Surfnet\StepupSelfService\SelfServiceBundle\Controller\Registration\GssfController

Complexity

Total Complexity

14

Size/Duplication

Total Lines	254
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

8 Methods

Rating	Name	Duplication	Size	Complexity
A	status()	0	16	1
A	metadata()	0	15	1
A	redirectToStatusReportForm()	0	6	1
A	authenticate()	0	36	1
A	renderStatusForm()	0	27	1
B	consumeAssertion()	0	84	6
A	getLogger()	0	3	1
A	getProvider()	0	12	2

<?php

/**
 * Copyright 2014 SURFnet bv
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

PHP version not specified

Missing @category tag in file comment

Missing @package tag in file comment

Missing @author tag in file comment

Missing @license tag in file comment

Missing @link tag in file comment

namespace Surfnet\StepupSelfService\SelfServiceBundle\Controller\Registration;

use Exception;
use Surfnet\SamlBundle\Http\XMLResponse;
use Surfnet\SamlBundle\SAML2\AuthnRequestFactory;
use Surfnet\SamlBundle\SAML2\Response\Assertion\InResponseTo;
use Surfnet\StepupSelfService\SamlStepupProviderBundle\Provider\Provider;
use Surfnet\StepupSelfService\SamlStepupProviderBundle\Provider\ViewConfig;
use Surfnet\StepupSelfService\SelfServiceBundle\Controller\Controller;
use Surfnet\StepupSelfService\SelfServiceBundle\Form\Type\StatusGssfType;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\Routing\Annotation\Route;

/**
 * Controls registration with Generic SAML Stepup Providers (GSSPs), yielding Generic SAML Second Factors (GSSFs).
 */

Missing @category tag in class comment

Missing @package tag in class comment

Missing @author tag in class comment

Missing @license tag in class comment

Missing @link tag in class comment

final class GssfController extends Controller
{
    /**

Parameter $request should have a doc-comment as per coding-style.

Parameter $provider should have a doc-comment as per coding-style.

     * Render the status form.
     *
     * This action has two parameters:
     *
     * - authenticationFailed (default false), will trigger an error message
     *   and is used when a SAML failure response was received, for example
     *   when the users cancelled the registration
     *
     * - proofOfPossessionFailed (default false), will trigger an error message
     *   when possession was not proven, but the SAML response was successful
     *
     * @return array|Response
     */

There must be no blank lines after the function comment

    #[Route(
        path: '/registration/gssf/{provider}/status',
        name: 'ss_registration_gssf_status_report',
        defaults: ['authenticationFailed' => false, 'proofOfPossessionFailed'=> false ],
        methods: ['GET'],
    )]

    public function status(Request $request, string $provider): \Symfony\Component\HttpFoundation\Response
    {
        $this->assertSecondFactorEnabled($provider);

        return $this->renderStatusForm(
            $provider,
            [
                'authenticationFailed' => (bool) $request->query->get('authenticationFailed'),
                'proofOfPossessionFailed' => (bool) $request->query->get('proofOfPossessionFailed'),
            ]
        );
    }

    /**

Missing short description in doc comment

     * @param string $provider

Missing parameter comment

Tag value for @param tag indented incorrectly; expected 2 spaces but found 1

     * @return array|Response

Tag @return cannot be grouped with parameter tags in a doc comment

     */
    #[Route(
        path: '/registration/gssf/{provider}/authenticate',
        name: 'ss_registration_gssf_authenticate',
        methods: ['POST'],
    )]
    public function authenticate($provider)
    {
        $this->assertSecondFactorEnabled($provider);

        $provider = $this->getProvider($provider);

        $authnRequest = AuthnRequestFactory::createNewRequest(
            $provider->getServiceProvider(),
            $provider->getRemoteIdentityProvider()
        );

        $attributeService = $this->get('surfnet_stepup_self_service_self_service.service.gsspuserattributes');

The method get() does not exist on Surfnet\StepupSelfService\SelfServiceBundle\Controller\Registration\GssfController.

        $attributeService->addGsspUserAttributes(
            $authnRequest,
            $provider,
            $this->get('security.token_storage')->getToken()->getUser()
        );
        $stateHandler = $provider->getStateHandler();
        $stateHandler->setRequestId($authnRequest->getRequestId());

        /** @var \Surfnet\SamlBundle\Http\RedirectBinding $redirectBinding */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $redirectBinding = $this->get('surfnet_saml.http.redirect_binding');

        $this->getLogger()->notice(sprintf(

The opening parenthesis of a multi-line function call should be the last content on the line.

