                
                
                
     * @return mixed

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    19
                

                                    
                                                    
                
                
                
     */

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    20
                

                                    
                                                    
                
                
                
    public function handle(Request $request, Closure $next)

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    21
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    22
                

                                    
                                                    
                
                
                
        $magicLink = MagicLink::getValidMagicLinkByToken($request->route('token'));

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Bug
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                        

                                        
It seems like $request->route('token') can also be of type Illuminate\Routing\Route and object; however, parameter $token of MagicLink\MagicLink::getValidMagicLinkByToken() does only seem to accept string, maybe add an additional type check?
                                                                                                                                                                                           (
                                     Ignorable by Annotation
                                )
                                

                                    
 If this is a false-positive, you can also ignore this issue in your code via the ignore-type   annotation

                                    

                                        

                                            22
                                            
                                                
        $magicLink = MagicLink::getValidMagicLinkByToken(/** @scrutinizer ignore-type */ $request->route('token'));

                                        

                                                                            

                                

                                                                                                                                                                                                                                                                                        

                    
                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                                                                            
                            
            
                                    
            
            

                
                    23
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    24
                

                                    
                                                    
                
                
                
        if (!$magicLink || is_null($magicLink->access_code ?? null)) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    25
                

                                    
                                                    
                
                
                
            return $next($request);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    26
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    27
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    28
                

                                    
                                                    
                
                
                
        if ($this->isAccessCodeValid($request->route('token'), $request->get('download-plan-access-code'))) {

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Bug
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                        

                                        
It seems like $request->route('token') can also be of type Illuminate\Routing\Route and null and object; however, parameter $token of MagicLink\Middlewares\As...de::isAccessCodeValid() does only seem to accept string, maybe add an additional type check?
                                                                                                                                                                                           (
                                     Ignorable by Annotation
                                )
                                

                                    
 If this is a false-positive, you can also ignore this issue in your code via the ignore-type   annotation

                                    

                                        

                                            28
                                            
                                                
        if ($this->isAccessCodeValid(/** @scrutinizer ignore-type */ $request->route('token'), $request->get('download-plan-access-code'))) {

                                        

                                                                            

                                

                                                                                                                                                                                                                                                                                        

                    
                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                                                                            
                            
            
                                    
            
            

                
                    29
                

                                    
                                                    
                
                
                
            // access code is valid

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    30
                

                                    
                                                    
                
                
                
            return redirect($request->url())->withCookie(

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    31
                

                                    
                                                    
                
                
                
                cookie(

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    32
                

                                    
                                                    
                
                
                
                    'magic-link-access-code',

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    33
                

                                    
                                                    
                
                
                
                    encrypt($request->get('download-plan-access-code')),

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    34
                

                                    
                                                    
                
                
                
                    0,

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    35
                

                                    
                                                    
                
                
                
                    '/'

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    36
                

                                    
                                                    
                
                
                
                )

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    37
                

                                    
                                                    
                
                
                
            );

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    38
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    39
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    40
                

                                    
                                                    
                
                
                
        try {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    41
                

                                    
                                                    
                
                
                
            $accessCode = decrypt($request->cookie('magic-link-access-code'));

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Bug
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                        

                                        
It seems like $request->cookie('magic-link-access-code') can also be of type array; however, parameter $value of decrypt() does only seem to accept string, maybe add an additional type check?
                                                                                                                                                                                           (
                                     Ignorable by Annotation
                                )
                                

                                    
 If this is a false-positive, you can also ignore this issue in your code via the ignore-type   annotation

                                    

                                        

                                            41
                                            
                                                
            $accessCode = decrypt(/** @scrutinizer ignore-type */ $request->cookie('magic-link-access-code'));

                                        

                                                                            

                                

                                                                                                                                                                                                                                                                                        

                    
                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                                                                            
                            
            
                                    
            
            

                
                    42
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    43
                

                                    
                                                    
                
                
                
            // Validate access_code

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    44
                

                                    
                                                    
                
                
                
            if ($this->isAccessCodeValid($request->route('token'), $accessCode)) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    45
                

                                    
                                                    
                
                
                
                return $next($request);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    46
                

                                    
                                                    
                
                
                
            }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    47
                

                                    
                                                    
                
                
                
        } catch (DecryptException $e) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    48
                

                                    
                                                    
                
                
                
            // empty value in cookie

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    49
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    50
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    51
                

                                    
                                                    
                
                
                
        return response(view('magiclink::ask-for-access-code-form'), 403);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    52
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    53
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    54
                

                                    
                                                    
                
                
                
    private function isAccessCodeValid(string $token, ?string $accessCode): bool

            


            
                                                                        
                            
            
                                    
            
            

                
                    55
                

                                    
                                                    
                
                
                
    {

            


            
                                                                        
                            
            
                                    
            
            

                
                    56
                

                                    
                                                    
                
                
                
        if ($accessCode === null) {

            


            
                                                                        
                            
            
                                    
            
            

                
                    57
                

                                    
                                                    
                
                
                
            return false;

            


            
                                                                        
                            
            
                                    
            
            

                
                    58
                

                                    
                                                    
                
                
                
        }

            


            
                                                                        
                            
            
                                    
            
            

                
                    59
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    60
                

                                    
                                                    
                
                
                
        $magicLink = MagicLink::getValidMagicLinkByToken($token);

            


            
                                                                        
                            
            
                                    
            
            

                
                    61
                

                                    
                                                    
                
                
                

            


            
                                                                        
                            
            
                                    
            
            

                
                    62
                

                                    
                                                    
                
                
                
        return Hash::check($accessCode, $magicLink->access_code);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    63
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    64
                

                                    
                                                    
                
                
                
}

            


            
                                                        
            
                                    
            
            

                
                    65