Issues in Auth.php - All Issues - Inspection of "Develop (#598)" - redaxscript/redaxscript - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 0ea243...da58d4 )

by Henry

created 2019-05-29 16:08 UTC

includes/Auth.php (2 issues)

Showing only issues like (Show All)

Check for loose comparison of strings.

Best Practice Bug Major

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Redaxscript;

use function array_key_exists;
use function array_merge;
use function in_array;
use function is_array;
use function json_decode;

/**
 * parent class to authenticate the user
 *
 * @since 3.0.0
 *
 * @package Redaxscript
 * @category Auth
 * @author Henry Ruhs
 *
 * @method bool getPermissionNew(string $type)
 * @method bool getPermissionInstall(string $type)
 * @method bool getPermissionEdit(string $type)
 * @method bool getPermissionDelete(string $type)
 * @method bool getPermissionUninstall(string $type)
 * @method bool getFilter()
 */

class Auth
{
	/**
	 * instance of the request class
	 *
	 * @var Request
	 */

	protected $_request;

	/**
	 * array of the user
	 *
	 * @var array
	 */

	protected $_userArray = [];

	/**
	 * array of the permission
	 *
	 * @var array
	 */

	protected $_permissionArray = [];

	/**
	 * array of the type
	 *
	 * @var array
	 */

	protected $_typeArray =
	[
		'categories',
		'articles',
		'extras',
		'comments',
		'groups',
		'users',
		'modules',
		'settings',
		'filter'
	];

	/**
	 * array of the call
	 *
	 * @var array
	 */

	protected $_callArray =
	[
		'categories' =>
		[
			'getPermissionNew' => 1,
			'getPermissionEdit' => 2,
			'getPermissionDelete' => 3
		],
		'articles' =>
		[
			'getPermissionNew' => 1,
			'getPermissionEdit' => 2,
			'getPermissionDelete' => 3
		],
		'extras' =>
		[
			'getPermissionNew' => 1,
			'getPermissionEdit' => 2,
			'getPermissionDelete' => 3
		],
		'comments' =>
		[
			'getPermissionNew' => 1,
			'getPermissionEdit' => 2,
			'getPermissionDelete' => 3
		],
		'groups' =>
		[
			'getPermissionNew' => 1,
			'getPermissionEdit' => 2,
			'getPermissionDelete' => 3
		],
		'users' =>
		[
			'getPermissionNew' => 1,
			'getPermissionEdit' => 2,
			'getPermissionDelete' => 3
		],
		'modules' =>
		[
			'getPermissionInstall' => 1,
			'getPermissionEdit' => 2,
			'getPermissionUninstall' => 3
		],
		'settings' =>
		[
			'getPermissionEdit' => 1
		],
		'filter' =>
		[
			'getFilter' => 0
		]
	];

	/**
	 * constructor of the class
	 *
	 * @since 3.0.0
	 *
	 * @param Request $request instance of the request class
	 */

	public function __construct(Request $request)
	{
		$this->_request = $request;
	}

	/**
	 * call method as needed
	 *
	 * @since 3.0.0
	 *
	 * @param string $method name of the method
	 * @param array $argumentArray arguments of the method
	 *
	 * @return bool
	 */

	public function __call(string $method = null, array $argumentArray = []) : bool
	{
		$type = $argumentArray[0];
		if (is_array($this->_callArray[$type]) && array_key_exists($method, $this->_callArray[$type]))
		{
			$permissionArray = $this->getPermission($type);
			return is_array($permissionArray) && in_array($this->_callArray[$type][$method], $permissionArray);
		}
		if ($method === 'getFilter')
		{
			$permissionArray = $this->getPermission('filter');
			return !is_array($permissionArray) || !in_array($this->_callArray['filter'][$method], $permissionArray);
		}
		return false;
	}

	/**
	 * init the class
	 *
	 * @since 3.0.0
	 */

	public function init() : void
	{
		$authArray = $this->_getAuth();
		if (is_array($authArray) && array_key_exists('user', $authArray))
		{
			$this->_userArray = $authArray['user'];
		}
		if (is_array($authArray) && array_key_exists('permission', $authArray))
		{
			$this->_permissionArray = $authArray['permission'];
		}
	}

	/**
	 * login the user
	 *
	 * @since 3.0.0
	 *
	 * @param int $userId identifier of the user
	 *
	 * @return int
	 */

	public function login(int $userId = null) : int
	{
		$userModel = new Model\User();
		$user = $userModel->getById($userId);

		/* handle user */

		if ($user->user && $user->password && $user->status)
		{
			$groupArray = (array)json_decode($user->groups);
			if ($groupArray)
			{
				$groups = Db::forTablePrefix('groups')
					->whereIdIn($groupArray)
					->where('status', 1)
					->select($this->_typeArray)
					->findArray();

