Issues in SecurityConfigurationFactory.php - New Issues - Inspection of "refactor logging retrieval/display code out of Log..." - stwalkerster/waca - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Branch — newinternal (104de7)

by Simon

created 2016-03-26 04:01 UTC

includes/Security/SecurityConfigurationFactory.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Created by PhpStorm.
 * User: stwalkerster
 * Date: 24/03/2016
 * Time: 23:52
 */

namespace Waca\Security;


final class SecurityConfigurationFactory
{
	/**
	 * @var bool
	 */
	private $forceIdentified;

	/**
	 * Security constructor.
	 *
	 * @param bool $forceIdentified
	 */
	public function __construct($forceIdentified)
	{
		$this->forceIdentified = $forceIdentified;
	}

	/**
	 * Returns a pre-built security configuration for an internal page.
	 *
	 * @category Security-Critical
	 * @return SecurityConfiguration
	 */
	public function asInternalPage()
	{
		$config = new SecurityConfiguration();
		$config->setAdmin(SecurityConfiguration::ALLOW)
			->setUser(SecurityConfiguration::ALLOW);

		$config->setRequireIdentified($this->forceIdentified);

		return $config;
	}

	/**
	 * Returns a pre-built security configuration for a tool admin only page.
	 *
	 * @category Security-Critical
	 * @return SecurityConfiguration
	 */
	public function asAdminPage()
	{
		$config = new SecurityConfiguration();
		$config->setAdmin(SecurityConfiguration::ALLOW);

		$config->setRequireIdentified($this->forceIdentified);

		return $config;
	}

	/**
	 * Returns a pre-built security configuration for a page accessible to *ALL* logged in users, including suspended
	 * and new users. This probably isn't the setting you want.
	 *
	 * @category Security-Critical
	 * @return SecurityConfiguration
	 */
	public function asAllLoggedInUsersPage()

	{
		$config = new SecurityConfiguration();
		$config->setAdmin(SecurityConfiguration::ALLOW)
			->setUser(SecurityConfiguration::ALLOW)
			->setDeclined(SecurityConfiguration::ALLOW)
			->setNew(SecurityConfiguration::ALLOW)
			->setSuspended(SecurityConfiguration::ALLOW);

		$config->setRequireIdentified($this->forceIdentified);

		return $config;
	}

	/**
	 * @return SecurityConfiguration
	 * @category Security-Critical
	 */
	public function asCheckUserData()

	{
		$config = new SecurityConfiguration();
		$config->setCheckuser(SecurityConfiguration::ALLOW)
			->setCommunity(SecurityConfiguration::DENY)
			->setSuspended(SecurityConfiguration::DENY)
			->setDeclined(SecurityConfiguration::DENY)
			->setNew(SecurityConfiguration::DENY);

		$config->setRequireIdentified($this->forceIdentified);

		return $config;
	}

	/**
	 * Returns a pre-built security configuration for a public page.
	 *
	 * @category Security-Critical
	 * @return SecurityConfiguration
	 */
	public function asPublicPage()
	{
		$config = new SecurityConfiguration();
		$config->setAdmin(SecurityConfiguration::ALLOW)
			->setUser(SecurityConfiguration::ALLOW)
			->setCheckuser(SecurityConfiguration::ALLOW)
			->setCommunity(SecurityConfiguration::ALLOW)
			->setSuspended(SecurityConfiguration::ALLOW)
			->setDeclined(SecurityConfiguration::ALLOW)
			->setNew(SecurityConfiguration::ALLOW);

