Issues in Reset.php - Fixed Issues - Inspection of "Filter n validator workover (#650)" - redaxscript/redaxscript - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 9458ed...7d322b )

by Henry

created 2020-05-16 11:14 UTC

includes/Controller/Reset.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Redaxscript\Controller;

use Redaxscript\Filter;
use Redaxscript\Hash;
use Redaxscript\Html\Element;
use Redaxscript\Mailer;
use Redaxscript\Model;
use Redaxscript\Validator;
use function sha1;

/**
 * children class to process the reset request
 *
 * @since 3.0.0
 *
 * @package Redaxscript
 * @category Controller
 * @author Henry Ruhs
 * @author Balázs Szilágyi
 */

class Reset extends ControllerAbstract
{
	/**
	 * process the class
	 *
	 * @since 3.0.0
	 *
	 * @return string
	 */

	public function process() : string
	{
		$passwordHash = new Hash();
		$postArray = $this->_normalizePost($this->_sanitizePost());
		$validateArray = $this->_validatePost($postArray);
		$user = $this->_getUser($postArray);

		/* validate post */

		if ($validateArray)
		{
			return $this->_error(
			[
				'route' => 'login/recover',
				'message' => $validateArray
			]);
		}

		/* handle reset */

		$passwordHash->init($postArray['password']);
		$resetArray =
		[
			'id' => $user->id,
			'password' => $passwordHash->getHash()
		];
		if (!$this->_reset($resetArray))
		{
			return $this->_error(
			[
				'route' => 'login/recover'
			]);
		}

		/* handle mail */

		$mailArray =
		[
			'name' => $user->name,
			'user' => $user->user,
			'email' => $user->email
		];
		if (!$this->_mail($mailArray))
		{
			return $this->_error(
			[
				'route' => 'login/recover',
				'message' => $this->_language->get('email_failed')
			]);
		}

		/* handle success */

		return $this->_success(
		[
			'route' => 'login',
			'timeout' => 2,
			'message' => $this->_language->get('password_changed')
		]);
	}

	/**
	 * sanitize the post
	 *
	 * @since 4.0.0
	 *
	 * @return array
	 */

	protected function _sanitizePost() : array
	{
		$numberFilter = new Filter\Number();
		$specialFilter = new Filter\Special();

		/* sanitize post */

		return
		[
			'id' => $numberFilter->sanitize($this->_request->getPost('id')),
			'password' => $specialFilter->sanitize($this->_request->getPost('password')),

			'passwordHash' => $specialFilter->sanitize($this->_request->getPost('password-hash')),
			'task' => $numberFilter->sanitize($this->_request->getPost('task')),
			'solution' => $this->_request->getPost('solution')
		];
	}

	/**
	 * validate the post
	 *
	 * @since 3.0.0
	 *
	 * @param array $postArray array of the post
	 *
	 * @return array
	 */

	protected function _validatePost(array $postArray = []) : array
	{
		$passwordValidator = new Validator\Password();
		$captchaValidator = new Validator\Captcha();
		$user = $this->_getUser($postArray);
		$validateArray = [];

		/* validate post */

		if (!$postArray['id'])
		{
			$validateArray[] = $this->_language->get('user_empty');
		}
		else if (!$user->id)
		{
			$validateArray[] = $this->_language->get('user_incorrect');
		}
		if (!$postArray['password'])
		{
			$validateArray[] = $this->_language->get('password_empty');
		}
		else if (!$passwordValidator->validate($postArray['password']))
		{
			$validateArray[] = $this->_language->get('password_incorrect');
		}
		else if ($postArray['passwordHash'] !== sha1($user->password))
		{
			$validateArray[] = $this->_language->get('token_incorrect');
		}
		if (!$captchaValidator->validate($postArray['task'], $postArray['solution']))
		{
			$validateArray[] = $this->_language->get('captcha_incorrect');
		}
		return $validateArray;
	}

	/**
	 * get the user
	 *
	 * @since 4.0.0
	 *
	 * @param array $postArray array of the post
	 *
	 * @return object|null
	 */

	protected function _getUser(array $postArray = []) : ?object
	{
		$userModel = new Model\User();
		return $userModel->getById($postArray['id']);
	}

