APIAuthentication - Code Metrics - Inspection of "Merge pull request #148 from michalsn/patch/patch-..." - ci-bonfire/Sprint - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — develop ( 368a03...ce69c9 )

by Lonnie

created 2016-01-10 03:21 UTC

APIAuthentication B

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	383
Duplicated Lines	12.27 %

Coupling/Cohesion

Components	1
Dependencies	1

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
wmc	37
c	1
b	0
f	0
lcom	1
cbo	1
dl	47
loc	383
rs	8.6

11 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	19	3
A	setRealm()	0	5	1
C	tryBasicAuthentication()	0	43	7
B	viaRemember()	0	44	6
A	checkIPBlacklist()	15	15	2
A	checkIPWhitelist()	17	17	2
A	loginUser()	0	16	2
A	login()	0	4	1
A	logout()	0	4	1
A	isLoggedIn()	0	4	1
C	tryDigestAuthentication()	15	74	11

How to fix Duplicated Code

<?php namespace Myth\Api\Auth;
/**
 * Sprint
 *
 * A set of power tools to enhance the CodeIgniter framework and provide consistent workflow.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 *
 * @package     Sprint
 * @author      Lonnie Ezell
 * @copyright   Copyright 2014-2015, New Myth Media, LLC (http://newmythmedia.com)
 * @license     http://opensource.org/licenses/MIT  (MIT)
 * @link        http://sprintphp.com
 * @since       Version 1.0
 */

use Myth\Auth\LocalAuthentication;
use Myth\Events;

/**
 * Class APIAuthentication
 * 
 * @package Myth\Api\Auth
 */
class APIAuthentication extends LocalAuthentication {

	protected $logged_in = false;

	protected $realm = 'WallyWorld';

	protected $email = null;

	//--------------------------------------------------------------------

	public function __construct($ci=null)
	{
		parent::__construct($ci);

		$this->ci->config->load('api');
		$this->ci->lang->load('api');

		// Has the IP address been blacklisted?
		if (config_item('auth.ip_blacklist_enabled'))
		{
			$this->checkIPBlacklist();
		}

		// Do we need to do whitelisting?
		if (config_item('auth.ip_whitelist_enabled'))
		{
			$this->checkIPWhitelist();
		}
	}

	//--------------------------------------------------------------------

	/**
	 * Sets the realm used by the authentication. The system truly only
	 * supports a single realm across the entire application, but this
	 * allows it to be set by the controller.
	 *
	 * @param $realm
	 *
	 * @return $this
	 */
	public function setRealm($realm)
	{
	    $this->realm = $realm;
		return $this;
	}

	//--------------------------------------------------------------------

	/**
	 * Checks to see if someone is authorized via HTTP Basic Authentication.
	 *
	 * @return bool
	 */
	public function tryBasicAuthentication()
	{
		$username = null;
		$password = null;

		// mod_php
		if ($this->ci->input->server('PHP_AUTH_USER')) {
			$username = $this->ci->input->server('PHP_AUTH_USER');
			$password = $this->ci->input->server('PHP_AUTH_PW');
		}

		// most other servers
		elseif ($this->ci->input->server('HTTP_AUTHENTICATION')) {
			if (strpos(strtolower($this->ci->input->server('HTTP_AUTHENTICATION')), 'basic') === 0) {
				list($username, $password) = explode(':', base64_decode(substr($this->ci->input->server('HTTP_AUTHORIZATION'), 6)));
			}
		}

		// If credentials weren't provided, we can't do anything
		// so request authorization by the client.
		if (empty($username) || empty($password))
		{
			$this->ci->output->set_header('WWW-Authenticate: Basic realm="'. config_item('api.realm') .'"');
			return false;
		}

		$data = [
			config_item('api.auth_field') => $username,
			'password'  => $password
		];

		// Set email for later throttling check
		if (config_item('api.auth_field') === 'email')
		{
			$this->email = $username;
		}

	    $user = $this->validate($data, true);

		$this->user = $user;

		return $user;
	}

	//--------------------------------------------------------------------

	/**
	 * Checks to see if someone is authorized via HTTP Digest Authentication.
	 *
	 * NOTE: This requires that a new field, 'digest_key', be added to the user's
	 * table and, during new user creation, or password reset, that the digest_key
	 * be calculated as md5({username}:{realm}:{password})
	 *
	 * References:
	 *  - http://www.faqs.org/rfcs/rfc2617.html
	 *  - http://www.sitepoint.com/understanding-http-digest-access-authentication/
	 */
	public function tryDigestAuthentication()
	{
		$digest_string = '';

