SessionTest - Code Metrics - Inspection of "EZP-26000: first implementation of permission look..." - ezsystems/ezpublish-kernel - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — impl-EZP-26000-permission-look... ( 500ba3...2240ed )

by André

created 2016-10-18 13:34 UTC

SessionTest A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	171
Duplicated Lines	19.3 %

Coupling/Cohesion

Components	2
Dependencies	4

Importance

Changes

Metric	Value
dl	33
loc	171
rs	10
c	0
b	0
f	0
wmc	17
lcom	2
cbo	4

14 Methods

Rating	Name	Duplication	Size	Complexity
A	setUp()	0	5	1
A	testCreateSession()	0	4	1
A	testRefreshSession()	0	5	1
A	testRefreshSessionExpired()	0	12	1
A	testRefreshSessionMissingCsrfToken()	9	9	1
A	testDeleteSession()	9	9	1
A	testDeleteSessionMissingCsrfToken()	8	8	1
B	testLoginWithExistingFrontendSession()	0	29	2
A	testDeleteSessionExpired()	0	6	1
A	createRefreshRequest()	0	11	1
A	createDeleteRequest()	0	10	1
A	assertHttpResponseDeletesSessionCookie()	0	4	1
A	removeCsrfHeader()	0	11	3
A	testCreateSessionBadCredentials()	7	7	1

How to fix Duplicated Code

<?php
/**
 * @copyright Copyright (C) eZ Systems AS. All rights reserved.
 * @license For full copyright and license information view LICENSE file distributed with this source code.
 */
namespace eZ\Bundle\EzPublishRestBundle\Tests\Functional;

use Buzz\Message\Form\FormRequest;
use Buzz\Message\Response;
use Buzz\Message\Request;
use stdClass;

class SessionTest extends TestCase
{
    public function setUp()
    {
        $this->autoLogin = false;
        parent::setUp();
    }

    public function testCreateSessionBadCredentials()
    {
        $request = $this->createHttpRequest('POST', '/api/ezp/v2/user/sessions', 'SessionInput+json', 'Session+json');
        $this->setSessionInput($request, 'badpassword');
        $response = $this->sendHttpRequest($request);
        self::assertHttpResponseCodeEquals($response, 401);
    }

    /**
     * @return \stdClass The login request's response
     */
    public function testCreateSession()
    {
        return $this->login();
    }

    /**
     * @depends testCreateSession
     */
    public function testRefreshSession(stdClass $session)
    {
        $response = $this->sendHttpRequest($this->createRefreshRequest($session));
        self::assertHttpResponseCodeEquals($response, 200);
    }

    public function testRefreshSessionExpired()
    {
        $session = $this->login();

        $response = $this->sendHttpRequest($this->createDeleteRequest($session));
        self::assertHttpResponseCodeEquals($response, 204);

        $response = $this->sendHttpRequest($this->createRefreshRequest($session));
        self::assertHttpResponseCodeEquals($response, 404);

        self::assertHttpResponseDeletesSessionCookie($session, $response);
    }

    public function testRefreshSessionMissingCsrfToken()
    {
        $session = $this->login();

        $refreshRequest = $this->createRefreshRequest($session);
        $this->removeCsrfHeader($refreshRequest);
        $response = $this->sendHttpRequest($refreshRequest);
        self::assertHttpResponseCodeEquals($response, 401);
    }

    public function testDeleteSession()
    {
        $session = $this->login();
        $response = $this->sendHttpRequest($this->createDeleteRequest($session));
        self::assertHttpResponseCodeEquals($response, 204);
        self::assertHttpResponseDeletesSessionCookie($session, $response);

        return $session;
    }

    /**
     * CSRF needs to be tested as session handling bypasses the CsrfListener.
     */
    public function testDeleteSessionMissingCsrfToken()
    {
        $session = $this->login();
        $request = $this->createDeleteRequest($session);
        $this->removeCsrfHeader($request);
        $response = $this->sendHttpRequest($request);
        self::assertHttpResponseCodeEquals($response, 401);
    }

    public function testLoginWithExistingFrontendSession()
    {
        $loginFormResponse = $this->sendHttpRequest(new Request('GET', '/login', $this->getHttpHost()));
        $domDocument = $loginFormResponse->toDomDocument();
        $xpath = new \DOMXPath($domDocument);

        $csrfDomElements = $xpath->query("//input[@name='_csrf_token']/@value");
        self::assertGreaterThan(0, $csrfDomElements->length);
        $csrfTokenValue = $csrfDomElements->item(0)->nodeValue;

        $loginPostRequest = new FormRequest('POST', '/login', $this->getHttpHost());
        $loginPostRequest->addFields([
            '_username' => $this->getLoginUsername(),
            '_password' => $this->getLoginPassword(),
            '_csrf_token' => $csrfTokenValue,
        ]);
        $loginResponse = $this->sendHttpRequest($loginPostRequest);
        if (!$sessionCookieHeader = $loginResponse->getHeader('set-cookie')) {
            self::fail('No cookie in login response');
        }

        list($sessionCookie) = explode(';', $sessionCookieHeader);

