Application\Repository\UserRepository

Complexity

Total Complexity

16

Size/Duplication

Total Lines	112
Duplicated Lines	0 %

Test Coverage

Coverage

61.7%

Importance

Changes	6
Bugs	0	Features	0

6 Methods

Rating	Name	Duplication	Size	Complexity
A	getOneById()	0	7	1
A	getOneByEmail()	0	10	1
A	getOneByLogin()	0	10	1
A	createShibboleth()	0	13	1
A	getAccessibleSubQuery()	0	7	2
B	getLoginPassword()	0	29	10

<?php

declare(strict_types=1);

namespace Application\Repository;

use Application\Api\Exception;
use Application\Model\User;
use DateTimeImmutable;

class UserRepository extends AbstractRepository implements LimitedAccessSubQueryInterface
{
    /**
     * Returns the user authenticated by its login and password
     */
    public function getLoginPassword(string $login, string $password, string $site): ?User
    {
        /** @var User $user */
        $user = $this->getOneByLogin($login, $site);

        if (!$user) {

$user is of type Application\Model\User, thus it always evaluated to true.

            return null;
        }

        if (($user->getActiveUntil() && $user->getActiveUntil() < new DateTimeImmutable())) {
            throw new Exception("Ce compte n'est plus actif");
        }

        $hashFromDb = $user->getPassword();
        $isMd5 = mb_strlen($hashFromDb) === 32 && ctype_xdigit($hashFromDb);

        // If we found a user and he has a correct MD5 or correct new hash, then return the user
        if (($isMd5 && md5($password) === $hashFromDb) || password_verify($password, $hashFromDb)) {

            // Update the hash in DB, if we are still MD5, or if PHP default options changed
            if ($isMd5 || password_needs_rehash($hashFromDb, PASSWORD_DEFAULT)) {
                $user->setPassword($password);
                _em()->flush();
            }

            return $user;
        }

        return null;
    }

    /**
     * Unsecured way to get a user from its login.
     *
     * This should only be used in tests or controlled environment.
     */
    public function getOneByLogin(?string $login, string $site): ?User
    {
        $user = $this->getAclFilter()->runWithoutAcl(function () use ($login, $site) {
            return $this->findOneBy([
                'login' => $login,
                'site' => $site,
            ]);
        });

        return $user;
    }

    /**
     * Unsecured way to get a user from its ID.
     *
     * This should only be used in tests or controlled environment.
     */
    public function getOneById(int $id): ?User
    {
        $user = $this->getAclFilter()->runWithoutAcl(function () use ($id) {
            return $this->findOneById($id);

The method findOneById() does not exist on Application\Repository\UserRepository. Since you implemented __call, consider adding a @method annotation.

        });

        return $user;
    }

    /**
     * Unsecured way to get a user from its email.
     *
     * This should only be used in tests or controlled environment.
     */
    public function getOneByEmail(?string $email, string $site): ?User
    {
        $user = $this->getAclFilter()->runWithoutAcl(function () use ($email, $site) {
            return $this->findOneBy([
                'email' => $email,
                'site' => $site,
            ]);
        });

        return $user;
    }

    /**
     * Create new Shibboleth user.
     */
    public function createShibboleth(string $login, string $email, string $site): User
    {
        $user = new User();
        $user->setLogin($login);
        $user->setEmail($email);
        $user->setType(User::TYPE_AAI);
        $user->setRole(User::ROLE_STUDENT);
        $user->setSite($site);

        _em()->persist($user);
        _em()->flush();

        return $user;
    }

    /**
     * Returns pure SQL to get ID of all objects that are accessible to given user.
     */
    public function getAccessibleSubQuery(?User $user): string
    {
        if ($user) {
            return $this->getAllIdsQuery();
        }

        return '-1';
    }
}