		// We need to test which server authentication variable to use
		// because the PHP ISAPI module in IIS acts different from CGI
		if ($this->ci->input->server('PHP_AUTH_DIGEST'))
		{
			$digest_string = $this->ci->input->server('PHP_AUTH_DIGEST');
		}
		elseif ($this->ci->input->server('HTTP_AUTHORIZATION'))
		{
			$digest_string = $this->ci->input->server('HTTP_AUTHORIZATION');
		}

		$nonce = md5(uniqid());
		$opaque = md5(uniqid());

		// No digest string? Then you're done. Go home.
		if (empty($digest_string))

		{
			$this->ci->output->set_header( sprintf('WWW-Authenticate: Digest realm="%s", nonce="%s", opaque="%s"', config_item('api.realm'), $nonce, $opaque) );
			return false;
		}

		// Grab the parts from the digest string.
		// They will be provided as an array of the parts: username, nonce, uri, nc, cnonce, qop, response
		$matches = [];
		preg_match_all('@(username|nonce|uri|nc|cnonce|qop|response)=[\'"]?([^\'",]+)@', $digest_string, $matches);
		$digest = (empty($matches[1]) || empty($matches[2])) ? array() : array_combine($matches[1], $matches[2]);

		if (! array_key_exists('username', $digest))
		{
			$this->ci->output->set_header( sprintf('WWW-Authenticate: Digest realm="%s", nonce="%s", opaque="%s"', config_item('api.realm'), $nonce, $opaque) );
			return false;
		}

		// Set email for later throttling check
		if (config_item('api.auth_field') === 'email')
		{
			$this->email = $digest['username'];
		}

		// Grab the user that corresponds to that "username"
		// exact field determined in the api config file - api.auth_field setting.
		$user = $this->user_model->as_array()->find_by( config_item('api.auth_field'), $digest['username'] );
		if (!  $user)
		{
			$this->ci->output->set_header( sprintf('WWW-Authenticate: Digest realm="%s", nonce="%s", opaque="%s"', config_item('api.realm'), $nonce, $opaque) );
			return false;
		}

		// Calc the correct response
		$A1 = $user['digest_key'];

		if ($digest['qop'] == 'auth')
		{
			$A2 = md5( strtoupper( $_SERVER['REQUEST_METHOD'] ) .':'. $digest['uri'] );
		} else {
			$body = file_get_contents('php://input');
			$A2 = md5( strtoupper( $_SERVER['REQUEST_METHOD'] ) .':'. $digest['uri'] .':'. md5($body) );
		}
		$valid_response = md5($A1 .':'. $digest['nonce'].':'. $digest['nc'] .':'. $digest['cnonce'] .':'. $digest['qop'] .':'. $A2);

		if ($digest['response'] != $valid_response)
		{
			$this->ci->output->set_header( sprintf('WWW-Authenticate: Digest realm="%s", nonce="%s", opaque="%s"', config_item('api.realm'), $nonce, $opaque) );
			return false;
		}

		$this->user = $user;

		return $user;
	}

	//--------------------------------------------------------------------

	/**
	 * Attempts to log a user into the API via the configured 'api.auth_type'
	 * config variable in config/api.php.
	 *
	 * NOTE: Since this is intended for API use, it is a STATELESS implementation
	 * and does not support remember me functionality.
	 *
	 * This basically replaces the login() method due to the way the AuthTrait
	 * works.
	 *
	 * @return bool
	 */
	public function viaRemember()
	{
		$user = false;

		switch (config_item('api.auth_type'))
		{
			case 'basic':
				$user = $this->tryBasicAuthentication();
				break;
			case 'digest':
				$user = $this->tryDigestAuthentication();
				break;
		}

		// If the user is throttled due to too many invalid logins
		// or the system is under attack, kick them back.
		// We need to test for this after validation because we
		// don't want it to affect a valid login.

