Waca\Validation\RequestValidationHelper

Complexity

Total Complexity

33

Size/Duplication

Total Lines	245
Duplicated Lines	4.9 %

Coupling/Cohesion

Components	1
Dependencies	6

Importance

Changes	3
Bugs	0	Features	0

9 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	13	1
B	validateOther()	0	33	3
A	checkAntiSpoof()	0	13	3
A	checkTitleBlacklist()	0	15	3
A	userExists()	0	12	3
A	userSulExists()	0	13	2
A	nameRequestExists()	0	12	2
C	validateName()	3	54	9
C	validateEmail()	9	38	7

<?php
namespace Waca\Validation;

use Exception;
use Waca\DataObjects\Request;
use Waca\Helpers\Interfaces\IBanHelper;
use Waca\PdoDatabase;
use Waca\Providers\Interfaces\IAntiSpoofProvider;
use Waca\Providers\Interfaces\IXffTrustProvider;

/**
 * Performs the validation of an incoming request.
 */
class RequestValidationHelper
{
	/** @var IBanHelper */
	private $banHelper;
	/** @var Request */
	private $request;
	private $emailConfirmation;
	/** @var PdoDatabase */
	private $database;
	/** @var IAntiSpoofProvider */
	private $antiSpoofProvider;

	/**
	 * Summary of __construct
	 *
	 * @param IBanHelper         $banHelper
	 * @param Request            $request
	 * @param string             $emailConfirmation
	 * @param PdoDatabase        $database
	 * @param IAntiSpoofProvider $antiSpoofProvider
	 */
	public function __construct(
		IBanHelper $banHelper,
		Request $request,
		$emailConfirmation,
		PdoDatabase $database,
		IAntiSpoofProvider $antiSpoofProvider
	) {
		$this->banHelper = $banHelper;
		$this->request = $request;
		$this->emailConfirmation = $emailConfirmation;
		$this->database = $database;
		$this->antiSpoofProvider = $antiSpoofProvider;
	}

	/**
	 * Summary of validateName
	 * @return ValidationError[]
	 */
	public function validateName()
	{
		$errorList = array();

		// ERRORS
		// name is empty
		if (trim($this->request->getName()) == "") {
			$errorList[ValidationError::NAME_EMPTY] = new ValidationError(ValidationError::NAME_EMPTY);
		}

		// name is banned
		$ban = $this->banHelper->nameIsBanned($this->request->getName());
		if ($ban != false) {
			$errorList[ValidationError::BANNED] = new ValidationError(ValidationError::BANNED);
		}

		// username already exists
		// TODO: implement

Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker.

		if ($this->userExists()) {
			$errorList[ValidationError::NAME_EXISTS] = new ValidationError(ValidationError::NAME_EXISTS);
		}

		// username part of SUL account
		// TODO: implement

Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker.

		if ($this->userSulExists()) {
			// using same error slot as name exists - it's the same sort of error, and we probably only want to show one.
			$errorList[ValidationError::NAME_EXISTS] = new ValidationError(ValidationError::NAME_EXISTS_SUL);
		}

		// username is numbers
		if (preg_match("/^[0-9]+$/", $this->request->getName()) === 1) {

This code seems to be duplicated across your project.

			$errorList[ValidationError::NAME_NUMONLY] = new ValidationError(ValidationError::NAME_NUMONLY);
		}

		// username can't contain #@/<>[]|{}
		if (preg_match("/[" . preg_quote("#@/<>[]|{}", "/") . "]/", $this->request->getName()) === 1) {
			$errorList[ValidationError::NAME_INVALIDCHAR] = new ValidationError(ValidationError::NAME_INVALIDCHAR);
		}

		// existing non-closed request for this name
		// TODO: implement

Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker.

		if ($this->nameRequestExists()) {
			$errorList[ValidationError::OPEN_REQUEST_NAME] = new ValidationError(ValidationError::OPEN_REQUEST_NAME);
		}

		// WARNINGS
		// name has to be sanitised
		// TODO: implement

Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker.

		if (false) {

Avoid IF statements that are always true or false

			$errorList[ValidationError::NAME_SANITISED] = new ValidationError(ValidationError::NAME_SANITISED, false);
		}

		return $errorList;
	}

	/**
	 * Summary of validateEmail
	 * @return ValidationError[]
	 */
	public function validateEmail()
	{
		$errorList = array();

		// ERRORS

		// Email is banned
		$ban = $this->banHelper->emailIsBanned($this->request->getEmail());
		if ($ban != false) {
			$errorList[ValidationError::BANNED] = new ValidationError(ValidationError::BANNED);
		}

		// email addresses must match
		if ($this->request->getEmail() != $this->emailConfirmation) {
			$errorList[ValidationError::EMAIL_MISMATCH] = new ValidationError(ValidationError::EMAIL_MISMATCH);
		}

		// email address must be validly formed
		if (trim($this->request->getEmail()) == "") {

This code seems to be duplicated across your project.

