Issues in User.php - New Issues - Inspection of "Filter n validator workover (#650)" - redaxscript/redaxscript - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 9458ed...7d322b )

by Henry

created 2020-05-16 11:14 UTC

includes/Admin/Controller/User.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Redaxscript\Admin\Controller;

use Redaxscript\Admin;
use Redaxscript\Auth;
use Redaxscript\Filter;
use Redaxscript\Hash;
use Redaxscript\Validator;
use function json_encode;

/**
 * children class to process the admin user request
 *
 * @since 4.0.0
 *
 * @package Redaxscript
 * @category Controller
 * @author Henry Ruhs
 */

class User extends ControllerAbstract
{
	/**
	 * process the class
	 *
	 * @since 4.0.0
	 *
	 * @param string $action action to process
	 *
	 * @return string
	 */

	public function process(string $action = null) : string
	{
		$postArray = $this->_normalizePost($this->_sanitizePost());
		$validateArray = $this->_validatePost($postArray);
		$passwordHash = new Hash();
		$myId = (int)$this->_registry->get('myId');

		/* validate post */

		if ($validateArray)
		{
			return $this->_error(
			[
				'route' => $this->_getErrorRoute($postArray),
				'message' => $validateArray
			]);
		}

		/* handle create */

		if ($action === 'create')
		{
			$passwordHash->init($postArray['password']);
			$createArray =
			[
				'name' => $postArray['name'],
				'user' => $postArray['user'],
				'description' => $postArray['description'],
				'password' => $passwordHash->getHash(),
				'email' => $postArray['email'],
				'language' => $postArray['language'],
				'status' => $postArray['status'],
				'groups' => $postArray['groups']
			];
			if ($this->_create($createArray))
			{
				return $this->_success(
				[
					'route' => $this->_getSuccessRoute($postArray),
					'timeout' => 2
				]);
			}
		}

		/* handle update */

		if ($action === 'update')
		{
			$updateFullArray =
			[
				'name' => $postArray['name'],
				'description' => $postArray['description'],
				'email' => $postArray['email'],
				'language' => $postArray['language'],
				'status' => $postArray['status'],
				'groups' => $postArray['groups']
			];
			$updateLiteArray =
			[
				'name' => $postArray['name'],
				'description' => $postArray['description'],
				'email' => $postArray['email'],
				'language' => $postArray['language']
			];
			if ($postArray['password'])
			{
				$passwordHash->init($postArray['password']);
				$updateFullArray['password'] = $updateLiteArray['password'] = $passwordHash->getHash();
			}
			if ($this->_update($postArray['id'], $postArray['id'] > 1 ? $updateFullArray : $updateLiteArray))
			{
				if ($postArray['id'] === $myId)
				{
					$this->_refresh($postArray);
				}
				return $this->_success(
				[
					'route' => $this->_getSuccessRoute($postArray),
					'timeout' => 2
				]);
			}
		}

		/* handle error */

		return $this->_error(
		[
			'route' => $this->_getErrorRoute($postArray)
		]);
	}

	/**
	 * sanitize the post
	 *
	 * @since 4.0.0
	 *
	 * @return array
	 */

	protected function _sanitizePost() : array
	{
		$emailFilter = new Filter\Email();
		$numberFilter = new Filter\Number();
		$nameFilter = new Filter\Name();
		$toggleFilter = new Filter\Toggle();
		$specialFilter = new Filter\Special();

		/* sanitize post */

		return
		[
			'id' => $numberFilter->sanitize($this->_request->getPost('id')),
			'name' => $nameFilter->sanitize($this->_request->getPost('name')),

			'user' => $this->_request->getPost('user'),
			'description' => $this->_request->getPost('description'),
			'password' => $this->_request->getPost('password'),
			'email' => $emailFilter->sanitize($this->_request->getPost('email')),
			'language' => $specialFilter->sanitize($this->_request->getPost('language')),
			'status' => $toggleFilter->sanitize($this->_request->getPost('status')),
			'groups' => json_encode($this->_request->getPost('groups'))
		];
	}

	/**
	 * validate the post
	 *
	 * @since 4.0.0
	 *
	 * @param array $postArray array of the post
	 *
	 * @return array
	 */

	protected function _validatePost(array $postArray = []) : array
	{
		$nameValidator = new Validator\Name();
		$userValidator = new Validator\User();
		$passwordValidator = new Validator\Password();
		$emailValidator = new Validator\Email();
		$userModel = new Admin\Model\User();
		$validateArray = [];

