TwoFactorAuthenticatesUsers - Code Metrics - Inspection of "Refactor hardcoded account sidebar menu into dynam..." - rinvex/cortex-auth - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — develop ( d878ad...d28e4b )

by Abdelrahman

created 2018-01-26 04:54 UTC

TwoFactorAuthenticatesUsers A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	85
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	1

Importance

Changes

Metric	Value
dl	0
loc	85
rs	10
c	0
b	0
f	0
wmc	12
lcom	1
cbo	1

5 Methods

Rating	Name	Size	Complexity
A	attemptTwoFactor()	4	3
A	invalidateTwoFactorBackup()	12	1
A	isValidTwoFactorPhone()	7	2
A	isValidTwoFactorBackup()	8	3
A	isValidTwoFactorTotp()	7	3

<?php

namespace Cortex\Fort\Traits;

use PragmaRX\Google2FA\Google2FA;
use Rinvex\Fort\Contracts\AuthenticatableTwoFactorContract;

trait TwoFactorAuthenticatesUsers
{
    /**
     * Verify TwoFactor authentication.
     *
     * @param \Rinvex\Fort\Contracts\AuthenticatableTwoFactorContract $user
     * @param int                                                     $token
     *
     * @return bool
     */
    protected function attemptTwoFactor(AuthenticatableTwoFactorContract $user, int $token): bool
    {
        return $this->isValidTwoFactorTotp($user, $token) || $this->isValidTwoFactorBackup($user, $token) || $this->isValidTwoFactorPhone($user, $token);

    }

    /**
     * Invalidate given backup code for the given user.
     *
     * @param \Rinvex\Fort\Contracts\AuthenticatableTwoFactorContract $user
     * @param int                                                     $token
     *
     * @return void
     */
    protected function invalidateTwoFactorBackup(AuthenticatableTwoFactorContract $user, int $token): void
    {
        $settings = $user->getTwoFactor();
        $backup = array_get($settings, 'totp.backup');
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}

        unset($backup[array_search($token, $backup)]);

        array_set($settings, 'totp.backup', $backup);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}

        // Update TwoFactor OTP backup codes
        $user->fill(['two_factor' => $settings])->forceSave();
    }

    /**
     * Determine if the given token is a valid TwoFactor Phone token.
     *
     * @param \Rinvex\Fort\Contracts\AuthenticatableTwoFactorContract $user
     * @param int                                                     $token
     *
     * @return bool
     */
    protected function isValidTwoFactorPhone(AuthenticatableTwoFactorContract $user, int $token): bool
    {
        $settings = $user->getTwoFactor();
        $authyId = array_get($settings, 'phone.authy_id');
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}

        return in_array(mb_strlen($token), [6, 7, 8]) && app('rinvex.authy.token')->verify($token, $authyId)->succeed();
    }

    /**
     * Determine if the given token is a valid TwoFactor Backup code.
     *
     * @param \Rinvex\Fort\Contracts\AuthenticatableTwoFactorContract $user
     * @param int                                                     $token
     *
     * @return bool
     */
    protected function isValidTwoFactorBackup(AuthenticatableTwoFactorContract $user, int $token): bool
    {
        $backup = array_get($user->getTwoFactor(), 'totp.backup', []);

        $result = mb_strlen($token) === 10 && in_array($token, $backup);
        ! $result || $this->invalidateTwoFactorBackup($user, $token);

        return $result;
    }

    /**
     * Determine if the given token is a valid TwoFactor TOTP token.
     *
     * @param \Rinvex\Fort\Contracts\AuthenticatableTwoFactorContract $user
     * @param int                                                     $token
     *
     * @return bool
     */
    protected function isValidTwoFactorTotp(AuthenticatableTwoFactorContract $user, int $token): bool
    {
        $totpProvider = app(Google2FA::class);
        $secret = array_get($user->getTwoFactor(), 'totp.secret');


        return mb_strlen($token) === 6 && request()->session()->get('rinvex.fort.twofactor.totp') && $totpProvider->verifyKey($secret, $token);

