ConnectionsModule::getUserId() - Code Metrics - Inspection of "add file" - eduVPN/vpn-server-api - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( df8b26...c8884a )

by François

created 2016-10-24 13:17 UTC

ConnectionsModule::getUserId() A

↳ Parent: ConnectionsModule

Complexity

Conditions	1
Paths	1

Size

Total Lines	8
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	2
nc	1
nop	1
dl	0
loc	8
rs	9.4285
c	0
b	0
f	0

<?php
/**
 *  Copyright (C) 2016 SURFnet.
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
namespace SURFnet\VPN\Server\Api;

use SURFnet\VPN\Common\Config;
use SURFnet\VPN\Common\ProfileConfig;
use SURFnet\VPN\Common\Http\ServiceModuleInterface;
use SURFnet\VPN\Common\Http\Service;
use SURFnet\VPN\Common\Http\ApiResponse;
use SURFnet\VPN\Common\Http\Request;

class ConnectionsModule implements ServiceModuleInterface
{
    /** @var \SURFnet\VPN\Common\Config */
    private $config;

    /** @var Users */
    private $users;

    /** @var CommonNames */
    private $commonNames;

    /** @var ConnectionLog */
    private $connectionLog;

    /** @var array */
    private $groupProviders;

    public function __construct(Config $config, Users $users, CommonNames $commonNames, ConnectionLog $connectionLog, array $groupProviders)
    {
        $this->config = $config;
        $this->users = $users;
        $this->commonNames = $commonNames;
        $this->connectionLog = $connectionLog;
        $this->groupProviders = $groupProviders;
    }

    public function init(Service $service)
    {
        $service->post(
            '/connect',
            function (Request $request, array $hookData) {
                Utils::requireUser($hookData, ['vpn-server-node']);

                $profileId = $request->getPostParameter('profile_id');
                InputValidation::profileId($profileId);
                $commonName = $request->getPostParameter('common_name');
                InputValidation::commonName($commonName);
                $ip = $request->getPostParameter('ip');
                InputValidation::ip4($ip);
                $ip6 = $request->getPostParameter('ip6');
                InputValidation::ip6($ip6);
                $connectedAt = $request->getPostParameter('connected_at');
                InputValidation::connectedAt($connectedAt);

                $userId = self::getUserId($commonName);

                // check if user is disabled
                if (true === $this->users->isDisabled($userId)) {
                    return false;
                }

                // check if the common_name is disabled
                if (true === $this->commonNames->isDisabled($commonName)) {
                    return false;
                }

                // if the ACL is enabled, verify that the user is allowed to
                // connect
                $profileConfig = new ProfileConfig($this->config->v('vpnProfiles', $profileId));
                if ($profileConfig->v('enableAcl')) {
                    $userGroups = [];
                    foreach ($this->groupProviders as $groupProvider) {
                        $userGroups = array_merge($userGroups, $groupProvider->getGroups($userId));
                    }

                    if (false === self::isMember($userGroups, $profileConfig->v('aclGroupList'))) {
                        return false;
                    }
                }

                $responseData = $this->connectionLog->connect($profileId, $commonName, $ip, $ip6, $connectedAt);

                return new ApiResponse('connect', $responseData);
            }
        );

        $service->post(
            '/disconnect',
            function (Request $request, array $hookData) {
                Utils::requireUser($hookData, ['vpn-server-node']);

                $profileId = $request->getPostParameter('profile_id');
                InputValidation::profileId($profileId);
                $commonName = $request->getPostParameter('common_name');
                InputValidation::commonName($commonName);
                $ip = $request->getPostParameter('ip');
                InputValidation::ip4($ip);
                $ip6 = $request->getPostParameter('ip6');
                InputValidation::ip6($ip6);
                $connectedAt = $request->getPostParameter('connected_at');
                InputValidation::connectedAt($connectedAt);
                $disconnectedAt = $request->getPostParameter('disconnected_at');
                InputValidation::disconnectedAt($disconnectedAt);
                $bytesTransferred = $request->getPostParameter('bytes_transferred');
                InputValidation::bytesTransferred($bytesTransferred);

                $responseData = $this->connectionLog->disconnect($profileId, $commonName, $ip, $ip6, $connectedAt, $disconnectedAt, $bytesTransferred);

                return new ApiResponse('disconnect', $responseData);
            }
        );
    }

    private static function getUserId($commonName)
    {
        // XXX do not repeat this everywhere

