Issues in IdentityTrait.php (master) - Issues in master - rhosocial/yii2-base-models - Measure and Improve Code Quality continuously with Scrutinizer

Issues (236)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

traits/IdentityTrait.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 *  _   __ __ _____ _____ ___  ____  _____
 * | | / // // ___//_  _//   ||  __||_   _|
 * | |/ // /(__  )  / / / /| || |     | |
 * |___//_//____/  /_/ /_/ |_||_|     |_|
 * @link https://vistart.me/
 * @copyright Copyright (c) 2016 - 2017 vistart
 * @license https://vistart.me/license/
 */

namespace rhosocial\base\models\traits;

use Yii;
use yii\base\ModelEvent;

/**
 * User features concerning identity.
 *
 * @property string $accessToken
 * @property array $accessTokenRules
 * @property string $authKey
 * @property array $authKeyRules
 * @property integer $status
 * @property array $statusRules
 * @version 1.0
 * @author vistart <[email protected]>
 */
trait IdentityTrait
{

    public static $statusActive = 1;
    public static $statusInactive = 0;
    public $statusAttribute = 'status';
    private $statusRules = [];
    public $authKeyAttribute = 'auth_key';
    private $authKeyRules = [];
    public $accessTokenAttribute = 'access_token';
    private $accessTokenRules = [];

    /**
     * Finds an identity by the given ID.
     * @param string|integer $identity
     * @return static
     */
    public static function findIdentity($identity)
    {
        $self = static::buildNoInitModel();
        return static::findOne([$self->idAttribute => $identity]);
    }

    /**
     * Finds an identity by the given GUID.
     * @param string $guid
     * @return static
     */
    public static function findIdentityByGuid($guid)
    {
        return static::findOne((string)$guid);
    }

    /**
     * Finds an identity by the given token.
     * @param string $token
     * @param mixed $type
     * @return static
     */
    public static function findIdentityByAccessToken($token, $type = null)

    {
        $self = static::buildNoInitModel();
        return static::findOne([$self->accessTokenAttribute => $token]);
    }

    /**
     * Get auth key.
     * @return string|null
     */
    public function getAuthKey()
    {
        $authKeyAttribute = $this->authKeyAttribute;
        return (is_string($authKeyAttribute) && !empty($authKeyAttribute)) ? $this->$authKeyAttribute : null;
    }

    /**
     * Set auth key.
     * @param string $key
     * @return string
     */
    public function setAuthKey($key)
    {
        $authKeyAttribute = $this->authKeyAttribute;
        return (is_string($authKeyAttribute) && !empty($authKeyAttribute)) ? $this->$authKeyAttribute = $key : null;
    }

    /**
     * Validate the auth key.
     * @param string $authKey
     * @return string
     */
    public function validateAuthKey($authKey)
    {
        return $this->getAuthKey() === $authKey;
    }

    /**
     * Get the rules associated with auth key attribute.
     * @return array
     */
    public function getAuthKeyRules()
    {
        if (!is_string($this->authKeyAttribute) || empty($this->authKeyAttribute)) {
            return [];
        }
        if (empty($this->authKeyRules)) {
            $this->authKeyRules = [
                [[$this->authKeyAttribute], 'required'],
                [[$this->authKeyAttribute], 'string', 'max' => 40],
            ];
        }
        return $this->authKeyRules;
    }

    /**
     * Set the rules associated with auth key attribute.
     * @param array $rules
     */
    public function setAuthKeyRules($rules)
    {
        if (!empty($rules) && is_array($rules)) {
            $this->authKeyRules = $rules;
        }
    }

    /**
     * Initialize the auth key attribute.
     * This method is ONLY used for being triggered by event. DO NOT call,
     * override or modify it directly, unless you know the consequences.
     * @param ModelEvent $event
     */
    public function onInitAuthKey($event)
    {
        $sender = $event->sender;
        /* @var $sender static */
        $sender->setAuthKey(sha1(Yii::$app->security->generateRandomString()));
    }

