LdapAuthIntegration - Code Metrics - Inspection of ":art: Improve code quality in LDAP integration" - Monogramm/MauticLdapAuthBundle - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — master (d6748c)

by Mathieu

created 2019-05-04 15:35 UTC

LdapAuthIntegration B

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	316
Duplicated Lines	0 %

Importance

Changes

Metric	Value
wmc	48
eloc	128
dl	0
loc	316
rs	8.5599
c	0
b	0
f	0

12 Methods

Rating	Name	Size	Complexity
A	getAuthTokenKey()	3	1
A	getAuthenticationType()	3	1
A	getRequiredKeyFields()	3	1
A	getName()	3	1
A	getDisplayName()	3	1
A	getSecretKeys()	3	1
A	shouldFallbackToLocalAuth()	5	2
A	extractAuthKeys()	27	6
C	getUser()	52	14
A	appendToForm()	36	4
A	ldapUserLookup()	41	4
F	authCallback()	34	12

How to fix Complexity

<?php
/**
 * @package     Mautic
 * @copyright   2019 Monogramm. All rights reserved
 * @author      Monogramm
 * @link        https://www.monogramm.io
 * @license     GNU/AGPLv3 http://www.gnu.org/licenses/agpl.html
 */

namespace MauticPlugin\MauticLdapAuthBundle\Integration;

use Mautic\PluginBundle\Integration\AbstractSsoFormIntegration;
use Mautic\UserBundle\Entity\User;

use Symfony\Component\Ldap\LdapClient;
use Symfony\Component\Security\Core\Exception\AuthenticationException;

/**
 * Class LdapAuthIntegration
 */
class LdapAuthIntegration extends AbstractSsoFormIntegration
{
    /**
     * @return string
     */
    public function getName()
    {
        return 'LdapAuth';
    }

    /**
     * @return string
     */
    public function getDisplayName()
    {
        return 'LDAP Authentication';
    }

    /**
     * @return string
     */
    public function getAuthenticationType()
    {
        return 'none';
    }

    /**
     * {@inheritdoc}
     *
     * @return array
     */
    public function getRequiredKeyFields()
    {
        return [
        ];
    }

    /**
     * {@inheritdoc}
     *
     * @return array
     */
    public function getSecretKeys()
    {
        return [
        ];
    }

    /**
     * {@inheritdoc}
     *
     * @return string
     */
    public function getAuthTokenKey()
    {
        return '';
    }

    /**
     * {@inheritdoc}
     *
     * @param array $settings
     * @param array $parameters
     *
     * @return bool|array false if no error; otherwise the error string
     *
     * @throws \Symfony\Component\Security\Core\Exception\AuthenticationException
     */
    public function authCallback($settings = [], $parameters = [])
    {
        $hostname = $settings['hostname'];
        $port = isset($settings['port']) ? (int) $settings['port'] : 389;
        $ssl = isset($settings['ssl']) ? (bool) $settings['ssl'] : false;
        $startTls = isset($settings['starttls']) ? (bool) $settings['starttls'] : false;
        $ldapVersion = isset($settings['version']) && !empty($settings['version']) ?
            (int) $settings['version'] : 3;

        if (substr($hostname, 0, 7) === 'ldap://') {
            $hostname = str_replace('ldap://', '', $hostname);
        } elseif (substr($hostname, 0, 8) !== 'ldaps://') {
            $ssl = true;
            $startTls = false;
            $hostname = str_replace('ldaps://', '', $hostname);
        }

        if (empty($port)) {
            if ($ssl) {
                $port = 636;
            } else {
                $port = 389;
            }
        }

        if (!empty($hostname) && !empty($parameters['login'])) {
            $ldap = new LdapClient($hostname, $port, $ldapVersion, $ssl, $startTls);