		if ($this->email)
		{
			// If throttling time is above zero, we can't allow
			// logins now.
			if ($time = (int)$this->isThrottled($this->email) > 0)
			{
				$this->error = sprintf(lang('api.throttled'), $time);
				return false;
			}

			$this->email = null;
		}

		if (! $user)
		{
			$this->user = null;
			return $user;
		}

		$this->loginUser($user);

		Events::trigger('didLogin', [$user]);

		return true;
	}

	//--------------------------------------------------------------------

	//--------------------------------------------------------------------
	// Protected Methods
	//--------------------------------------------------------------------

	/**
	 * Checks the client's IP address against any IP addresses specified
	 * in the api config file. If any are found, the client is refused
	 * access immediately.
	 */
	public function checkIPBlacklist()
	{
	    $blacklist = explode(',', config_item('api.ip_blacklist'));

		array_walk($blacklist, function (&$item, $key) {
			$item = trim($item);
		});

		if (in_array($this->ci->input->ip_address(), $blacklist))
		{
			throw new \Exception( lang('api.ip_denied'), 401);
		}

		return true;
	}
	
	//--------------------------------------------------------------------

	/**
	 * Checks the client's IP address against any IP addresses specified
	 * in the api config file. If the client is not accessing the site
	 * from one of those addresses then their access is denied.
	 */
	public function checkIPWhitelist()
	{
		$whitelist = explode(',', config_item('api.ip_whitelist'));

		array_push($whitelist, '127.0.0.1', '0.0.0.0');

		array_walk($whitelist, function (&$item, $key) {
			$item = trim($item);
		});

		if (! in_array($this->ci->input->ip_address(), $whitelist))
		{
			throw new \Exception( lang('api.ip_denied'), 401);
		}

		return true;
	}

	//--------------------------------------------------------------------

	/**
	 * Handles the nitty gritty of actually logging our user into the system.
	 * Does NOT perform the authentication, just sets the system up so that
	 * it knows we're here.
	 *
	 * @param $user
	 */
	protected function loginUser($user)
	{
		// Save the user for later access
		$this->user = $user;

		// Clear our login attempts
		$this->ci->login_model->purgeLoginAttempts($user['email']);

		// We'll give a 20% chance to need to do a purge since we
		// don't need to purge THAT often, it's just a maintenance issue.
		// to keep the table from getting out of control.
		if (mt_rand(1, 100) < 20)
		{
			$this->ci->login_model->purgeOldRememberTokens();
		}
	}

	//--------------------------------------------------------------------
	
	//--------------------------------------------------------------------
	// UNUSED METHOD OVERRIDES
	//--------------------------------------------------------------------

	/**
	 * Attempt to log a user into the system.
	 *
	 * $credentials is an array of key/value pairs needed to log the user in.
	 * This is often email/password, or username/password.
	 *
	 * NOTE: Since this is intended for API use, it is a STATELESS implementation
	 * and does not support remember me functionality.
	 *
	 * Valid credentials:
	 *  - username
	 *  - email
	 *  - realm
	 *
	 * @param $credentials
	 * @param bool $remember
	 *
	 * @return bool|mixed|void
	 */
	public function login($credentials, $remember=false)
	{
		throw new \BadMethodCallException( lang('api.unused_method') );
	}

	//--------------------------------------------------------------------

	/**
	 * Logs a user out and removes all session information.
	 *
	 * NOTE: Since this is intended for API use, it is a STATELESS implementation
	 * and does not support remember me functionality.
	 *
	 * @return mixed
	 */
	public function logout()
	{
		throw new \BadMethodCallException( lang('api.unused_method') );
	}

	//--------------------------------------------------------------------

	/**
	 * Checks whether a user is logged in or not.
	 *
	 * @return bool
	 */
	public function isLoggedIn()
	{
		return $this->logged_in;
	}

