rhosocial /
yii2-base-models
Complex classes like PasswordTrait often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use PasswordTrait, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 37 | trait PasswordTrait |
||
| 38 | { |
||
| 39 | |||
| 40 | public static $eventAfterSetPassword = "afterSetPassword"; |
||
| 41 | public static $eventBeforeValidatePassword = "beforeValidatePassword"; |
||
| 42 | public static $eventValidatePasswordSucceeded = "validatePasswordSucceeded"; |
||
| 43 | public static $eventValidatePasswordFailed = "validatePasswordFailed"; |
||
| 44 | public static $eventBeforeResetPassword = "beforeResetPassword"; |
||
| 45 | public static $eventAfterResetPassword = "afterResetPassword"; |
||
| 46 | public static $eventResetPasswordFailed = "resetPasswordFailed"; |
||
| 47 | public static $eventNewPasswordAppliedFor = "newPasswordAppliedFor"; |
||
| 48 | public static $eventPasswordResetTokenGenerated = "passwordResetTokenGenerated"; |
||
| 49 | |||
| 50 | /** |
||
| 51 | * @var string The name of attribute used for storing password hash. |
||
| 52 | * We strongly recommend you not to change `pass_hash` property directly, |
||
| 53 | * please use setPassword() magic property instead. |
||
| 54 | */ |
||
| 55 | public $passwordHashAttribute = 'pass_hash'; |
||
| 56 | |||
| 57 | /** |
||
| 58 | * @var string The name of attribute used for storing password reset token. |
||
| 59 | * If you do not want to provide password reset feature, please set `false`. |
||
| 60 | */ |
||
| 61 | public $passwordResetTokenAttribute = 'password_reset_token'; |
||
| 62 | |||
| 63 | /** |
||
| 64 | * @var integer Cost parameter used by the Blowfish hash algorithm. |
||
| 65 | */ |
||
| 66 | public $passwordCost = 13; |
||
| 67 | |||
| 68 | /** |
||
| 69 | * @var integer if $passwordHashStrategy equals 'crypt', this value statically |
||
| 70 | * equals 60. |
||
| 71 | */ |
||
| 72 | public $passwordHashAttributeLength = 60; |
||
| 73 | private $passwordHashRules = []; |
||
| 74 | private $passwordResetTokenRules = []; |
||
| 75 | |||
| 76 | /** |
||
| 77 | * Return the empty password specialty. |
||
| 78 | * NOTE: PLEASE OVERRIDE THIS METHOD TO SPECIFY YOUR OWN EMPTY PASSWORD SPECIALTY. |
||
| 79 | * - The length of specialty should be greater than 18. |
||
| 80 | * - Uppercase and lowercase letters, punctuation marks, numbers, and underscores are required. |
||
| 81 | * @return string The string regarded as empty password. |
||
| 82 | */ |
||
| 83 | 7 | protected function getEmptyPasswordSpecialty() |
|
| 87 | |||
| 88 | protected $_password; |
||
| 89 | |||
| 90 | /** |
||
| 91 | * Get rules of password hash. |
||
| 92 | * @return array password hash rules. |
||
| 93 | */ |
||
| 94 | 292 | public function getPasswordHashRules() |
|
| 106 | |||
| 107 | /** |
||
| 108 | * Set rules of password hash. |
||
| 109 | * @param array $rules password hash rules. |
||
| 110 | */ |
||
| 111 | 2 | public function setPasswordHashRules($rules) |
|
| 117 | |||
| 118 | /** |
||
| 119 | * Get the rules associated with password reset token attribute. |
||
| 120 | * If password reset feature is not enabled, the empty array will be given. |
||
| 121 | * @return mixed |
||
| 122 | */ |
||
| 123 | 292 | public function getPasswordResetTokenRules() |
|
| 136 | |||
| 137 | /** |
||
| 138 | * Set the rules associated with password reset token attribute. |
||
| 139 | * @param mixed $rules |
||
| 140 | */ |
||
| 141 | 3 | public function setPasswordResetTokenRules($rules) |
|
| 147 | |||
| 148 | /** |
||
| 149 | * Generates a secure hash from a password and a random salt. |
||
| 150 | * |
||
