MagicLink\Middlewares\AskForAccessCode

Complexity

Total Complexity

8

Size/Duplication

Total Lines	52
Duplicated Lines	0 %

Importance

Changes	2
Bugs	0	Features	0

2 Methods

Rating	Name	Duplication	Size	Complexity
A	isAccessCodeValid()	0	9	2
A	handle()	0	32	6

<?php

namespace MagicLink\Middlewares;

use Closure;
use Illuminate\Contracts\Encryption\DecryptException;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use MagicLink\MagicLink;

class AskForAccessCode
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle(Request $request, Closure $next)
    {
        $magicLink = MagicLink::getValidMagicLinkByToken($request->route('token'));

It seems like $request->route('token') can also be of type Illuminate\Routing\Route and object; however, parameter $token of MagicLink\MagicLink::getValidMagicLinkByToken() does only seem to accept string, maybe add an additional type check?

        if (! $magicLink || is_null($magicLink->access_code ?? null)) {
            return $next($request);
        }

        if ($this->isAccessCodeValid($request->route('token'), $request->get('download-plan-access-code'))) {

It seems like $request->route('token') can also be of type Illuminate\Routing\Route and null and object; however, parameter $token of MagicLink\Middlewares\AskForAccessCode::isAccessCodeValid() does only seem to accept string, maybe add an additional type check?

            // access code is valid
            return redirect($request->url())->withCookie(
                cookie(
                    'magic-link-access-code',
                    encrypt($request->get('download-plan-access-code')),
                    0,
                    '/'
                )
            );
        }

        try {
            $accessCode = decrypt($request->cookie('magic-link-access-code'));

It seems like $request->cookie('magic-link-access-code') can also be of type array; however, parameter $value of decrypt() does only seem to accept string, maybe add an additional type check?

            // Validate access_code
            if ($this->isAccessCodeValid($request->route('token'), $accessCode)) {
                return $next($request);
            }
        } catch (DecryptException $e) {
            // empty value in cookie
        }

        return response(view('magiclink::ask-for-access-code-form'), 403);
    }

    private function isAccessCodeValid(string $token, ?string $accessCode): bool
    {
        if ($accessCode === null) {
            return false;
        }

        $magicLink = MagicLink::getValidMagicLinkByToken($token);

        return Hash::check($accessCode, $magicLink->access_code);
    }
}