Issues in Auth.php - New Issues - Inspection of "Bugfix: user without permission could'nt login / b..." - redaxscript/redaxscript - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( b75e6f...d2eb2b )

by Henry

created 2020-07-02 16:52 UTC

includes/Auth.php (1 issue)

Showing only issues like (Show All)

Check for implicit conversion of array to boolean.

Best Practice Bug Minor

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Redaxscript;

use function array_key_exists;
use function array_merge;
use function in_array;
use function is_array;
use function json_decode;

/**
 * parent class to authenticate the user
 *
 * @since 3.0.0
 *
 * @package Redaxscript
 * @category Auth
 * @author Henry Ruhs
 *
 * @method bool getPermissionNew(string $type)
 * @method bool getPermissionInstall(string $type)
 * @method bool getPermissionEdit(string $type)
 * @method bool getPermissionDelete(string $type)
 * @method bool getPermissionUninstall(string $type)
 * @method bool getFilter()
 */

class Auth
{
	/**
	 * instance of the request class
	 *
	 * @var Request
	 */

	protected $_request;

	/**
	 * array of the user
	 *
	 * @var array
	 */

	protected $_userArray = [];

	/**
	 * array of the permission
	 *
	 * @var array
	 */

	protected $_permissionArray = [];

	/**
	 * array of the type
	 *
	 * @var array
	 */

	protected $_typeArray =
	[
		'categories',
		'articles',
		'extras',
		'comments',
		'groups',
		'users',
		'modules',
		'settings',
		'filter'
	];

	/**
	 * array of the call
	 *
	 * @var array
	 */

	protected $_callArray =
	[
		'categories' =>
		[
			'getPermissionNew' => 1,
			'getPermissionEdit' => 2,
			'getPermissionDelete' => 3
		],
		'articles' =>
		[
			'getPermissionNew' => 1,
			'getPermissionEdit' => 2,
			'getPermissionDelete' => 3
		],
		'extras' =>
		[
			'getPermissionNew' => 1,
			'getPermissionEdit' => 2,
			'getPermissionDelete' => 3
		],
		'comments' =>
		[
			'getPermissionNew' => 1,
			'getPermissionEdit' => 2,
			'getPermissionDelete' => 3
		],
		'groups' =>
		[
			'getPermissionNew' => 1,
			'getPermissionEdit' => 2,
			'getPermissionDelete' => 3
		],
		'users' =>
		[
			'getPermissionNew' => 1,
			'getPermissionEdit' => 2,
			'getPermissionDelete' => 3
		],
		'modules' =>
		[
			'getPermissionInstall' => 1,
			'getPermissionEdit' => 2,
			'getPermissionUninstall' => 3
		],
		'settings' =>
		[
			'getPermissionEdit' => 1
		],
		'filter' =>
		[
			'getFilter' => 0
		]
	];

	/**
	 * constructor of the class
	 *
	 * @since 3.0.0
	 *
	 * @param Request $request instance of the request class
	 */

	public function __construct(Request $request)
	{
		$this->_request = $request;
	}

	/**
	 * call method as needed
	 *
	 * @since 3.0.0
	 *
	 * @param string $method name of the method
	 * @param array $argumentArray arguments of the method
	 *
	 * @return bool
	 */

	public function __call(string $method = null, array $argumentArray = []) : bool
	{
		$type = $argumentArray[0];
		if (is_array($this->_callArray[$type]) && array_key_exists($method, $this->_callArray[$type]))
		{
			$permissionArray = $this->getPermission($type);
			return is_array($permissionArray) && in_array($this->_callArray[$type][$method], $permissionArray);
		}
		if ($method === 'getFilter')
		{
			$permissionArray = $this->getPermission('filter');
			return !is_array($permissionArray) || !in_array($this->_callArray['filter'][$method], $permissionArray);
		}
		return false;
	}