| 151 | * The generated hash can be stored in database. |
||
| 152 | * Later when a password needs to be validated, the hash can be fetched and passed |
||
| 153 | * to [[validatePassword()]]. For example, |
||
| 154 | * |
||
| 155 | * ~~~ |
||
| 156 | * // generates the hash (usually done during user registration or when the password is changed) |
||
| 157 | * $hash = Yii::$app->getSecurity()->generatePasswordHash($password); |
||
| 158 | * // ...save $hash in database... |
||
| 159 | * |
||
| 160 | * // during login, validate if the password entered is correct using $hash fetched from database |
||
| 161 | * if (Yii::$app->getSecurity()->validatePassword($password, $hash) { |
||
| 162 | * // password is good |
||
| 163 | * } else { |
||
| 164 | * // password is bad |
||
| 165 | * } |
||
| 166 | * ~~~ |
||
| 167 | * |
||
| 168 | * @param string $password The password to be hashed. |
||
| 169 | * @return string The password hash string. When [[passwordHashStrategy]] is set to 'crypt', |
||
| 170 | * the output is always 60 ASCII characters, when set to 'password_hash' the output length |
||
| 171 | * might increase in future versions of PHP (http://php.net/manual/en/function.password-hash.php) |
||
| 172 | */ |
||
| 173 | 191 | public function generatePasswordHash($password) |
|
| 177 | |||
| 178 | /** |
||
| 179 | * Verifies a password against a hash. |
||
| 180 | * @param string $password The password to verify. |
||
| 181 | * @return boolean whether the password is correct. |
||
| 182 | */ |
||
| 183 | 9 | public function validatePassword($password) |
|
| 194 | |||
| 195 | /** |
||
| 196 | * Set new password. |
||
| 197 | * If $password is empty, the specilty which represents the empty will be taken. |
||
| 198 | * Finally, it will trigger `static::$eventAfterSetPassword` event. |
||
| 199 | * @param string $password the new password to be set. |
||
| 200 | */ |
||
| 201 | 191 | public function setPassword($password = null) |
|
| 202 | { |
||
| 203 | 191 | if (empty($password)) { |
|
| 204 | 2 | $password = $this->getEmptyPasswordSpecialty(); |
|
| 205 | } |
||
| 206 | 191 | $phAttribute = $this->passwordHashAttribute; |
|
| 207 | 191 | if (empty($phAttribute) || !is_string($phAttribute)) { |
|
| 208 | return; |
||
| 209 | } |
||
| 210 | 191 | $this->$phAttribute = $this->generatePasswordHash($password); |
|
| 211 | 191 | $this->_password = $password; |
|
| 212 | 191 | $this->trigger(static::$eventAfterSetPassword); |
|
| 213 | 191 | } |
|
| 214 | |||
| 215 | /** |
||
| 216 | * Set empty password. |
||
| 217 | */ |
||
| 218 | 4 | public function setEmptyPassword() |
|
| 219 | { |
||
| 220 | 4 | $this->password = $this->getEmptyPasswordSpecialty(); |
|
| 221 | 4 | } |
|
| 222 | |||
| 223 | /** |
||
| 224 | * Check whether password is empty. |
||
| 225 | * @return boolean |
||
| 226 | */ |
||
| 227 | 4 | public function getIsEmptyPassword() |
|
| 228 | { |
||
| 229 | return |
||
| 230 | 4 | (!is_string($this->passwordHashAttribute) || empty($this->passwordHashAttribute)) ? |
|
| 231 | 4 | true : $this->validatePassword($this->getEmptyPasswordSpecialty()); |
|
| 232 | } |
||
| 233 | |||
| 234 | /** |
||
| 235 | * Apply for new password. |
||
| 236 | * If this model is new one, false will be given, and no events will be triggered. |
||
| 237 | * If password reset feature is not enabled, `$eventNewPasswordAppliedFor` |
||
| 238 | * will be triggered and return true directly. |
||
| 239 | * Otherwise, the new password reset token will be regenerated and saved. Then |
||
| 240 | * trigger the `$eventNewPasswordAppliedFor` and |
||
| 241 | * `$eventPasswordResetTokenGenerated` events and return true. |
||
