Surfnet\StepupGateway\GatewayBundle\Controller\SecondFactorController

Complexity

Total Complexity

53

Size/Duplication

Total Lines	609
Duplicated Lines	0 %

Importance

Changes	8
Bugs	0	Features	0

17 Methods

Rating	Name	Duplication	Size	Complexity
B	verifySmsSecondFactorChallengeAction()	0	57	7
A	buildCancelAuthenticationForm()	0	11	1
A	gssfVerifiedAction()	0	33	2
A	getAuthenticationLogger()	0	3	1
A	getStepupService()	0	3	1
A	selectSecondFactorForVerificationSfoAction()	0	3	1
B	verifyYubiKeySecondFactorAction()	0	55	6
A	verifySmsSecondFactorAction()	0	63	5
A	verifyGssfAction()	0	42	3
A	selectAndRedirectTo()	0	17	2
A	selectSecondFactorForVerificationSsoAction()	0	3	1
B	chooseSecondFactorAction()	0	104	8
A	getResponseContext()	0	9	3
A	getSelectedSecondFactor()	0	11	2
A	supportsAuthenticationMode()	0	4	3
A	cancelAuthenticationAction()	0	3	1
B	selectSecondFactorForVerificationAction()	0	97	6

<?php

/**
 * Copyright 2014 SURFnet bv
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

PHP version not specified

Missing @category tag in file comment

Missing @package tag in file comment

Missing @author tag in file comment

Missing @license tag in file comment

Missing @link tag in file comment

namespace Surfnet\StepupGateway\GatewayBundle\Controller;

use Psr\Log\LoggerInterface;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Surfnet\StepupBundle\Command\VerifyPossessionOfPhoneCommand;
use Surfnet\StepupBundle\Value\PhoneNumber\InternationalPhoneNumber;
use Surfnet\StepupBundle\Value\SecondFactorType;
use Surfnet\StepupGateway\GatewayBundle\Command\ChooseSecondFactorCommand;
use Surfnet\StepupGateway\GatewayBundle\Command\SendSmsChallengeCommand;
use Surfnet\StepupGateway\GatewayBundle\Command\VerifyYubikeyOtpCommand;
use Surfnet\StepupGateway\GatewayBundle\Entity\SecondFactor;
use Surfnet\StepupGateway\GatewayBundle\Exception\InvalidArgumentException;
use Surfnet\StepupGateway\GatewayBundle\Exception\LoaCannotBeGivenException;
use Surfnet\StepupGateway\GatewayBundle\Exception\RuntimeException;
use Surfnet\StepupGateway\GatewayBundle\Form\Type\CancelAuthenticationType;
use Surfnet\StepupGateway\GatewayBundle\Form\Type\ChooseSecondFactorType;
use Surfnet\StepupGateway\GatewayBundle\Form\Type\SendSmsChallengeType;
use Surfnet\StepupGateway\GatewayBundle\Form\Type\VerifySmsChallengeType;
use Surfnet\StepupGateway\GatewayBundle\Form\Type\VerifyYubikeyOtpType;
use Surfnet\StepupGateway\GatewayBundle\Saml\ResponseContext;
use Surfnet\StepupGateway\GatewayBundle\Sso2fa\CookieService;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Form\FormError;
use Symfony\Component\Form\FormInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;

/**

Missing short description in doc comment

 * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
 * @SuppressWarnings(PHPMD.ExcessiveClassComplexity)
 * @SuppressWarnings(PHPMD.TooManyPublicMethods)
 */

Missing @category tag in class comment

Missing @package tag in class comment

Missing @author tag in class comment

Missing @license tag in class comment

Missing @link tag in class comment

class SecondFactorController extends Controller

The class Symfony\Bundle\FrameworkBundle\Controller\Controller has been deprecated: since Symfony 4.2, use "Symfony\Bundle\FrameworkBundle\Controller\AbstractController" instead.