	/**
	 * init the class
	 *
	 * @since 3.0.0
	 */

	public function init() : void
	{
		$authArray = $this->_getAuth();
		if (is_array($authArray) && array_key_exists('user', $authArray))
		{
			$this->_userArray = $authArray['user'];
		}
		if (is_array($authArray) && array_key_exists('permission', $authArray))
		{
			$this->_permissionArray = $authArray['permission'];
		}
	}

	/**
	 * login the user
	 *
	 * @since 3.0.0
	 *
	 * @param int $userId identifier of the user
	 *
	 * @return int
	 */

	public function login(int $userId = null) : int
	{
		$userModel = new Model\User();
		$user = $userModel->getById($userId);

		/* handle user */

		if ($user->user && $user->password && $user->status)
		{
			$groupArray = (array)json_decode($user->groups);
			if ($groupArray)
			{
				$groups = Db::forTablePrefix('groups')
					->whereIdIn($groupArray)
					->where('status', 1)
					->select($this->_typeArray)
					->findArray();

				/* set the filter */

				$this->setPermission('filter',
				[
					1
				]);

				/* process groups */

				foreach ($groups as $value)
				{
					foreach ($value as $keySub => $valueSub)
					{
						$valueArray = (array)json_decode($valueSub);
						$this->setPermission($keySub, $valueArray);
					}
				}
			}

			/* set the user */

			$this->setUser('id', $user->id);
			$this->setUser('name', $user->name);
			$this->setUser('user', $user->user);
			$this->setUser('email', $user->email);
			$this->setUser('language', $user->language);
			$this->setUser('groups', $user->groups);

			/* save user and permission */

			$this->save();
		}
		return $this->getStatus();
	}

	/**
	 * logout the user
	 *
	 * @since 3.0.0
	 *
	 * @return bool
	 */

	public function logout() : bool
	{
		if ($this->getStatus())
		{
			$this->_setAuth();
			$this->_request->setSession('language', null);
			return !$this->getStatus();
		}
		return false;
	}

	/**
	 * get the value from user
	 *
	 * @since 3.0.0
	 *
	 * @param string $key key of the user
	 *
	 * @return string|null
	 */

	public function getUser(string $key = null) : ?string
	{
		if (is_array($this->_userArray) && array_key_exists($key, $this->_userArray))
		{
			return $this->_userArray[$key];
		}
		return null;
	}

	/**
	 * get the array from user
	 *
	 * @since 4.0.0
	 *
	 * @return array
	 */

	public function getUserArray() : array
	{
		return $this->_userArray;
	}

	/**
	 * set the user
	 *
	 * @since 3.0.0
	 *
	 * @param string $key key of the user
	 * @param string|array|null $value value of the user
	 */

	public function setUser(string $key = null, $value = null) : void
	{
		$this->_userArray[$key] = $value;
	}

	/**
	 * get the value from permission
	 *
	 * @since 3.0.0
	 *
	 * @param string $key key of the permission
	 *
	 * @return string|array|null
	 */

	public function getPermission(string $key = null)
	{
		if (is_array($this->_permissionArray) && array_key_exists($key, $this->_permissionArray))
		{
			return $this->_permissionArray[$key];
		}
		return null;
	}

	/**
	 * get the array from permission
	 *
	 * @since 4.0.0
	 *
	 * @return array
	 */

	public function getPermissionArray() : array
	{
		return $this->_permissionArray;
	}

	/**
	 * set the permission
	 *
	 * @since 3.0.0
	 *
	 * @param string $key key of the permission
	 * @param array $permissionArray array of the permission
	 */

	public function setPermission(string $key = null, array $permissionArray = []) : void
	{
		if (is_array($this->_permissionArray[$key]))
		{
			$permissionArray = array_merge($this->_permissionArray[$key], $permissionArray);
		}
		$this->_permissionArray[$key] = $permissionArray;
	}

