LostPasswordHandler - Code Metrics - Inspection of "WIP - refactoring of authenticators" - sminnee/silverstripe-framework - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — authenticator-refactor ( d33fab...54d3b4 )

by Sam

created 2017-04-22 04:56 UTC

LostPasswordHandler A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	238
Duplicated Lines	0 %

Coupling/Cohesion

Components	2
Dependencies	13

Importance

Changes

Metric	Value
dl	0
loc	238
c	0
b	0
f	0
rs	10
wmc	19
lcom	2
cbo	13

11 Methods

Rating	Name	Size	Complexity
A	__construct()	5	1
A	link()	8	2
A	lostpassword()	13	1
A	passwordsent()	22	1
A	lostPasswordForm()	18	1
A	redirectToLostPassword()	5	1
A	getReturnReferer()	4	1
A	logout()	4	1
A	performLogin()	15	2
B	forgotPassword()	42	6
A	addBackURLParam()	8	2

<?php

namespace SilverStripe\Security\MemberAuthenticator;

use SilverStripe\Control\Controller;
use SilverStripe\Control\Email\Email;
use SilverStripe\Control\HTTPResponse;
use SilverStripe\Control\Session;
use SilverStripe\Control\RequestHandler;
use SilverStripe\ORM\ValidationResult;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\EmailField;
use SilverStripe\Forms\FormAction;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;
use SilverStripe\Core\Convert;
use SilverStripe\ORM\FieldType\DBField;

/**
 * Handle login requests from MemberLoginForm
 */
class LostPasswordHandler extends RequestHandler
{
    protected $authenticatorClass = MemberAuthenticator::class;

    private static $url_handlers = [

        'passwordsent/$EmailAddress' => 'passwordsent',
        '' => 'lostpassword',
    ];

    /**
     * Since the logout and dologin actions may be conditionally removed, it's necessary to ensure these
     * remain valid actions regardless of the member login state.
     *
     * @var array
     * @config
     */
    private static $allowed_actions = [

        'lostpassword',
        'LostPasswordForm',
        'passwordsent',
    ];

    private $link = null;

    /**
     * @param $link The URL to recreate this request handler
     */
    public function __construct($link)
    {
        $this->link = $link;
        parent::__construct();
    }

    /**
     * Return a link to this request handler.
     * The link returned is supplied in the constructor
     * @return string
     */
    public function link($action = null)
    {
        if ($action) {
            return Controller::join_links($this->link, $action);
        } else {
            return $this->link;
        }
    }

    /**
     * URL handler for the initial lost-password screen
     */
    public function lostpassword()
    {

        $message = _t(
            'Security.NOTERESETPASSWORD',
            'Enter your e-mail address and we will send you a link with which you can reset your password'
        );

        return [
            'Content' => DBField::create_field('HTMLFragment', "<p>$message</p>"),
            'Form' => $this->lostPasswordForm(),
        ];
    }

    /**
     * Show the "password sent" page, after a user has requested
     * to reset their password.
     */
    public function passwordsent()
    {
        $request = $this->getRequest();
        $email = Convert::raw2xml(rawurldecode($request->param('EmailAddress')) . '.' . $request->getExtension());

        $message = _t(
            'Security.PASSWORDSENTTEXT',
            "Thank you! A reset link has been sent to '{email}', provided an account exists for this email"
            . " address.",
            [ 'email' => Convert::raw2xml($email) ]
        );

        return [
            'Title' => _t(
                'Security.PASSWORDSENTHEADER',
                "Password reset link sent to '{email}'",
                array('email' => $email)
            ),
            'Content' => DBField::create_field('HTMLFragment', "<p>$message</p>"),
            'Email' => $email
        ];
    }


