IdentityCommandHandler::loadInstitutionConfigurationFor() - Code Metrics - Inspection of "Add BC support for events beofre FGA" - OpenConext/Stepup-Middleware - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — feature/fga-ra-management ( 037bdc...e11d53 )

unknown

created 2018-10-25 15:05 UTC

loadInstitutionConfigurationFor() A

↳ Parent: IdentityCommandHandler

Complexity

Conditions	2
Paths	3

Size

Total Lines

Duplication

Lines	17
Ratio	100 %

Importance

Changes

Metric	Value
dl	17
loc	17
rs	9.7
c	0
b	0
f	0
cc	2
nc	3
nop	1

<?php

/**
 * Copyright 2014 SURFnet bv
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

namespace Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\CommandHandler;

use Broadway\CommandHandling\CommandHandler;
use Broadway\Repository\AggregateNotFoundException;
use Broadway\Repository\RepositoryInterface;
use Surfnet\Stepup\Configuration\EventSourcing\InstitutionConfigurationRepository;
use Surfnet\Stepup\Configuration\InstitutionConfiguration;
use Surfnet\Stepup\Configuration\Value\Institution as ConfigurationInstitution;
use Surfnet\Stepup\Configuration\Value\InstitutionConfigurationId;
use Surfnet\Stepup\Identity\Api\Identity as IdentityApi;
use Surfnet\Stepup\Identity\Entity\ConfigurableSettings;
use Surfnet\Stepup\Identity\Identity;
use Surfnet\Stepup\Identity\Value\CommonName;
use Surfnet\Stepup\Identity\Value\DocumentNumber;
use Surfnet\Stepup\Identity\Value\Email;
use Surfnet\Stepup\Identity\Value\GssfId;
use Surfnet\Stepup\Identity\Value\IdentityId;
use Surfnet\Stepup\Identity\Value\Institution;
use Surfnet\Stepup\Identity\Value\Locale;
use Surfnet\Stepup\Identity\Value\NameId;
use Surfnet\Stepup\Identity\Value\PhoneNumber;
use Surfnet\Stepup\Identity\Value\SecondFactorId;
use Surfnet\Stepup\Identity\Value\SecondFactorIdentifierFactory;
use Surfnet\Stepup\Identity\Value\StepupProvider;
use Surfnet\Stepup\Identity\Value\U2fKeyHandle;
use Surfnet\Stepup\Identity\Value\YubikeyPublicId;
use Surfnet\StepupBundle\Service\SecondFactorTypeService;
use Surfnet\StepupBundle\Value\SecondFactorType;
use Surfnet\StepupMiddleware\ApiBundle\Configuration\Service\AllowedSecondFactorListService;
use Surfnet\StepupMiddleware\ApiBundle\Configuration\Service\InstitutionConfigurationOptionsService;
use Surfnet\StepupMiddleware\ApiBundle\Identity\Repository\IdentityRepository;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Exception\SecondFactorNotAllowedException;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Exception\UnsupportedLocaleException;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\Command\BootstrapIdentityWithYubikeySecondFactorCommand;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\Command\CreateIdentityCommand;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\Command\ExpressLocalePreferenceCommand;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\Command\ProveGssfPossessionCommand;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\Command\ProvePhonePossessionCommand;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\Command\ProveU2fDevicePossessionCommand;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\Command\ProveYubikeyPossessionCommand;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\Command\RevokeOwnSecondFactorCommand;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\Command\RevokeRegistrantsSecondFactorCommand;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\Command\UpdateIdentityCommand;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\Command\VerifyEmailCommand;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\Command\VetSecondFactorCommand;
use Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\CommandHandler\Exception\DuplicateIdentityException;

/**
 * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
 * @SuppressWarnings(PHPMD.TooManyMethods)
 * @SuppressWarnings(PHPMD.TooManyPublicMethods)
 */
class IdentityCommandHandler extends CommandHandler
{
    /**
     * @var \Surfnet\Stepup\Identity\EventSourcing\IdentityRepository
     */
    private $eventSourcedRepository;