	/**
	 * get the auth status
	 *
	 * @since 3.0.0
	 *
	 * @return int
	 */

	public function getStatus() : int
	{
		$authArray = $this->_getAuth();
		return is_array($authArray) && array_key_exists('user', $authArray) && array_key_exists('permission', $authArray) ? 1 : 0;
	}

	/**
	 * save user and permission
	 *
	 * @since 3.0.0
	 */

	public function save() : void
	{
		$userArray = $this->getUserArray();
		$permissionArray = $this->getPermissionArray();

		/* set the session */

		if ($userArray)

		{
			$this->_setAuth(
			[
				'user' => $userArray,
				'permission' => $permissionArray
			]);
			$this->_request->setSession('language', $userArray['language']);
		}
	}

	/**
	 * get the auth from session
	 *
	 * @since 3.0.0
	 *
	 * @return array|null
	 */

	protected function _getAuth() : ?array
	{
		$root = new Server\Root($this->_request);
		return $this->_request->getSession($root->getOutput() . '/auth');
	}

	/**
	 * set the auth to session
	 *
	 * @since 3.0.0
	 *
	 * @param array $authArray
	 */

	protected function _setAuth(array $authArray = []) : void
	{
		$root = new Server\Root($this->_request);
		$this->_request->setSession($root->getOutput() . '/auth', $authArray);
	}
}


