FormAuthentication::optionalAuth() - Code Metrics - Inspection of "fix logout, update templates and CSS" - fkooman/php-remote-storage - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( cf153f...f10585 )

by François

created 2017-02-07 23:01 UTC

FormAuthentication::optionalAuth() A

↳ Parent: FormAuthentication

Complexity

Conditions	2
Paths	2

Size

Total Lines	8
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	8
rs	9.4285
c	0
b	0
f	0
cc	2
eloc	4
nc	2
nop	1

<?php
/**
 *  Copyright (C) 2016 SURFnet.
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

namespace fkooman\RemoteStorage\Http;

use fkooman\RemoteStorage\Http\Exception\HttpException;
use fkooman\RemoteStorage\TplInterface;

class FormAuthentication
{
    /** @var SessionInterface */
    private $session;

    /** @var \fkooman\RemoteStorage\TplInterface */
    private $tpl;

    /** @var array */
    private $userPass;

    public function __construct(SessionInterface $session, TplInterface $tpl, array $userPass)
    {
        $this->session = $session;
        $this->tpl = $tpl;
        $this->userPass = $userPass;
    }

    public function optionalAuth(Request $request)

    {
        if ($this->session->has('_form_auth_user')) {
            return $this->session->get('_form_auth_user');
        }

        return false;
    }

    public function requireAuth(Request $request)
    {
        if ($this->session->has('_form_auth_user')) {
            return $this->session->get('_form_auth_user');
        }

        // any other URL, enforce authentication
        $response = new Response(200, 'text/html');
        $response->setBody(
            $this->tpl->render(
                'formAuthentication',
                [
                    '_form_auth_invalid_credentials' => false,
                    '_form_auth_redirect_to' => $request->getUri(),
                    '_form_auth_login_page' => true,
                ]
            )
        );

        return $response;
    }

    public function verifyAuth(Request $request)
    {
        $this->session->delete('_form_auth_user');

        $authUser = $request->getPostParameter('userName');
        $authPass = $request->getPostParameter('userPass');
        $redirectTo = $request->getPostParameter('_form_auth_redirect_to');

        // validate the URL
        if (false === filter_var($redirectTo, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED | FILTER_FLAG_PATH_REQUIRED)) {

            throw new HttpException('invalid redirect_to URL', 400);
        }
        // extract the "host" part of the URL
        if (false === $redirectToHost = parse_url($redirectTo, PHP_URL_HOST)) {
            throw new HttpException('invalid redirect_to URL, unable to extract host', 400);
        }
        if ($request->getServerName() !== $redirectToHost) {
            throw new HttpException('redirect_to does not match expected host', 400);
        }

        if (array_key_exists($authUser, $this->userPass)) {
            if (false !== password_verify($authPass, $this->userPass[$authUser])) {
                $this->session->set('_form_auth_user', $authUser);

                return new RedirectResponse($redirectTo, 302);
            }
        }

        // invalid authentication
        $response = new Response(200, 'text/html');
        $response->setBody(
            $this->tpl->render(
                'formAuthentication',
                [
                    '_form_auth_invalid_credentials' => true,
                    '_form_auth_invalid_credentials_user' => $authUser,
                    '_form_auth_redirect_to' => $redirectTo,
                    '_form_auth_login_page' => true,
                ]
            )
        );

        return $response;
    }

    public function logout(Request $request)
    {
        $this->session->delete('_form_auth_user');