    /**
     * @var IdentityRepository
     */
    private $identityProjectionRepository;

    /**
     * @var \Surfnet\Stepup\Identity\Entity\ConfigurableSettings
     */
    private $configurableSettings;

    /**
     * @var AllowedSecondFactorListService
     */
    private $allowedSecondFactorListService;

    /** @var SecondFactorTypeService */
    private $secondFactorTypeService;

    /**
     * @var InstitutionConfigurationOptionsService
     */
    private $institutionConfigurationOptionsService;

    /**
     * @var InstitutionConfigurationRepository
     */
    private $institutionConfigurationRepository;

    /**
     * @param RepositoryInterface $eventSourcedRepository
     * @param IdentityRepository $identityProjectionRepository
     * @param ConfigurableSettings $configurableSettings
     * @param AllowedSecondFactorListService $allowedSecondFactorListService
     * @param SecondFactorTypeService $secondFactorTypeService
     * @param InstitutionConfigurationOptionsService $institutionConfigurationOptionsService
     * @param InstitutionConfigurationRepository $institutionConfigurationRepository
     */
    public function __construct(
        RepositoryInterface $eventSourcedRepository,
        IdentityRepository $identityProjectionRepository,
        ConfigurableSettings $configurableSettings,
        AllowedSecondFactorListService $allowedSecondFactorListService,
        SecondFactorTypeService $secondFactorTypeService,
        InstitutionConfigurationOptionsService $institutionConfigurationOptionsService,
        InstitutionConfigurationRepository $institutionConfigurationRepository
    ) {
        $this->eventSourcedRepository = $eventSourcedRepository;
class Alien {}

class Dalek extends Alien {}

class Plot
{
    /** @var  Dalek */
    public $villain;
}

$alien = new Alien();
$plot = new Plot();
if ($alien instanceof Dalek) {
    $plot->villain = $alien;
}
        $this->identityProjectionRepository = $identityProjectionRepository;
        $this->configurableSettings = $configurableSettings;
        $this->allowedSecondFactorListService = $allowedSecondFactorListService;
        $this->secondFactorTypeService = $secondFactorTypeService;
        $this->institutionConfigurationOptionsService = $institutionConfigurationOptionsService;
        $this->institutionConfigurationRepository = $institutionConfigurationRepository;
    }

    public function handleCreateIdentityCommand(CreateIdentityCommand $command)
    {
        $preferredLocale = new Locale($command->preferredLocale);
        $this->assertIsValidLocale($preferredLocale);

        $institution = new Institution($command->institution);

        $institutionConfiguration = $this->loadInstitutionConfigurationFor($institution);


        $identity = Identity::create(
            new IdentityId($command->id),
            new Institution($command->institution),
            new NameId($command->nameId),
            new CommonName($command->commonName),
            new Email($command->email),
            $preferredLocale,
            $institutionConfiguration

        );

        $this->eventSourcedRepository->save($identity);
    }

    public function handleUpdateIdentityCommand(UpdateIdentityCommand $command)
    {
        /** @var IdentityApi $identity */
        $identity = $this->eventSourcedRepository->load(new IdentityId($command->id));

        $identity->rename(new CommonName($command->commonName));
        $identity->changeEmail(new Email($command->email));

        $this->eventSourcedRepository->save($identity);
    }

    public function handleBootstrapIdentityWithYubikeySecondFactorCommand(
        BootstrapIdentityWithYubikeySecondFactorCommand $command
    ) {
        $preferredLocale = new Locale($command->preferredLocale);
        $this->assertIsValidLocale($preferredLocale);

        $institution = new Institution($command->institution);
        $nameId = new NameId($command->nameId);

        if ($this->identityProjectionRepository->hasIdentityWithNameIdAndInstitution($nameId, $institution)) {
            throw DuplicateIdentityException::forBootstrappingWithYubikeySecondFactor($nameId, $institution);
        }

