Issues in TOTPProvider.php (master) - Issues in master - elliot-sawyer/totp-authenticator - Measure and Improve Code Quality continuously with Scrutinizer

Issues (15)

src/Providers/TOTPProvider.php (2 issues)

Labels

Severity

<?php


namespace ElliotSawyer\TOTPAuthenticator;

use Firesphere\BootstrapMFA\Providers\BootstrapMFAProvider;
use Firesphere\BootstrapMFA\Providers\MFAProvider;
use lfkeitel\phptotp\Base32;
use lfkeitel\phptotp\Totp;
use SilverStripe\Core\Injector\Injector;
use SilverStripe\ORM\ValidationException;
use SilverStripe\ORM\ValidationResult;
use SilverStripe\Security\Member;
use SilverStripe\Security\PasswordEncryptor_NotFoundException;
use ElliotSawyer\TOTPAuthenticator\TOTPAuthenticator;

/**
 * Class TOTPProvider
 * @package ElliotSawyer\TOTPAuthenticator
 */
class TOTPProvider extends BootstrapMFAProvider implements MFAProvider
{
    /**
     * @param string $token
     * @param null $result

     * @return bool|Member
     * @throws ValidationException
     * @throws PasswordEncryptor_NotFoundException
     * @throws \Exception
     */
    public function verifyToken($token, &$result = null)
    {
        if (!$result) {

            $result = Injector::inst()->get(ValidationResult::class);
        }
        $member = $this->getMember();
        if ($member && $member->ID) {
            if (!$token) {
                $result->addError(_t(self::class . '.INVALIDORMISSINGTOKEN', 'Invalid or missing second factor token'));
            } else {
                $secret = Base32::decode($member->TOTPSecret);
                $algorithm = TOTPAuthenticator::get_algorithm();

                $totp = new Totp($algorithm);
                $key = $totp->GenerateToken($secret);
                $user_submitted_key = $token;
                if ($user_submitted_key !== $key) {
                    $result->addError(
                        _t(self::class . '.INVALIDORMISSINGTOKEN', 'Invalid or missing second factor token')
                    );
                } else {
                    return $this->member;
                }
            }
        }

        return parent::verifyToken($token, $result);
    }
}


1			<?php
2
3
4			namespace ElliotSawyer\TOTPAuthenticator;
5
6			use Firesphere\BootstrapMFA\Providers\BootstrapMFAProvider;
7			use Firesphere\BootstrapMFA\Providers\MFAProvider;
8			use lfkeitel\phptotp\Base32;
9			use lfkeitel\phptotp\Totp;
10			use SilverStripe\Core\Injector\Injector;
11			use SilverStripe\ORM\ValidationException;
12			use SilverStripe\ORM\ValidationResult;
13			use SilverStripe\Security\Member;
14			use SilverStripe\Security\PasswordEncryptor_NotFoundException;
15			use ElliotSawyer\TOTPAuthenticator\TOTPAuthenticator;
16
17			/**
18			* Class TOTPProvider
19			* @package ElliotSawyer\TOTPAuthenticator
20			*/
21			class TOTPProvider extends BootstrapMFAProvider implements MFAProvider
22			{
23			/**
24			* @param string $token
25			* @param null $result
			0 ignored issues – show Documentation Bug introduced 2018-11-05 21:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the doc-type for parameter `$result` is correct as it would always require `null` to be passed? Loading history...
26			* @return bool\|Member
27			* @throws ValidationException
28			* @throws PasswordEncryptor_NotFoundException
29			* @throws \Exception
30			*/
31			public function verifyToken($token, &$result = null)
32			{
33			if (!$result) {
			0 ignored issues – show introduced 2018-11-06 17:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$result` is of type `null`, thus it always evaluated to `false`. Loading history...
34			$result = Injector::inst()->get(ValidationResult::class);
35			}
36			$member = $this->getMember();
37			if ($member && $member->ID) {
38			if (!$token) {
39			$result->addError(_t(self::class . '.INVALIDORMISSINGTOKEN', 'Invalid or missing second factor token'));
40			} else {
41			$secret = Base32::decode($member->TOTPSecret);
42			$algorithm = TOTPAuthenticator::get_algorithm();
43
44			$totp = new Totp($algorithm);
45			$key = $totp->GenerateToken($secret);
46			$user_submitted_key = $token;
47			if ($user_submitted_key !== $key) {
48			$result->addError(
49			_t(self::class . '.INVALIDORMISSINGTOKEN', 'Invalid or missing second factor token')
50			);
51			} else {
52			return $this->member;
53			}
54			}
55			}
56
57			return parent::verifyToken($token, $result);
58			}
59			}
60

elliot-sawyer / totp-authenticator

Issues (15)

src/Providers/TOTPProvider.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like