FormAuthentication - Code Metrics - Inspection of "lots of more stripping, works again" - fkooman/php-remote-storage - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( eac42d...55bb68 )

by François

created 2017-01-16 12:31 UTC

FormAuthentication A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	94
Duplicated Lines	3.19 %

Coupling/Cohesion

Components	1
Dependencies	6

Importance

Changes

Metric	Value
wmc	11
lcom	1
cbo	6
dl	3
loc	94
rs	10
c	0
b	0
f	0

4 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	6	1
A	optionalAuth()	0	8	2
A	requireAuth()	0	21	2
B	verifyAuth()	3	44	6

How to fix Duplicated Code

<?php
/**
 *  Copyright (C) 2016 SURFnet.
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

namespace fkooman\RemoteStorage\Http;

use fkooman\RemoteStorage\Http\Exception\HttpException;
use fkooman\RemoteStorage\TplInterface;

class FormAuthentication
{
    /** @var SessionInterface */
    private $session;

    /** @var \fkooman\RemoteStorage\TplInterface */
    private $tpl;

    /** @var array */
    private $userPass;

    public function __construct(SessionInterface $session, TplInterface $tpl, array $userPass)
    {
        $this->session = $session;
        $this->tpl = $tpl;
        $this->userPass = $userPass;
    }

    public function optionalAuth(Request $request)

    {
        if ($this->session->has('_form_auth_user')) {
            return $this->session->get('_form_auth_user');
        }

        return false;
    }

    public function requireAuth(Request $request)
    {
        if ($this->session->has('_form_auth_user')) {
            return $this->session->get('_form_auth_user');
        }

        // any other URL, enforce authentication
        $response = new Response(200, 'text/html');
        $response->setBody(
            $this->tpl->render(
                'formAuthentication',
                [
                    '_form_auth_invalid_credentials' => false,
                    '_form_auth_redirect_to' => $request->getUri(),
                    '_form_auth_login_page' => true,
                ]
            )
        );

        return $response;
    }

    public function verifyAuth(Request $request)
    {
        $this->session->delete('_form_auth_user');

        $authUser = $request->getPostParameter('userName');
        $authPass = $request->getPostParameter('userPass');
        $redirectTo = $request->getPostParameter('_form_auth_redirect_to');

        // validate the URL
        if (false === filter_var($redirectTo, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED | FILTER_FLAG_PATH_REQUIRED)) {

            throw new HttpException('invalid redirect_to URL', 400);
        }
        // extract the "host" part of the URL
        if (false === $redirectToHost = parse_url($redirectTo, PHP_URL_HOST)) {
            throw new HttpException('invalid redirect_to URL, unable to extract host', 400);
        }
        if ($request->getServerName() !== $redirectToHost) {
            throw new HttpException('redirect_to does not match expected host', 400);
        }

        if (array_key_exists($authUser, $this->userPass)) {
            if (false !== password_verify($authPass, $this->userPass[$authUser])) {
                $this->session->set('_form_auth_user', $authUser);

                return new RedirectResponse($redirectTo, 302);
            }
        }

        // invalid authentication
        $response = new Response(200, 'text/html');
        $response->setBody(
            $this->tpl->render(
                'formAuthentication',
                [
                    '_form_auth_invalid_credentials' => true,
                    '_form_auth_invalid_credentials_user' => $authUser,
                    '_form_auth_redirect_to' => $redirectTo,
                    '_form_auth_login_page' => true,
                ]
            )
        );

        return $response;
    }
}


1		<?php
2		/**
3		* Copyright (C) 2016 SURFnet.
4		*
5		* This program is free software: you can redistribute it and/or modify
6		* it under the terms of the GNU Affero General Public License as
7		* published by the Free Software Foundation, either version 3 of the
8		* License, or (at your option) any later version.
9		*
10		* This program is distributed in the hope that it will be useful,
11		* but WITHOUT ANY WARRANTY; without even the implied warranty of
12		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13		* GNU Affero General Public License for more details.
14		*
15		* You should have received a copy of the GNU Affero General Public License
16		* along with this program. If not, see <http://www.gnu.org/licenses/>.
17		*/
18
19		namespace fkooman\RemoteStorage\Http;
20
21		use fkooman\RemoteStorage\Http\Exception\HttpException;
22		use fkooman\RemoteStorage\TplInterface;
23
24		class FormAuthentication
25		{
26		/** @var SessionInterface */
27		private $session;
28
29		/** @var \fkooman\RemoteStorage\TplInterface */
30		private $tpl;
31
32		/** @var array */
33		private $userPass;
34
35		public function __construct(SessionInterface $session, TplInterface $tpl, array $userPass)
36		{
37		$this->session = $session;
38		$this->tpl = $tpl;
39		$this->userPass = $userPass;
40		}
41
42		public function optionalAuth(Request $request)
		0 ignored issues – show Unused Code introduced 2017-01-16 12:34 UTC by Report Bug Copy Issue Report The parameter `$request` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
43		{
44		if ($this->session->has('_form_auth_user')) {
45		return $this->session->get('_form_auth_user');
46		}
47
48		return false;
49		}
50
51		public function requireAuth(Request $request)
52		{
53		if ($this->session->has('_form_auth_user')) {
54		return $this->session->get('_form_auth_user');
55		}
56
57		// any other URL, enforce authentication
58		$response = new Response(200, 'text/html');
59		$response->setBody(
60		$this->tpl->render(
61		'formAuthentication',
62		[
63		'_form_auth_invalid_credentials' => false,
64		'_form_auth_redirect_to' => $request->getUri(),
65		'_form_auth_login_page' => true,
66		]
67		)
68		);
69
70		return $response;
71		}
72
73		public function verifyAuth(Request $request)
74		{
75		$this->session->delete('_form_auth_user');
76
77		$authUser = $request->getPostParameter('userName');
78		$authPass = $request->getPostParameter('userPass');
79		$redirectTo = $request->getPostParameter('_form_auth_redirect_to');
80
81		// validate the URL
82	View Code Duplication	if (false === filter_var($redirectTo, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED \| FILTER_FLAG_HOST_REQUIRED \| FILTER_FLAG_PATH_REQUIRED)) {
		0 ignored issues – show Duplication introduced 2017-01-16 12:34 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
83		throw new HttpException('invalid redirect_to URL', 400);
84		}
85		// extract the "host" part of the URL
86		if (false === $redirectToHost = parse_url($redirectTo, PHP_URL_HOST)) {
87		throw new HttpException('invalid redirect_to URL, unable to extract host', 400);
88		}
89		if ($request->getServerName() !== $redirectToHost) {
90		throw new HttpException('redirect_to does not match expected host', 400);
91		}
92
93		if (array_key_exists($authUser, $this->userPass)) {
94		if (false !== password_verify($authPass, $this->userPass[$authUser])) {
95		$this->session->set('_form_auth_user', $authUser);
96
97		return new RedirectResponse($redirectTo, 302);
98		}
99		}
100
101		// invalid authentication
102		$response = new Response(200, 'text/html');
103		$response->setBody(
104		$this->tpl->render(
105		'formAuthentication',
106		[
107		'_form_auth_invalid_credentials' => true,
108		'_form_auth_invalid_credentials_user' => $authUser,
109		'_form_auth_redirect_to' => $redirectTo,
110		'_form_auth_login_page' => true,
111		]
112		)
113		);
114
115		return $response;
116		}
117		}
118

fkooman / php-remote-storage

GitHub Access Token became invalid

Push — master ( eac42d...55bb68 )

FormAuthentication A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

4 Methods

How to fix Duplicated Code

Duplicated Code

Duplication Side-by-Side

Filter issues like