FormTimestamp::isValid() - Code Metrics - Inspection of "silenced decrypt errors" - oscarotero/psr7-middlewares - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 206c33...9e77c2 )

by Oscar

created 2015-11-28 18:20 UTC

FormTimestamp::isValid() C

↳ Parent: FormTimestamp

Complexity

Conditions	8
Paths	7

Size

Total Lines	41
Code Lines	19

Duplication

Lines	0
Ratio	0 %

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
c	2
b	0
f	0
dl	0
loc	41
rs	5.3846
cc	8
eloc	19
nc	7
nop	1

<?php

namespace Psr7Middlewares\Middleware;

use Psr7Middlewares\Middleware;
use Psr7Middlewares\Utils;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ResponseInterface;
use RuntimeException;
use Exception;

/**
 * Middleware to span protection using the timestamp value in forms.
 */
class FormTimestamp
{
    use Utils\FormTrait;
    use Utils\CryptTrait;

    /**
     * @var string The honeypot input name
     */
    protected $inputName = 'hpt_time';

    /**
     * @var int Minimum seconds to determine whether the request is a bot
     */
    protected $min = 3;

    /**
     * @var int Max seconds to expire the form. Zero to do not expire
     */
    protected $max = 0;

    /**
     * Constructor.
     */
    public function __construct()
    {
        $this->generateCryptKey();
    }

    /**
     * Set the field name.
     * 
     * @param string $inputName
     * 
     * @return self
     */
    public function inputName($inputName)
    {
        $this->inputName = $inputName;

        return $this;
    }

    /**
     * Minimum time required.
     * 
     * @param int $seconds
     * 
     * @return self
     */
    public function min($seconds)
    {
        $this->min = $seconds;

        return $this;
    }

    /**
     * Max time before expire the form.
     * 
     * @param int $seconds
     * 
     * @return self
     */
    public function max($seconds)
    {
        $this->max = $seconds;

        return $this;
    }

    /**
     * Execute the middleware.
     *
     * @param ServerRequestInterface $request
     * @param ResponseInterface      $response
     * @param callable               $next
     *
     * @return ResponseInterface
     */
    public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)

    {
        if (!Middleware::hasAttribute($request, FormatNegotiator::KEY)) {
            throw new RuntimeException('FormTimestamp middleware needs FormatNegotiator executed before');
        }

        if (FormatNegotiator::getFormat($request) !== 'html') {
            return $next($request, $response);
        }

        if ($this->isPost($request) && !$this->isValid($request)) {
            return $response->withStatus(403);
        }

        $response = $next($request, $response);

        return $this->insertIntoPostForms($response, '<input type="hidden" name="'.$this->inputName.'" value="'.$this->encrypt(time()).'">');
    }

    /**
     * Check whether the request is valid.
     * 
     * @param ServerRequestInterface $request
     * 
     * @return bool
     */
    protected function isValid(ServerRequestInterface $request)
    {
        $data = $request->getParsedBody();

        //value does not exists
        if (empty($data[$this->inputName])) {
            return false;
        }

        try {
            $time = $this->decrypt($data[$this->inputName]);
        } catch (Exception $e) {
            return false;
        }

        //value is not valid
        if (!is_int($time)) {
            return false;
        }

        $now = time();

        //sent from future
        if ($now < $time) {
            return false;
        }

        $diff = $now - $time;

        //check min
        if ($diff < $this->min) {
            return false;
        }

        //check max
        if ($this->max && $diff > $this->max) {
            return false;
        }

        return true;
    }
}


1		<?php
2
3		namespace Psr7Middlewares\Middleware;
4
5		use Psr7Middlewares\Middleware;
6		use Psr7Middlewares\Utils;
7		use Psr\Http\Message\ServerRequestInterface;
8		use Psr\Http\Message\ResponseInterface;
9		use RuntimeException;
10		use Exception;
11
12		/**
13		* Middleware to span protection using the timestamp value in forms.
14		*/
15		class FormTimestamp
16		{
17		use Utils\FormTrait;
18		use Utils\CryptTrait;
19
20		/**
21		* @var string The honeypot input name
22		*/
23		protected $inputName = 'hpt_time';
24
25		/**
26		* @var int Minimum seconds to determine whether the request is a bot
27		*/
28		protected $min = 3;
29
30		/**
31		* @var int Max seconds to expire the form. Zero to do not expire
32		*/
33		protected $max = 0;
34
35		/**
36		* Constructor.
37		*/
38		public function __construct()
39		{
40		$this->generateCryptKey();
41		}
42
43		/**
44		* Set the field name.
45		*
46		* @param string $inputName
47		*
48		* @return self
49		*/
50		public function inputName($inputName)
51		{
52		$this->inputName = $inputName;
53
54		return $this;
55		}
56
57		/**
58		* Minimum time required.
59		*
60		* @param int $seconds
61		*
62		* @return self
63		*/
64		public function min($seconds)
65		{
66		$this->min = $seconds;
67
68		return $this;
69		}
70
71		/**
72		* Max time before expire the form.
73		*
74		* @param int $seconds
75		*
76		* @return self
77		*/
78		public function max($seconds)
79		{
80		$this->max = $seconds;
81
82		return $this;
83		}
84
85		/**
86		* Execute the middleware.
87		*
88		* @param ServerRequestInterface $request
89		* @param ResponseInterface $response
90		* @param callable $next
91		*
92		* @return ResponseInterface
93		*/
94	View Code Duplication	public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
		0 ignored issues – show Duplication introduced 2015-11-28 18:25 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
95		{
96		if (!Middleware::hasAttribute($request, FormatNegotiator::KEY)) {
97		throw new RuntimeException('FormTimestamp middleware needs FormatNegotiator executed before');
98		}
99
100		if (FormatNegotiator::getFormat($request) !== 'html') {
101		return $next($request, $response);
102		}
103
104		if ($this->isPost($request) && !$this->isValid($request)) {
105		return $response->withStatus(403);
106		}
107
108		$response = $next($request, $response);
109
110		return $this->insertIntoPostForms($response, '<input type="hidden" name="'.$this->inputName.'" value="'.$this->encrypt(time()).'">');
111		}
112
113		/**
114		* Check whether the request is valid.
115		*
116		* @param ServerRequestInterface $request
117		*
118		* @return bool
119		*/
120		protected function isValid(ServerRequestInterface $request)
121		{
122		$data = $request->getParsedBody();
123
124		//value does not exists
125		if (empty($data[$this->inputName])) {
126		return false;
127		}
128
129		try {
130		$time = $this->decrypt($data[$this->inputName]);
131		} catch (Exception $e) {
132		return false;
133		}
134
135		//value is not valid
136		if (!is_int($time)) {
137		return false;
138		}
139
140		$now = time();
141
142		//sent from future
143		if ($now < $time) {
144		return false;
145		}
146
147		$diff = $now - $time;
148
149		//check min
150		if ($diff < $this->min) {
151		return false;
152		}
153
154		//check max
155		if ($this->max && $diff > $this->max) {
156		return false;
157		}
158
159		return true;
160		}
161		}
162

oscarotero / psr7-middlewares

Push — master ( 206c33...9e77c2 )

FormTimestamp::isValid() C

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like