main_controller - Code Metrics - Inspection of "Merge pull request #17 from paul999/updates" - paul999/phpbb_2fa - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 6cfe9f...d6cbe8 )

by Paul

created 2019-09-06 13:58 UTC

main_controller A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	194
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	1

Importance

Changes

Metric	Value
wmc	16
lcom	1
cbo	1
dl	0
loc	194
rs	10
c	0
b	0
f	0

2 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	13	1
D	submit()	0	104	15

<?php
/**
*
* 2FA extension for the phpBB Forum Software package.
*
* @copyright (c) 2015 Paul Sohier
* @license GNU General Public License, version 2 (GPL-2.0)
*
*/

namespace paul999\tfa\controller;

use paul999\tfa\helper\session_helper_interface;
use phpbb\config\config;
use phpbb\controller\helper;
use phpbb\db\driver\driver_interface;
use phpbb\exception\http_exception;
use phpbb\request\request_interface;
use phpbb\template\template;
use phpbb\user;
use phpbb\log\log;

/**
 * Controller
 */
class main_controller
{
	/**
	 * @var helper
	 */
	private $controller_helper;

	/**
	 * @var template
	 */
	private $template;

	/**
	 * @var driver_interface
	 */
	private $db;

	/**
	 * @var user
	 */
	private $user;

	/**
	 * @var request_interface
	 */
	private $request;

	/**
	 * @var config
	 */
	private $config;

	/**
	 * @var session_helper_interface
	 */
	private $session_helper;

	/**
	 * @var string
	 */
	private $root_path;

	/**
	 * @var string
	 */
	private $php_ext;
	/**
	 * @var log
	 */
	private $log;

	/**
	 * Constructor
	 *
	 * @access public
	 * @param helper $controller_helper
	 * @param driver_interface $db
	 * @param template $template
	 * @param user $user
	 * @param request_interface $request
	 * @param config $config
	 * @param log $log
	 * @param session_helper_interface $session_helper
	 * @param string $root_path
	 * @param string $php_ext
	 */
	public function __construct(helper $controller_helper, driver_interface $db, template $template, user $user, request_interface $request, config $config, log $log, session_helper_interface $session_helper, $root_path, $php_ext)
	{
		$this->controller_helper 	= $controller_helper;
		$this->template 			= $template;
		$this->db					= $db;
		$this->user					= $user;
		$this->request				= $request;
		$this->config				= $config;
		$this->session_helper		= $session_helper;
		$this->root_path			= $root_path;
		$this->php_ext				= $php_ext;
		$this->log                  = $log;
	}

	/**
	 * @param int  $user_id
	 * @param bool $admin
	 * @param bool $auto_login
	 * @param bool $viewonline
	 * @param string $class
	 * @return \Symfony\Component\HttpFoundation\Response
	 * @throws http_exception
	 */
	public function submit($user_id, $admin, $auto_login, $viewonline, $class)
	{
		$this->user->add_lang_ext('paul999/tfa', 'common');

		if (!check_form_key('tfa_login_page'))
		{
			throw new http_exception(403, 'FORM_INVALID');
		}

		if (empty($this->user->data['tfa_random']) || $user_id != $this->user->data['tfa_uid'])
		{
			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
		}
		$random = $this->request->variable('random', '');

		if ($this->user->data['tfa_random'] !== $random || strlen($random) !== 40)
		{
			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
		}
		$sql_ary = array(
			'tfa_random' => '',
			'tfa_uid'    => 0,
		);
		$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . "
			WHERE
				session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND
				session_user_id = " . (int) $this->user->data['user_id'];
		$this->db->sql_query($sql);

		if (empty($class))
		{
			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
		}

		$module = $this->session_helper->findModule($class);

		if ($module == null)
		{
			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
		}

		$redirect = $this->request->variable('redirect', "{$this->root_path}/index.{$this->php_ext}");
		try
		{
			if (!$module->login($user_id))
			{
				$this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION',false, ['TFA_INCORRECT_KEY']);
				$this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY'));
				$this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect);
			}
		}
		catch (http_exception $ex) // @TODO: Replace exception with own exception