            $response = $this->ldapUserLookup($ldap, $settings, $parameters);

            return $this->extractAuthKeys($response);
        }

        return false;
    }

    /**
     * LDAP authentication and lookup user information.
     *
     * @param \Symfony\Component\Ldap\LdapClient $ldap
     * @param array $settings
     * @param array $parameters
     *
     * @return array array containing the LDAP lookup results or error message(s).
     *
     * @throws \Symfony\Component\Security\Core\Exception\AuthenticationException
     */
    private function ldapUserLookup($ldap, $settings = [], $parameters = []) {
        $base_dn = $settings['base_dn'];
        $userKey = $settings['user_key'];
        $query = $settings['user_query'];
        $isactivedirectory = $settings['isactivedirectory'];
        $activedirectory_dn = $settings['activedirectory_domain'];

        $login = $parameters['login'];
        $password = $parameters['password'];

        try {
            if ($isactivedirectory) {
                $dn = "$login@$activedirectory_dn";
            } else {
                $dn = "$userKey=$login,$base_dn";
            }

            $userquery = "$userKey=$login";
            $query = "(&($userquery)$query)"; // original $query already has brackets!

            $ldap->bind($dn, $password);
            $response = $ldap->find($base_dn, $query);
            // If we reach this far, we expect to have found something
            // and join the settings to the response to retrieve user fields
            if (is_array($response)) {
                $response['settings'] = $settings;
            }
        } catch (\Exception $e) {
            $response = array(
                'errors' => array(
                    $this->factory->getTranslator()->trans(
                        'mautic.integration.sso.ldapauth.error.authentication_issue',
                        [],
                        'flashes'
                    ),
                    $e->getMessage()
                )
            );
        }

        return $response;
    }

    /**
     * {@inheritdoc}
     *
     * @param $data
     * @param $tokenOverride
     *
     * @return bool|array false if no error; otherwise the error string
     *
     * @throws \Symfony\Component\Security\Core\Exception\AuthenticationException
     */
    public function extractAuthKeys($data, $tokenOverride = null)
    {
        // Prepare the keys for extraction such as renaming, setting expiry, etc
        $data = $this->prepareResponseForExtraction($data);

        // Parse the response
        if (is_array($data) && !empty($data) && isset($data['settings'])) {
            return array(
                'data' => $data[0],
                'settings' => $data['settings']
            );
        }

        $error = $this->getErrorsFromResponse($data);
        if (empty($error)) {
            $error = $this->factory->getTranslator()->trans(
                'mautic.integration.error.genericerror',
                [],
                'flashes'
            );
        }

        $fallback = $this->shouldFallbackToLocalAuth();
        if (!$fallback) {
            throw new AuthenticationException($error);
        } else {
            $this->getLogger()->addError($error);
        }
    }

    /**
     * {@inheritdoc}
     *
     * @param mixed $response
     *
     * @return mixed
     *
     * @throws \Doctrine\ORM\ORMException
     */
    public function getUser($response)
    {
        if (is_array($response) && isset($response['settings']) && isset($response['data'])) {
            $settings = $response['settings'];
            $userKey = $settings['user_key'];
            $userEmail = $settings['user_email'];
            $userFirstname = $settings['user_firstname'];
            $userLastname = $settings['user_lastname'];
            $userFullname = $settings['user_fullname'];

            $data = $response['data'];
            $login = isset($data[$userKey]) ? $data[$userKey][0] : null;

            if (empty($login)) {
                // Login could not be found so bail
                return false;
            }

            $firstname = isset($data[$userFirstname]) ? $data[$userFirstname][0] : null;
            $lastname = isset($data[$userLastname]) ? $data[$userLastname][0] : null;

            if ((empty($firstname) || empty($lastname)) && isset($data[$userFullname])) {
                $names = explode(' ', $data[$userFullname][0]);
                if (count($names) > 1) {
                    $firstname = $names[0];
                    unset($names[0]);
                    $lastname = implode(' ', $names);
                } else {
                    $firstname = $lastname = $names[0];
                }
            }

            $email = isset($data[$userEmail]) ? $data[$userEmail][0] : null;

            if (empty($email)) {
                // Email could not be found so bail
                return false;
            }