{
    const MODE_SFO = 'sfo';
    const MODE_SSO = 'sso';

    public function selectSecondFactorForVerificationSsoAction(Request $request)

Missing doc comment for function selectSecondFactorForVerificationSsoAction()

    {
        return $this->selectSecondFactorForVerificationAction(self::MODE_SSO, $request);
    }

    public function selectSecondFactorForVerificationSfoAction(Request $request)

Missing doc comment for function selectSecondFactorForVerificationSfoAction()

    {
        return $this->selectSecondFactorForVerificationAction(self::MODE_SFO, $request);
    }

    public function selectSecondFactorForVerificationAction($authenticationMode, Request $request)

Missing doc comment for function selectSecondFactorForVerificationAction()

    {
        $this->supportsAuthenticationMode($authenticationMode);
        $context = $this->getResponseContext($authenticationMode);

        $originalRequestId = $context->getInResponseTo();

        /** @var \Surfnet\SamlBundle\Monolog\SamlAuthenticationLogger $logger */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $logger = $this->get('surfnet_saml.logger')->forAuthentication($originalRequestId);
        $logger->notice('Determining which second factor to use...');

        try {
            // Retrieve all requirements to determine the required LoA
            $requestedLoa = $context->getRequiredLoa();
            $spConfiguredLoas = $context->getServiceProvider()->get('configuredLoas');

            $identityNameId = $context->getIdentityNameId();
            $normalizedIdpSho = $context->getNormalizedSchacHomeOrganization();
            $normalizedUserSho = $this->getStepupService()->getNormalizedUserShoByIdentityNameId($identityNameId);

            $requiredLoa = $this
                ->getStepupService()
                ->resolveHighestRequiredLoa(
                    $requestedLoa,
                    $spConfiguredLoas,

It seems like $spConfiguredLoas can also be of type null; however, parameter $spConfiguredLoas of Surfnet\StepupGateway\GatewayBundle\Service\StepUpAuthenticationService::resolveHighestRequiredLoa() does only seem to accept array, maybe add an additional type check?

                    $normalizedIdpSho,
                    $normalizedUserSho
                );
        } catch (LoaCannotBeGivenException $e) {
            // Log the message of the domain exception, this contains a meaningful message.
            $logger->notice($e->getMessage());

            return $this->forward(
                'SurfnetStepupGatewayGatewayBundle:Gateway:sendLoaCannotBeGiven',
                ['authenticationMode' => $authenticationMode]
            );
        }

        $logger->notice(sprintf('Determined that the required Loa is "%s"', $requiredLoa));

        if ($this->getStepupService()->isIntrinsicLoa($requiredLoa)) {
            $this->get('gateway.authentication_logger')->logIntrinsicLoaAuthentication($originalRequestId);
            return $this->forward($context->getResponseAction());

It seems like $context->getResponseAction() can also be of type null; however, parameter $controller of Symfony\Bundle\FrameworkBundle\Controller\Controller::forward() does only seem to accept string, maybe add an additional type check?

        }

        $secondFactorCollection = $this
            ->getStepupService()
            ->determineViableSecondFactors(
                $context->getIdentityNameId(),
                $requiredLoa,
                $this->get('gateway.service.whitelist')
            );

        /**

Missing short description in doc comment

         * @var CookieService $ssoCookieService
         */
        $ssoCookieService = $this->get('gateway.service.sso_2fa_cookie');
        if ($ssoCookieService->shouldSkip2faAuthentication(
            $context,
            $requiredLoa->getLevel(),
            $identityNameId,
            $secondFactorCollection,
            $request
        )) {

Closing parenthesis of a multi-line IF statement must be on a new line

            $logger->notice('Skipping second factor authentication. Required LoA was met by the LoA recorded in the cookie');
            $this->getResponseContext($authenticationMode)->markSecondFactorVerified();
            $this->getResponseContext($authenticationMode)->markVerifiedBySsoOn2faCookie($ssoCookieService->getCookieFingerprint($request));
            $this->getAuthenticationLogger()->logSecondFactorAuthentication($originalRequestId, $authenticationMode);

It seems like $originalRequestId can also be of type null; however, parameter $requestId of Surfnet\StepupGateway\GatewayBundle\Monolog\Logger\AuthenticationLogger::logSecondFactorAuthentication() does only seem to accept string, maybe add an additional type check?

            return $this->forward($context->getResponseAction());
        }
        switch (count($secondFactorCollection)) {
            case 0:

Line indented incorrectly; expected 8 spaces, found 12

                $logger->notice('No second factors can give the determined Loa');

                return $this->forward(
                    'SurfnetStepupGatewayGatewayBundle:Gateway:sendLoaCannotBeGiven',
                    ['authenticationMode' => $authenticationMode]
                );
                break;

break is not strictly necessary here and could be removed.

            case 1:

Line indented incorrectly; expected 8 spaces, found 12

                $secondFactor = $secondFactorCollection->first();
                $logger->notice(sprintf(

The opening parenthesis of a multi-line function call should be the last content on the line.

