StepUpAuthenticationService::resolveHighestRequiredLoa() - Code Metrics - Inspection of "Base matching institutions on users SHO" - OpenConext/Stepup-Gateway - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — bugfix/institution-based-on-sh... ( 23e8a9...7c69b2 )

unknown

created 2017-12-14 13:14 UTC

resolveHighestRequiredLoa() D

↳ Parent: StepUpAuthenticationService

Complexity

Conditions	17
Paths	216

Size

Total Lines	107
Code Lines	58

Duplication

Lines	0
Ratio	0 %

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
c	2
b	0
f	0
dl	0
loc	107
rs	4.2657
cc	17
eloc	58
nc	216
nop	4

How to fix Long Method Complexity

<?php

/**
 * Copyright 2014 SURFnet bv
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

namespace Surfnet\StepupGateway\GatewayBundle\Service;

use Doctrine\Common\Collections\ArrayCollection;
use Psr\Log\LoggerInterface;
use Surfnet\SamlBundle\Entity\ServiceProvider;
use Surfnet\StepupBundle\Command\SendSmsChallengeCommand as StepupSendSmsChallengeCommand;
use Surfnet\StepupBundle\Command\VerifyPossessionOfPhoneCommand;
use Surfnet\StepupBundle\Service\LoaResolutionService;
use Surfnet\StepupBundle\Service\SecondFactorTypeService;
use Surfnet\StepupBundle\Service\SmsSecondFactor\OtpVerification;
use Surfnet\StepupBundle\Service\SmsSecondFactorService;
use Surfnet\StepupBundle\Value\Loa;
use Surfnet\StepupBundle\Value\PhoneNumber\InternationalPhoneNumber;
use Surfnet\StepupBundle\Value\YubikeyOtp;
use Surfnet\StepupBundle\Value\YubikeyPublicId;
use Surfnet\StepupGateway\ApiBundle\Dto\Otp as ApiOtp;
use Surfnet\StepupGateway\ApiBundle\Dto\Requester;
use Surfnet\StepupGateway\ApiBundle\Service\YubikeyService;
use Surfnet\StepupGateway\GatewayBundle\Command\SendSmsChallengeCommand;
use Surfnet\StepupGateway\GatewayBundle\Command\VerifyYubikeyOtpCommand;
use Surfnet\StepupGateway\GatewayBundle\Entity\SecondFactor;
use Surfnet\StepupGateway\GatewayBundle\Entity\SecondFactorRepository;
use Surfnet\StepupGateway\GatewayBundle\Exception\RuntimeException;
use Surfnet\StepupGateway\GatewayBundle\Service\StepUp\YubikeyOtpVerificationResult;
use Symfony\Component\Translation\TranslatorInterface;

/**
 * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
 */
class StepUpAuthenticationService
{
    /**
     * @var \Surfnet\StepupBundle\Service\LoaResolutionService
     */
    private $loaResolutionService;

    /**
     * @var \Surfnet\StepupGateway\GatewayBundle\Entity\SecondFactorRepository
     */
    private $secondFactorRepository;

    /**
     * @var \Surfnet\StepupGateway\ApiBundle\Service\YubikeyService
     */
    private $yubikeyService;

    /**
     * @var \Surfnet\StepupBundle\Service\SmsSecondFactorService
     */
    private $smsService;

    /** @var InstitutionMatchingHelper */
    private $institutionMatchingHelper;

    /**
     * @var \Symfony\Component\Translation\TranslatorInterface
     */
    private $translator;

    /**
     * @var \Psr\Log\LoggerInterface
     */
    private $logger;

    /**
     * @var SecondFactorTypeService
     */
    private $secondFactorTypeService;

    /**
     * @param LoaResolutionService   $loaResolutionService
     * @param SecondFactorRepository $secondFactorRepository
     * @param YubikeyService         $yubikeyService
     * @param SmsSecondFactorService $smsService
     * @param InstitutionMatchingHelper $institutionMatchingHelper
     * @param TranslatorInterface    $translator
     * @param LoggerInterface        $logger
     * @param SecondFactorTypeService $secondFactorTypeService
     */
    public function __construct(
        LoaResolutionService $loaResolutionService,
        SecondFactorRepository $secondFactorRepository,
        YubikeyService $yubikeyService,
        SmsSecondFactorService $smsService,
        InstitutionMatchingHelper $institutionMatchingHelper,
        TranslatorInterface $translator,
        LoggerInterface $logger,
        SecondFactorTypeService $secondFactorTypeService
    ) {
        $this->loaResolutionService = $loaResolutionService;
        $this->secondFactorRepository = $secondFactorRepository;
        $this->yubikeyService = $yubikeyService;
        $this->smsService = $smsService;
        $this->institutionMatchingHelper = $institutionMatchingHelper;
        $this->translator = $translator;
        $this->logger = $logger;
        $this->secondFactorTypeService = $secondFactorTypeService;
    }

