Issues in UsersModule.php (master) - Issues in master - eduVPN/vpn-server-api - Measure and Improve Code Quality continuously with Scrutinizer

Issues (92)

Security Analysis no vulnerabilities found

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Api/UsersModule.php (12 issues)

Labels

Duplication 12

Severity

Informational 12

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * eduVPN - End-user friendly VPN.
 *
 * Copyright: 2016-2017, The Commons Conservancy eduVPN Programme
 * SPDX-License-Identifier: AGPL-3.0+
 */

namespace SURFnet\VPN\Server\Api;

use fkooman\OAuth\Client\AccessToken;
use SURFnet\VPN\Common\Config;
use SURFnet\VPN\Common\Http\ApiErrorResponse;
use SURFnet\VPN\Common\Http\ApiResponse;
use SURFnet\VPN\Common\Http\AuthUtils;
use SURFnet\VPN\Common\Http\InputValidation;
use SURFnet\VPN\Common\Http\Request;
use SURFnet\VPN\Common\Http\Service;
use SURFnet\VPN\Common\Http\ServiceModuleInterface;
use SURFnet\VPN\Server\Exception\TotpException;
use SURFnet\VPN\Server\Exception\YubiKeyException;
use SURFnet\VPN\Server\Storage;
use SURFnet\VPN\Server\Totp;
use SURFnet\VPN\Server\YubiKey;

class UsersModule implements ServiceModuleInterface
{
    /** @var \SURFnet\VPN\Common\Config */
    private $config;

    /** @var \SURFnet\VPN\Server\Storage */
    private $storage;

    /** @var array */
    private $groupProviders;

    public function __construct(Config $config, Storage $storage, array $groupProviders)
    {
        $this->config = $config;
        $this->storage = $storage;
        $this->groupProviders = $groupProviders;
    }

    public function init(Service $service)
    {
        $service->get(
            '/user_list',
            function (Request $request, array $hookData) {
                AuthUtils::requireUser($hookData, ['vpn-admin-portal']);

                return new ApiResponse('user_list', $this->storage->getUsers());
            }
        );

        $service->post(
            '/set_yubi_key_id',
            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-user-portal']);

                $userId = InputValidation::userId($request->getPostParameter('user_id'));
                $yubiKeyOtp = InputValidation::yubiKeyOtp($request->getPostParameter('yubi_key_otp'));

                // check if there is already a YubiKey ID registered for this user
                if ($this->storage->hasYubiKeyId($userId)) {
                    return new ApiErrorResponse('set_yubi_key_id', 'YubiKey ID already set');
                }

                $yubiKey = new YubiKey();
                try {
                    $yubiKeyId = $yubiKey->verify($userId, $yubiKeyOtp);
                    $this->storage->setYubiKeyId($userId, $yubiKeyId);
                    $this->storage->addUserMessage($userId, 'notification', sprintf('YubiKey ID "%s" registered', $yubiKeyId));

                    return new ApiResponse('set_yubi_key_id');
                } catch (YubiKeyException $e) {
                    $msg = sprintf('YubiKey OTP verification failed: %s', $e->getMessage());
                    $this->storage->addUserMessage($userId, 'notification', $msg);

                    return new ApiErrorResponse('set_yubi_key_id', $msg);
                }
            }
        );

        $service->post(
            '/verify_yubi_key_otp',
            function (Request $request, array $hookData) {
                AuthUtils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);

                $userId = InputValidation::userId($request->getPostParameter('user_id'));
                $yubiKeyOtp = InputValidation::yubiKeyOtp($request->getPostParameter('yubi_key_otp'));
                $yubiKeyId = $this->storage->getYubiKeyId($userId);

                // XXX make sure we have a registered yubiKeyID first?!