    /**
     * Factory method for the lost password form
     *
     * @skipUpgrade
     * @return Form Returns the lost password form
     */
    public function lostPasswordForm()
    {
        return LoginForm::create(
            $this,
            $this->authenticatorClass,
            'LostPasswordForm',
            new FieldList(
                new EmailField('Email', _t('Member.EMAIL', 'Email'))
            ),
            new FieldList(
                new FormAction(
                    'forgotPassword',
                    _t('Security.BUTTONSEND', 'Send me the password reset link')
                )
            ),
            false
        );
    }

    /**
     * Redirect to password recovery form
     *
     * @return HTTPResponse
     */
    public function redirectToLostPassword()
    {
        $lostPasswordLink = Security::singleton()->Link('lostpassword');
        return $this->redirect($this->addBackURLParam($lostPasswordLink));
    }

    public function getReturnReferer()
    {
        return $this->link();
    }

    /**
     * Log out form handler method
     *
     * This method is called when the user clicks on "logout" on the form
     * created when the parameter <i>$checkCurrentUser</i> of the
     * {@link __construct constructor} was set to TRUE and the user was
     * currently logged in.
     *
     * @return HTTPResponse
     */
    public function logout()
    {
        return Security::singleton()->logout();
    }

    /**
     * Try to authenticate the user
     *
     * @param array $data Submitted data
     * @return Member Returns the member object on successful authentication
     *                or NULL on failure.
     */
    public function performLogin($data)
    {
        $member = call_user_func_array(
            [$this->authenticator_class, 'authenticate'],

            [$data, $this->form]
        );
        if ($member) {
            $member->LogIn(isset($data['Remember']));
            return $member;
        }

        // No member, can't login
        $this->extend('authenticationFailed', $data);
        return null;
    }

    /**
     * Forgot password form handler method.
     * Called when the user clicks on "I've lost my password".
     * Extensions can use the 'forgotPassword' method to veto executing
     * the logic, by returning FALSE. In this case, the user will be redirected back
     * to the form without further action. It is recommended to set a message
     * in the form detailing why the action was denied.
     *
     * @skipUpgrade
     * @param array $data Submitted data
     * @return HTTPResponse
     */
    public function forgotPassword($data)
    {
        // Ensure password is given
        if (empty($data['Email'])) {
            $this->form->sessionMessage(
                _t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'),
                'bad'
            );
            return $this->redirectToLostPassword();
        }

        // Find existing member
        /** @var Member $member */
        $member = Member::get()->filter("Email", $data['Email'])->first();

        // Allow vetoing forgot password requests
        $results = $this->extend('forgotPassword', $member);
        if ($results && is_array($results) && in_array(false, $results, true)) {

            return $this->redirectToLostPassword();
        }

        if ($member) {
            $token = $member->generateAutologinTokenAndStoreHash();

            Email::create()
                ->setHTMLTemplate('SilverStripe\\Control\\Email\\ForgotPasswordEmail')
                ->setData($member)
                ->setSubject(_t('Member.SUBJECTPASSWORDRESET', "Your password reset link", 'Email subject'))
                ->addData('PasswordResetLink', Security::getPasswordResetLink($member, $token))
                ->setTo($member->Email)
                ->send();
        }

        // Avoid information disclosure by displaying the same status,
        // regardless wether the email address actually exists
        $link = Controller::join_links(
            $this->link('passwordsent'),
            rawurlencode($data['Email']),
            '/'
        );
        return $this->redirect($this->addBackURLParam($link));
    }

    /**
     * @todo copypaste from FormRequestHandler - refactor
     */
    protected function addBackURLParam($link)
    {
        $backURL = $this->getBackURL();
        if ($backURL) {
            return Controller::join_links($link, '?BackURL=' . urlencode($backURL));
        }
        return $link;
    }
}