    /**
     * @param string $identityNameId
     * @param Loa $requiredLoa
     * @param WhitelistService $whitelistService
     * @return \Doctrine\Common\Collections\Collection
     */
    public function determineViableSecondFactors(
        $identityNameId,
        Loa $requiredLoa,
        WhitelistService $whitelistService
    ) {

        $candidateSecondFactors = $this->secondFactorRepository->getAllMatchingFor(
            $requiredLoa,
            $identityNameId,
            $this->secondFactorTypeService
        );
        $this->logger->info(
            sprintf('Loaded %d matching candidate second factors', count($candidateSecondFactors))
        );

        foreach ($candidateSecondFactors as $key => $secondFactor) {
            if (!$whitelistService->contains($secondFactor->institution)) {
                $this->logger->notice(
                    sprintf(
                        'Second factor "%s" is listed for institution "%s" which is not on the whitelist',
                        $secondFactor->secondFactorId,
                        $secondFactor->institution
                    )
                );

                $candidateSecondFactors->remove($key);
            }
        }

        if ($candidateSecondFactors->isEmpty()) {
            $this->logger->alert('No suitable candidate second factors found, sending Loa cannot be given response');
        }

        return $candidateSecondFactors;
    }

    /**
     * @param string $requestedLoa
     * @param $identityNameId
     * @param string $identityInstitution
     * @param ServiceProvider $serviceProvider
     * @return null|Loa
     * @SuppressWarnings(PHPMD.CyclomaticComplexity) see https://www.pivotaltracker.com/story/show/96065350
     * @SuppressWarnings(PHPMD.NPathComplexity)      see https://www.pivotaltracker.com/story/show/96065350
     */
    public function resolveHighestRequiredLoa(
        $requestedLoa,
        $identityNameId,
        $identityInstitution,
        ServiceProvider $serviceProvider
    ) {
        $loaCandidates = new ArrayCollection();

        if ($requestedLoa) {
            $loaCandidates->add($requestedLoa);
            $this->logger->info(sprintf('Added requested Loa "%s" as candidate', $requestedLoa));
        }

        $spConfiguredLoas = $serviceProvider->get('configuredLoas');

        if (array_key_exists('__default__', $spConfiguredLoas) &&
            !$loaCandidates->contains($spConfiguredLoas['__default__'])
        ) {
            $loaCandidates->add($spConfiguredLoas['__default__']);
            $this->logger->info(sprintf('Added SP\'s default Loa "%s" as candidate', $spConfiguredLoas['__default__']));
        }

        if (count($spConfiguredLoas) > 1 && is_null($identityInstitution)) {
            throw new RuntimeException(
                'SP configured LOA\'s are applicable but the authenticating user has no ' .
                'schacHomeOrganization in the assertion.'
            );
        }

        // Load the institutions the user has vetted a second factor
        $institutionsBasedOnVettedTokens = $this->determineInstitutionsByIdentityNameId($identityNameId);


        if (!is_null($identityInstitution) && !empty($institutionsBasedOnVettedTokens)) {
            $institutionMatches = $this->institutionMatchingHelper->findMatches(
                $institutionsBasedOnVettedTokens,
                [$identityInstitution]
            );

            if (empty($institutionMatches)) {
                throw new RuntimeException(
                    'None of the authenticating users tokens are registered at an institution the user is currently' .
                    'authenticating from.'
                );
            }
        }

        // Add the SHO of the authenticating user to the list of institutions based on vetted tokens. This ensures the
        // correct LOA can be based on the organisation of the user.
        // There is a chance the user has no vetted tokens. In that case the user will not be granted access to the SP
        // if the LOA is higher than LOA1 @see https://www.pivotaltracker.com/story/show/153594101
        $institutionsBasedOnVettedTokens[] = $identityInstitution;

