LDAPLostPasswordHandler::lostPasswordForm() - Code Metrics - Inspection of "SS4 security changes and unit test fixes" - silverstripe/silverstripe-activedirectory - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#116)

by Franco

created 2017-09-03 11:20 UTC

LDAPLostPasswordHandler::lostPasswordForm() B

↳ Parent: LDAPLostPasswordHandler

Complexity

Conditions	2
Paths	2

Size

Total Lines	24
Code Lines	18

Duplication

Lines	11
Ratio	45.83 %

Importance

Changes

Metric	Value
dl	11
loc	24
rs	8.9713
c	0
b	0
f	0
cc	2
eloc	18
nc	2
nop	0

<?php

namespace SilverStripe\ActiveDirectory\Authenticators;

use SilverStripe\ActiveDirectory\Services\LDAPService;
use SilverStripe\Control\Controller;
use SilverStripe\Control\Email\Email;
use SilverStripe\Control\HTTPResponse;
use SilverStripe\Core\Config\Config;
use SilverStripe\Core\Convert;
use SilverStripe\Core\Injector\Injector;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\Form;
use SilverStripe\Forms\FormAction;
use SilverStripe\Forms\TextField;
use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\Security\Member;
use SilverStripe\Security\MemberAuthenticator\LostPasswordForm;
use SilverStripe\Security\MemberAuthenticator\LostPasswordHandler;
use SilverStripe\Security\Security;

class LDAPLostPasswordHandler extends LostPasswordHandler
{
    /**
     * Since the logout and dologin actions may be conditionally removed, it's necessary to ensure these
     * remain valid actions regardless of the member login state.
     *
     * @var array
     * @config
     */
    private static $allowed_actions = [

        'lostpassword',
        'LostPasswordForm',
        'passwordsent',
    ];


    /**
     * @param string $link The URL to recreate this request handler
     * @param LDAPAuthenticator $authenticator
     */
    public function __construct($link, LDAPAuthenticator $authenticator)
    {
        $this->link = $link;
<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}
        $this->authenticatorClass = get_class($authenticator);
        parent::__construct($link);
    }

    /**
     * Forgot password form handler method.
     *
     * Called when the user clicks on "I've lost my password".
     *
     * Extensions can use the 'forgotPassword' method to veto executing
     * the logic, by returning FALSE. In this case, the user will be redirected back
     * to the form without further action. It is recommended to set a message
     * in the form detailing why the action was denied.
     *
     * @param array $data Submitted data
     * @param LostPasswordForm $form
     * @return HTTPResponse
     */
    public function forgotPassword($data, $form)
    {
        /** @var Controller $controller */
        $controller = $form->getController();

        // No need to protect against injections, LDAPService will ensure that this is safe
        $login = trim($data['Login']);

        $service = Injector::inst()->get(LDAPService::class);
        if (Email::is_valid_address($login)) {
            if (Config::inst()->get(LDAPAuthenticator::class, 'allow_email_login') != 'yes') {
                $form->sessionMessage(
                    _t(
                        'LDAPLoginForm.USERNAMEINSTEADOFEMAIL',
                        'Please enter your username instead of your email to get a password reset link.'
                    ),
                    'bad'
                );
                return $controller->redirect($controller->Link('lostpassword'));
            }
            $userData = $service->getUserByEmail($login);
        } else {
            $userData = $service->getUserByUsername($login);
        }
        // Avoid information disclosure by displaying the same status,
        // regardless whether the email address actually exists
        if (!isset($userData['objectguid'])) {
            return $controller->redirect($controller->Link('passwordsent/')
                . urlencode($data['Login']));
        }

        $member = Member::get()->filter('GUID', $userData['objectguid'])->limit(1)->first();
        // User haven't been imported yet so do that now
        if (!($member && $member->exists())) {

            $member = new Member();
            $member->GUID = $userData['objectguid'];
        }

        // Update the users from LDAP so we are sure that the email is correct.
        // This will also write the Member record.
        $service->updateMemberFromLDAP($member);

