AuthUtility::isCredentialVersionLatest() - Code Metrics - Inspection of "fix" - mdaniels5757/waca - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — rbac ( be68b4...52c28b )

by Michael

created 2020-04-26 02:29 UTC

AuthUtility::isCredentialVersionLatest() A

↳ Parent: AuthUtility

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	2

Importance

Changes

Metric	Value
eloc	1
c	0
b	0
f	0
dl	0
loc	3
ccs	0
cts	3
cp	0
rs	10
cc	1
nc	1
nop	1
crap	2

<?php
/******************************************************************************
 * Wikipedia Account Creation Assistance tool                                 *
 *                                                                            *
 * All code in this file is released into the public domain by the ACC        *
 * Development Team. Please see team.json for a list of contributors.         *
 ******************************************************************************/

namespace Waca;

class AuthUtility
{
    /**
     * Test the specified data against the specified credentials
     *
     * @param string $password
     * @param string $credentials
     *
     * @return bool
     */
    public static function testCredentials($password, $credentials)
    {
        global $minimumPasswordVersion;
function myFunction($a, $b) {
    // Do something
}

        if (substr($credentials, 0, 1) != ":") {
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
            return false;
        }

        // determine password version
        $data = explode(':', substr($credentials, 1));

        // call the encryptVersion function for the version that this password actually is.
        // syntax: :1:SALT:HASH
        // syntax: :2:x:HASH

        // check the version is one of the allowed ones:
        if ($minimumPasswordVersion > $data[0]) {
            return false;
        }

        if ($data[0] == 1) {
            return $credentials == self::encryptVersion1($password, $data[1]);
        }

        if ($data[0] == 2) {
            return self::verifyVersion2($password, $data[2]);
        }

        return false;
    }


    /**
     * @param string $credentials
     *
     * @return bool
     */
    public static function isCredentialVersionLatest($credentials)
    {
        return substr($credentials, 0, 3) === ":2:";
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
    }


    /**
     * Encrypts a user's password with the latest version of the hash algorithm
     *
     * @param string $password
     *
     * @return string
     */
    public static function encryptPassword($password)
    {
        return self::encryptVersion2($password);
    }


    /**
     * @param string $password
     * @param string $salt
     *
     * @return string
     */
    private static function encryptVersion1($password, $salt)
    {
        return ':1:' . $salt . ':' . md5($salt . '-' . md5($password));
    }


    /**
     * @param string $password
     *
     * @return string
     */
    private static function encryptVersion2($password)
    {
        return ':2:x:' . password_hash($password, PASSWORD_BCRYPT);
    }


    /**
     * @param string $password
     * @param string $hash
     *
     * @return bool
     */
    private static function verifyVersion2($password, $hash)
    {
        return password_verify($password, $hash);
    }

}



1			<?php
2			/******************************************************************************
3			* Wikipedia Account Creation Assistance tool *
4			* *
5			* All code in this file is released into the public domain by the ACC *
6			* Development Team. Please see team.json for a list of contributors. *
7			******************************************************************************/
8
9			namespace Waca;
10
11			class AuthUtility
12			{
13			/**
14			* Test the specified data against the specified credentials
15			*
16			* @param string $password
17			* @param string $credentials
18			*
19			* @return bool
20			*/
21			public static function testCredentials($password, $credentials)
22			{
23			global $minimumPasswordVersion;
			0 ignored issues – show Compatibility Best Practice introduced 2020-04-23 23:50 UTC by Report Bug Copy Issue Report Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
24
25			if (substr($credentials, 0, 1) != ":") {
			0 ignored issues – show Coding Style Comprehensibility introduced 2020-04-23 23:50 UTC by Report Bug Copy Issue Report The string literal `:` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
26			return false;
27			}
28
29			// determine password version
30			$data = explode(':', substr($credentials, 1));
31
32			// call the encryptVersion function for the version that this password actually is.
33			// syntax: :1:SALT:HASH
34			// syntax: :2:x:HASH
35
36			// check the version is one of the allowed ones:
37			if ($minimumPasswordVersion > $data[0]) {
38			return false;
39			}
40
41			if ($data[0] == 1) {
42			return $credentials == self::encryptVersion1($password, $data[1]);
43			}
44
45			if ($data[0] == 2) {
46			return self::verifyVersion2($password, $data[2]);
47			}
48
49			return false;
50			}
			0 ignored issues – show Coding Style introduced 2020-04-23 23:50 UTC by Report Bug Copy Issue Report Expected //end testCredentials() Loading history...
51
52			/**
53			* @param string $credentials
54			*
55			* @return bool
56			*/
57			public static function isCredentialVersionLatest($credentials)
58			{
59			return substr($credentials, 0, 3) === ":2:";
			0 ignored issues – show Coding Style Comprehensibility introduced 2020-04-23 23:50 UTC by Report Bug Copy Issue Report The string literal `:2:` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
60			}
			0 ignored issues – show Coding Style introduced 2020-04-23 23:50 UTC by Report Bug Copy Issue Report Expected //end isCredentialVersionLatest() Loading history...
61
62			/**
63			* Encrypts a user's password with the latest version of the hash algorithm
64			*
65			* @param string $password
66			*
67			* @return string
68			*/
69			public static function encryptPassword($password)
70			{
71			return self::encryptVersion2($password);
72			}
			0 ignored issues – show Coding Style introduced 2020-04-23 23:50 UTC by Report Bug Copy Issue Report Expected //end encryptPassword() Loading history...
73
74			/**
75			* @param string $password
76			* @param string $salt
77			*
78			* @return string
79			*/
80			private static function encryptVersion1($password, $salt)
81			{
82			return ':1:' . $salt . ':' . md5($salt . '-' . md5($password));
83			}
			0 ignored issues – show Coding Style introduced 2020-04-23 23:50 UTC by Report Bug Copy Issue Report Expected //end encryptVersion1() Loading history...
84
85			/**
86			* @param string $password
87			*
88			* @return string
89			*/
90			private static function encryptVersion2($password)
91			{
92			return ':2:x:' . password_hash($password, PASSWORD_BCRYPT);
93			}
			0 ignored issues – show Coding Style introduced 2020-04-23 23:50 UTC by Report Bug Copy Issue Report Expected //end encryptVersion2() Loading history...
94
95			/**
96			* @param string $password
97			* @param string $hash
98			*
99			* @return bool
100			*/
101			private static function verifyVersion2($password, $hash)
102			{
103			return password_verify($password, $hash);
104			}
			0 ignored issues – show Coding Style introduced 2020-04-23 23:50 UTC by Report Bug Copy Issue Report Expected //end verifyVersion2() Loading history...
105			}
			0 ignored issues – show Coding Style introduced 2020-04-23 23:50 UTC by Report Bug Copy Issue Report Expected //end class Loading history...
106

mdaniels5757 / waca

Push — rbac ( be68b4...52c28b )

AuthUtility::isCredentialVersionLatest() A

Complexity

Size

Duplication

Code Coverage

Importance

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like