SamlController - Code Metrics - Inspection of "Handle second factor test response" - OpenConext/Stepup-SelfService - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — develop (#120)

by Nic

created 2017-03-06 16:08 UTC

SamlController A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	106
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	9

Importance

Changes	8
Bugs	0	Features	0

Metric	Value
wmc	7
c	8
b	0
f	0
lcom	1
cbo	9
dl	0
loc	106
rs	10

3 Methods

Rating	Name	Size	Complexity
A	metadataAction()	7	1
B	testSecondFactorAction()	38	2
B	consumeAssertionAction()	49	4

<?php

/**
 * Copyright 2014 SURFnet bv
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

namespace Surfnet\StepupSelfService\SelfServiceBundle\Controller;

use Exception;
use Surfnet\SamlBundle\Http\XMLResponse;
use Surfnet\SamlBundle\SAML2\Response\Assertion\InResponseTo;
use Surfnet\StepupBundle\Value\SecondFactorType;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Exception\AuthenticationException;

class SamlController extends Controller
{
    /**
     * @param string $secondFactorId
     *
     * @return \Symfony\Component\HttpFoundation\RedirectResponse
     * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
     * @throws \Symfony\Component\Security\Core\Exception\AccessDeniedException
     */
    public function testSecondFactorAction($secondFactorId)
    {
        $logger = $this->get('logger');
        $logger->notice('Starting second factor test');

        $secondFactorService = $this->get('surfnet_stepup_self_service_self_service.service.second_factor');
        $identity            = $this->getIdentity();

        if (!$secondFactorService->identityHasSecondFactorOfStateWithId($identity->id, 'vetted', $secondFactorId)) {
            $logger->error(
                sprintf(
                    'Identity "%s" tried to test second factor "%s", but does not own that second factor or it is not vetted',

                    $identity->id,
                    $secondFactorId
                )
            );

            throw $this->createNotFoundException();
        }

        $loaResolutionService         = $this->get('surfnet_stepup.service.loa_resolution');
        $authenticationRequestFactory = $this->get('self_service.test_second_factor_authentication_request_factory');

        $secondFactor     = $secondFactorService->findOneVetted($secondFactorId);
        $secondFactorType = new SecondFactorType($secondFactor->type);

        $authenticationRequest = $authenticationRequestFactory->createSecondFactorTestRequest(
            $identity->nameId,
            $loaResolutionService->getLoaByLevel($secondFactorType->getLevel())
        );

        $this->get('session')->set('second_factor_test_request_id', $authenticationRequest->getRequestId());

        $samlLogger = $this->get('surfnet_saml.logger')->forAuthentication($authenticationRequest->getRequestId());
        $samlLogger->notice('Sending authentication request to the second factor test IDP');

        return $this->get('surfnet_saml.http.redirect_binding')->createRedirectResponseFor($authenticationRequest);
    }

    public function consumeAssertionAction(Request $httpRequest)
    {
        $logger = $this->get('logger');

        $logger->notice('Received an authentication response for testing a second factor');

        $session = $this->get('session');

        if (!$session->has('second_factor_test_request_id')) {
            $logger->error(
                'Received an authentication response for testing a second factor, but no second factor test response was expected'

            );

            throw $this->createAccessDeniedException('Did not expect an authentication response');
        }

        $initiatedRequestId = $session->get('second_factor_test_request_id');

        $samlLogger = $this->get('surfnet_saml.logger')->forAuthentication($initiatedRequestId);

        $session->remove('second_factor_test_request_id');

        $postBinding = $this->get('surfnet_saml.http.post_binding');

        try {
            $assertion = $postBinding->processResponse(
                $httpRequest,
                $this->get('self_service.second_factor_test_idp'),
                $this->get('surfnet_saml.hosted.service_provider')
            );

            if (!InResponseTo::assertEquals($assertion, $initiatedRequestId)) {
                $samlLogger->error(
                    sprintf(
                        'Expected a response to the request with ID "%s", but the SAMLResponse was a response to a different request',

                        $initiatedRequestId
                    )
                );

                throw new AuthenticationException('Unexpected InResponseTo in SAMLResponse');
            }

            $session->getFlashBag()->add('success', 'ss.test_second_factor.verification_successful');
        } catch (Exception $exception) {
            $session->getFlashBag()->add('error', 'ss.test_second_factor.verification_failed');
        }

        return $this->redirectToRoute('ss_second_factor_list');
    }

    public function metadataAction()
    {
        /** @var \Surfnet\SamlBundle\Metadata\MetadataFactory $metadataFactory */
        $metadataFactory = $this->get('surfnet_saml.metadata_factory');

