TotpController::actionDisable() - Code Metrics - Inspection of "added code check to disable totp" - hiqdev/yii2-mfa - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( f8e802...976933 )

by Andrii

created 2019-09-03 14:00 UTC

TotpController::actionDisable() B

↳ Parent: TotpController

Complexity

Conditions	6
Paths	6

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	42

Importance

Changes

Metric	Value
dl	0
loc	21
ccs	0
cts	17
cp	0
rs	8.9617
c	0
b	0
f	0
cc	6
nc	6
nop	1
crap	42

<?php
/**
 * Multi-factor authentication for Yii2 projects
 *
 * @link      https://github.com/hiqdev/yii2-mfa
 * @package   yii2-mfa
 * @license   BSD-3-Clause
 * @copyright Copyright (c) 2016-2018, HiQDev (http://hiqdev.com/)
 */

namespace hiqdev\yii2\mfa\controllers;

use hiqdev\yii2\mfa\forms\InputForm;
use Yii;
use yii\filters\AccessControl;
use yii\helpers\Url;

/**
 * TOTP controller.
 * Time-based One Time Password.
 */
class TotpController extends \yii\web\Controller
{
    public function behaviors()
    {
        return array_merge(parent::behaviors(), [
            'access' => [
                'class' => AccessControl::class,
                'denyCallback' => [$this, 'denyCallback'],
                'rules' => [
                    // ? - guest
                    [
                        'actions' => ['check'],
                        'roles' => ['?'],
                        'allow' => true,
                    ],
                    // @ - authenticated
                    [
                        'actions' => ['enable', 'disable', 'toggle'],
                        'roles' => ['@'],
                        'allow' => true,
                    ],
                ],
            ],
        ]);
    }

    public function denyCallback()
    {
        return $this->goHome();
    }

    public function actionEnable($back = null)
    {
        $user = Yii::$app->user->identity;
        if ($user->totp_secret) {

            Yii::$app->session->setFlash('error', Yii::t('mfa', 'Two-factor authentication is already enabled. Disable first.'));

            return empty($back) ? $this->goHome() : $this->deferredRedirect($back);
        }

        $model = new InputForm();
        $secret = $this->module->getTotp()->getSecret();

        if ($model->load(Yii::$app->request->post()) && $model->validate()) {
            if ($this->module->getTotp()->verifyCode($secret, $model->code)) {
                $user->totp_secret = $secret;
                $this->module->getTotp()->setIsVerified(true);
                if ($user->save() && Yii::$app->user->login($user)) {
                    Yii::$app->session->setFlash('success', Yii::t('mfa', 'Two-factor authentication successfully enabled.'));

                    return empty($back) ? $this->goBack() : $this->deferredRedirect($back);
                } else {

                    Yii::$app->session->setFlash('error', Yii::t('mfa', 'Sorry, we have failed to enable two-factor authentication.'));

                    return empty($back) ? $this->goHome() : $this->deferredRedirect($back);
                }
            } else {
                $model->addError('code', Yii::t('mfa', 'Wrong verification code. Please verify your secret and try again.'));
            }
        }

        $qrcode = $this->module->getTotp()->getQRCodeImageAsDataUri($user->username, $secret);

        return $this->render('enable', compact('model', 'secret', 'qrcode'));
    }

    public function actionDisable($back = null)
    {
        $user = Yii::$app->user->identity;
        $model = new InputForm();
        $secret = $this->module->getTotp()->getSecret();

        if ($model->load(Yii::$app->request->post()) && $model->validate()) {
            if ($this->module->getTotp()->verifyCode($secret, $model->code)) {
                $this->module->getTotp()->removeSecret();
                $user->totp_secret = '';
                if ($user->save()) {
                    Yii::$app->session->setFlash('success', Yii::t('mfa', 'Two-factor authentication successfully disabled.'));
                }

                return empty($back) ? $this->goBack() : $this->deferredRedirect($back);
            } else {
                $model->addError('code', Yii::t('mfa', 'Wrong verification code. Please verify your secret and try again.'));
            }
        }
        return $this->render('disable', compact('model'));
    }

    public function deferredRedirect($url = null)
    {
        return $this->render('redirect', compact('url'));
    }

    public function actionToggle($back = null)
    {
        $user = Yii::$app->user->identity;

        return empty($user->totp_secret) ? $this->actionEnable($back) : $this->actionDisable($back);
    }

    public function actionCheck()
    {
        $user = $this->module->getHalfUser();
        $model = new InputForm();

        if ($model->load(Yii::$app->request->post()) && $model->validate()) {
            if ($this->module->getTotp()->verifyCode($user->totp_secret, $model->code)) {
                $this->module->getTotp()->setIsVerified(true);
                Yii::$app->user->login($user);

                return $this->goBack();
            } else {
                $model->addError('code', Yii::t('mfa', 'Wrong verification code. Please verify your secret and try again.'));
            }
        }

        return $this->render('check', [
            'model' => $model,
            'issuer' => $this->module->getTotp()->issuer,
            'username' => $user->username,
        ]);
    }
}


