WebAuth::verifyOtp() - Code Metrics - Inspection of "2 step verification related changes and optimizati..." - softberg/quantum-php-core - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 80619a...e9eada )

by Arman

created 2021-02-14 20:57 UTC

WebAuth::verifyOtp() A

↳ Parent: WebAuth

Complexity

Conditions	4
Paths	3

Size

Total Lines	25
Code Lines	13

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	13
c	1
b	0
f	0
dl	0
loc	25
rs	9.8333
cc	4
nc	3
nop	2

<?php

/**
 * Quantum PHP Framework
 *
 * An open source software development framework for PHP
 *
 * @package Quantum
 * @author Arman Ag. <[email protected]>
 * @copyright Copyright (c) 2018 Softberg LLC (https://softberg.org)
 * @link http://quantum.softberg.org/
 * @since 2.0.0
 */

namespace Quantum\Libraries\Auth;

use Quantum\Exceptions\ExceptionMessages;
use Quantum\Exceptions\AuthException;
use Quantum\Libraries\Hasher\Hasher;
use Quantum\Libraries\Mailer\Mailer;

/**
 * Class WebAuth
 * @package Quantum\Libraries\Auth
 */
class WebAuth extends BaseAuth implements AuthenticableInterface
{

    /**
     * @var Hasher
     */
    protected $hasher;

    /**
     * @var AuthServiceInterface
     */
    protected $authService;

    /**
     * @var array
     */
    protected $keys = [];

    /**
     * @var string
     */
    protected $authUserKey = 'auth_user';

    /**
     * WebAuth constructor.
     * @param AuthServiceInterface $authService
     * @param Hasher $hasher
     */
    public function __construct(AuthServiceInterface $authService, Hasher $hasher)
    {
        $this->hasher = $hasher;
        $this->authService = $authService;
        $this->keys = $this->authService->getDefinedKeys();
    }

    /**
     * Sign In
     * @param Mailer $mailer
     * @param string $username
     * @param string $password
     * @param boolean $remember
     * @return string|boolean
     * @throws AuthException
     */
    public function signin($mailer, $username, $password, $remember = false)
    {
        $user = $this->authService->get($this->keys[self::USERNAME_KEY], $username);

        if (empty($user)) {
            throw new AuthException(ExceptionMessages::INCORRECT_AUTH_CREDENTIALS);
        }

        if (!$this->hasher->check($password, $user[$this->keys[self::PASSWORD_KEY]])) {
            throw new AuthException(ExceptionMessages::INCORRECT_AUTH_CREDENTIALS);
        }

        if (!$this->isActivated($user)) {
            throw new AuthException(ExceptionMessages::INACTIVE_ACCOUNT);
        }

        if ($remember) {
            $this->setRememberToken($user);
        }

        if (filter_var(config()->get('2SV'), FILTER_VALIDATE_BOOLEAN)) {
            $otpToken = $this->twoStepVerification($mailer, $user);
            return $otpToken;

        } else {
            session()->set($this->authUserKey, $this->filterFields($user));
            return true;
        }
    }

    /**
     * Sign Out
     * @throws \Exception
     */
    public function signout()
    {
        if (session()->has($this->authUserKey)) {
            session()->delete($this->authUserKey);
            $this->removeRememberToken();
        }
    }

    /**
     * User
     * @return object|null
     * @throws \Exception
     */
    public function user()
    {
        if (session()->has($this->authUserKey)) {
            return (object) session()->get($this->authUserKey);
        } else if (cookie()->has($this->keys[self::REMEMBER_TOKEN_KEY])) {
            $user = $this->checkRememberToken();
            
            if ($user) {
                $this->setRememberToken($user);
                return $this->user();
            }
        }
        
        return null;
    }

    /**
     * Verify OTP
     * @param integer $otp
     * @param string $otpToken
     * @return bool
     * @throws AuthException
     */
    public function verifyOtp($otp, $otpToken)
    {
        $user = $this->authService->get($this->keys[self::OTP_TOKEN_KEY], $otpToken);

        if (empty($user) || $otp != $user[$this->keys[self::OTP_KEY]]) {
            throw new AuthException(ExceptionMessages::INCORRECT_VERIFICATION_CODE);
        }
 
        if (new \DateTime() >= new \DateTime($user[$this->keys[self::OTP_EXPIRY_KEY]])){
            throw new AuthException(ExceptionMessages::VERIFICATION_CODE_EXPIRED);

        }

        $this->authService->update(
                $this->keys[self::USERNAME_KEY], 
                $user[$this->keys[self::USERNAME_KEY]], 
                [
                    $this->keys[self::OTP_KEY] => null,
                    $this->keys[self::OTP_EXPIRY_KEY] => null,
                    $this->keys[self::OTP_TOKEN_KEY] => null,
                ]
        );

        session()->set($this->authUserKey, $this->filterFields($user));

        return true;
    }

    /**
     * Resend OTP
     * @param Mailer $mailer
     * @param string $otpToken
     * @return string
     * @throws \Exception
     */
    public function resendOtp(Mailer $mailer, $otpToken)
    {
        $user = $this->authService->get($this->keys[self::OTP_TOKEN_KEY], $otpToken);

        if (empty($user)) {
            throw new AuthException(ExceptionMessages::INCORRECT_AUTH_CREDENTIALS);
        }

        return $this->twoStepVerification($mailer, $user);