        $institutionConfiguration = $this->loadInstitutionConfigurationFor($institution);


        $identity = Identity::create(
            new IdentityId($command->identityId),
            $institution,
            $nameId,
            new CommonName($command->commonName),
            new Email($command->email),
            $preferredLocale,
            $institutionConfiguration

        );

        $configurationInstitution = new ConfigurationInstitution(
            (string) $identity->getInstitution()
        );

        $tokenCount = $this->institutionConfigurationOptionsService->getMaxNumberOfTokensFor($configurationInstitution);
        $identity->setMaxNumberOfTokens($tokenCount);

        $identity->bootstrapYubikeySecondFactor(
            new SecondFactorId($command->secondFactorId),
            new YubikeyPublicId($command->yubikeyPublicId)
        );

        $this->eventSourcedRepository->save($identity);
    }

    public function handleProveYubikeyPossessionCommand(ProveYubikeyPossessionCommand $command)

    {
        /** @var IdentityApi $identity */
        $identity = $this->eventSourcedRepository->load(new IdentityId($command->identityId));

        $this->assertSecondFactorIsAllowedFor(new SecondFactorType('yubikey'), $identity->getInstitution());

        $configurationInstitution = new ConfigurationInstitution(
            (string) $identity->getInstitution()
        );
        $tokenCount = $this->institutionConfigurationOptionsService->getMaxNumberOfTokensFor($configurationInstitution);
        $identity->setMaxNumberOfTokens($tokenCount);

        $identity->provePossessionOfYubikey(
            new SecondFactorId($command->secondFactorId),
            new YubikeyPublicId($command->yubikeyPublicId),
            $this->emailVerificationIsRequired($identity),
            $this->configurableSettings->createNewEmailVerificationWindow()
        );

        $this->eventSourcedRepository->save($identity);
    }

    /**
     * @param ProvePhonePossessionCommand $command
     */
    public function handleProvePhonePossessionCommand(ProvePhonePossessionCommand $command)

    {
        /** @var IdentityApi $identity */
        $identity = $this->eventSourcedRepository->load(new IdentityId($command->identityId));

        $this->assertSecondFactorIsAllowedFor(new SecondFactorType('sms'), $identity->getInstitution());

        $configurationInstitution = new ConfigurationInstitution(
            (string) $identity->getInstitution()
        );

        $tokenCount = $this->institutionConfigurationOptionsService->getMaxNumberOfTokensFor($configurationInstitution);
        $identity->setMaxNumberOfTokens($tokenCount);

        $identity->provePossessionOfPhone(
            new SecondFactorId($command->secondFactorId),
            new PhoneNumber($command->phoneNumber),
            $this->emailVerificationIsRequired($identity),
            $this->configurableSettings->createNewEmailVerificationWindow()
        );

        $this->eventSourcedRepository->save($identity);
    }

    /**
     * @param ProveGssfPossessionCommand $command
     */
    public function handleProveGssfPossessionCommand(ProveGssfPossessionCommand $command)
    {
        /** @var IdentityApi $identity */
        $identity = $this->eventSourcedRepository->load(new IdentityId($command->identityId));
        $secondFactorType = $command->stepupProvider;

        // Validate that the chosen second factor type (stepupProvider) is allowed for the users instituti
        $this->assertSecondFactorIsAllowedFor(new SecondFactorType($secondFactorType), $identity->getInstitution());

        $configurationInstitution = new ConfigurationInstitution(
            (string) $identity->getInstitution()
        );

        $tokenCount = $this->institutionConfigurationOptionsService->getMaxNumberOfTokensFor($configurationInstitution);
        $identity->setMaxNumberOfTokens($tokenCount);

        $identity->provePossessionOfGssf(
            new SecondFactorId($command->secondFactorId),
            new StepupProvider($secondFactorType),
            new GssfId($command->gssfId),
            $this->emailVerificationIsRequired($identity),
            $this->configurableSettings->createNewEmailVerificationWindow()
        );