				/* set the filter */

				$this->setPermission('filter',
				[
					1
				]);

				/* process groups */

				foreach ($groups as $value)
				{
					foreach ($value as $keySub => $valueSub)
					{
						$valueArray = (array)json_decode($valueSub);
						$this->setPermission($keySub, $valueArray);
					}
				}
			}

			/* set the user */

			$this->setUser('id', $user->id);
			$this->setUser('name', $user->name);
			$this->setUser('user', $user->user);
			$this->setUser('email', $user->email);
			$this->setUser('language', $user->language);
			$this->setUser('groups', $user->groups);

			/* save user and permission */

			$this->save();
		}
		return $this->getStatus();
	}

	/**
	 * logout the user
	 *
	 * @since 3.0.0
	 *
	 * @return bool
	 */

	public function logout() : bool
	{
		if ($this->getStatus())
		{
			$this->_setAuth();
			$this->_request->setSession('language', null);
			return !$this->getStatus();
		}
		return false;
	}

	/**
	 * get the user
	 *
	 * @since 3.0.0
	 *
	 * @param string $key key of the user
	 *
	 * @return string|array|null
	 */

	public function getUser(string $key = null)
	{
		if (is_array($this->_userArray) && array_key_exists($key, $this->_userArray))
		{
			return $this->_userArray[$key];
		}
		if (!$key)
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
		{
			return $this->_userArray;
		}
		return null;
	}

	/**
	 * set the user
	 *
	 * @since 3.0.0
	 *
	 * @param string $key key of the user
	 * @param string|array|null $value value of the user
	 */

	public function setUser(string $key = null, $value = null) : void
	{
		$this->_userArray[$key] = $value;
	}

	/**
	 * get the permission
	 *
	 * @since 3.0.0
	 *
	 * @param string $key key of the permission
	 *
	 * @return string|array|null
	 */

	public function getPermission(string $key = null)
	{
		if (is_array($this->_permissionArray) && array_key_exists($key, $this->_permissionArray))
		{
			return $this->_permissionArray[$key];
		}
		if (!$key)
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
		{
			return $this->_permissionArray;
		}
		return null;
	}

	/**
	 * set the permission
	 *
	 * @since 3.0.0
	 *
	 * @param string $key key of the permission
	 * @param array $permissionArray array of the permission
	 */

	public function setPermission(string $key = null, array $permissionArray = []) : void
	{
		if (is_array($this->_permissionArray[$key]))
		{
			$permissionArray = array_merge($this->_permissionArray[$key], $permissionArray);
		}
		$this->_permissionArray[$key] = $permissionArray;
	}

	/**
	 * get the auth status
	 *
	 * @since 3.0.0
	 *
	 * @return int
	 */

	public function getStatus() : int
	{
		$authArray = $this->_getAuth();
		return is_array($authArray) && array_key_exists('user', $authArray) && array_key_exists('permission', $authArray) ? 1 : 0;
	}

	/**
	 * save user and permission
	 *
	 * @since 3.0.0
	 */

	public function save() : void
	{
		$userArray = $this->getUser();
		$permissionArray = $this->getPermission();

		/* set the session */

		if ($userArray && $permissionArray)
		{
			$this->_setAuth(
			[
				'user' => $userArray,
				'permission' => $permissionArray
			]);
			$this->_request->setSession('language', $userArray['language']);
		}
	}

	/**
	 * get the auth from session
	 *
	 * @since 3.0.0
	 *
	 * @return array|null
	 */

	protected function _getAuth() : ?array
	{
		$root = new Server\Root($this->_request);
		return $this->_request->getSession($root->getOutput() . '/auth');
	}

	/**
	 * set the auth to session
	 *
	 * @since 3.0.0
	 *
	 * @param array $authArray
	 */

	protected function _setAuth(array $authArray = []) : void
	{
		$root = new Server\Root($this->_request);
		$this->_request->setSession($root->getOutput() . '/auth', $authArray);
	}
}


