PasswordReset::resetPassword() - Code Metrics - Inspection of "added a function to reset a password via the reset..." - philiplb/CRUDlexUser - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 829f13...0ee0ef )

by Philip

created 2016-03-07 15:51 UTC

PasswordReset::resetPassword() B

↳ Parent: PasswordReset

Complexity

Conditions	4
Paths	4

Size

Total Lines	27
Code Lines	17

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	1

Metric	Value
c	1
b	0
f	1
dl	0
loc	27
rs	8.5806
cc	4
eloc	17
nc	4
nop	2

<?php

/*
 * This file is part of the CRUDlexUser package.
 *
 * (c) Philip Lehmann-Böhm <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace CRUDlex;

use CRUDlex\UserSetup;

/**
 * This class offers some features to implement a password reset flow.
 */
class PasswordReset {

    /**
     * Holds the user Data instance.
     */
    protected $userData;

    /**
     * Holds the password reset Data instance.
     */
    protected $passwordResetData;

    /**
     * Constructor.
     *
     * @param CRUDlex\Data $userData
     * the user data instance
     * @param CRUDlex\Data $passwordResetData
     * the password reset data instance
     */
    public function __construct($userData, $passwordResetData) {
        $this->userData = $userData;
        $this->passwordResetData = $passwordResetData;
    }

    /**
     * Creates a password reset request.
     *
     * @param string $identifyingField
     * the identifying field to grab an user, likely the email
     * @param string $identifyingValue
     * the identifying value to grab an user, likely the email
     *
     * @return null|string
     * the token of the password reset instance ready to be send to the user via
     * a secondary channel like email; might be null if the user could not be
     * identified uniquly via the given parameters: either zero or more than one
     * users were found
     */
    public function requestPasswordReset($identifyingField, $identifyingValue) {

        $users = $this->userData->listEntries(array($identifyingField => $identifyingValue));
        if (count($users) !== 1) {
            return null;
        }

        $user = $users[0];
        $userSetup = new UserSetup();

        do {
            $token = $userSetup->getSalt(32);
            $tokenFound = $this->passwordResetData->countBy($this->passwordResetData->getDefinition()->getTable(), array('token' => $token), array('token' => '='), true) === 0;
        } while (!$tokenFound);

        $passwordReset = $this->passwordResetData->createEmpty();
        $passwordReset->set('user', $user->get('id'));
        $passwordReset->set('token', $token);
        $this->passwordResetData->create($passwordReset);

        return $token;
    }

    /**
     * Resets the password of an user belonging to the given password reset
     * token.
     *
     * @param string $token
     * the password reset token
     * @param string $newPassword
     * the new password
     *
     * @return boolean
     * true on success, false on failure with one of this reasons:
     * - no or more than one password reset request found for this token
     * - the password request for this token is older than 48h
     * - the password request for this token has already been used
     */
    public function resetPassword($token, $newPassword) {

        $passwordResets = $this->passwordResetData->listEntries(array('token' => $token));
        if (count($passwordResets) !== 1) {
            return false;
        }
        $passwordReset = $passwordResets[0];

        $createdAt = $passwordReset->get('created_at');
        if (strtotime($createdAt.' UTC') < time() - 2 * 24 * 60 * 60) {
            return false;
        }

        if ($passwordReset->get('reset')) {
            return false;
        }

        $user = $this->userData->get($passwordReset->get('user'));
        $user->set('password', $newPassword);
        $this->userData->update($user);

        $reset = gmdate('Y-m-d H:i:s');
        $passwordReset->set('reset', $reset);
        $this->passwordResetData->update($passwordReset);

        return true;
    }

}


1			<?php
2
3			/*
4			* This file is part of the CRUDlexUser package.
5			*
6			* (c) Philip Lehmann-Böhm <[email protected]>
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			namespace CRUDlex;
13
14			use CRUDlex\UserSetup;
15
16			/**
17			* This class offers some features to implement a password reset flow.
18			*/
19			class PasswordReset {
20
21			/**
22			* Holds the user Data instance.
23			*/
24			protected $userData;
25
26			/**
27			* Holds the password reset Data instance.
28			*/
29			protected $passwordResetData;
30
31			/**
32			* Constructor.
33			*
34			* @param CRUDlex\Data $userData
35			* the user data instance
36			* @param CRUDlex\Data $passwordResetData
37			* the password reset data instance
38			*/
39			public function __construct($userData, $passwordResetData) {
40			$this->userData = $userData;
41			$this->passwordResetData = $passwordResetData;
42			}
43
44			/**
45			* Creates a password reset request.
46			*
47			* @param string $identifyingField
48			* the identifying field to grab an user, likely the email
49			* @param string $identifyingValue
50			* the identifying value to grab an user, likely the email
51			*
52			* @return null\|string
53			* the token of the password reset instance ready to be send to the user via
54			* a secondary channel like email; might be null if the user could not be
55			* identified uniquly via the given parameters: either zero or more than one
56			* users were found
57			*/
58			public function requestPasswordReset($identifyingField, $identifyingValue) {
59
60			$users = $this->userData->listEntries(array($identifyingField => $identifyingValue));
61			if (count($users) !== 1) {
62			return null;
63			}
64
65			$user = $users[0];
66			$userSetup = new UserSetup();
67
68			do {
69			$token = $userSetup->getSalt(32);
70			$tokenFound = $this->passwordResetData->countBy($this->passwordResetData->getDefinition()->getTable(), array('token' => $token), array('token' => '='), true) === 0;
71			} while (!$tokenFound);
72
73			$passwordReset = $this->passwordResetData->createEmpty();
74			$passwordReset->set('user', $user->get('id'));
75			$passwordReset->set('token', $token);
76			$this->passwordResetData->create($passwordReset);
77
78			return $token;
79			}
80
81			/**
82			* Resets the password of an user belonging to the given password reset
83			* token.
84			*
85			* @param string $token
86			* the password reset token
87			* @param string $newPassword
88			* the new password
89			*
90			* @return boolean
91			* true on success, false on failure with one of this reasons:
92			* - no or more than one password reset request found for this token
93			* - the password request for this token is older than 48h
94			* - the password request for this token has already been used
95			*/
96			public function resetPassword($token, $newPassword) {
97
98			$passwordResets = $this->passwordResetData->listEntries(array('token' => $token));
99			if (count($passwordResets) !== 1) {
100			return false;
101			}
102			$passwordReset = $passwordResets[0];
103
104			$createdAt = $passwordReset->get('created_at');
105			if (strtotime($createdAt.' UTC') < time() - 2 * 24 * 60 * 60) {
106			return false;
107			}
108
109			if ($passwordReset->get('reset')) {
110			return false;
111			}
112
113			$user = $this->userData->get($passwordReset->get('user'));
114			$user->set('password', $newPassword);
115			$this->userData->update($user);
116
117			$reset = gmdate('Y-m-d H:i:s');
118			$passwordReset->set('reset', $reset);
119			$this->passwordResetData->update($passwordReset);
120
121			return true;
122			}
123
124			}
125

philiplb / CRUDlexUser

Push — master ( 829f13...0ee0ef )

PasswordReset::resetPassword() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like