        $this->eventSourcedRepository->save($identity);
    }

    public function handleProveU2fDevicePossessionCommand(ProveU2fDevicePossessionCommand $command)

    {
        /** @var IdentityApi $identity */
        $identity = $this->eventSourcedRepository->load(new IdentityId($command->identityId));

        $this->assertSecondFactorIsAllowedFor(new SecondFactorType('u2f'), $identity->getInstitution());

        $configurationInstitution = new ConfigurationInstitution(
            (string) $identity->getInstitution()
        );

        $tokenCount = $this->institutionConfigurationOptionsService->getMaxNumberOfTokensFor($configurationInstitution);
        $identity->setMaxNumberOfTokens($tokenCount);

        $identity->provePossessionOfU2fDevice(
            new SecondFactorId($command->secondFactorId),
            new U2fKeyHandle($command->keyHandle),
            $this->emailVerificationIsRequired($identity),
            $this->configurableSettings->createNewEmailVerificationWindow()
        );

        $this->eventSourcedRepository->save($identity);
    }

    /**
     * @param VerifyEmailCommand $command
     */
    public function handleVerifyEmailCommand(VerifyEmailCommand $command)
    {
        /** @var IdentityApi $identity */
        $identity = $this->eventSourcedRepository->load(new IdentityId($command->identityId));

        $identity->verifyEmail($command->verificationNonce);

        $this->eventSourcedRepository->save($identity);
    }

    public function handleVetSecondFactorCommand(VetSecondFactorCommand $command)
    {
        /** @var IdentityApi $authority */
        $authority = $this->eventSourcedRepository->load(new IdentityId($command->authorityId));
        /** @var IdentityApi $registrant */
        $registrant = $this->eventSourcedRepository->load(new IdentityId($command->identityId));

        $secondFactorType = new SecondFactorType($command->secondFactorType);
        $secondFactorIdentifier = SecondFactorIdentifierFactory::forType(
            $secondFactorType,
            $command->secondFactorIdentifier
        );

        $authority->vetSecondFactor(
            $registrant,
            new SecondFactorId($command->secondFactorId),
            $secondFactorType,
            $secondFactorIdentifier,
            $command->registrationCode,
            new DocumentNumber($command->documentNumber),
            $command->identityVerified,
            $this->secondFactorTypeService
        );

        $this->eventSourcedRepository->save($authority);
        $this->eventSourcedRepository->save($registrant);
    }

    public function handleRevokeOwnSecondFactorCommand(RevokeOwnSecondFactorCommand $command)
    {
        /** @var IdentityApi $identity */
        $identity = $this->eventSourcedRepository->load(new IdentityId($command->identityId));
        $identity->revokeSecondFactor(new SecondFactorId($command->secondFactorId));

        $this->eventSourcedRepository->save($identity);
    }

    public function handleRevokeRegistrantsSecondFactorCommand(RevokeRegistrantsSecondFactorCommand $command)
    {
        /** @var IdentityApi $identity */
        $identity = $this->eventSourcedRepository->load(new IdentityId($command->identityId));
        $identity->complyWithSecondFactorRevocation(
            new SecondFactorId($command->secondFactorId),
            new IdentityId($command->authorityId)
        );

        $this->eventSourcedRepository->save($identity);
    }

    public function handleExpressLocalePreferenceCommand(ExpressLocalePreferenceCommand $command)
    {
        $preferredLocale = new Locale($command->preferredLocale);
        $this->assertIsValidLocale($preferredLocale);

        /** @var IdentityApi $identity */
        $identity = $this->eventSourcedRepository->load(new IdentityId($command->identityId));
        $identity->expressPreferredLocale($preferredLocale);