1		<?php
2		namespace Redaxscript;
3
4		use function array_key_exists;
5		use function array_merge;
6		use function in_array;
7		use function is_array;
8		use function json_decode;
9
10		/**
11		* parent class to authenticate the user
12		*
13		* @since 3.0.0
14		*
15		* @package Redaxscript
16		* @category Auth
17		* @author Henry Ruhs
18		*
19		* @method bool getPermissionNew(string $type)
20		* @method bool getPermissionInstall(string $type)
21		* @method bool getPermissionEdit(string $type)
22		* @method bool getPermissionDelete(string $type)
23		* @method bool getPermissionUninstall(string $type)
24		* @method bool getFilter()
25		*/
26
27		class Auth
28		{
29		/**
30		* instance of the request class
31		*
32		* @var Request
33		*/
34
35		protected $_request;
36
37		/**
38		* array of the user
39		*
40		* @var array
41		*/
42
43		protected $_userArray = [];
44
45		/**
46		* array of the permission
47		*
48		* @var array
49		*/
50
51		protected $_permissionArray = [];
52
53		/**
54		* array of the type
55		*
56		* @var array
57		*/
58
59		protected $_typeArray =
60		[
61		'categories',
62		'articles',
63		'extras',
64		'comments',
65		'groups',
66		'users',
67		'modules',
68		'settings',
69		'filter'
70		];
71
72		/**
73		* array of the call
74		*
75		* @var array
76		*/
77
78		protected $_callArray =
79		[
80		'categories' =>
81		[
82		'getPermissionNew' => 1,
83		'getPermissionEdit' => 2,
84		'getPermissionDelete' => 3
85		],
86		'articles' =>
87		[
88		'getPermissionNew' => 1,
89		'getPermissionEdit' => 2,
90		'getPermissionDelete' => 3
91		],
92		'extras' =>
93		[
94		'getPermissionNew' => 1,
95		'getPermissionEdit' => 2,
96		'getPermissionDelete' => 3
97		],
98		'comments' =>
99		[
100		'getPermissionNew' => 1,
101		'getPermissionEdit' => 2,
102		'getPermissionDelete' => 3
103		],
104		'groups' =>
105		[
106		'getPermissionNew' => 1,
107		'getPermissionEdit' => 2,
108		'getPermissionDelete' => 3
109		],
110		'users' =>
111		[
112		'getPermissionNew' => 1,
113		'getPermissionEdit' => 2,
114		'getPermissionDelete' => 3
115		],
116		'modules' =>
117		[
118		'getPermissionInstall' => 1,
119		'getPermissionEdit' => 2,
120		'getPermissionUninstall' => 3
121		],
122		'settings' =>
123		[
124		'getPermissionEdit' => 1
125		],
126		'filter' =>
127		[
128		'getFilter' => 0
129		]
130		];
131
132		/**
133		* constructor of the class
134		*
135		* @since 3.0.0
136		*
137		* @param Request $request instance of the request class
138		*/
139
140	27	public function __construct(Request $request)
141		{
142	27	$this->_request = $request;
143	27	}
144
145		/**
146		* call method as needed
147		*
148		* @since 3.0.0
149		*
150		* @param string $method name of the method
151		* @param array $argumentArray arguments of the method
152		*
153		* @return bool
154		*/
155
156	24	public function __call(string $method = null, array $argumentArray = []) : bool
157		{
158	24	$type = $argumentArray[0];
159	24	if (is_array($this->_callArray[$type]) && array_key_exists($method, $this->_callArray[$type]))
160		{
161	20	$permissionArray = $this->getPermission($type);
162	20	return is_array($permissionArray) && in_array($this->_callArray[$type][$method], $permissionArray);
163		}
164	24	if ($method === 'getFilter')
165		{
166	4	$permissionArray = $this->getPermission('filter');
167	4	return !is_array($permissionArray) \|\| !in_array($this->_callArray['filter'][$method], $permissionArray);
168		}
169	20	return false;
170		}
171
172		/**
173		* init the class
174		*
175		* @since 3.0.0
176		*/
177
178	1	public function init() : void
179		{
180	1	$authArray = $this->_getAuth();
181	1	if (is_array($authArray) && array_key_exists('user', $authArray))
182		{
183	1	$this->_userArray = $authArray['user'];
184		}
185	1	if (is_array($authArray) && array_key_exists('permission', $authArray))
186		{
187	1	$this->_permissionArray = $authArray['permission'];
188		}
189	1	}
190
191		/**
192		* login the user
193		*
194		* @since 3.0.0
195		*
196		* @param int $userId identifier of the user
197		*
198		* @return int
199		*/
200
201	26	public function login(int $userId = null) : int
202		{
203	26	$userModel = new Model\User();
204	26	$user = $userModel->getById($userId);
205
206		/* handle user */
207
208	26	if ($user->user && $user->password && $user->status)
209		{
210	26	$groupArray = (array)json_decode($user->groups);
211	26	if ($groupArray)
212		{
213	20	$groups = Db::forTablePrefix('groups')
214	20	->whereIdIn($groupArray)
215	20	->where('status', 1)
216	20	->select($this->_typeArray)
217	20	->findArray();
218
219		/* set the filter */
220
221	20	$this->setPermission('filter',
222		[
223	20	1
224		]);
225
226		/* process groups */
227
228	20	foreach ($groups as $value)
229		{