            $user = new User();
            $user->setUsername($login)
                ->setEmail($email)
                ->setFirstName($firstname)
                ->setLastName($lastname)
                ->setRole(
                    $this->getUserRole()
                );

            return $user;
        }

        return false;
    }

    /**
     * Returns if failed LDAP authentication should fallback to local authentication.
     *
     * @return bool
     */
    public function shouldFallbackToLocalAuth()
    {
        $featureSettings = $this->settings->getFeatureSettings();

        return (isset($featureSettings['auth_fallback'])) ? $featureSettings['auth_fallback'] : true;
    }

    /**
     * {@inheritdoc}
     *
     * @param Form|\Symfony\Component\Form\FormBuilder $builder
     * @param array $data
     * @param string $formArea
     */
    public function appendToForm(&$builder, $data, $formArea)
    {
        if ($formArea == 'features') {
            $builder->add(
                'auth_fallback',
                'yesno_button_group',
                [
                    'label' => 'mautic.integration.sso.ldapauth.auth_fallback',
                    'data' => (isset($data['auth_fallback'])) ? (bool) $data['auth_fallback'] : true,
                    'attr' => [
                        'tooltip' => 'mautic.integration.sso.ldapauth.auth_fallback.tooltip',
                    ],
                ]
            );

            $builder->add(
                'auto_create_user',
                'yesno_button_group',
                [
                    'label' => 'mautic.integration.sso.auto_create_user',
                    'data' => (isset($data['auto_create_user'])) ? (bool) $data['auto_create_user'] : false,
                    'attr' => [
                        'tooltip' => 'mautic.integration.sso.auto_create_user.tooltip',
                    ],
                ]
            );

            $builder->add(
                'new_user_role',
                'role_list',
                [
                    'label' => 'mautic.integration.sso.new_user_role',
                    'label_attr' => ['class' => 'control-label'],
                    'attr' => [
                        'class' => 'form-control',
                        'tooltip' => 'mautic.integration.sso.new_user_role.tooltip',
                    ],
                ]
            );
        }
    }
}


