View GitHub Repository server

Schedule Inspection
Subscribe
Passed
Push — master ( ee5e76...ea6ba5 )
by Morris
22:29 queued 12:17
created
Status
Category
Toggle Patches
core/Middleware/TwoFactorMiddleware.php 1 patch
Indentation   +96 added lines, -96 removed lines patch added patch discarded remove patch 
@@ -43,101 +43,101 @@
 
 block discarded – undo
43 43
44 44 
 class TwoFactorMiddleware extends Middleware {
45 45
46 
-	/** @var Manager */
47 
-	private $twoFactorManager;
48 
-
49 
-	/** @var Session */
50 
-	private $userSession;
51 
-
52 
-	/** @var ISession */
53 
-	private $session;
54 
-
55 
-	/** @var IURLGenerator */
56 
-	private $urlGenerator;
57 
-
58 
-	/** @var IControllerMethodReflector */
59 
-	private $reflector;
60 
-
61 
-	/** @var IRequest */
62 
-	private $request;
63 
-
64 
-	/**
65 
-	 * @param Manager $twoFactorManager
66 
-	 * @param Session $userSession
67 
-	 * @param ISession $session
68 
-	 * @param IURLGenerator $urlGenerator
69 
-	 */
70 
-	public function __construct(Manager $twoFactorManager, Session $userSession, ISession $session,
71 
-		IURLGenerator $urlGenerator, IControllerMethodReflector $reflector, IRequest $request) {
72 
-		$this->twoFactorManager = $twoFactorManager;
73 
-		$this->userSession = $userSession;
74 
-		$this->session = $session;
75 
-		$this->urlGenerator = $urlGenerator;
76 
-		$this->reflector = $reflector;
77 
-		$this->request = $request;
78 
-	}
79 
-
80 
-	/**
81 
-	 * @param Controller $controller
82 
-	 * @param string $methodName
83 
-	 */
84 
-	public function beforeController($controller, $methodName) {
85 
-		if ($this->reflector->hasAnnotation('PublicPage')) {
86 
-			// Don't block public pages
87 
-			return;
88 
-		}
89 
-
90 
-		if ($controller instanceof LoginController && $methodName === 'logout') {
91 
-			// Don't block the logout page, to allow canceling the 2FA
92 
-			return;
93 
-		}
94 
-
95 
-		if ($this->userSession->isLoggedIn()) {
96 
-			$user = $this->userSession->getUser();
97 
-
98 
-
99 
-			if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
100 
-				$this->checkTwoFactor($controller, $methodName, $user);
101 
-			} else if ($controller instanceof TwoFactorChallengeController) {
102 
-				// Allow access to the two-factor controllers only if two-factor authentication
103 
-				// is in progress.
104 
-				throw new UserAlreadyLoggedInException();
105 
-			}
106 
-		}
107 
-		// TODO: dont check/enforce 2FA if a auth token is used
108 
-	}
109 
-
110 
-	private function checkTwoFactor(Controller $controller, $methodName, IUser $user) {
111 
-		// If two-factor auth is in progress disallow access to any controllers
112 
-		// defined within "LoginController".
113 
-		$needsSecondFactor = $this->twoFactorManager->needsSecondFactor($user);
114 
-		$twoFactor = $controller instanceof TwoFactorChallengeController;
115 
-
116 
-		// Disallow access to any controller if 2FA needs to be checked
117 
-		if ($needsSecondFactor && !$twoFactor) {
118 
-			throw new TwoFactorAuthRequiredException();
119 
-		}
120 
-
121 
-		// Allow access to the two-factor controllers only if two-factor authentication
122 
-		// is in progress.
