Duplicate code is one of the most pungent code smells. A rule that is often used is to re-structure code once it is duplicated in three or more places.
Common duplication problems, and corresponding solutions are:
1 | <?php |
||
22 | class LDAPLostPasswordHandler extends LostPasswordHandler |
||
23 | { |
||
24 | /** |
||
25 | * Since the logout and dologin actions may be conditionally removed, it's necessary to ensure these |
||
26 | * remain valid actions regardless of the member login state. |
||
27 | * |
||
28 | * @var array |
||
29 | * @config |
||
30 | */ |
||
31 | private static $allowed_actions = [ |
||
32 | 'lostpassword', |
||
33 | 'LostPasswordForm', |
||
34 | 'passwordsent', |
||
35 | ]; |
||
36 | |||
37 | |||
38 | /** |
||
39 | * @param string $link The URL to recreate this request handler |
||
40 | * @param LDAPAuthenticator $authenticator |
||
41 | */ |
||
42 | public function __construct($link, LDAPAuthenticator $authenticator) |
||
43 | { |
||
44 | $this->link = $link; |
||
45 | $this->authenticatorClass = get_class($authenticator); |
||
46 | parent::__construct($link); |
||
47 | } |
||
48 | |||
49 | /** |
||
50 | * Forgot password form handler method. |
||
51 | * |
||
52 | * Called when the user clicks on "I've lost my password". |
||
53 | * |
||
54 | * Extensions can use the 'forgotPassword' method to veto executing |
||
55 | * the logic, by returning FALSE. In this case, the user will be redirected back |
||
56 | * to the form without further action. It is recommended to set a message |
||
57 | * in the form detailing why the action was denied. |
||
58 | * |
||
59 | * @param array $data Submitted data |
||
60 | * @param LostPasswordForm $form |
||
61 | * @return HTTPResponse |
||
62 | */ |
||
63 | public function forgotPassword($data, $form) |
||
64 | { |
||
65 | /** @var Controller $controller */ |
||
66 | $controller = $form->getController(); |
||
67 | |||
68 | // No need to protect against injections, LDAPService will ensure that this is safe |
||
69 | $login = trim($data['Login']); |
||
70 | |||
71 | $service = Injector::inst()->get(LDAPService::class); |
||
72 | if (Email::is_valid_address($login)) { |
||
73 | if (Config::inst()->get(LDAPAuthenticator::class, 'allow_email_login') != 'yes') { |
||
74 | $form->sessionMessage( |
||
75 | _t( |
||
76 | 'SilverStripe\\ActiveDirectory\\Forms\\LDAPLoginForm.USERNAMEINSTEADOFEMAIL', |
||
77 | 'Please enter your username instead of your email to get a password reset link.' |
||
78 | ), |
||
79 | 'bad' |
||
80 | ); |
||
81 | return $controller->redirect($controller->Link('lostpassword')); |
||
82 | } |
||
83 | $userData = $service->getUserByEmail($login); |
||
84 | } else { |
||
85 | $userData = $service->getUserByUsername($login); |
||
86 | } |
||
87 | // Avoid information disclosure by displaying the same status, |
||
88 | // regardless whether the email address actually exists |
||
89 | if (!isset($userData['objectguid'])) { |
||
90 | return $controller->redirect($controller->Link('passwordsent/') |
||
91 | . urlencode($data['Login'])); |
||
92 | } |
||
93 | |||
94 | $member = Member::get()->filter('GUID', $userData['objectguid'])->limit(1)->first(); |
||
95 | // User haven't been imported yet so do that now |
||
96 | View Code Duplication | if (!($member && $member->exists())) { |
|
97 | $member = new Member(); |
||
98 | $member->GUID = $userData['objectguid']; |
||
99 | } |
||
100 | |||
101 | // Update the users from LDAP so we are sure that the email is correct. |