    /**
     * Get access token.
     * @return string|null
     */
    public function getAccessToken()
    {
        $accessTokenAttribute = $this->accessTokenAttribute;
        return (is_string($accessTokenAttribute) && !empty($accessTokenAttribute)) ? $this->$accessTokenAttribute : null;
    }

    /**
     * Set access token.
     * @param string $token
     * @return string|null
     */
    public function setAccessToken($token)
    {
        $accessTokenAttribute = $this->accessTokenAttribute;
        return (is_string($accessTokenAttribute) && !empty($accessTokenAttribute)) ? $this->$accessTokenAttribute = $token : null;
    }

    /**
     * Get the rules associated with access token attribute.
     * @return array
     */
    public function getAccessTokenRules()
    {
        if (!is_string($this->accessTokenAttribute) || empty($this->accessTokenAttribute)) {
            return [];
        }
        if (empty($this->accessTokenRules)) {
            $this->accessTokenRules = [
                [[$this->accessTokenAttribute], 'required'],
                [[$this->accessTokenAttribute], 'string', 'max' => 40],
            ];
        }
        return $this->accessTokenRules;
    }

    /**
     * Set the rules associated with access token attribute.
     * @param array $rules
     */
    public function setAccessTokenRules($rules)
    {
        if (!empty($rules) && is_array($rules)) {
            $this->accessTokenRules = $rules;
        }
    }

    /**
     * Initialize the access token attribute.
     * This method is ONLY used for being triggered by event. DO NOT call,
     * override or modify it directly, unless you know the consequences.
     * @param ModelEvent $event
     */
    public function onInitAccessToken($event)
    {
        $sender = $event->sender;
        /* @var $sender static */
        $sender->setAccessToken(sha1(Yii::$app->security->generateRandomString()));
    }

    /**
     * Get status.
     * @return integer
     */
    public function getStatus()
    {
        $statusAttribute = $this->statusAttribute;
        return (is_string($statusAttribute) && !empty($statusAttribute)) ? $this->$statusAttribute : null;
    }

    /**
     * Set status.
     * @param integer $status
     * @return integer|null
     */
    public function setStatus($status)
    {
        $statusAttribute = $this->statusAttribute;
        return (is_string($statusAttribute) && !empty($statusAttribute)) ? $this->$statusAttribute = $status : null;
    }

    /**
     * Get the rules associated with status attribute.
     * @return array
     */
    public function getStatusRules()
    {
        if (!is_string($this->statusAttribute) || empty($this->statusAttribute)) {
            return [];
        }
        if (empty($this->statusRules)) {
            $this->statusRules = [
                [[$this->statusAttribute], 'required'],
                [[$this->statusAttribute], 'number', 'integerOnly' => true, 'min' => 0],
            ];
        }
        return $this->statusRules;
    }

    /**
     * Set the rules associated with status attribute.
     * @param array $rules
     */
    public function setStatusRules($rules)
    {
        if (!empty($rules) && is_array($rules)) {
            $this->statusRules = $rules;
        }
    }

    /**
     * Initialize the status attribute.
     * This method is ONLY used for being triggered by event. DO NOT call,
     * override or modify it directly, unless you know the consequences.
     * @param ModelEvent $event
     */
    public function onInitStatusAttribute($event)
    {
        $sender = $event->sender;
        /* @var $sender static */
        if (empty($sender->getStatus())) {
            $sender->setStatus(self::$statusActive);
        }
    }
}


