Saml2Controller::logout() - Code Metrics - Inspection of "Use Laravel redirect to prevent exit();" - 24Slides/laravel-saml2 - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#57)

unknown

created 2023-02-23 10:08 UTC

Saml2Controller::logout() A

↳ Parent: Project

Complexity

Conditions	1
Paths	1

Size

Total Lines	6
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	4
c	0
b	0
f	0
nc	1
nop	2
dl	0
loc	6
rs	10

<?php

namespace Slides\Saml2\Http\Controllers;

use Slides\Saml2\Events\SignedIn;
use Slides\Saml2\Auth;
use Illuminate\Routing\Controller;
use Illuminate\Http\Request;
use OneLogin\Saml2\Error as OneLoginError;

/**
 * Class Saml2Controller
 *
 * @package Slides\Saml2\Http\Controllers
 */
class Saml2Controller extends Controller
{
    /**
     * Render the metadata.
     *
     * @param Auth $auth
     *
     * @return \Illuminate\Support\Facades\Response
     *
     * @throws OneLoginError
     */
    public function metadata(Auth $auth)
    {
        $metadata = $auth->getMetadata();

        return response($metadata, 200, ['Content-Type' => 'text/xml']);
    }

    /**
     * Process the SAML Response sent by the IdP.
     *
     * Fires "SignedIn" event if a valid user is found.
     *
     * @param Auth $auth
     *
     * @return \Illuminate\Support\Facades\Redirect
     *
     * @throws OneLoginError
     * @throws \OneLogin\Saml2\ValidationError
     */
    public function acs(Auth $auth, $idpName, Request $request)
    {
        $this->setRequest($request);
        $errors = $auth->acs();

        if (!empty($errors)) {
            logger()->error('saml2.error_detail', ['error' => $auth->getLastErrorReason()]);
            session()->flash('saml2.error_detail', [$auth->getLastErrorReason()]);

            logger()->error('saml2.error', $errors);
            session()->flash('saml2.error', $errors);

            return redirect(config('saml2.errorRoute'));
        }

        $user = $auth->getSaml2User();

        event(new SignedIn($user, $auth));

        $redirectUrl = $user->getIntendedUrl();

        $this->unsetRequest();

        if ($redirectUrl) {
            return redirect($redirectUrl);
        }

        return redirect($auth->getTenant()->relay_state_url ?: config('saml2.loginRoute'));
    }

    /**
     * Process the SAML Logout Response / Logout Request sent by the IdP.
     *
     * Fires 'saml2.logoutRequestReceived' event if its valid.
     *
     * This means the user logged out of the SSO infrastructure, you 'should' log him out locally too.
     *
     * @param Auth $auth
     *
     * @return \Illuminate\Support\Facades\Redirect
     *
     * @throws OneLoginError
     * @throws \Exception
     */
    public function sls(Auth $auth, $idpName, Request $request)
    {
        $this->setRequest($request);

        $errors = $auth->sls(config('saml2.retrieveParametersFromServer'));

        $this->unsetRequest();

        if (!empty($errors)) {
            logger()->error('saml2.error_detail', ['error' => $auth->getLastErrorReason()]);
            session()->flash('saml2.error_detail', [$auth->getLastErrorReason()]);

            logger()->error('saml2.error', $errors);
            session()->flash('saml2.error', $errors);

            return redirect(config('saml2.errorRoute'));
        }

        return redirect(config('saml2.logoutRoute')); //may be set a configurable default
    }

    /**
     * Initiate a login request.
     *
     * @param Illuminate\Http\Request $request
     * @param Auth $auth
     *
     * @return void
     *
     * @throws OneLoginError
     */
    public function login(Request $request, Auth $auth, $idpName)
    {
        $this->setRequest($request);

        $redirectUrl = $auth->getTenant()->relay_state_url ?: config('saml2.loginRoute');

        $redirectUrl = $auth->login(
            $request->query('returnTo', $redirectUrl),
            [],
            false,
            false,
            true
        );

        $this->unsetRequest();

        return redirect($redirectUrl);
    }

    /**
     * Initiate a logout request.
     *
     * @param Illuminate\Http\Request $request
     * @param Auth $auth
     *
     * @return void
     *
     * @throws OneLoginError
     */
    public function logout(Request $request, Auth $auth)
    {
        $this->setRequest($request);

        $redirectUrl = $auth->logout(
            $request->query('returnTo'),
            $request->query('nameId'),
            $request->query('sessionIndex'),
            null,
            true
        );