                    'Found "%d" second factors, using second factor of type "%s"',
                    count($secondFactorCollection),
                    $secondFactor->secondFactorType
                ));

For multi-line function calls, the closing parenthesis should be on a new line.

                return $this->selectAndRedirectTo($secondFactor, $context, $authenticationMode);
                break;

            default:

Line indented incorrectly; expected 8 spaces, found 12

                return $this->forward(
                    'SurfnetStepupGatewayGatewayBundle:SecondFactor:chooseSecondFactor',
                    ['authenticationMode' => $authenticationMode, 'secondFactors' => $secondFactorCollection]
                );
                break;
        }
    }

    /**
     * The main WAYG screen
     * - Shows the token selection screen if you own > 1 token
     * - Directly goes to SF auth when identity owns 1 token
     *
     * @Template

Tag @Template cannot be grouped with parameter tags in a doc comment

     * @param Request $request

Missing parameter comment

Tag value for @param tag indented incorrectly; expected 41 spaces but found 1

     * @param string $authenticationMode

Missing parameter comment

Expected 2 spaces after parameter type; 1 found

Tag value for @param tag indented incorrectly; expected 41 spaces but found 1

     * @return array|RedirectResponse|Response

Tag @return cannot be grouped with parameter tags in a doc comment

Tag value for @return tag indented incorrectly; expected 40 spaces but found 1

     * @SuppressWarnings(PHPMD.ExcessiveMethodLength)

Tag @SuppressWarnings(PHPMD.ExcessiveMethodLength) cannot be grouped with parameter tags in a doc comment

     */
    public function chooseSecondFactorAction(Request $request, $authenticationMode)
    {
        $this->supportsAuthenticationMode($authenticationMode);
        $context = $this->getResponseContext($authenticationMode);
        $originalRequestId = $context->getInResponseTo();

        /** @var \Surfnet\SamlBundle\Monolog\SamlAuthenticationLogger $logger */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $logger = $this->get('surfnet_saml.logger')->forAuthentication($originalRequestId);
        $logger->notice('Ask the user which one of his suitable second factor tokens to use...');

        try {
            // Retrieve all requirements to determine the required LoA
            $requestedLoa = $context->getRequiredLoa();
            $spConfiguredLoas = $context->getServiceProvider()->get('configuredLoas');

            $normalizedIdpSho = $context->getNormalizedSchacHomeOrganization();
            $normalizedUserSho = $this->getStepupService()->getNormalizedUserShoByIdentityNameId($context->getIdentityNameId());

            $requiredLoa = $this
                ->getStepupService()
                ->resolveHighestRequiredLoa(
                    $requestedLoa,
                    $spConfiguredLoas,

It seems like $spConfiguredLoas can also be of type null; however, parameter $spConfiguredLoas of Surfnet\StepupGateway\GatewayBundle\Service\StepUpAuthenticationService::resolveHighestRequiredLoa() does only seem to accept array, maybe add an additional type check?

                    $normalizedIdpSho,
                    $normalizedUserSho
                );
        } catch (LoaCannotBeGivenException $e) {
            // Log the message of the domain exception, this contains a meaningful message.
            $logger->notice($e->getMessage());
            return $this->forward('SurfnetStepupGatewayGatewayBundle:Gateway:sendLoaCannotBeGiven');
        }

        $logger->notice(sprintf('Determined that the required Loa is "%s"', $requiredLoa));

        $secondFactors = $this
            ->getStepupService()
            ->determineViableSecondFactors(
                $context->getIdentityNameId(),
                $requiredLoa,
                $this->get('gateway.service.whitelist')
            );

        $command = new ChooseSecondFactorCommand();
        $command->secondFactors = $secondFactors;

It seems like $secondFactors of type Doctrine\Common\Collections\Collection is incompatible with the declared type Surfnet\StepupGateway\GatewayBundle\Entity\SecondFactor[] of property $secondFactors.