1		<?php
2
3		/**
4		* _ __ __ _____ _____ ___ ____ _____
5		* \| \| / // // ___//_ _// \|\| __\|\|_ _\|
6		* \| \|/ // /(__ ) / / / /\| \|\| \| \| \|
7		* \|___//_//____/ /_/ /_/ \|_\|\|_\| \|_\|
8		* @link https://vistart.me/
9		* @copyright Copyright (c) 2016 - 2017 vistart
10		* @license https://vistart.me/license/
11		*/
12
13		namespace rhosocial\base\models\traits;
14
15		use Yii;
16		use yii\base\ModelEvent;
17
18		/**
19		* User features concerning identity.
20		*
21		* @property string $accessToken
22		* @property array $accessTokenRules
23		* @property string $authKey
24		* @property array $authKeyRules
25		* @property integer $status
26		* @property array $statusRules
27		* @version 1.0
28		* @author vistart <[email protected]>
29		*/
30		trait IdentityTrait
31		{
32
33		public static $statusActive = 1;
34		public static $statusInactive = 0;
35		public $statusAttribute = 'status';
36		private $statusRules = [];
37		public $authKeyAttribute = 'auth_key';
38		private $authKeyRules = [];
39		public $accessTokenAttribute = 'access_token';
40		private $accessTokenRules = [];
41
42		/**
43		* Finds an identity by the given ID.
44		* @param string\|integer $identity
45		* @return static
46		*/
47	3	public static function findIdentity($identity)
48		{
49	3	$self = static::buildNoInitModel();
50	3	return static::findOne([$self->idAttribute => $identity]);
51		}
52
53		/**
54		* Finds an identity by the given GUID.
55		* @param string $guid
56		* @return static
57		*/
58	3	public static function findIdentityByGuid($guid)
59		{
60	3	return static::findOne((string)$guid);
61		}
62
63		/**
64		* Finds an identity by the given token.
65		* @param string $token
66		* @param mixed $type
67		* @return static
68		*/
69	3	public static function findIdentityByAccessToken($token, $type = null)
		0 ignored issues – show Unused Code introduced 2017-01-12 08:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$type` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
70		{
71	3	$self = static::buildNoInitModel();
72	3	return static::findOne([$self->accessTokenAttribute => $token]);
73		}
74
75		/**
76		* Get auth key.
77		* @return string\|null
78		*/
79	5	public function getAuthKey()
80		{
81	5	$authKeyAttribute = $this->authKeyAttribute;
82	5	return (is_string($authKeyAttribute) && !empty($authKeyAttribute)) ? $this->$authKeyAttribute : null;
83		}
84
85		/**
86		* Set auth key.
87		* @param string $key
88		* @return string
89		*/
90	306	public function setAuthKey($key)
91		{
92	306	$authKeyAttribute = $this->authKeyAttribute;
93	306	return (is_string($authKeyAttribute) && !empty($authKeyAttribute)) ? $this->$authKeyAttribute = $key : null;
94		}
95
96		/**
97		* Validate the auth key.
98		* @param string $authKey
99		* @return string
100		*/
101	3	public function validateAuthKey($authKey)
102		{
103	3	return $this->getAuthKey() === $authKey;
104		}
105
106		/**
107		* Get the rules associated with auth key attribute.
108		* @return array
109		*/
110	292	public function getAuthKeyRules()
111		{
112	292	if (!is_string($this->authKeyAttribute) \|\| empty($this->authKeyAttribute)) {
113		return [];
114		}
115	292	if (empty($this->authKeyRules)) {
116	290	$this->authKeyRules = [
117	290	[[$this->authKeyAttribute], 'required'],
118	290	[[$this->authKeyAttribute], 'string', 'max' => 40],
119		];
120		}
121	292	return $this->authKeyRules;
122		}
123
124		/**
125		* Set the rules associated with auth key attribute.
126		* @param array $rules
127		*/
128	2	public function setAuthKeyRules($rules)
129		{
130	2	if (!empty($rules) && is_array($rules)) {
131	2	$this->authKeyRules = $rules;
132		}
133	2	}
134
135		/**
136		* Initialize the auth key attribute.
137		* This method is ONLY used for being triggered by event. DO NOT call,
138		* override or modify it directly, unless you know the consequences.
139		* @param ModelEvent $event
140		*/
141	306	public function onInitAuthKey($event)
142		{
143	306	$sender = $event->sender;
144		/* @var $sender static */