		{

			$this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, [$ex->getMessage()]);

			if ($admin)
			{
				// Also log it to admin  log just to be sure.
				$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, [$ex->getMessage()]);
			}
			if ($ex->getStatusCode() == 400)
			{
				$this->template->assign_var('S_ERROR', $this->user->lang($ex->getMessage()));
				$this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect);
			}
			else
			{
				throw $ex;
			}
		}

		$old_session_id = $this->user->session_id;
		if ($admin)
		{
			$cookie_expire = time() - 31536000;
			$this->user->set_cookie('u', '', $cookie_expire);
			$this->user->set_cookie('sid', '', $cookie_expire);
		}
		$result = $this->user->session_create($user_id, $admin, $auto_login, $viewonline);

		// Successful session creation
		if ($result === true)
		{
			// Remove our cookie that causes filling in a key.
			$this->user->set_cookie('rn', '', time() + 3600 * 24, true);
			// If admin re-authentication we remove the old session entry because a new one has been created...
			if ($admin)
			{
				// the login array is used because the user ids do not differ for re-authentication
				$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
					WHERE session_id = '" . $this->db->sql_escape($old_session_id) . "'
					AND session_user_id = " . (int) $user_id;
				$this->db->sql_query($sql);

				$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_ADMIN_AUTH_SUCCESS');

				redirect(append_sid("{$this->root_path}adm/index.{$this->php_ext}", false, true, $this->user->data['session_id']));
			}

			redirect(append_sid($redirect, false, true, $this->user->data['session_id']));
		}
		throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
	}
}


