ChangePasswordHandler - Code Metrics - Inspection of "Merge pull request #6692 from open-sausages/pulls/..." - silverstripe/silverstripe-framework - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 644ae6...bba86b )

by Daniel

created 2017-03-10 11:55 UTC

ChangePasswordHandler A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	94
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	7

Importance

Changes

Metric	Value
dl	0
loc	94
rs	10
c	0
b	0
f	0
wmc	13
lcom	1
cbo	7

2 Methods

Rating	Name	Duplication	Size	Complexity
C	doChangePassword()	0	78	12
A	redirectBackToForm()	0	6	1

<?php


namespace SilverStripe\Security;

use SilverStripe\Control\HTTPResponse;
use SilverStripe\Control\Session;
use SilverStripe\Forms\FormRequestHandler;

class ChangePasswordHandler extends FormRequestHandler
{
    /**
     * Change the password
     *
     * @param array $data The user submitted data
     * @return HTTPResponse
     */
    public function doChangePassword(array $data)
    {
        $member = Member::currentUser();
        // The user was logged in, check the current password
        if ($member && (
            empty($data['OldPassword']) ||
            !$member->checkPassword($data['OldPassword'])->isValid()
        )) {
            $this->form->sessionMessage(
                _t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"),
                "bad"
            );
            // redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
            return $this->redirectBackToForm();
        }

        if (!$member) {
            if (Session::get('AutoLoginHash')) {
                $member = Member::member_from_autologinhash(Session::get('AutoLoginHash'));
            }

            // The user is not logged in and no valid auto login hash is available
            if (!$member) {
                Session::clear('AutoLoginHash');
                return $this->redirect($this->addBackURLParam(Security::singleton()->Link('login')));
            }
        }

        // Check the new password
        if (empty($data['NewPassword1'])) {
            $this->form->sessionMessage(
                _t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"),
                "bad"
            );

            // redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
            return $this->redirectBackToForm();
        }

        // Fail if passwords do not match
        if ($data['NewPassword1'] !== $data['NewPassword2']) {
            $this->form->sessionMessage(
                _t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"),
                "bad"
            );
            // redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
            return $this->redirectBackToForm();
        }

        // Check if the new password is accepted
        $validationResult = $member->changePassword($data['NewPassword1']);
        if (!$validationResult->isValid()) {
            $this->form->setSessionValidationResult($validationResult);
            return $this->redirectBackToForm();
        }

        // Clear locked out status
        $member->LockedOutUntil = null;
        $member->FailedLoginCount = null;
        $member->write();

        if ($member->canLogIn()->isValid()) {
            $member->logIn();
        }

        // TODO Add confirmation message to login redirect
        Session::clear('AutoLoginHash');

        // Redirect to backurl
        $backURL = $this->getBackURL();
        if ($backURL) {
            return $this->redirect($backURL);
        }

        // Redirect to default location - the login form saying "You are logged in as..."
        $url = Security::singleton()->Link('login');
        return $this->redirect($url);
    }

    public function redirectBackToForm()
    {
        // Redirect back to form
        $url = $this->addBackURLParam(CMSSecurity::singleton()->Link('changepassword'));
        return $this->redirect($url);
    }
}


1			<?php
2
3
4			namespace SilverStripe\Security;
5
6			use SilverStripe\Control\HTTPResponse;
7			use SilverStripe\Control\Session;
8			use SilverStripe\Forms\FormRequestHandler;
9
10			class ChangePasswordHandler extends FormRequestHandler
11			{
12			/**
13			* Change the password
14			*
15			* @param array $data The user submitted data
16			* @return HTTPResponse
17			*/
18			public function doChangePassword(array $data)
19			{
20			$member = Member::currentUser();
21			// The user was logged in, check the current password
22			if ($member && (
23			empty($data['OldPassword']) \|\|
24			!$member->checkPassword($data['OldPassword'])->isValid()
25			)) {
26			$this->form->sessionMessage(
27			_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"),
28			"bad"
29			);
30			// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
31			return $this->redirectBackToForm();
32			}
33
34			if (!$member) {
35			if (Session::get('AutoLoginHash')) {
36			$member = Member::member_from_autologinhash(Session::get('AutoLoginHash'));
37			}
38
39			// The user is not logged in and no valid auto login hash is available
40			if (!$member) {
41			Session::clear('AutoLoginHash');
42			return $this->redirect($this->addBackURLParam(Security::singleton()->Link('login')));
43			}
44			}
45
46			// Check the new password
47			if (empty($data['NewPassword1'])) {
48			$this->form->sessionMessage(
49			_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"),
50			"bad"
51			);
52
53			// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
54			return $this->redirectBackToForm();
55			}
56
57			// Fail if passwords do not match
58			if ($data['NewPassword1'] !== $data['NewPassword2']) {
59			$this->form->sessionMessage(
60			_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"),
61			"bad"
62			);
63			// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
64			return $this->redirectBackToForm();
65			}
66
67			// Check if the new password is accepted
68			$validationResult = $member->changePassword($data['NewPassword1']);
69			if (!$validationResult->isValid()) {
70			$this->form->setSessionValidationResult($validationResult);
71			return $this->redirectBackToForm();
72			}
73
74			// Clear locked out status
75			$member->LockedOutUntil = null;
76			$member->FailedLoginCount = null;
77			$member->write();
78
79			if ($member->canLogIn()->isValid()) {
80			$member->logIn();
81			}
82
83			// TODO Add confirmation message to login redirect
84			Session::clear('AutoLoginHash');
85
86			// Redirect to backurl
87			$backURL = $this->getBackURL();
88			if ($backURL) {
89			return $this->redirect($backURL);
90			}
91
92			// Redirect to default location - the login form saying "You are logged in as..."
93			$url = Security::singleton()->Link('login');
94			return $this->redirect($url);
95			}
96
97			public function redirectBackToForm()
98			{
99			// Redirect back to form
100			$url = $this->addBackURLParam(CMSSecurity::singleton()->Link('changepassword'));
101			return $this->redirect($url);
102			}
103			}
104

silverstripe / silverstripe-framework

Push — master ( 644ae6...bba86b )

ChangePasswordHandler A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

2 Methods

Duplication Side-by-Side

Filter issues like