Auth::getMetadata() - Code Metrics - Inspection of "[BC brake] Avoid DB for configuration" - 24Slides/laravel-saml2 - Measure and Improve Code Quality continuously with Scrutinizer

Test Failed

Pull Request — master (#108)

unknown

created 2024-11-29 02:55 UTC

Auth::getMetadata() A

↳ Parent: Auth

Complexity

Conditions	2
Paths	2

Size

Total Lines	13
Code Lines	8

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	6

Importance

Changes

Metric	Value
eloc	8
c	0
b	0
f	0
dl	0
loc	13
ccs	0
cts	8
cp	0
rs	10
cc	2
nc	2
nop	0
crap	6

<?php

namespace Slides\Saml2;

use OneLogin\Saml2\Auth as OneLoginAuth;
use OneLogin\Saml2\Error as OneLoginError;
use Slides\Saml2\Events\SignedOut;

/**
 * Class Auth
 *
 * @package Slides\Saml2
 */
class Auth
{
    /**
     * The base authentication handler.
     *
     * @var OneLoginAuth
     */
    protected $base;

    /**
     * The resolved IdP configuration.
     *
     * @var array
     */
    protected $idp;

    /**
     * Auth constructor.
     *
     * @param OneLoginAuth $auth
     * @param array $idp
     */
    public function __construct(OneLoginAuth $auth, array $idp)
    {
        $this->base = $auth;
        $this->idp = $idp;
    }

    /**
     * Checks whether a user is authenticated.
     *
     * @return bool
     */
    public function isAuthenticated()
    {
        return $this->base->isAuthenticated();
    }

    /**
     * Create a SAML2 user.
     *
     * @return Saml2User
     */
    public function getSaml2User()
    {
        return new Saml2User($this->base);
    }

    /**
     * The ID of the last message processed.
     *
     * @return String
     */
    public function getLastMessageId()
    {
        return $this->base->getLastMessageId();
    }

    /**
     * Initiate a saml2 login flow.
     *
     * It will redirect! Before calling this, check if user is
     * authenticated (here in saml2). That would be true when the assertion was received this request.
     *
     * @param string|null $returnTo The target URL the user should be returned to after login.
     * @param array $parameters Extra parameters to be added to the GET
     * @param bool $forceAuthn When true the AuthNReuqest will set the ForceAuthn='true'
     * @param bool $isPassive When true the AuthNReuqest will set the Ispassive='true'
     * @param bool $stay True if we want to stay (returns the url string) False to redirect
     * @param bool $setNameIdPolicy When true the AuthNReuqest will set a nameIdPolicy element
     *
     * @return string|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
     *
     * @throws OneLoginError
     */
    public function login(
        $returnTo = null,
        $parameters = array(),
        $forceAuthn = false,
        $isPassive = false,
        $stay = false,
        $setNameIdPolicy = true
    )
    {
        return $this->base->login($returnTo, $parameters, $forceAuthn, $isPassive, $stay, $setNameIdPolicy);
    }

    /**
     * Initiate a saml2 logout flow. It will close session on all other SSO services.
     * You should close local session if applicable.
     *
     * @param string|null $returnTo The target URL the user should be returned to after logout.
     * @param string|null $nameId The NameID that will be set in the LogoutRequest.
     * @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process).
     * @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest.
     * @param bool $stay True if we want to stay (returns the url string) False to redirect
     * @param string|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest.
     *
     * @return string|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
     *
     * @throws OneLoginError
     */
    public function logout(
        $returnTo = null,
        $nameId = null,
        $sessionIndex = null,
        $nameIdFormat = null,
        $stay = false,
        $nameIdNameQualifier = null
    )
    {
        $auth = $this->base;

        return $auth->logout($returnTo, [], $nameId, $sessionIndex, $stay, $nameIdFormat, $nameIdNameQualifier);
    }

    /**
     * Process the SAML Response sent by the IdP.
     *
     * @return array|null
     *
     * @throws OneLoginError
     * @throws \OneLogin\Saml2\ValidationError
     */
    public function acs()
    {
        $this->base->processResponse();

