HttpCache::isInternalRequestAllowed() - Code Metrics - Inspection of "EZP-31644: [CR] Fixed serialization of Compound Si..." - ezsystems/ezpublish-kernel - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — EZP-31644 ( 2e0a1e...93bb44 )

unknown

created 2020-05-21 14:13 UTC

HttpCache::isInternalRequestAllowed() A

↳ Parent: HttpCache

Complexity

Conditions	2
Paths	2

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
nc	2
nop	1
dl	0
loc	8
rs	10
c	0
b	0
f	0

<?php

/**
 * File containing the HttpCache class.
 *
 * @copyright Copyright (C) eZ Systems AS. All rights reserved.
 * @license For full copyright and license information view LICENSE file distributed with this source code.
 */
namespace eZ\Bundle\EzPublishCoreBundle;

use eZ\Publish\Core\MVC\Symfony\Cache\Http\LocationAwareStore;
use eZ\Publish\Core\MVC\Symfony\Cache\Http\RequestAwarePurger;
use eZ\Publish\Core\MVC\Symfony\Cache\Http\SymfonyCache\UserContextSubscriber;
use FOS\HttpCacheBundle\SymfonyCache\EventDispatchingHttpCache;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Request;

abstract class HttpCache extends EventDispatchingHttpCache
{
    protected function createStore()
    {
        return new LocationAwareStore($this->cacheDir ?: $this->kernel->getCacheDir() . '/http_cache');

    }

    /**
     * Handle invalidation, including Http PURGE requests.
     * All non-allowed PURGE requests will receive an HTTP 405.
     *
     * @param \Symfony\Component\HttpFoundation\Request $request
     * @param bool $catch
     *
     * @return \Symfony\Component\HttpFoundation\Response
     */
    protected function invalidate(Request $request, $catch = false)
    {
        if ($request->getMethod() !== 'PURGE' && $request->getMethod() !== 'BAN') {
            return parent::invalidate($request, $catch);
        }

        // Reject all non-authorized clients
        if (!$this->isInternalRequestAllowed($request)) {
            return new Response('', 405);
        }

        $response = new Response();
        $store = $this->getStore();
        if ($store instanceof RequestAwarePurger) {
            $result = $store->purgeByRequest($request);
        } else {
            $result = $store->purge($request->getUri());
        }

        if ($result === true) {
            $response->setStatusCode(200, 'Purged');
        } else {
            $response->setStatusCode(404, 'Not purged');
        }

        return $response;
    }

    /**
     * Checks if current purge request is allowed.
     * This method can be overridden to extend the allowance test.
     *
     * @param \Symfony\Component\HttpFoundation\Request $request
     *
     * @return bool
     */
    protected function isInternalRequestAllowed(Request $request)
    {
        if (!$this->isInternalIPAllowed($request->getClientIp())) {
            return false;
        }

        return true;
    }

    /**
     * Checks if $ip is allowed for Http PURGE requests.
     *
     * @todo Check subnets
     *
     * @param string $ip
     *
     * @return bool
     */
    protected function isInternalIPAllowed($ip)
    {
        $allowedIps = array_fill_keys($this->getInternalAllowedIPs(), true);
        if (!isset($allowedIps[$ip])) {
            return false;
        }

        return true;
    }

    /**
     * Returns an array of allowed IPs for Http PURGE requests.
     *
     * @return array
     */
    protected function getInternalAllowedIPs()
    {
        return ['127.0.0.1', '::1', 'fe80::1'];
    }

    protected function getDefaultSubscribers()
    {
        return [new UserContextSubscriber(['user_hash_header' => 'X-User-Hash', 'session_name_prefix' => 'eZSESSID'])];
    }
}


