Issues in AccessCheck.php (master) - Issues in master - simplesamlphp/simplesamlphp-module-statistics - Measure and Improve Code Quality continuously with Scrutinizer

Issues (14)

src/AccessCheck.php (1 issue)

Labels

Severity

<?php

declare(strict_types=1);

namespace SimpleSAML\Module\statistics;

use Exception;
use SimpleSAML\Auth;
use SimpleSAML\Configuration;
use SimpleSAML\Error;
use SimpleSAML\Logger;
use SimpleSAML\Utils;

/**
 * Class implementing the access checker function for the statistics module.
 *
 * @package SimpleSAMLphp
 */
class AccessCheck
{
    /**
     * Check that the user has access to the statistics.
     * If the user doesn't have access, send the user to the login page.
     *
     * @param \SimpleSAML\Configuration $statconfig
     * @throws \Exception
     * @throws \SimpleSAML\Error\Exception
     */
    public static function checkAccess(Configuration $statconfig): void
    {
        $protected = $statconfig->getOptionalBoolean('protected', false);
        $authsource = $statconfig->getOptionalString('auth', null);
        $allowedusers = $statconfig->getOptionalValue('allowedUsers', null);
        $useridattr = $statconfig->getOptionalString('useridattr', 'eduPersonPrincipalName');

        $acl = $statconfig->getOptionalValue('acl', null);
        if ($acl !== null && !is_string($acl) && !is_array($acl)) {
            throw new Error\Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
        }

        if (!$protected) {
$a = canBeFalseAndNull();

// Instead of
if ( ! $a) { }

// Better use one of the explicit versions:
if ($a !== null) { }
if ($a !== false) { }
if ($a !== null && $a !== false) { }
            return;
        }

        $authUtils = new Utils\Auth();
        if ($authUtils->isAdmin()) {
            // User logged in as admin. OK.
            Logger::debug('Statistics auth - logged in as admin, access granted');
            return;
        }

        if (!isset($authsource)) {
            // If authsource is not defined, init admin login.
            $authUtils->requireAdmin();
        }

        // We are using an authsource for login.

        $as = new Auth\Simple($authsource);
        $as->requireAuth();

        // User logged in with auth source.
        Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');

        // Retrieving attributes
        $attributes = $as->getAttributes();

        if (!empty($allowedusers)) {
            // Check if userid exists
            if (!isset($attributes[$useridattr][0])) {
                throw new Exception('User ID is missing');
            }

            // Check if userid is allowed access..
            if (in_array($attributes[$useridattr][0], $allowedusers, true)) {
                Logger::debug(
                    'Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']',
                );
                return;
            }
            Logger::debug(
                'Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']',
            );
        } else {
            Logger::debug('Statistics auth - no allowedUsers list.');
        }

        if (!is_null($acl)) {
            $acl = new ACL($acl);
            if ($acl->allows($attributes)) {
                Logger::debug('Statistics auth - allowed access by ACL.');
                return;
            }
            Logger::debug('Statistics auth - denied access by ACL.');
        } else {
            Logger::debug('Statistics auth - no ACL configured.');
        }
        throw new Error\Exception('Access denied to the current user.');
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace SimpleSAML\Module\statistics;
6
7			use Exception;
8			use SimpleSAML\Auth;
9			use SimpleSAML\Configuration;
10			use SimpleSAML\Error;
11			use SimpleSAML\Logger;
12			use SimpleSAML\Utils;
13
14			/**
15			* Class implementing the access checker function for the statistics module.
16			*
17			* @package SimpleSAMLphp
18			*/
19			class AccessCheck
20			{
21			/**
22			* Check that the user has access to the statistics.
23			* If the user doesn't have access, send the user to the login page.
24			*
25			* @param \SimpleSAML\Configuration $statconfig
26			* @throws \Exception
27			* @throws \SimpleSAML\Error\Exception
28			*/
29			public static function checkAccess(Configuration $statconfig): void
30			{
31			$protected = $statconfig->getOptionalBoolean('protected', false);
32			$authsource = $statconfig->getOptionalString('auth', null);
33			$allowedusers = $statconfig->getOptionalValue('allowedUsers', null);
34			$useridattr = $statconfig->getOptionalString('useridattr', 'eduPersonPrincipalName');
35
36			$acl = $statconfig->getOptionalValue('acl', null);
37			if ($acl !== null && !is_string($acl) && !is_array($acl)) {
38			throw new Error\Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
39			}
40
41			if (!$protected) {
			0 ignored issues – show Bug Best Practice introduced 2022-03-16 22:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$protected` of type `boolean\|null` is loosely compared to `false`; this is ambiguous if the boolean can be false. You might want to explicitly use `!== null` instead. If an expression can have both `false`, and `null` as possible values. It is generally a good practice to always use strict comparison to clearly distinguish between those two values. $a = canBeFalseAndNull(); // Instead of if ( ! $a) { } // Better use one of the explicit versions: if ($a !== null) { } if ($a !== false) { } if ($a !== null && $a !== false) { } Loading history...
42			return;
43			}
44
45			$authUtils = new Utils\Auth();
46			if ($authUtils->isAdmin()) {
47			// User logged in as admin. OK.
48			Logger::debug('Statistics auth - logged in as admin, access granted');
49			return;
50			}
51
52			if (!isset($authsource)) {
53			// If authsource is not defined, init admin login.
54			$authUtils->requireAdmin();
55			}
56
57			// We are using an authsource for login.
58
59			$as = new Auth\Simple($authsource);
60			$as->requireAuth();
61
62			// User logged in with auth source.
63			Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
64
65			// Retrieving attributes
66			$attributes = $as->getAttributes();
67
68			if (!empty($allowedusers)) {
69			// Check if userid exists
70			if (!isset($attributes[$useridattr][0])) {
71			throw new Exception('User ID is missing');
72			}
73
74			// Check if userid is allowed access..
75			if (in_array($attributes[$useridattr][0], $allowedusers, true)) {
76			Logger::debug(
77			'Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']',
78			);
79			return;
80			}
81			Logger::debug(
82			'Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']',
83			);
84			} else {
85			Logger::debug('Statistics auth - no allowedUsers list.');
86			}
87
88			if (!is_null($acl)) {
89			$acl = new ACL($acl);
90			if ($acl->allows($attributes)) {
91			Logger::debug('Statistics auth - allowed access by ACL.');
92			return;
93			}
94			Logger::debug('Statistics auth - denied access by ACL.');
95			} else {
96			Logger::debug('Statistics auth - no ACL configured.');
97			}
98			throw new Error\Exception('Access denied to the current user.');
99			}
100			}
101

simplesamlphp / simplesamlphp-module-statistics

Issues (14)

src/AccessCheck.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like