        $form = $this
            ->createForm(
                ChooseSecondFactorType::class,
                $command,
                ['action' => $this->generateUrl('gateway_verify_second_factor_choose_second_factor', ['authenticationMode' => $authenticationMode])]
            )
            ->handleRequest($request);
        $cancelForm = $this->buildCancelAuthenticationForm($authenticationMode)->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()) {
            $buttonName = $form->getClickedButton()->getName();

The method getClickedButton() does not exist on Symfony\Component\Form\FormInterface. It seems like you code against a sub-type of Symfony\Component\Form\FormInterface such as Symfony\Component\Form\Form.

            $formResults = $request->request->get('gateway_choose_second_factor', false);

            if (!isset($formResults[$buttonName])) {
                throw new InvalidArgumentException(
                    sprintf(
                        'Second factor type "%s" could not be found in the posted form results.',
                        $buttonName
                    )
                );
            }

            $secondFactorType = $formResults[$buttonName];

            // Filter the selected second factor from the array collection
            $secondFactorFiltered = $secondFactors->filter(
                function ($secondFactor) use ($secondFactorType) {
                    return $secondFactorType === $secondFactor->secondFactorType;
                }
            );

            if ($secondFactorFiltered->isEmpty()) {
                throw new InvalidArgumentException(
                    sprintf(
                        'Second factor type "%s" could not be found in the collection of available second factors.',
                        $secondFactorType
                    )
                );
            }

            $secondFactor = $secondFactorFiltered->first();

            $logger->notice(sprintf('User chose "%s" to use as second factor', $secondFactorType));

            // Forward to action to verify possession of second factor
            return $this->selectAndRedirectTo($secondFactor, $context, $authenticationMode);
        } else if ($form->isSubmitted() && !$form->isValid()) {
            $form->addError(
                new FormError(
                    $this->get('translator')
                      ->trans('gateway.form.gateway_choose_second_factor.unknown_second_factor_type')

Object operator not indented correctly; expected 24 spaces but found 22

                )
            );
        }

        return [
            'form' => $form->createView(),
            'cancelForm' => $cancelForm->createView(),
            'secondFactors' => $secondFactors,
        ];
    }

    public function verifyGssfAction(Request $request)

Missing doc comment for function verifyGssfAction()

    {
        if (!$request->get('authenticationMode', false)) {
            throw new RuntimeException('Unable to determine the authentication mode in the GSSP verification action');
        }
        $authenticationMode = $request->get('authenticationMode');
        $this->supportsAuthenticationMode($authenticationMode);
        $context = $this->getResponseContext($authenticationMode);

        $originalRequestId = $context->getInResponseTo();

        /** @var \Surfnet\SamlBundle\Monolog\SamlAuthenticationLogger $logger */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $logger = $this->get('surfnet_saml.logger')->forAuthentication($originalRequestId);
        $logger->info('Received request to verify GSSF');

        $selectedSecondFactor = $this->getSelectedSecondFactor($context, $logger);

        $logger->info(sprintf(

The opening parenthesis of a multi-line function call should be the last content on the line.

            'Selected GSSF "%s" for verfication, forwarding to Saml handling',
            $selectedSecondFactor
        ));

For multi-line function calls, the closing parenthesis should be on a new line.

        /** @var \Surfnet\StepupGateway\GatewayBundle\Service\SecondFactorService $secondFactorService */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $secondFactorService = $this->get('gateway.service.second_factor_service');
        /** @var \Surfnet\StepupGateway\GatewayBundle\Entity\SecondFactor $secondFactor */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $secondFactor = $secondFactorService->findByUuid($selectedSecondFactor);
        if (!$secondFactor) {

$secondFactor is of type Surfnet\StepupGateway\GatewayBundle\Entity\SecondFactor, thus it always evaluated to true.

            throw new RuntimeException(sprintf(

The opening parenthesis of a multi-line function call should be the last content on the line.

                'Requested verification of GSSF "%s", however that Second Factor no longer exists',
                $selectedSecondFactor
            ));

For multi-line function calls, the closing parenthesis should be on a new line.

