Issues in Login.php - Fixed Issues - Inspection of "Drop login by mail (#653)" - redaxscript/redaxscript - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( ae47e9...c9730b )

by Henry

created 2020-05-18 21:53 UTC

includes/Controller/Login.php (4 issues)

Labels

Bug 4

Severity

Minor 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Redaxscript\Controller;

use Redaxscript\Auth;
use Redaxscript\Filter;
use Redaxscript\Model;
use Redaxscript\Validator;

/**
 * children class to process the login request
 *
 * @since 3.0.0
 *
 * @package Redaxscript
 * @category Controller
 * @author Henry Ruhs
 * @author Balázs Szilágyi
 */

class Login extends ControllerAbstract
{
	/**
	 * process the class
	 *
	 * @since 3.0.0
	 *
	 * @return string
	 */

	public function process() : string
	{
		$postArray = $this->_normalizePost($this->_sanitizePost());
		$validateArray = $this->_validatePost($postArray);
		$user = $this->_getUser($postArray);

		/* validate post */

		if ($validateArray)
		{
			return $this->_error(
			[
				'route' => 'login',
				'message' => $validateArray
			]);
		}

		/* handle login */

		if ($this->_login($user->id))
		{
			return $this->_success(
			[
				'route' => 'admin',
				'timeout' => 0,
				'message' => $this->_language->get('logged_in'),
				'title' => $this->_language->get('welcome')
			]);
		}

		/* handle error */

		return $this->_error(
		[
			'route' => 'login'
		]);
	}

	/**
	 * sanitize the post
	 *
	 * @since 4.0.0
	 *
	 * @return array
	 */

	protected function _sanitizePost() : array
	{
		$numberFilter = new Filter\Number();
		$passwordFilter = new Filter\Password();
		$userFilter = new Filter\User();
		$emailFilter = new Filter\Email();
		$emailValidator = new Validator\Email();
		$userValidator = new Validator\User();

		/* sanitize post */

		return
		[
			'email' => $emailValidator->validate($this->_request->getPost('user')) ? $emailFilter->sanitize($this->_request->getPost('user')) : null,

			'user' => $userValidator->validate($this->_request->getPost('user')) ? $userFilter->sanitize($this->_request->getPost('user')) : null,

			'password' => $passwordFilter->sanitize($this->_request->getPost('password')),
			'task' => $numberFilter->sanitize($this->_request->getPost('task')),
			'solution' => $this->_request->getPost('solution')
		];
	}

	/**
	 * validate the post
	 *
	 * @since 3.0.0
	 *
	 * @param array $postArray array of the post
	 *
	 * @return array
	 */

	protected function _validatePost(array $postArray = []) : array
	{
		$passwordValidator = new Validator\Password();
		$captchaValidator = new Validator\Captcha();
		$settingModel = new Model\Setting();
		$user = $this->_getUser($postArray);
		$validateArray = [];

		/* validate post */

		if (!$postArray['user'] && !$postArray['email'])
		{
			$validateArray[] = $this->_language->get('user_empty');
		}
		else if (!$user->id)
		{
			$validateArray[] = $this->_language->get('user_incorrect');
		}
		if (!$postArray['password'])
		{
			$validateArray[] = $this->_language->get('password_empty');
		}
		else if (!$passwordValidator->validate($postArray['password']) || !$passwordValidator->matchHash($postArray['password'], $user->password))
		{
			$validateArray[] = $this->_language->get('password_incorrect');
		}
		if ($settingModel->get('captcha') > 0 && !$captchaValidator->validate($postArray['task'], $postArray['solution']))
		{
			$validateArray[] = $this->_language->get('captcha_incorrect');
		}
		return $validateArray;
	}

	/**
	 * get the user
	 *
	 * @since 4.0.0
	 *
	 * @param array $postArray array of the post
	 *
	 * @return object|null
	 */

	protected function _getUser(array $postArray = []) : ?object
	{
		$userModel = new Model\User();
		return $userModel->getByUserOrEmail($postArray['user'], $postArray['email']);
	}

	/**
	 * login the user
	 *
	 * @since 3.0.0
	 *
	 * @param int $userId identifier of the user
	 *
	 * @return int
	 */

	protected function _login(int $userId = null) : int
	{
		$auth = new Auth($this->_request);
		return $auth->login($userId);
	}
}