| 242 | * @return boolean |
||
| 243 | */ |
||
| 244 | 1 | public function applyForNewPassword() |
|
| 245 | { |
||
| 246 | 1 | if ($this->isNewRecord) { |
|
| 247 | 1 | return false; |
|
| 248 | } |
||
| 249 | 1 | if (!is_string($this->passwordResetTokenAttribute)) { |
|
| 250 | $this->trigger(static::$eventNewPasswordAppliedFor); |
||
| 251 | return true; |
||
| 252 | } |
||
| 253 | 1 | $this->setPasswordResetToken(static::generatePasswordResetToken()); |
|
| 254 | 1 | if (!$this->save()) { |
|
| 255 | $this->trigger(static::$eventResetPasswordFailed); |
||
| 256 | return false; |
||
| 257 | } |
||
| 258 | 1 | $this->trigger(static::$eventNewPasswordAppliedFor); |
|
| 259 | 1 | $this->trigger(static::$eventPasswordResetTokenGenerated); |
|
| 260 | 1 | return true; |
|
| 261 | } |
||
| 262 | |||
| 263 | /** |
||
| 264 | * Reset password with password reset token. |
||
| 265 | * It will validate password reset token, before reseting password. |
||
| 266 | * @param string $password New password to be reset. |
||
| 267 | * @param string $token Password reset token. |
||
| 268 | * @return boolean whether reset password successfully or not. |
||
| 269 | */ |
||
| 270 | 1 | public function resetPassword($password, $token) |
|
| 271 | { |
||
| 272 | 1 | if (!$this->validatePasswordResetToken($token)) { |
|
| 273 | 1 | return false; |
|
| 274 | } |
||
| 275 | 1 | $this->trigger(static::$eventBeforeResetPassword); |
|
| 276 | 1 | $this->password = $password; |
|
| 277 | 1 | $this->setPasswordResetToken(); |
|
| 278 | 1 | if (!$this->save()) { |
|
| 279 | $this->trigger(static::$eventResetPasswordFailed); |
||
| 280 | return false; |
||
| 281 | } |
||
| 282 | 1 | $this->trigger(static::$eventAfterResetPassword); |
|
| 283 | 1 | return true; |
|
| 284 | } |
||
| 285 | |||
| 286 | /** |
||
| 287 | * Generate password reset token. |
||
| 288 | * @return string |
||
| 289 | */ |
||
| 290 | 1 | public static function generatePasswordResetToken() |
|
| 294 | |||
| 295 | /** |
||
| 296 | * The event triggered after new password set. |
||
| 297 | * The auth key and access token should be regenerated if new password has applied. |
||
| 298 | * @param ModelEvent $event |
||
| 299 | */ |
||
| 300 | 9 | public function onAfterSetNewPassword($event) |
|
| 305 | |||
| 306 | /** |
||
| 307 | * Validate whether the $token is the valid password reset token. |
||
| 308 | * If password reset feature is not enabled, true will be given. |
||
| 309 | * @param string $token |
||
| 310 | * @return boolean whether the token is correct. |
||
| 311 | */ |
||
| 312 | 1 | protected function validatePasswordResetToken($token) |
|
| 319 | |||
| 320 | /** |
||
| 321 | * Initialize password reset token attribute. |
||
| 322 | * @param ModelEvent $event |
||
| 323 | */ |
||
| 324 | 306 | public function onInitPasswordResetToken($event) |
|
| 330 | |||
| 331 | /** |
||
| 332 | * Set password reset token. |
||
| 333 | * @param string $token |
||
| 334 | * @return string |
||
| 335 | */ |
||
| 336 | 306 | public function setPasswordResetToken($token = '') |
|
| 343 | |||
| 344 | /** |
||
| 345 | * Get password reset token. |
||
| 346 | * @return string |
||
| 347 | */ |
||
| 348 | 1 | public function getPasswordResetToken() |
|
| 355 | } |
||
| 356 |
Loading history...
This check looks for methods that are used by a trait but not required by it.
To illustrate, let’s look at the following code example
The trait
Idableprovides a methodequalsIdthat in turn relies on the methodgetId(). If this method does not exist on a class mixing in this trait, the method will fail.Adding the
getId()as an abstract method to the trait will make sure it is available.