Issues in UserLockout.php - Fixed Issues - Inspection of "Get rid of UserLockout listener" - webinarium/symfony-lazysec - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 8a36bf...4f5859 )

by Artem

created 2017-05-23 11:28 UTC

EventListener/UserLockout.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

//----------------------------------------------------------------------
//
//  Copyright (C) 2017 Artem Rodygin
//
//  You should have received a copy of the MIT License along with
//  this file. If not, see <http://opensource.org/licenses/MIT>.
//
//----------------------------------------------------------------------

namespace Pignus\EventListener;

use Doctrine\Common\Persistence\ObjectManager;
use Pignus\Model\LockAccountTrait;
use Psr\Log\LoggerInterface;
use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
use Symfony\Component\DependencyInjection\ContainerAwareInterface;
use Symfony\Component\DependencyInjection\ContainerAwareTrait;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Event\AuthenticationEvent;
use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * Locks/unlocks user in accordance with the authentication attempt.
 */
class UserLockout implements ContainerAwareInterface
{
    use ContainerAwareTrait;

    protected $logger;
    protected $request_stack;
    protected $firewalls;
    protected $manager;
    protected $auth_failures;
    protected $lock_duration;

    /**
     * Dependency Injection constructor.
     *
     * @param LoggerInterface $logger
     * @param RequestStack    $request_stack
     * @param FirewallMap     $firewalls
     * @param ObjectManager   $manager
     * @param int             $auth_failures
     * @param int             $lock_duration
     */
    public function __construct(
        LoggerInterface       $logger,
        RequestStack          $request_stack,
        FirewallMap           $firewalls,
        ObjectManager         $manager,
        int                   $auth_failures = null,
        int                   $lock_duration = null)
    {
        $this->logger        = $logger;
        $this->request_stack = $request_stack;
        $this->firewalls     = $firewalls;
        $this->manager       = $manager;
        $this->auth_failures = $auth_failures;
        $this->lock_duration = $lock_duration;
    }

    /**
     * Callback for successful authentication event.
     *
     * @param AuthenticationEvent $event
     */
    public function onSuccess(AuthenticationEvent $event)
    {
        if ($this->auth_failures === null) {
            return;
        }

        $token = $event->getAuthenticationToken();

        /** @var LockAccountTrait $user */
        $user = $token->getUser();

        if ($user instanceof UserInterface && in_array(LockAccountTrait::class, class_uses($user), true)) {

            $this->logger->info('Authentication success', [$user->getUsername()]);

            $user->unlockAccount();


            $this->manager->persist($user);
            $this->manager->flush();
        }
    }

    /**
     * Callback for failed authentication event.
     *
     * @param AuthenticationFailureEvent $event
     */
    public function onFailure(AuthenticationFailureEvent $event)
    {
        if ($this->auth_failures === null) {
            return;
        }

        // Retrieve failed username.
        $token = $event->getAuthenticationToken();

        $credentials = $token->getCredentials();
        $username    = $token->getUsername() ?: ($credentials['username'] ?? null);

        // Retrieve current user provider.
        $provider = null;

        if ($request = $this->request_stack->getCurrentRequest()) {
            if ($config = $this->firewalls->getFirewallConfig($request)) {
                if ($serviceId = $config->getProvider()) {
                    $provider = $this->container->get($serviceId);
                }
            }
        }

        // Try to fetch user entity.
        if ($username !== null && $provider !== null) {

            try {
                /** @var LockAccountTrait $user */
                $user = $provider->loadUserByUsername($username);
            }
            catch (UsernameNotFoundException $e) {
                $user = null;
            }

            if ($user instanceof UserInterface && in_array(LockAccountTrait::class, class_uses($user), true)) {

                $this->logger->info('Authentication failure', [$username]);

                if ($user->incAuthFailures() >= $this->auth_failures) {

                    if ($this->lock_duration === null) {
                        $user->lockAccount();
                    }
                    else {
                        $interval = sprintf('PT%dM', $this->lock_duration);
                        $user->lockAccount(date_create()->add(new \DateInterval($interval)));
                    }
                }

                $this->manager->persist($user);
                $this->manager->flush();
            }
        }
    }
}


