SP\Services\Api\ApiService::getActions()

Complexity

Conditions	1
Paths	1

Size

Total Lines	96
Code Lines	67

Duplication

Lines	0
Ratio	0 %

Importance

Changes

0

5 Methods

Rating	Name	Duplication	Size	Complexity
A	ApiService::setupUser()	0	7	2
A	ApiService::getParamInt()	0	3	1
A	ApiService::accessDenied()	0	9	1
A	ApiService::getParamString()	0	3	1
A	ApiService::getMasterPassFromVault()	0	26	5

<?php
/**
 * sysPass
 *
 * @author    nuxsmin
 * @link      https://syspass.org
 * @copyright 2012-2018, Rubén Domínguez nuxsmin@$syspass.org
 *
 * This file is part of sysPass.
 *
 * sysPass is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * sysPass is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 *  along with sysPass.  If not, see <http://www.gnu.org/licenses/>.
 */

namespace SP\Services\Api;

use Defuse\Crypto\Exception\CryptoException;
use SP\Core\Acl\ActionsInterface;
use SP\Core\Crypt\Hash;
use SP\Core\Crypt\Vault;
use SP\Core\Exceptions\InvalidClassException;
use SP\DataModel\AuthTokenData;
use SP\Modules\Api\Controllers\Help\HelpInterface;
use SP\Repositories\Track\TrackRequest;
use SP\Services\AuthToken\AuthTokenService;
use SP\Services\Service;
use SP\Services\ServiceException;
use SP\Services\Track\TrackService;
use SP\Services\User\UserService;
use SP\Services\UserProfile\UserProfileService;
use SP\Util\Filter;

/**
 * Class ApiService
 *
 * @package SP\Services\ApiService
 */
final class ApiService extends Service
{
    /**
     * @var AuthTokenService
     */
    private $authTokenService;
    /**
     * @var TrackService
     */
    private $trackService;
    /**
     * @var ApiRequest
     */
    private $apiRequest;
    /**
     * @var TrackRequest
     */
    private $trackRequest;
    /**
     * @var AuthTokenData
     */
    private $authTokenData;
    /**
     * @var HelpInterface
     */
    private $helpClass;
    /**
     * @var bool
     */
    private $initialized = false;

    /**
     * Sets up API
     *
     * @param $actionId
     *
     * @throws ServiceException
     * @throws \SP\Core\Exceptions\SPException
     * @throws \Exception
     */
    public function setup($actionId)
    {
        $this->initialized = false;
        $this->apiRequest = $this->dic->get(ApiRequest::class);

        if ($this->trackService->checkTracking($this->trackRequest)) {
            $this->addTracking();

            throw new ServiceException(
                __u('Intentos excedidos'),
                ServiceException::ERROR,
                null,
                -32601
            );
        }

        $this->authTokenData = $this->authTokenService->getTokenByToken($actionId, $this->getParam('authToken'));

It seems like $this->authTokenService->getTokenByToken($actionId, $this->getParam('authToken')) can also be of type false. However, the property $authTokenData is declared as type SP\DataModel\AuthTokenData. Maybe add an additional type check?

        if ($this->authTokenData->getActionId() !== $actionId) {
            $this->accessDenied();
        }

        $this->setupUser();

        if ($actionId === ActionsInterface::ACCOUNT_VIEW_PASS
            || $actionId === ActionsInterface::ACCOUNT_CREATE
        ) {
            $this->context->setTrasientKey('_masterpass', $this->getMasterPassFromVault());
        }

        $this->initialized = true;
    }

    /**
     * Añadir un seguimiento
     *
     * @throws ServiceException
     */
    private function addTracking()
    {
        try {
            $this->trackService->add($this->trackRequest);
        } catch (\Exception $e) {
            throw new ServiceException(
                __u('Error interno'),
                ServiceException::ERROR,
                null,
                -32601
            );
        }
    }

    /**
     * Devolver el valor de un parámetro
     *
     * @param string $param
     * @param bool   $required Si es requerido
     * @param mixed  $default  Valor por defecto
     *
     * @return int|string
     * @throws ServiceException
     */
    public function getParam($param, $required = false, $default = null)
    {
        if ($this->apiRequest === null
            || ($required && !$this->apiRequest->exists($param))) {
            throw new ServiceException(
                __u('Parámetros incorrectos'),
                ServiceException::ERROR,
                $this->getHelp($this->apiRequest->getMethod()),

$this->getHelp($this->apiRequest->getMethod()) of type array is incompatible with the type string expected by parameter $hint of SP\Services\ServiceException::__construct().

