ChangePasswordHandler - Code Metrics - Inspection of "WIP - refactoring of authenticators" - sminnee/silverstripe-framework - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — authenticator-refactor ( f35b0f...d33fab )

by Sam

created 2017-04-22 04:37 UTC

ChangePasswordHandler A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	94
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	5

Importance

Changes

Metric	Value
dl	0
loc	94
rs	10
c	0
b	0
f	0
wmc	13
lcom	1
cbo	5

2 Methods

Rating	Name	Duplication	Size	Complexity
C	doChangePassword()	0	78	12
A	redirectBackToForm()	0	6	1

<?php


namespace SilverStripe\Security\MemberAuthenticator;

use SilverStripe\Control\HTTPResponse;
use SilverStripe\Control\Session;
use SilverStripe\Forms\FormRequestHandler;
use SilverStripe\Security\Member;


class ChangePasswordHandler extends FormRequestHandler
{
    /**
     * Change the password
     *
     * @param array $data The user submitted data
     * @return HTTPResponse
     */
    public function doChangePassword(array $data)
    {
        $member = Member::currentUser();
        // The user was logged in, check the current password
        if ($member && (
            empty($data['OldPassword']) ||
            !$member->checkPassword($data['OldPassword'])->isValid()
        )) {
            $this->form->sessionMessage(
                _t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"),
                "bad"
            );
            // redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
            return $this->redirectBackToForm();
        }

        if (!$member) {
            if (Session::get('AutoLoginHash')) {
                $member = Member::member_from_autologinhash(Session::get('AutoLoginHash'));
            }

            // The user is not logged in and no valid auto login hash is available
            if (!$member) {
                Session::clear('AutoLoginHash');
                return $this->redirect($this->addBackURLParam(Security::singleton()->Link('login')));
            }
        }

        // Check the new password
        if (empty($data['NewPassword1'])) {
            $this->form->sessionMessage(
                _t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"),
                "bad"
            );

            // redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
            return $this->redirectBackToForm();
        }

        // Fail if passwords do not match
        if ($data['NewPassword1'] !== $data['NewPassword2']) {
            $this->form->sessionMessage(
                _t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"),
                "bad"
            );
            // redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
            return $this->redirectBackToForm();
        }

        // Check if the new password is accepted
        $validationResult = $member->changePassword($data['NewPassword1']);
        if (!$validationResult->isValid()) {
            $this->form->setSessionValidationResult($validationResult);
            return $this->redirectBackToForm();
        }

        // Clear locked out status
        $member->LockedOutUntil = null;
        $member->FailedLoginCount = null;
        $member->write();

        if ($member->canLogIn()->isValid()) {
            $member->logIn();
        }

        // TODO Add confirmation message to login redirect
        Session::clear('AutoLoginHash');

        // Redirect to backurl
        $backURL = $this->getBackURL();
        if ($backURL) {
            return $this->redirect($backURL);
        }

        // Redirect to default location - the login form saying "You are logged in as..."
        $url = Security::singleton()->Link('login');
        return $this->redirect($url);
    }

    public function redirectBackToForm()
    {
        // Redirect back to form
        $url = $this->addBackURLParam(CMSSecurity::singleton()->Link('changepassword'));
        return $this->redirect($url);
    }
}


1			<?php
2
3
4			namespace SilverStripe\Security\MemberAuthenticator;
5
6			use SilverStripe\Control\HTTPResponse;
7			use SilverStripe\Control\Session;
8			use SilverStripe\Forms\FormRequestHandler;
9			use SilverStripe\Security\Member;
10
11
12			class ChangePasswordHandler extends FormRequestHandler
13			{
14			/**
15			* Change the password
16			*
17			* @param array $data The user submitted data
18			* @return HTTPResponse
19			*/
20			public function doChangePassword(array $data)
21			{
22			$member = Member::currentUser();
23			// The user was logged in, check the current password
24			if ($member && (
25			empty($data['OldPassword']) \|\|
26			!$member->checkPassword($data['OldPassword'])->isValid()
27			)) {
28			$this->form->sessionMessage(
29			_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"),
30			"bad"
31			);
32			// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
33			return $this->redirectBackToForm();
34			}
35
36			if (!$member) {
37			if (Session::get('AutoLoginHash')) {
38			$member = Member::member_from_autologinhash(Session::get('AutoLoginHash'));
39			}
40
41			// The user is not logged in and no valid auto login hash is available
42			if (!$member) {
43			Session::clear('AutoLoginHash');
44			return $this->redirect($this->addBackURLParam(Security::singleton()->Link('login')));
45			}
46			}
47
48			// Check the new password
49			if (empty($data['NewPassword1'])) {
50			$this->form->sessionMessage(
51			_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"),
52			"bad"
53			);
54
55			// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
56			return $this->redirectBackToForm();
57			}
58
59			// Fail if passwords do not match
60			if ($data['NewPassword1'] !== $data['NewPassword2']) {
61			$this->form->sessionMessage(
62			_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"),
63			"bad"
64			);
65			// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
66			return $this->redirectBackToForm();
67			}
68
69			// Check if the new password is accepted
70			$validationResult = $member->changePassword($data['NewPassword1']);
71			if (!$validationResult->isValid()) {
72			$this->form->setSessionValidationResult($validationResult);
73			return $this->redirectBackToForm();
74			}
75
76			// Clear locked out status
77			$member->LockedOutUntil = null;
78			$member->FailedLoginCount = null;
79			$member->write();
80
81			if ($member->canLogIn()->isValid()) {
82			$member->logIn();
83			}
84
85			// TODO Add confirmation message to login redirect
86			Session::clear('AutoLoginHash');
87
88			// Redirect to backurl
89			$backURL = $this->getBackURL();
90			if ($backURL) {
91			return $this->redirect($backURL);
92			}
93
94			// Redirect to default location - the login form saying "You are logged in as..."
95			$url = Security::singleton()->Link('login');
96			return $this->redirect($url);
97			}
98
99			public function redirectBackToForm()
100			{
101			// Redirect back to form
102			$url = $this->addBackURLParam(CMSSecurity::singleton()->Link('changepassword'));
103			return $this->redirect($url);
104			}
105			}
106

sminnee / silverstripe-framework

Push — authenticator-refactor ( f35b0f...d33fab )

ChangePasswordHandler A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

2 Methods

Duplication Side-by-Side

Filter issues like