OC_JSON::checkLoggedIn() - Code Metrics - Inspection of "Optimize PUT - with custom mtime, use storage inst..." - owncloud/core - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#28003)

by Piotr

created 2018-06-25 18:50 UTC

OC_JSON::checkLoggedIn() B

↳ Parent: OC_JSON

Complexity

Conditions	6
Paths	16

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	6
nc	16
nop	0
dl	0
loc	20
rs	8.9777
c	0
b	0
f	0

<?php
/**
 * @author Bart Visscher <[email protected]>
 * @author Bernhard Posselt <[email protected]>
 * @author Christoph Wurst <[email protected]>
 * @author Felix Moeller <[email protected]>
 * @author Georg Ehrke <[email protected]>
 * @author Lukas Reschke <[email protected]>
 * @author Morris Jobke <[email protected]>
 * @author Robin Appelman <[email protected]>
 * @author Thomas Müller <[email protected]>
 * @author Thomas Tanghus <[email protected]>
 * @author Vincent Petry <[email protected]>
 *
 * @copyright Copyright (c) 2018, ownCloud GmbH
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */

use OC\L10N\L10NString;
use OC\Authentication\Exceptions\AccountCheckException;

/**
 * Class OC_JSON
 * @deprecated Use a AppFramework JSONResponse instead
 */
class OC_JSON {
	protected static $send_content_type_header = false;
	/**
	 * set Content-Type header to jsonrequest
	 * @deprecated Use a AppFramework JSONResponse instead
	 */
	public static function setContentTypeHeader($type='application/json') {
		if (!self::$send_content_type_header) {
			// We send json data
			\header('Content-Type: '.$type . '; charset=utf-8');
			self::$send_content_type_header = true;
		}
	}

	/**
	 * Check if the app is enabled, send json error msg if not
	 * @param string $app
	 * @deprecated Use the AppFramework instead. It will automatically check if the app is enabled.
	 */
	public static function checkAppEnabled($app) {
		if (!OC_App::isEnabled($app)) {
			$l = \OC::$server->getL10N('lib');
			self::error(['data' => ['message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled']]);
			exit();
		}
	}

	private static function sendErrorAndExit() {
		$l = \OC::$server->getL10N('lib');
		\http_response_code(\OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
		self::error(['data' => ['message' => $l->t('Authentication error'), 'error' => 'authentication_error']]);
		exit();
	}

	/**
	 * Check if the user is logged in, send json error msg if not
	 * @deprecated Use annotation based ACLs from the AppFramework instead
	 */
	public static function checkLoggedIn() {
		static $loginCalled = false;
		$userSession = \OC::$server->getUserSession();
		if (!$loginCalled && !$userSession->isLoggedIn()) {
			\OC::handleLogin(\OC::$server->getRequest());
			$loginCalled = true;
		}

		if (!$userSession->isLoggedIn()) {
			self::sendErrorAndExit();
		}
		if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor()) {
			self::sendErrorAndExit();
		}
		try {
			\OC::$server->getAccountModuleManager()->check($userSession->getUser());
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
		} catch (AccountCheckException $ex) {
			self::sendErrorAndExit();
		}
	}

	/**
	 * Check an ajax get/post call if the request token is valid, send json error msg if not.
	 * @deprecated Use annotation based CSRF checks from the AppFramework instead
	 */
	public static function callCheck() {
		if (!(\OC::$server->getRequest()->passesCSRFCheck())) {
			$l = \OC::$server->getL10N('lib');
			self::error(['data' => ['message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired']]);
			exit();
		}
	}

	/**
	 * Check if the user is a admin, send json error msg if not.
	 * @deprecated Use annotation based ACLs from the AppFramework instead
	 */
	public static function checkAdminUser() {
		if (!OC_User::isAdminUser(OC_User::getUser())) {

			$l = \OC::$server->getL10N('lib');
			self::error(['data' => ['message' => $l->t('Authentication error'), 'error' => 'authentication_error']]);
			exit();
		}
	}

	/**
	 * Check is a given user exists - send json error msg if not
	 * @param string $user
	 * @deprecated Use a AppFramework JSONResponse instead
	 */
	public static function checkUserExists($user) {
		if (!OCP\User::userExists($user)) {
			$l = \OC::$server->getL10N('lib');
			OCP\JSON::error(['data' => ['message' => $l->t('Unknown user'), 'error' => 'unknown_user']]);
			exit;
		}
	}

	/**
	 * Check if the user has administration privileges, send json error msg if not
	 * @deprecated Use annotation based ACLs from the AppFramework instead
	 */
	public static function checkSubAdminUser() {
		$hasUserManagementPrivileges = false;
		$userObject = \OC::$server->getUserSession()->getUser();
		if ($userObject !== null) {

