PasswordResetBroker::validatePasswordWithDefaults() - Code Metrics - Inspection of "Merge branch 'release/v3.0.2'" - rinvex/laravel-auth - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 89f500...10eccf )

by Abdelrahman

created 2019-09-23 01:37 UTC

validatePasswordWithDefaults() A

↳ Parent: PasswordResetBroker

Complexity

Conditions	2
Paths	2

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
nc	2
nop	1
dl	0
loc	9
rs	9.9666
c	0
b	0
f	0

<?php

declare(strict_types=1);

namespace Rinvex\Auth\Services;

use Closure;
use UnexpectedValueException;
use Illuminate\Contracts\Auth\UserProvider;
use Rinvex\Auth\Contracts\CanResetPasswordContract;
use Rinvex\Auth\Contracts\PasswordResetBrokerContract;

class PasswordResetBroker implements PasswordResetBrokerContract
{
    /**
     * The application key.
     *
     * @var string
     */
    protected $key;

    /**
     * The user provider implementation.
     *
     * @var \Illuminate\Contracts\Auth\UserProvider
     */
    protected $users;

    /**
     * The number of minutes that the reset token should be considered valid.
     *
     * @var int
     */
    protected $expiration;

    /**
     * Create a new verification broker instance.
     *
     * @param \Illuminate\Contracts\Auth\UserProvider $users
     * @param string                                  $key
     * @param int                                     $expiration
     */
    public function __construct(UserProvider $users, $key, $expiration)
    {
        $this->key = $key;
        $this->users = $users;
        $this->expiration = $expiration;
    }

    /**
     * Send a password reset link to a user.
     *
     * @param array $credentials
     *
     * @return string
     */
    public function sendResetLink(array $credentials): string
    {
        // First we will check to see if we found a user at the given credentials and
        // if we did not we will redirect back to this current URI with a piece of
        // "flash" data in the session to indicate to the developers the errors.
        $user = $this->getUser($credentials);

        if (is_null($user)) {
            return static::INVALID_USER;
        }

        $expiration = now()->addMinutes($this->expiration)->timestamp;

        // Once we have the reset token, we are ready to send the message out to this
        // user with a link to reset their password. We will then redirect back to
        // the current URI having nothing set in the session to indicate errors.
        $user->sendPasswordResetNotification($this->createToken($user, $expiration), $expiration);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);

        return static::RESET_LINK_SENT;
    }

    /**
     * Reset the password for the given token.
     *
     * @param array    $credentials
     * @param \Closure $callback
     *
     * @return mixed

     */
    public function reset(array $credentials, Closure $callback)
    {
        $user = $this->validateReset($credentials);

        // If the responses from the validate method is not a user instance, we will
        // assume that it is a redirect and simply return it from this method and
        // the user is properly redirected having an error message on the post.
        if (! $user instanceof CanResetPasswordContract) {
            return $user;
        }

        $password = $credentials['password'];

        // Once the reset has been validated, we'll call the given callback with the
        // new password. This gives the user an opportunity to store the password
        // in their persistent storage.
        $callback($user, $password);

        return static::PASSWORD_RESET;
    }

    /**
     * Get the user for the given credentials.
     *
     * @param array $credentials
     *
     * @throws \UnexpectedValueException
     *
     * @return \Rinvex\Auth\Contracts\CanResetPasswordContract|null

     */
    public function getUser(array $credentials): ?CanResetPasswordContract
    {
        $user = $this->users->retrieveByCredentials(array_only($credentials, ['email']));

        if ($user && ! $user instanceof CanResetPasswordContract) {
            throw new UnexpectedValueException('User must implement CanResetPassword interface.');
        }

        return $user;
    }

    /**
     * Create a new password reset token for the given user.
     *
     * @param \Rinvex\Auth\Contracts\CanResetPasswordContract $user
     * @param int                                             $expiration
     *
     * @return string
     */
    public function createToken(CanResetPasswordContract $user, $expiration): string
    {
        $payload = $this->buildPayload($user, $user->getEmailForPasswordReset(), $expiration);

        return hash_hmac('sha256', $payload, $this->getKey());
    }

    /**
     * Validate the given password reset token.
     *
     * @param \Rinvex\Auth\Contracts\CanResetPasswordContract $user
     * @param array                                           $credentials
     *
     * @return bool
     */
    public function validateToken(CanResetPasswordContract $user, array $credentials): bool
    {
        $payload = $this->buildPayload($user, $credentials['email'], $credentials['expiration']);

        return hash_equals($credentials['token'], hash_hmac('sha256', $payload, $this->getKey()));
    }

    /**
     * Validate the given expiration timestamp.
     *
     * @param int $expiration
     *
     * @return bool
     */
    public function validateTimestamp($expiration): bool
    {
        return now()->createFromTimestamp($expiration)->isFuture();
    }

