Inspection of "JWT time verification" - psfs/core - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( e02aff...283335 )

by Fran

created 2025-11-17 23:50 UTC

Status

Spacing +7 added lines, -7 removed lines patch added patch discarded remove patch

@@ -51,7 +51,7 @@  discard block
 block discarded – undo
         if (NULL === $user || (array_key_exists($user, $admins) && empty($admins[$user]))) {
             list($user, $pass) = self::getAdminFromCookie();
         }
-        return array_key_exists($user, $admins) ? [$user, sha1($user . $pass)] : [null, null];
+        return array_key_exists($user, $admins) ? [$user, sha1($user.$pass)] : [null, null];
     }
 
     public static function checkComplexAuth(array $admins)
@@ -93,7 +93,7 @@  discard block
 block discarded – undo
         return base64_encode($encrypted_data);
     }
 
-    public static function decrypt(string $encrypted_data, string $key): false|string
+    public static function decrypt(string $encrypted_data, string $key): false | string
     {
         $encrypted_data = base64_decode($encrypted_data);
         $data = '';
@@ -114,8 +114,8 @@  discard block
 block discarded – undo
         if (null === $userAgent && array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
             $userAgent = $_SERVER['HTTP_USER_AGENT'];
         }
-        $data = $user . Security::LOGGED_USER_TOKEN . $timestamp->format(self::EXPIRATION_TIMESTAMP_FORMAT) . Security::LOGGED_USER_TOKEN . ($userAgent ?? 'psfs');
-        return self::encrypt($data, sha1($user . $password));
+        $data = $user.Security::LOGGED_USER_TOKEN.$timestamp->format(self::EXPIRATION_TIMESTAMP_FORMAT).Security::LOGGED_USER_TOKEN.($userAgent ?? 'psfs');
+        return self::encrypt($data, sha1($user.$password));
     }
 
     public static function decodeToken(string $token, string $password): array
@@ -144,17 +144,17 @@  discard block
 block discarded – undo
                             try {
                                 $decoded = (array)JWT::decode($token, new Key($profile['hash'], Config::getParam('jwt.alg', 'HS256')));
                                 if ($decoded === $payload) {
-                                    if(time() < (int)($decoded['iat'] ?? 0)) {
+                                    if (time() < (int)($decoded['iat'] ?? 0)) {
                                         throw new SecurityException(t('Token not valid yet'));
                                     }
-                                    if(time() > (int)($decoded['exp'] ?? 0)) {
+                                    if (time() > (int)($decoded['exp'] ?? 0)) {
                                         throw new SecurityException(t('Token expired'));
                                     }
                                     // TODO check modules restrictions
                                     $user = $admin;
                                     $hash = $profile['hash'];
                                 }
-                            } catch (\Exception $exception) {
+                            }catch (\Exception $exception) {
                                 Logger::log($exception->getMessage(), LOG_ERR);
                             }
                             break;

Please login to merge, or discard this patch.

		@@ -51,7 +51,7 @@ discard block
		block discarded – undo
51	51	if (NULL === $user \|\| (array_key_exists($user, $admins) && empty($admins[$user]))) {
52	52	list($user, $pass) = self::getAdminFromCookie();
53	53	}
54		- return array_key_exists($user, $admins) ? [$user, sha1($user . $pass)] : [null, null];
	54	+ return array_key_exists($user, $admins) ? [$user, sha1($user.$pass)] : [null, null];
55	55	}
56	56
57	57	public static function checkComplexAuth(array $admins)
		@@ -93,7 +93,7 @@ discard block
		block discarded – undo
93	93	return base64_encode($encrypted_data);
94	94	}
95	95
96		- public static function decrypt(string $encrypted_data, string $key): false\|string
	96	+ public static function decrypt(string $encrypted_data, string $key): false \| string
97	97	{
98	98	$encrypted_data = base64_decode($encrypted_data);
99	99	$data = '';
		@@ -114,8 +114,8 @@ discard block
		block discarded – undo
114	114	if (null === $userAgent && array_key_exists('HTTP_USER_AGENT', $_SERVER)) {
115	115	$userAgent = $_SERVER['HTTP_USER_AGENT'];
116	116	}
117		- $data = $user . Security::LOGGED_USER_TOKEN . $timestamp->format(self::EXPIRATION_TIMESTAMP_FORMAT) . Security::LOGGED_USER_TOKEN . ($userAgent ?? 'psfs');
118		- return self::encrypt($data, sha1($user . $password));
	117	+ $data = $user.Security::LOGGED_USER_TOKEN.$timestamp->format(self::EXPIRATION_TIMESTAMP_FORMAT).Security::LOGGED_USER_TOKEN.($userAgent ?? 'psfs');
	118	+ return self::encrypt($data, sha1($user.$password));
119	119	}
120	120
121	121	public static function decodeToken(string $token, string $password): array
		@@ -144,17 +144,17 @@ discard block
		block discarded – undo
144	144	try {
145	145	$decoded = (array)JWT::decode($token, new Key($profile['hash'], Config::getParam('jwt.alg', 'HS256')));
146	146	if ($decoded === $payload) {
147		- if(time() < (int)($decoded['iat'] ?? 0)) {
	147	+ if (time() < (int)($decoded['iat'] ?? 0)) {
148	148	throw new SecurityException(t('Token not valid yet'));
149	149	}
150		- if(time() > (int)($decoded['exp'] ?? 0)) {
	150	+ if (time() > (int)($decoded['exp'] ?? 0)) {
151	151	throw new SecurityException(t('Token expired'));
152	152	}
153	153	// TODO check modules restrictions
154	154	$user = $admin;
155	155	$hash = $profile['hash'];
156	156	}
157		- } catch (\Exception $exception) {
	157	+ }catch (\Exception $exception) {
158	158	Logger::log($exception->getMessage(), LOG_ERR);
159	159	}
160	160	break;

psfs / core

Push — master ( e02aff...283335 )

Status

Category

Spacing +7 added lines, -7 removed lines patch added patch discarded remove patch