    }

    /**
     * Check Remember Token
     * @return bool|mixed
     * @throws \Exception
     */
    private function checkRememberToken()
    {
        $user = $this->authService->get($this->keys[self::REMEMBER_TOKEN_KEY], cookie()->get($this->keys[self::REMEMBER_TOKEN_KEY]));
        
        if (!empty($user)) {
            return $user;
        }
        
        return false;
    }

    /**
     * Set Remember Token
     * @param array $user
     * @throws \Exception
     */
    private function setRememberToken(array $user)
    {
        $rememberToken = $this->generateToken();

        $this->authService->update($this->keys[self::USERNAME_KEY], $user[$this->keys[self::USERNAME_KEY]], [
            $this->keys[self::REMEMBER_TOKEN_KEY] => $rememberToken
        ]);

        session()->set($this->authUserKey, $this->filterFields($user));
        cookie()->set($this->keys[self::REMEMBER_TOKEN_KEY], $rememberToken);
    }

    /**
     * Remove Remember Token
     * @throws \Exception
     */
    private function removeRememberToken()
    {
        if (cookie()->has($this->keys[self::REMEMBER_TOKEN_KEY])) {
            $user = $this->authService->get($this->keys[self::REMEMBER_TOKEN_KEY], cookie()->get($this->keys[self::REMEMBER_TOKEN_KEY]));

            if (!empty($user)) {
                $this->authService->update(
                        $this->keys[self::REMEMBER_TOKEN_KEY], 
                        $user[$this->keys[self::REMEMBER_TOKEN_KEY]], 
                        [$this->keys[self::REMEMBER_TOKEN_KEY] => '']
                );
            }

