UCsrfHttp - Code Metrics - phpMv/ubiquity-security - Measure and Improve Code Quality continuously with Scrutinizer

UCsrfHttp A
last analyzed 2023-03-27 13:29 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	81
Duplicated Lines	0 %

Importance

Changes	4
Bugs	0	Features	1

Metric	Value
eloc	23
c	4
b	0
f	1
dl	0
loc	81
rs	10
wmc	10

6 Methods

Rating	Name	Size	Complexity
A	isValidCookie()	9	2
A	isValidMeta()	5	3
A	addCookieToken()	3	1
A	getTokenField()	3	1
A	getTokenMeta()	3	1
A	isValidPost()	6	2

<?php
namespace Ubiquity\security\csrf;

use Ubiquity\utils\http\UCookie;
use Ubiquity\controllers\Startup;

/**
 * Ubiquity\security\csrf$UCsrfHttp
 * This class is part of Ubiquity
 *
 * @author jc
 * @version 1.0.0
 *
 */
class UCsrfHttp {

	private const COOKIE_KEY = 'X-XSRF-TOKEN';

	/**
	 * Returns whether the given CSRF token is present and valid in POST values, given his name.
	 *
	 * @param string $name
	 * @return boolean
	 */
	public static function isValidPost(string $name): bool {
		$id = CsrfManager::getSelector($name);
		if (isset($_POST[$id])) {
			return CsrfManager::isValid($id, $_POST[$id]);
		}
		return false;
	}

	/**
	 * Returns whether the given CSRF token is present and valid in cookies, given his name.
	 *
	 * @param string $name
	 * @return bool
	 */
	public static function isValidCookie(string $name): bool {
		$id = CsrfManager::getSelector($name);
		$value = UCookie::get(self::COOKIE_KEY, [
			$id => null
		])[$id];
		if (isset($value)) {
			return CsrfManager::isValid($id, $value);
		}
		return false;
	}
	
	/**
	 * Returns whether the given CSRF token is present and valid in header meta csrf-token, given his name.
	 * @param string $name
	 * @return bool
	 */
	public static function isValidMeta(string $name):bool{
		$headers=Startup::getHttpInstance ()->getAllHeaders ();
		if(isset($headers['csrf-token'])){
			list($id,$value)=explode(':', $headers['csrf-token']);
			return $id===CsrfManager::getSelector($name) && CsrfManager::isValidByName($name, $value);
		}
interface ReturnsInt {
    public function returnsIntHinted(): int;
}

class MyClass implements ReturnsInt {
    public function returnsIntHinted(): int
    {
        if (foo()) {
            return 123;
        }
        // here: null is implicitly returned
    }
}
	}

	/**
	 * Adds a token in headers.
	 *
	 * @param string $name
	 */
	public static function getTokenMeta(string $name): string {
		$token = CsrfManager::getToken($name);
		return "<meta name='csrf-token' content='{$token->getId()}:{$token->getValue()}'>";
	}

	/**
	 * Returns an input field with a generated token
	 *
	 * @param string $name
	 * @return string
	 */
	public static function getTokenField(string $name): string {
		$token = CsrfManager::getToken($name);
		return "<input type='hidden' value='{$token->getValue()}' name='{$token->getId()}'>";
	}

	/**
	 * Adds a token in cookies.
	 *
	 * @param string $name
	 * @param string $path
	 * @param bool $secure
	 * @param bool $httpOnly
	 * @return bool
	 */
	public static function addCookieToken(string $name, string $path = '/', bool $secure = true, bool $httpOnly = true): bool {
		$token = CsrfManager::getToken($name);
		return UCookie::set(self::COOKIE_KEY . '[' . $token->getId() . ']', $token->getValue(), null, $path, $secure, $httpOnly);
	}
}



