FormAuthentication::checkingRequirements() - Code Metrics - Inspection of "little fixes, PasswordManager and many tests" - chubbyphp/chubbyphp-security - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 67ec2b...d15b3f )

by Dominik

created 2016-10-08 16:42 UTC

FormAuthentication::checkingRequirements() A

↳ Parent: FormAuthentication

Complexity

Conditions	4
Paths	8

Size

Total Lines	17
Code Lines	9

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	17
rs	9.2
c	0
b	0
f	0
cc	4
eloc	9
nc	8
nop	1

<?php

namespace Chubbyphp\Security\Authentication;

use Chubbyphp\Model\RepositoryInterface;
use Chubbyphp\Security\Authentication\Exception\AuthenticationExceptionInterface;
use Chubbyphp\Security\Authentication\Exception\InvalidPasswordException;
use Chubbyphp\Security\Authentication\Exception\MissingRequirementException;
use Chubbyphp\Security\Authentication\Exception\UserNotFoundException;
use Chubbyphp\Session\SessionInterface;
use Psr\Http\Message\ServerRequestInterface as Request;

final class FormAuthentication implements AuthenticationInterface
{
    /**
     * @var PasswordManagerInterface
     */
    private $passwordManager;

    /**
     * @var SessionInterface
     */
    private $session;

    const USER_KEY = 'u';

    /**
     * @var RepositoryInterface
     */
    private $userRepository;

    /**
     * @param PasswordManagerInterface $passwordManager
     * @param SessionInterface         $session
     * @param RepositoryInterface      $userRepository
     */
    public function __construct(
        PasswordManagerInterface $passwordManager,
        SessionInterface $session,
        RepositoryInterface $userRepository
    ) {
        $this->passwordManager = $passwordManager;
        $this->session = $session;
        $this->userRepository = $userRepository;
    }

    /**
     * @param Request $request
     *
     * @throws AuthenticationExceptionInterface
     */
    public function login(Request $request)
    {
        $data = $request->getParsedBody();
        $this->checkingRequirements($data);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}

        /** @var UserPasswordInterface $user */
        if (null === $user = $this->userRepository->findOneBy(['username' => $data['username']])) {
            throw UserNotFoundException::create(['username' => $data['username']]);
        }

        if (!$this->passwordManager->verify($data['password'], $user->getPassword())) {
            throw InvalidPasswordException::create();
        }

        $this->session->set($request, self::USER_KEY, $user->getId());
    }

    /**
     * @param array $data
     */
    private function checkingRequirements(array $data)
    {
        $fields = [];
        if (!isset($data['username'])) {
            $fields[] = 'username';
        }

        if (!isset($data['password'])) {
            $fields[] = 'password';
        }

        if ([] === $fields) {
            return;
        }

        throw MissingRequirementException::create($fields);
    }

    /**
     * @param Request $request
     */
    public function logout(Request $request)
    {
        $this->session->remove($request, self::USER_KEY);
    }

    /**
     * @param Request $request
     *
     * @return bool
     */
    public function isAuthenticated(Request $request): bool
    {
        return null !== $this->getAuthenticatedUser($request);
    }

    /**
     * @param Request $request
     *
     * @return UserPasswordInterface|null
     */
    public function getAuthenticatedUser(Request $request)
    {
        if (!$this->session->has($request, self::USER_KEY)) {
            return null;
        }

        $id = $this->session->get($request, self::USER_KEY);

        $user = $this->userRepository->find($id);

        // remove from storage, but still a id in session
        if (null === $user) {
            $this->session->remove($request, self::USER_KEY);

            return null;
        }

        return $user;
    }
}


1			<?php
2
3			namespace Chubbyphp\Security\Authentication;
4
5			use Chubbyphp\Model\RepositoryInterface;
6			use Chubbyphp\Security\Authentication\Exception\AuthenticationExceptionInterface;
7			use Chubbyphp\Security\Authentication\Exception\InvalidPasswordException;
8			use Chubbyphp\Security\Authentication\Exception\MissingRequirementException;
9			use Chubbyphp\Security\Authentication\Exception\UserNotFoundException;
10			use Chubbyphp\Session\SessionInterface;
11			use Psr\Http\Message\ServerRequestInterface as Request;
12
13			final class FormAuthentication implements AuthenticationInterface
14			{
15			/**
16			* @var PasswordManagerInterface
17			*/
18			private $passwordManager;
19
20			/**
21			* @var SessionInterface
22			*/
23			private $session;
24
25			const USER_KEY = 'u';
26
27			/**
28			* @var RepositoryInterface
29			*/
30			private $userRepository;
31
32			/**
33			* @param PasswordManagerInterface $passwordManager
34			* @param SessionInterface $session
35			* @param RepositoryInterface $userRepository
36			*/
37			public function __construct(
38			PasswordManagerInterface $passwordManager,
39			SessionInterface $session,
40			RepositoryInterface $userRepository
41			) {
42			$this->passwordManager = $passwordManager;
43			$this->session = $session;
44			$this->userRepository = $userRepository;
45			}
46
47			/**
48			* @param Request $request
49			*
50			* @throws AuthenticationExceptionInterface
51			*/
52			public function login(Request $request)
53			{
54			$data = $request->getParsedBody();
55			$this->checkingRequirements($data);
			0 ignored issues – show Bug introduced 2016-10-08 16:44 UTC by Report Bug Copy Issue Report It seems like `$data` defined by `$request->getParsedBody()` on line `54` can also be of type `null` or `object`; however, `Chubbyphp\Security\Authe...:checkingRequirements()` does only seem to accept `array`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
56
57			/** @var UserPasswordInterface $user */
58			if (null === $user = $this->userRepository->findOneBy(['username' => $data['username']])) {
59			throw UserNotFoundException::create(['username' => $data['username']]);
60			}
61
62			if (!$this->passwordManager->verify($data['password'], $user->getPassword())) {
63			throw InvalidPasswordException::create();
64			}
65
66			$this->session->set($request, self::USER_KEY, $user->getId());
67			}
68
69			/**
70			* @param array $data
71			*/
72			private function checkingRequirements(array $data)
73			{
74			$fields = [];
75			if (!isset($data['username'])) {
76			$fields[] = 'username';
77			}
78
79			if (!isset($data['password'])) {
80			$fields[] = 'password';
81			}
82
83			if ([] === $fields) {
84			return;
85			}
86
87			throw MissingRequirementException::create($fields);
88			}
89
90			/**
91			* @param Request $request
92			*/
93			public function logout(Request $request)
94			{
95			$this->session->remove($request, self::USER_KEY);
96			}
97
98			/**
99			* @param Request $request
100			*
101			* @return bool
102			*/
103			public function isAuthenticated(Request $request): bool
104			{
105			return null !== $this->getAuthenticatedUser($request);
106			}
107
108			/**
109			* @param Request $request
110			*
111			* @return UserPasswordInterface\|null
112			*/
113			public function getAuthenticatedUser(Request $request)
114			{
115			if (!$this->session->has($request, self::USER_KEY)) {
116			return null;
117			}
118
119			$id = $this->session->get($request, self::USER_KEY);
120
121			$user = $this->userRepository->find($id);
122
123			// remove from storage, but still a id in session
124			if (null === $user) {
125			$this->session->remove($request, self::USER_KEY);
126
127			return null;
128			}
129
130			return $user;
131			}
132			}
133

chubbyphp / chubbyphp-security

Push — master ( 67ec2b...d15b3f )

FormAuthentication::checkingRequirements() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like