            cookie()->delete($this->keys[self::REMEMBER_TOKEN_KEY]);
        }
    }
}


1			<?php
2
3			/**
4			* Quantum PHP Framework
5			*
6			* An open source software development framework for PHP
7			*
8			* @package Quantum
9			* @author Arman Ag. <[email protected]>
10			* @copyright Copyright (c) 2018 Softberg LLC (https://softberg.org)
11			* @link http://quantum.softberg.org/
12			* @since 2.0.0
13			*/
14
15			namespace Quantum\Libraries\Auth;
16
17			use Quantum\Exceptions\ExceptionMessages;
18			use Quantum\Exceptions\AuthException;
19			use Quantum\Libraries\Hasher\Hasher;
20			use Quantum\Libraries\Mailer\Mailer;
21
22			/**
23			* Class WebAuth
24			* @package Quantum\Libraries\Auth
25			*/
26			class WebAuth extends BaseAuth implements AuthenticableInterface
27			{
28
29			/**
30			* @var Hasher
31			*/
32			protected $hasher;
33
34			/**
35			* @var AuthServiceInterface
36			*/
37			protected $authService;
38
39			/**
40			* @var array
41			*/
42			protected $keys = [];
43
44			/**
45			* @var string
46			*/
47			protected $authUserKey = 'auth_user';
48
49			/**
50			* WebAuth constructor.
51			* @param AuthServiceInterface $authService
52			* @param Hasher $hasher
53			*/
54			public function __construct(AuthServiceInterface $authService, Hasher $hasher)
55			{
56			$this->hasher = $hasher;
57			$this->authService = $authService;
58			$this->keys = $this->authService->getDefinedKeys();
59			}
60
61			/**
62			* Sign In
63			* @param Mailer $mailer
64			* @param string $username
65			* @param string $password
66			* @param boolean $remember
67			* @return string\|boolean
68			* @throws AuthException
69			*/
70			public function signin($mailer, $username, $password, $remember = false)
71			{
72			$user = $this->authService->get($this->keys[self::USERNAME_KEY], $username);
73
74			if (empty($user)) {
75			throw new AuthException(ExceptionMessages::INCORRECT_AUTH_CREDENTIALS);
76			}
77
78			if (!$this->hasher->check($password, $user[$this->keys[self::PASSWORD_KEY]])) {
79			throw new AuthException(ExceptionMessages::INCORRECT_AUTH_CREDENTIALS);
80			}
81
82			if (!$this->isActivated($user)) {
83			throw new AuthException(ExceptionMessages::INACTIVE_ACCOUNT);
84			}
85
86			if ($remember) {
87			$this->setRememberToken($user);
88			}
89
90			if (filter_var(config()->get('2SV'), FILTER_VALIDATE_BOOLEAN)) {
91			$otpToken = $this->twoStepVerification($mailer, $user);
92			return $otpToken;
93
94			} else {
95			session()->set($this->authUserKey, $this->filterFields($user));
96			return true;
97			}
98			}
99
100			/**
101			* Sign Out
102			* @throws \Exception
103			*/
104			public function signout()
105			{
106			if (session()->has($this->authUserKey)) {
107			session()->delete($this->authUserKey);
108			$this->removeRememberToken();
109			}
110			}
111
112			/**
113			* User
114			* @return object\|null
115			* @throws \Exception
116			*/
117			public function user()
118			{
119			if (session()->has($this->authUserKey)) {
120			return (object) session()->get($this->authUserKey);
121			} else if (cookie()->has($this->keys[self::REMEMBER_TOKEN_KEY])) {
122			$user = $this->checkRememberToken();
123
124			if ($user) {
125			$this->setRememberToken($user);
126			return $this->user();
127			}
128			}
129
130			return null;
131			}
132
133			/**
134			* Verify OTP
135			* @param integer $otp
136			* @param string $otpToken
137			* @return bool
138			* @throws AuthException
139			*/
140			public function verifyOtp($otp, $otpToken)
141			{
142			$user = $this->authService->get($this->keys[self::OTP_TOKEN_KEY], $otpToken);
143
144			if (empty($user) \|\| $otp != $user[$this->keys[self::OTP_KEY]]) {
145			throw new AuthException(ExceptionMessages::INCORRECT_VERIFICATION_CODE);
146			}
147
148			if (new \DateTime() >= new \DateTime($user[$this->keys[self::OTP_EXPIRY_KEY]])){
149			throw new AuthException(ExceptionMessages::VERIFICATION_CODE_EXPIRED);
			0 ignored issues – show Bug introduced 2021-02-14 21:00 UTC by Report Bug Copy Issue Report The constant `Quantum\Exceptions\Excep...RIFICATION_CODE_EXPIRED` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
150			}
151
152			$this->authService->update(
153			$this->keys[self::USERNAME_KEY],
154			$user[$this->keys[self::USERNAME_KEY]],
155			[
156			$this->keys[self::OTP_KEY] => null,
157			$this->keys[self::OTP_EXPIRY_KEY] => null,
158			$this->keys[self::OTP_TOKEN_KEY] => null,
159			]
160			);
161
162			session()->set($this->authUserKey, $this->filterFields($user));
163
164			return true;
165			}
166
167			/**
168			* Resend OTP
169			* @param Mailer $mailer
170			* @param string $otpToken
171			* @return string
172			* @throws \Exception
173			*/
174			public function resendOtp(Mailer $mailer, $otpToken)
175			{
176			$user = $this->authService->get($this->keys[self::OTP_TOKEN_KEY], $otpToken);
177
178			if (empty($user)) {
179			throw new AuthException(ExceptionMessages::INCORRECT_AUTH_CREDENTIALS);
180			}
181
182			return $this->twoStepVerification($mailer, $user);
183
184			}
185
186			/**
187			* Check Remember Token
188			* @return bool\|mixed
189			* @throws \Exception
190			*/
191			private function checkRememberToken()
192			{
193			$user = $this->authService->get($this->keys[self::REMEMBER_TOKEN_KEY], cookie()->get($this->keys[self::REMEMBER_TOKEN_KEY]));
194
195			if (!empty($user)) {
196			return $user;
197			}
198
199			return false;
200			}
201
202			/**
203			* Set Remember Token
204			* @param array $user
205			* @throws \Exception
206			*/
207			private function setRememberToken(array $user)
208			{
209			$rememberToken = $this->generateToken();
210
211			$this->authService->update($this->keys[self::USERNAME_KEY], $user[$this->keys[self::USERNAME_KEY]], [
212			$this->keys[self::REMEMBER_TOKEN_KEY] => $rememberToken
213			]);
214
215			session()->set($this->authUserKey, $this->filterFields($user));
216			cookie()->set($this->keys[self::REMEMBER_TOKEN_KEY], $rememberToken);
217			}
218
219			/**
220			* Remove Remember Token
221			* @throws \Exception
222			*/
223			private function removeRememberToken()
224			{
225			if (cookie()->has($this->keys[self::REMEMBER_TOKEN_KEY])) {
226			$user = $this->authService->get($this->keys[self::REMEMBER_TOKEN_KEY], cookie()->get($this->keys[self::REMEMBER_TOKEN_KEY]));
227
228			if (!empty($user)) {
229			$this->authService->update(
230			$this->keys[self::REMEMBER_TOKEN_KEY],
231			$user[$this->keys[self::REMEMBER_TOKEN_KEY]],
232			[$this->keys[self::REMEMBER_TOKEN_KEY] => '']
233			);
234			}
235
236			cookie()->delete($this->keys[self::REMEMBER_TOKEN_KEY]);
237			}
238			}
239			}
240

softberg / quantum-php-core

Push — master ( 80619a...e9eada )

WebAuth::verifyOtp() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like