		/* validate post */

		if (!$postArray['name'])
		{
			$validateArray[] = $this->_language->get('name_empty');
		}
		else if (!$nameValidator->validate($postArray['name']))
		{
			$validateArray[] = $this->_language->get('name_incorrect');
		}
		if (!$postArray['id'])
		{
			if (!$postArray['user'])
			{
				$validateArray[] = $this->_language->get('user_empty');
			}
			else if (!$userValidator->validate($postArray['user']))
			{
				$validateArray[] = $this->_language->get('user_incorrect');
			}
			else if ($userModel->getByUser($postArray['user']))
			{
				$validateArray[] = $this->_language->get('user_exists');
			}
			if (!$postArray['password'])
			{
				$validateArray[] = $this->_language->get('password_empty');
			}
			else if (!$passwordValidator->validate($postArray['password']))
			{
				$validateArray[] = $this->_language->get('password_incorrect');
			}
		}
		else if ($postArray['password'] && !$passwordValidator->validate($postArray['password']))
		{
			$validateArray[] = $this->_language->get('password_incorrect');
		}
		if (!$emailValidator->validate($postArray['email']))
		{
			$validateArray[] = $this->_language->get('email_incorrect');
		}
		return $validateArray;
	}

	/**
	 * create the user
	 *
	 * @since 4.0.0
	 *
	 * @param array $createArray array of the create
	 *
	 * @return bool
	 */

	protected function _create(array $createArray = []) : bool
	{
		$userModel = new Admin\Model\User();
		return $userModel->createByArray($createArray);
	}

	/**
	 * update the user
	 *
	 * @since 4.0.0
	 *
	 * @param int $userId identifier of the user
	 * @param array $updateArray array of the update
	 *
	 * @return bool
	 */

	protected function _update(int $userId = null, array $updateArray = []) : bool
	{
		$userModel = new Admin\Model\User();
		return $userModel->updateByIdAndArray($userId, $updateArray);
	}

	/**
	 * refresh the auth
	 *
	 * @since 4.0.0
	 *
	 * @param array $refreshArray array of the update
	 */

	protected function _refresh(array $refreshArray = []) : void
	{
		$auth = new Auth($this->_request);
		$auth->init();
		$auth->setUser('name', $refreshArray['name']);
		$auth->setUser('email', $refreshArray['email']);
		$auth->setUser('language', $refreshArray['language']);
		$auth->save();
	}

	/**
	 * get success route
	 *
	 * @since 4.0.0
	 *
	 * @param array $postArray array of the post
	 *
	 * @return string
	 */

	protected function _getSuccessRoute(array $postArray = []) : string
	{
		if ($this->_registry->get('usersEdit') && $postArray['id'])
		{
			return 'admin/view/users#row-' . $postArray['id'];
		}
		if ($this->_registry->get('usersEdit') && $postArray['user'])
		{
			$userModel = new Admin\Model\User();
			return 'admin/view/users#row-' . $userModel->getByUser($postArray['user'])->id;
		}
		return 'admin';
	}

	/**
	 * get error route
	 *
	 * @since 4.0.0
	 *
	 * @param array $postArray array of the post
	 *
	 * @return string
	 */

	protected function _getErrorRoute(array $postArray = []) : string
	{
		if ($this->_registry->get('usersEdit') && $postArray['id'])
		{
			return 'admin/edit/users/' . $postArray['id'];
		}
		if ($this->_registry->get('usersNew'))
		{
			return 'admin/new/users';
		}
		return 'admin';
	}
}