230	14	foreach ($value as $keySub => $valueSub)
231		{
232	14	$valueArray = (array)json_decode($valueSub);
233	14	$this->setPermission($keySub, $valueArray);
234		}
235		}
236		}
237
238		/* set the user */
239
240	26	$this->setUser('id', $user->id);
241	26	$this->setUser('name', $user->name);
242	26	$this->setUser('user', $user->user);
243	26	$this->setUser('email', $user->email);
244	26	$this->setUser('language', $user->language);
245	26	$this->setUser('groups', $user->groups);
246
247		/* save user and permission */
248
249	26	$this->save();
250		}
251	26	return $this->getStatus();
252		}
253
254		/**
255		* logout the user
256		*
257		* @since 3.0.0
258		*
259		* @return bool
260		*/
261
262	1	public function logout() : bool
263		{
264	1	if ($this->getStatus())
265		{
266	1	$this->_setAuth();
267	1	$this->_request->setSession('language', null);
268	1	return !$this->getStatus();
269		}
270	1	return false;
271		}
272
273		/**
274		* get the user
275		*
276		* @since 3.0.0
277		*
278		* @param string $key key of the user
279		*
280		* @return string\|array\|null
281		*/
282
283	27	public function getUser(string $key = null)
284		{
285	27	if (is_array($this->_userArray) && array_key_exists($key, $this->_userArray))
286		{
287	1	return $this->_userArray[$key];
288		}
289	26	if (!$key)
		0 ignored issues – show Bug Best Practice introduced 2017-11-03 13:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$key` of type `null\|string` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
290		{
291	26	return $this->_userArray;
292		}
293	1	return null;
294		}
295
296		/**
297		* set the user
298		*
299		* @since 3.0.0
300		*
301		* @param string $key key of the user
302		* @param string\|array\|null $value value of the user
303		*/
304
305	26	public function setUser(string $key = null, $value = null) : void
306		{
307	26	$this->_userArray[$key] = $value;
308	26	}
309
310		/**
311		* get the permission
312		*
313		* @since 3.0.0
314		*
315		* @param string $key key of the permission
316		*
317		* @return string\|array\|null
318		*/
319
320	27	public function getPermission(string $key = null)
321		{
322	27	if (is_array($this->_permissionArray) && array_key_exists($key, $this->_permissionArray))
323		{
324	14	return $this->_permissionArray[$key];
325		}
326	26	if (!$key)
		0 ignored issues – show Bug Best Practice introduced 2017-11-03 13:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$key` of type `null\|string` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
327		{
328	26	return $this->_permissionArray;
329		}
330	11	return null;
331		}
332
333		/**
334		* set the permission
335		*
336		* @since 3.0.0
337		*
338		* @param string $key key of the permission
339		* @param array $permissionArray array of the permission
340		*/
341
342	20	public function setPermission(string $key = null, array $permissionArray = []) : void
343		{
344	20	if (is_array($this->_permissionArray[$key]))
345		{
346	14	$permissionArray = array_merge($this->_permissionArray[$key], $permissionArray);
347		}
348	20	$this->_permissionArray[$key] = $permissionArray;
349	20	}
350
351		/**
352		* get the auth status
353		*
354		* @since 3.0.0
355		*
356		* @return int
357		*/
358
359	26	public function getStatus() : int
360		{
361	26	$authArray = $this->_getAuth();
362	26	return is_array($authArray) && array_key_exists('user', $authArray) && array_key_exists('permission', $authArray) ? 1 : 0;
363		}
364
365		/**
366		* save user and permission
367		*
368		* @since 3.0.0
369		*/
370
371	26	public function save() : void
372		{
373	26	$userArray = $this->getUser();
374	26	$permissionArray = $this->getPermission();
375
376		/* set the session */
377
378	26	if ($userArray && $permissionArray)
379		{
380	20	$this->_setAuth(
381		[
382	20	'user' => $userArray,
383	20	'permission' => $permissionArray
384		]);
385	20	$this->_request->setSession('language', $userArray['language']);
386		}
387	26	}
388
389		/**
390		* get the auth from session
391		*
392		* @since 3.0.0
393		*
394		* @return array\|null
395		*/
396
397	27	protected function _getAuth() : ?array
398		{
399	27	$root = new Server\Root($this->_request);
400	27	return $this->_request->getSession($root->getOutput() . '/auth');
401		}
402
403		/**
404		* set the auth to session
405		*
406		* @since 3.0.0
407		*
408		* @param array $authArray
409		*/
410
411	20	protected function _setAuth(array $authArray = []) : void
412		{
413	20	$root = new Server\Root($this->_request);
414	20	$this->_request->setSession($root->getOutput() . '/auth', $authArray);
415	20	}
416		}
417

redaxscript / redaxscript

Push — master ( 0ea243...da58d4 )

includes/Auth.php (2 issues)

Showing only issues like (Show All)

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like