Issues in class.passwdmodule.php (master) - Issues in master - grommunio/grommunio-web - Measure and Improve Code Quality continuously with Scrutinizer

Issues (752)

plugins/passwd/php/class.passwdmodule.php (2 issues)

Labels

Bug 2

Severity

Minor 2

<?php

/**
 * Passwd module.
 * Module that will be used to change passwords of the user.
 */
class PasswdModule extends Module {
	/**
	 * Process the incoming events that were fire by the client.
	 */
	#[Override]
	public function execute() {
		foreach ($this->data as $actionType => $actionData) {
			if (isset($actionType)) {
				try {
					match ($actionType) {
						'save' => $this->save($actionData),
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
						default => $this->handleUnknownActionType($actionType),
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
					};
				}
				catch (MAPIException $e) {
					$this->sendFeedback(false, $this->errorDetailsFromException($e));
				}
			}
		}
	}

	/**
	 * Change the password of user. Do some calidation and call proper methods based on
	 * zarafa setup.
	 *
	 * @param array $data data sent by client
	 */
	public function save($data) {
		$errorMessage = '';

		// some sanity checks
		if (empty($data)) {
			$errorMessage = _('No data received.');
		}

		if (empty($data['username'])) {
			$errorMessage = _('Account is empty.');
		}

		if (empty($data['current_password'])) {
			$errorMessage = _('Current password is empty.');
		}

		if (empty($data['new_password']) || empty($data['new_password_repeat'])) {
			$errorMessage = _('New password is empty.');
		}

		if ($data['new_password'] !== $data['new_password_repeat']) {
			$errorMessage = _('New passwords do not match.');
		}

		if (empty($errorMessage)) {
			$this->saveInDB($data);
		}
		else {
			$this->sendFeedback(false, [
				'type' => ERROR_ZARAFA,
				'info' => [
					'display_message' => $errorMessage,
				],
			]);
		}
	}

	/**
	 * Function will try to change user's password via MAPI in SOAP connection.
	 *
	 * @param array $data data sent by client
	 */
	public function saveInDB($data) {
		$errorMessage = '';
		$userName = $GLOBALS['mapisession']->getSMTPAddress();
		$newPassword = $data['new_password'];
		$sessionPass = '';

		// get current session password
		// if this plugin is used on a webapp version with EncryptionStore,
		// $_SESSION['password'] is no longer available. Uses EncryptionStore
		// in this case.
		if (class_exists("EncryptionStore")) {
			$encryptionStore = EncryptionStore::getInstance();
			$sessionPass = $encryptionStore->get("password");
		}

		if ($data['current_password'] !== $sessionPass) {
			$errorMessage = _('Current password does not match.');
		}
		elseif (defined('PLUGIN_PASSWD_USE_ZCORE') && PLUGIN_PASSWD_USE_ZCORE) {
			try {
				$result = nsp_setuserpasswd($userName, $sessionPass, $newPassword);
				// password changed successfully
				if ($result) {
					$this->sendFeedback(true, [
						'info' => [
							'display_message' => _('Password is changed successfully.'),
						],
					]);
					// write new password to session because we don't want user to re-authenticate
					session_start();
					$encryptionStore = EncryptionStore::getInstance();
					$encryptionStore->add('password', $newPassword);
					session_write_close();

					return;
				}
			}
			catch (MAPIException) {
				if (mapi_last_hresult() == MAPI_E_NO_ACCESS) {
					$errorMessage = _('Your password is wrong or you have insufficient permission to change password');
				}
			}
			if (empty($errorMessage)) {
				$errorMessage = _('Password is not changed.');
			}
		}
		else {
			$url = (defined('PLUGIN_PASSWD_ADMIN_API_ENDPOINT') && PLUGIN_PASSWD_ADMIN_API_ENDPOINT) ?
				PLUGIN_PASSWD_ADMIN_API_ENDPOINT :
				'http://[::1]:8080/api/v1/passwd';
			$result = file_get_contents($url, false, stream_context_create([
				'http' => [
					'header' => [
						'Content-type: application/json',
					],
					'method' => 'PUT',
					'content' => json_encode([
						"user" => $userName,
						"old" => $data['current_password'],
						"new" => $newPassword,
					]),
				],
			]));

			if ($result === false) {
				$errorMessage = _('Error changing password. Please contact the system administrator.');
			}
			else {
				$this->sendFeedback(true, [
					'info' => [
						'display_message' => _('Password has been changed successfully.'),
					],
				]);
				// write new password to session because we don't want user to re-authenticate
				session_start();
				$encryptionStore = EncryptionStore::getInstance();
				$encryptionStore->add('password', $newPassword);
				session_write_close();

				return;
			}
			if (empty($errorMessage)) {
				$errorMessage = _('Password is not changed.');
			}
		}

		if (!empty($errorMessage)) {
			$this->sendFeedback(false, [
				'type' => ERROR_ZARAFA,
				'info' => [
					'display_message' => $errorMessage,
				],
			]);
		}
	}
}