                $yubiKey = new YubiKey();
                try {
                    $yubiKey->verify($userId, $yubiKeyOtp, $yubiKeyId);

                    return new ApiResponse('verify_yubi_key_otp');
                } catch (YubiKeyException $e) {
                    $msg = sprintf('YubiKey OTP verification failed: %s', $e->getMessage());
                    $this->storage->addUserMessage($userId, 'notification', $msg);

                    return new ApiErrorResponse('verify_yubi_key_otp', $msg);
                }
            }
        );

        $service->get(
            '/has_yubi_key_id',
            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);

                $userId = InputValidation::userId($request->getQueryParameter('user_id'));

                return new ApiResponse('has_yubi_key_id', $this->storage->hasYubiKeyId($userId));
            }
        );

        $service->get(
            '/yubi_key_id',
            function (Request $request, array $hookData) {
                AuthUtils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);

                $userId = InputValidation::userId($request->getQueryParameter('user_id'));

                $yubiKeyId = $this->storage->getYubiKeyId($userId);
                if (is_null($yubiKeyId)) {
                    return new ApiResponse('yubi_key_id', false);
                }

                return new ApiResponse('yubi_key_id', $yubiKeyId);
            }
        );

        $service->post(
            '/delete_yubi_key_id',
            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-admin-portal']);

                $userId = InputValidation::userId($request->getPostParameter('user_id'));

                $yubiKeyId = $this->storage->getYubiKeyId($userId);
                $this->storage->deleteYubiKeyId($userId);
                $this->storage->addUserMessage($userId, 'notification', sprintf('YubiKey ID "%s" deleted', $yubiKeyId));

                return new ApiResponse('delete_yubi_key_id');
            }
        );

        $service->post(
            '/set_totp_secret',
            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-user-portal']);

                $userId = InputValidation::userId($request->getPostParameter('user_id'));
                $totpKey = InputValidation::totpKey($request->getPostParameter('totp_key'));
                $totpSecret = InputValidation::totpSecret($request->getPostParameter('totp_secret'));

                // check if there is already a TOTP secret registered for this user
                if ($this->storage->hasTotpSecret($userId)) {
                    return new ApiErrorResponse('set_totp_secret', 'TOTP secret already set');
                }

                $totp = new Totp($this->storage);
                try {
                    $totp->verify($userId, $totpKey, $totpSecret);
                } catch (TotpException $e) {
                    $msg = sprintf('TOTP verification failed: %s', $e->getMessage());
                    $this->storage->addUserMessage($userId, 'notification', $msg);

                    return new ApiErrorResponse('set_totp_secret', $msg);
                }

                $this->storage->setTotpSecret($userId, $totpSecret);
                $this->storage->addUserMessage($userId, 'notification', 'TOTP secret registered');

                return new ApiResponse('set_totp_secret');
            }
        );

        $service->post(
            '/verify_totp_key',
            function (Request $request, array $hookData) {
                AuthUtils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);

                $userId = InputValidation::userId($request->getPostParameter('user_id'));
                $totpKey = InputValidation::totpKey($request->getPostParameter('totp_key'));

                $totp = new Totp($this->storage);
                try {
                    $totp->verify($userId, $totpKey);
                } catch (TotpException $e) {
                    $msg = sprintf('TOTP validation failed: %s', $e->getMessage());
                    $this->storage->addUserMessage($userId, 'notification', $msg);

                    return new ApiErrorResponse('verify_totp_key', $msg);
                }

                return new ApiResponse('verify_totp_key');
            }
        );

        $service->get(
            '/has_totp_secret',
            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);

                $userId = InputValidation::userId($request->getQueryParameter('user_id'));

                return new ApiResponse('has_totp_secret', $this->storage->hasTotpSecret($userId));
            }
        );

        $service->post(
            '/delete_totp_secret',
            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-admin-portal']);

                $userId = InputValidation::userId($request->getPostParameter('user_id'));

                $this->storage->deleteTotpSecret($userId);
                $this->storage->addUserMessage($userId, 'notification', 'TOTP secret deleted');

                return new ApiResponse('delete_totp_secret');
            }
        );

        $service->post(
            '/set_voot_token',
            function (Request $request, array $hookData) {
                AuthUtils::requireUser($hookData, ['vpn-user-portal']);

                $userId = InputValidation::userId($request->getPostParameter('user_id'));