        $this->logger->info(sprintf('Loaded institution(s) for "%s"', $identityNameId));

        // Match the users institutions loas against the SP configured institutions
        $matchingInstitutions = $this->institutionMatchingHelper->findMatches(
            array_keys($spConfiguredLoas),
            $institutionsBasedOnVettedTokens
        );

        if (count($matchingInstitutions) > 0) {
            $this->logger->info('Found matching SP configured LoA\'s');
            foreach ($matchingInstitutions as $matchingInstitution) {
                $loaCandidates->add($spConfiguredLoas[$matchingInstitution]);
                $this->logger->info(sprintf(
                    'Added SP\'s Loa "%s" as candidate',
                    $spConfiguredLoas[$matchingInstitution]
                ));
            }
        }

        if (!count($loaCandidates)) {
            throw new RuntimeException('No Loa can be found, at least one Loa (SP default) should be found');
        }

        $actualLoas = new ArrayCollection();
        foreach ($loaCandidates as $loaDefinition) {
            $loa = $this->loaResolutionService->getLoa($loaDefinition);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();
            if ($loa) {
                $actualLoas->add($loa);
            }
        }

        if (!count($actualLoas)) {
            $this->logger->info(sprintf(
                'Out of "%d" candidates, no existing Loa could be found, no authentication is possible.',
                count($loaCandidates)
            ));

            return null;
        }

        /** @var \Surfnet\StepupBundle\Value\Loa $highestLoa */
        $highestLoa = $actualLoas->first();
        foreach ($actualLoas as $loa) {
            // if the current highest Loa cannot satisfy the next Loa, that must be of a higher level...
            if (!$highestLoa->canSatisfyLoa($loa)) {
                $highestLoa = $loa;
            }
        }

        $this->logger->info(
            sprintf('Out of %d candidate Loa\'s, Loa "%s" is the highest', count($loaCandidates), $highestLoa)
        );

        return $highestLoa;
    }

    /**
     * Returns whether the given Loa identifier identifies the minimum Loa, intrinsic to being authenticated via an IdP.
     *
     * @param Loa $loa
     * @return bool
     */
    public function isIntrinsicLoa(Loa $loa)
    {
        return $loa->levelIsLowerOrEqualTo(Loa::LOA_1);
    }

    /**
     * @param VerifyYubikeyOtpCommand $command
     * @return YubikeyOtpVerificationResult
     */
    public function verifyYubikeyOtp(VerifyYubikeyOtpCommand $command)
    {
        /** @var SecondFactor $secondFactor */
        $secondFactor = $this->secondFactorRepository->findOneBySecondFactorId($command->secondFactorId);

        $requester = new Requester();
        $requester->identity = $secondFactor->identityId;
        $requester->institution = $secondFactor->institution;

        $otp = new ApiOtp();
        $otp->value = $command->otp;

        $result = $this->yubikeyService->verify($otp, $requester);

        if (!$result->isSuccessful()) {
            return new YubikeyOtpVerificationResult(YubikeyOtpVerificationResult::RESULT_OTP_VERIFICATION_FAILED, null);
        }

        $otp = YubikeyOtp::fromString($command->otp);
        $publicId = YubikeyPublicId::fromOtp($otp);

        if (!$publicId->equals(new YubikeyPublicId($secondFactor->secondFactorIdentifier))) {
            return new YubikeyOtpVerificationResult(
                YubikeyOtpVerificationResult::RESULT_PUBLIC_ID_DID_NOT_MATCH,
                $publicId
            );
        }

        return new YubikeyOtpVerificationResult(YubikeyOtpVerificationResult::RESULT_PUBLIC_ID_MATCHED, $publicId);
    }

    /**
     * @param string $secondFactorId
     * @return string
     */
    public function getSecondFactorIdentifier($secondFactorId)
    {
        /** @var SecondFactor $secondFactor */
        $secondFactor = $this->secondFactorRepository->findOneBySecondFactorId($secondFactorId);

        return $secondFactor->secondFactorIdentifier;
    }

    /**
     * @return int
     */
    public function getSmsOtpRequestsRemainingCount()
    {
        return $this->smsService->getOtpRequestsRemainingCount();
    }

    /**
     * @return int
     */
    public function getSmsMaximumOtpRequestsCount()
    {
        return $this->smsService->getMaximumOtpRequestsCount();
    }