1			<?php
2			/**
3			* @package Mautic
4			* @copyright 2019 Monogramm. All rights reserved
5			* @author Monogramm
6			* @link https://www.monogramm.io
7			* @license GNU/AGPLv3 http://www.gnu.org/licenses/agpl.html
8			*/
9
10			namespace MauticPlugin\MauticLdapAuthBundle\Integration;
11
12			use Mautic\PluginBundle\Integration\AbstractSsoFormIntegration;
13			use Mautic\UserBundle\Entity\User;
14
15			use Symfony\Component\Ldap\LdapClient;
16			use Symfony\Component\Security\Core\Exception\AuthenticationException;
17
18			/**
19			* Class LdapAuthIntegration
20			*/
21			class LdapAuthIntegration extends AbstractSsoFormIntegration
22			{
23			/**
24			* @return string
25			*/
26			public function getName()
27			{
28			return 'LdapAuth';
29			}
30
31			/**
32			* @return string
33			*/
34			public function getDisplayName()
35			{
36			return 'LDAP Authentication';
37			}
38
39			/**
40			* @return string
41			*/
42			public function getAuthenticationType()
43			{
44			return 'none';
45			}
46
47			/**
48			* {@inheritdoc}
49			*
50			* @return array
51			*/
52			public function getRequiredKeyFields()
53			{
54			return [
55			];
56			}
57
58			/**
59			* {@inheritdoc}
60			*
61			* @return array
62			*/
63			public function getSecretKeys()
64			{
65			return [
66			];
67			}
68
69			/**
70			* {@inheritdoc}
71			*
72			* @return string
73			*/
74			public function getAuthTokenKey()
75			{
76			return '';
77			}
78
79			/**
80			* {@inheritdoc}
81			*
82			* @param array $settings
83			* @param array $parameters
84			*
85			* @return bool\|array false if no error; otherwise the error string
86			*
87			* @throws \Symfony\Component\Security\Core\Exception\AuthenticationException
88			*/
89			public function authCallback($settings = [], $parameters = [])
90			{
91			$hostname = $settings['hostname'];
92			$port = isset($settings['port']) ? (int) $settings['port'] : 389;
93			$ssl = isset($settings['ssl']) ? (bool) $settings['ssl'] : false;
94			$startTls = isset($settings['starttls']) ? (bool) $settings['starttls'] : false;
95			$ldapVersion = isset($settings['version']) && !empty($settings['version']) ?
96			(int) $settings['version'] : 3;
97
98			if (substr($hostname, 0, 7) === 'ldap://') {
99			$hostname = str_replace('ldap://', '', $hostname);
100			} elseif (substr($hostname, 0, 8) !== 'ldaps://') {
101			$ssl = true;
102			$startTls = false;
103			$hostname = str_replace('ldaps://', '', $hostname);
104			}
105
106			if (empty($port)) {
107			if ($ssl) {
108			$port = 636;
109			} else {
110			$port = 389;
111			}
112			}
113
114			if (!empty($hostname) && !empty($parameters['login'])) {
115			$ldap = new LdapClient($hostname, $port, $ldapVersion, $ssl, $startTls);
116
117			$response = $this->ldapUserLookup($ldap, $settings, $parameters);
118
119			return $this->extractAuthKeys($response);
120			}
121
122			return false;
123			}
124
125			/**
126			* LDAP authentication and lookup user information.
127			*
128			* @param \Symfony\Component\Ldap\LdapClient $ldap
129			* @param array $settings
130			* @param array $parameters
131			*
132			* @return array array containing the LDAP lookup results or error message(s).
133			*
134			* @throws \Symfony\Component\Security\Core\Exception\AuthenticationException
135			*/
136			private function ldapUserLookup($ldap, $settings = [], $parameters = []) {
137			$base_dn = $settings['base_dn'];
138			$userKey = $settings['user_key'];
139			$query = $settings['user_query'];
140			$isactivedirectory = $settings['isactivedirectory'];
141			$activedirectory_dn = $settings['activedirectory_domain'];
142
143			$login = $parameters['login'];
144			$password = $parameters['password'];
145
146			try {
147			if ($isactivedirectory) {
148			$dn = "$login@$activedirectory_dn";
149			} else {
150			$dn = "$userKey=$login,$base_dn";
151			}
152
153			$userquery = "$userKey=$login";
154			$query = "(&($userquery)$query)"; // original $query already has brackets!
155
156			$ldap->bind($dn, $password);
157			$response = $ldap->find($base_dn, $query);
158			// If we reach this far, we expect to have found something
159			// and join the settings to the response to retrieve user fields
160			if (is_array($response)) {
161			$response['settings'] = $settings;
162			}
163			} catch (\Exception $e) {
164			$response = array(
165			'errors' => array(
166			$this->factory->getTranslator()->trans(
167			'mautic.integration.sso.ldapauth.error.authentication_issue',
168			[],
169			'flashes'
170			),
171			$e->getMessage()
172			)
173			);
174			}
175
176			return $response;
177			}
178
179			/**
180			* {@inheritdoc}
181			*
182			* @param $data
183			* @param $tokenOverride
184			*