                // load the POSTed AccessToken from JSON
                $vootToken = AccessToken::fromJson($request->getPostParameter('voot_token'));
                $this->storage->setVootToken($userId, $vootToken);

                return new ApiResponse('set_voot_token');
            }
        );

        $service->post(
            '/delete_voot_token',
            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-admin-portal']);

                $userId = InputValidation::userId($request->getPostParameter('user_id'));
                $this->storage->deleteVootToken($userId);

                return new ApiResponse('delete_voot_token');
            }
        );

        $service->get(
            '/has_voot_token',
            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);

                $userId = InputValidation::userId($request->getQueryParameter('user_id'));

                return new ApiResponse('has_voot_token', $this->storage->hasVootToken($userId));
            }
        );

        $service->get(
            '/is_disabled_user',
            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']);

                $userId = InputValidation::userId($request->getQueryParameter('user_id'));

                return new ApiResponse('is_disabled_user', $this->storage->isDisabledUser($userId));
            }
        );

        $service->post(
            '/disable_user',
            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-admin-portal']);

                $userId = InputValidation::userId($request->getPostParameter('user_id'));

                $this->storage->disableUser($userId);
                $this->storage->addUserMessage($userId, 'notification', 'account disabled');

                return new ApiResponse('disable_user');
            }
        );

        $service->post(
            '/enable_user',
            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-admin-portal']);

                $userId = InputValidation::userId($request->getPostParameter('user_id'));

                $this->storage->enableUser($userId);
                $this->storage->addUserMessage($userId, 'notification', 'account (re)enabled');

                return new ApiResponse('enable_user');
            }
        );

        $service->post(
            '/delete_user',
            function (Request $request, array $hookData) {

                AuthUtils::requireUser($hookData, ['vpn-admin-portal']);

                $userId = InputValidation::userId($request->getPostParameter('user_id'));
                $this->storage->deleteUser($userId);

                return new ApiResponse('delete_user');
            }
        );

        $service->get(
            '/user_groups',
            function (Request $request, array $hookData) {
                AuthUtils::requireUser($hookData, ['vpn-user-portal']);

                $userId = $request->getQueryParameter('user_id');

                $userGroups = [];
                foreach ($this->groupProviders as $groupProvider) {
                    $userGroups = array_merge($userGroups, $groupProvider->getGroups($userId));
                }

                return new ApiResponse('user_groups', $userGroups);
            }
        );
    }
}


GitHub Access Token became invalid

Issues (92)