1		<?php
2		namespace Redaxscript\Admin\Controller;
3
4		use Redaxscript\Admin;
5		use Redaxscript\Auth;
6		use Redaxscript\Filter;
7		use Redaxscript\Hash;
8		use Redaxscript\Validator;
9		use function json_encode;
10
11		/**
12		* children class to process the admin user request
13		*
14		* @since 4.0.0
15		*
16		* @package Redaxscript
17		* @category Controller
18		* @author Henry Ruhs
19		*/
20
21		class User extends ControllerAbstract
22		{
23		/**
24		* process the class
25		*
26		* @since 4.0.0
27		*
28		* @param string $action action to process
29		*
30		* @return string
31		*/
32
33	14	public function process(string $action = null) : string
34		{
35	14	$postArray = $this->_normalizePost($this->_sanitizePost());
36	14	$validateArray = $this->_validatePost($postArray);
37	14	$passwordHash = new Hash();
38	14	$myId = (int)$this->_registry->get('myId');
39
40		/* validate post */
41
42	14	if ($validateArray)
43		{
44	10	return $this->_error(
45		[
46	10	'route' => $this->_getErrorRoute($postArray),
47	10	'message' => $validateArray
48		]);
49		}
50
51		/* handle create */
52
53	4	if ($action === 'create')
54		{
55	1	$passwordHash->init($postArray['password']);
56		$createArray =
57		[
58	1	'name' => $postArray['name'],
59	1	'user' => $postArray['user'],
60	1	'description' => $postArray['description'],
61	1	'password' => $passwordHash->getHash(),
62	1	'email' => $postArray['email'],
63	1	'language' => $postArray['language'],
64	1	'status' => $postArray['status'],
65	1	'groups' => $postArray['groups']
66		];
67	1	if ($this->_create($createArray))
68		{
69	1	return $this->_success(
70		[
71	1	'route' => $this->_getSuccessRoute($postArray),
72	1	'timeout' => 2
73		]);
74		}
75		}
76
77		/* handle update */
78
79	3	if ($action === 'update')
80		{
81		$updateFullArray =
82		[
83	2	'name' => $postArray['name'],
84	2	'description' => $postArray['description'],
85	2	'email' => $postArray['email'],
86	2	'language' => $postArray['language'],
87	2	'status' => $postArray['status'],
88	2	'groups' => $postArray['groups']
89		];
90		$updateLiteArray =
91		[
92	2	'name' => $postArray['name'],
93	2	'description' => $postArray['description'],
94	2	'email' => $postArray['email'],
95	2	'language' => $postArray['language']
96		];
97	2	if ($postArray['password'])
98		{
99	2	$passwordHash->init($postArray['password']);
100	2	$updateFullArray['password'] = $updateLiteArray['password'] = $passwordHash->getHash();
101		}
102	2	if ($this->_update($postArray['id'], $postArray['id'] > 1 ? $updateFullArray : $updateLiteArray))
103		{
104	2	if ($postArray['id'] === $myId)
105		{
106	2	$this->_refresh($postArray);
107		}
108	2	return $this->_success(
109		[
110	2	'route' => $this->_getSuccessRoute($postArray),
111	2	'timeout' => 2
112		]);
113		}
114		}
115
116		/* handle error */
117
118	1	return $this->_error(
119		[
120	1	'route' => $this->_getErrorRoute($postArray)
121		]);
122		}
123
124		/**
125		* sanitize the post
126		*
127		* @since 4.0.0
128		*
129		* @return array
130		*/
131
132	14	protected function _sanitizePost() : array
133		{
134	14	$emailFilter = new Filter\Email();
135	14	$numberFilter = new Filter\Number();
136	14	$nameFilter = new Filter\Name();
137	14	$toggleFilter = new Filter\Toggle();
138		$specialFilter = new Filter\Special();
139
140		/* sanitize post */
141
142		return
143	14	[
144	14	'id' => $numberFilter->sanitize($this->_request->getPost('id')),
145	14	'name' => $nameFilter->sanitize($this->_request->getPost('name')),
		0 ignored issues – show Bug introduced 2020-05-09 13:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('name')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Filter\Name::sanitize()` does only seem to accept `null\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
146	14	'user' => $this->_request->getPost('user'),
147	14	'description' => $this->_request->getPost('description'),
148	14	'password' => $this->_request->getPost('password'),
149	14	'email' => $emailFilter->sanitize($this->_request->getPost('email')),
150	14	'language' => $specialFilter->sanitize($this->_request->getPost('language')),
151	14	'status' => $toggleFilter->sanitize($this->_request->getPost('status')),
152	14	'groups' => json_encode($this->_request->getPost('groups'))
153		];
154		}
155
156		/**
157		* validate the post
158		*