	/**
	 * reset the password
	 *
	 * @since 3.0.0
	 *
	 * @param array $resetArray array of the reset
	 *
	 * @return bool
	 */

	protected function _reset(array $resetArray = []) : bool
	{
		$userModel = new Model\User();
		return $userModel->resetPasswordById($resetArray['id'], $resetArray['password']);
	}

	/**
	 * send the mail
	 *
	 * @since 3.0.0
	 *
	 * @param array $mailArray array of the mail
	 *
	 * @return bool
	 */

	protected function _mail(array $mailArray = []) : bool
	{
		$settingModel = new Model\Setting();
		$urlLogin = $this->_registry->get('root') . '/' . $this->_registry->get('parameterRoute') . 'login';

		/* html element */

		$linkElement = new Element();
		$linkElement
			->init('a',
			[
				'href' => $urlLogin
			])
			->text($urlLogin);

		/* prepare mail */

		$toArray =
		[
			$mailArray['name'] => $mailArray['email']
		];
		$fromArray =
		[
			$settingModel->get('author') => $settingModel->get('email')
		];
		$subject = $this->_language->get('password_new');
		$bodyArray =
		[
			$this->_language->get('user') . $this->_language->get('colon') . ' ' . $mailArray['user'],
			'<br />',
			$this->_language->get('login') . $this->_language->get('colon') . ' ' . $linkElement
		];

		/* send mail */

		$mailer = new Mailer();
		$mailer->init($toArray, $fromArray, $subject, $bodyArray);
		return $mailer->send();
	}
}