1			<?php
2
3			namespace SilverStripe\Security\MemberAuthenticator;
4
5			use SilverStripe\Control\Controller;
6			use SilverStripe\Control\Email\Email;
7			use SilverStripe\Control\HTTPResponse;
8			use SilverStripe\Control\Session;
9			use SilverStripe\Control\RequestHandler;
10			use SilverStripe\ORM\ValidationResult;
11			use SilverStripe\Forms\FieldList;
12			use SilverStripe\Forms\EmailField;
13			use SilverStripe\Forms\FormAction;
14			use SilverStripe\Security\Member;
15			use SilverStripe\Security\Security;
16			use SilverStripe\Core\Convert;
17			use SilverStripe\ORM\FieldType\DBField;
18
19			/**
20			* Handle login requests from MemberLoginForm
21			*/
22			class LostPasswordHandler extends RequestHandler
23			{
24			protected $authenticatorClass = MemberAuthenticator::class;
25
26			private static $url_handlers = [
			0 ignored issues – show Comprehensibility introduced 2017-04-22 04:35 UTC by Report Bug Copy Issue Report Consider using a different property name as you override a private property of the parent class. Loading history...
27			'passwordsent/$EmailAddress' => 'passwordsent',
28			'' => 'lostpassword',
29			];
30
31			/**
32			* Since the logout and dologin actions may be conditionally removed, it's necessary to ensure these
33			* remain valid actions regardless of the member login state.
34			*
35			* @var array
36			* @config
37			*/
38			private static $allowed_actions = [
			0 ignored issues – show Comprehensibility introduced 2016-03-17 21:15 UTC by Report Bug Copy Issue Report Consider using a different property name as you override a private property of the parent class. Loading history...
39			'lostpassword',
40			'LostPasswordForm',
41			'passwordsent',
42			];
43
44			private $link = null;
45
46			/**
47			* @param $link The URL to recreate this request handler
48			*/
49			public function __construct($link)
50			{
51			$this->link = $link;
52			parent::__construct();
53			}
54
55			/**
56			* Return a link to this request handler.
57			* The link returned is supplied in the constructor
58			* @return string
59			*/
60			public function link($action = null)
61			{
62			if ($action) {
63			return Controller::join_links($this->link, $action);
64			} else {
65			return $this->link;
66			}
67			}
68
69			/**
70			* URL handler for the initial lost-password screen
71			*/
72			public function lostpassword()
73			{
74
75			$message = _t(
76			'Security.NOTERESETPASSWORD',
77			'Enter your e-mail address and we will send you a link with which you can reset your password'
78			);
79
80			return [
81			'Content' => DBField::create_field('HTMLFragment', "<p>$message</p>"),
82			'Form' => $this->lostPasswordForm(),
83			];
84			}
85
86			/**
87			* Show the "password sent" page, after a user has requested
88			* to reset their password.
89			*/
90			public function passwordsent()
91			{
92			$request = $this->getRequest();
93			$email = Convert::raw2xml(rawurldecode($request->param('EmailAddress')) . '.' . $request->getExtension());
94
95			$message = _t(
96			'Security.PASSWORDSENTTEXT',
97			"Thank you! A reset link has been sent to '{email}', provided an account exists for this email"
98			. " address.",
99			[ 'email' => Convert::raw2xml($email) ]
100			);
101
102			return [
103			'Title' => _t(
104			'Security.PASSWORDSENTHEADER',
105			"Password reset link sent to '{email}'",
106			array('email' => $email)
107			),
108			'Content' => DBField::create_field('HTMLFragment', "<p>$message</p>"),
109			'Email' => $email
110			];
111			}
112
113
114			/**
115			* Factory method for the lost password form
116			*
117			* @skipUpgrade
118			* @return Form Returns the lost password form
119			*/
120			public function lostPasswordForm()
121			{
122			return LoginForm::create(
123			$this,
124			$this->authenticatorClass,
125			'LostPasswordForm',
126			new FieldList(
127			new EmailField('Email', _t('Member.EMAIL', 'Email'))
128			),
129			new FieldList(
130			new FormAction(
131			'forgotPassword',
132			_t('Security.BUTTONSEND', 'Send me the password reset link')
133			)
134			),
135			false
136			);
137			}
138
139			/**
140			* Redirect to password recovery form
141			*
142			* @return HTTPResponse
143			*/
144			public function redirectToLostPassword()
