CookieAuthenticationHandler - Code Metrics - Inspection of "[FIX] CMSSecurity doesn't have Authenticators assi..." - silverstripe/silverstripe-framework - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#7007)

by Simon

created 2017-06-10 02:49 UTC

CookieAuthenticationHandler A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	229
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	8

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
dl	0
loc	229
rs	10
c	1
b	0
f	0
wmc	23
lcom	1
cbo	8

10 Methods

Rating	Name	Size	Complexity
A	getDeviceCookieName()	4	1
A	clearCookies()	7	1
A	getTokenCookieName()	4	1
A	setDeviceCookieName()	5	1
A	setTokenCookieName()	5	1
C	authenticateRequest()	70	10
B	logIn()	35	3
A	logOut()	14	3
A	getCascadeInTo()	4	1
A	setCascadeInTo()	5	1

<?php

namespace SilverStripe\Security\MemberAuthenticator;

use SilverStripe\Control\Cookie;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\Security\AuthenticationHandler;
use SilverStripe\Security\IdentityStore;
use SilverStripe\Security\Member;
use SilverStripe\Security\RememberLoginHash;
use SilverStripe\Security\Security;

/**
 * Authenticate a member pased on a session cookie
 */
class CookieAuthenticationHandler implements AuthenticationHandler
{

    /**
     * @var string
     */
    private $deviceCookieName;

    /**
     * @var string
     */
    private $tokenCookieName;

    /**
     * @var IdentityStore
     */
    private $cascadeInTo;

    /**
     * Get the name of the cookie used to track this device
     *
     * @return string
     */
    public function getDeviceCookieName()
    {
        return $this->deviceCookieName;
    }

    /**
     * Set the name of the cookie used to track this device
     *
     * @param string $deviceCookieName
     * @return $this
     */
    public function setDeviceCookieName($deviceCookieName)
    {
        $this->deviceCookieName = $deviceCookieName;
        return $this;
    }

    /**
     * Get the name of the cookie used to store an login token
     *
     * @return string
     */
    public function getTokenCookieName()
    {
        return $this->tokenCookieName;
    }

    /**
     * Set the name of the cookie used to store an login token
     *
     * @param string $tokenCookieName
     * @return $this
     */
    public function setTokenCookieName($tokenCookieName)
    {
        $this->tokenCookieName = $tokenCookieName;
        return $this;
    }

    /**
     * Once a member is found by authenticateRequest() pass it to this identity store
     *
     * @return IdentityStore
     */
    public function getCascadeInTo()
    {
        return $this->cascadeInTo;
    }

    /**
     * Set the name of the cookie used to store an login token
     *
     * @param IdentityStore $cascadeInTo
     * @return $this
     */
    public function setCascadeInTo(IdentityStore $cascadeInTo)
    {
        $this->cascadeInTo = $cascadeInTo;
        return $this;
    }

    /**
     * @param HTTPRequest $request
     * @return Member
     */
    public function authenticateRequest(HTTPRequest $request)
    {
        $uidAndToken = Cookie::get($this->getTokenCookieName());
        $deviceID = Cookie::get($this->getDeviceCookieName());

        // @todo Consider better placement of database_is_ready test
        if ($deviceID === null || strpos($uidAndToken, ':') === false || !Security::database_is_ready()) {
            return null;
        }

        list($uid, $token) = explode(':', $uidAndToken, 2);

        if (!$uid || !$token) {
            return null;
        }

        // check if autologin token matches
        /** @var Member $member */
        $member = Member::get()->byID($uid);
        if (!$member) {
            return null;
        }

        $hash = $member->encryptWithUserSettings($token);

        /** @var RememberLoginHash $rememberLoginHash */
        $rememberLoginHash = RememberLoginHash::get()
            ->filter(array(
                'MemberID' => $member->ID,
                'DeviceID' => $deviceID,
                'Hash'     => $hash
            ))->first();
        if (!$rememberLoginHash) {
            return null;
        }

        // Check for expired token
        $expiryDate = new \DateTime($rememberLoginHash->ExpiryDate);
        $now = DBDatetime::now();
        $now = new \DateTime($now->Rfc2822());
        if ($now > $expiryDate) {
            return null;
        }

        if ($this->cascadeInTo) {
            // @todo look at how to block "regular login" triggers from happening here
            // @todo deal with the fact that the Session::current_session() isn't correct here :-/
            $this->cascadeInTo->logIn($member, false, $request);
        }

        // @todo Consider whether response should be part of logIn() as well

        // Renew the token
        $rememberLoginHash->renew();
        $tokenExpiryDays = RememberLoginHash::config()->uninherited('token_expiry_days');
        Cookie::set(
            $this->getTokenCookieName(),
            $member->ID . ':' . $rememberLoginHash->getToken(),
            $tokenExpiryDays,
            null,
            null,
            false,
            true
        );