	//--------------------------------------------------------------------

}


1		<?php namespace Myth\Api\Auth;
2		/**
3		* Sprint
4		*
5		* A set of power tools to enhance the CodeIgniter framework and provide consistent workflow.
6		*
7		* Permission is hereby granted, free of charge, to any person obtaining a copy
8		* of this software and associated documentation files (the "Software"), to deal
9		* in the Software without restriction, including without limitation the rights
10		* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11		* copies of the Software, and to permit persons to whom the Software is
12		* furnished to do so, subject to the following conditions:
13		*
14		* The above copyright notice and this permission notice shall be included in
15		* all copies or substantial portions of the Software.
16		*
17		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23		* THE SOFTWARE.
24		*
25		* @package Sprint
26		* @author Lonnie Ezell
27		* @copyright Copyright 2014-2015, New Myth Media, LLC (http://newmythmedia.com)
28		* @license http://opensource.org/licenses/MIT (MIT)
29		* @link http://sprintphp.com
30		* @since Version 1.0
31		*/
32
33		use Myth\Auth\LocalAuthentication;
34		use Myth\Events;
35
36		/**
37		* Class APIAuthentication
38		*
39		* @package Myth\Api\Auth
40		*/
41		class APIAuthentication extends LocalAuthentication {
42
43		protected $logged_in = false;
44
45		protected $realm = 'WallyWorld';
46
47		protected $email = null;
48
49		//--------------------------------------------------------------------
50
51		public function __construct($ci=null)
52		{
53		parent::__construct($ci);
54
55		$this->ci->config->load('api');
56		$this->ci->lang->load('api');
57
58		// Has the IP address been blacklisted?
59		if (config_item('auth.ip_blacklist_enabled'))
60		{
61		$this->checkIPBlacklist();
62		}
63
64		// Do we need to do whitelisting?
65		if (config_item('auth.ip_whitelist_enabled'))
66		{
67		$this->checkIPWhitelist();
68		}
69		}
70
71		//--------------------------------------------------------------------
72
73		/**
74		* Sets the realm used by the authentication. The system truly only
75		* supports a single realm across the entire application, but this
76		* allows it to be set by the controller.
77		*
78		* @param $realm
79		*
80		* @return $this
81		*/
82		public function setRealm($realm)
83		{
84		$this->realm = $realm;
85		return $this;
86		}
87
88		//--------------------------------------------------------------------
89
90		/**
91		* Checks to see if someone is authorized via HTTP Basic Authentication.
92		*
93		* @return bool
94		*/
95		public function tryBasicAuthentication()
96		{
97		$username = null;
98		$password = null;
99
100		// mod_php
101		if ($this->ci->input->server('PHP_AUTH_USER')) {
102		$username = $this->ci->input->server('PHP_AUTH_USER');
103		$password = $this->ci->input->server('PHP_AUTH_PW');
104		}
105
106		// most other servers
107		elseif ($this->ci->input->server('HTTP_AUTHENTICATION')) {
108		if (strpos(strtolower($this->ci->input->server('HTTP_AUTHENTICATION')), 'basic') === 0) {
109		list($username, $password) = explode(':', base64_decode(substr($this->ci->input->server('HTTP_AUTHORIZATION'), 6)));
110		}
111		}
112
113		// If credentials weren't provided, we can't do anything
114		// so request authorization by the client.
115		if (empty($username) \|\| empty($password))
116		{
117		$this->ci->output->set_header('WWW-Authenticate: Basic realm="'. config_item('api.realm') .'"');
118		return false;
119		}
120
121		$data = [
122		config_item('api.auth_field') => $username,
123		'password' => $password
124		];
125
126		// Set email for later throttling check
127		if (config_item('api.auth_field') === 'email')
128		{
129		$this->email = $username;
130		}
131
132		$user = $this->validate($data, true);
133
134		$this->user = $user;
135
136		return $user;
137		}
138
139		//--------------------------------------------------------------------
140
141		/**
142		* Checks to see if someone is authorized via HTTP Digest Authentication.
143		*
144		* NOTE: This requires that a new field, 'digest_key', be added to the user's
145		* table and, during new user creation, or password reset, that the digest_key
146		* be calculated as md5({username}:{realm}:{password})
147		*
148		* References:
149		* - http://www.faqs.org/rfcs/rfc2617.html
150		* - http://www.sitepoint.com/understanding-http-digest-access-authentication/
151		*/
152		public function tryDigestAuthentication()