    /**
     * Return the application key.
     *
     * @return string
     */
    public function getKey(): string
    {
        if (starts_with($this->key, 'base64:')) {
            return base64_decode(mb_substr($this->key, 7));
        }

        return $this->key;
    }

    /**
     * Returns the payload string containing.
     *
     * @param \Rinvex\Auth\Contracts\CanResetPasswordContract $user
     * @param string                                          $email
     * @param int                                             $expiration
     *
     * @return string
     */
    protected function buildPayload(CanResetPasswordContract $user, $email, $expiration): string
    {
        return implode(';', [
            $email,
            $expiration,
            $user->getKey(),

            $user->password,
interface SomeInterface { }
class SomeClass implements SomeInterface {
    public $a;
}

function someFunction(SomeInterface $object) {
    if ($object instanceof SomeClass) {
        $a = $object->a;
    }
}
        ]);
    }

    /**
     * Validate a password reset for the given credentials.
     *
     * @param array $credentials
     *
     * @return \Illuminate\Contracts\Auth\CanResetPassword|string

     */
    protected function validateReset(array $credentials)
    {
        if (is_null($user = $this->getUser($credentials))) {
            return static::INVALID_USER;
        }

        if (! $this->validateToken($user, $credentials)) {
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
            return static::INVALID_TOKEN;
        }

        if (! $this->validateTimestamp($credentials['expiration'])) {
            return static::EXPIRED_TOKEN;
        }