        // Audit logging hook
        $member->extend('memberAutoLoggedIn');

        return $member;
    }

    /**
     * @param Member $member
     * @param bool $persistent
     * @param HTTPRequest $request
     */
    public function logIn(Member $member, $persistent = false, HTTPRequest $request = null)
    {
        // Cleans up any potential previous hash for this member on this device
        if ($alcDevice = Cookie::get($this->getDeviceCookieName())) {
            RememberLoginHash::get()->filter('DeviceID', $alcDevice)->removeAll();
        }

        // Set a cookie for persistent log-ins
        if ($persistent) {
            $rememberLoginHash = RememberLoginHash::generate($member);
            $tokenExpiryDays = RememberLoginHash::config()->uninherited('token_expiry_days');
            $deviceExpiryDays = RememberLoginHash::config()->uninherited('device_expiry_days');
            Cookie::set(
                $this->getTokenCookieName(),
                $member->ID . ':' . $rememberLoginHash->getToken(),
                $tokenExpiryDays,
                null,
                null,
                null,
                true
            );
            Cookie::set(
                $this->getDeviceCookieName(),
                $rememberLoginHash->DeviceID,
                $deviceExpiryDays,
                null,
                null,
                null,
                true
            );
        } else {
            // Clear a cookie for non-persistent log-ins
            $this->clearCookies();
        }
    }

    /**
     * @param HTTPRequest $request
     */
    public function logOut(HTTPRequest $request = null)
    {
        $member = Security::getCurrentUser();
        if ($member) {
            RememberLoginHash::clear($member, Cookie::get('alc_device'));
        }
        $this->clearCookies();

        if ($this->cascadeInTo) {
            $this->cascadeInTo->logOut($request);
        }

        Security::setCurrentUser(null);
    }

    /**
     * Clear the cookies set for the user
     */
    protected function clearCookies()
    {
        Cookie::set($this->getTokenCookieName(), null);
        Cookie::set($this->getDeviceCookieName(), null);
        Cookie::force_expiry($this->getTokenCookieName());
        Cookie::force_expiry($this->getDeviceCookieName());
    }
}


