Surfnet\StepupSelfService\SelfServiceBundle\Controller\Registration\Gssf\GssfConsumeAssertionController

Complexity

Total Complexity

8

Size/Duplication

Total Lines	99
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

3 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	8	1
A	redirectToStatusReportForm()	0	6	1
B	consumeAssertion()	0	78	6

<?php

declare(strict_types = 1);

/**
 * Copyright 2015 SURFnet bv
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

PHP version not specified

Missing @category tag in file comment

Missing @package tag in file comment

Missing @author tag in file comment

Missing @license tag in file comment

Missing @link tag in file comment

namespace Surfnet\StepupSelfService\SelfServiceBundle\Controller\Registration\Gssf;

use Exception;
use Psr\Log\LoggerInterface;
use Surfnet\SamlBundle\Http\PostBinding;
use Surfnet\SamlBundle\SAML2\Attribute\AttributeDictionary;
use Surfnet\SamlBundle\SAML2\Response\Assertion\InResponseTo;
use Surfnet\StepupSelfService\SamlStepupProviderBundle\Provider\Provider;
use Surfnet\StepupSelfService\SamlStepupProviderBundle\Provider\ProviderRepository;
use Surfnet\StepupSelfService\SelfServiceBundle\Service\ControllerCheckerService;
use Surfnet\StepupSelfService\SelfServiceBundle\Service\GssfService;

The type Surfnet\StepupSelfService\SelfServiceBundle\Service\GssfService was not found. Maybe you did not declare it correctly or list all dependencies?

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;

/**
 * Controls registration with Generic SAML Stepup Providers (GSSPs), yielding Generic SAML Second Factors (GSSFs).
 */

Missing @category tag in class comment

Missing @package tag in class comment

Missing @author tag in class comment

Missing @license tag in class comment

Missing @link tag in class comment

final class GssfConsumeAssertionController extends AbstractController
{
    public function __construct(

Missing doc comment for function __construct()

        private readonly LoggerInterface           $logger,
        private readonly ProviderRepository        $providerRepository,
        private readonly PostBinding               $postBinding,
        private readonly GssfService               $gssfService,
        private readonly AttributeDictionary       $attributeDictionary,
        private readonly ControllerCheckerService $checkerService,
    ) {
    }

    #[Route(
        path: '/registration/gssf/{provider}/consume-assertion',
        name: 'ss_registration_gssf_consume_assertion',
        methods: ['POST'],
    )]
    public function consumeAssertion(Request $httpRequest, string $provider): array|Response

Missing doc comment for function consumeAssertion()

    {
        $this->checkerService->assertSecondFactorEnabled($provider);

        $provider = $this->providerRepository->get($provider);

        $this->logger->notice(
            sprintf('Received GSSP "%s" SAMLResponse through Gateway, attempting to process', $provider->getName())
        );

        try {
            $assertion = $this->postBinding->processResponse(
                $httpRequest,
                $provider->getRemoteIdentityProvider(),
                $provider->getServiceProvider()
            );
        } catch (Exception $exception) {
            $provider->getStateHandler()->clear();

            $this->logger->error(
                sprintf('Could not process received Response, error: "%s"', $exception->getMessage())
            );

            return $this->redirectToStatusReportForm(
                $provider,
                ['authenticationFailed' => true]
            );
        }

        $expectedResponseTo = $provider->getStateHandler()->getRequestId();
        $provider->getStateHandler()->clear();

        if (!InResponseTo::assertEquals($assertion, $expectedResponseTo)) {
            $this->logger->critical(sprintf(

The opening parenthesis of a multi-line function call should be the last content on the line.

                'Received Response with unexpected InResponseTo, %s',
                ($expectedResponseTo ? 'expected "' . $expectedResponseTo . '"' : ' no response expected')
            ));

For multi-line function calls, the closing parenthesis should be on a new line.

            return $this->redirectToStatusReportForm(
                $provider,
                ['authenticationFailed' => true]
            );
        }

        $this->logger->notice(
            sprintf('Processed GSSP "%s" SAMLResponse received through Gateway successfully', $provider->getName())
        );

        $gssfId = $this->attributeDictionary->translate($assertion)->getNameID();

        $secondFactorId = $this->gssfService->provePossession($this->getUser()->getIdentity()->id, $provider->getName(), $gssfId);

The method getIdentity() does not exist on Symfony\Component\Security\Core\User\UserInterface. It seems like you code against a sub-type of Symfony\Component\Security\Core\User\UserInterface such as Surfnet\StepupSelfService\SelfServiceBundle\Security\Authentication\AuthenticatedIdentity.

        if ($secondFactorId) {
            $this->logger->notice('GSSF possession has been proven successfully');

            if ($this->checkerService->emailVerificationIsRequired()) {
                return $this->redirectToRoute(
                    'ss_registration_email_verification_email_sent',
                    ['secondFactorId' => $secondFactorId]
                );
            } else {
                return $this->redirectToRoute(
                    'ss_second_factor_vetting_types',
                    ['secondFactorId' => $secondFactorId]
                );
            }
        }

        $this->logger->error('Unable to prove GSSF possession');

        return $this->redirectToStatusReportForm(
            $provider,
            ['proofOfPossessionFailed' => true]
        );
    }

    private function redirectToStatusReportForm(Provider $provider, array $options): RedirectResponse

Missing doc comment for function redirectToStatusReportForm()

Private method name "GssfConsumeAssertionController::redirectToStatusReportForm" must be prefixed with an underscore

    {
        return $this->redirectToRoute(
            'ss_registration_gssf_status_report',
            $options + [
                'provider' => $provider->getName(),
            ]
        );
    }
}