    /**
     * @param SendSmsChallengeCommand $command
     * @return bool
     */
    public function sendSmsChallenge(SendSmsChallengeCommand $command)
    {
        /** @var SecondFactor $secondFactor */
        $secondFactor = $this->secondFactorRepository->findOneBySecondFactorId($command->secondFactorId);

        $phoneNumber = InternationalPhoneNumber::fromStringFormat($secondFactor->secondFactorIdentifier);

        $stepupCommand = new StepupSendSmsChallengeCommand();
        $stepupCommand->phoneNumber = $phoneNumber;
        $stepupCommand->body = $this->translator->trans('gateway.second_factor.sms.challenge_body');
        $stepupCommand->identity = $secondFactor->identityId;
        $stepupCommand->institution = $secondFactor->institution;

        return $this->smsService->sendChallenge($stepupCommand);
    }

    /**
     * @param VerifyPossessionOfPhoneCommand $command
     * @return OtpVerification
     */
    public function verifySmsChallenge(VerifyPossessionOfPhoneCommand $command)
    {
        return $this->smsService->verifyPossession($command);
    }

    public function clearSmsVerificationState()
    {
        $this->smsService->clearSmsVerificationState();
    }

    private function determineInstitutionsByIdentityNameId($identityNameId)
    {
        return $this->secondFactorRepository->getAllInstitutions($identityNameId);
    }
}