        }

        // Also send the response context service id, as later we need to know if this is regular SSO or SFO authn.
        $responseContextServiceId = $context->getResponseContextServiceId();

        return $this->forward(
            'SurfnetStepupGatewaySamlStepupProviderBundle:SamlProxy:sendSecondFactorVerificationAuthnRequest',
            [
                'provider' => $secondFactor->secondFactorType,
                'subjectNameId' => $secondFactor->secondFactorIdentifier,
                'responseContextServiceId' => $responseContextServiceId,
            ]
        );
    }

    public function gssfVerifiedAction(Request $request)

Missing doc comment for function gssfVerifiedAction()

    {
        $authenticationMode = $request->get('authenticationMode');
        $this->supportsAuthenticationMode($authenticationMode);
        $context = $this->getResponseContext($authenticationMode);

        $originalRequestId = $context->getInResponseTo();

        /** @var \Surfnet\SamlBundle\Monolog\SamlAuthenticationLogger $logger */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $logger = $this->get('surfnet_saml.logger')->forAuthentication($originalRequestId);
        $logger->info('Attempting to mark GSSF as verified');

        $selectedSecondFactor = $this->getSelectedSecondFactor($context, $logger);

        /** @var \Surfnet\StepupGateway\GatewayBundle\Entity\SecondFactor $secondFactor */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $secondFactor = $this->get('gateway.service.second_factor_service')->findByUuid($selectedSecondFactor);
        if (!$secondFactor) {

$secondFactor is of type Surfnet\StepupGateway\GatewayBundle\Entity\SecondFactor, thus it always evaluated to true.

            throw new RuntimeException(
                sprintf(
                    'Verification of GSSF "%s" succeeded, however that Second Factor no longer exists',
                    $selectedSecondFactor
                )
            );
        }

        $context->markSecondFactorVerified();
        $this->getAuthenticationLogger()->logSecondFactorAuthentication($originalRequestId, $authenticationMode);

It seems like $originalRequestId can also be of type null; however, parameter $requestId of Surfnet\StepupGateway\GatewayBundle\Monolog\Logger\AuthenticationLogger::logSecondFactorAuthentication() does only seem to accept string, maybe add an additional type check?

        $logger->info(sprintf(

The opening parenthesis of a multi-line function call should be the last content on the line.

            'Marked GSSF "%s" as verified, forwarding to Gateway controller to respond',
            $selectedSecondFactor
        ));

For multi-line function calls, the closing parenthesis should be on a new line.

        return $this->forward($context->getResponseAction());

It seems like $context->getResponseAction() can also be of type null; however, parameter $controller of Symfony\Bundle\FrameworkBundle\Controller\Controller::forward() does only seem to accept string, maybe add an additional type check?

    }

    /**

Missing short description in doc comment

     * @Template

Tag @Template cannot be grouped with parameter tags in a doc comment

     * @param Request $request

Missing parameter comment

Tag value for @param tag indented incorrectly; expected 4 spaces but found 1

     * @return array|Response

Tag @return cannot be grouped with parameter tags in a doc comment

Tag value for @return tag indented incorrectly; expected 3 spaces but found 1

     */
    public function verifyYubiKeySecondFactorAction(Request $request)
    {
        if (!$request->get('authenticationMode', false)) {
            throw new RuntimeException('Unable to determine the authentication mode in Yubikey verification action');
        }
        $authenticationMode = $request->get('authenticationMode');
        $this->supportsAuthenticationMode($authenticationMode);
        $context = $this->getResponseContext($authenticationMode);
        $originalRequestId = $context->getInResponseTo();

        /** @var \Surfnet\SamlBundle\Monolog\SamlAuthenticationLogger $logger */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $logger = $this->get('surfnet_saml.logger')->forAuthentication($originalRequestId);

        $selectedSecondFactor = $this->getSelectedSecondFactor($context, $logger);

        $logger->notice('Verifying possession of Yubikey second factor');

        $command = new VerifyYubikeyOtpCommand();
        $command->secondFactorId = $selectedSecondFactor;

        $form = $this->createForm(VerifyYubikeyOtpType::class, $command)->handleRequest($request);
        $cancelForm = $this->buildCancelAuthenticationForm($authenticationMode)->handleRequest($request);

        if ($form->isSubmitted()  && $form->isValid()) {
            $result = $this->getStepupService()->verifyYubikeyOtp($command);
            if ($result->didOtpVerificationFail()) {
                $form->addError(
                    new FormError($this->get('translator')->trans('gateway.form.verify_yubikey.otp_verification_failed'))
                );