145			{
146			$lostPasswordLink = Security::singleton()->Link('lostpassword');
147			return $this->redirect($this->addBackURLParam($lostPasswordLink));
148			}
149
150			public function getReturnReferer()
151			{
152			return $this->link();
153			}
154
155			/**
156			* Log out form handler method
157			*
158			* This method is called when the user clicks on "logout" on the form
159			* created when the parameter <i>$checkCurrentUser</i> of the
160			* {@link __construct constructor} was set to TRUE and the user was
161			* currently logged in.
162			*
163			* @return HTTPResponse
164			*/
165			public function logout()
166			{
167			return Security::singleton()->logout();
168			}
169
170			/**
171			* Try to authenticate the user
172			*
173			* @param array $data Submitted data
174			* @return Member Returns the member object on successful authentication
175			* or NULL on failure.
176			*/
177			public function performLogin($data)
178			{
179			$member = call_user_func_array(
180			[$this->authenticator_class, 'authenticate'],
			0 ignored issues – show Bug introduced 2017-04-22 04:35 UTC by Report Bug Copy Issue Report The property `authenticator_class` does not seem to exist. Did you mean `authenticatorClass`? An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
181			[$data, $this->form]
182			);
183			if ($member) {
184			$member->LogIn(isset($data['Remember']));
185			return $member;
186			}
187
188			// No member, can't login
189			$this->extend('authenticationFailed', $data);
190			return null;
191			}
192
193			/**
194			* Forgot password form handler method.
195			* Called when the user clicks on "I've lost my password".
196			* Extensions can use the 'forgotPassword' method to veto executing
197			* the logic, by returning FALSE. In this case, the user will be redirected back
198			* to the form without further action. It is recommended to set a message
199			* in the form detailing why the action was denied.
200			*
201			* @skipUpgrade
202			* @param array $data Submitted data
203			* @return HTTPResponse
204			*/
205			public function forgotPassword($data)
206			{
207			// Ensure password is given
208			if (empty($data['Email'])) {
209			$this->form->sessionMessage(
210			_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'),
211			'bad'
212			);
213			return $this->redirectToLostPassword();
214			}
215
216			// Find existing member
217			/** @var Member $member */
218			$member = Member::get()->filter("Email", $data['Email'])->first();
219
220			// Allow vetoing forgot password requests
221			$results = $this->extend('forgotPassword', $member);
222			if ($results && is_array($results) && in_array(false, $results, true)) {
			0 ignored issues – show Bug Best Practice introduced 2017-03-13 20:53 UTC by Report Bug Copy Issue Report The expression `$results` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
223			return $this->redirectToLostPassword();
224			}
225
226			if ($member) {
227			$token = $member->generateAutologinTokenAndStoreHash();
228
229			Email::create()
230			->setHTMLTemplate('SilverStripe\\Control\\Email\\ForgotPasswordEmail')
231			->setData($member)
232			->setSubject(_t('Member.SUBJECTPASSWORDRESET', "Your password reset link", 'Email subject'))
233			->addData('PasswordResetLink', Security::getPasswordResetLink($member, $token))
234			->setTo($member->Email)
235			->send();
236			}
237
238			// Avoid information disclosure by displaying the same status,
239			// regardless wether the email address actually exists
240			$link = Controller::join_links(
241			$this->link('passwordsent'),
242			rawurlencode($data['Email']),
243			'/'
244			);
245			return $this->redirect($this->addBackURLParam($link));
246			}
247
248			/**
249			* @todo copypaste from FormRequestHandler - refactor
250			*/
251			protected function addBackURLParam($link)
252			{
253			$backURL = $this->getBackURL();
254			if ($backURL) {
255			return Controller::join_links($link, '?BackURL=' . urlencode($backURL));
256			}
257			return $link;
258			}
259			}
260

sminnee / silverstripe-framework

Push — authenticator-refactor ( d33fab...54d3b4 )

LostPasswordHandler A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

11 Methods

Duplication Side-by-Side

Filter issues like