        // Allow vetoing forgot password requests
        $results = $this->extend('forgotPassword', $member);
        if ($results && is_array($results) && in_array(false, $results, true)) {

            return $controller->redirect('lostpassword');
        }

        if ($member) {
            /** @see MemberLoginForm::forgotPassword */
            $token = $member->generateAutologinTokenAndStoreHash();
            $e = Email::create()
                ->setSubject(_t('Member.SUBJECTPASSWORDRESET', 'Your password reset link', 'Email subject'))
                ->setHTMLTemplate('SilverStripe\\Control\\Email\\ForgotPasswordEmail')
                ->setData($member)
                ->setData(['PasswordResetLink' => Security::getPasswordResetLink($member, $token)]);
            $e->setTo($member->Email);
            $e->send();
            return $controller->redirect($controller->Link('passwordsent/') . urlencode($data['Login']));
        } elseif ($data['Login']) {
            // Avoid information disclosure by displaying the same status,
            // regardless whether the email address actually exists
            return $controller->redirect($controller->Link('passwordsent/') . urlencode($data['Login']));
        } else {
            if (Config::inst()->get(LDAPAuthenticator::class, 'allow_email_login') === 'yes') {
                $form->sessionMessage(
                    _t(
                        'LDAPLoginForm.ENTERUSERNAMEOREMAIL',
                        'Please enter your username or your email address to get a password reset link.'
                    ),
                    'bad'
                );
            } else {
                $form->sessionMessage(
                    _t(
                        'LDAPLoginForm.ENTERUSERNAME',
                        'Please enter your username to get a password reset link.'
                    ),
                    'bad'
                );
            }
            return $controller->redirect($controller->Link('lostpassword'));
        }
    }

    /**
     * Factory method for the lost password form
     *
     * @return Form Returns the lost password form
     */
    public function lostPasswordForm()
    {
        if (Config::inst()->get(LDAPAuthenticator::class, 'allow_email_login') === 'yes') {

            $loginField = TextField::create(
                'Login',
                _t('LDAPLoginForm.USERNAMEOREMAIL', 'Username or email'),
                null,
                null,
                $this
            );
        } else {
            $loginField = TextField::create('Login', _t('LDAPLoginForm.USERNAME', 'Username'), null, null, $this);
        }

        $action = FormAction::create('forgotPassword', _t('Security.BUTTONSEND', 'Send me the password reset link'));
        return LostPasswordForm::create(
            $this,
            $this->authenticatorClass,
            'LostPasswordForm',
            FieldList::create([$loginField]),
            FieldList::create([$action]),
            false
        );
    }

    public function lostpassword()
    {
        if (Config::inst()->get(LDAPAuthenticator::class, 'allow_email_login') === 'yes') {
            $message = _t(
                'LDAPLostPasswordHandler.NOTERESETPASSWORDUSERNAMEOREMAIL',
                'Enter your username or your email address and we will send you a link with which '
                . 'you can reset your password'
            );
        } else {
            $message = _t(
                'LDAPLostPasswordHandler.NOTERESETPASSWORDUSERNAME',
                'Enter your username and we will send you a link with which you can reset your password'
            );
        }

        return [
            'Content' => DBField::create_field('HTMLFragment', "<p>$message</p>"),
            'Form' => $this->lostPasswordForm(),
        ];
    }

    public function passwordsent()
    {
        $username = Convert::raw2xml(rawurldecode($this->getRequest()->param('ID')));

        return [
            'Title' => _t(
                'LDAPSecurity.PASSWORDSENTHEADER',
                "Password reset link sent to '{username}'",
                ['username' => $username]
            ),
            'Content' =>
                _t(
                    'LDAPSecurity.PASSWORDSENTTEXT',
                    "Thank you! A reset link has been sent to '{username}', provided an account exists.",
                    ['username' => $username]
                ),
            'Username' => $username
        ];
    }
}