			$errorList[ValidationError::EMAIL_EMPTY] = new ValidationError(ValidationError::EMAIL_EMPTY);
		}

		// email address must be validly formed
		if (!filter_var($this->request->getEmail(), FILTER_VALIDATE_EMAIL)) {
			if (trim($this->request->getEmail()) != "") {

This code seems to be duplicated across your project.

				$errorList[ValidationError::EMAIL_INVALID] = new ValidationError(ValidationError::EMAIL_INVALID);
			}
		}

		// email address can't be wikimedia/wikipedia .com/org
		if (preg_match('/.*@.*wiki(m.dia|p.dia)\.(org|com)/i', $this->request->getEmail()) === 1) {

This code seems to be duplicated across your project.

			$errorList[ValidationError::EMAIL_WIKIMEDIA] = new ValidationError(ValidationError::EMAIL_WIKIMEDIA);
		}

		// WARNINGS

		return $errorList;
	}

	/**
	 * Summary of validateOther
	 * @return ValidationError[]
	 */
	public function validateOther()
	{
		// @todo remove me!

Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker.

		/** @var $xffTrustProvider IXffTrustProvider */
		global $xffTrustProvider;

Use of global functionality is not recommended; it makes your code harder to test, and less reusable.

		$errorList = array();

		// ERRORS

		// TOR nodes
		// TODO: Implement

Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker.

		if (false) {

Avoid IF statements that are always true or false

			$errorList[ValidationError::BANNED] = new ValidationError(ValidationError::BANNED_TOR);
		}

		// IP banned
		$trustedIp = $xffTrustProvider->getTrustedClientIp($this->request->getIp(), $this->request->getForwardedIp());
		$ban = $this->banHelper->ipIsBanned($trustedIp);
		if ($ban != false) {
			$errorList[ValidationError::BANNED] = new ValidationError(ValidationError::BANNED);
		}

		// WARNINGS

		// Antispoof check
		$this->checkAntiSpoof();

		// Blacklist check
		$this->checkTitleBlacklist();

		return $errorList;
	}

	private function checkAntiSpoof()
	{
		try {
			if (count($this->antiSpoofProvider->getSpoofs($this->request->getName())) > 0) {
				// If there were spoofs an Admin should handle the request.
				$this->request->setStatus("Flagged users");
			}
		}
		catch (Exception $ex) {
			// hrm.
			// TODO: log this?

Comments for TODO tasks are often forgotten in the code; it might be better to use a dedicated issue tracker.

		}
	}

	private function checkTitleBlacklist()
	{
		global $enableTitleblacklist;

Use of global functionality is not recommended; it makes your code harder to test, and less reusable.

		if ($enableTitleblacklist == 1) {
			$apiResult = file_get_contents("https://en.wikipedia.org/w/api.php?action=titleblacklist&tbtitle=" . urlencode($this->request->getName()) . "&tbaction=new-account&tbnooverride&format=php");

This line exceeds maximum limit of 120 characters; contains 192 characters

			$data = unserialize($apiResult);

			$requestIsOk = $data['titleblacklist']['result'] == "ok";

			if (!$requestIsOk) {
				$this->request->setStatus("Flagged users");
			}
		}
	}

	private function userExists()
	{
		global $mediawikiWebServiceEndpoint;

Use of global functionality is not recommended; it makes your code harder to test, and less reusable.

		$userexist = file_get_contents($mediawikiWebServiceEndpoint . "?action=query&list=users&ususers=" . urlencode($this->request->getName()) . "&format=php");

This line exceeds maximum limit of 120 characters; contains 156 characters

		$ue = unserialize($userexist);
		if (!isset ($ue['query']['users']['0']['missing']) && isset ($ue['query']['users']['0']['userid'])) {

This if statement, and the following return statement can be replaced with return !isset($ue['query']['users']['0']['missing']) && isset($ue['query']['users']['0']['userid']);.

			return true;
		}

		return false;
	}

	private function userSulExists()
	{
		global $mediawikiWebServiceEndpoint;

Use of global functionality is not recommended; it makes your code harder to test, and less reusable.

		$reqname = str_replace("_", " ", $this->request->getName());
		$userexist = file_get_contents($mediawikiWebServiceEndpoint . "?action=query&meta=globaluserinfo&guiuser=" . urlencode($reqname) . "&format=php");

This line exceeds maximum limit of 120 characters; contains 148 characters

		$ue = unserialize($userexist);
		if (isset ($ue['query']['globaluserinfo']['id'])) {

This if statement, and the following return statement can be replaced with return isset($ue['query']['globaluserinfo']['id']);.

			return true;
		}

		return false;
	}

	private function nameRequestExists()
	{
		$query = "SELECT COUNT(id) FROM request WHERE status != 'Closed' AND name = :name;";
		$statement = $this->database->prepare($query);
		$statement->execute(array(':name' => $this->request->getName()));

		if (!$statement) {
			return false;
		}

		return $statement->fetchColumn() > 0;
	}
}