159		* @since 4.0.0
160		*
161		* @param array $postArray array of the post
162		*
163		* @return array
164		*/
165
166	14	protected function _validatePost(array $postArray = []) : array
167		{
168	14	$nameValidator = new Validator\Name();
169	14	$userValidator = new Validator\User();
170	14	$passwordValidator = new Validator\Password();
171	14	$emailValidator = new Validator\Email();
172	14	$userModel = new Admin\Model\User();
173		$validateArray = [];
174
175		/* validate post */
176	14
177		if (!$postArray['name'])
178	10	{
179		$validateArray[] = $this->_language->get('name_empty');
180	14	}
181		else if (!$nameValidator->validate($postArray['name']))
182	9	{
183		$validateArray[] = $this->_language->get('name_incorrect');
184	5	}
185		if (!$postArray['id'])
186	4	{
187		if (!$postArray['user'])
188	1	{
189		$validateArray[] = $this->_language->get('user_empty');
190	3	}
191		else if (!$userValidator->validate($postArray['user']))
192	1	{
193		$validateArray[] = $this->_language->get('user_incorrect');
194	9	}
195		else if ($userModel->getByUser($postArray['user']))
196	5	{
197		$validateArray[] = $this->_language->get('user_exists');
198	4	}
199		if (!$postArray['password'])
200	1	{
201		$validateArray[] = $this->_language->get('password_empty');
202	3	}
203		else if (!$passwordValidator->validate($postArray['password']))
204	9	{
205		$validateArray[] = $this->_language->get('password_incorrect');
206		}
207	5	}
208		else if ($postArray['password'] && !$passwordValidator->validate($postArray['password']))
209	4	{
210		$validateArray[] = $this->_language->get('password_incorrect');
211	1	}
212		if (!$emailValidator->validate($postArray['email']))
213	3	{
214		$validateArray[] = $this->_language->get('email_incorrect');
215	1	}
216		return $validateArray;
217		}
218	14
219		/**
220	10	* create the user
221		*
222	14	* @since 4.0.0
223		*
224		* @param array $createArray array of the create
225		*
226		* @return bool
227		*/
228
229		protected function _create(array $createArray = []) : bool
230		{
231		$userModel = new Admin\Model\User();
232		return $userModel->createByArray($createArray);
233		}
234
235	1	/**
236		* update the user
237	1	*
238	1	* @since 4.0.0
239		*
240		* @param int $userId identifier of the user
241		* @param array $updateArray array of the update
242		*
243		* @return bool
244		*/
245
246		protected function _update(int $userId = null, array $updateArray = []) : bool
247		{
248		$userModel = new Admin\Model\User();
249		return $userModel->updateByIdAndArray($userId, $updateArray);
250		}
251
252	2	/**
253		* refresh the auth
254	2	*
255	2	* @since 4.0.0
256		*
257		* @param array $refreshArray array of the update
258		*/
259
260		protected function _refresh(array $refreshArray = []) : void
261		{
262		$auth = new Auth($this->_request);
263		$auth->init();
264		$auth->setUser('name', $refreshArray['name']);
265		$auth->setUser('email', $refreshArray['email']);
266	2	$auth->setUser('language', $refreshArray['language']);
267		$auth->save();
268	2	}
269	2
270	2	/**
271	2	* get success route
272	2	*
273	2	* @since 4.0.0
274	2	*
275		* @param array $postArray array of the post
276		*
277		* @return string
278		*/
279
280		protected function _getSuccessRoute(array $postArray = []) : string
281		{
282		if ($this->_registry->get('usersEdit') && $postArray['id'])
283		{
284		return 'admin/view/users#row-' . $postArray['id'];
285		}
286	3	if ($this->_registry->get('usersEdit') && $postArray['user'])
287		{
288	3	$userModel = new Admin\Model\User();
289		return 'admin/view/users#row-' . $userModel->getByUser($postArray['user'])->id;
290	1	}
291		return 'admin';
292	2	}
293
294	1	/**
295	1	* get error route
296		*
297	1	* @since 4.0.0
298		*
299		* @param array $postArray array of the post
300		*
301		* @return string
302		*/
303
304		protected function _getErrorRoute(array $postArray = []) : string
305		{
306		if ($this->_registry->get('usersEdit') && $postArray['id'])
307		{
308		return 'admin/edit/users/' . $postArray['id'];
309		}
310	11	if ($this->_registry->get('usersNew'))
311		{
312	11	return 'admin/new/users';
313		}
314	1	return 'admin';
315		}
316		}
317

redaxscript / redaxscript

Push — master ( 9458ed...7d322b )

includes/Admin/Controller/User.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like