        return $user;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace Rinvex\Auth\Services;
6
7			use Closure;
8			use UnexpectedValueException;
9			use Illuminate\Contracts\Auth\UserProvider;
10			use Rinvex\Auth\Contracts\CanResetPasswordContract;
11			use Rinvex\Auth\Contracts\PasswordResetBrokerContract;
12
13			class PasswordResetBroker implements PasswordResetBrokerContract
14			{
15			/**
16			* The application key.
17			*
18			* @var string
19			*/
20			protected $key;
21
22			/**
23			* The user provider implementation.
24			*
25			* @var \Illuminate\Contracts\Auth\UserProvider
26			*/
27			protected $users;
28
29			/**
30			* The number of minutes that the reset token should be considered valid.
31			*
32			* @var int
33			*/
34			protected $expiration;
35
36			/**
37			* Create a new verification broker instance.
38			*
39			* @param \Illuminate\Contracts\Auth\UserProvider $users
40			* @param string $key
41			* @param int $expiration
42			*/
43			public function __construct(UserProvider $users, $key, $expiration)
44			{
45			$this->key = $key;
46			$this->users = $users;
47			$this->expiration = $expiration;
48			}
49
50			/**
51			* Send a password reset link to a user.
52			*
53			* @param array $credentials
54			*
55			* @return string
56			*/
57			public function sendResetLink(array $credentials): string
58			{
59			// First we will check to see if we found a user at the given credentials and
60			// if we did not we will redirect back to this current URI with a piece of
61			// "flash" data in the session to indicate to the developers the errors.
62			$user = $this->getUser($credentials);
63
64			if (is_null($user)) {
65			return static::INVALID_USER;
66			}
67
68			$expiration = now()->addMinutes($this->expiration)->timestamp;
69
70			// Once we have the reset token, we are ready to send the message out to this
71			// user with a link to reset their password. We will then redirect back to
72			// the current URI having nothing set in the session to indicate errors.
73			$user->sendPasswordResetNotification($this->createToken($user, $expiration), $expiration);
			0 ignored issues – show Documentation introduced 2018-03-01 23:20 UTC by Report Bug Copy Issue Report `$user` is of type `object<Illuminate\Contracts\Auth\Authenticatable>`, but the function expects a `object<Rinvex\Auth\Contr...nResetPasswordContract>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
74
75			return static::RESET_LINK_SENT;
76			}
77
78			/**
79			* Reset the password for the given token.
80			*
81			* @param array $credentials
82			* @param \Closure $callback
83			*
84			* @return mixed
			0 ignored issues – show Documentation introduced 2017-03-08 01:49 UTC by Report Bug Copy Issue Report Consider making the return type a bit more specific; maybe use `string\|\Illuminate\Contracts\Auth\Authenticatable`. This check looks for the generic type `array` as a return type and suggests a more specific type. This type is inferred from the actual code. Loading history...
85			*/
86			public function reset(array $credentials, Closure $callback)
87			{
88			$user = $this->validateReset($credentials);
89
90			// If the responses from the validate method is not a user instance, we will
91			// assume that it is a redirect and simply return it from this method and
92			// the user is properly redirected having an error message on the post.
93			if (! $user instanceof CanResetPasswordContract) {
94			return $user;
95			}
96
97			$password = $credentials['password'];
98
99			// Once the reset has been validated, we'll call the given callback with the
100			// new password. This gives the user an opportunity to store the password
101			// in their persistent storage.
102			$callback($user, $password);
103
104			return static::PASSWORD_RESET;
105			}
106
107			/**
108			* Get the user for the given credentials.
109			*
110			* @param array $credentials
111			*
112			* @throws \UnexpectedValueException
113			*
114			* @return \Rinvex\Auth\Contracts\CanResetPasswordContract\|null
			0 ignored issues – show Documentation introduced 2017-02-11 17:18 UTC by Report Bug Copy Issue Report Should the return type not be `\Illuminate\Contracts\Auth\Authenticatable\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
115			*/
116			public function getUser(array $credentials): ?CanResetPasswordContract
117			{
118			$user = $this->users->retrieveByCredentials(array_only($credentials, ['email']));
119
120			if ($user && ! $user instanceof CanResetPasswordContract) {
121			throw new UnexpectedValueException('User must implement CanResetPassword interface.');
122			}
123
124			return $user;
125			}
126
127			/**
128			* Create a new password reset token for the given user.
129			*
130			* @param \Rinvex\Auth\Contracts\CanResetPasswordContract $user
131			* @param int $expiration
132			*
133			* @return string
134			*/
135			public function createToken(CanResetPasswordContract $user, $expiration): string
136			{
137			$payload = $this->buildPayload($user, $user->getEmailForPasswordReset(), $expiration);
138
139			return hash_hmac('sha256', $payload, $this->getKey());
140			}
141
142			/**
143			* Validate the given password reset token.
144			*
145			* @param \Rinvex\Auth\Contracts\CanResetPasswordContract $user
146			* @param array $credentials
147			*
148			* @return bool
149			*/
150			public function validateToken(CanResetPasswordContract $user, array $credentials): bool
151			{
152			$payload = $this->buildPayload($user, $credentials['email'], $credentials['expiration']);
153
154			return hash_equals($credentials['token'], hash_hmac('sha256', $payload, $this->getKey()));
155			}
156
157			/**
158			* Validate the given expiration timestamp.
159			*
160			* @param int $expiration
161			*
162			* @return bool
163			*/
164			public function validateTimestamp($expiration): bool
165			{
166			return now()->createFromTimestamp($expiration)->isFuture();
167			}
168
169			/**
170			* Return the application key.
171			*
172			* @return string
173			*/
174			public function getKey(): string
175			{
176			if (starts_with($this->key, 'base64:')) {
177			return base64_decode(mb_substr($this->key, 7));
178			}
179
180			return $this->key;
181			}
182
183			/**
184			* Returns the payload string containing.
185			*
186			* @param \Rinvex\Auth\Contracts\CanResetPasswordContract $user
187			* @param string $email
188			* @param int $expiration
189			*
190			* @return string
191			*/
192			protected function buildPayload(CanResetPasswordContract $user, $email, $expiration): string
193			{
194			return implode(';', [
195			$email,
196			$expiration,
197			$user->getKey(),
			0 ignored issues – show Bug introduced 2018-02-15 23:35 UTC by Report Bug Copy Issue Report The method `getKey()` does not seem to exist on `object<Rinvex\Auth\Contr...nResetPasswordContract>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
198			$user->password,
			0 ignored issues – show Bug introduced 2018-02-15 23:35 UTC by Report Bug Copy Issue Report Accessing `password` on the interface `Rinvex\Auth\Contracts\CanResetPasswordContract` suggest that you code against a concrete implementation. How about adding an `instanceof` check? If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes Adding an additional type check: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeInterface $object) { if ($object instanceof SomeClass) { $a = $object->a; } } Changing the type hint: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeClass $object) { $a = $object->a; } Loading history...
199			]);
200			}
201
202			/**
203			* Validate a password reset for the given credentials.
204			*
205			* @param array $credentials
206			*
207			* @return \Illuminate\Contracts\Auth\CanResetPassword\|string
			0 ignored issues – show Documentation introduced 2017-03-08 01:49 UTC by Report Bug Copy Issue Report Should the return type not be `string\|\Illuminate\Contracts\Auth\Authenticatable`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
208			*/
209			protected function validateReset(array $credentials)
210			{
211			if (is_null($user = $this->getUser($credentials))) {
212			return static::INVALID_USER;
213			}
214
215			if (! $this->validateToken($user, $credentials)) {
			0 ignored issues – show Documentation introduced 2018-03-01 23:20 UTC by Report Bug Copy Issue Report `$user` is of type `object<Illuminate\Contracts\Auth\Authenticatable>`, but the function expects a `object<Rinvex\Auth\Contr...nResetPasswordContract>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
216			return static::INVALID_TOKEN;
217			}
218
219			if (! $this->validateTimestamp($credentials['expiration'])) {
220			return static::EXPIRED_TOKEN;
221			}
222
223			return $user;
224			}
225			}
226

rinvex / laravel-auth

Push — master ( 89f500...10eccf )

validatePasswordWithDefaults() A

Complexity

Size

Duplication

Importance

Available Fixes

Duplication Side-by-Side

Filter issues like