SecondFactorRespondService::respond() - Code Metrics - Inspection of "Add gateway endpoint tests 9" - OpenConext/Stepup-Gateway - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — feature/refactor-gateway-contr... ( 4996d0...48680d )

unknown

created 2018-08-23 15:35 UTC

SecondFactorRespondService::respond() A

↳ Parent: SecondFactorRespondService

Complexity

Conditions	3
Paths	3

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	37
rs	9.328
c	0
b	0
f	0
cc	3
nc	3
nop	1

<?php

/**
 * Copyright 2018 SURFnet bv
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

namespace Surfnet\StepupGateway\SecondFactorOnlyBundle\Service\Gateway;

use Psr\Log\LoggerInterface;
use SAML2\Response;
use Surfnet\StepupBundle\Service\SecondFactorTypeService;
use Surfnet\StepupGateway\GatewayBundle\Saml\ResponseContext;
use Surfnet\StepupGateway\GatewayBundle\Service\SecondFactorService;
use Surfnet\StepupGateway\SecondFactorOnlyBundle\Exception\InvalidSecondFactorMethodException;
use Surfnet\StepupGateway\SecondFactorOnlyBundle\Saml\ResponseFactory;
use Surfnet\StepupGateway\SecondFactorOnlyBundle\Service\LoaAliasLookupService;
use Surfnet\StepupBundle\Service\LoaResolutionService;

class SecondFactorRespondService
{
    /** @var LoggerInterface */
    private $logger;

    /** @var LoaResolutionService */
    private $loaResolutionService;

    /** @var LoaAliasLookupService */
    private $loaAliasLookupService;

    /** @var ResponseFactory */
    private $responseFactory;

    /** @var SecondFactorService */
    private $secondFactorService;

    /** @var SecondFactorTypeService */
    private $secondFactorTypeService;

    /**
     * SecondFactorRespondService constructor.
     * @param LoggerInterface $logger
     * @param LoaResolutionService $loaResolutionService
     * @param LoaAliasLookupService $loaAliasLookupService
     * @param ResponseFactory $responseFactory
     * @param SecondFactorService $secondFactorService
     * @param SecondFactorTypeService $secondFactorTypeService
     */
    public function __construct(
        LoggerInterface $logger,
        LoaResolutionService $loaResolutionService,
        LoaAliasLookupService $loaAliasLookupService,
        ResponseFactory $responseFactory,
        SecondFactorService $secondFactorService,
        SecondFactorTypeService $secondFactorTypeService
    ) {
        $this->logger = $logger;
        $this->loaResolutionService = $loaResolutionService;
        $this->loaAliasLookupService = $loaAliasLookupService;
        $this->responseFactory = $responseFactory;
        $this->secondFactorService = $secondFactorService;
        $this->secondFactorTypeService = $secondFactorTypeService;
    }


    /**
     * Send a SAML response back to the service provider.
     *
     * Second factor verification handled by SecondFactorController is
     * finished. The user was forwarded back to this action with an internal
     * redirect. This method sends a AuthnResponse back to the service
     * provider in response to the AuthnRequest received in ssoAction().
     *
     * @param ResponseContext $responseContext
     * @return Response
     */
    public function respond(ResponseContext $responseContext)
    {
        $this->logger->notice('Creating second-factor-only Response');

        $selectedSecondFactorUuid = $responseContext->getSelectedSecondFactor();
        if (!$selectedSecondFactorUuid) {
            throw new InvalidSecondFactorMethodException(
                'Cannot verify possession of an unknown second factor.'
            );
        }

        if (!$responseContext->isSecondFactorVerified()) {
            throw new InvalidSecondFactorMethodException(
                'Second factor was not verified'
            );
        }

        $secondFactor = $this->secondFactorService->findByUuid($selectedSecondFactorUuid);
        $grantedLoa = $this->loaResolutionService
            ->getLoaByLevel($secondFactor->getLoaLevel($this->secondFactorTypeService));

        $authnContextClassRef = $this->loaAliasLookupService->findAliasByLoa($grantedLoa);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}

        $response = $this->responseFactory->createSecondFactorOnlyResponse(
            $responseContext->getIdentityNameId(),
            $responseContext->getDestination(),
            $authnContextClassRef
<?php

function getDate($date)
{
    if ($date !== null) {
        return new DateTime($date);
    }

    return false;
}
        );

        $this->logger->notice(sprintf(
            'Responding to request "%s" with newly created response "%s"',
            $responseContext->getInResponseTo(),
            $response->getId()
        ));

        return $response;
    }

    /**
     * Reset the state of the response
     *
     * @param ResponseContext $responseContext
     */
    public function respondReset(ResponseContext $responseContext)
    {
        $responseContext->responseSent();
    }
}