        $this->unsetRequest();

        return redirect($redirectUrl);
    }

    /**
     * Add needed superglobals for php-saml that swoole does not provide
     *
     * @param Request $request
     *
     * @return void
     */
    private function setRequest(Request $request)
    {
        $_POST['SAMLResponse'] = array_key_exists('SAMLResponse', $request->post()) ? $request->post()['SAMLResponse'] : null;
        $_GET['SAMLResponse'] = array_key_exists('SAMLResponse', $request->query()) ? $request->query()['SAMLResponse'] : null;
        $_GET['SAMLRequest'] = array_key_exists('SAMLRequest', $request->query()) ? $request->query()['SAMLRequest'] : null;
        $_GET['RelayState'] = array_key_exists('RelayState', $request->query()) ? $request->query()['RelayState'] : null;
        $_GET['Signature'] = array_key_exists('Signature', $request->query()) ? $request->query()['Signature'] : null;
        $_REQUEST['RelayState'] = array_key_exists('RelayState', $request->all()) ? $request->all()['RelayState'] : null;

        if (!empty($request->server->get('HTTP_X_FORWARDED_PROTO'))) {
            $_SERVER['HTTP_X_FORWARDED_PROTO'] = $request->server->get('HTTP_X_FORWARDED_PROTO');
        }
        if (!empty($request->server->get('HTTP_X_FORWARDED_HOST'))) {
            $_SERVER['HTTP_X_FORWARDED_HOST'] = $request->server->get('HTTP_X_FORWARDED_HOST');
        } else {
            $_SERVER['HTTP_HOST'] = parse_url(config('app.url'), PHP_URL_HOST);
        }
    }

    /**
     * Remove superglobals that were needed for php-saml that swoole does not provide
     *
     *
     * @return void
     */
    private function unsetRequest()
    {
        unset(
            $_POST['SAMLResponse'],
            $_GET['SAMLResponse'],
            $_GET['SAMLRequest'],
            $_GET['RelayState'],
            $_GET['Signature'],
            $_REQUEST['RelayState'],
            $_SERVER['HTTP_X_FORWARDED_PROTO'],
            $_SERVER['HTTP_X_FORWARDED_HOST'],
            $_SERVER['HTTP_HOST'],
        );

