Session::setCanary() - Code Metrics - Inspection of "do not throw error when missing session key" - eduvpn/vpn-lib-common - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 3c229d...169a4f )

by François

created 2017-06-05 13:28 UTC

Session::setCanary() A

↳ Parent: Session

Complexity

Conditions	1
Paths	1

Size

Total Lines	7
Code Lines	5

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	7
rs	9.4285
cc	1
eloc	5
nc	1
nop	2

1 Method

Rating	Name	Duplication	Size	Complexity
A	Session::domainBinding()	0	4	1

<?php
/**
 *  Copyright (C) 2017 SURFnet.
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

namespace SURFnet\VPN\Common\Http;

use DateInterval;
use DateTime;
use SURFnet\VPN\Common\Http\Exception\HttpException;

class Session extends Cookie implements SessionInterface
{
    /** @var array */
    private $sessionOptions;

    /**
     * @param array $sessionOptions
     */
    public function __construct(array $sessionOptions = [])
    {
        $this->sessionOptions = array_merge(
            [
                'DomainBinding' => null,       // also bind session to Domain
                'PathBinding' => null,         // also bind session to Path
            ],
            $sessionOptions
        );

        parent::__construct($sessionOptions);

        if (PHP_SESSION_ACTIVE !== session_status()) {
            session_start();
        }

        $this->sessionCanary();
        $this->domainBinding();
        $this->pathBinding();

        $this->replace(session_name(), session_id());
    }

    public function regenerate($deleteOldSession = false)
    {
        session_regenerate_id($deleteOldSession);
        $this->replace(session_name(), session_id());
    }

    public function set($key, $value)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $_SESSION[$key] = $value;
    }

    public function delete($key)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        unset($_SESSION[$key]);
    }

    public function has($key)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        return array_key_exists($key, $_SESSION);
    }

    public function get($key)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if (!$this->has($key)) {
            return null;
        }

        return $_SESSION[$key];
    }

    public function destroy()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $_SESSION = [];
        $this->regenerate(true);
    }

    private function sessionCanary()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $dateTime = new DateTime();
        if (!array_key_exists('Canary', $_SESSION)) {
            $_SESSION = [];
            $this->regenerate(true);
            $_SESSION['Canary'] = $dateTime->format('Y-m-d H:i:s');
        } else {
            $canaryDateTime = new DateTime($_SESSION['Canary']);
            $canaryDateTime->add(new DateInterval('PT01H'));
            if ($canaryDateTime < $dateTime) {
                $this->regenerate(true);
                $_SESSION['Canary'] = $dateTime->format('Y-m-d H:i:s');
            }
        }
    }

    private function domainBinding()
    {
        $this->sessionBinding('DomainBinding');
    }

    private function pathBinding()
    {
        $this->sessionBinding('PathBinding');
    }

    private function sessionBinding($key)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if (!is_null($this->sessionOptions[$key])) {
            if (!array_key_exists($key, $_SESSION)) {
                $_SESSION[$key] = $this->sessionOptions[$key];
            }
            if ($this->sessionOptions[$key] !== $_SESSION[$key]) {
                throw new HttpException(
                    sprintf('session bound to %s "%s", expected "%s"', $key, $_SESSION[$key], $this->sessionOptions[$key]),
                    400
                );
            }
        }
    }
}