Security Analysis no vulnerabilities found

src/Api/UsersModule.php (12 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2
3		/**
4		* eduVPN - End-user friendly VPN.
5		*
6		* Copyright: 2016-2017, The Commons Conservancy eduVPN Programme
7		* SPDX-License-Identifier: AGPL-3.0+
8		*/
9
10		namespace SURFnet\VPN\Server\Api;
11
12		use fkooman\OAuth\Client\AccessToken;
13		use SURFnet\VPN\Common\Config;
14		use SURFnet\VPN\Common\Http\ApiErrorResponse;
15		use SURFnet\VPN\Common\Http\ApiResponse;
16		use SURFnet\VPN\Common\Http\AuthUtils;
17		use SURFnet\VPN\Common\Http\InputValidation;
18		use SURFnet\VPN\Common\Http\Request;
19		use SURFnet\VPN\Common\Http\Service;
20		use SURFnet\VPN\Common\Http\ServiceModuleInterface;
21		use SURFnet\VPN\Server\Exception\TotpException;
22		use SURFnet\VPN\Server\Exception\YubiKeyException;
23		use SURFnet\VPN\Server\Storage;
24		use SURFnet\VPN\Server\Totp;
25		use SURFnet\VPN\Server\YubiKey;
26
27		class UsersModule implements ServiceModuleInterface
28		{
29		/** @var \SURFnet\VPN\Common\Config */
30		private $config;
31
32		/** @var \SURFnet\VPN\Server\Storage */
33		private $storage;
34
35		/** @var array */
36		private $groupProviders;
37
38		public function __construct(Config $config, Storage $storage, array $groupProviders)
39		{
40		$this->config = $config;
41		$this->storage = $storage;
42		$this->groupProviders = $groupProviders;
43		}
44
45		public function init(Service $service)
46		{
47		$service->get(
48		'/user_list',
49		function (Request $request, array $hookData) {
50		AuthUtils::requireUser($hookData, ['vpn-admin-portal']);
51
52		return new ApiResponse('user_list', $this->storage->getUsers());
53		}
54		);
55
56		$service->post(
57		'/set_yubi_key_id',
58	View Code Duplication	function (Request $request, array $hookData) {
		0 ignored issues – show Duplication introduced 2017-03-31 20:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
59		AuthUtils::requireUser($hookData, ['vpn-user-portal']);
60
61		$userId = InputValidation::userId($request->getPostParameter('user_id'));
62		$yubiKeyOtp = InputValidation::yubiKeyOtp($request->getPostParameter('yubi_key_otp'));
63
64		// check if there is already a YubiKey ID registered for this user
65		if ($this->storage->hasYubiKeyId($userId)) {
66		return new ApiErrorResponse('set_yubi_key_id', 'YubiKey ID already set');
67		}
68
69		$yubiKey = new YubiKey();
70		try {
71		$yubiKeyId = $yubiKey->verify($userId, $yubiKeyOtp);
72		$this->storage->setYubiKeyId($userId, $yubiKeyId);
73		$this->storage->addUserMessage($userId, 'notification', sprintf('YubiKey ID "%s" registered', $yubiKeyId));
74
75		return new ApiResponse('set_yubi_key_id');
76		} catch (YubiKeyException $e) {
77		$msg = sprintf('YubiKey OTP verification failed: %s', $e->getMessage());
78		$this->storage->addUserMessage($userId, 'notification', $msg);
79
80		return new ApiErrorResponse('set_yubi_key_id', $msg);
81		}
82		}
83		);
84
85		$service->post(
86		'/verify_yubi_key_otp',
87		function (Request $request, array $hookData) {
88		AuthUtils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);
89
90		$userId = InputValidation::userId($request->getPostParameter('user_id'));
91		$yubiKeyOtp = InputValidation::yubiKeyOtp($request->getPostParameter('yubi_key_otp'));
92		$yubiKeyId = $this->storage->getYubiKeyId($userId);
93
94		// XXX make sure we have a registered yubiKeyID first?!
95
96		$yubiKey = new YubiKey();
97		try {
98		$yubiKey->verify($userId, $yubiKeyOtp, $yubiKeyId);
99
100		return new ApiResponse('verify_yubi_key_otp');
101		} catch (YubiKeyException $e) {
102		$msg = sprintf('YubiKey OTP verification failed: %s', $e->getMessage());
103		$this->storage->addUserMessage($userId, 'notification', $msg);
104
105		return new ApiErrorResponse('verify_yubi_key_otp', $msg);
106		}
107		}
108		);
109
110		$service->get(
111		'/has_yubi_key_id',
112	View Code Duplication	function (Request $request, array $hookData) {
		0 ignored issues – show Duplication introduced 2017-01-03 11:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
113		AuthUtils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);
114
115		$userId = InputValidation::userId($request->getQueryParameter('user_id'));
116
117		return new ApiResponse('has_yubi_key_id', $this->storage->hasYubiKeyId($userId));
118		}
119		);
120