    }
}


1			<?php
2
3			namespace Slides\Saml2\Http\Controllers;
4
5			use Slides\Saml2\Events\SignedIn;
6			use Slides\Saml2\Auth;
7			use Illuminate\Routing\Controller;
8			use Illuminate\Http\Request;
9			use OneLogin\Saml2\Error as OneLoginError;
10
11			/**
12			* Class Saml2Controller
13			*
14			* @package Slides\Saml2\Http\Controllers
15			*/
16			class Saml2Controller extends Controller
17			{
18			/**
19			* Render the metadata.
20			*
21			* @param Auth $auth
22			*
23			* @return \Illuminate\Support\Facades\Response
24			*
25			* @throws OneLoginError
26			*/
27			public function metadata(Auth $auth)
28			{
29			$metadata = $auth->getMetadata();
30
31			return response($metadata, 200, ['Content-Type' => 'text/xml']);
32			}
33
34			/**
35			* Process the SAML Response sent by the IdP.
36			*
37			* Fires "SignedIn" event if a valid user is found.
38			*
39			* @param Auth $auth
40			*
41			* @return \Illuminate\Support\Facades\Redirect
42			*
43			* @throws OneLoginError
44			* @throws \OneLogin\Saml2\ValidationError
45			*/
46			public function acs(Auth $auth, $idpName, Request $request)
47			{
48			$this->setRequest($request);
49			$errors = $auth->acs();
50
51			if (!empty($errors)) {
52			logger()->error('saml2.error_detail', ['error' => $auth->getLastErrorReason()]);
53			session()->flash('saml2.error_detail', [$auth->getLastErrorReason()]);
54
55			logger()->error('saml2.error', $errors);
56			session()->flash('saml2.error', $errors);
57
58			return redirect(config('saml2.errorRoute'));
59			}
60
61			$user = $auth->getSaml2User();
62
63			event(new SignedIn($user, $auth));
64
65			$redirectUrl = $user->getIntendedUrl();
66
67			$this->unsetRequest();
68
69			if ($redirectUrl) {
70			return redirect($redirectUrl);
71			}
72
73			return redirect($auth->getTenant()->relay_state_url ?: config('saml2.loginRoute'));
74			}
75
76			/**
77			* Process the SAML Logout Response / Logout Request sent by the IdP.
78			*
79			* Fires 'saml2.logoutRequestReceived' event if its valid.
80			*
81			* This means the user logged out of the SSO infrastructure, you 'should' log him out locally too.
82			*
83			* @param Auth $auth
84			*
85			* @return \Illuminate\Support\Facades\Redirect
86			*
87			* @throws OneLoginError
88			* @throws \Exception
89			*/
90			public function sls(Auth $auth, $idpName, Request $request)
91			{
92			$this->setRequest($request);
93
94			$errors = $auth->sls(config('saml2.retrieveParametersFromServer'));
95
96			$this->unsetRequest();
97
98			if (!empty($errors)) {
99			logger()->error('saml2.error_detail', ['error' => $auth->getLastErrorReason()]);
100			session()->flash('saml2.error_detail', [$auth->getLastErrorReason()]);
101
102			logger()->error('saml2.error', $errors);
103			session()->flash('saml2.error', $errors);
104
105			return redirect(config('saml2.errorRoute'));
106			}
107
108			return redirect(config('saml2.logoutRoute')); //may be set a configurable default
109			}
110
111			/**
112			* Initiate a login request.
113			*
114			* @param Illuminate\Http\Request $request
115			* @param Auth $auth
116			*
117			* @return void
118			*
119			* @throws OneLoginError
120			*/
121			public function login(Request $request, Auth $auth, $idpName)
122			{
123			$this->setRequest($request);
124
125			$redirectUrl = $auth->getTenant()->relay_state_url ?: config('saml2.loginRoute');
126
127			$redirectUrl = $auth->login(
128			$request->query('returnTo', $redirectUrl),
129			[],
130			false,
131			false,
132			true
133			);
134
135			$this->unsetRequest();
136
137			return redirect($redirectUrl);
138			}
139
140			/**
141			* Initiate a logout request.
142			*
143			* @param Illuminate\Http\Request $request
144			* @param Auth $auth
145			*
146			* @return void
147			*
148			* @throws OneLoginError
149			*/
150			public function logout(Request $request, Auth $auth)
151			{
152			$this->setRequest($request);
153
154			$redirectUrl = $auth->logout(
155			$request->query('returnTo'),
156			$request->query('nameId'),
157			$request->query('sessionIndex'),
158			null,
159			true
160			);
161
162			$this->unsetRequest();
163
164			return redirect($redirectUrl);
165			}
166
167			/**
168			* Add needed superglobals for php-saml that swoole does not provide
169			*
170			* @param Request $request
171			*
172			* @return void
173			*/
174			private function setRequest(Request $request)
175			{
176			$_POST['SAMLResponse'] = array_key_exists('SAMLResponse', $request->post()) ? $request->post()['SAMLResponse'] : null;
177			$_GET['SAMLResponse'] = array_key_exists('SAMLResponse', $request->query()) ? $request->query()['SAMLResponse'] : null;
178			$_GET['SAMLRequest'] = array_key_exists('SAMLRequest', $request->query()) ? $request->query()['SAMLRequest'] : null;
179			$_GET['RelayState'] = array_key_exists('RelayState', $request->query()) ? $request->query()['RelayState'] : null;
180			$_GET['Signature'] = array_key_exists('Signature', $request->query()) ? $request->query()['Signature'] : null;
181			$_REQUEST['RelayState'] = array_key_exists('RelayState', $request->all()) ? $request->all()['RelayState'] : null;
182
183			if (!empty($request->server->get('HTTP_X_FORWARDED_PROTO'))) {
184			$_SERVER['HTTP_X_FORWARDED_PROTO'] = $request->server->get('HTTP_X_FORWARDED_PROTO');
185			}
186			if (!empty($request->server->get('HTTP_X_FORWARDED_HOST'))) {
187			$_SERVER['HTTP_X_FORWARDED_HOST'] = $request->server->get('HTTP_X_FORWARDED_HOST');
188			} else {
189			$_SERVER['HTTP_HOST'] = parse_url(config('app.url'), PHP_URL_HOST);
190			}
191			}
192
193			/**
194			* Remove superglobals that were needed for php-saml that swoole does not provide
195			*
196			*
197			* @return void
198			*/
199			private function unsetRequest()
200			{
201			unset(
202			$_POST['SAMLResponse'],
203			$_GET['SAMLResponse'],
204			$_GET['SAMLRequest'],
205			$_GET['RelayState'],
206			$_GET['Signature'],
207			$_REQUEST['RelayState'],
208			$_SERVER['HTTP_X_FORWARDED_PROTO'],
209			$_SERVER['HTTP_X_FORWARDED_HOST'],
210			$_SERVER['HTTP_HOST'],
211			);
			0 ignored issues – show Bug introduced 2023-02-23 10:12 UTC by Report Bug Copy Issue Report A parse error occurred: Syntax error, unexpected ')' on line 211 at column 8 Loading history...
212			}
213			}
214

24Slides / laravel-saml2

Pull Request — master (#57)

Saml2Controller::logout() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like