        $errors = $this->base->getErrors();

        if (!empty($errors)) {
            return $errors;
        }

        if (!$this->base->isAuthenticated()) {
            return ['error' => 'Could not authenticate'];
        }

        return null;
    }

    /**
     * Process the SAML Logout Response / Logout Request sent by the IdP.
     *
     * Returns an array with errors if it can not logout.
     *
     * @param bool $retrieveParametersFromServer
     *
     * @return array
     *
     * @throws \OneLogin\Saml2\Error
     */
    public function sls($retrieveParametersFromServer = false)
    {
        $this->base->processSLO(false, null, $retrieveParametersFromServer, function () {
            event(new SignedOut());
        });

        $errors = $this->base->getErrors();

        return $errors;
    }

    /**
     * Get metadata about the local SP. Use this to configure your Saml2 IdP.
     *
     * @return string
     *
     * @throws \OneLogin\Saml2\Error
     * @throws \Exception
     * @throws \InvalidArgumentException If metadata is not correctly set
     */
    public function getMetadata()
    {
        $settings = $this->base->getSettings();
        $metadata = $settings->getSPMetadata();
        $errors = $settings->validateMetadata($metadata);

        if (!count($errors)) {
            return $metadata;
        }

        throw new \InvalidArgumentException(
            'Invalid SP metadata: ' . implode(', ', $errors),
            OneLoginError::METADATA_SP_INVALID
        );
    }

    /**
     * Get the last error reason from \OneLogin_Saml2_Auth, useful for error debugging.
     *
     * @see \OneLogin_Saml2_Auth::getLastErrorReason()
     *
     * @return string
     */
    public function getLastErrorReason()
    {
        return $this->base->getLastErrorReason();
    }

    /**
     * Get the base authentication handler.
     *
     * @return OneLoginAuth
     */
    public function getBase()
    {
        return $this->base;
    }

    /**
     * Get IDP key.
     *
     * @return string
     */
    public function getIdpKey()
    {
        return $this->idp['key'];
    }

    /**
     * Get IDP relay state URL, if configured.
     *
     * @return string|null
     */
    public function getIdpRelayStateUrl()
    {
        return $this->idp['relay_state_url'] ?? null;
    }
}