1		<?php
2
3		namespace SilverStripe\ActiveDirectory\Authenticators;
4
5		use SilverStripe\ActiveDirectory\Services\LDAPService;
6		use SilverStripe\Control\Controller;
7		use SilverStripe\Control\Email\Email;
8		use SilverStripe\Control\HTTPResponse;
9		use SilverStripe\Core\Config\Config;
10		use SilverStripe\Core\Convert;
11		use SilverStripe\Core\Injector\Injector;
12		use SilverStripe\Forms\FieldList;
13		use SilverStripe\Forms\Form;
14		use SilverStripe\Forms\FormAction;
15		use SilverStripe\Forms\TextField;
16		use SilverStripe\ORM\FieldType\DBField;
17		use SilverStripe\Security\Member;
18		use SilverStripe\Security\MemberAuthenticator\LostPasswordForm;
19		use SilverStripe\Security\MemberAuthenticator\LostPasswordHandler;
20		use SilverStripe\Security\Security;
21
22		class LDAPLostPasswordHandler extends LostPasswordHandler
23		{
24		/**
25		* Since the logout and dologin actions may be conditionally removed, it's necessary to ensure these
26		* remain valid actions regardless of the member login state.
27		*
28		* @var array
29		* @config
30		*/
31		private static $allowed_actions = [
		0 ignored issues – show Comprehensibility introduced 2017-01-16 21:03 UTC by Report Bug Copy Issue Report Consider using a different property name as you override a private property of the parent class. Loading history... Unused Code introduced 2017-01-16 21:03 UTC by Report Bug Copy Issue Report The property `$allowed_actions` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
32		'lostpassword',
33		'LostPasswordForm',
34		'passwordsent',
35		];
36
37
38		/**
39		* @param string $link The URL to recreate this request handler
40		* @param LDAPAuthenticator $authenticator
41		*/
42		public function __construct($link, LDAPAuthenticator $authenticator)
43		{
44		$this->link = $link;
		0 ignored issues – show Documentation introduced 2017-09-03 01:42 UTC by Report Bug Copy Issue Report The property `$link` is declared private in `SilverStripe\Security\Me...tor\LostPasswordHandler`. Since you implemented `__set()`, maybe consider adding a @property or @property-write annotation. This makes it easier for IDEs to provide auto-completion. Since your code implements the magic setter `_set`, this function will be called for any write access on an undefined variable. You can add the `@property` annotation to your class or interface to document the existence of this variable. <?php /** * @property int $x * @property int $y * @property string $text */ class MyLabel { private $properties; private $allowedProperties = array('x', 'y', 'text'); public function __get($name) { if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) { return $properties[$name]; } else { return null; } } public function __set($name, $value) { if (in_array($name, $this->allowedProperties)) { $properties[$name] = $value; } else { throw new \LogicException("Property $name is not defined."); } } } Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property. Loading history...
45		$this->authenticatorClass = get_class($authenticator);
46		parent::__construct($link);
47		}
48
49		/**
50		* Forgot password form handler method.
51		*
52		* Called when the user clicks on "I've lost my password".
53		*
54		* Extensions can use the 'forgotPassword' method to veto executing
55		* the logic, by returning FALSE. In this case, the user will be redirected back
56		* to the form without further action. It is recommended to set a message
57		* in the form detailing why the action was denied.
58		*
59		* @param array $data Submitted data
60		* @param LostPasswordForm $form
61		* @return HTTPResponse
62		*/
63		public function forgotPassword($data, $form)
64		{
65		/** @var Controller $controller */
66		$controller = $form->getController();
67
68		// No need to protect against injections, LDAPService will ensure that this is safe
69		$login = trim($data['Login']);
70
71		$service = Injector::inst()->get(LDAPService::class);
72		if (Email::is_valid_address($login)) {
73		if (Config::inst()->get(LDAPAuthenticator::class, 'allow_email_login') != 'yes') {
74		$form->sessionMessage(
75		_t(
76		'LDAPLoginForm.USERNAMEINSTEADOFEMAIL',
77		'Please enter your username instead of your email to get a password reset link.'
78		),
79		'bad'
80		);
81		return $controller->redirect($controller->Link('lostpassword'));
82		}
83		$userData = $service->getUserByEmail($login);
84		} else {
85		$userData = $service->getUserByUsername($login);
86		}
87		// Avoid information disclosure by displaying the same status,
88		// regardless whether the email address actually exists
89		if (!isset($userData['objectguid'])) {
90		return $controller->redirect($controller->Link('passwordsent/')
91		. urlencode($data['Login']));
92		}
93
94		$member = Member::get()->filter('GUID', $userData['objectguid'])->limit(1)->first();