153		{
154		$digest_string = '';
155
156		// We need to test which server authentication variable to use
157		// because the PHP ISAPI module in IIS acts different from CGI
158		if ($this->ci->input->server('PHP_AUTH_DIGEST'))
159		{
160		$digest_string = $this->ci->input->server('PHP_AUTH_DIGEST');
161		}
162		elseif ($this->ci->input->server('HTTP_AUTHORIZATION'))
163		{
164		$digest_string = $this->ci->input->server('HTTP_AUTHORIZATION');
165		}
166
167		$nonce = md5(uniqid());
168		$opaque = md5(uniqid());
169
170		// No digest string? Then you're done. Go home.
171	View Code Duplication	if (empty($digest_string))
		0 ignored issues – show Duplication introduced 2016-01-10 03:34 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
172		{
173		$this->ci->output->set_header( sprintf('WWW-Authenticate: Digest realm="%s", nonce="%s", opaque="%s"', config_item('api.realm'), $nonce, $opaque) );
174		return false;
175		}
176
177		// Grab the parts from the digest string.
178		// They will be provided as an array of the parts: username, nonce, uri, nc, cnonce, qop, response
179		$matches = [];
180		preg_match_all('@(username\|nonce\|uri\|nc\|cnonce\|qop\|response)=[\'"]?([^\'",]+)@', $digest_string, $matches);
181		$digest = (empty($matches[1]) \|\| empty($matches[2])) ? array() : array_combine($matches[1], $matches[2]);
182
183	View Code Duplication	if (! array_key_exists('username', $digest))
184		{
185		$this->ci->output->set_header( sprintf('WWW-Authenticate: Digest realm="%s", nonce="%s", opaque="%s"', config_item('api.realm'), $nonce, $opaque) );
186		return false;
187		}
188
189		// Set email for later throttling check
190		if (config_item('api.auth_field') === 'email')
191		{
192		$this->email = $digest['username'];
193		}
194
195		// Grab the user that corresponds to that "username"
196		// exact field determined in the api config file - api.auth_field setting.
197		$user = $this->user_model->as_array()->find_by( config_item('api.auth_field'), $digest['username'] );
198		if (! $user)
199		{
200		$this->ci->output->set_header( sprintf('WWW-Authenticate: Digest realm="%s", nonce="%s", opaque="%s"', config_item('api.realm'), $nonce, $opaque) );
201		return false;
202		}
203
204		// Calc the correct response
205		$A1 = $user['digest_key'];
206
207		if ($digest['qop'] == 'auth')
208		{
209		$A2 = md5( strtoupper( $_SERVER['REQUEST_METHOD'] ) .':'. $digest['uri'] );
210		} else {
211		$body = file_get_contents('php://input');
212		$A2 = md5( strtoupper( $_SERVER['REQUEST_METHOD'] ) .':'. $digest['uri'] .':'. md5($body) );
213		}
214		$valid_response = md5($A1 .':'. $digest['nonce'].':'. $digest['nc'] .':'. $digest['cnonce'] .':'. $digest['qop'] .':'. $A2);
215
216	View Code Duplication	if ($digest['response'] != $valid_response)
217		{
218		$this->ci->output->set_header( sprintf('WWW-Authenticate: Digest realm="%s", nonce="%s", opaque="%s"', config_item('api.realm'), $nonce, $opaque) );
219		return false;
220		}
221
222		$this->user = $user;
223
224		return $user;
225		}
226
227		//--------------------------------------------------------------------
228
229		/**
230		* Attempts to log a user into the API via the configured 'api.auth_type'
231		* config variable in config/api.php.
232		*
233		* NOTE: Since this is intended for API use, it is a STATELESS implementation
234		* and does not support remember me functionality.
235		*
236		* This basically replaces the login() method due to the way the AuthTrait
237		* works.
238		*
239		* @return bool
240		*/
241		public function viaRemember()
242		{
243		$user = false;
244
245		switch (config_item('api.auth_type'))
246		{
247		case 'basic':
248		$user = $this->tryBasicAuthentication();
249		break;
250		case 'digest':
251		$user = $this->tryDigestAuthentication();
252		break;
253		}
254
255		// If the user is throttled due to too many invalid logins
256		// or the system is under attack, kick them back.
257		// We need to test for this after validation because we
258		// don't want it to affect a valid login.
259
260		if ($this->email)
261		{
262		// If throttling time is above zero, we can't allow
263		// logins now.
264		if ($time = (int)$this->isThrottled($this->email) > 0)
265		{
266		$this->error = sprintf(lang('api.throttled'), $time);
267		return false;
268		}
269
270		$this->email = null;
271		}
272
273		if (! $user)
274		{
275		$this->user = null;
276		return $user;
277		}
278
279		$this->loginUser($user);
280
281		Events::trigger('didLogin', [$user]);