        return new XMLResponse($metadataFactory->generate());
    }
}


1			<?php
2
3			/**
4			* Copyright 2014 SURFnet bv
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*/
18
19			namespace Surfnet\StepupSelfService\SelfServiceBundle\Controller;
20
21			use Exception;
22			use Surfnet\SamlBundle\Http\XMLResponse;
23			use Surfnet\SamlBundle\SAML2\Response\Assertion\InResponseTo;
24			use Surfnet\StepupBundle\Value\SecondFactorType;
25			use Symfony\Component\HttpFoundation\Request;
26			use Symfony\Component\Security\Core\Exception\AuthenticationException;
27
28			class SamlController extends Controller
29			{
30			/**
31			* @param string $secondFactorId
32			*
33			* @return \Symfony\Component\HttpFoundation\RedirectResponse
34			* @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException
35			* @throws \Symfony\Component\Security\Core\Exception\AccessDeniedException
36			*/
37			public function testSecondFactorAction($secondFactorId)
38			{
39			$logger = $this->get('logger');
40			$logger->notice('Starting second factor test');
41
42			$secondFactorService = $this->get('surfnet_stepup_self_service_self_service.service.second_factor');
43			$identity = $this->getIdentity();
44
45			if (!$secondFactorService->identityHasSecondFactorOfStateWithId($identity->id, 'vetted', $secondFactorId)) {
46			$logger->error(
47			sprintf(
48			'Identity "%s" tried to test second factor "%s", but does not own that second factor or it is not vetted',
			0 ignored issues – show Coding Style introduced 2017-02-27 13:43 UTC by Report Bug Copy Issue Report This line exceeds maximum limit of 120 characters; contains 126 characters Overly long lines are hard to read on any screen. Most code styles therefor impose a maximum limit on the number of characters in a line. Loading history...
49			$identity->id,
50			$secondFactorId
51			)
52			);
53
54			throw $this->createNotFoundException();
55			}
56
57			$loaResolutionService = $this->get('surfnet_stepup.service.loa_resolution');
58			$authenticationRequestFactory = $this->get('self_service.test_second_factor_authentication_request_factory');
59
60			$secondFactor = $secondFactorService->findOneVetted($secondFactorId);
61			$secondFactorType = new SecondFactorType($secondFactor->type);
62
63			$authenticationRequest = $authenticationRequestFactory->createSecondFactorTestRequest(
64			$identity->nameId,
65			$loaResolutionService->getLoaByLevel($secondFactorType->getLevel())
66			);
67
68			$this->get('session')->set('second_factor_test_request_id', $authenticationRequest->getRequestId());
69
70			$samlLogger = $this->get('surfnet_saml.logger')->forAuthentication($authenticationRequest->getRequestId());
71			$samlLogger->notice('Sending authentication request to the second factor test IDP');
72
73			return $this->get('surfnet_saml.http.redirect_binding')->createRedirectResponseFor($authenticationRequest);
74			}
75
76			public function consumeAssertionAction(Request $httpRequest)
77			{
78			$logger = $this->get('logger');
79
80			$logger->notice('Received an authentication response for testing a second factor');
81
82			$session = $this->get('session');
83
84			if (!$session->has('second_factor_test_request_id')) {
85			$logger->error(
86			'Received an authentication response for testing a second factor, but no second factor test response was expected'
			0 ignored issues – show Coding Style introduced 2017-02-27 17:11 UTC by Report Bug Copy Issue Report This line exceeds maximum limit of 120 characters; contains 130 characters Overly long lines are hard to read on any screen. Most code styles therefor impose a maximum limit on the number of characters in a line. Loading history...
87			);
88
89			throw $this->createAccessDeniedException('Did not expect an authentication response');
90			}
91
92			$initiatedRequestId = $session->get('second_factor_test_request_id');
93
94			$samlLogger = $this->get('surfnet_saml.logger')->forAuthentication($initiatedRequestId);
95
96			$session->remove('second_factor_test_request_id');
97
98			$postBinding = $this->get('surfnet_saml.http.post_binding');
99
100			try {
101			$assertion = $postBinding->processResponse(
102			$httpRequest,
103			$this->get('self_service.second_factor_test_idp'),
104			$this->get('surfnet_saml.hosted.service_provider')
105			);
106
107			if (!InResponseTo::assertEquals($assertion, $initiatedRequestId)) {
108			$samlLogger->error(
109			sprintf(
110			'Expected a response to the request with ID "%s", but the SAMLResponse was a response to a different request',
			0 ignored issues – show Coding Style introduced 2017-03-06 15:14 UTC by Report Bug Copy Issue Report This line exceeds maximum limit of 120 characters; contains 134 characters Overly long lines are hard to read on any screen. Most code styles therefor impose a maximum limit on the number of characters in a line. Loading history...
111			$initiatedRequestId
112			)
113			);
114
115			throw new AuthenticationException('Unexpected InResponseTo in SAMLResponse');
116			}
117
118			$session->getFlashBag()->add('success', 'ss.test_second_factor.verification_successful');
119			} catch (Exception $exception) {
120			$session->getFlashBag()->add('error', 'ss.test_second_factor.verification_failed');
121			}
122
123			return $this->redirectToRoute('ss_second_factor_list');
124			}
125
126			public function metadataAction()
127			{
128			/** @var \Surfnet\SamlBundle\Metadata\MetadataFactory $metadataFactory */
129			$metadataFactory = $this->get('surfnet_saml.metadata_factory');
130
131			return new XMLResponse($metadataFactory->generate());
132			}
133			}
134

OpenConext / Stepup-SelfService

Pull Request — develop (#120)

SamlController A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

3 Methods

Duplication Side-by-Side

Filter issues like