1			<?php
2			/**
3			* Copyright (C) 2017 SURFnet.
4			*
5			* This program is free software: you can redistribute it and/or modify
6			* it under the terms of the GNU Affero General Public License as
7			* published by the Free Software Foundation, either version 3 of the
8			* License, or (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU Affero General Public License for more details.
14			*
15			* You should have received a copy of the GNU Affero General Public License
16			* along with this program. If not, see <http://www.gnu.org/licenses/>.
17			*/
18
19			namespace SURFnet\VPN\Common\Http;
20
21			use DateInterval;
22			use DateTime;
23			use SURFnet\VPN\Common\Http\Exception\HttpException;
24
25			class Session extends Cookie implements SessionInterface
26			{
27			/** @var array */
28			private $sessionOptions;
29
30			/**
31			* @param array $sessionOptions
32			*/
33			public function __construct(array $sessionOptions = [])
34			{
35			$this->sessionOptions = array_merge(
36			[
37			'DomainBinding' => null, // also bind session to Domain
38			'PathBinding' => null, // also bind session to Path
39			],
40			$sessionOptions
41			);
42
43			parent::__construct($sessionOptions);
44
45			if (PHP_SESSION_ACTIVE !== session_status()) {
46			session_start();
47			}
48
49			$this->sessionCanary();
50			$this->domainBinding();
51			$this->pathBinding();
52
53			$this->replace(session_name(), session_id());
54			}
55
56			public function regenerate($deleteOldSession = false)
57			{
58			session_regenerate_id($deleteOldSession);
59			$this->replace(session_name(), session_id());
60			}
61
62			public function set($key, $value)
			0 ignored issues – show Coding Style introduced 2016-09-19 08:28 UTC by Report Bug Copy Issue Report `set` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
63			{
64			$_SESSION[$key] = $value;
65			}
66
67			public function delete($key)
			0 ignored issues – show Coding Style introduced 2016-09-19 08:28 UTC by Report Bug Copy Issue Report `delete` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
68			{
69			unset($_SESSION[$key]);
70			}
71
72			public function has($key)
			0 ignored issues – show Coding Style introduced 2017-06-05 15:16 UTC by Report Bug Copy Issue Report `has` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
73			{
74			return array_key_exists($key, $_SESSION);
75			}
76
77			public function get($key)
			0 ignored issues – show Coding Style introduced 2016-09-19 08:28 UTC by Report Bug Copy Issue Report `get` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
78			{
79			if (!$this->has($key)) {
80			return null;
81			}
82
83			return $_SESSION[$key];
84			}
85
86			public function destroy()
			0 ignored issues – show Coding Style introduced 2017-06-05 15:16 UTC by Report Bug Copy Issue Report `destroy` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
87			{
88			$_SESSION = [];
89			$this->regenerate(true);
90			}
91
92			private function sessionCanary()
			0 ignored issues – show Coding Style introduced 2017-06-05 15:16 UTC by Report Bug Copy Issue Report `sessionCanary` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
93			{
94			$dateTime = new DateTime();
95			if (!array_key_exists('Canary', $_SESSION)) {
96			$_SESSION = [];
97			$this->regenerate(true);
98			$_SESSION['Canary'] = $dateTime->format('Y-m-d H:i:s');
99			} else {
100			$canaryDateTime = new DateTime($_SESSION['Canary']);
101			$canaryDateTime->add(new DateInterval('PT01H'));
102			if ($canaryDateTime < $dateTime) {
103			$this->regenerate(true);
104			$_SESSION['Canary'] = $dateTime->format('Y-m-d H:i:s');
105			}
106			}
107			}
108
109			private function domainBinding()
110			{
111			$this->sessionBinding('DomainBinding');
112			}
113
114			private function pathBinding()
115			{
116			$this->sessionBinding('PathBinding');
117			}
118
119			private function sessionBinding($key)
			0 ignored issues – show Coding Style introduced 2017-06-05 15:16 UTC by Report Bug Copy Issue Report `sessionBinding` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
120			{
121			if (!is_null($this->sessionOptions[$key])) {
122			if (!array_key_exists($key, $_SESSION)) {
123			$_SESSION[$key] = $this->sessionOptions[$key];
124			}
125			if ($this->sessionOptions[$key] !== $_SESSION[$key]) {
126			throw new HttpException(
127			sprintf('session bound to %s "%s", expected "%s"', $key, $_SESSION[$key], $this->sessionOptions[$key]),
128			400
129			);
130			}
131			}
132			}
133			}
134

eduvpn / vpn-lib-common

GitHub Access Token became invalid

Push — master ( 3c229d...169a4f )

Session::setCanary() A

Complexity

Size

Duplication

Importance

1 Method

Duplication Side-by-Side

Filter issues like