1			<?php
2
3			/**
4			* Copyright 2014 SURFnet bv
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*/
18
19			namespace Surfnet\StepupGateway\GatewayBundle\Service;
20
21			use Doctrine\Common\Collections\ArrayCollection;
22			use Psr\Log\LoggerInterface;
23			use Surfnet\SamlBundle\Entity\ServiceProvider;
24			use Surfnet\StepupBundle\Command\SendSmsChallengeCommand as StepupSendSmsChallengeCommand;
25			use Surfnet\StepupBundle\Command\VerifyPossessionOfPhoneCommand;
26			use Surfnet\StepupBundle\Service\LoaResolutionService;
27			use Surfnet\StepupBundle\Service\SecondFactorTypeService;
28			use Surfnet\StepupBundle\Service\SmsSecondFactor\OtpVerification;
29			use Surfnet\StepupBundle\Service\SmsSecondFactorService;
30			use Surfnet\StepupBundle\Value\Loa;
31			use Surfnet\StepupBundle\Value\PhoneNumber\InternationalPhoneNumber;
32			use Surfnet\StepupBundle\Value\YubikeyOtp;
33			use Surfnet\StepupBundle\Value\YubikeyPublicId;
34			use Surfnet\StepupGateway\ApiBundle\Dto\Otp as ApiOtp;
35			use Surfnet\StepupGateway\ApiBundle\Dto\Requester;
36			use Surfnet\StepupGateway\ApiBundle\Service\YubikeyService;
37			use Surfnet\StepupGateway\GatewayBundle\Command\SendSmsChallengeCommand;
38			use Surfnet\StepupGateway\GatewayBundle\Command\VerifyYubikeyOtpCommand;
39			use Surfnet\StepupGateway\GatewayBundle\Entity\SecondFactor;
40			use Surfnet\StepupGateway\GatewayBundle\Entity\SecondFactorRepository;
41			use Surfnet\StepupGateway\GatewayBundle\Exception\RuntimeException;
42			use Surfnet\StepupGateway\GatewayBundle\Service\StepUp\YubikeyOtpVerificationResult;
43			use Symfony\Component\Translation\TranslatorInterface;
44
45			/**
46			* @SuppressWarnings(PHPMD.CouplingBetweenObjects)
47			*/
48			class StepUpAuthenticationService
49			{
50			/**
51			* @var \Surfnet\StepupBundle\Service\LoaResolutionService
52			*/
53			private $loaResolutionService;
54
55			/**
56			* @var \Surfnet\StepupGateway\GatewayBundle\Entity\SecondFactorRepository
57			*/
58			private $secondFactorRepository;
59
60			/**
61			* @var \Surfnet\StepupGateway\ApiBundle\Service\YubikeyService
62			*/
63			private $yubikeyService;
64
65			/**
66			* @var \Surfnet\StepupBundle\Service\SmsSecondFactorService
67			*/
68			private $smsService;
69
70			/** @var InstitutionMatchingHelper */
71			private $institutionMatchingHelper;
72
73			/**
74			* @var \Symfony\Component\Translation\TranslatorInterface
75			*/
76			private $translator;
77
78			/**
79			* @var \Psr\Log\LoggerInterface
80			*/
81			private $logger;
82
83			/**
84			* @var SecondFactorTypeService
85			*/
86			private $secondFactorTypeService;
87
88			/**
89			* @param LoaResolutionService $loaResolutionService
90			* @param SecondFactorRepository $secondFactorRepository
91			* @param YubikeyService $yubikeyService
92			* @param SmsSecondFactorService $smsService
93			* @param InstitutionMatchingHelper $institutionMatchingHelper
94			* @param TranslatorInterface $translator
95			* @param LoggerInterface $logger
96			* @param SecondFactorTypeService $secondFactorTypeService
97			*/
98			public function __construct(
99			LoaResolutionService $loaResolutionService,
100			SecondFactorRepository $secondFactorRepository,
101			YubikeyService $yubikeyService,
102			SmsSecondFactorService $smsService,
103			InstitutionMatchingHelper $institutionMatchingHelper,
104			TranslatorInterface $translator,
105			LoggerInterface $logger,
106			SecondFactorTypeService $secondFactorTypeService
107			) {
108			$this->loaResolutionService = $loaResolutionService;
109			$this->secondFactorRepository = $secondFactorRepository;
110			$this->yubikeyService = $yubikeyService;
111			$this->smsService = $smsService;
112			$this->institutionMatchingHelper = $institutionMatchingHelper;
113			$this->translator = $translator;
114			$this->logger = $logger;
115			$this->secondFactorTypeService = $secondFactorTypeService;
116			}
117
118			/**
119			* @param string $identityNameId
120			* @param Loa $requiredLoa
121			* @param WhitelistService $whitelistService
122			* @return \Doctrine\Common\Collections\Collection
123			*/
124			public function determineViableSecondFactors(
125			$identityNameId,
126			Loa $requiredLoa,
127			WhitelistService $whitelistService
128			) {
129
130			$candidateSecondFactors = $this->secondFactorRepository->getAllMatchingFor(
131			$requiredLoa,
132			$identityNameId,
133			$this->secondFactorTypeService
134			);
135			$this->logger->info(
136			sprintf('Loaded %d matching candidate second factors', count($candidateSecondFactors))
137			);
138
139			foreach ($candidateSecondFactors as $key => $secondFactor) {
140			if (!$whitelistService->contains($secondFactor->institution)) {
141			$this->logger->notice(
142			sprintf(
143			'Second factor "%s" is listed for institution "%s" which is not on the whitelist',