1		<?php
2		namespace Redaxscript\Controller;
3
4		use Redaxscript\Auth;
5		use Redaxscript\Filter;
6		use Redaxscript\Model;
7		use Redaxscript\Validator;
8
9		/**
10		* children class to process the login request
11		*
12		* @since 3.0.0
13		*
14		* @package Redaxscript
15		* @category Controller
16		* @author Henry Ruhs
17		* @author Balázs Szilágyi
18		*/
19
20		class Login extends ControllerAbstract
21		{
22		/**
23		* process the class
24		*
25		* @since 3.0.0
26		*
27		* @return string
28		*/
29
30	6	public function process() : string
31		{
32	6	$postArray = $this->_normalizePost($this->_sanitizePost());
33	6	$validateArray = $this->_validatePost($postArray);
34	6	$user = $this->_getUser($postArray);
35
36		/* validate post */
37
38	6	if ($validateArray)
39		{
40	3	return $this->_error(
41		[
42	3	'route' => 'login',
43	3	'message' => $validateArray
44		]);
45		}
46
47		/* handle login */
48
49	3	if ($this->_login($user->id))
50		{
51	2	return $this->_success(
52		[
53	2	'route' => 'admin',
54	2	'timeout' => 0,
55	2	'message' => $this->_language->get('logged_in'),
56	2	'title' => $this->_language->get('welcome')
57		]);
58		}
59
60		/* handle error */
61
62	1	return $this->_error(
63		[
64	1	'route' => 'login'
65		]);
66		}
67
68		/**
69		* sanitize the post
70		*
71		* @since 4.0.0
72		*
73		* @return array
74		*/
75
76	6	protected function _sanitizePost() : array
77		{
78	6	$numberFilter = new Filter\Number();
79	6	$passwordFilter = new Filter\Password();
80	6	$userFilter = new Filter\User();
81	6	$emailFilter = new Filter\Email();
82	6	$emailValidator = new Validator\Email();
83		$userValidator = new Validator\User();
84
85		/* sanitize post */
86
87		return
88	6	[
89	6	'email' => $emailValidator->validate($this->_request->getPost('user')) ? $emailFilter->sanitize($this->_request->getPost('user')) : null,
		0 ignored issues – show Bug introduced 2018-09-08 16:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('user')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Validator\Email::validate()` does only seem to accept `null\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history... Bug introduced 2018-09-08 16:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('user')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Filter\Email::sanitize()` does only seem to accept `null\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
90	6	'user' => $userValidator->validate($this->_request->getPost('user')) ? $userFilter->sanitize($this->_request->getPost('user')) : null,
		0 ignored issues – show Bug introduced 2020-04-19 14:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('user')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Validator\User::validate()` does only seem to accept `null\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history... Bug introduced 2020-05-15 00:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('user')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Filter\User::sanitize()` does only seem to accept `null\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
91	6	'password' => $passwordFilter->sanitize($this->_request->getPost('password')),
92	6	'task' => $numberFilter->sanitize($this->_request->getPost('task')),
93		'solution' => $this->_request->getPost('solution')
94		];
95		}
96
97		/**
98		* validate the post
99		*
100		* @since 3.0.0
101		*
102		* @param array $postArray array of the post
103		*
104		* @return array
105		*/
106	6
107		protected function _validatePost(array $postArray = []) : array
108	6	{
109	6	$passwordValidator = new Validator\Password();
110	6	$captchaValidator = new Validator\Captcha();
111	6	$settingModel = new Model\Setting();
112	6	$user = $this->_getUser($postArray);
113		$validateArray = [];
114
115		/* validate post */
116	6
117		if (!$postArray['user'] && !$postArray['email'])
118	1	{
119		$validateArray[] = $this->_language->get('user_empty');
120	5	}
121		else if (!$user->id)
122	1	{
123		$validateArray[] = $this->_language->get('user_incorrect');
124	6	}
125		if (!$postArray['password'])
126	1	{
127		$validateArray[] = $this->_language->get('password_empty');
128	5	}
129		else if (!$passwordValidator->validate($postArray['password']) \|\| !$passwordValidator->matchHash($postArray['password'], $user->password))
130	2	{
131		$validateArray[] = $this->_language->get('password_incorrect');
132	6	}
133		if ($settingModel->get('captcha') > 0 && !$captchaValidator->validate($postArray['task'], $postArray['solution']))
134	1	{
135		$validateArray[] = $this->_language->get('captcha_incorrect');
136	6	}
137		return $validateArray;
138		}
139
140		/**
141		* get the user
142		*
143		* @since 4.0.0
144		*
145		* @param array $postArray array of the post
146		*
147		* @return object\|null
148		*/
149	6
150		protected function _getUser(array $postArray = []) : ?object
151	6	{
152	6	$userModel = new Model\User();
153		return $userModel->getByUserOrEmail($postArray['user'], $postArray['email']);
154		}
155
156		/**
157		* login the user
158		*
159		* @since 3.0.0
160		*
161		* @param int $userId identifier of the user
162		*
163		* @return int
164		*/
165	2
166		protected function _login(int $userId = null) : int
167	2	{
168	2	$auth = new Auth($this->_request);
169		return $auth->login($userId);
170		}
171		}
172

redaxscript / redaxscript

Push — master ( ae47e9...c9730b )

includes/Controller/Login.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like