95		// User haven't been imported yet so do that now
96	View Code Duplication	if (!($member && $member->exists())) {
		0 ignored issues – show Duplication introduced 2017-04-11 01:05 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
97		$member = new Member();
98		$member->GUID = $userData['objectguid'];
99		}
100
101		// Update the users from LDAP so we are sure that the email is correct.
102		// This will also write the Member record.
103		$service->updateMemberFromLDAP($member);
104
105		// Allow vetoing forgot password requests
106		$results = $this->extend('forgotPassword', $member);
107		if ($results && is_array($results) && in_array(false, $results, true)) {
		0 ignored issues – show Bug Best Practice introduced 2017-01-16 21:03 UTC by Report Bug Copy Issue Report The expression `$results` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
108		return $controller->redirect('lostpassword');
109		}
110
111		if ($member) {
112		/** @see MemberLoginForm::forgotPassword */
113		$token = $member->generateAutologinTokenAndStoreHash();
114		$e = Email::create()
115		->setSubject(_t('Member.SUBJECTPASSWORDRESET', 'Your password reset link', 'Email subject'))
116		->setHTMLTemplate('SilverStripe\\Control\\Email\\ForgotPasswordEmail')
117		->setData($member)
118		->setData(['PasswordResetLink' => Security::getPasswordResetLink($member, $token)]);
119		$e->setTo($member->Email);
120		$e->send();
121		return $controller->redirect($controller->Link('passwordsent/') . urlencode($data['Login']));
122		} elseif ($data['Login']) {
123		// Avoid information disclosure by displaying the same status,
124		// regardless whether the email address actually exists
125		return $controller->redirect($controller->Link('passwordsent/') . urlencode($data['Login']));
126		} else {
127		if (Config::inst()->get(LDAPAuthenticator::class, 'allow_email_login') === 'yes') {
128		$form->sessionMessage(
129		_t(
130		'LDAPLoginForm.ENTERUSERNAMEOREMAIL',
131		'Please enter your username or your email address to get a password reset link.'
132		),
133		'bad'
134		);
135		} else {
136		$form->sessionMessage(
137		_t(
138		'LDAPLoginForm.ENTERUSERNAME',
139		'Please enter your username to get a password reset link.'
140		),
141		'bad'
142		);
143		}
144		return $controller->redirect($controller->Link('lostpassword'));
145		}
146		}
147
148		/**
149		* Factory method for the lost password form
150		*
151		* @return Form Returns the lost password form
152		*/
153		public function lostPasswordForm()
154		{
155	View Code Duplication	if (Config::inst()->get(LDAPAuthenticator::class, 'allow_email_login') === 'yes') {
		0 ignored issues – show Duplication introduced 2017-09-03 01:42 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
156		$loginField = TextField::create(
157		'Login',
158		_t('LDAPLoginForm.USERNAMEOREMAIL', 'Username or email'),
159		null,
160		null,
161		$this
162		);
163		} else {
164		$loginField = TextField::create('Login', _t('LDAPLoginForm.USERNAME', 'Username'), null, null, $this);
165		}
166
167		$action = FormAction::create('forgotPassword', _t('Security.BUTTONSEND', 'Send me the password reset link'));
168		return LostPasswordForm::create(
169		$this,
170		$this->authenticatorClass,
171		'LostPasswordForm',
172		FieldList::create([$loginField]),
173		FieldList::create([$action]),
174		false
175		);
176		}
177
178		public function lostpassword()
179		{
180		if (Config::inst()->get(LDAPAuthenticator::class, 'allow_email_login') === 'yes') {
181		$message = _t(
182		'LDAPLostPasswordHandler.NOTERESETPASSWORDUSERNAMEOREMAIL',
183		'Enter your username or your email address and we will send you a link with which '
184		. 'you can reset your password'
185		);
186		} else {
187		$message = _t(
188		'LDAPLostPasswordHandler.NOTERESETPASSWORDUSERNAME',
189		'Enter your username and we will send you a link with which you can reset your password'
190		);
191		}
192
193		return [
194		'Content' => DBField::create_field('HTMLFragment', "<p>$message</p>"),
195		'Form' => $this->lostPasswordForm(),
196		];
197		}
198
199		public function passwordsent()
200		{
201		$username = Convert::raw2xml(rawurldecode($this->getRequest()->param('ID')));
202
203		return [
204		'Title' => _t(
205		'LDAPSecurity.PASSWORDSENTHEADER',
206		"Password reset link sent to '{username}'",
207		['username' => $username]
208		),
209		'Content' =>
210		_t(
211		'LDAPSecurity.PASSWORDSENTTEXT',
212		"Thank you! A reset link has been sent to '{username}', provided an account exists.",
213		['username' => $username]
214		),
215		'Username' => $username
216		];
217		}
218		}
219

silverstripe / silverstripe-activedirectory

Pull Request — master (#116)

LDAPLostPasswordHandler::lostPasswordForm() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like