1		<?php
2		namespace Redaxscript;
3
4		use function array_key_exists;
5		use function array_merge;
6		use function in_array;
7		use function is_array;
8		use function json_decode;
9
10		/**
11		* parent class to authenticate the user
12		*
13		* @since 3.0.0
14		*
15		* @package Redaxscript
16		* @category Auth
17		* @author Henry Ruhs
18		*
19		* @method bool getPermissionNew(string $type)
20		* @method bool getPermissionInstall(string $type)
21		* @method bool getPermissionEdit(string $type)
22		* @method bool getPermissionDelete(string $type)
23		* @method bool getPermissionUninstall(string $type)
24		* @method bool getFilter()
25		*/
26
27		class Auth
28		{
29		/**
30		* instance of the request class
31		*
32		* @var Request
33		*/
34
35		protected $_request;
36
37		/**
38		* array of the user
39		*
40		* @var array
41		*/
42
43		protected $_userArray = [];
44
45		/**
46		* array of the permission
47		*
48		* @var array
49		*/
50
51		protected $_permissionArray = [];
52
53		/**
54		* array of the type
55		*
56		* @var array
57		*/
58
59		protected $_typeArray =
60		[
61		'categories',
62		'articles',
63		'extras',
64		'comments',
65		'groups',
66		'users',
67		'modules',
68		'settings',
69		'filter'
70		];
71
72		/**
73		* array of the call
74		*
75		* @var array
76		*/
77
78		protected $_callArray =
79		[
80		'categories' =>
81		[
82		'getPermissionNew' => 1,
83		'getPermissionEdit' => 2,
84		'getPermissionDelete' => 3
85		],
86		'articles' =>
87		[
88		'getPermissionNew' => 1,
89		'getPermissionEdit' => 2,
90		'getPermissionDelete' => 3
91		],
92		'extras' =>
93		[
94		'getPermissionNew' => 1,
95		'getPermissionEdit' => 2,
96		'getPermissionDelete' => 3
97		],
98		'comments' =>
99		[
100		'getPermissionNew' => 1,
101		'getPermissionEdit' => 2,
102		'getPermissionDelete' => 3
103		],
104		'groups' =>
105		[
106		'getPermissionNew' => 1,
107		'getPermissionEdit' => 2,
108		'getPermissionDelete' => 3
109		],
110		'users' =>
111		[
112		'getPermissionNew' => 1,
113		'getPermissionEdit' => 2,
114		'getPermissionDelete' => 3
115		],
116		'modules' =>
117		[
118		'getPermissionInstall' => 1,
119		'getPermissionEdit' => 2,
120		'getPermissionUninstall' => 3
121		],
122		'settings' =>
123		[
124		'getPermissionEdit' => 1
125		],
126		'filter' =>
127		[
128		'getFilter' => 0
129		]
130		];
131
132		/**
133		* constructor of the class
134		*
135		* @since 3.0.0
136		*
137		* @param Request $request instance of the request class
138		*/
139
140	27	public function __construct(Request $request)
141		{
142	27	$this->_request = $request;
143	27	}
144
145		/**
146		* call method as needed
147		*
148		* @since 3.0.0
149		*
150		* @param string $method name of the method
151		* @param array $argumentArray arguments of the method
152		*
153		* @return bool
154		*/
155
156	24	public function __call(string $method = null, array $argumentArray = []) : bool
157		{
158	24	$type = $argumentArray[0];
159	24	if (is_array($this->_callArray[$type]) && array_key_exists($method, $this->_callArray[$type]))
160		{
161	20	$permissionArray = $this->getPermission($type);
162	20	return is_array($permissionArray) && in_array($this->_callArray[$type][$method], $permissionArray);
163		}
164	24	if ($method === 'getFilter')
165		{
166	4	$permissionArray = $this->getPermission('filter');
167	4	return !is_array($permissionArray) \|\| !in_array($this->_callArray['filter'][$method], $permissionArray);
168		}
169	20	return false;
170		}
171
172		/**
173		* init the class
174		*
175		* @since 3.0.0
176		*/
177
178	1	public function init() : void
179		{
180	1	$authArray = $this->_getAuth();
181	1	if (is_array($authArray) && array_key_exists('user', $authArray))
182		{
183	1	$this->_userArray = $authArray['user'];
184		}
185	1	if (is_array($authArray) && array_key_exists('permission', $authArray))
186		{
187	1	$this->_permissionArray = $authArray['permission'];
188		}
189	1	}
190
191		/**
192		* login the user
193		*
194		* @since 3.0.0
195		*
196		* @param int $userId identifier of the user
197		*
198		* @return int
199		*/
200
201	26	public function login(int $userId = null) : int
202		{
203	26	$userModel = new Model\User();
204	26	$user = $userModel->getById($userId);
205
206		/* handle user */
207
208	26	if ($user->user && $user->password && $user->status)
209		{
210	26	$groupArray = (array)json_decode($user->groups);
211	26	if ($groupArray)
212		{
213	20	$groups = Db::forTablePrefix('groups')
214	20	->whereIdIn($groupArray)
215	20	->where('status', 1)
216	20	->select($this->_typeArray)
217	20	->findArray();
218
219		/* set the filter */
220
221	20	$this->setPermission('filter',
222		[
223	20	1
224		]);
225
226		/* process groups */
227
228	20	foreach ($groups as $value)
229		{
230	14	foreach ($value as $keySub => $valueSub)
231		{