1			<?php
2			/**
3			*
4			* 2FA extension for the phpBB Forum Software package.
5			*
6			* @copyright (c) 2015 Paul Sohier
7			* @license GNU General Public License, version 2 (GPL-2.0)
8			*
9			*/
10
11			namespace paul999\tfa\controller;
12
13			use paul999\tfa\helper\session_helper_interface;
14			use phpbb\config\config;
15			use phpbb\controller\helper;
16			use phpbb\db\driver\driver_interface;
17			use phpbb\exception\http_exception;
18			use phpbb\request\request_interface;
19			use phpbb\template\template;
20			use phpbb\user;
21			use phpbb\log\log;
22
23			/**
24			* Controller
25			*/
26			class main_controller
27			{
28			/**
29			* @var helper
30			*/
31			private $controller_helper;
32
33			/**
34			* @var template
35			*/
36			private $template;
37
38			/**
39			* @var driver_interface
40			*/
41			private $db;
42
43			/**
44			* @var user
45			*/
46			private $user;
47
48			/**
49			* @var request_interface
50			*/
51			private $request;
52
53			/**
54			* @var config
55			*/
56			private $config;
57
58			/**
59			* @var session_helper_interface
60			*/
61			private $session_helper;
62
63			/**
64			* @var string
65			*/
66			private $root_path;
67
68			/**
69			* @var string
70			*/
71			private $php_ext;
72			/**
73			* @var log
74			*/
75			private $log;
76
77			/**
78			* Constructor
79			*
80			* @access public
81			* @param helper $controller_helper
82			* @param driver_interface $db
83			* @param template $template
84			* @param user $user
85			* @param request_interface $request
86			* @param config $config
87			* @param log $log
88			* @param session_helper_interface $session_helper
89			* @param string $root_path
90			* @param string $php_ext
91			*/
92			public function __construct(helper $controller_helper, driver_interface $db, template $template, user $user, request_interface $request, config $config, log $log, session_helper_interface $session_helper, $root_path, $php_ext)
93			{
94			$this->controller_helper = $controller_helper;
95			$this->template = $template;
96			$this->db = $db;
97			$this->user = $user;
98			$this->request = $request;
99			$this->config = $config;
100			$this->session_helper = $session_helper;
101			$this->root_path = $root_path;
102			$this->php_ext = $php_ext;
103			$this->log = $log;
104			}
105
106			/**
107			* @param int $user_id
108			* @param bool $admin
109			* @param bool $auto_login
110			* @param bool $viewonline
111			* @param string $class
112			* @return \Symfony\Component\HttpFoundation\Response
113			* @throws http_exception
114			*/
115			public function submit($user_id, $admin, $auto_login, $viewonline, $class)
116			{
117			$this->user->add_lang_ext('paul999/tfa', 'common');
118
119			if (!check_form_key('tfa_login_page'))
120			{
121			throw new http_exception(403, 'FORM_INVALID');
122			}
123
124			if (empty($this->user->data['tfa_random']) \|\| $user_id != $this->user->data['tfa_uid'])
125			{
126			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
127			}
128			$random = $this->request->variable('random', '');
129
130			if ($this->user->data['tfa_random'] !== $random \|\| strlen($random) !== 40)
131			{
132			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
133			}
134			$sql_ary = array(
135			'tfa_random' => '',
136			'tfa_uid' => 0,
137			);
138			$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . "
139			WHERE
140			session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND
141			session_user_id = " . (int) $this->user->data['user_id'];
142			$this->db->sql_query($sql);
143
144			if (empty($class))
145			{
146			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
147			}
148
149			$module = $this->session_helper->findModule($class);
150
151			if ($module == null)
152			{
153			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
154			}
155
156			$redirect = $this->request->variable('redirect', "{$this->root_path}/index.{$this->php_ext}");
157			try
158			{
159			if (!$module->login($user_id))
160			{
161			$this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION',false, ['TFA_INCORRECT_KEY']);
162			$this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY'));
163			$this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect);
164			}
165			}
166			catch (http_exception $ex) // @TODO: Replace exception with own exception
			0 ignored issues – show Bug introduced 2018-03-24 13:13 UTC by Report Bug Copy Issue Report The class `phpbb\exception\http_exception` does not exist. Did you forget a USE statement, or did you not list all dependencies? Scrutinizer analyzes your `composer.json`/`composer.lock` file if available to determine the classes, and functions that are defined by your dependencies. It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis. Loading history...
167			{
168
169			$this->log->add('critical', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, [$ex->getMessage()]);
170
171			if ($admin)
172			{
173			// Also log it to admin log just to be sure.
174			$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_TFA_EXCEPTION', false, [$ex->getMessage()]);
175			}
176			if ($ex->getStatusCode() == 400)
177			{
178			$this->template->assign_var('S_ERROR', $this->user->lang($ex->getMessage()));
179			$this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect);
180			}
181			else
182			{
183			throw $ex;
184			}
185			}
186
187			$old_session_id = $this->user->session_id;
188			if ($admin)
189			{
190			$cookie_expire = time() - 31536000;
191			$this->user->set_cookie('u', '', $cookie_expire);
192			$this->user->set_cookie('sid', '', $cookie_expire);
193			}
194			$result = $this->user->session_create($user_id, $admin, $auto_login, $viewonline);
195
196			// Successful session creation
197			if ($result === true)
198			{
199			// Remove our cookie that causes filling in a key.
200			$this->user->set_cookie('rn', '', time() + 3600 * 24, true);
201			// If admin re-authentication we remove the old session entry because a new one has been created...
202			if ($admin)
203			{
204			// the login array is used because the user ids do not differ for re-authentication
205			$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
206			WHERE session_id = '" . $this->db->sql_escape($old_session_id) . "'
207			AND session_user_id = " . (int) $user_id;
208			$this->db->sql_query($sql);
209
210			$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_ADMIN_AUTH_SUCCESS');
211
212			redirect(append_sid("{$this->root_path}adm/index.{$this->php_ext}", false, true, $this->user->data['session_id']));
213			}
214
215			redirect(append_sid($redirect, false, true, $this->user->data['session_id']));
216			}
217			throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
218			}
219			}
220

paul999 / phpbb_2fa

Push — master ( 6cfe9f...d6cbe8 )

main_controller A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

2 Methods

Duplication Side-by-Side

Filter issues like