144			$secondFactor->secondFactorId,
145			$secondFactor->institution
146			)
147			);
148
149			$candidateSecondFactors->remove($key);
150			}
151			}
152
153			if ($candidateSecondFactors->isEmpty()) {
154			$this->logger->alert('No suitable candidate second factors found, sending Loa cannot be given response');
155			}
156
157			return $candidateSecondFactors;
158			}
159
160			/**
161			* @param string $requestedLoa
162			* @param $identityNameId
163			* @param string $identityInstitution
164			* @param ServiceProvider $serviceProvider
165			* @return null\|Loa
166			* @SuppressWarnings(PHPMD.CyclomaticComplexity) see https://www.pivotaltracker.com/story/show/96065350
167			* @SuppressWarnings(PHPMD.NPathComplexity) see https://www.pivotaltracker.com/story/show/96065350
168			*/
169			public function resolveHighestRequiredLoa(
170			$requestedLoa,
171			$identityNameId,
172			$identityInstitution,
173			ServiceProvider $serviceProvider
174			) {
175			$loaCandidates = new ArrayCollection();
176
177			if ($requestedLoa) {
178			$loaCandidates->add($requestedLoa);
179			$this->logger->info(sprintf('Added requested Loa "%s" as candidate', $requestedLoa));
180			}
181
182			$spConfiguredLoas = $serviceProvider->get('configuredLoas');
183
184			if (array_key_exists('__default__', $spConfiguredLoas) &&
185			!$loaCandidates->contains($spConfiguredLoas['__default__'])
186			) {
187			$loaCandidates->add($spConfiguredLoas['__default__']);
188			$this->logger->info(sprintf('Added SP\'s default Loa "%s" as candidate', $spConfiguredLoas['__default__']));
189			}
190
191			if (count($spConfiguredLoas) > 1 && is_null($identityInstitution)) {
192			throw new RuntimeException(
193			'SP configured LOA\'s are applicable but the authenticating user has no ' .
194			'schacHomeOrganization in the assertion.'
195			);
196			}
197
198			// Load the institutions the user has vetted a second factor
199			$institutionsBasedOnVettedTokens = $this->determineInstitutionsByIdentityNameId($identityNameId);
			0 ignored issues – show Comprehensibility Naming introduced 2017-12-14 10:51 UTC by Report Bug Copy Issue Report The variable name `$institutionsBasedOnVettedTokens` exceeds the maximum configured length of `30`. Very long variable names usually make code harder to read. It is therefore recommended not to make variable names too verbose. Loading history...
200
201			if (!is_null($identityInstitution) && !empty($institutionsBasedOnVettedTokens)) {
202			$institutionMatches = $this->institutionMatchingHelper->findMatches(
203			$institutionsBasedOnVettedTokens,
204			[$identityInstitution]
205			);
206
207			if (empty($institutionMatches)) {
208			throw new RuntimeException(
209			'None of the authenticating users tokens are registered at an institution the user is currently' .
210			'authenticating from.'
211			);
212			}
213			}
214
215			// Add the SHO of the authenticating user to the list of institutions based on vetted tokens. This ensures the
216			// correct LOA can be based on the organisation of the user.
217			// There is a chance the user has no vetted tokens. In that case the user will not be granted access to the SP
218			// if the LOA is higher than LOA1 @see https://www.pivotaltracker.com/story/show/153594101
219			$institutionsBasedOnVettedTokens[] = $identityInstitution;
220
221			$this->logger->info(sprintf('Loaded institution(s) for "%s"', $identityNameId));
222
223			// Match the users institutions loas against the SP configured institutions
224			$matchingInstitutions = $this->institutionMatchingHelper->findMatches(
225			array_keys($spConfiguredLoas),
226			$institutionsBasedOnVettedTokens
227			);
228
229			if (count($matchingInstitutions) > 0) {
230			$this->logger->info('Found matching SP configured LoA\'s');
231			foreach ($matchingInstitutions as $matchingInstitution) {
232			$loaCandidates->add($spConfiguredLoas[$matchingInstitution]);
233			$this->logger->info(sprintf(
234			'Added SP\'s Loa "%s" as candidate',
235			$spConfiguredLoas[$matchingInstitution]
236			));
237			}
238			}
239
240			if (!count($loaCandidates)) {
241			throw new RuntimeException('No Loa can be found, at least one Loa (SP default) should be found');
242			}
243
244			$actualLoas = new ArrayCollection();
245			foreach ($loaCandidates as $loaDefinition) {
246			$loa = $this->loaResolutionService->getLoa($loaDefinition);
			0 ignored issues – show Bug introduced 2015-12-15 13:35 UTC by Report Bug Copy Issue Report Are you sure the assignment to `$loa` is correct as `$this->loaResolutionServ...>getLoa($loaDefinition)` (which targets `Surfnet\StepupBundle\Ser...lutionService::getLoa()`) seems to always return null. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
247			if ($loa) {