		// Public pages shouldn't be inaccessible to logged-in, unidentified users.
		// Otherwise, logged in but unidentified users can't even log out.
		$config->setRequireIdentified(false);

		return $config;
	}
}

1		<?php
2		/**
3		* Created by PhpStorm.
4		* User: stwalkerster
5		* Date: 24/03/2016
6		* Time: 23:52
7		*/
8
9		namespace Waca\Security;
10
11
12		final class SecurityConfigurationFactory
13		{
14		/**
15		* @var bool
16		*/
17		private $forceIdentified;
18
19		/**
20		* Security constructor.
21		*
22		* @param bool $forceIdentified
23		*/
24		public function __construct($forceIdentified)
25		{
26		$this->forceIdentified = $forceIdentified;
27		}
28
29		/**
30		* Returns a pre-built security configuration for an internal page.
31		*
32		* @category Security-Critical
33		* @return SecurityConfiguration
34		*/
35		public function asInternalPage()
36		{
37		$config = new SecurityConfiguration();
38		$config->setAdmin(SecurityConfiguration::ALLOW)
39		->setUser(SecurityConfiguration::ALLOW);
40
41		$config->setRequireIdentified($this->forceIdentified);
42
43		return $config;
44		}
45
46		/**
47		* Returns a pre-built security configuration for a tool admin only page.
48		*
49		* @category Security-Critical
50		* @return SecurityConfiguration
51		*/
52		public function asAdminPage()
53		{
54		$config = new SecurityConfiguration();
55		$config->setAdmin(SecurityConfiguration::ALLOW);
56
57		$config->setRequireIdentified($this->forceIdentified);
58
59		return $config;
60		}
61
62		/**
63		* Returns a pre-built security configuration for a page accessible to ALL logged in users, including suspended
64		* and new users. This probably isn't the setting you want.
65		*
66		* @category Security-Critical
67		* @return SecurityConfiguration
68		*/
69	View Code Duplication	public function asAllLoggedInUsersPage()
		0 ignored issues – show Duplication introduced 2016-03-26 04:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
70		{
71		$config = new SecurityConfiguration();
72		$config->setAdmin(SecurityConfiguration::ALLOW)
73		->setUser(SecurityConfiguration::ALLOW)
74		->setDeclined(SecurityConfiguration::ALLOW)
75		->setNew(SecurityConfiguration::ALLOW)
76		->setSuspended(SecurityConfiguration::ALLOW);
77
78		$config->setRequireIdentified($this->forceIdentified);
79
80		return $config;
81		}
82
83		/**
84		* @return SecurityConfiguration
85		* @category Security-Critical
86		*/
87	View Code Duplication	public function asCheckUserData()
		0 ignored issues – show Duplication introduced 2016-03-26 04:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
88		{
89		$config = new SecurityConfiguration();
90		$config->setCheckuser(SecurityConfiguration::ALLOW)
91		->setCommunity(SecurityConfiguration::DENY)
92		->setSuspended(SecurityConfiguration::DENY)
93		->setDeclined(SecurityConfiguration::DENY)
94		->setNew(SecurityConfiguration::DENY);
95
96		$config->setRequireIdentified($this->forceIdentified);
97
98		return $config;
99		}
100
101		/**
102		* Returns a pre-built security configuration for a public page.
103		*
104		* @category Security-Critical
105		* @return SecurityConfiguration
106		*/
107		public function asPublicPage()
108		{
109		$config = new SecurityConfiguration();
110		$config->setAdmin(SecurityConfiguration::ALLOW)
111		->setUser(SecurityConfiguration::ALLOW)
112		->setCheckuser(SecurityConfiguration::ALLOW)
113		->setCommunity(SecurityConfiguration::ALLOW)
114		->setSuspended(SecurityConfiguration::ALLOW)
115		->setDeclined(SecurityConfiguration::ALLOW)
116		->setNew(SecurityConfiguration::ALLOW);
117
118		// Public pages shouldn't be inaccessible to logged-in, unidentified users.
119		// Otherwise, logged in but unidentified users can't even log out.
120		$config->setRequireIdentified(false);
121
122		return $config;
123		}
124		}

stwalkerster / waca

Branch — newinternal (104de7)

includes/Security/SecurityConfigurationFactory.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like