1			<?php
2
3			/**
4			* Copyright 2018 SURFnet bv
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*/
18
19			namespace Surfnet\StepupGateway\SecondFactorOnlyBundle\Service\Gateway;
20
21			use Psr\Log\LoggerInterface;
22			use SAML2\Response;
23			use Surfnet\StepupBundle\Service\SecondFactorTypeService;
24			use Surfnet\StepupGateway\GatewayBundle\Saml\ResponseContext;
25			use Surfnet\StepupGateway\GatewayBundle\Service\SecondFactorService;
26			use Surfnet\StepupGateway\SecondFactorOnlyBundle\Exception\InvalidSecondFactorMethodException;
27			use Surfnet\StepupGateway\SecondFactorOnlyBundle\Saml\ResponseFactory;
28			use Surfnet\StepupGateway\SecondFactorOnlyBundle\Service\LoaAliasLookupService;
29			use Surfnet\StepupBundle\Service\LoaResolutionService;
30
31			class SecondFactorRespondService
32			{
33			/** @var LoggerInterface */
34			private $logger;
35
36			/** @var LoaResolutionService */
37			private $loaResolutionService;
38
39			/** @var LoaAliasLookupService */
40			private $loaAliasLookupService;
41
42			/** @var ResponseFactory */
43			private $responseFactory;
44
45			/** @var SecondFactorService */
46			private $secondFactorService;
47
48			/** @var SecondFactorTypeService */
49			private $secondFactorTypeService;
50
51			/**
52			* SecondFactorRespondService constructor.
53			* @param LoggerInterface $logger
54			* @param LoaResolutionService $loaResolutionService
55			* @param LoaAliasLookupService $loaAliasLookupService
56			* @param ResponseFactory $responseFactory
57			* @param SecondFactorService $secondFactorService
58			* @param SecondFactorTypeService $secondFactorTypeService
59			*/
60			public function __construct(
61			LoggerInterface $logger,
62			LoaResolutionService $loaResolutionService,
63			LoaAliasLookupService $loaAliasLookupService,
64			ResponseFactory $responseFactory,
65			SecondFactorService $secondFactorService,
66			SecondFactorTypeService $secondFactorTypeService
67			) {
68			$this->logger = $logger;
69			$this->loaResolutionService = $loaResolutionService;
70			$this->loaAliasLookupService = $loaAliasLookupService;
71			$this->responseFactory = $responseFactory;
72			$this->secondFactorService = $secondFactorService;
73			$this->secondFactorTypeService = $secondFactorTypeService;
74			}
75
76
77			/**
78			* Send a SAML response back to the service provider.
79			*
80			* Second factor verification handled by SecondFactorController is
81			* finished. The user was forwarded back to this action with an internal
82			* redirect. This method sends a AuthnResponse back to the service
83			* provider in response to the AuthnRequest received in ssoAction().
84			*
85			* @param ResponseContext $responseContext
86			* @return Response
87			*/
88			public function respond(ResponseContext $responseContext)
89			{
90			$this->logger->notice('Creating second-factor-only Response');
91
92			$selectedSecondFactorUuid = $responseContext->getSelectedSecondFactor();
93			if (!$selectedSecondFactorUuid) {
94			throw new InvalidSecondFactorMethodException(
95			'Cannot verify possession of an unknown second factor.'
96			);
97			}
98
99			if (!$responseContext->isSecondFactorVerified()) {
100			throw new InvalidSecondFactorMethodException(
101			'Second factor was not verified'
102			);
103			}
104
105			$secondFactor = $this->secondFactorService->findByUuid($selectedSecondFactorUuid);
106			$grantedLoa = $this->loaResolutionService
107			->getLoaByLevel($secondFactor->getLoaLevel($this->secondFactorTypeService));
108
109			$authnContextClassRef = $this->loaAliasLookupService->findAliasByLoa($grantedLoa);
			0 ignored issues – show Bug introduced 2018-08-23 15:38 UTC by Report Bug Copy Issue Report It seems like `$grantedLoa` defined by `$this->loaResolutionServ...condFactorTypeService))` on line `106` can be `null`; however, `Surfnet\StepupGateway\Se...rvice::findAliasByLoa()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
110
111			$response = $this->responseFactory->createSecondFactorOnlyResponse(
112			$responseContext->getIdentityNameId(),
113			$responseContext->getDestination(),
114			$authnContextClassRef
			0 ignored issues – show Security Bug introduced 2018-08-23 15:38 UTC by Report Bug Copy Issue Report It seems like `$authnContextClassRef` defined by `$this->loaAliasLookupSer...AliasByLoa($grantedLoa)` on line `109` can also be of type `false`; however, `Surfnet\StepupGateway\Se...ondFactorOnlyResponse()` does only seem to accept `string\|null`, did you maybe forget to handle an error condition? This check looks for type mismatches where the missing type is `false`. This is usually indicative of an error condtion. Consider the follow example <?php function getDate($date) { if ($date !== null) { return new DateTime($date); } return false; } This function either returns a new `DateTime` object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returned `false` before passing on the value to another function or method that may not be able to handle a `false`. Loading history...
115			);
116
117			$this->logger->notice(sprintf(
118			'Responding to request "%s" with newly created response "%s"',
119			$responseContext->getInResponseTo(),
120			$response->getId()
121			));
122
123			return $response;
124			}
125
126			/**
127			* Reset the state of the response
128			*
129			* @param ResponseContext $responseContext
130			*/
131			public function respondReset(ResponseContext $responseContext)
132			{
133			$responseContext->responseSent();
134			}
135			}
136

OpenConext / Stepup-Gateway

Push — feature/refactor-gateway-contr... ( 4996d0...48680d )

SecondFactorRespondService::respond() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like