1		<?php
2
3		//----------------------------------------------------------------------
4		//
5		// Copyright (C) 2017 Artem Rodygin
6		//
7		// You should have received a copy of the MIT License along with
8		// this file. If not, see <http://opensource.org/licenses/MIT>.
9		//
10		//----------------------------------------------------------------------
11
12		namespace Pignus\EventListener;
13
14		use Doctrine\Common\Persistence\ObjectManager;
15		use Pignus\Model\LockAccountTrait;
16		use Psr\Log\LoggerInterface;
17		use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
18		use Symfony\Component\DependencyInjection\ContainerAwareInterface;
19		use Symfony\Component\DependencyInjection\ContainerAwareTrait;
20		use Symfony\Component\HttpFoundation\RequestStack;
21		use Symfony\Component\Security\Core\Event\AuthenticationEvent;
22		use Symfony\Component\Security\Core\Event\AuthenticationFailureEvent;
23		use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
24		use Symfony\Component\Security\Core\User\UserInterface;
25
26		/**
27		* Locks/unlocks user in accordance with the authentication attempt.
28		*/
29		class UserLockout implements ContainerAwareInterface
30		{
31		use ContainerAwareTrait;
32
33		protected $logger;
34		protected $request_stack;
35		protected $firewalls;
36		protected $manager;
37		protected $auth_failures;
38		protected $lock_duration;
39
40		/**
41		* Dependency Injection constructor.
42		*
43		* @param LoggerInterface $logger
44		* @param RequestStack $request_stack
45		* @param FirewallMap $firewalls
46		* @param ObjectManager $manager
47		* @param int $auth_failures
48		* @param int $lock_duration
49		*/
50	6	public function __construct(
51		LoggerInterface $logger,
52		RequestStack $request_stack,
53		FirewallMap $firewalls,
54		ObjectManager $manager,
55		int $auth_failures = null,
56		int $lock_duration = null)
57		{
58	6	$this->logger = $logger;
59	6	$this->request_stack = $request_stack;
60	6	$this->firewalls = $firewalls;
61	6	$this->manager = $manager;
62	6	$this->auth_failures = $auth_failures;
63	6	$this->lock_duration = $lock_duration;
64	6	}
65
66		/**
67		* Callback for successful authentication event.
68		*
69		* @param AuthenticationEvent $event
70		*/
71	2	public function onSuccess(AuthenticationEvent $event)
72		{
73	2	if ($this->auth_failures === null) {
74	1	return;
75		}
76
77	1	$token = $event->getAuthenticationToken();
78
79		/** @var LockAccountTrait $user */
80	1	$user = $token->getUser();
81
82	1	if ($user instanceof UserInterface && in_array(LockAccountTrait::class, class_uses($user), true)) {
83
84	1	$this->logger->info('Authentication success', [$user->getUsername()]);
85
86	1	$user->unlockAccount();
		0 ignored issues – show Bug introduced 2017-04-20 03:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `unlockAccount()` does not seem to exist on `object<Symfony\Component...ore\User\UserInterface>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
87
88	1	$this->manager->persist($user);
89	1	$this->manager->flush();
90		}
91	1	}
92
93		/**
94		* Callback for failed authentication event.
95		*
96		* @param AuthenticationFailureEvent $event
97		*/
98	4	public function onFailure(AuthenticationFailureEvent $event)
99		{
100	4	if ($this->auth_failures === null) {
101	1	return;
102		}
103
104		// Retrieve failed username.
105	3	$token = $event->getAuthenticationToken();
106
107	3	$credentials = $token->getCredentials();
108	3	$username = $token->getUsername() ?: ($credentials['username'] ?? null);
109
110		// Retrieve current user provider.
111	3	$provider = null;
112
113	3	if ($request = $this->request_stack->getCurrentRequest()) {
114	3	if ($config = $this->firewalls->getFirewallConfig($request)) {
115	3	if ($serviceId = $config->getProvider()) {
116	3	$provider = $this->container->get($serviceId);
117		}
118		}
119		}
120
121		// Try to fetch user entity.
122	3	if ($username !== null && $provider !== null) {
123
124		try {
125		/** @var LockAccountTrait $user */
126	3	$user = $provider->loadUserByUsername($username);
127		}
128	1	catch (UsernameNotFoundException $e) {
129	1	$user = null;
130		}
131
132	3	if ($user instanceof UserInterface && in_array(LockAccountTrait::class, class_uses($user), true)) {
133
134	2	$this->logger->info('Authentication failure', [$username]);
135
136	2	if ($user->incAuthFailures() >= $this->auth_failures) {
137
138	2	if ($this->lock_duration === null) {
139	1	$user->lockAccount();
140		}
141		else {
142	1	$interval = sprintf('PT%dM', $this->lock_duration);
143	1	$user->lockAccount(date_create()->add(new \DateInterval($interval)));
144		}
145		}
146
147	2	$this->manager->persist($user);
148	2	$this->manager->flush();
149		}
150		}
151	3	}
152		}
153

webinarium / symfony-lazysec

Push — master ( 8a36bf...4f5859 )

EventListener/UserLockout.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like