                // OTP field is rendered empty in the template.
                return ['form' => $form->createView(), 'cancelForm' => $cancelForm->createView()];
            } elseif (!$result->didPublicIdMatch()) {
                $form->addError(
                    new FormError($this->get('translator')->trans('gateway.form.verify_yubikey.public_id_mismatch'))
                );

                // OTP field is rendered empty in the template.
                return ['form' => $form->createView(), 'cancelForm' => $cancelForm->createView()];
            }

            $this->getResponseContext($authenticationMode)->markSecondFactorVerified();
            $this->getAuthenticationLogger()->logSecondFactorAuthentication($originalRequestId, $authenticationMode);

It seems like $originalRequestId can also be of type null; however, parameter $requestId of Surfnet\StepupGateway\GatewayBundle\Monolog\Logger\AuthenticationLogger::logSecondFactorAuthentication() does only seem to accept string, maybe add an additional type check?

            $logger->info(
                sprintf(
                    'Marked Yubikey Second Factor "%s" as verified, forwarding to Saml Proxy to respond',
                    $selectedSecondFactor
                )
            );
            return $this->forward($context->getResponseAction());

It seems like $context->getResponseAction() can also be of type null; however, parameter $controller of Symfony\Bundle\FrameworkBundle\Controller\Controller::forward() does only seem to accept string, maybe add an additional type check?

        }

        // OTP field is rendered empty in the template.
        return ['form' => $form->createView(), 'cancelForm' => $cancelForm->createView()];
    }

    /**

Missing short description in doc comment

     * @Template

Tag @Template cannot be grouped with parameter tags in a doc comment

     * @param Request $request

Missing parameter comment

Tag value for @param tag indented incorrectly; expected 4 spaces but found 1

     * @param string $authenticationMode

Missing parameter comment

Expected 2 spaces after parameter type; 1 found

Superfluous parameter comment

Tag value for @param tag indented incorrectly; expected 4 spaces but found 1

     * @return array|Response

Tag @return cannot be grouped with parameter tags in a doc comment

Tag value for @return tag indented incorrectly; expected 3 spaces but found 1

     */
    public function verifySmsSecondFactorAction(Request $request)
    {
        if (!$request->get('authenticationMode', false)) {
            throw new RuntimeException('Unable to determine the authentication mode in the SMS verification action');
        }
        $authenticationMode = $request->get('authenticationMode');
        $this->supportsAuthenticationMode($authenticationMode);
        $context = $this->getResponseContext($authenticationMode);
        $originalRequestId = $context->getInResponseTo();

        /** @var \Surfnet\SamlBundle\Monolog\SamlAuthenticationLogger $logger */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $logger = $this->get('surfnet_saml.logger')->forAuthentication($originalRequestId);

        $selectedSecondFactor = $this->getSelectedSecondFactor($context, $logger);

        $logger->notice('Verifying possession of SMS second factor, preparing to send');

        $command = new SendSmsChallengeCommand();
        $command->secondFactorId = $selectedSecondFactor;

        $form = $this->createForm(SendSmsChallengeType::class, $command)->handleRequest($request);
        $cancelForm = $this->buildCancelAuthenticationForm($authenticationMode)->handleRequest($request);

        $stepupService = $this->getStepupService();
        $phoneNumber = InternationalPhoneNumber::fromStringFormat(
            $stepupService->getSecondFactorIdentifier($selectedSecondFactor)
        );

        $otpRequestsRemaining = $stepupService->getSmsOtpRequestsRemainingCount($selectedSecondFactor);
        $maximumOtpRequests = $stepupService->getSmsMaximumOtpRequestsCount();
        $viewVariables = ['otpRequestsRemaining' => $otpRequestsRemaining, 'maximumOtpRequests' => $maximumOtpRequests];

        if ($form->isSubmitted() && !$form->isValid()) {
            return array_merge(
                $viewVariables,
                [
                    'phoneNumber' => $phoneNumber,
                    'form' => $form->createView(),
                    'cancelForm' => $cancelForm->createView()
                ]
            );
        }

        $logger->notice('Verifying possession of SMS second factor, sending challenge per SMS');

        if (!$stepupService->sendSmsChallenge($command)) {
            $form->addError(
                new FormError($this->get('translator')->trans('gateway.form.send_sms_challenge.sms_sending_failed'))
            );

            return array_merge(
                $viewVariables,
                [
                    'phoneNumber' => $phoneNumber,
                    'form' => $form->createView(),
                    'cancelForm' => $cancelForm->createView()
                ]
            );
        }
        return $this->redirect(
            $this->generateUrl(
                'gateway_verify_second_factor_sms_verify_challenge',
                ['authenticationMode' => $authenticationMode]
            )
        );
    }

