Basic::isAuthorized() - Code Metrics - colindev/auth-basic - Measure and Improve Code Quality continuously with Scrutinizer

Basic::isAuthorized() B
last analyzed 2016-09-08 15:47 UTC

↳ Parent: Basic

Complexity

Conditions	6
Paths	5

Size

Total Lines	18
Code Lines	10

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	42

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
c	2
b	0
f	0
dl	0
loc	18
ccs	0
cts	11
cp	0
rs	8.8571
cc	6
eloc	10
nc	5
nop	0
crap	42

<?php namespace Rde\Auth;

use Closure;

class Basic
{
    protected $rule = null;
    protected $realm;

    public function __construct($config)
    {
        if (is_array($config)) {
            $this->rule = function($username, $password) use($config) {

                return is_string($username) &&
                isset($config[$username]) &&
                password_verify($password, $config[$username]);
            };
        } elseif ($config instanceof Closure) {
            $this->rule = $config;
        }
    }

    public function realm($name)
    {
        $this->realm = $name;
    }

    public function isAuthorized()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if ($this->rule instanceof Closure) {

            if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
                $authorization = preg_replace('/^Basic\s/', '', $_SERVER['HTTP_AUTHORIZATION']);
                $authorization = base64_decode($authorization);

                if (preg_match('/^(\w*):(.*)$/', $authorization, $params)) {
                    return true === call_user_func($this->rule, $params[1], $params[2]);
                }
            } elseif (isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['PHP_AUTH_USER'])) {
                return true === call_user_func($this->rule, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
            }
        }

        return false;
    }

    public function challenge()
    {
        header($this->buildAuthentication());
        header('HTTP/1.1 401 Unauthorized');
        exit;

    }

    public function buildAuthentication()
    {
        return sprintf('WWW-Authenticate: Basic realm="%s"', $this->realm ?: 'admin realm');
    }

    public function logout()
    {
        header('HTTP/1.1 401 Unauthorized');
        exit;

    }
}


1		<?php namespace Rde\Auth;
2
3		use Closure;
4
5		class Basic
6		{
7		protected $rule = null;
8		protected $realm;
9
10	1	public function __construct($config)
11		{
12	1	if (is_array($config)) {
13		$this->rule = function($username, $password) use($config) {
14
15		return is_string($username) &&
16		isset($config[$username]) &&
17		password_verify($password, $config[$username]);
18		};
19	1	} elseif ($config instanceof Closure) {
20		$this->rule = $config;
21		}
22	1	}
23
24	1	public function realm($name)
25		{
26	1	$this->realm = $name;
27	1	}
28
29		public function isAuthorized()
		0 ignored issues – show Coding Style introduced 2016-09-08 15:47 UTC by Report Bug Copy Issue Report `isAuthorized` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
30		{
31		if ($this->rule instanceof Closure) {
32
33		if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
34		$authorization = preg_replace('/^Basic\s/', '', $_SERVER['HTTP_AUTHORIZATION']);
35		$authorization = base64_decode($authorization);
36
37		if (preg_match('/^(\w):(.)$/', $authorization, $params)) {
38		return true === call_user_func($this->rule, $params[1], $params[2]);
39		}
40		} elseif (isset($_SERVER['PHP_AUTH_PW']) && isset($_SERVER['PHP_AUTH_USER'])) {
41		return true === call_user_func($this->rule, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
42		}
43		}
44
45		return false;
46		}
47
48		public function challenge()
49		{
50		header($this->buildAuthentication());
51		header('HTTP/1.1 401 Unauthorized');
52		exit;
		0 ignored issues – show Coding Style Compatibility introduced 2016-09-08 15:47 UTC by Report Bug Copy Issue Report The method `challenge()` contains an exit expression. An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an `exit` expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage. Loading history...
53		}
54
55	1	public function buildAuthentication()
56		{
57	1	return sprintf('WWW-Authenticate: Basic realm="%s"', $this->realm ?: 'admin realm');
58		}
59
60		public function logout()
61		{
62		header('HTTP/1.1 401 Unauthorized');
63		exit;
		0 ignored issues – show Coding Style Compatibility introduced 2016-09-08 15:47 UTC by Report Bug Copy Issue Report The method `logout()` contains an exit expression. An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an `exit` expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage. Loading history...
64		}
65		}
66

colindev / auth-basic

Basic::isAuthorized() B last analyzed 2016-09-08 15:47 UTC

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like

Basic::isAuthorized() B
last analyzed 2016-09-08 15:47 UTC