232	14	$valueArray = (array)json_decode($valueSub);
233	14	$this->setPermission($keySub, $valueArray);
234		}
235		}
236		}
237
238		/* set the user */
239
240	26	$this->setUser('id', $user->id);
241	26	$this->setUser('name', $user->name);
242	26	$this->setUser('user', $user->user);
243	26	$this->setUser('email', $user->email);
244	26	$this->setUser('language', $user->language);
245	26	$this->setUser('groups', $user->groups);
246
247		/* save user and permission */
248
249	26	$this->save();
250		}
251	26	return $this->getStatus();
252		}
253
254		/**
255		* logout the user
256		*
257		* @since 3.0.0
258		*
259		* @return bool
260		*/
261
262	1	public function logout() : bool
263		{
264	1	if ($this->getStatus())
265		{
266	1	$this->_setAuth();
267	1	$this->_request->setSession('language', null);
268	1	return !$this->getStatus();
269		}
270	1	return false;
271		}
272
273		/**
274		* get the value from user
275		*
276		* @since 3.0.0
277		*
278		* @param string $key key of the user
279		*
280		* @return string\|null
281		*/
282
283	2	public function getUser(string $key = null) : ?string
284		{
285	2	if (is_array($this->_userArray) && array_key_exists($key, $this->_userArray))
286		{
287	1	return $this->_userArray[$key];
288		}
289	1	return null;
290		}
291
292		/**
293		* get the array from user
294		*
295		* @since 4.0.0
296		*
297		* @return array
298		*/
299
300	26	public function getUserArray() : array
301		{
302	26	return $this->_userArray;
303		}
304
305		/**
306		* set the user
307		*
308		* @since 3.0.0
309		*
310		* @param string $key key of the user
311		* @param string\|array\|null $value value of the user
312		*/
313
314	26	public function setUser(string $key = null, $value = null) : void
315		{
316	26	$this->_userArray[$key] = $value;
317	26	}
318
319		/**
320		* get the value from permission
321		*
322		* @since 3.0.0
323		*
324		* @param string $key key of the permission
325		*
326		* @return string\|array\|null
327		*/
328
329	25	public function getPermission(string $key = null)
330		{
331	25	if (is_array($this->_permissionArray) && array_key_exists($key, $this->_permissionArray))
332		{
333	14	return $this->_permissionArray[$key];
334		}
335	11	return null;
336		}
337
338		/**
339		* get the array from permission
340		*
341		* @since 4.0.0
342		*
343		* @return array
344		*/
345
346	26	public function getPermissionArray() : array
347		{
348	26	return $this->_permissionArray;
349		}
350
351		/**
352		* set the permission
353		*
354		* @since 3.0.0
355		*
356		* @param string $key key of the permission
357		* @param array $permissionArray array of the permission
358		*/
359
360	20	public function setPermission(string $key = null, array $permissionArray = []) : void
361		{
362	20	if (is_array($this->_permissionArray[$key]))
363		{
364	14	$permissionArray = array_merge($this->_permissionArray[$key], $permissionArray);
365		}
366	20	$this->_permissionArray[$key] = $permissionArray;
367	20	}
368
369		/**
370		* get the auth status
371		*
372		* @since 3.0.0
373		*
374		* @return int
375		*/
376
377	26	public function getStatus() : int
378		{
379	26	$authArray = $this->_getAuth();
380	26	return is_array($authArray) && array_key_exists('user', $authArray) && array_key_exists('permission', $authArray) ? 1 : 0;
381		}
382
383		/**
384		* save user and permission
385		*
386		* @since 3.0.0
387		*/
388
389	26	public function save() : void
390		{
391	26	$userArray = $this->getUserArray();
392	26	$permissionArray = $this->getPermissionArray();
393
394		/* set the session */
395
396	26	if ($userArray)
		0 ignored issues – show Bug Best Practice introduced 2020-07-02 17:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$userArray` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
397		{
398	20	$this->_setAuth(
399		[
400	20	'user' => $userArray,
401	20	'permission' => $permissionArray
402		]);
403	20	$this->_request->setSession('language', $userArray['language']);
404		}
405	26	}
406
407		/**
408		* get the auth from session
409		*
410		* @since 3.0.0
411		*
412		* @return array\|null
413		*/
414
415	27	protected function _getAuth() : ?array
416		{
417	27	$root = new Server\Root($this->_request);
418	27	return $this->_request->getSession($root->getOutput() . '/auth');
419		}
420
421		/**
422		* set the auth to session
423		*
424		* @since 3.0.0
425		*
426		* @param array $authArray
427		*/
428
429	20	protected function _setAuth(array $authArray = []) : void
430		{
431	20	$root = new Server\Root($this->_request);
432	20	$this->_request->setSession($root->getOutput() . '/auth', $authArray);
433	20	}
434		}
435

redaxscript / redaxscript

Push — master ( b75e6f...d2eb2b )

includes/Auth.php (1 issue)

Showing only issues like (Show All)

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like