    /**

Missing short description in doc comment

     * @Template

Tag @Template cannot be grouped with parameter tags in a doc comment

     * @param Request $request

Missing parameter comment

Tag value for @param tag indented incorrectly; expected 4 spaces but found 1

     * @param string $authenticationMode

Missing parameter comment

Expected 2 spaces after parameter type; 1 found

Superfluous parameter comment

Tag value for @param tag indented incorrectly; expected 4 spaces but found 1

     * @return array|Response

Tag @return cannot be grouped with parameter tags in a doc comment

Tag value for @return tag indented incorrectly; expected 3 spaces but found 1

     */
    public function verifySmsSecondFactorChallengeAction(Request $request)
    {
        if (!$request->get('authenticationMode', false)) {
            throw new RuntimeException('Unable to determine the authentication mode in the SMS challenge action');
        }
        $authenticationMode = $request->get('authenticationMode');
        $this->supportsAuthenticationMode($authenticationMode);
        $context = $this->getResponseContext($authenticationMode);
        $originalRequestId = $context->getInResponseTo();

        /** @var \Surfnet\SamlBundle\Monolog\SamlAuthenticationLogger $logger */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $logger = $this->get('surfnet_saml.logger')->forAuthentication($originalRequestId);

        $selectedSecondFactor = $this->getSelectedSecondFactor($context, $logger);

        $command = new VerifyPossessionOfPhoneCommand();
        $form = $this->createForm(VerifySmsChallengeType::class, $command)->handleRequest($request);
        $cancelForm = $this->buildCancelAuthenticationForm($authenticationMode)->handleRequest($request);

        if ($form->isSubmitted() && $form->isValid()) {
            $logger->notice('Verifying input SMS challenge matches');
            $command->secondFactorId = $selectedSecondFactor;
            $verification = $this->getStepupService()->verifySmsChallenge($command);

            if ($verification->wasSuccessful()) {
                $this->getStepupService()->clearSmsVerificationState($selectedSecondFactor);

                $this->getResponseContext($authenticationMode)->markSecondFactorVerified();
                $this->getAuthenticationLogger()->logSecondFactorAuthentication($originalRequestId, $authenticationMode);

It seems like $originalRequestId can also be of type null; however, parameter $requestId of Surfnet\StepupGateway\GatewayBundle\Monolog\Logger\AuthenticationLogger::logSecondFactorAuthentication() does only seem to accept string, maybe add an additional type check?

                $logger->info(
                    sprintf(
                        'Marked Sms Second Factor "%s" as verified, forwarding to Saml Proxy to respond',
                        $selectedSecondFactor
                    )
                );
                return $this->forward($context->getResponseAction());

It seems like $context->getResponseAction() can also be of type null; however, parameter $controller of Symfony\Bundle\FrameworkBundle\Controller\Controller::forward() does only seem to accept string, maybe add an additional type check?

            } elseif ($verification->didOtpExpire()) {
                $logger->notice('SMS challenge expired');
                $form->addError(
                    new FormError($this->get('translator')->trans('gateway.form.send_sms_challenge.challenge_expired'))
                );
            } elseif ($verification->wasAttemptedTooManyTimes()) {
                $logger->notice('SMS challenge verification was attempted too many times');
                $form->addError(
                    new FormError($this->get('translator')->trans('gateway.form.send_sms_challenge.too_many_attempts'))
                );
            } else {
                $logger->notice('SMS challenge did not match');
                $form->addError(
                    new FormError(
                        $this->get('translator')->trans('gateway.form.send_sms_challenge.sms_challenge_incorrect')
                    )
                );
            }
        }
        return ['form' => $form->createView(), 'cancelForm' => $cancelForm->createView()];
    }

    public function cancelAuthenticationAction()

Missing doc comment for function cancelAuthenticationAction()

    {
        return $this->forward('SurfnetStepupGatewayGatewayBundle:Gateway:sendAuthenticationCancelledByUser');
    }

    /**

Missing short description in doc comment

     * @return \Surfnet\StepupGateway\GatewayBundle\Service\StepupAuthenticationService
     */
    private function getStepupService()

Private method name "SecondFactorController::getStepupService" must be prefixed with an underscore

    {
        return $this->get('gateway.service.stepup_authentication');
    }

    /**

Missing short description in doc comment

Parameter $authenticationMode should have a doc-comment as per coding-style.