1			<?php
2			namespace Ubiquity\security\csrf;
3
4			use Ubiquity\utils\http\UCookie;
5			use Ubiquity\controllers\Startup;
6
7			/**
8			* Ubiquity\security\csrf$UCsrfHttp
9			* This class is part of Ubiquity
10			*
11			* @author jc
12			* @version 1.0.0
13			*
14			*/
15			class UCsrfHttp {
16
17			private const COOKIE_KEY = 'X-XSRF-TOKEN';
18
19			/**
20			* Returns whether the given CSRF token is present and valid in POST values, given his name.
21			*
22			* @param string $name
23			* @return boolean
24			*/
25			public static function isValidPost(string $name): bool {
26			$id = CsrfManager::getSelector($name);
27			if (isset($_POST[$id])) {
28			return CsrfManager::isValid($id, $_POST[$id]);
29			}
30			return false;
31			}
32
33			/**
34			* Returns whether the given CSRF token is present and valid in cookies, given his name.
35			*
36			* @param string $name
37			* @return bool
38			*/
39			public static function isValidCookie(string $name): bool {
40			$id = CsrfManager::getSelector($name);
41			$value = UCookie::get(self::COOKIE_KEY, [
42			$id => null
43			])[$id];
44			if (isset($value)) {
45			return CsrfManager::isValid($id, $value);
46			}
47			return false;
48			}
49
50			/**
51			* Returns whether the given CSRF token is present and valid in header meta csrf-token, given his name.
52			* @param string $name
53			* @return bool
54			*/
55			public static function isValidMeta(string $name):bool{
56			$headers=Startup::getHttpInstance ()->getAllHeaders ();
57			if(isset($headers['csrf-token'])){
58			list($id,$value)=explode(':', $headers['csrf-token']);
59			return $id===CsrfManager::getSelector($name) && CsrfManager::isValidByName($name, $value);
60			}
			0 ignored issues – show Bug Best Practice introduced 2021-01-03 18:49 UTC by Report Bug Copy Issue Report The function implicitly returns `null` when the `if` condition on line 57 is `false`. This is incompatible with the type-hinted return `boolean`. Consider adding a return statement or allowing `null` as return value. For hinted functions/methods where all return statements with the correct type are only reachable via conditions, ?null? gets implicitly returned which may be incompatible with the hinted type. Let?s take a look at an example: interface ReturnsInt { public function returnsIntHinted(): int; } class MyClass implements ReturnsInt { public function returnsIntHinted(): int { if (foo()) { return 123; } // here: null is implicitly returned } } Loading history...
61			}
62
63			/**
64			* Adds a token in headers.
65			*
66			* @param string $name
67			*/
68			public static function getTokenMeta(string $name): string {
69			$token = CsrfManager::getToken($name);
70			return "<meta name='csrf-token' content='{$token->getId()}:{$token->getValue()}'>";
71			}
72
73			/**
74			* Returns an input field with a generated token
75			*
76			* @param string $name
77			* @return string
78			*/
79			public static function getTokenField(string $name): string {
80			$token = CsrfManager::getToken($name);
81			return "<input type='hidden' value='{$token->getValue()}' name='{$token->getId()}'>";
82			}
83
84			/**
85			* Adds a token in cookies.
86			*
87			* @param string $name
88			* @param string $path
89			* @param bool $secure
90			* @param bool $httpOnly
91			* @return bool
92			*/
93			public static function addCookieToken(string $name, string $path = '/', bool $secure = true, bool $httpOnly = true): bool {
94			$token = CsrfManager::getToken($name);
95			return UCookie::set(self::COOKIE_KEY . '[' . $token->getId() . ']', $token->getValue(), null, $path, $secure, $httpOnly);
96			}
97			}
98
99

phpMv / ubiquity-security

UCsrfHttp A last analyzed 2023-03-27 13:29 UTC

Complexity

Size/Duplication

Importance

6 Methods

Duplication Side-by-Side

Filter issues like

UCsrfHttp A
last analyzed 2023-03-27 13:29 UTC