    }
}


1			<?php
2
3			namespace Cortex\Fort\Traits;
4
5			use PragmaRX\Google2FA\Google2FA;
6			use Rinvex\Fort\Contracts\AuthenticatableTwoFactorContract;
7
8			trait TwoFactorAuthenticatesUsers
9			{
10			/**
11			* Verify TwoFactor authentication.
12			*
13			* @param \Rinvex\Fort\Contracts\AuthenticatableTwoFactorContract $user
14			* @param int $token
15			*
16			* @return bool
17			*/
18			protected function attemptTwoFactor(AuthenticatableTwoFactorContract $user, int $token): bool
19			{
20			return $this->isValidTwoFactorTotp($user, $token) \|\| $this->isValidTwoFactorBackup($user, $token) \|\| $this->isValidTwoFactorPhone($user, $token);
			0 ignored issues – show Coding Style introduced 2018-01-26 04:59 UTC by Report Bug Copy Issue Report This line exceeds maximum limit of 120 characters; contains 153 characters Overly long lines are hard to read on any screen. Most code styles therefor impose a maximum limit on the number of characters in a line. Loading history...
21			}
22
23			/**
24			* Invalidate given backup code for the given user.
25			*
26			* @param \Rinvex\Fort\Contracts\AuthenticatableTwoFactorContract $user
27			* @param int $token
28			*
29			* @return void
30			*/
31			protected function invalidateTwoFactorBackup(AuthenticatableTwoFactorContract $user, int $token): void
32			{
33			$settings = $user->getTwoFactor();
34			$backup = array_get($settings, 'totp.backup');
			0 ignored issues – show Bug introduced 2018-01-26 04:59 UTC by Report Bug Copy Issue Report It seems like `$settings` defined by `$user->getTwoFactor()` on line `33` can also be of type `null`; however, `array_get()` does only seem to accept `object<ArrayAccess>\|array`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
35
36			unset($backup[array_search($token, $backup)]);
37
38			array_set($settings, 'totp.backup', $backup);
			0 ignored issues – show Bug introduced 2018-01-26 04:59 UTC by Report Bug Copy Issue Report It seems like `$settings` defined by `$user->getTwoFactor()` on line `33` can also be of type `null`; however, `array_set()` does only seem to accept `array`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
39
40			// Update TwoFactor OTP backup codes
41			$user->fill(['two_factor' => $settings])->forceSave();
42			}
43
44			/**
45			* Determine if the given token is a valid TwoFactor Phone token.
46			*
47			* @param \Rinvex\Fort\Contracts\AuthenticatableTwoFactorContract $user
48			* @param int $token
49			*
50			* @return bool
51			*/
52			protected function isValidTwoFactorPhone(AuthenticatableTwoFactorContract $user, int $token): bool
53			{
54			$settings = $user->getTwoFactor();
55			$authyId = array_get($settings, 'phone.authy_id');
			0 ignored issues – show Bug introduced 2018-01-26 04:59 UTC by Report Bug Copy Issue Report It seems like `$settings` defined by `$user->getTwoFactor()` on line `54` can also be of type `null`; however, `array_get()` does only seem to accept `object<ArrayAccess>\|array`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
56
57			return in_array(mb_strlen($token), [6, 7, 8]) && app('rinvex.authy.token')->verify($token, $authyId)->succeed();
58			}
59
60			/**
61			* Determine if the given token is a valid TwoFactor Backup code.
62			*
63			* @param \Rinvex\Fort\Contracts\AuthenticatableTwoFactorContract $user
64			* @param int $token
65			*
66			* @return bool
67			*/
68			protected function isValidTwoFactorBackup(AuthenticatableTwoFactorContract $user, int $token): bool
69			{
70			$backup = array_get($user->getTwoFactor(), 'totp.backup', []);
			0 ignored issues – show Bug introduced 2018-01-26 04:59 UTC by Report Bug Copy Issue Report It seems like `$user->getTwoFactor()` targeting `Rinvex\Fort\Contracts\Au...ontract::getTwoFactor()` can also be of type `null`; however, `array_get()` does only seem to accept `object<ArrayAccess>\|array`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
71			$result = mb_strlen($token) === 10 && in_array($token, $backup);
72			! $result \|\| $this->invalidateTwoFactorBackup($user, $token);
73
74			return $result;
75			}
76
77			/**
78			* Determine if the given token is a valid TwoFactor TOTP token.
79			*
80			* @param \Rinvex\Fort\Contracts\AuthenticatableTwoFactorContract $user
81			* @param int $token
82			*
83			* @return bool
84			*/
85			protected function isValidTwoFactorTotp(AuthenticatableTwoFactorContract $user, int $token): bool
86			{
87			$totpProvider = app(Google2FA::class);
88			$secret = array_get($user->getTwoFactor(), 'totp.secret');
			0 ignored issues – show Bug introduced 2018-01-26 04:59 UTC by Report Bug Copy Issue Report It seems like `$user->getTwoFactor()` targeting `Rinvex\Fort\Contracts\Au...ontract::getTwoFactor()` can also be of type `null`; however, `array_get()` does only seem to accept `object<ArrayAccess>\|array`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
89
90			return mb_strlen($token) === 6 && request()->session()->get('rinvex.fort.twofactor.totp') && $totpProvider->verifyKey($secret, $token);
			0 ignored issues – show Coding Style introduced 2018-01-26 04:59 UTC by Report Bug Copy Issue Report This line exceeds maximum limit of 120 characters; contains 143 characters Overly long lines are hard to read on any screen. Most code styles therefor impose a maximum limit on the number of characters in a line. Loading history...
91			}
92			}
93

rinvex / cortex-auth

Push — develop ( d878ad...d28e4b )

TwoFactorAuthenticatesUsers A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

5 Methods

Duplication Side-by-Side

Filter issues like