121		$service->get(
122		'/yubi_key_id',
123		function (Request $request, array $hookData) {
124		AuthUtils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);
125
126		$userId = InputValidation::userId($request->getQueryParameter('user_id'));
127
128		$yubiKeyId = $this->storage->getYubiKeyId($userId);
129		if (is_null($yubiKeyId)) {
130		return new ApiResponse('yubi_key_id', false);
131		}
132
133		return new ApiResponse('yubi_key_id', $yubiKeyId);
134		}
135		);
136
137		$service->post(
138		'/delete_yubi_key_id',
139	View Code Duplication	function (Request $request, array $hookData) {
		0 ignored issues – show Duplication introduced 2017-04-21 17:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
140		AuthUtils::requireUser($hookData, ['vpn-admin-portal']);
141
142		$userId = InputValidation::userId($request->getPostParameter('user_id'));
143
144		$yubiKeyId = $this->storage->getYubiKeyId($userId);
145		$this->storage->deleteYubiKeyId($userId);
146		$this->storage->addUserMessage($userId, 'notification', sprintf('YubiKey ID "%s" deleted', $yubiKeyId));
147
148		return new ApiResponse('delete_yubi_key_id');
149		}
150		);
151
152		$service->post(
153		'/set_totp_secret',
154	View Code Duplication	function (Request $request, array $hookData) {
		0 ignored issues – show Duplication introduced 2016-09-22 09:48 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
155		AuthUtils::requireUser($hookData, ['vpn-user-portal']);
156
157		$userId = InputValidation::userId($request->getPostParameter('user_id'));
158		$totpKey = InputValidation::totpKey($request->getPostParameter('totp_key'));
159		$totpSecret = InputValidation::totpSecret($request->getPostParameter('totp_secret'));
160
161		// check if there is already a TOTP secret registered for this user
162		if ($this->storage->hasTotpSecret($userId)) {
163		return new ApiErrorResponse('set_totp_secret', 'TOTP secret already set');
164		}
165
166		$totp = new Totp($this->storage);
167		try {
168		$totp->verify($userId, $totpKey, $totpSecret);
169		} catch (TotpException $e) {
170		$msg = sprintf('TOTP verification failed: %s', $e->getMessage());
171		$this->storage->addUserMessage($userId, 'notification', $msg);
172
173		return new ApiErrorResponse('set_totp_secret', $msg);
174		}
175
176		$this->storage->setTotpSecret($userId, $totpSecret);
177		$this->storage->addUserMessage($userId, 'notification', 'TOTP secret registered');
178
179		return new ApiResponse('set_totp_secret');
180		}
181		);
182
183		$service->post(
184		'/verify_totp_key',
185		function (Request $request, array $hookData) {
186		AuthUtils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);
187
188		$userId = InputValidation::userId($request->getPostParameter('user_id'));
189		$totpKey = InputValidation::totpKey($request->getPostParameter('totp_key'));
190
191		$totp = new Totp($this->storage);
192		try {
193		$totp->verify($userId, $totpKey);
194		} catch (TotpException $e) {
195		$msg = sprintf('TOTP validation failed: %s', $e->getMessage());
196		$this->storage->addUserMessage($userId, 'notification', $msg);
197
198		return new ApiErrorResponse('verify_totp_key', $msg);
199		}
200
201		return new ApiResponse('verify_totp_key');
202		}
203		);
204
205		$service->get(
206		'/has_totp_secret',
207	View Code Duplication	function (Request $request, array $hookData) {
		0 ignored issues – show Duplication introduced 2017-03-31 20:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
208		AuthUtils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);
209
210		$userId = InputValidation::userId($request->getQueryParameter('user_id'));
211
212		return new ApiResponse('has_totp_secret', $this->storage->hasTotpSecret($userId));
213		}
214		);
215
216		$service->post(
217		'/delete_totp_secret',
218	View Code Duplication	function (Request $request, array $hookData) {
		0 ignored issues – show Duplication introduced 2017-03-31 20:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
219		AuthUtils::requireUser($hookData, ['vpn-admin-portal']);
220
221		$userId = InputValidation::userId($request->getPostParameter('user_id'));
222
223		$this->storage->deleteTotpSecret($userId);
224		$this->storage->addUserMessage($userId, 'notification', 'TOTP secret deleted');
225
226		return new ApiResponse('delete_totp_secret');
227		}
228		);
229