     * @return ResponseContext
     */
    private function getResponseContext($authenticationMode)

Private method name "SecondFactorController::getResponseContext" must be prefixed with an underscore

    {
        switch ($authenticationMode) {
            case self::MODE_SFO:

Line indented incorrectly; expected 8 spaces, found 12

                return $this->get($this->get('gateway.proxy.sfo.state_handler')->getResponseContextServiceId());
                break;

break is not strictly necessary here and could be removed.

            case self::MODE_SSO:

Line indented incorrectly; expected 8 spaces, found 12

                return $this->get($this->get('gateway.proxy.sso.state_handler')->getResponseContextServiceId());
                break;
        }
    }

    /**

Missing short description in doc comment

     * @return \Surfnet\StepupGateway\GatewayBundle\Monolog\Logger\AuthenticationLogger
     */
    private function getAuthenticationLogger()

Private method name "SecondFactorController::getAuthenticationLogger" must be prefixed with an underscore

    {
        return $this->get('gateway.authentication_logger');
    }

    /**

Missing short description in doc comment

     * @param ResponseContext $context

Missing parameter comment

Tag value for @param tag indented incorrectly; expected 2 spaces but found 1

     * @param LoggerInterface $logger

Missing parameter comment

Tag value for @param tag indented incorrectly; expected 2 spaces but found 1

     * @return string

Tag @return cannot be grouped with parameter tags in a doc comment

     */
    private function getSelectedSecondFactor(ResponseContext $context, LoggerInterface $logger)

Private method name "SecondFactorController::getSelectedSecondFactor" must be prefixed with an underscore

    {
        $selectedSecondFactor = $context->getSelectedSecondFactor();

        if (!$selectedSecondFactor) {
            $logger->error('Cannot verify possession of an unknown second factor');

            throw new BadRequestHttpException('Cannot verify possession of an unknown second factor.');
        }

        return $selectedSecondFactor;
    }

    private function selectAndRedirectTo(SecondFactor $secondFactor, ResponseContext $context, $authenticationMode)

Missing doc comment for function selectAndRedirectTo()

Private method name "SecondFactorController::selectAndRedirectTo" must be prefixed with an underscore

    {
        $context->saveSelectedSecondFactor($secondFactor);

        $this->getStepupService()->clearSmsVerificationState($secondFactor->secondFactorId);

        $secondFactorTypeService = $this->get('surfnet_stepup.service.second_factor_type');
        $secondFactorType = new SecondFactorType($secondFactor->secondFactorType);

        $route = 'gateway_verify_second_factor_';
        if ($secondFactorTypeService->isGssf($secondFactorType)) {
            $route .= 'gssf';
        } else {
            $route .= strtolower($secondFactor->secondFactorType);
        }

        return $this->redirect($this->generateUrl($route, ['authenticationMode' => $authenticationMode]));
    }

    /**

Missing short description in doc comment

     * @param string $authenticationMode

Missing parameter comment

Tag value for @param tag indented incorrectly; expected 2 spaces but found 1

     * @return FormInterface

Tag @return cannot be grouped with parameter tags in a doc comment

     */
    private function buildCancelAuthenticationForm($authenticationMode)

Private method name "SecondFactorController::buildCancelAuthenticationForm" must be prefixed with an underscore

    {
        $cancelFormAction = $this->generateUrl(
            'gateway_cancel_authentication',
            ['authenticationMode' => $authenticationMode]
        );

        return $this->createForm(
            CancelAuthenticationType::class,
            null,
            ['action' => $cancelFormAction]
        );
    }

    private function supportsAuthenticationMode($authenticationMode)

Missing doc comment for function supportsAuthenticationMode()

Private method name "SecondFactorController::supportsAuthenticationMode" must be prefixed with an underscore

    {
        if (!($authenticationMode === self::MODE_SSO || $authenticationMode === self::MODE_SFO)) {
            throw new InvalidArgumentException('Invalid authentication mode requested');
        }
    }
}