1		<?php
2		namespace Redaxscript\Controller;
3
4		use Redaxscript\Filter;
5		use Redaxscript\Hash;
6		use Redaxscript\Html\Element;
7		use Redaxscript\Mailer;
8		use Redaxscript\Model;
9		use Redaxscript\Validator;
10		use function sha1;
11
12		/**
13		* children class to process the reset request
14		*
15		* @since 3.0.0
16		*
17		* @package Redaxscript
18		* @category Controller
19		* @author Henry Ruhs
20		* @author Balázs Szilágyi
21		*/
22
23		class Reset extends ControllerAbstract
24		{
25		/**
26		* process the class
27		*
28		* @since 3.0.0
29		*
30		* @return string
31		*/
32
33		public function process() : string
34	4	{
35		$passwordHash = new Hash();
36	4	$postArray = $this->_normalizePost($this->_sanitizePost());
37	4	$validateArray = $this->_validatePost($postArray);
38	4	$user = $this->_getUser($postArray);
39	4
40	4	/* validate post */
41
42		if ($validateArray)
43		{
44	4	return $this->_error(
45		[
46	2	'route' => 'login/recover',
47		'message' => $validateArray
48	2	]);
49	2	}
50
51		/* handle reset */
52
53		$passwordHash->init($postArray['password']);
54		$resetArray =
55		[
56		'id' => $user->id,
57	2	'password' => $passwordHash->getHash()
58	2	];
59		if (!$this->_reset($resetArray))
60	2	{
61		return $this->_error(
62		[
63		'route' => 'login/recover'
64		]);
65		}
66
67		/* handle mail */
68
69		$mailArray =
70		[
71		'name' => $user->name,
72	2	'user' => $user->user,
73	2	'email' => $user->email
74	2	];
75		if (!$this->_mail($mailArray))
76	2	{
77		return $this->_error(
78	1	[
79		'route' => 'login/recover',
80	1	'message' => $this->_language->get('email_failed')
81	1	]);
82		}
83
84		/* handle success */
85
86		return $this->_success(
87	1	[
88		'route' => 'login',
89	1	'timeout' => 2,
90	1	'message' => $this->_language->get('password_changed')
91	1	]);
92		}
93
94		/**
95		* sanitize the post
96		*
97		* @since 4.0.0
98		*
99		* @return array
100		*/
101
102		protected function _sanitizePost() : array
103	4	{
104		$numberFilter = new Filter\Number();
105	4	$specialFilter = new Filter\Special();
106	4
107		/* sanitize post */
108
109		return
110		[
111		'id' => $numberFilter->sanitize($this->_request->getPost('id')),
112	4	'password' => $specialFilter->sanitize($this->_request->getPost('password')),
		0 ignored issues – show Bug introduced 2020-04-29 23:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('password')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Filter\Special::sanitize()` does only seem to accept `null\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
113	4	'passwordHash' => $specialFilter->sanitize($this->_request->getPost('password-hash')),
114	4	'task' => $numberFilter->sanitize($this->_request->getPost('task')),
115	4	'solution' => $this->_request->getPost('solution')
116		];
117		}
118
119		/**
120		* validate the post
121		*
122		* @since 3.0.0
123		*
124		* @param array $postArray array of the post
125		*
126		* @return array
127		*/
128
129	4	protected function _validatePost(array $postArray = []) : array
130		{
131	4	$passwordValidator = new Validator\Password();
132	4	$captchaValidator = new Validator\Captcha();
133	4	$user = $this->_getUser($postArray);
134		$validateArray = [];
135
136		/* validate post */
137	4
138		if (!$postArray['id'])
139	1	{
140		$validateArray[] = $this->_language->get('user_empty');
141	3	}
142		else if (!$user->id)
143	1	{
144		$validateArray[] = $this->_language->get('user_incorrect');
145	4	}
146		if (!$postArray['password'])
147	1	{
148		$validateArray[] = $this->_language->get('password_empty');
149	3	}
150		else if (!$passwordValidator->validate($postArray['password']))
151	1	{
152		$validateArray[] = $this->_language->get('password_incorrect');
153	4	}
154		else if ($postArray['passwordHash'] !== sha1($user->password))
155	1	{
156		$validateArray[] = $this->_language->get('token_incorrect');
157	4	}
158		if (!$captchaValidator->validate($postArray['task'], $postArray['solution']))
159		{
160		$validateArray[] = $this->_language->get('captcha_incorrect');
161		}
162		return $validateArray;
163		}
164
165		/**
166		* get the user
167		*
168		* @since 4.0.0
169		*
170	4	* @param array $postArray array of the post
171		*
172	4	* @return object\|null
173	4	*/
174
175		protected function _getUser(array $postArray = []) : ?object
176		{
177		$userModel = new Model\User();
178		return $userModel->getById($postArray['id']);
179		}
180
181		/**
182		* reset the password
183		*
184		* @since 3.0.0
185		*
186	2	* @param array $resetArray array of the reset
187		*
188	2	* @return bool
189	2	*/
190
191		protected function _reset(array $resetArray = []) : bool
192		{
193		$userModel = new Model\User();
194		return $userModel->resetPasswordById($resetArray['id'], $resetArray['password']);
195		}
196
197		/**
198		* send the mail
199		*
200		* @since 3.0.0
201		*
202	1	* @param array $mailArray array of the mail
203		*
204	1	* @return bool
205	1	*/
206
207		protected function _mail(array $mailArray = []) : bool
208		{
209	1	$settingModel = new Model\Setting();
210		$urlLogin = $this->_registry->get('root') . '/' . $this->_registry->get('parameterRoute') . 'login';
211	1
212		/* html element */
213	1
214		$linkElement = new Element();
215	1	$linkElement
216		->init('a',
217		[
218		'href' => $urlLogin
219		])
220		->text($urlLogin);
221	1
222		/* prepare mail */
223
224		$toArray =
225	1	[
226		$mailArray['name'] => $mailArray['email']
227	1	];
228		$fromArray =
229		[
230	1	$settingModel->get('author') => $settingModel->get('email')
231	1	];
232	1	$subject = $this->_language->get('password_new');
233		$bodyArray =
234		[
235		$this->_language->get('user') . $this->_language->get('colon') . ' ' . $mailArray['user'],
236		'<br />',
237	1	$this->_language->get('login') . $this->_language->get('colon') . ' ' . $linkElement
238	1	];
239	1
240		/* send mail */
241
242		$mailer = new Mailer();
243		$mailer->init($toArray, $fromArray, $subject, $bodyArray);
244		return $mailer->send();
245		}
246		}
247

redaxscript / redaxscript

Push — master ( 9458ed...7d322b )

includes/Controller/Reset.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like