1			<?php
2
3			namespace SilverStripe\Security\MemberAuthenticator;
4
5			use SilverStripe\Control\Cookie;
6			use SilverStripe\Control\HTTPRequest;
7			use SilverStripe\ORM\FieldType\DBDatetime;
8			use SilverStripe\Security\AuthenticationHandler;
9			use SilverStripe\Security\IdentityStore;
10			use SilverStripe\Security\Member;
11			use SilverStripe\Security\RememberLoginHash;
12			use SilverStripe\Security\Security;
13
14			/**
15			* Authenticate a member pased on a session cookie
16			*/
17			class CookieAuthenticationHandler implements AuthenticationHandler
18			{
19
20			/**
21			* @var string
22			*/
23			private $deviceCookieName;
24
25			/**
26			* @var string
27			*/
28			private $tokenCookieName;
29
30			/**
31			* @var IdentityStore
32			*/
33			private $cascadeInTo;
34
35			/**
36			* Get the name of the cookie used to track this device
37			*
38			* @return string
39			*/
40			public function getDeviceCookieName()
41			{
42			return $this->deviceCookieName;
43			}
44
45			/**
46			* Set the name of the cookie used to track this device
47			*
48			* @param string $deviceCookieName
49			* @return $this
50			*/
51			public function setDeviceCookieName($deviceCookieName)
52			{
53			$this->deviceCookieName = $deviceCookieName;
54			return $this;
55			}
56
57			/**
58			* Get the name of the cookie used to store an login token
59			*
60			* @return string
61			*/
62			public function getTokenCookieName()
63			{
64			return $this->tokenCookieName;
65			}
66
67			/**
68			* Set the name of the cookie used to store an login token
69			*
70			* @param string $tokenCookieName
71			* @return $this
72			*/
73			public function setTokenCookieName($tokenCookieName)
74			{
75			$this->tokenCookieName = $tokenCookieName;
76			return $this;
77			}
78
79			/**
80			* Once a member is found by authenticateRequest() pass it to this identity store
81			*
82			* @return IdentityStore
83			*/
84			public function getCascadeInTo()
85			{
86			return $this->cascadeInTo;
87			}
88
89			/**
90			* Set the name of the cookie used to store an login token
91			*
92			* @param IdentityStore $cascadeInTo
93			* @return $this
94			*/
95			public function setCascadeInTo(IdentityStore $cascadeInTo)
96			{
97			$this->cascadeInTo = $cascadeInTo;
98			return $this;
99			}
100
101			/**
102			* @param HTTPRequest $request
103			* @return Member
104			*/
105			public function authenticateRequest(HTTPRequest $request)
106			{
107			$uidAndToken = Cookie::get($this->getTokenCookieName());
108			$deviceID = Cookie::get($this->getDeviceCookieName());
109
110			// @todo Consider better placement of database_is_ready test
111			if ($deviceID === null \|\| strpos($uidAndToken, ':') === false \|\| !Security::database_is_ready()) {
112			return null;
113			}
114
115			list($uid, $token) = explode(':', $uidAndToken, 2);
116
117			if (!$uid \|\| !$token) {
118			return null;
119			}
120
121			// check if autologin token matches
122			/** @var Member $member */
123			$member = Member::get()->byID($uid);
124			if (!$member) {
125			return null;
126			}
127
128			$hash = $member->encryptWithUserSettings($token);
129
130			/** @var RememberLoginHash $rememberLoginHash */
131			$rememberLoginHash = RememberLoginHash::get()
132			->filter(array(
133			'MemberID' => $member->ID,
134			'DeviceID' => $deviceID,
135			'Hash' => $hash
136			))->first();
137			if (!$rememberLoginHash) {
138			return null;
139			}
140
141			// Check for expired token
142			$expiryDate = new \DateTime($rememberLoginHash->ExpiryDate);
143			$now = DBDatetime::now();
144			$now = new \DateTime($now->Rfc2822());
145			if ($now > $expiryDate) {
146			return null;
147			}
148
149			if ($this->cascadeInTo) {
150			// @todo look at how to block "regular login" triggers from happening here
151			// @todo deal with the fact that the Session::current_session() isn't correct here :-/
152			$this->cascadeInTo->logIn($member, false, $request);
153			}
154
155			// @todo Consider whether response should be part of logIn() as well
156
157			// Renew the token
158			$rememberLoginHash->renew();
159			$tokenExpiryDays = RememberLoginHash::config()->uninherited('token_expiry_days');
160			Cookie::set(
161			$this->getTokenCookieName(),
162			$member->ID . ':' . $rememberLoginHash->getToken(),
163			$tokenExpiryDays,
164			null,
165			null,
166			false,
167			true
168			);
169
170			// Audit logging hook
171			$member->extend('memberAutoLoggedIn');
172
173			return $member;
174			}
175
176			/**
177			* @param Member $member
178			* @param bool $persistent
179			* @param HTTPRequest $request
180			*/
181			public function logIn(Member $member, $persistent = false, HTTPRequest $request = null)
182			{
183			// Cleans up any potential previous hash for this member on this device
184			if ($alcDevice = Cookie::get($this->getDeviceCookieName())) {
185			RememberLoginHash::get()->filter('DeviceID', $alcDevice)->removeAll();
186			}
187
188			// Set a cookie for persistent log-ins
189			if ($persistent) {
190			$rememberLoginHash = RememberLoginHash::generate($member);
191			$tokenExpiryDays = RememberLoginHash::config()->uninherited('token_expiry_days');
192			$deviceExpiryDays = RememberLoginHash::config()->uninherited('device_expiry_days');
193			Cookie::set(
194			$this->getTokenCookieName(),
195			$member->ID . ':' . $rememberLoginHash->getToken(),
196			$tokenExpiryDays,
197			null,
198			null,
199			null,
200			true
201			);
202			Cookie::set(
203			$this->getDeviceCookieName(),
204			$rememberLoginHash->DeviceID,
205			$deviceExpiryDays,
206			null,
207			null,
208			null,
209			true
210			);
211			} else {
212			// Clear a cookie for non-persistent log-ins
213			$this->clearCookies();
214			}
215			}
216
217			/**
218			* @param HTTPRequest $request
219			*/
220			public function logOut(HTTPRequest $request = null)
221			{
222			$member = Security::getCurrentUser();
223			if ($member) {
224			RememberLoginHash::clear($member, Cookie::get('alc_device'));
225			}
226			$this->clearCookies();
227
228			if ($this->cascadeInTo) {
229			$this->cascadeInTo->logOut($request);
230			}
231
232			Security::setCurrentUser(null);
233			}
234
235			/**
236			* Clear the cookies set for the user
237			*/
238			protected function clearCookies()
239			{
240			Cookie::set($this->getTokenCookieName(), null);
241			Cookie::set($this->getDeviceCookieName(), null);
242			Cookie::force_expiry($this->getTokenCookieName());
243			Cookie::force_expiry($this->getDeviceCookieName());
244			}
245			}
246

silverstripe / silverstripe-framework

Pull Request — master (#7007)

CookieAuthenticationHandler A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

10 Methods

Duplication Side-by-Side

Filter issues like