Issues in UserAuthenticationMiddleware.php (master) - Issues in master - samuelgfeller/slim-example-project - Measure and Improve Code Quality continuously with Scrutinizer

Issues (176)

Middleware/UserAuthenticationMiddleware.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php

namespace App\Application\Middleware;

use App\Application\Responder\JsonResponder;
use App\Application\Responder\RedirectHandler;
use App\Module\User\Enum\UserStatus;
use App\Module\User\Find\Service\UserFinder;
use Odan\Session\SessionInterface;
use Odan\Session\SessionManagerInterface;
use Psr\Http\Message\ResponseFactoryInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Slim\Interfaces\RouteParserInterface;

final readonly class UserAuthenticationMiddleware implements MiddlewareInterface

{
    public function __construct(
        private SessionManagerInterface $sessionManager,
        private SessionInterface $session,
        private JsonResponder $jsonResponder,
        private RedirectHandler $redirectHandler,
        private RouteParserInterface $routeParser,
        private ResponseFactoryInterface $responseFactory,
        private UserFinder $userFinder,
    ) {
    }

    /**
     * User authentication middleware. Check if the user is logged in and if not
     * redirect to login page with redirect back query params.
     *
     * @param ServerRequestInterface $request
     * @param RequestHandlerInterface $handler
     *
     * @return ResponseInterface
     */
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        // Check if user is logged in
        if (($loggedInUserId = $this->session->get('user_id')) !== null) {
            // Check that the user status is active
            if ($this->userFinder->findUserById($loggedInUserId)->status === UserStatus::Active) {
                return $handler->handle($request);
            }
            // Log user out if not active
            $this->sessionManager->destroy();
            $this->sessionManager->start();
            $this->sessionManager->regenerateId();
        }

        $response = $this->responseFactory->createResponse();

        // Inform the user that he/she has to log in before accessing the page
        $this->session->getFlash()->add('info', 'Please login to access this page.');

        // If it's a JSON request, return 401 with the login url and its possible query params
        if ($request->getHeaderLine('Content-Type') === 'application/json') {
            return $this->jsonResponder->encodeAndAddToResponse(
                $response,
                ['loginUrl' => $this->routeParser->urlFor('login-page')],
                401
            );
        }
        // If no redirect header is set, and it's not a JSON request, redirect to the same url as the request after login
        $queryParams = ['redirect' => $request->getUri()->getPath()];

        return $this->redirectHandler->redirectToRouteName($response, 'login-page', [], $queryParams);
    }
}


1		<?php
2
3		namespace App\Application\Middleware;
4
5		use App\Application\Responder\JsonResponder;
6		use App\Application\Responder\RedirectHandler;
7		use App\Module\User\Enum\UserStatus;
8		use App\Module\User\Find\Service\UserFinder;
9		use Odan\Session\SessionInterface;
10		use Odan\Session\SessionManagerInterface;
11		use Psr\Http\Message\ResponseFactoryInterface;
12		use Psr\Http\Message\ResponseInterface;
13		use Psr\Http\Message\ServerRequestInterface;
14		use Psr\Http\Server\MiddlewareInterface;
15		use Psr\Http\Server\RequestHandlerInterface;
16		use Slim\Interfaces\RouteParserInterface;
17
18		final readonly class UserAuthenticationMiddleware implements MiddlewareInterface
		0 ignored issues – show Bug introduced 2024-04-01 16:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this A parse error occurred: Syntax error, unexpected T_READONLY, expecting T_CLASS on line 18 at column 6 Loading history...
19		{
20	156	public function __construct(
21		private SessionManagerInterface $sessionManager,
22		private SessionInterface $session,
23		private JsonResponder $jsonResponder,
24		private RedirectHandler $redirectHandler,
25		private RouteParserInterface $routeParser,
26		private ResponseFactoryInterface $responseFactory,
27		private UserFinder $userFinder,
28		) {
29	156	}
30
31		/**
32		* User authentication middleware. Check if the user is logged in and if not
33		* redirect to login page with redirect back query params.
34		*
35		* @param ServerRequestInterface $request
36		* @param RequestHandlerInterface $handler
37		*
38		* @return ResponseInterface
39		*/
40	156	public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
41		{
42		// Check if user is logged in
43	156	if (($loggedInUserId = $this->session->get('user_id')) !== null) {
44		// Check that the user status is active
45	138	if ($this->userFinder->findUserById($loggedInUserId)->status === UserStatus::Active) {
46	137	return $handler->handle($request);
47		}
48		// Log user out if not active
49	1	$this->sessionManager->destroy();
50	1	$this->sessionManager->start();
51	1	$this->sessionManager->regenerateId();
52		}
53
54	19	$response = $this->responseFactory->createResponse();
55
56		// Inform the user that he/she has to log in before accessing the page
57	19	$this->session->getFlash()->add('info', 'Please login to access this page.');
58
59		// If it's a JSON request, return 401 with the login url and its possible query params
60	19	if ($request->getHeaderLine('Content-Type') === 'application/json') {
61	12	return $this->jsonResponder->encodeAndAddToResponse(
62	12	$response,
63	12	['loginUrl' => $this->routeParser->urlFor('login-page')],
64	12	401
65	12	);
66		}
67		// If no redirect header is set, and it's not a JSON request, redirect to the same url as the request after login
68	7	$queryParams = ['redirect' => $request->getUri()->getPath()];
69
70	7	return $this->redirectHandler->redirectToRouteName($response, 'login-page', [], $queryParams);
71		}
72		}
73

samuelgfeller / slim-example-project

Issues (176)

Middleware/UserAuthenticationMiddleware.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like