||
102 | // This will also write the Member record. |
||
103 | $service->updateMemberFromLDAP($member, $userData, false); |
||
104 | |||
105 | // Allow vetoing forgot password requests |
||
106 | $results = $this->extend('forgotPassword', $member); |
||
107 | if ($results && is_array($results) && in_array(false, $results, true)) { |
||
108 | return $controller->redirect('lostpassword'); |
||
109 | } |
||
110 | |||
111 | if ($member) { |
||
112 | /** @see MemberLoginForm::forgotPassword */ |
||
113 | $token = $member->generateAutologinTokenAndStoreHash(); |
||
114 | $e = Email::create() |
||
115 | ->setSubject( |
||
116 | _t( |
||
117 | 'Silverstripe\\Security\\Member.SUBJECTPASSWORDRESET', |
||
118 | 'Your password reset link', |
||
119 | 'Email subject' |
||
120 | ) |
||
121 | ) |
||
122 | ->setHTMLTemplate('SilverStripe\\Control\\Email\\ForgotPasswordEmail') |
||
123 | ->setData($member) |
||
124 | ->setData(['PasswordResetLink' => Security::getPasswordResetLink($member, $token)]); |
||
125 | $e->setTo($member->Email); |
||
126 | $e->send(); |
||
127 | return $controller->redirect($controller->Link('passwordsent/') . urlencode($data['Login'])); |
||
128 | } elseif ($data['Login']) { |
||
129 | // Avoid information disclosure by displaying the same status, |
||
130 | // regardless whether the email address actually exists |
||
131 | return $controller->redirect($controller->Link('passwordsent/') . urlencode($data['Login'])); |
||
132 | } else { |
||
133 | if (Config::inst()->get(LDAPAuthenticator::class, 'allow_email_login') === 'yes') { |
||
134 | $form->sessionMessage( |
||
135 | _t( |
||
136 | 'SilverStripe\\ActiveDirectory\\Forms\\LDAPLoginForm.ENTERUSERNAMEOREMAIL', |
||
137 | 'Please enter your username or your email address to get a password reset link.' |
||
138 | ), |
||
139 | 'bad' |
||
140 | ); |
||
141 | } else { |
||
142 | $form->sessionMessage( |
||
143 | _t( |
||
144 | 'SilverStripe\\ActiveDirectory\\Forms\\LDAPLoginForm.ENTERUSERNAME', |
||
145 | 'Please enter your username to get a password reset link.' |
||
146 | ), |
||
147 | 'bad' |
||
148 | ); |
||
149 | } |
||
150 | return $controller->redirect($controller->Link('lostpassword')); |
||
151 | } |
||
152 | } |
||
153 | |||
154 | /** |
||
155 | * Factory method for the lost password form |
||
156 | * |
||
157 | * @return Form Returns the lost password form |
||
158 | */ |
||
159 | public function lostPasswordForm() |
||
160 | { |
||
161 | $loginFieldLabel = (Config::inst()->get(LDAPAuthenticator::class, 'allow_email_login') === 'yes') ? |
||
162 | _t('SilverStripe\\ActiveDirectory\\Forms\\LDAPLoginForm.USERNAMEOREMAIL', 'Username or email') : |
||
163 | _t('SilverStripe\\ActiveDirectory\\Forms\\LDAPLoginForm.USERNAME', 'Username'); |
||
164 | $loginField = TextField::create('Login', $loginFieldLabel); |
||
165 | |||
166 | $action = FormAction::create( |
||
167 | 'forgotPassword', |
||
168 | _t('SilverStripe\\Security\\Security.BUTTONSEND', 'Send me the password reset link') |
||
169 | ); |
||
170 | return LostPasswordForm::create( |
||
171 | $this, |
||
172 | $this->authenticatorClass, |
||
173 | 'LostPasswordForm', |
||
174 | FieldList::create([$loginField]), |
||
175 | FieldList::create([$action]), |
||
176 | false |
||
177 | ); |
||
178 | } |
||
179 | |||
180 | public function lostpassword() |
||
200 | |||
201 | public function passwordsent() |
||
202 | { |
||
203 | $username = Convert::raw2xml( |
||
223 | } |
||
224 |