        // return the part before the first underscore, it is already validated
        // so we can be sure this is fine
        return substr($commonName, 0, strpos($commonName, '_'));
    }

    private static function isMember(array $memberOf, array $aclGroupList)
    {
        // one of the groups must be listed in the profile ACL list
        foreach ($memberOf as $memberGroup) {
            if (in_array($memberGroup['id'], $aclGroupList)) {
                return true;
            }
        }

        return false;
    }
}


1			<?php
2			/**
3			* Copyright (C) 2016 SURFnet.
4			*
5			* This program is free software: you can redistribute it and/or modify
6			* it under the terms of the GNU Affero General Public License as
7			* published by the Free Software Foundation, either version 3 of the
8			* License, or (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU Affero General Public License for more details.
14			*
15			* You should have received a copy of the GNU Affero General Public License
16			* along with this program. If not, see <http://www.gnu.org/licenses/>.
17			*/
18			namespace SURFnet\VPN\Server\Api;
19
20			use SURFnet\VPN\Common\Config;
21			use SURFnet\VPN\Common\ProfileConfig;
22			use SURFnet\VPN\Common\Http\ServiceModuleInterface;
23			use SURFnet\VPN\Common\Http\Service;
24			use SURFnet\VPN\Common\Http\ApiResponse;
25			use SURFnet\VPN\Common\Http\Request;
26
27			class ConnectionsModule implements ServiceModuleInterface
28			{
29			/** @var \SURFnet\VPN\Common\Config */
30			private $config;
31
32			/** @var Users */
33			private $users;
34
35			/** @var CommonNames */
36			private $commonNames;
37
38			/** @var ConnectionLog */
39			private $connectionLog;
40
41			/** @var array */
42			private $groupProviders;
43
44			public function __construct(Config $config, Users $users, CommonNames $commonNames, ConnectionLog $connectionLog, array $groupProviders)
45			{
46			$this->config = $config;
47			$this->users = $users;
48			$this->commonNames = $commonNames;
49			$this->connectionLog = $connectionLog;
50			$this->groupProviders = $groupProviders;
51			}
52
53			public function init(Service $service)
54			{
55			$service->post(
56			'/connect',
57			function (Request $request, array $hookData) {
58			Utils::requireUser($hookData, ['vpn-server-node']);
59
60			$profileId = $request->getPostParameter('profile_id');
61			InputValidation::profileId($profileId);
62			$commonName = $request->getPostParameter('common_name');
63			InputValidation::commonName($commonName);
64			$ip = $request->getPostParameter('ip');
65			InputValidation::ip4($ip);
66			$ip6 = $request->getPostParameter('ip6');
67			InputValidation::ip6($ip6);
68			$connectedAt = $request->getPostParameter('connected_at');
69			InputValidation::connectedAt($connectedAt);
70
71			$userId = self::getUserId($commonName);
72
73			// check if user is disabled
74			if (true === $this->users->isDisabled($userId)) {
75			return false;
76			}
77
78			// check if the common_name is disabled
79			if (true === $this->commonNames->isDisabled($commonName)) {
80			return false;
81			}
82
83			// if the ACL is enabled, verify that the user is allowed to
84			// connect
85			$profileConfig = new ProfileConfig($this->config->v('vpnProfiles', $profileId));
86			if ($profileConfig->v('enableAcl')) {
87			$userGroups = [];
88			foreach ($this->groupProviders as $groupProvider) {
89			$userGroups = array_merge($userGroups, $groupProvider->getGroups($userId));
90			}
91
92			if (false === self::isMember($userGroups, $profileConfig->v('aclGroupList'))) {
93			return false;
94			}
95			}
96
97			$responseData = $this->connectionLog->connect($profileId, $commonName, $ip, $ip6, $connectedAt);
98
99			return new ApiResponse('connect', $responseData);
100			}
101			);
102
103			$service->post(
104			'/disconnect',
105			function (Request $request, array $hookData) {
106			Utils::requireUser($hookData, ['vpn-server-node']);
107
108			$profileId = $request->getPostParameter('profile_id');
109			InputValidation::profileId($profileId);
110			$commonName = $request->getPostParameter('common_name');
111			InputValidation::commonName($commonName);
112			$ip = $request->getPostParameter('ip');
113			InputValidation::ip4($ip);
114			$ip6 = $request->getPostParameter('ip6');
115			InputValidation::ip6($ip6);
116			$connectedAt = $request->getPostParameter('connected_at');
117			InputValidation::connectedAt($connectedAt);
118			$disconnectedAt = $request->getPostParameter('disconnected_at');
119			InputValidation::disconnectedAt($disconnectedAt);
120			$bytesTransferred = $request->getPostParameter('bytes_transferred');
121			InputValidation::bytesTransferred($bytesTransferred);
122
123			$responseData = $this->connectionLog->disconnect($profileId, $commonName, $ip, $ip6, $connectedAt, $disconnectedAt, $bytesTransferred);
124
125			return new ApiResponse('disconnect', $responseData);
126			}
127			);
128			}
129
130			private static function getUserId($commonName)
131			{
132			// XXX do not repeat this everywhere
133
134			// return the part before the first underscore, it is already validated
135			// so we can be sure this is fine
136			return substr($commonName, 0, strpos($commonName, '_'));
137			}
138
139			private static function isMember(array $memberOf, array $aclGroupList)
140			{
141			// one of the groups must be listed in the profile ACL list
142			foreach ($memberOf as $memberGroup) {
143			if (in_array($memberGroup['id'], $aclGroupList)) {
144			return true;
145			}
146			}
147
148			return false;
149			}
150			}
151

eduVPN / vpn-server-api

GitHub Access Token became invalid

Push — master ( df8b26...c8884a )

ConnectionsModule::getUserId() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like