145	306	$sender->setAuthKey(sha1(Yii::$app->security->generateRandomString()));
146	306	}
147
148		/**
149		* Get access token.
150		* @return string\|null
151		*/
152	8	public function getAccessToken()
153		{
154	8	$accessTokenAttribute = $this->accessTokenAttribute;
155	8	return (is_string($accessTokenAttribute) && !empty($accessTokenAttribute)) ? $this->$accessTokenAttribute : null;
156		}
157
158		/**
159		* Set access token.
160		* @param string $token
161		* @return string\|null
162		*/
163	306	public function setAccessToken($token)
164		{
165	306	$accessTokenAttribute = $this->accessTokenAttribute;
166	306	return (is_string($accessTokenAttribute) && !empty($accessTokenAttribute)) ? $this->$accessTokenAttribute = $token : null;
167		}
168
169		/**
170		* Get the rules associated with access token attribute.
171		* @return array
172		*/
173	292	public function getAccessTokenRules()
174		{
175	292	if (!is_string($this->accessTokenAttribute) \|\| empty($this->accessTokenAttribute)) {
176		return [];
177		}
178	292	if (empty($this->accessTokenRules)) {
179	291	$this->accessTokenRules = [
180	291	[[$this->accessTokenAttribute], 'required'],
181	291	[[$this->accessTokenAttribute], 'string', 'max' => 40],
182		];
183		}
184	292	return $this->accessTokenRules;
185		}
186
187		/**
188		* Set the rules associated with access token attribute.
189		* @param array $rules
190		*/
191	2	public function setAccessTokenRules($rules)
192		{
193	2	if (!empty($rules) && is_array($rules)) {
194	2	$this->accessTokenRules = $rules;
195		}
196	2	}
197
198		/**
199		* Initialize the access token attribute.
200		* This method is ONLY used for being triggered by event. DO NOT call,
201		* override or modify it directly, unless you know the consequences.
202		* @param ModelEvent $event
203		*/
204	306	public function onInitAccessToken($event)
205		{
206	306	$sender = $event->sender;
207		/* @var $sender static */
208	306	$sender->setAccessToken(sha1(Yii::$app->security->generateRandomString()));
209	306	}
210
211		/**
212		* Get status.
213		* @return integer
214		*/
215	306	public function getStatus()
216		{
217	306	$statusAttribute = $this->statusAttribute;
218	306	return (is_string($statusAttribute) && !empty($statusAttribute)) ? $this->$statusAttribute : null;
219		}
220
221		/**
222		* Set status.
223		* @param integer $status
224		* @return integer\|null
225		*/
226	306	public function setStatus($status)
227		{
228	306	$statusAttribute = $this->statusAttribute;
229	306	return (is_string($statusAttribute) && !empty($statusAttribute)) ? $this->$statusAttribute = $status : null;
230		}
231
232		/**
233		* Get the rules associated with status attribute.
234		* @return array
235		*/
236	292	public function getStatusRules()
237		{
238	292	if (!is_string($this->statusAttribute) \|\| empty($this->statusAttribute)) {
239		return [];
240		}
241	292	if (empty($this->statusRules)) {
242	291	$this->statusRules = [
243	291	[[$this->statusAttribute], 'required'],
244	291	[[$this->statusAttribute], 'number', 'integerOnly' => true, 'min' => 0],
245		];
246		}
247	292	return $this->statusRules;
248		}
249
250		/**
251		* Set the rules associated with status attribute.
252		* @param array $rules
253		*/
254	1	public function setStatusRules($rules)
255		{
256	1	if (!empty($rules) && is_array($rules)) {
257	1	$this->statusRules = $rules;
258		}
259	1	}
260
261		/**
262		* Initialize the status attribute.
263		* This method is ONLY used for being triggered by event. DO NOT call,
264		* override or modify it directly, unless you know the consequences.
265		* @param ModelEvent $event
266		*/
267	306	public function onInitStatusAttribute($event)
268		{
269	306	$sender = $event->sender;
270		/* @var $sender static */
271	306	if (empty($sender->getStatus())) {
272	306	$sender->setStatus(self::$statusActive);
273		}
274	306	}
275		}
276

rhosocial / yii2-base-models

Issues (236)

Security Analysis no request data

traits/IdentityTrait.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like