248			$actualLoas->add($loa);
249			}
250			}
251
252			if (!count($actualLoas)) {
253			$this->logger->info(sprintf(
254			'Out of "%d" candidates, no existing Loa could be found, no authentication is possible.',
255			count($loaCandidates)
256			));
257
258			return null;
259			}
260
261			/** @var \Surfnet\StepupBundle\Value\Loa $highestLoa */
262			$highestLoa = $actualLoas->first();
263			foreach ($actualLoas as $loa) {
264			// if the current highest Loa cannot satisfy the next Loa, that must be of a higher level...
265			if (!$highestLoa->canSatisfyLoa($loa)) {
266			$highestLoa = $loa;
267			}
268			}
269
270			$this->logger->info(
271			sprintf('Out of %d candidate Loa\'s, Loa "%s" is the highest', count($loaCandidates), $highestLoa)
272			);
273
274			return $highestLoa;
275			}
276
277			/**
278			* Returns whether the given Loa identifier identifies the minimum Loa, intrinsic to being authenticated via an IdP.
279			*
280			* @param Loa $loa
281			* @return bool
282			*/
283			public function isIntrinsicLoa(Loa $loa)
284			{
285			return $loa->levelIsLowerOrEqualTo(Loa::LOA_1);
286			}
287
288			/**
289			* @param VerifyYubikeyOtpCommand $command
290			* @return YubikeyOtpVerificationResult
291			*/
292			public function verifyYubikeyOtp(VerifyYubikeyOtpCommand $command)
293			{
294			/** @var SecondFactor $secondFactor */
295			$secondFactor = $this->secondFactorRepository->findOneBySecondFactorId($command->secondFactorId);
296
297			$requester = new Requester();
298			$requester->identity = $secondFactor->identityId;
299			$requester->institution = $secondFactor->institution;
300
301			$otp = new ApiOtp();
302			$otp->value = $command->otp;
303
304			$result = $this->yubikeyService->verify($otp, $requester);
305
306			if (!$result->isSuccessful()) {
307			return new YubikeyOtpVerificationResult(YubikeyOtpVerificationResult::RESULT_OTP_VERIFICATION_FAILED, null);
308			}
309
310			$otp = YubikeyOtp::fromString($command->otp);
311			$publicId = YubikeyPublicId::fromOtp($otp);
312
313			if (!$publicId->equals(new YubikeyPublicId($secondFactor->secondFactorIdentifier))) {
314			return new YubikeyOtpVerificationResult(
315			YubikeyOtpVerificationResult::RESULT_PUBLIC_ID_DID_NOT_MATCH,
316			$publicId
317			);
318			}
319
320			return new YubikeyOtpVerificationResult(YubikeyOtpVerificationResult::RESULT_PUBLIC_ID_MATCHED, $publicId);
321			}
322
323			/**
324			* @param string $secondFactorId
325			* @return string
326			*/
327			public function getSecondFactorIdentifier($secondFactorId)
328			{
329			/** @var SecondFactor $secondFactor */
330			$secondFactor = $this->secondFactorRepository->findOneBySecondFactorId($secondFactorId);
331
332			return $secondFactor->secondFactorIdentifier;
333			}
334
335			/**
336			* @return int
337			*/
338			public function getSmsOtpRequestsRemainingCount()
339			{
340			return $this->smsService->getOtpRequestsRemainingCount();
341			}
342
343			/**
344			* @return int
345			*/
346			public function getSmsMaximumOtpRequestsCount()
347			{
348			return $this->smsService->getMaximumOtpRequestsCount();
349			}
350
351			/**
352			* @param SendSmsChallengeCommand $command
353			* @return bool
354			*/
355			public function sendSmsChallenge(SendSmsChallengeCommand $command)
356			{
357			/** @var SecondFactor $secondFactor */
358			$secondFactor = $this->secondFactorRepository->findOneBySecondFactorId($command->secondFactorId);
359
360			$phoneNumber = InternationalPhoneNumber::fromStringFormat($secondFactor->secondFactorIdentifier);
361
362			$stepupCommand = new StepupSendSmsChallengeCommand();
363			$stepupCommand->phoneNumber = $phoneNumber;
364			$stepupCommand->body = $this->translator->trans('gateway.second_factor.sms.challenge_body');
365			$stepupCommand->identity = $secondFactor->identityId;
366			$stepupCommand->institution = $secondFactor->institution;
367
368			return $this->smsService->sendChallenge($stepupCommand);
369			}
370
371			/**
372			* @param VerifyPossessionOfPhoneCommand $command
373			* @return OtpVerification
374			*/
375			public function verifySmsChallenge(VerifyPossessionOfPhoneCommand $command)
376			{
377			return $this->smsService->verifyPossession($command);
378			}
379
380			public function clearSmsVerificationState()
381			{
382			$this->smsService->clearSmsVerificationState();
383			}
384
385			private function determineInstitutionsByIdentityNameId($identityNameId)
386			{
387			return $this->secondFactorRepository->getAllInstitutions($identityNameId);
388			}
389			}
390

OpenConext / Stepup-Gateway

Push — bugfix/institution-based-on-sh... ( 23e8a9...7c69b2 )

resolveHighestRequiredLoa() D

Complexity

Size

Duplication

Importance

How to fix Long Method Complexity

Long Method

Duplication Side-by-Side

Filter issues like