Totp - Code Metrics - Inspection of "implement YubiKey support" - eduVPN/vpn-server-api - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 8e5a2b...2c0050 )

by François

created 2017-01-03 11:25 UTC

Totp A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	37
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	4

Importance

Changes

Metric	Value
wmc	7
lcom	1
cbo	4
dl	0
loc	37
rs	10
c	0
b	0
f	0

2 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	4	1
B	verify()	0	26	6

<?php
/**
 *  Copyright (C) 2016 SURFnet.
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

namespace SURFnet\VPN\Server;

use Base32\Base32;
use Otp\Otp;
use SURFnet\VPN\Server\Exception\TotpException;

class Totp
{
    /** @var Storage */
    private $storage;

    public function __construct(Storage $storage)
    {
        $this->storage = $storage;
    }

    public function verify($userId, $totpKey, $totpSecret = null)
    {
        // for the enroll phase totpSecret is also provided, use that then
        // instead of fetching one from the DB
        if (is_null($totpSecret)) {
            if (!$this->storage->hasTotpSecret($userId)) {
                throw new TotpException('user has no TOTP secret');
            }
            $totpSecret = $this->storage->getTotpSecret($userId);
        }

        // store the attempt even before validating it, to be able to count
        // the (failed) attempts
        if (false === $this->storage->recordTotpKey($userId, $totpKey)) {
            throw new TotpException('TOTP key replay');
        }

        if (10 < $this->storage->getTotpAttemptCount($userId)) {
            throw new TotpException('too many attempts at TOTP');
        }

        $otp = new Otp();
        if (!$otp->checkTotp(Base32::decode($totpSecret), $totpKey)) {
            throw new TotpException('invalid TOTP key');
        }
    }
}


1			<?php
2			/**
3			* Copyright (C) 2016 SURFnet.
4			*
5			* This program is free software: you can redistribute it and/or modify
6			* it under the terms of the GNU Affero General Public License as
7			* published by the Free Software Foundation, either version 3 of the
8			* License, or (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU Affero General Public License for more details.
14			*
15			* You should have received a copy of the GNU Affero General Public License
16			* along with this program. If not, see <http://www.gnu.org/licenses/>.
17			*/
18
19			namespace SURFnet\VPN\Server;
20
21			use Base32\Base32;
22			use Otp\Otp;
23			use SURFnet\VPN\Server\Exception\TotpException;
24
25			class Totp
26			{
27			/** @var Storage */
28			private $storage;
29
30			public function __construct(Storage $storage)
31			{
32			$this->storage = $storage;
33			}
34
35			public function verify($userId, $totpKey, $totpSecret = null)
36			{
37			// for the enroll phase totpSecret is also provided, use that then
38			// instead of fetching one from the DB
39			if (is_null($totpSecret)) {
40			if (!$this->storage->hasTotpSecret($userId)) {
41			throw new TotpException('user has no TOTP secret');
42			}
43			$totpSecret = $this->storage->getTotpSecret($userId);
44			}
45
46			// store the attempt even before validating it, to be able to count
47			// the (failed) attempts
48			if (false === $this->storage->recordTotpKey($userId, $totpKey)) {
49			throw new TotpException('TOTP key replay');
50			}
51
52			if (10 < $this->storage->getTotpAttemptCount($userId)) {
53			throw new TotpException('too many attempts at TOTP');
54			}
55
56			$otp = new Otp();
57			if (!$otp->checkTotp(Base32::decode($totpSecret), $totpKey)) {
58			throw new TotpException('invalid TOTP key');
59			}
60			}
61			}
62

eduVPN / vpn-server-api

GitHub Access Token became invalid

Push — master ( 8e5a2b...2c0050 )

Totp A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

2 Methods

Duplication Side-by-Side

Filter issues like