282
283		return true;
284		}
285
286		//--------------------------------------------------------------------
287
288		//--------------------------------------------------------------------
289		// Protected Methods
290		//--------------------------------------------------------------------
291
292		/**
293		* Checks the client's IP address against any IP addresses specified
294		* in the api config file. If any are found, the client is refused
295		* access immediately.
296		*/
297	View Code Duplication	public function checkIPBlacklist()
298		{
299		$blacklist = explode(',', config_item('api.ip_blacklist'));
300
301		array_walk($blacklist, function (&$item, $key) {
302		$item = trim($item);
303		});
304
305		if (in_array($this->ci->input->ip_address(), $blacklist))
306		{
307		throw new \Exception( lang('api.ip_denied'), 401);
308		}
309
310		return true;
311		}
312
313		//--------------------------------------------------------------------
314
315		/**
316		* Checks the client's IP address against any IP addresses specified
317		* in the api config file. If the client is not accessing the site
318		* from one of those addresses then their access is denied.
319		*/
320	View Code Duplication	public function checkIPWhitelist()
321		{
322		$whitelist = explode(',', config_item('api.ip_whitelist'));
323
324		array_push($whitelist, '127.0.0.1', '0.0.0.0');
325
326		array_walk($whitelist, function (&$item, $key) {
327		$item = trim($item);
328		});
329
330		if (! in_array($this->ci->input->ip_address(), $whitelist))
331		{
332		throw new \Exception( lang('api.ip_denied'), 401);
333		}
334
335		return true;
336		}
337
338		//--------------------------------------------------------------------
339
340		/**
341		* Handles the nitty gritty of actually logging our user into the system.
342		* Does NOT perform the authentication, just sets the system up so that
343		* it knows we're here.
344		*
345		* @param $user
346		*/
347		protected function loginUser($user)
348		{
349		// Save the user for later access
350		$this->user = $user;
351
352		// Clear our login attempts
353		$this->ci->login_model->purgeLoginAttempts($user['email']);
354
355		// We'll give a 20% chance to need to do a purge since we
356		// don't need to purge THAT often, it's just a maintenance issue.
357		// to keep the table from getting out of control.
358		if (mt_rand(1, 100) < 20)
359		{
360		$this->ci->login_model->purgeOldRememberTokens();
361		}
362		}
363
364		//--------------------------------------------------------------------
365
366		//--------------------------------------------------------------------
367		// UNUSED METHOD OVERRIDES
368		//--------------------------------------------------------------------
369
370		/**
371		* Attempt to log a user into the system.
372		*
373		* $credentials is an array of key/value pairs needed to log the user in.
374		* This is often email/password, or username/password.
375		*
376		* NOTE: Since this is intended for API use, it is a STATELESS implementation
377		* and does not support remember me functionality.
378		*
379		* Valid credentials:
380		* - username
381		* - email
382		* - realm
383		*
384		* @param $credentials
385		* @param bool $remember
386		*
387		* @return bool\|mixed\|void
388		*/
389		public function login($credentials, $remember=false)
390		{
391		throw new \BadMethodCallException( lang('api.unused_method') );
392		}
393
394		//--------------------------------------------------------------------
395
396		/**
397		* Logs a user out and removes all session information.
398		*
399		* NOTE: Since this is intended for API use, it is a STATELESS implementation
400		* and does not support remember me functionality.
401		*
402		* @return mixed
403		*/
404		public function logout()
405		{
406		throw new \BadMethodCallException( lang('api.unused_method') );
407		}
408
409		//--------------------------------------------------------------------
410
411		/**
412		* Checks whether a user is logged in or not.
413		*
414		* @return bool
415		*/
416		public function isLoggedIn()
417		{
418		return $this->logged_in;
419		}
420
421		//--------------------------------------------------------------------
422
423		}
424

ci-bonfire / Sprint

GitHub Access Token became invalid

Push — develop ( 368a03...ce69c9 )

APIAuthentication B

Complexity

Size/Duplication

Coupling/Cohesion

Importance

11 Methods

How to fix Duplicated Code

Duplicated Code

Duplication Side-by-Side

Filter issues like