RepositoryAuthenticationProvider::checkAuthentication() - Code Metrics - kaliop-uk/ezidentitymanagementbundle - Measure and Improve Code Quality continuously with Scrutinizer

checkAuthentication() B
last analyzed 2018-06-24 12:46 UTC

↳ Parent: RepositoryAuthenticationProvider

Complexity

Conditions	7
Paths	10

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	48
c	0
b	0
f	0
rs	8.2012
cc	7
nc	10
nop	2

<?php

namespace Kaliop\IdentityManagementBundle\Security\Authentication\Provider;

use eZ\Publish\Core\Base\Exceptions\NotFoundException;
use eZ\Publish\API\Repository\Repository;
use eZ\Publish\Core\MVC\Symfony\Security\User as EzUser;
use Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * We "should" subclass eZ\Publish\Core\MVC\Symfony\Security\Authentication\RepositoryAuthenticationProvider here,
 * but that class has the $repository member as private, so there is little point in doing that, and we subclass
 * directly its parent
 */
class RepositoryAuthenticationProvider extends DaoAuthenticationProvider
{
    /**
     * @var \eZ\Publish\API\Repository\Repository
     */
    protected $repository;

    public function setRepository(Repository $repository)
    {
        $this->repository = $repository;
    }

    protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
    {
        if (!$user instanceof EzUser) {
            return parent::checkAuthentication($user, $token);
        }

        // $currentUser can either be an instance of UserInterface or just the username (e.g. during form login).
        /** @var EzUser|string $currentUser */
        $currentUser = $token->getUser();
        if ($currentUser instanceof UserInterface) {
if ($x instanceof DoesNotExist) {
    // Do something.
}
            if ($currentUser->getPassword() !== $user->getPassword()) {
                throw new BadCredentialsException('The credentials were changed from another session.');
            }

            $apiUser = $currentUser->getAPIUser();
        } else {
            try {
                /// @bug this will fail if any user has as @ character in their login field and wants to log in using that...
                /*if (preg_match('#(.)*@(.)*#',$token->getUsername())) {

                    $user = $this->repository->getUserService()->loadUsersByEmail($token->getUsername());
                    /** @var \eZ\Publish\Core\Repository\Values\User\User $user * /
                    $user = $user[0];
                    $token = new UsernamePasswordToken(
                        $user->login, $token->getCredentials(), $token->getProviderKey(), $token->getRoles()
                    );

                }*/

                $apiUser = $this->repository->getUserService()->loadUserByCredentials($token->getUsername(), $token->getCredentials());
            } catch (NotFoundException $e) {
                try {
                    $users = $this->repository->getUserService()->loadUsersByEmail($token->getUsername());
                    if (!count($users)) {
                        throw new NotFoundException('User', $token->getUsername());
                    }
                    /// @todo log a warning if many users do match the email
                    $userLogin = $users[0]->login;
                    $apiUser = $this->repository->getUserService()
                        ->loadUserByCredentials($userLogin, $token->getCredentials());
                } catch (NotFoundException $e) {
                    throw new BadCredentialsException('Invalid credentials', 0, $e);
                }
            }
        }

        // Finally inject current user in the Repository
        $this->repository->setCurrentUser($apiUser);
    }
}


1			<?php
2
3			namespace Kaliop\IdentityManagementBundle\Security\Authentication\Provider;
4
5			use eZ\Publish\Core\Base\Exceptions\NotFoundException;
6			use eZ\Publish\API\Repository\Repository;
7			use eZ\Publish\Core\MVC\Symfony\Security\User as EzUser;
8			use Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider;
9			use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
10			use Symfony\Component\Security\Core\Exception\BadCredentialsException;
11			use Symfony\Component\Security\Core\User\UserInterface;
12
13			/**
14			* We "should" subclass eZ\Publish\Core\MVC\Symfony\Security\Authentication\RepositoryAuthenticationProvider here,
15			* but that class has the $repository member as private, so there is little point in doing that, and we subclass
16			* directly its parent
17			*/
18			class RepositoryAuthenticationProvider extends DaoAuthenticationProvider
19			{
20			/**
21			* @var \eZ\Publish\API\Repository\Repository
22			*/
23			protected $repository;
24
25			public function setRepository(Repository $repository)
26			{
27			$this->repository = $repository;
28			}
29
30			protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
31			{
32			if (!$user instanceof EzUser) {
33			return parent::checkAuthentication($user, $token);
34			}
35
36			// $currentUser can either be an instance of UserInterface or just the username (e.g. during form login).
37			/** @var EzUser\|string $currentUser */
38			$currentUser = $token->getUser();
39			if ($currentUser instanceof UserInterface) {
			0 ignored issues – show Bug introduced 2018-06-24 00:13 UTC by Report Bug Copy Issue Report The class `Symfony\Component\Security\Core\User\UserInterface` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
40			if ($currentUser->getPassword() !== $user->getPassword()) {
41			throw new BadCredentialsException('The credentials were changed from another session.');
42			}
43
44			$apiUser = $currentUser->getAPIUser();
45			} else {
46			try {
47			/// @bug this will fail if any user has as @ character in their login field and wants to log in using that...
48			/if (preg_match('#(.)@(.)*#',$token->getUsername())) {
			0 ignored issues – show Unused Code Comprehensibility introduced 2018-06-24 00:13 UTC by Report Bug Copy Issue Report `60%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
49			$user = $this->repository->getUserService()->loadUsersByEmail($token->getUsername());
50			/** @var \eZ\Publish\Core\Repository\Values\User\User $user * /
51			$user = $user[0];
52			$token = new UsernamePasswordToken(
53			$user->login, $token->getCredentials(), $token->getProviderKey(), $token->getRoles()
54			);
55
56			}*/
57
58			$apiUser = $this->repository->getUserService()->loadUserByCredentials($token->getUsername(), $token->getCredentials());
59			} catch (NotFoundException $e) {
60			try {
61			$users = $this->repository->getUserService()->loadUsersByEmail($token->getUsername());
62			if (!count($users)) {
63			throw new NotFoundException('User', $token->getUsername());
64			}
65			/// @todo log a warning if many users do match the email
66			$userLogin = $users[0]->login;
67			$apiUser = $this->repository->getUserService()
68			->loadUserByCredentials($userLogin, $token->getCredentials());
69			} catch (NotFoundException $e) {
70			throw new BadCredentialsException('Invalid credentials', 0, $e);
71			}
72			}
73			}
74
75			// Finally inject current user in the Repository
76			$this->repository->setCurrentUser($apiUser);
77			}
78			}
79

kaliop-uk / ezidentitymanagementbundle

checkAuthentication() B last analyzed 2018-06-24 12:46 UTC

Complexity

Size

Duplication

Importance

1. Missing dependencies

2. Missing use statement

Duplication Side-by-Side

Filter issues like

checkAuthentication() B
last analyzed 2018-06-24 12:46 UTC