			//Admin and SubAdmins are allowed to access user management
			$hasUserManagementPrivileges = \OC::$server->getGroupManager()->isAdmin($userObject->getUID())
				|| \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
		}

		if (!$hasUserManagementPrivileges) {
			$l = \OC::$server->getL10N('lib');
			self::error(['data' => ['message' => $l->t('Authentication error'), 'error' => 'authentication_error']]);
			exit();
		}
	}

	/**
	 * Send json error msg
	 * @deprecated Use a AppFramework JSONResponse instead
	 */
	public static function error($data = []) {
		$data['status'] = 'error';
		self::encodedPrint($data);
	}

	/**
	 * Send json success msg
	 * @deprecated Use a AppFramework JSONResponse instead
	 */
	public static function success($data = []) {
		$data['status'] = 'success';
		self::encodedPrint($data);
	}

	/**
	 * Convert \OC\L10N\String to string, for use in json encodings
	 */
	protected static function to_string(&$value) {
		if ($value instanceof L10NString) {
			$value = (string)$value;
		}
	}

	/**
	 * Encode and print $data in json format
	 * @deprecated Use a AppFramework JSONResponse instead
	 */
	public static function encodedPrint($data, $setContentType=true) {
		if ($setContentType) {
			self::setContentTypeHeader();
		}
		echo self::encode($data);
	}

	/**
	 * Encode JSON
	 * @deprecated Use a AppFramework JSONResponse instead
	 */
	public static function encode($data) {
		if (\is_array($data)) {
			\array_walk_recursive($data, ['OC_JSON', 'to_string']);
		}
		return \json_encode($data, JSON_HEX_TAG);
	}
}