1		<?php
2		/**
3		* Multi-factor authentication for Yii2 projects
4		*
5		* @link https://github.com/hiqdev/yii2-mfa
6		* @package yii2-mfa
7		* @license BSD-3-Clause
8		* @copyright Copyright (c) 2016-2018, HiQDev (http://hiqdev.com/)
9		*/
10
11		namespace hiqdev\yii2\mfa\controllers;
12
13		use hiqdev\yii2\mfa\forms\InputForm;
14		use Yii;
15		use yii\filters\AccessControl;
16		use yii\helpers\Url;
17
18		/**
19		* TOTP controller.
20		* Time-based One Time Password.
21		*/
22		class TotpController extends \yii\web\Controller
23		{
24		public function behaviors()
25		{
26		return array_merge(parent::behaviors(), [
27		'access' => [
28		'class' => AccessControl::class,
29		'denyCallback' => [$this, 'denyCallback'],
30		'rules' => [
31		// ? - guest
32		[
33		'actions' => ['check'],
34		'roles' => ['?'],
35		'allow' => true,
36		],
37		// @ - authenticated
38		[
39		'actions' => ['enable', 'disable', 'toggle'],
40		'roles' => ['@'],
41		'allow' => true,
42		],
43		],
44		],
45		]);
46		}
47
48		public function denyCallback()
49		{
50		return $this->goHome();
51		}
52
53		public function actionEnable($back = null)
54		{
55		$user = Yii::$app->user->identity;
56	View Code Duplication	if ($user->totp_secret) {
		0 ignored issues – show Duplication introduced 2017-01-06 16:34 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
57		Yii::$app->session->setFlash('error', Yii::t('mfa', 'Two-factor authentication is already enabled. Disable first.'));
58
59		return empty($back) ? $this->goHome() : $this->deferredRedirect($back);
60		}
61
62		$model = new InputForm();
63		$secret = $this->module->getTotp()->getSecret();
64
65		if ($model->load(Yii::$app->request->post()) && $model->validate()) {
66		if ($this->module->getTotp()->verifyCode($secret, $model->code)) {
67		$user->totp_secret = $secret;
68		$this->module->getTotp()->setIsVerified(true);
69		if ($user->save() && Yii::$app->user->login($user)) {
70		Yii::$app->session->setFlash('success', Yii::t('mfa', 'Two-factor authentication successfully enabled.'));
71
72		return empty($back) ? $this->goBack() : $this->deferredRedirect($back);
73	View Code Duplication	} else {
		0 ignored issues – show Duplication introduced 2017-01-06 16:34 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
74		Yii::$app->session->setFlash('error', Yii::t('mfa', 'Sorry, we have failed to enable two-factor authentication.'));
75
76		return empty($back) ? $this->goHome() : $this->deferredRedirect($back);
77		}
78		} else {
79		$model->addError('code', Yii::t('mfa', 'Wrong verification code. Please verify your secret and try again.'));
80		}
81		}
82
83		$qrcode = $this->module->getTotp()->getQRCodeImageAsDataUri($user->username, $secret);
84
85		return $this->render('enable', compact('model', 'secret', 'qrcode'));
86		}
87
88		public function actionDisable($back = null)
89		{
90		$user = Yii::$app->user->identity;
91		$model = new InputForm();
92		$secret = $this->module->getTotp()->getSecret();
93
94		if ($model->load(Yii::$app->request->post()) && $model->validate()) {
95		if ($this->module->getTotp()->verifyCode($secret, $model->code)) {
96		$this->module->getTotp()->removeSecret();
97		$user->totp_secret = '';
98		if ($user->save()) {
99		Yii::$app->session->setFlash('success', Yii::t('mfa', 'Two-factor authentication successfully disabled.'));
100		}
101
102		return empty($back) ? $this->goBack() : $this->deferredRedirect($back);
103		} else {
104		$model->addError('code', Yii::t('mfa', 'Wrong verification code. Please verify your secret and try again.'));
105		}
106		}
107		return $this->render('disable', compact('model'));
108		}
109
110		public function deferredRedirect($url = null)
111		{
112		return $this->render('redirect', compact('url'));
113		}
114
115		public function actionToggle($back = null)
116		{
117		$user = Yii::$app->user->identity;
118
119		return empty($user->totp_secret) ? $this->actionEnable($back) : $this->actionDisable($back);
120		}
121
122		public function actionCheck()
123		{
124		$user = $this->module->getHalfUser();
125		$model = new InputForm();
126
127		if ($model->load(Yii::$app->request->post()) && $model->validate()) {
128		if ($this->module->getTotp()->verifyCode($user->totp_secret, $model->code)) {
129		$this->module->getTotp()->setIsVerified(true);
130		Yii::$app->user->login($user);
131
132		return $this->goBack();
133		} else {
134		$model->addError('code', Yii::t('mfa', 'Wrong verification code. Please verify your secret and try again.'));
135		}
136		}
137
138		return $this->render('check', [
139		'model' => $model,
140		'issuer' => $this->module->getTotp()->issuer,
141		'username' => $user->username,
142		]);
143		}
144		}
145

hiqdev / yii2-mfa

Push — master ( f8e802...976933 )

TotpController::actionDisable() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like