1			<?php
2
3			/**
4			* File containing the HttpCache class.
5			*
6			* @copyright Copyright (C) eZ Systems AS. All rights reserved.
7			* @license For full copyright and license information view LICENSE file distributed with this source code.
8			*/
9			namespace eZ\Bundle\EzPublishCoreBundle;
10
11			use eZ\Publish\Core\MVC\Symfony\Cache\Http\LocationAwareStore;
12			use eZ\Publish\Core\MVC\Symfony\Cache\Http\RequestAwarePurger;
13			use eZ\Publish\Core\MVC\Symfony\Cache\Http\SymfonyCache\UserContextSubscriber;
14			use FOS\HttpCacheBundle\SymfonyCache\EventDispatchingHttpCache;
15			use Symfony\Component\HttpFoundation\Response;
16			use Symfony\Component\HttpFoundation\Request;
17
18			abstract class HttpCache extends EventDispatchingHttpCache
19			{
20			protected function createStore()
21			{
22			return new LocationAwareStore($this->cacheDir ?: $this->kernel->getCacheDir() . '/http_cache');
			0 ignored issues – show Deprecated Code introduced 2017-02-08 08:49 UTC by Report Bug Copy Issue Report The class `eZ\Publish\Core\MVC\Symf...Http\LocationAwareStore` has been deprecated with message: since 6.8. Replaced by TagAwareStore from the http-cache multi-tagging package. This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead. Loading history...
23			}
24
25			/**
26			* Handle invalidation, including Http PURGE requests.
27			* All non-allowed PURGE requests will receive an HTTP 405.
28			*
29			* @param \Symfony\Component\HttpFoundation\Request $request
30			* @param bool $catch
31			*
32			* @return \Symfony\Component\HttpFoundation\Response
33			*/
34			protected function invalidate(Request $request, $catch = false)
35			{
36			if ($request->getMethod() !== 'PURGE' && $request->getMethod() !== 'BAN') {
37			return parent::invalidate($request, $catch);
38			}
39
40			// Reject all non-authorized clients
41			if (!$this->isInternalRequestAllowed($request)) {
42			return new Response('', 405);
43			}
44
45			$response = new Response();
46			$store = $this->getStore();
47			if ($store instanceof RequestAwarePurger) {
48			$result = $store->purgeByRequest($request);
49			} else {
50			$result = $store->purge($request->getUri());
51			}
52
53			if ($result === true) {
54			$response->setStatusCode(200, 'Purged');
55			} else {
56			$response->setStatusCode(404, 'Not purged');
57			}
58
59			return $response;
60			}
61
62			/**
63			* Checks if current purge request is allowed.
64			* This method can be overridden to extend the allowance test.
65			*
66			* @param \Symfony\Component\HttpFoundation\Request $request
67			*
68			* @return bool
69			*/
70			protected function isInternalRequestAllowed(Request $request)
71			{
72			if (!$this->isInternalIPAllowed($request->getClientIp())) {
73			return false;
74			}
75
76			return true;
77			}
78
79			/**
80			* Checks if $ip is allowed for Http PURGE requests.
81			*
82			* @todo Check subnets
83			*
84			* @param string $ip
85			*
86			* @return bool
87			*/
88			protected function isInternalIPAllowed($ip)
89			{
90			$allowedIps = array_fill_keys($this->getInternalAllowedIPs(), true);
91			if (!isset($allowedIps[$ip])) {
92			return false;
93			}
94
95			return true;
96			}
97
98			/**
99			* Returns an array of allowed IPs for Http PURGE requests.
100			*
101			* @return array
102			*/
103			protected function getInternalAllowedIPs()
104			{
105			return ['127.0.0.1', '::1', 'fe80::1'];
106			}
107
108			protected function getDefaultSubscribers()
109			{
110			return [new UserContextSubscriber(['user_hash_header' => 'X-User-Hash', 'session_name_prefix' => 'eZSESSID'])];
111			}
112			}
113

ezsystems / ezpublish-kernel

Push — EZP-31644 ( 2e0a1e...93bb44 )

HttpCache::isInternalRequestAllowed() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like