File Session.php has 775 lines of code (exceeds 250 allowed). Consider refactoring.

Open

<?php
/**
 * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
 * @author Bernhard Posselt <dev@bernhard-posselt.com>
 * @author Christoph Wurst <christoph@owncloud.com>

Session has 44 functions (exceeds 20 allowed). Consider refactoring.

Open

class Session implements IUserSession, Emitter {
    use EventEmitterTrait;
    /** @var IUserManager | PublicEmitter $manager */
    private $manager;

Method checkTokenCredentials has 49 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    private function checkTokenCredentials(IToken $dbToken, $token) {
        // Check whether login credentials are still valid and the user was not disabled
        // This check is performed each 5 minutes per default
        // However, we try to read last_check_timeout from the appconfig table so the
        // administrator could change this 5 minutes timeout

Method loginWithApache has 46 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    public function loginWithApache(IApacheBackend $apacheBackend) {
        $uidAndBackend = $apacheBackend->getCurrentUserId();
        if (\is_array($uidAndBackend)
            && \count($uidAndBackend) === 2
            && $uidAndBackend[0] !== ''

Function verifyAuthHeaders has a Cognitive Complexity of 14 (exceeds 5 allowed). Consider refactoring.

Open

    public function verifyAuthHeaders($request) {
        $shallLogout = false;
        try {
            $lastUser = null;
            foreach ($this->getAuthModules(true) as $module) {

• Read up
  Read up

Method validateToken has 40 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    private function validateToken($token, $user = null) {
        try {
            $dbToken = $this->tokenProvider->getToken($token);
        } catch (InvalidTokenException $ex) {
            $this->logger->debug(

Function logClientIn has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.

Open

    public function logClientIn($user, $password, IRequest $request) {
        $isTokenPassword = $this->isTokenPassword($password);
        if ($user === null || \trim($user) === '') {
            throw new \InvalidArgumentException('$user cannot be empty');
        }

• Read up
  Read up

Method loginInOwnCloud has 35 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    private function loginInOwnCloud($loginType, $user, $password, $options = []) {
        $login = $user->getUID();

        // check the login policies first. It will throw a LoginException if needed
        // The LoginPolicyManager can't be injected due to cyclic dependency

Function loginWithApache has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.

Open

    public function loginWithApache(IApacheBackend $apacheBackend) {
        $uidAndBackend = $apacheBackend->getCurrentUserId();
        if (\is_array($uidAndBackend)
            && \count($uidAndBackend) === 2
            && $uidAndBackend[0] !== ''

• Read up
  Read up

Method __construct has 9 arguments (exceeds 4 allowed). Consider refactoring.

Open

        IUserManager $manager,
        ISession $session,
        ITimeFactory $timeFactory,
        IProvider $tokenProvider,
        IConfig $config,

Method logClientIn has 27 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    public function logClientIn($user, $password, IRequest $request) {
        $isTokenPassword = $this->isTokenPassword($password);
        if ($user === null || \trim($user) === '') {
            throw new \InvalidArgumentException('$user cannot be empty');
        }

Method loginWithCookie has 26 lines of code (exceeds 25 allowed). Consider refactoring.

Open

    public function loginWithCookie($uid, $currentToken) {
        $this->logger->debug(
            'regenerating session id for uid {uid}, currentToken {currentToken}',
            ['app' => __METHOD__, 'uid' => $uid, 'currentToken' => $currentToken]
        );

Function loginInOwnCloud has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

Open

    private function loginInOwnCloud($loginType, $user, $password, $options = []) {
        $login = $user->getUID();

        // check the login policies first. It will throw a LoginException if needed
        // The LoginPolicyManager can't be injected due to cyclic dependency

• Read up
  Read up

Function clearRememberMeTokensForLoggedInUser has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

Open

    public function clearRememberMeTokensForLoggedInUser($targetToken) {
        $user = $this->getUser();
        $uid = $user->getUID();
        if ($targetToken !== null) {
            $hashedToken = \hash('snefru', $targetToken);

• Read up
  Read up

Function tryAuthModuleLogin has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

Open

    public function tryAuthModuleLogin(IRequest $request) {
        foreach ($this->getAuthModules(false) as $authModule) {
            $user = $authModule->auth($request);
            if ($user !== null) {
                if (!$user->isEnabled()) {

• Read up
  Read up

Function getAuthModules has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.

Open

    protected function getAuthModules($includeBuiltIn) {
        if ($includeBuiltIn) {
            yield new TokenAuthModule($this->session, $this->tokenProvider, $this->manager);
        }

• Read up
  Read up

Function isTwoFactorEnforced has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.

Open

    protected function isTwoFactorEnforced($username) {
        $handled = false;
        // the $handled var will be sent as reference so the listeners can use it as a flag
        // in order to know if the event has been processed already or not.
        Util::emitHook(

• Read up
  Read up

Function validateSession has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.

Open

    public function validateSession() {
        $sessionUser = $this->getUser();
        if (!$sessionUser) {
            return;
        }

• Read up
  Read up

Function prepareUserLogin has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.

Open

    public function prepareUserLogin($firstTimeLogin = false) {
        // TODO: mock/inject/use non-static
        // Refresh the token
        \OC::$server->getCsrfTokenManager()->refreshToken();
        //we need to pass the user name, which may differ from login name

• Read up
  Read up

Avoid too many return statements within this method.

Open

            return false;

Avoid too many return statements within this method.

Open

        return $loginOk;

Avoid too many return statements within this method.

Open

        return true;

Avoid too many return statements within this method.

Open

            return false;

Function tryBasicAuthLogin has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.

Open

    public function tryBasicAuthLogin(IRequest $request) {
        if (!empty($request->server['PHP_AUTH_USER']) && !empty($request->server['PHP_AUTH_PW'])) {
            try {
                if ($this->logClientIn($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW'], $request)) {
                    /**

• Read up
  Read up

Function tryTokenLogin has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.

Open

    public function tryTokenLogin(IRequest $request) {
        $authHeader = $request->getHeader('Authorization');
        if ($authHeader === null || \strpos($authHeader, 'token ') === false) {
            // No auth header, let's try session id
            try {

• Read up
  Read up

Function getUser has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.

Open

    public function getUser() {
        // FIXME: This is a quick'n dirty work-around for the incognito mode as
        // described at https://github.com/owncloud/core/pull/12912#issuecomment-67391155
        if (OC_User::isIncognitoMode()) {
            return null;

• Read up
  Read up

Function checkTokenCredentials has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.

Open

    private function checkTokenCredentials(IToken $dbToken, $token) {
        // Check whether login credentials are still valid and the user was not disabled
        // This check is performed each 5 minutes per default
        // However, we try to read last_check_timeout from the appconfig table so the
        // administrator could change this 5 minutes timeout

• Read up
  Read up