1		<?php
2		/**
3		* @author Bart Visscher <[email protected]>
4		* @author Bernhard Posselt <[email protected]>
5		* @author Christoph Wurst <[email protected]>
6		* @author Felix Moeller <[email protected]>
7		* @author Georg Ehrke <[email protected]>
8		* @author Lukas Reschke <[email protected]>
9		* @author Morris Jobke <[email protected]>
10		* @author Robin Appelman <[email protected]>
11		* @author Thomas Müller <[email protected]>
12		* @author Thomas Tanghus <[email protected]>
13		* @author Vincent Petry <[email protected]>
14		*
15		* @copyright Copyright (c) 2018, ownCloud GmbH
16		* @license AGPL-3.0
17		*
18		* This code is free software: you can redistribute it and/or modify
19		* it under the terms of the GNU Affero General Public License, version 3,
20		* as published by the Free Software Foundation.
21		*
22		* This program is distributed in the hope that it will be useful,
23		* but WITHOUT ANY WARRANTY; without even the implied warranty of
24		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25		* GNU Affero General Public License for more details.
26		*
27		* You should have received a copy of the GNU Affero General Public License, version 3,
28		* along with this program. If not, see <http://www.gnu.org/licenses/>
29		*
30		*/
31
32		use OC\L10N\L10NString;
33		use OC\Authentication\Exceptions\AccountCheckException;
34
35		/**
36		* Class OC_JSON
37		* @deprecated Use a AppFramework JSONResponse instead
38		*/
39		class OC_JSON {
40		protected static $send_content_type_header = false;
41		/**
42		* set Content-Type header to jsonrequest
43		* @deprecated Use a AppFramework JSONResponse instead
44		*/
45		public static function setContentTypeHeader($type='application/json') {
46		if (!self::$send_content_type_header) {
47		// We send json data
48		\header('Content-Type: '.$type . '; charset=utf-8');
49		self::$send_content_type_header = true;
50		}
51		}
52
53		/**
54		* Check if the app is enabled, send json error msg if not
55		* @param string $app
56		* @deprecated Use the AppFramework instead. It will automatically check if the app is enabled.
57		*/
58	View Code Duplication	public static function checkAppEnabled($app) {
59		if (!OC_App::isEnabled($app)) {
60		$l = \OC::$server->getL10N('lib');
61		self::error(['data' => ['message' => $l->t('Application is not enabled'), 'error' => 'application_not_enabled']]);
62		exit();
63		}
64		}
65
66	View Code Duplication	private static function sendErrorAndExit() {
67		$l = \OC::$server->getL10N('lib');
68		\http_response_code(\OCP\AppFramework\Http::STATUS_UNAUTHORIZED);
69		self::error(['data' => ['message' => $l->t('Authentication error'), 'error' => 'authentication_error']]);
70		exit();
71		}
72
73		/**
74		* Check if the user is logged in, send json error msg if not
75		* @deprecated Use annotation based ACLs from the AppFramework instead
76		*/
77		public static function checkLoggedIn() {
78		static $loginCalled = false;
79		$userSession = \OC::$server->getUserSession();
80		if (!$loginCalled && !$userSession->isLoggedIn()) {
81		\OC::handleLogin(\OC::$server->getRequest());
82		$loginCalled = true;
83		}
84
85		if (!$userSession->isLoggedIn()) {
86		self::sendErrorAndExit();
87		}
88		if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor()) {
89		self::sendErrorAndExit();
90		}
91		try {
92		\OC::$server->getAccountModuleManager()->check($userSession->getUser());
		0 ignored issues – show Bug introduced 2018-06-14 11:16 UTC by Report Bug Copy Issue Report It seems like `$userSession->getUser()` can be `null`; however, `check()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
93		} catch (AccountCheckException $ex) {
94		self::sendErrorAndExit();
95		}
96		}
97
98		/**
99		* Check an ajax get/post call if the request token is valid, send json error msg if not.
100		* @deprecated Use annotation based CSRF checks from the AppFramework instead
101		*/
102	View Code Duplication	public static function callCheck() {
103		if (!(\OC::$server->getRequest()->passesCSRFCheck())) {
104		$l = \OC::$server->getL10N('lib');
105		self::error(['data' => ['message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired']]);
106		exit();
107		}
108		}
109
110		/**
111		* Check if the user is a admin, send json error msg if not.
112		* @deprecated Use annotation based ACLs from the AppFramework instead
113		*/
114	View Code Duplication	public static function checkAdminUser() {
115		if (!OC_User::isAdminUser(OC_User::getUser())) {
		0 ignored issues – show Bug introduced 2016-05-11 11:43 UTC by Report Bug Copy Issue Report It seems like `\OC_User::getUser()` targeting `OC_User::getUser()` can also be of type `boolean`; however, `OC_User::isAdminUser()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
116		$l = \OC::$server->getL10N('lib');
117		self::error(['data' => ['message' => $l->t('Authentication error'), 'error' => 'authentication_error']]);
118		exit();
119		}
120		}
121
122		/**
123		* Check is a given user exists - send json error msg if not
124		* @param string $user
125		* @deprecated Use a AppFramework JSONResponse instead
126		*/
127	View Code Duplication	public static function checkUserExists($user) {
128		if (!OCP\User::userExists($user)) {
129		$l = \OC::$server->getL10N('lib');
130		OCP\JSON::error(['data' => ['message' => $l->t('Unknown user'), 'error' => 'unknown_user']]);
131		exit;
132		}
133		}
134
135		/**
136		* Check if the user has administration privileges, send json error msg if not
137		* @deprecated Use annotation based ACLs from the AppFramework instead
138		*/
139		public static function checkSubAdminUser() {
140		$hasUserManagementPrivileges = false;
141		$userObject = \OC::$server->getUserSession()->getUser();
142	View Code Duplication	if ($userObject !== null) {
		0 ignored issues – show Duplication introduced 2017-11-06 10:59 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
143		//Admin and SubAdmins are allowed to access user management
144		$hasUserManagementPrivileges = \OC::$server->getGroupManager()->isAdmin($userObject->getUID())
145		\|\| \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject);
146		}
147
148		if (!$hasUserManagementPrivileges) {
149		$l = \OC::$server->getL10N('lib');
150		self::error(['data' => ['message' => $l->t('Authentication error'), 'error' => 'authentication_error']]);
151		exit();
152		}
153		}
154
155		/**
156		* Send json error msg
157		* @deprecated Use a AppFramework JSONResponse instead
158		*/
159		public static function error($data = []) {
160		$data['status'] = 'error';
161		self::encodedPrint($data);
162		}
163
164		/**
165		* Send json success msg
166		* @deprecated Use a AppFramework JSONResponse instead
167		*/
168		public static function success($data = []) {
169		$data['status'] = 'success';
170		self::encodedPrint($data);
171		}
172
173		/**
174		* Convert \OC\L10N\String to string, for use in json encodings
175		*/
176		protected static function to_string(&$value) {
177		if ($value instanceof L10NString) {
178		$value = (string)$value;
179		}
180		}
181
182		/**
183		* Encode and print $data in json format
184		* @deprecated Use a AppFramework JSONResponse instead
185		*/
186		public static function encodedPrint($data, $setContentType=true) {
187		if ($setContentType) {
188		self::setContentTypeHeader();
189		}
190		echo self::encode($data);
191		}
192
193		/**
194		* Encode JSON
195		* @deprecated Use a AppFramework JSONResponse instead
196		*/
197		public static function encode($data) {
198		if (\is_array($data)) {
199		\array_walk_recursive($data, ['OC_JSON', 'to_string']);
200		}
201		return \json_encode($data, JSON_HEX_TAG);
202		}
203		}
204

owncloud / core

Pull Request — master (#28003)

OC_JSON::checkLoggedIn() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like