        return new RedirectResponse($request->getRootUri(), 302);
    }
}


1		<?php
2		/**
3		* Copyright (C) 2016 SURFnet.
4		*
5		* This program is free software: you can redistribute it and/or modify
6		* it under the terms of the GNU Affero General Public License as
7		* published by the Free Software Foundation, either version 3 of the
8		* License, or (at your option) any later version.
9		*
10		* This program is distributed in the hope that it will be useful,
11		* but WITHOUT ANY WARRANTY; without even the implied warranty of
12		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13		* GNU Affero General Public License for more details.
14		*
15		* You should have received a copy of the GNU Affero General Public License
16		* along with this program. If not, see <http://www.gnu.org/licenses/>.
17		*/
18
19		namespace fkooman\RemoteStorage\Http;
20
21		use fkooman\RemoteStorage\Http\Exception\HttpException;
22		use fkooman\RemoteStorage\TplInterface;
23
24		class FormAuthentication
25		{
26		/** @var SessionInterface */
27		private $session;
28
29		/** @var \fkooman\RemoteStorage\TplInterface */
30		private $tpl;
31
32		/** @var array */
33		private $userPass;
34
35		public function __construct(SessionInterface $session, TplInterface $tpl, array $userPass)
36		{
37		$this->session = $session;
38		$this->tpl = $tpl;
39		$this->userPass = $userPass;
40		}
41
42		public function optionalAuth(Request $request)
		0 ignored issues – show Unused Code introduced 2017-01-16 12:34 UTC by Report Bug Copy Issue Report The parameter `$request` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
43		{
44		if ($this->session->has('_form_auth_user')) {
45		return $this->session->get('_form_auth_user');
46		}
47
48		return false;
49		}
50
51		public function requireAuth(Request $request)
52		{
53		if ($this->session->has('_form_auth_user')) {
54		return $this->session->get('_form_auth_user');
55		}
56
57		// any other URL, enforce authentication
58		$response = new Response(200, 'text/html');
59		$response->setBody(
60		$this->tpl->render(
61		'formAuthentication',
62		[
63		'_form_auth_invalid_credentials' => false,
64		'_form_auth_redirect_to' => $request->getUri(),
65		'_form_auth_login_page' => true,
66		]
67		)
68		);
69
70		return $response;
71		}
72
73		public function verifyAuth(Request $request)
74		{
75		$this->session->delete('_form_auth_user');
76
77		$authUser = $request->getPostParameter('userName');
78		$authPass = $request->getPostParameter('userPass');
79		$redirectTo = $request->getPostParameter('_form_auth_redirect_to');
80
81		// validate the URL
82	View Code Duplication	if (false === filter_var($redirectTo, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED \| FILTER_FLAG_HOST_REQUIRED \| FILTER_FLAG_PATH_REQUIRED)) {
		0 ignored issues – show Duplication introduced 2017-01-16 12:34 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
83		throw new HttpException('invalid redirect_to URL', 400);
84		}
85		// extract the "host" part of the URL
86		if (false === $redirectToHost = parse_url($redirectTo, PHP_URL_HOST)) {
87		throw new HttpException('invalid redirect_to URL, unable to extract host', 400);
88		}
89		if ($request->getServerName() !== $redirectToHost) {
90		throw new HttpException('redirect_to does not match expected host', 400);
91		}
92
93		if (array_key_exists($authUser, $this->userPass)) {
94		if (false !== password_verify($authPass, $this->userPass[$authUser])) {
95		$this->session->set('_form_auth_user', $authUser);
96
97		return new RedirectResponse($redirectTo, 302);
98		}
99		}
100
101		// invalid authentication
102		$response = new Response(200, 'text/html');
103		$response->setBody(
104		$this->tpl->render(
105		'formAuthentication',
106		[
107		'_form_auth_invalid_credentials' => true,
108		'_form_auth_invalid_credentials_user' => $authUser,
109		'_form_auth_redirect_to' => $redirectTo,
110		'_form_auth_login_page' => true,
111		]
112		)
113		);
114
115		return $response;
116		}
117
118		public function logout(Request $request)
119		{
120		$this->session->delete('_form_auth_user');
121
122		return new RedirectResponse($request->getRootUri(), 302);
123		}
124		}
125

fkooman / php-remote-storage

GitHub Access Token became invalid

Push — master ( cf153f...f10585 )

FormAuthentication::optionalAuth() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like