Application\Repository\UserRepository

Complexity

Total Complexity

15

Size/Duplication

Total Lines	105
Duplicated Lines	0 %

Test Coverage

Coverage

59.09%

Importance

Changes	1
Bugs	0	Features	0

6 Methods

Rating	Name	Duplication	Size	Complexity
A	getOneById()	0	5	1
A	getAccessibleSubQuery()	0	7	2
A	createShibboleth()	0	14	1
A	getOneByEmail()	0	8	1
A	getOneByLogin()	0	8	1
B	getLoginPassword()	0	27	9

<?php

declare(strict_types=1);

namespace Application\Repository;

use Application\Enum\Site;
use Application\Enum\UserType;
use Application\Model\User;
use Ecodev\Felix\Api\Exception;

/**
 * @extends AbstractRepository<User>
 */
class UserRepository extends AbstractRepository implements \Ecodev\Felix\Repository\LimitedAccessSubQuery
{
    /**
     * Returns the user authenticated by its login and password.
     */
    public function getLoginPassword(string $login, string $password, Site $site): ?User
    {
        $user = $this->getOneByLogin($login, $site);

        if (!$user) {
            return null;
        }

        if (!$user->canLogin()) {
            throw new Exception("Ce compte n'est plus actif");
        }

        $hashFromDb = $user->getPassword();
        $isMd5 = mb_strlen($hashFromDb) === 32 && ctype_xdigit($hashFromDb);

        // If we found a user and he has a correct MD5 or correct new hash, then return the user
        if (($isMd5 && md5($password) === $hashFromDb) || password_verify($password, $hashFromDb)) {
            // Update the hash in DB, if we are still MD5, or if PHP default options changed
            if ($isMd5 || password_needs_rehash($hashFromDb, PASSWORD_DEFAULT)) {
                $user->setPassword($password);
                $this->getEntityManager()->flush();
            }

            return $user;
        }

        return null;
    }

    /**
     * Unsecured way to get a user from its login.
     *
     * This should only be used in tests or controlled environment.
     */
    public function getOneByLogin(?string $login, Site $site): ?User
    {
        $user = $this->getAclFilter()->runWithoutAcl(fn () => $this->findOneBy([
            'login' => $login,
            'site' => $site->value,
        ]));

        return $user;
    }

    /**
     * Unsecured way to get a user from its ID.
     *
     * This should only be used in tests or controlled environment.
     */
    public function getOneById(int $id): ?User
    {
        $user = $this->getAclFilter()->runWithoutAcl(fn () => $this->findOneById($id));

The method findOneById() does not exist on Application\Repository\UserRepository. Since you implemented __call, consider adding a @method annotation.

        return $user;
    }

    /**
     * Unsecured way to get a user from its email.
     *
     * This should only be used in tests or controlled environment.
     */
    public function getOneByEmail(?string $email, Site $site): ?User
    {
        $user = $this->getAclFilter()->runWithoutAcl(fn () => $this->findOneBy([
            'email' => $email,
            'site' => $site->value,
        ]));

        return $user;
    }

    /**
     * Create new Shibboleth user.
     */
    public function createShibboleth(string $login, string $email, Site $site): User
    {
        $user = new User();
        $user->setLogin($login);
        $user->setEmail($email);
        $user->setType(UserType::Aai);
        $user->setRole(User::ROLE_STUDENT);
        $user->setSite($site);
        $user->setName('');

        $this->getEntityManager()->persist($user);
        $this->getEntityManager()->flush();

        return $user;
    }

    /**
     * Returns pure SQL to get ID of all objects that are accessible to given user.
     */
    public function getAccessibleSubQuery(?\Ecodev\Felix\Model\User $user): string
    {
        if ($user) {
            return '';
        }

        return '-1';
    }
}