1			<?php
2
3			/**
4			* Passwd module.
5			* Module that will be used to change passwords of the user.
6			*/
7			class PasswdModule extends Module {
8			/**
9			* Process the incoming events that were fire by the client.
10			*/
11			#[Override]
12			public function execute() {
13			foreach ($this->data as $actionType => $actionData) {
14			if (isset($actionType)) {
15			try {
16			match ($actionType) {
17			'save' => $this->save($actionData),
			0 ignored issues – show Bug introduced 2025-03-21 18:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the usage of `$this->save($actionData)` targeting `PasswdModule::save()` seems to always return null. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
18			default => $this->handleUnknownActionType($actionType),
			0 ignored issues – show Bug introduced 2025-03-21 18:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the usage of `$this->handleUnknownActionType($actionType)` targeting `Module::handleUnknownActionType()` seems to always return null. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
19			};
20			}
21			catch (MAPIException $e) {
22			$this->sendFeedback(false, $this->errorDetailsFromException($e));
23			}
24			}
25			}
26			}
27
28			/**
29			* Change the password of user. Do some calidation and call proper methods based on
30			* zarafa setup.
31			*
32			* @param array $data data sent by client
33			*/
34			public function save($data) {
35			$errorMessage = '';
36
37			// some sanity checks
38			if (empty($data)) {
39			$errorMessage = _('No data received.');
40			}
41
42			if (empty($data['username'])) {
43			$errorMessage = _('Account is empty.');
44			}
45
46			if (empty($data['current_password'])) {
47			$errorMessage = _('Current password is empty.');
48			}
49
50			if (empty($data['new_password']) \|\| empty($data['new_password_repeat'])) {
51			$errorMessage = _('New password is empty.');
52			}
53
54			if ($data['new_password'] !== $data['new_password_repeat']) {
55			$errorMessage = _('New passwords do not match.');
56			}
57
58			if (empty($errorMessage)) {
59			$this->saveInDB($data);
60			}
61			else {
62			$this->sendFeedback(false, [
63			'type' => ERROR_ZARAFA,
64			'info' => [
65			'display_message' => $errorMessage,
66			],
67			]);
68			}
69			}
70
71			/**
72			* Function will try to change user's password via MAPI in SOAP connection.
73			*
74			* @param array $data data sent by client
75			*/
76			public function saveInDB($data) {
77			$errorMessage = '';
78			$userName = $GLOBALS['mapisession']->getSMTPAddress();
79			$newPassword = $data['new_password'];
80			$sessionPass = '';
81
82			// get current session password
83			// if this plugin is used on a webapp version with EncryptionStore,
84			// $_SESSION['password'] is no longer available. Uses EncryptionStore
85			// in this case.
86			if (class_exists("EncryptionStore")) {
87			$encryptionStore = EncryptionStore::getInstance();
88			$sessionPass = $encryptionStore->get("password");
89			}
90
91			if ($data['current_password'] !== $sessionPass) {
92			$errorMessage = _('Current password does not match.');
93			}
94			elseif (defined('PLUGIN_PASSWD_USE_ZCORE') && PLUGIN_PASSWD_USE_ZCORE) {
95			try {
96			$result = nsp_setuserpasswd($userName, $sessionPass, $newPassword);
97			// password changed successfully
98			if ($result) {
99			$this->sendFeedback(true, [
100			'info' => [
101			'display_message' => _('Password is changed successfully.'),
102			],
103			]);
104			// write new password to session because we don't want user to re-authenticate
105			session_start();
106			$encryptionStore = EncryptionStore::getInstance();
107			$encryptionStore->add('password', $newPassword);
108			session_write_close();
109
110			return;
111			}
112			}
113			catch (MAPIException) {
114			if (mapi_last_hresult() == MAPI_E_NO_ACCESS) {
115			$errorMessage = _('Your password is wrong or you have insufficient permission to change password');
116			}
117			}
118			if (empty($errorMessage)) {
119			$errorMessage = _('Password is not changed.');
120			}
121			}
122			else {
123			$url = (defined('PLUGIN_PASSWD_ADMIN_API_ENDPOINT') && PLUGIN_PASSWD_ADMIN_API_ENDPOINT) ?
124			PLUGIN_PASSWD_ADMIN_API_ENDPOINT :
125			'http://[::1]:8080/api/v1/passwd';
126			$result = file_get_contents($url, false, stream_context_create([
127			'http' => [
128			'header' => [
129			'Content-type: application/json',
130			],
131			'method' => 'PUT',
132			'content' => json_encode([
133			"user" => $userName,
134			"old" => $data['current_password'],
135			"new" => $newPassword,
136			]),
137			],
138			]));
139
140			if ($result === false) {
141			$errorMessage = _('Error changing password. Please contact the system administrator.');
142			}
143			else {
144			$this->sendFeedback(true, [
145			'info' => [
146			'display_message' => _('Password has been changed successfully.'),
147			],
148			]);
149			// write new password to session because we don't want user to re-authenticate
150			session_start();
151			$encryptionStore = EncryptionStore::getInstance();
152			$encryptionStore->add('password', $newPassword);
153			session_write_close();
154
155			return;
156			}
157			if (empty($errorMessage)) {
158			$errorMessage = _('Password is not changed.');
159			}
160			}
161
162			if (!empty($errorMessage)) {
163			$this->sendFeedback(false, [
164			'type' => ERROR_ZARAFA,
165			'info' => [
166			'display_message' => $errorMessage,
167			],
168			]);
169			}
170			}
171			}
172

grommunio / grommunio-web

Issues (752)

plugins/passwd/php/class.passwdmodule.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like