        $request = $this->createHttpRequest('POST', '/api/ezp/v2/user/sessions', 'SessionInput+json', 'Session+json');
        $this->setSessionInput($request);
        $request->addHeader("Cookie: $sessionCookie");
        $response = $this->sendHttpRequest($request);
        self::assertHttpResponseCodeEquals($response, 201);
    }

    /**
     * @depends testDeleteSession
     */
    public function testDeleteSessionExpired($session)
    {
        $response = $this->sendHttpRequest($this->createDeleteRequest($session));
        self::assertHttpResponseCodeEquals($response, 404);
        self::assertHttpResponseDeletesSessionCookie($session, $response);
    }

    /**
     * @param stdClass $session
     * @return \Buzz\Message\Request
     */
    protected function createRefreshRequest(stdClass $session)
    {
        $request = $this->createHttpRequest('POST',
            sprintf('/api/ezp/v2/user/sessions/%s/refresh', $session->identifier), '', 'Session+json');
        $request->addHeaders([
            sprintf('Cookie: %s=%s', $session->name, $session->identifier),
            sprintf('X-CSRF-Token: %s', $session->csrfToken),
        ]);

        return $request;
    }

    /**
     * @param $session
     * @return \Buzz\Message\Request
     */
    protected function createDeleteRequest($session)
    {
        $deleteRequest = $this->createHttpRequest('DELETE', $session->_href);
        $deleteRequest->addHeaders([
            sprintf('Cookie: %s=%s', $session->name, $session->identifier),
            sprintf('X-CSRF-Token: %s', $session->csrfToken),
        ]);

        return $deleteRequest;
    }

    private static function assertHttpResponseDeletesSessionCookie($session, Response $response)
    {
        self::assertStringStartsWith("{$session->name}=deleted;", $response->getHeader('set-cookie'));
    }

    /**
     * Removes the CSRF token header from a $request.
     *
     * @param Request $request
     */
    private function removeCsrfHeader(Request $request)
    {
        foreach ($request->getHeaders() as $headerString) {
            list($headerName) = explode(': ', $headerString);
            if (strtolower($headerName) !== 'x-csrf-token') {
                $headers[] = $headerString;
foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}
            }
        }

        $request->setHeaders($headers);
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
    }
}