123 
-		if (!$needsSecondFactor && $twoFactor) {
124 
-			throw new UserAlreadyLoggedInException();
125 
-		}
126 
-	}
127 
-
128 
-	public function afterException($controller, $methodName, Exception $exception) {
129 
-		if ($exception instanceof TwoFactorAuthRequiredException) {
130 
-			$params = [];
131 
-			if (isset($this->request->server['REQUEST_URI'])) {
132 
-				$params['redirect_url'] = $this->request->server['REQUEST_URI'];
133 
-			}
134 
-			return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', $params));
135 
-		}
136 
-		if ($exception instanceof UserAlreadyLoggedInException) {
137 
-			return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
138 
-		}
139 
-
140 
-		throw $exception;
141 
-	}
46 
+    /** @var Manager */
47 
+    private $twoFactorManager;
48 
+
49 
+    /** @var Session */
50 
+    private $userSession;
51 
+
52 
+    /** @var ISession */
53 
+    private $session;
54 
+
55 
+    /** @var IURLGenerator */
56 
+    private $urlGenerator;
57 
+
58 
+    /** @var IControllerMethodReflector */
59 
+    private $reflector;
60 
+
61 
+    /** @var IRequest */
62 
+    private $request;
63 
+
64 
+    /**
65 
+     * @param Manager $twoFactorManager
66 
+     * @param Session $userSession
67 
+     * @param ISession $session
68 
+     * @param IURLGenerator $urlGenerator
69 
+     */
70 
+    public function __construct(Manager $twoFactorManager, Session $userSession, ISession $session,
71 
+        IURLGenerator $urlGenerator, IControllerMethodReflector $reflector, IRequest $request) {
72 
+        $this->twoFactorManager = $twoFactorManager;
73 
+        $this->userSession = $userSession;
74 
+        $this->session = $session;
75 
+        $this->urlGenerator = $urlGenerator;
76 
+        $this->reflector = $reflector;
77 
+        $this->request = $request;
78 
+    }
79 
+
80 
+    /**
81 
+     * @param Controller $controller
82 
+     * @param string $methodName
83 
+     */
84 
+    public function beforeController($controller, $methodName) {
85 
+        if ($this->reflector->hasAnnotation('PublicPage')) {
86 
+            // Don't block public pages
87 
+            return;
88 
+        }
89 
+
90 
+        if ($controller instanceof LoginController && $methodName === 'logout') {
91 
+            // Don't block the logout page, to allow canceling the 2FA
92 
+            return;
93 
+        }
94 
+
95 
+        if ($this->userSession->isLoggedIn()) {
96 
+            $user = $this->userSession->getUser();
97 
+
98 
+
99 
+            if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
100 
+                $this->checkTwoFactor($controller, $methodName, $user);
101 
+            } else if ($controller instanceof TwoFactorChallengeController) {
102 
+                // Allow access to the two-factor controllers only if two-factor authentication
103 
+                // is in progress.
104 
+                throw new UserAlreadyLoggedInException();
105 
+            }
106 
+        }
107 
+        // TODO: dont check/enforce 2FA if a auth token is used
108 
+    }
109 
+
110 
+    private function checkTwoFactor(Controller $controller, $methodName, IUser $user) {
111 
+        // If two-factor auth is in progress disallow access to any controllers
112 
+        // defined within "LoginController".
113 
+        $needsSecondFactor = $this->twoFactorManager->needsSecondFactor($user);
114 
+        $twoFactor = $controller instanceof TwoFactorChallengeController;
115 
+
116 
+        // Disallow access to any controller if 2FA needs to be checked
117 
+        if ($needsSecondFactor && !$twoFactor) {
118 
+            throw new TwoFactorAuthRequiredException();
119 
+        }
120 
+
121 
+        // Allow access to the two-factor controllers only if two-factor authentication
122 
+        // is in progress.
123 
+        if (!$needsSecondFactor && $twoFactor) {
124 
+            throw new UserAlreadyLoggedInException();
125 
+        }
126 
+    }
127 
+
128 
+    public function afterException($controller, $methodName, Exception $exception) {
129 
+        if ($exception instanceof TwoFactorAuthRequiredException) {
130 
+            $params = [];
131 
+            if (isset($this->request->server['REQUEST_URI'])) {
132 
+                $params['redirect_url'] = $this->request->server['REQUEST_URI'];
133 
+            }
134 
+            return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', $params));
135 
+        }
136 
+        if ($exception instanceof UserAlreadyLoggedInException) {
137 
+            return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index'));
138 
+        }
139 
+
140 
+        throw $exception;
141 
+    }
142 142
143 143 
 }
Please login to merge, or discard this patch.