MemberExtension::generateAccountResetTokenAndStoreHash() - Code Metrics - Inspection of "Group AccountReset extensions, implement full Acco..." - silverstripe/silverstripe-mfa - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#165)

by Garion

created 2019-06-07 01:31 UTC

generateAccountResetTokenAndStoreHash() A

↳ Parent: MemberExtension

Complexity

Conditions	2
Paths	1

Size

Total Lines	20
Code Lines	13

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
eloc	13
nc	1
nop	0
dl	0
loc	20
rs	9.8333
c	0
b	0
f	0

<?php declare(strict_types=1);

namespace SilverStripe\MFA\Extension\AccountReset;

use SilverStripe\Forms\FieldList;
use SilverStripe\ORM\DataExtension;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\Security\Member;
use SilverStripe\Security\RandomGenerator;

/**
 * Provides DB columns / methods for account resets on Members
 *
 * @package SilverStripe\MFA\Extension
 * @property Member owner
 * @property string AccountResetHash
 * @property DBDatetime AccountResetExpired
 */
class MemberExtension extends DataExtension
{
    private static $db = [

        'AccountResetHash' => 'Varchar(160)',
        'AccountResetExpired' => 'Datetime',
    ];

    public function updateCMSFields(FieldList $fields)
    {
        $fields->removeByName(['AccountResetHash', 'AccountResetExpired']);

        return $fields;
    }

    /**
     * Mirrors the implementation in Member::generateAutologinTokenAndStoreHash(),
     * but against the AccountReset fields.
     *
     * @return string
     */
    public function generateAccountResetTokenAndStoreHash(): string
    {
        $lifetime = $this->owner->config()->auto_login_token_lifetime;
        $generator = new RandomGenerator();

        do {
            $token = $generator->randomToken();
            $hash = $this->owner->encryptWithUserSettings($token);
        } while (DataObject::get_one(Member::class, [
            '"Member"."AccountResetHash"' => $hash,
        ]));

        $this->owner->AccountResetHash = $hash;
        $this->owner->AccountResetExpired = DBDatetime::create(
            DBDatetime::now()->getTimestamp() + $lifetime
        )->Rfc2822();

        $this->owner->write();

        return $token;
    }

    /**
     * Based on Member::validateAutoLoginToken() and Member::member_from_autologinhash().
     *
     * @param string $token
     * @return Member
     */
    public function verifyAccountResetToken(string $token): bool
    {
        if (!$this->owner->exists()) {
            return false;

        }

        $hash = $this->owner->encryptWithUserSettings($token);

        return (

            $this->owner->AccountResetHash === $hash &&
            $this->owner->AccountResetExpired < DBDatetime::now()->getValue()
        );
    }
}


1			<?php declare(strict_types=1);
2
3			namespace SilverStripe\MFA\Extension\AccountReset;
4
5			use SilverStripe\Forms\FieldList;
6			use SilverStripe\ORM\DataExtension;
7			use SilverStripe\ORM\DataObject;
8			use SilverStripe\ORM\FieldType\DBDatetime;
9			use SilverStripe\Security\Member;
10			use SilverStripe\Security\RandomGenerator;
11
12			/**
13			* Provides DB columns / methods for account resets on Members
14			*
15			* @package SilverStripe\MFA\Extension
16			* @property Member owner
17			* @property string AccountResetHash
18			* @property DBDatetime AccountResetExpired
19			*/
20			class MemberExtension extends DataExtension
21			{
22			private static $db = [
			0 ignored issues – show introduced 2019-05-20 06:16 UTC by Report Bug Copy Issue Report The private property `$db` is not used, and could be removed. Loading history...
23			'AccountResetHash' => 'Varchar(160)',
24			'AccountResetExpired' => 'Datetime',
25			];
26
27			public function updateCMSFields(FieldList $fields)
28			{
29			$fields->removeByName(['AccountResetHash', 'AccountResetExpired']);
30
31			return $fields;
32			}
33
34			/**
35			* Mirrors the implementation in Member::generateAutologinTokenAndStoreHash(),
36			* but against the AccountReset fields.
37			*
38			* @return string
39			*/
40			public function generateAccountResetTokenAndStoreHash(): string
41			{
42			$lifetime = $this->owner->config()->auto_login_token_lifetime;
43			$generator = new RandomGenerator();
44
45			do {
46			$token = $generator->randomToken();
47			$hash = $this->owner->encryptWithUserSettings($token);
48			} while (DataObject::get_one(Member::class, [
49			'"Member"."AccountResetHash"' => $hash,
50			]));
51
52			$this->owner->AccountResetHash = $hash;
53			$this->owner->AccountResetExpired = DBDatetime::create(
54			DBDatetime::now()->getTimestamp() + $lifetime
55			)->Rfc2822();
56
57			$this->owner->write();
58
59			return $token;
60			}
61
62			/**
63			* Based on Member::validateAutoLoginToken() and Member::member_from_autologinhash().
64			*
65			* @param string $token
66			* @return Member
67			*/
68			public function verifyAccountResetToken(string $token): bool
69			{
70			if (!$this->owner->exists()) {
71			return false;
			0 ignored issues – show Bug Best Practice introduced 2019-06-07 00:09 UTC by Report Bug Copy Issue Report The expression `return false` returns the type `false` which is incompatible with the documented return type `SilverStripe\Security\Member`. Loading history...
72			}
73
74			$hash = $this->owner->encryptWithUserSettings($token);
75
76			return (
			0 ignored issues – show Bug Best Practice introduced 2019-06-07 00:09 UTC by Report Bug Copy Issue Report The expression `return $this->owner->Acc...time::now()->getValue()` returns the type `boolean` which is incompatible with the documented return type `SilverStripe\Security\Member`. Loading history...
77			$this->owner->AccountResetHash === $hash &&
78			$this->owner->AccountResetExpired < DBDatetime::now()->getValue()
79			);
80			}
81			}
82

silverstripe / silverstripe-mfa

Pull Request — master (#165)

generateAccountResetTokenAndStoreHash() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like