                -32602
            );
        }

        return $this->apiRequest->get($param, $default);
    }

    /**
     * Devuelve la ayuda para una acción
     *
     * @param string $action
     *
     * @return array
     */
    public function getHelp($action)
    {
        return call_user_func([$this->helpClass, 'getHelpFor'], $action);
    }

    /**
     * @throws ServiceException
     */
    private function accessDenied()
    {
        $this->addTracking();

        throw new ServiceException(
            __u('Acceso no permitido'),
            ServiceException::ERROR,
            null,
            -32601
        );
    }

    /**
     * Sets up user's data in context and performs some user checks
     *
     * @throws \SP\Core\Exceptions\SPException
     */
    private function setupUser()
    {
        $userLoginResponse = UserService::mapUserLoginResponse($this->dic->get(UserService::class)->getById($this->authTokenData->getUserId()));
        $userLoginResponse->getIsDisabled() && $this->accessDenied();

        $this->context->setUserData($userLoginResponse);
        $this->context->setUserProfile($this->dic->get(UserProfileService::class)->getById($userLoginResponse->getUserProfileId())->getProfile());
    }

    /**
     * Devolver la clave maestra
     *
     * @return string
     * @throws ServiceException
     */
    private function getMasterPassFromVault()
    {
        try {
            $tokenPass = $this->getParam('tokenPass', true);

            Hash::checkHashKey($tokenPass, $this->authTokenData->getHash()) || $this->accessDenied();

            /** @var Vault $vault */
            $vault = unserialize($this->authTokenData->getVault());

            if ($vault && ($pass = $vault->getData($tokenPass . $this->getParam('authToken')))) {
                return $pass;
            } else {
                throw new ServiceException(
                    __u('Error interno'),
                    ServiceException::ERROR,
                    __u('Datos inválidos'),
                    -32603
                );
            }
        } catch (CryptoException $e) {
            throw new ServiceException(
                __u('Error interno'),
                ServiceException::ERROR,
                $e->getMessage(),
                -32603
            );
        }
    }

    /**
     * @param string $param
     * @param bool   $required
     * @param null   $default

Are you sure the doc-type for parameter $default is correct as it would always require null to be passed?

     *
     * @return int
     * @throws ServiceException
     */
    public function getParamInt($param, $required = false, $default = null)
    {
        return Filter::getInt($this->getParam($param, $required, $default));
    }

    /**
     * @param string $param
     * @param bool   $required
     * @param null   $default

Are you sure the doc-type for parameter $default is correct as it would always require null to be passed?

     *
     * @return string
     * @throws ServiceException
     */
    public function getParamString($param, $required = false, $default = null)
    {
        return Filter::getString($this->getParam($param, $required, $default));
    }

    /**
     * @param string $param
     * @param bool   $required
     * @param null   $default

Are you sure the doc-type for parameter $default is correct as it would always require null to be passed?

     *
     * @return int|string
     * @throws ServiceException
     */
    public function getParamEmail($param, $required = false, $default = null)
    {
        return Filter::getEmail($this->getParam($param, $required, $default));
    }

    /**
     * @param string $param
     * @param bool   $required
     * @param null   $default

Are you sure the doc-type for parameter $default is correct as it would always require null to be passed?

     *
     * @return string
     * @throws ServiceException
     */
    public function getParamRaw($param, $required = false, $default = null)
    {
        return Filter::getRaw($this->getParam($param, $required, $default));
    }

    /**
     * @return string
     * @throws ServiceException
     */
    public function getMasterPass()
    {
        return $this->getMasterKeyFromContext();
    }

    /**
     * @param ApiRequest $apiRequest
     *
     * @return ApiService
     */
    public function setApiRequest(ApiRequest $apiRequest)
    {
        $this->apiRequest = $apiRequest;

        return $this;
    }

    /**
     * @return int
     */
    public function getRequestId()
    {
        return $this->apiRequest->getId();
    }

    /**
     * @return bool
     */
    public function isInitialized(): bool
    {
        return $this->initialized;
    }

    /**
     * @param string $helpClass
     *
     * @throws InvalidClassException
     */
    public function setHelpClass(string $helpClass)
    {
        if (class_exists($helpClass)) {
            $this->helpClass = $helpClass;

It seems like $helpClass of type string is incompatible with the declared type SP\Modules\Api\Controllers\Help\HelpInterface of property $helpClass.

            return;
        }

        throw new InvalidClassException('Invalid class for helper');
    }

    /**
     * @throws \SP\Core\Exceptions\InvalidArgumentException
     */
    protected function initialize()
    {
        $this->authTokenService = $this->dic->get(AuthTokenService::class);
        $this->trackService = $this->dic->get(TrackService::class);
        $this->trackRequest = $this->trackService->getTrackRequest(__CLASS__);
    }
}