1		<?php
2		/**
3		* @copyright Copyright (C) eZ Systems AS. All rights reserved.
4		* @license For full copyright and license information view LICENSE file distributed with this source code.
5		*/
6		namespace eZ\Bundle\EzPublishRestBundle\Tests\Functional;
7
8		use Buzz\Message\Form\FormRequest;
9		use Buzz\Message\Response;
10		use Buzz\Message\Request;
11		use stdClass;
12
13		class SessionTest extends TestCase
14		{
15		public function setUp()
16		{
17		$this->autoLogin = false;
18		parent::setUp();
19		}
20
21	View Code Duplication	public function testCreateSessionBadCredentials()
22		{
23		$request = $this->createHttpRequest('POST', '/api/ezp/v2/user/sessions', 'SessionInput+json', 'Session+json');
24		$this->setSessionInput($request, 'badpassword');
25		$response = $this->sendHttpRequest($request);
26		self::assertHttpResponseCodeEquals($response, 401);
27		}
28
29		/**
30		* @return \stdClass The login request's response
31		*/
32		public function testCreateSession()
33		{
34		return $this->login();
35		}
36
37		/**
38		* @depends testCreateSession
39		*/
40		public function testRefreshSession(stdClass $session)
41		{
42		$response = $this->sendHttpRequest($this->createRefreshRequest($session));
43		self::assertHttpResponseCodeEquals($response, 200);
44		}
45
46		public function testRefreshSessionExpired()
47		{
48		$session = $this->login();
49
50		$response = $this->sendHttpRequest($this->createDeleteRequest($session));
51		self::assertHttpResponseCodeEquals($response, 204);
52
53		$response = $this->sendHttpRequest($this->createRefreshRequest($session));
54		self::assertHttpResponseCodeEquals($response, 404);
55
56		self::assertHttpResponseDeletesSessionCookie($session, $response);
57		}
58
59	View Code Duplication	public function testRefreshSessionMissingCsrfToken()
60		{
61		$session = $this->login();
62
63		$refreshRequest = $this->createRefreshRequest($session);
64		$this->removeCsrfHeader($refreshRequest);
65		$response = $this->sendHttpRequest($refreshRequest);
66		self::assertHttpResponseCodeEquals($response, 401);
67		}
68
69	View Code Duplication	public function testDeleteSession()
70		{
71		$session = $this->login();
72		$response = $this->sendHttpRequest($this->createDeleteRequest($session));
73		self::assertHttpResponseCodeEquals($response, 204);
74		self::assertHttpResponseDeletesSessionCookie($session, $response);
75
76		return $session;
77		}
78
79		/**
80		* CSRF needs to be tested as session handling bypasses the CsrfListener.
81		*/
82	View Code Duplication	public function testDeleteSessionMissingCsrfToken()
83		{
84		$session = $this->login();
85		$request = $this->createDeleteRequest($session);
86		$this->removeCsrfHeader($request);
87		$response = $this->sendHttpRequest($request);
88		self::assertHttpResponseCodeEquals($response, 401);
89		}
90
91		public function testLoginWithExistingFrontendSession()
92		{
93		$loginFormResponse = $this->sendHttpRequest(new Request('GET', '/login', $this->getHttpHost()));
94		$domDocument = $loginFormResponse->toDomDocument();
95		$xpath = new \DOMXPath($domDocument);
96
97		$csrfDomElements = $xpath->query("//input[@name='_csrf_token']/@value");
98		self::assertGreaterThan(0, $csrfDomElements->length);
99		$csrfTokenValue = $csrfDomElements->item(0)->nodeValue;
100
101		$loginPostRequest = new FormRequest('POST', '/login', $this->getHttpHost());
102		$loginPostRequest->addFields([
103		'_username' => $this->getLoginUsername(),
104		'_password' => $this->getLoginPassword(),
105		'_csrf_token' => $csrfTokenValue,
106		]);
107		$loginResponse = $this->sendHttpRequest($loginPostRequest);
108		if (!$sessionCookieHeader = $loginResponse->getHeader('set-cookie')) {
109		self::fail('No cookie in login response');
110		}
111
112		list($sessionCookie) = explode(';', $sessionCookieHeader);
113
114		$request = $this->createHttpRequest('POST', '/api/ezp/v2/user/sessions', 'SessionInput+json', 'Session+json');
115		$this->setSessionInput($request);
116		$request->addHeader("Cookie: $sessionCookie");
117		$response = $this->sendHttpRequest($request);
118		self::assertHttpResponseCodeEquals($response, 201);
119		}
120
121		/**
122		* @depends testDeleteSession
123		*/
124		public function testDeleteSessionExpired($session)
125		{
126		$response = $this->sendHttpRequest($this->createDeleteRequest($session));
127		self::assertHttpResponseCodeEquals($response, 404);
128		self::assertHttpResponseDeletesSessionCookie($session, $response);
129		}
130
131		/**
132		* @param stdClass $session
133		* @return \Buzz\Message\Request
134		*/
135		protected function createRefreshRequest(stdClass $session)
136		{
137		$request = $this->createHttpRequest('POST',
138		sprintf('/api/ezp/v2/user/sessions/%s/refresh', $session->identifier), '', 'Session+json');
139		$request->addHeaders([
140		sprintf('Cookie: %s=%s', $session->name, $session->identifier),
141		sprintf('X-CSRF-Token: %s', $session->csrfToken),
142		]);
143
144		return $request;
145		}
146
147		/**
148		* @param $session
149		* @return \Buzz\Message\Request
150		*/
151		protected function createDeleteRequest($session)
152		{
153		$deleteRequest = $this->createHttpRequest('DELETE', $session->_href);
154		$deleteRequest->addHeaders([
155		sprintf('Cookie: %s=%s', $session->name, $session->identifier),
156		sprintf('X-CSRF-Token: %s', $session->csrfToken),
157		]);
158
159		return $deleteRequest;
160		}
161
162		private static function assertHttpResponseDeletesSessionCookie($session, Response $response)
163		{
164		self::assertStringStartsWith("{$session->name}=deleted;", $response->getHeader('set-cookie'));
165		}
166
167		/**
168		* Removes the CSRF token header from a $request.
169		*
170		* @param Request $request
171		*/
172		private function removeCsrfHeader(Request $request)
173		{
174		foreach ($request->getHeaders() as $headerString) {
175		list($headerName) = explode(': ', $headerString);
176		if (strtolower($headerName) !== 'x-csrf-token') {
177		$headers[] = $headerString;
		0 ignored issues – show Coding Style Comprehensibility introduced 2016-09-12 12:54 UTC by Report Bug Copy Issue Report `$headers` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$headers = array();` before regardless. Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) { $myArray['foo'] = $item->getFoo(); if ($item->hasBar()) { $myArray['bar'] = $item->getBar(); } // do something with $myArray } As you can see in this example, the array `$myArray` is initialized the first time when the foreach loop is entered. You can also see that the value of the `bar` key is only written conditionally; thus, its value might result from a previous iteration. This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization `$myArray = array()` either outside or inside the foreach loop. Loading history...
178		}
179		}
180
181		$request->setHeaders($headers);
		0 ignored issues – show Bug introduced 2016-09-12 12:54 UTC by Report Bug Copy Issue Report The variable `$headers` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
182		}
183		}
184

ezsystems / ezpublish-kernel

Push — impl-EZP-26000-permission-look... ( 500ba3...2240ed )

SessionTest A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

14 Methods

How to fix Duplicated Code

Duplicated Code

Available Fixes

Duplication Side-by-Side

Filter issues like