1		<?php
2
3		namespace Slides\Saml2;
4
5		use OneLogin\Saml2\Auth as OneLoginAuth;
6		use OneLogin\Saml2\Error as OneLoginError;
7		use Slides\Saml2\Events\SignedOut;
8
9		/**
10		* Class Auth
11		*
12		* @package Slides\Saml2
13		*/
14		class Auth
15		{
16		/**
17		* The base authentication handler.
18		*
19		* @var OneLoginAuth
20		*/
21		protected $base;
22
23		/**
24		* The resolved IdP configuration.
25		*
26		* @var array
27		*/
28		protected $idp;
29
30		/**
31		* Auth constructor.
32		*
33		* @param OneLoginAuth $auth
34		* @param array $idp
35		*/
36		public function __construct(OneLoginAuth $auth, array $idp)
37	12	{
38		$this->base = $auth;
39	12	$this->idp = $idp;
40	12	}
41	12
42		/**
43		* Checks whether a user is authenticated.
44		*
45		* @return bool
46		*/
47		public function isAuthenticated()
48	1	{
49		return $this->base->isAuthenticated();
50	1	}
51
52		/**
53		* Create a SAML2 user.
54		*
55		* @return Saml2User
56		*/
57		public function getSaml2User()
58	3	{
59		return new Saml2User($this->base);
60	3	}
61
62		/**
63		* The ID of the last message processed.
64		*
65		* @return String
66		*/
67		public function getLastMessageId()
68		{
69		return $this->base->getLastMessageId();
70		}
71
72		/**
73		* Initiate a saml2 login flow.
74		*
75		* It will redirect! Before calling this, check if user is
76		* authenticated (here in saml2). That would be true when the assertion was received this request.
77		*
78		* @param string\|null $returnTo The target URL the user should be returned to after login.
79		* @param array $parameters Extra parameters to be added to the GET
80		* @param bool $forceAuthn When true the AuthNReuqest will set the ForceAuthn='true'
81		* @param bool $isPassive When true the AuthNReuqest will set the Ispassive='true'
82		* @param bool $stay True if we want to stay (returns the url string) False to redirect
83		* @param bool $setNameIdPolicy When true the AuthNReuqest will set a nameIdPolicy element
84		*
85		* @return string\|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
86		*
87		* @throws OneLoginError
88		*/
89		public function login(
90	1	$returnTo = null,
91		$parameters = array(),
92		$forceAuthn = false,
93		$isPassive = false,
94		$stay = false,
95		$setNameIdPolicy = true
96		)
97		{
98		return $this->base->login($returnTo, $parameters, $forceAuthn, $isPassive, $stay, $setNameIdPolicy);
99	1	}
100
101		/**
102		* Initiate a saml2 logout flow. It will close session on all other SSO services.
103		* You should close local session if applicable.
104		*
105		* @param string\|null $returnTo The target URL the user should be returned to after logout.
106		* @param string\|null $nameId The NameID that will be set in the LogoutRequest.
107		* @param string\|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process).
108		* @param string\|null $nameIdFormat The NameID Format will be set in the LogoutRequest.
109		* @param bool $stay True if we want to stay (returns the url string) False to redirect
110		* @param string\|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest.
111		*
112		* @return string\|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
113		*
114		* @throws OneLoginError
115		*/
116		public function logout(
117	1	$returnTo = null,
118		$nameId = null,
119		$sessionIndex = null,
120		$nameIdFormat = null,
121		$stay = false,
122		$nameIdNameQualifier = null
123		)
124		{
125		$auth = $this->base;
126	1
127		return $auth->logout($returnTo, [], $nameId, $sessionIndex, $stay, $nameIdFormat, $nameIdNameQualifier);
128	1	}
129
130		/**
131		* Process the SAML Response sent by the IdP.
132		*
133		* @return array\|null
134		*
135		* @throws OneLoginError
136		* @throws \OneLogin\Saml2\ValidationError
137		*/
138		public function acs()
139	3	{
140		$this->base->processResponse();
141	3
142		$errors = $this->base->getErrors();
143	3
144		if (!empty($errors)) {
145	3	return $errors;
146	1	}
147
148		if (!$this->base->isAuthenticated()) {
149	2	return ['error' => 'Could not authenticate'];
150	1	}
151
152		return null;
153	1	}
154
155		/**
156		* Process the SAML Logout Response / Logout Request sent by the IdP.
157		*
158		* Returns an array with errors if it can not logout.
159		*
160		* @param bool $retrieveParametersFromServer
161		*
162		* @return array
163		*
164		* @throws \OneLogin\Saml2\Error
165		*/
166		public function sls($retrieveParametersFromServer = false)
167	2	{
168		$this->base->processSLO(false, null, $retrieveParametersFromServer, function () {
169		event(new SignedOut());
170		});
171	2
172		$errors = $this->base->getErrors();
173	2
174		return $errors;
175	2	}
176
177		/**
178		* Get metadata about the local SP. Use this to configure your Saml2 IdP.
179		*
180		* @return string
181		*
182		* @throws \OneLogin\Saml2\Error
183		* @throws \Exception
184		* @throws \InvalidArgumentException If metadata is not correctly set
185		*/
186		public function getMetadata()
187		{
188		$settings = $this->base->getSettings();
189		$metadata = $settings->getSPMetadata();
190		$errors = $settings->validateMetadata($metadata);
191
192		if (!count($errors)) {
193		return $metadata;
194		}
195
196		throw new \InvalidArgumentException(
197		'Invalid SP metadata: ' . implode(', ', $errors),
198		OneLoginError::METADATA_SP_INVALID
199		);
200		}
201
202		/**
203		* Get the last error reason from \OneLogin_Saml2_Auth, useful for error debugging.
204		*
205		* @see \OneLogin_Saml2_Auth::getLastErrorReason()
206		*
207		* @return string
208		*/
209		public function getLastErrorReason()
210	1	{
211		return $this->base->getLastErrorReason();
212	1	}
213
214		/**
215		* Get the base authentication handler.
216		*
217		* @return OneLoginAuth
218		*/
219		public function getBase()
220		{
221		return $this->base;
222		}
223
224		/**
225		* Get IDP key.
226		*
227		* @return string
228		*/
229		public function getIdpKey()
230		{
231		return $this->idp['key'];
232		}
233
234		/**
235		* Get IDP relay state URL, if configured.
236		*
237		* @return string\|null
238		*/
239		public function getIdpRelayStateUrl()
240		{
241		return $this->idp['relay_state_url'] ?? null;
242		}
243		}
244

24Slides / laravel-saml2

Pull Request — master (#108)

Auth::getMetadata() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like