nilsteampassnet /
TeamPass
| Conditions | 12 |
| Paths | 74 |
| Total Lines | 67 |
| Code Lines | 45 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 1 | ||
| Bugs | 0 | Features | 0 |
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 33 | public function authorizeAction() |
||
| 34 | { |
||
| 35 | $request = symfonyRequest::createFromGlobals(); |
||
| 36 | $requestMethod = $request->getMethod(); |
||
| 37 | $strErrorDesc = $responseData = $strErrorHeader = ''; |
||
| 38 | |||
| 39 | if (strtoupper($requestMethod) === 'POST') { |
||
| 40 | // Security: Prevent credentials from being passed via query string |
||
| 41 | // Only allow credentials in POST body (form-data or JSON) |
||
| 42 | $queryString = $request->getQueryString(); |
||
| 43 | if (!empty($queryString)) { |
||
| 44 | parse_str(html_entity_decode($queryString), $queryParams); |
||
| 45 | $sensitiveParams = ['login', 'password', 'apikey']; |
||
| 46 | foreach ($sensitiveParams as $param) { |
||
| 47 | if (isset($queryParams[$param])) { |
||
| 48 | $strErrorDesc = 'Credentials must be sent in request body (application/x-www-form-urlencoded or application/json), not in URL'; |
||
| 49 | $strErrorHeader = 'HTTP/1.1 400 Bad Request'; |
||
| 50 | break; |
||
| 51 | } |
||
| 52 | } |
||
| 53 | } |
||
| 54 | |||
| 55 | // Proceed only if no security violation detected |
||
| 56 | if (empty($strErrorDesc)) { |
||
| 57 | $arrQueryStringParams = $this->getQueryStringParams(); |
||
| 58 | |||
| 59 | // Validate required parameters are present |
||
| 60 | if (empty($arrQueryStringParams['login']) || empty($arrQueryStringParams['password']) || empty($arrQueryStringParams['apikey'])) { |
||
| 61 | $strErrorDesc = 'Missing required parameters: login, password, and apikey must be provided in request body'; |
||
| 62 | $strErrorHeader = 'HTTP/1.1 400 Bad Request'; |
||
| 63 | } else { |
||
| 64 | require API_ROOT_PATH . "/Model/AuthModel.php"; |
||
| 65 | try { |
||
| 66 | $authModel = new AuthModel(); |
||
| 67 | $arrUser = $authModel->getUserAuth( |
||
| 68 | $arrQueryStringParams['login'], |
||
| 69 | $arrQueryStringParams['password'], |
||
| 70 | $arrQueryStringParams['apikey'] |
||
| 71 | ); |
||
| 72 | if (array_key_exists("token", $arrUser)) { |
||
| 73 | $responseData = json_encode($arrUser); |
||
| 74 | } else { |
||
| 75 | $strErrorDesc = $arrUser['error'] . " (" . $arrUser['info'] . ")"; |
||
| 76 | $strErrorHeader = 'HTTP/1.1 401 Unauthorized'; |
||
| 77 | } |
||
| 78 | } catch (Error $e) { |
||
| 79 | $strErrorDesc = $e->getMessage().' Something went wrong! Please contact support.2'; |
||
| 80 | $strErrorHeader = 'HTTP/1.1 500 Internal Server Error'; |
||
| 81 | } |
||
| 82 | } |
||
| 83 | } |
||
| 84 | |||
| 85 | } else { |
||
| 86 | $strErrorDesc = 'Method '.$requestMethod.' not supported'; |
||
| 87 | $strErrorHeader = 'HTTP/1.1 422 Unprocessable Entity'; |
||
| 88 | } |
||
| 89 | |||
| 90 | // send output |
||
| 91 | if (empty($strErrorDesc) === true) { |
||
| 92 | $this->sendOutput( |
||
| 93 | $responseData, |
||
| 94 | ['Content-Type: application/json', 'HTTP/1.1 200 OK'] |
||
| 95 | ); |
||
| 96 | } else { |
||
| 97 | $this->sendOutput( |
||
| 98 | json_encode(['error' => $strErrorDesc]), |
||
| 99 | ['Content-Type: application/json', $strErrorHeader] |
||
| 100 | ); |
||
| 103 | } |
