PageConfirmEmail::main() - Code Metrics - Inspection of "CSRF protection on the request form" - enwikipedia-acc/waca - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#1066)

by Simon

created 2025-10-27 23:47 UTC

PageConfirmEmail::main() C

↳ Parent: PageConfirmEmail

Complexity

Conditions	13
Paths	24

Size

Total Lines	85
Code Lines	40

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	182

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	40
c	1
b	0
f	0
dl	0
loc	85
ccs	0
cts	24
cp	0
rs	6.6166
cc	13
nc	24
nop	0
crap	182

How to fix Long Method Complexity

<?php
/******************************************************************************
 * Wikipedia Account Creation Assistance tool                                 *
 * ACC Development Team. Please see team.json for a list of contributors.     *
 *                                                                            *
 * This is free and unencumbered software released into the public domain.    *
 * Please see LICENSE.md for the full licencing statement.                    *
 ******************************************************************************/

namespace Waca\Pages\Request;

use Exception;
use Waca\DataObjects\Request;
use Waca\DataObjects\RequestData;
use Waca\Exceptions\ApplicationLogicException;
use Waca\Exceptions\OptimisticLockFailedException;
use Waca\Helpers\Logger;
use Waca\RequestStatus;
use Waca\Tasks\PublicInterfacePageBase;
use Waca\WebRequest;

class PageConfirmEmail extends PublicInterfacePageBase
{
    /**
     * Main function for this page, when no specific actions are called.
     * @throws ApplicationLogicException
     * @throws Exception
     */
    protected function main()
    {
        $id = WebRequest::getInt('id');
        $si = WebRequest::getString('si');

        if ($id === null || $si === null) {
            throw new ApplicationLogicException('Link incomplete - please double check the link you received.');
        }

        /** @var Request|false $request */
        $request = Request::getById($id, $this->getDatabase());

        if ($request === false) {

            throw new ApplicationLogicException('Request not found');
        }

        if ($request->getEmailConfirm() === 'Confirmed') {
            // request has already been confirmed. Bomb out silently.
            $this->redirect('requestSubmitted');

            return;
        }

        if ($request->getEmailConfirm() === $si) {
            $request->setEmailConfirm('Confirmed');
        }
        else {
            throw new ApplicationLogicException('The confirmation value does not appear to match the expected value');
        }

        try {
            $request->save();
        }
        catch (OptimisticLockFailedException $ex) {
            // Okay. Someone's edited this in the time between us loading this page and doing the checks, and us getting
            // to saving the page. We *do not* want to show an optimistic lock failure, the most likely problem is they
            // double-loaded this page (see #255). Let's confirm this, and bomb out with a success message if it's the
            // case.

            $request = Request::getById($id, $this->getDatabase());
            if ($request->getEmailConfirm() === 'Confirmed') {
            if ($request->/** @scrutinizer ignore-call */ getEmailConfirm() === 'Confirmed') {
                // we've already done the sanity checks above

                $this->redirect('requestSubmitted');

                // skip the log and notification
                return;
            }

            // something really weird happened. Another race condition?
            throw $ex;
        }

        Logger::emailConfirmed($this->getDatabase(), $request);

        if ($request->getStatus() != RequestStatus::CLOSED) {
            $this->getNotificationHelper()->requestReceived($request);
        }

        RequestData::saveForRequest($request,
            RequestData::TYPE_CONFIRM_USERAGENT, WebRequest::userAgent());
            RequestData::TYPE_CONFIRM_USERAGENT, /** @scrutinizer ignore-type */ WebRequest::userAgent());

        $xffProvider = $this->getXffTrustProvider();
        $trustedIp = $xffProvider->getTrustedClientIp(WebRequest::remoteAddress(), WebRequest::forwardedAddress());

        if (filter_var($trustedIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
            RequestData::saveForRequest($request, RequestData::TYPE_CONFIRM_IPV4, $trustedIp);
        }
        elseif (filter_var($trustedIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
            RequestData::saveForRequest($request, RequestData::TYPE_CONFIRM_IPV6, $trustedIp);
        }

        foreach ($this->getSiteConfiguration()->getAcceptClientHints() as $header)
        {
            $value = WebRequest::httpHeader($header);

            if ($value === null) {
                continue;
            }

            RequestData::saveForRequest($request,
                RequestData::TYPE_CONFIRM_CLIENTHINT, $value, $header);
        }

        $this->redirect('requestSubmitted');
    }
}

enwikipedia-acc / waca

Pull Request — master (#1066)

PageConfirmEmail::main() C

Complexity

Size

Duplication

Code Coverage

Importance

How to fix Long Method Complexity

Long Method

Duplication Side-by-Side

Filter issues like