230		$service->post(
231		'/set_voot_token',
232		function (Request $request, array $hookData) {
233		AuthUtils::requireUser($hookData, ['vpn-user-portal']);
234
235		$userId = InputValidation::userId($request->getPostParameter('user_id'));
236
237		// load the POSTed AccessToken from JSON
238		$vootToken = AccessToken::fromJson($request->getPostParameter('voot_token'));
239		$this->storage->setVootToken($userId, $vootToken);
240
241		return new ApiResponse('set_voot_token');
242		}
243		);
244
245		$service->post(
246		'/delete_voot_token',
247	View Code Duplication	function (Request $request, array $hookData) {
		0 ignored issues – show Duplication introduced 2017-03-31 20:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
248		AuthUtils::requireUser($hookData, ['vpn-admin-portal']);
249
250		$userId = InputValidation::userId($request->getPostParameter('user_id'));
251		$this->storage->deleteVootToken($userId);
252
253		return new ApiResponse('delete_voot_token');
254		}
255		);
256
257		$service->get(
258		'/has_voot_token',
259	View Code Duplication	function (Request $request, array $hookData) {
		0 ignored issues – show Duplication introduced 2017-03-31 20:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
260		AuthUtils::requireUser($hookData, ['vpn-user-portal', 'vpn-admin-portal']);
261
262		$userId = InputValidation::userId($request->getQueryParameter('user_id'));
263
264		return new ApiResponse('has_voot_token', $this->storage->hasVootToken($userId));
265		}
266		);
267
268		$service->get(
269		'/is_disabled_user',
270	View Code Duplication	function (Request $request, array $hookData) {
		0 ignored issues – show Duplication introduced 2017-03-31 20:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
271		AuthUtils::requireUser($hookData, ['vpn-admin-portal', 'vpn-user-portal']);
272
273		$userId = InputValidation::userId($request->getQueryParameter('user_id'));
274
275		return new ApiResponse('is_disabled_user', $this->storage->isDisabledUser($userId));
276		}
277		);
278
279		$service->post(
280		'/disable_user',
281	View Code Duplication	function (Request $request, array $hookData) {
		0 ignored issues – show Duplication introduced 2017-03-31 20:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
282		AuthUtils::requireUser($hookData, ['vpn-admin-portal']);
283
284		$userId = InputValidation::userId($request->getPostParameter('user_id'));
285
286		$this->storage->disableUser($userId);
287		$this->storage->addUserMessage($userId, 'notification', 'account disabled');
288
289		return new ApiResponse('disable_user');
290		}
291		);
292
293		$service->post(
294		'/enable_user',
295	View Code Duplication	function (Request $request, array $hookData) {
		0 ignored issues – show Duplication introduced 2017-03-31 20:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
296		AuthUtils::requireUser($hookData, ['vpn-admin-portal']);
297
298		$userId = InputValidation::userId($request->getPostParameter('user_id'));
299
300		$this->storage->enableUser($userId);
301		$this->storage->addUserMessage($userId, 'notification', 'account (re)enabled');
302
303		return new ApiResponse('enable_user');
304		}
305		);
306
307		$service->post(
308		'/delete_user',
309	View Code Duplication	function (Request $request, array $hookData) {
		0 ignored issues – show Duplication introduced 2017-03-31 20:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
310		AuthUtils::requireUser($hookData, ['vpn-admin-portal']);
311
312		$userId = InputValidation::userId($request->getPostParameter('user_id'));
313		$this->storage->deleteUser($userId);
314
315		return new ApiResponse('delete_user');
316		}
317		);
318
319		$service->get(
320		'/user_groups',
321		function (Request $request, array $hookData) {
322		AuthUtils::requireUser($hookData, ['vpn-user-portal']);
323
324		$userId = $request->getQueryParameter('user_id');
325
326		$userGroups = [];
327		foreach ($this->groupProviders as $groupProvider) {
328		$userGroups = array_merge($userGroups, $groupProvider->getGroups($userId));
329		}
330
331		return new ApiResponse('user_groups', $userGroups);
332		}
333		);
334		}
335		}
336

eduVPN / vpn-server-api

GitHub Access Token became invalid

Issues (92)

Security Analysis no vulnerabilities found

src/Api/UsersModule.php (12 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like