        $this->eventSourcedRepository->save($identity);
    }

    /**
     * @param Locale $locale
     */
    private function assertIsValidLocale(Locale $locale)
    {
        if (!$this->configurableSettings->isSupportedLocale($locale)) {
            throw new UnsupportedLocaleException(
                sprintf('Given locale "%s" is not a supported locale', (string) $locale)
            );
        }
    }

    private function assertSecondFactorIsAllowedFor(SecondFactorType $secondFactor, Institution $institution)
    {
        $allowedSecondFactorList = $this->allowedSecondFactorListService->getAllowedSecondFactorListFor(
            new ConfigurationInstitution($institution->getInstitution())
        );

        if (!$allowedSecondFactorList->allows($secondFactor)) {
            throw new SecondFactorNotAllowedException(sprintf(
                'Institution "%s" does not support second factor "%s"',
                $institution->getInstitution(),
                $secondFactor->getSecondFactorType()
            ));
        }
    }

    /**
     * @param IdentityApi $identity
     * @return bool
     */
    private function emailVerificationIsRequired(IdentityApi $identity)
    {
        $institution = new ConfigurationInstitution(
            (string) $identity->getInstitution()
        );

        $configuration = $this->institutionConfigurationOptionsService
            ->findInstitutionConfigurationOptionsFor($institution);

        if ($configuration === null) {
            return true;
        }

        return $configuration->verifyEmailOption->isEnabled();
    }

    /**
     * @deprecated Should be used until existing institution configurations have been migrated to using normalized ids
     *
     * @param Institution $institution
     * @return InstitutionConfiguration
     */
    private function loadInstitutionConfigurationFor(Institution $institution)

    {
        $institution = new ConfigurationInstitution($institution->getInstitution());
        try {
            $institutionConfigurationId = InstitutionConfigurationId::normalizedFrom($institution);
            $institutionConfiguration = $this->institutionConfigurationRepository->load(
                $institutionConfigurationId->getInstitutionConfigurationId()
            );
        } catch (AggregateNotFoundException $exception) {
            $institutionConfigurationId = InstitutionConfigurationId::from($institution);

            $institutionConfiguration = $this->institutionConfigurationRepository->load(
                $institutionConfigurationId->getInstitutionConfigurationId()
            );
        }

        return $institutionConfiguration;
    }
}


1			<?php
2
3			/**
4			* Copyright 2014 SURFnet bv
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*/
18
19			namespace Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\CommandHandler;
20
21			use Broadway\CommandHandling\CommandHandler;
22			use Broadway\Repository\AggregateNotFoundException;
23			use Broadway\Repository\RepositoryInterface;
24			use Surfnet\Stepup\Configuration\EventSourcing\InstitutionConfigurationRepository;
25			use Surfnet\Stepup\Configuration\InstitutionConfiguration;
26			use Surfnet\Stepup\Configuration\Value\Institution as ConfigurationInstitution;
27			use Surfnet\Stepup\Configuration\Value\InstitutionConfigurationId;
28			use Surfnet\Stepup\Identity\Api\Identity as IdentityApi;
29			use Surfnet\Stepup\Identity\Entity\ConfigurableSettings;
30			use Surfnet\Stepup\Identity\Identity;
31			use Surfnet\Stepup\Identity\Value\CommonName;
32			use Surfnet\Stepup\Identity\Value\DocumentNumber;
33			use Surfnet\Stepup\Identity\Value\Email;
34			use Surfnet\Stepup\Identity\Value\GssfId;
35			use Surfnet\Stepup\Identity\Value\IdentityId;
36			use Surfnet\Stepup\Identity\Value\Institution;
37			use Surfnet\Stepup\Identity\Value\Locale;
38			use Surfnet\Stepup\Identity\Value\NameId;
39			use Surfnet\Stepup\Identity\Value\PhoneNumber;
40			use Surfnet\Stepup\Identity\Value\SecondFactorId;

OpenConext / Stepup-Middleware

Push — feature/fga-ra-management ( 037bdc...e11d53 )

loadInstitutionConfigurationFor() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like