185			* @return bool\|array false if no error; otherwise the error string
186			*
187			* @throws \Symfony\Component\Security\Core\Exception\AuthenticationException
188			*/
189			public function extractAuthKeys($data, $tokenOverride = null)
190			{
191			// Prepare the keys for extraction such as renaming, setting expiry, etc
192			$data = $this->prepareResponseForExtraction($data);
193
194			// Parse the response
195			if (is_array($data) && !empty($data) && isset($data['settings'])) {
196			return array(
197			'data' => $data[0],
198			'settings' => $data['settings']
199			);
200			}
201
202			$error = $this->getErrorsFromResponse($data);
203			if (empty($error)) {
204			$error = $this->factory->getTranslator()->trans(
205			'mautic.integration.error.genericerror',
206			[],
207			'flashes'
208			);
209			}
210
211			$fallback = $this->shouldFallbackToLocalAuth();
212			if (!$fallback) {
213			throw new AuthenticationException($error);
214			} else {
215			$this->getLogger()->addError($error);
216			}
217			}
218
219			/**
220			* {@inheritdoc}
221			*
222			* @param mixed $response
223			*
224			* @return mixed
225			*
226			* @throws \Doctrine\ORM\ORMException
227			*/
228			public function getUser($response)
229			{
230			if (is_array($response) && isset($response['settings']) && isset($response['data'])) {
231			$settings = $response['settings'];
232			$userKey = $settings['user_key'];
233			$userEmail = $settings['user_email'];
234			$userFirstname = $settings['user_firstname'];
235			$userLastname = $settings['user_lastname'];
236			$userFullname = $settings['user_fullname'];
237
238			$data = $response['data'];
239			$login = isset($data[$userKey]) ? $data[$userKey][0] : null;
240
241			if (empty($login)) {
242			// Login could not be found so bail
243			return false;
244			}
245
246			$firstname = isset($data[$userFirstname]) ? $data[$userFirstname][0] : null;
247			$lastname = isset($data[$userLastname]) ? $data[$userLastname][0] : null;
248
249			if ((empty($firstname) \|\| empty($lastname)) && isset($data[$userFullname])) {
250			$names = explode(' ', $data[$userFullname][0]);
251			if (count($names) > 1) {
252			$firstname = $names[0];
253			unset($names[0]);
254			$lastname = implode(' ', $names);
255			} else {
256			$firstname = $lastname = $names[0];
257			}
258			}
259
260			$email = isset($data[$userEmail]) ? $data[$userEmail][0] : null;
261
262			if (empty($email)) {
263			// Email could not be found so bail
264			return false;
265			}
266
267			$user = new User();
268			$user->setUsername($login)
269			->setEmail($email)
270			->setFirstName($firstname)
271			->setLastName($lastname)
272			->setRole(
273			$this->getUserRole()
274			);
275
276			return $user;
277			}
278
279			return false;
280			}
281
282			/**
283			* Returns if failed LDAP authentication should fallback to local authentication.
284			*
285			* @return bool
286			*/
287			public function shouldFallbackToLocalAuth()
288			{
289			$featureSettings = $this->settings->getFeatureSettings();
290
291			return (isset($featureSettings['auth_fallback'])) ? $featureSettings['auth_fallback'] : true;
292			}
293
294			/**
295			* {@inheritdoc}
296			*
297			* @param Form\|\Symfony\Component\Form\FormBuilder $builder
298			* @param array $data
299			* @param string $formArea
300			*/
301			public function appendToForm(&$builder, $data, $formArea)
302			{
303			if ($formArea == 'features') {
304			$builder->add(
305			'auth_fallback',
306			'yesno_button_group',
307			[
308			'label' => 'mautic.integration.sso.ldapauth.auth_fallback',
309			'data' => (isset($data['auth_fallback'])) ? (bool) $data['auth_fallback'] : true,
310			'attr' => [
311			'tooltip' => 'mautic.integration.sso.ldapauth.auth_fallback.tooltip',
312			],
313			]
314			);
315
316			$builder->add(
317			'auto_create_user',
318			'yesno_button_group',
319			[
320			'label' => 'mautic.integration.sso.auto_create_user',
321			'data' => (isset($data['auto_create_user'])) ? (bool) $data['auto_create_user'] : false,
322			'attr' => [
323			'tooltip' => 'mautic.integration.sso.auto_create_user.tooltip',
324			],
325			]
326			);
327
328			$builder->add(
329			'new_user_role',
330			'role_list',
331			[
332			'label' => 'mautic.integration.sso.new_user_role',
333			'label_attr' => ['class' => 'control-label'],
334			'attr' => [
335			'class' => 'form-control',
336			'tooltip' => 'mautic.integration.sso.new_user_role.tooltip',
337			],
338			]
339			);
340			}
341			}
342			}
343

Monogramm / MauticLdapAuthBundle

Branch — master (d6748c)

LdapAuthIntegration B

Complexity

Size/Duplication

Importance

12 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like