            'Sending AuthnRequest with request ID: "%s" to GSSP "%s" at "%s"',
            $authnRequest->getRequestId(),
            $provider->getName(),
            $provider->getRemoteIdentityProvider()->getSsoUrl()
        ));

For multi-line function calls, the closing parenthesis should be on a new line.

        return $redirectBinding->createRedirectResponseFor($authnRequest);

The method createRedirectResponseFor() does not exist on Surfnet\SamlBundle\Http\RedirectBinding.

    }

    /**

Missing short description in doc comment

Parameter $httpRequest should have a doc-comment as per coding-style.

     * @param string  $provider

Missing parameter comment

Expected 1 spaces after parameter type; 2 found

Doc comment for parameter $provider does not match actual variable name $httpRequest

Tag value for @param tag indented incorrectly; expected 2 spaces but found 1

     * @return array|Response

Tag @return cannot be grouped with parameter tags in a doc comment

     */
    #[Route(
        path: '/registration/gssf/{provider}/consume-assertion',
        name: 'ss_registration_gssf_consume_assertion',
        methods: ['POST'],
    )]
    public function consumeAssertion(Request $httpRequest, $provider)
    {
        $this->assertSecondFactorEnabled($provider);

        $provider = $this->getProvider($provider);

        $this->get('logger')->notice(
            sprintf('Received GSSP "%s" SAMLResponse through Gateway, attempting to process', $provider->getName())
        );

        try {
            /** @var \Surfnet\SamlBundle\Http\PostBinding $postBinding */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

            $postBinding = $this->get('surfnet_saml.http.post_binding');
            $assertion = $postBinding->processResponse(
                $httpRequest,
                $provider->getRemoteIdentityProvider(),
                $provider->getServiceProvider()
            );
        } catch (Exception $exception) {
            $provider->getStateHandler()->clear();

            $this->getLogger()->error(
                sprintf('Could not process received Response, error: "%s"', $exception->getMessage())
            );

            return $this->redirectToStatusReportForm(
                $provider,
                ['authenticationFailed' => true]
            );
        }

        $expectedResponseTo = $provider->getStateHandler()->getRequestId();
        $provider->getStateHandler()->clear();

        if (!InResponseTo::assertEquals($assertion, $expectedResponseTo)) {
            $this->getLogger()->critical(sprintf(

The opening parenthesis of a multi-line function call should be the last content on the line.

                'Received Response with unexpected InResponseTo, %s',
                ($expectedResponseTo ? 'expected "' . $expectedResponseTo . '"' : ' no response expected')
            ));

For multi-line function calls, the closing parenthesis should be on a new line.

            return $this->redirectToStatusReportForm(
                $provider,
                ['authenticationFailed' => true]
            );
        }

        $this->get('logger')->notice(
            sprintf('Processed GSSP "%s" SAMLResponse received through Gateway successfully', $provider->getName())
        );

        /** @var \Surfnet\StepupSelfService\SelfServiceBundle\Service\GssfService $service */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $service = $this->get('surfnet_stepup_self_service_self_service.service.gssf');
        /** @var \Surfnet\SamlBundle\SAML2\Attribute\AttributeDictionary $attributeDictionary */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $attributeDictionary = $this->get('surfnet_saml.saml.attribute_dictionary');
        $gssfId = $attributeDictionary->translate($assertion)->getNameID();

        $secondFactorId = $service->provePossession($this->getIdentity()->id, $provider->getName(), $gssfId);

        if ($secondFactorId) {
            $this->getLogger()->notice('GSSF possession has been proven successfully');

            if ($this->emailVerificationIsRequired()) {
                return $this->redirectToRoute(
                    'ss_registration_email_verification_email_sent',
                    ['secondFactorId' => $secondFactorId]
                );
            } else {
                return $this->redirectToRoute(
                    'ss_second_factor_vetting_types',
                    ['secondFactorId' => $secondFactorId]
                );
            }
        }

        $this->getLogger()->error('Unable to prove GSSF possession');

        return $this->redirectToStatusReportForm(
            $provider,
            ['proofOfPossessionFailed' => true]
        );
    }

    private function redirectToStatusReportForm(Provider $provider, array $options): \Symfony\Component\HttpFoundation\RedirectResponse

Missing doc comment for function redirectToStatusReportForm()

Private method name "GssfController::redirectToStatusReportForm" must be prefixed with an underscore

    {
        return $this->redirectToRoute(
            'ss_registration_gssf_status_report',
            $options + [
                'provider' => $provider->getName(),
            ]
        );
    }

    /**

Missing short description in doc comment

     * @param string $provider

Missing parameter comment

Tag value for @param tag indented incorrectly; expected 2 spaces but found 1

     * @return \Symfony\Component\HttpFoundation\Response

Tag @return cannot be grouped with parameter tags in a doc comment

     */
    #[Route(
        path: '/registration/gssf/{provider}/metadata',
        name: 'ss_registration_gssf_saml_metadata',
        methods: ['GET'],
    )]
    public function metadata($provider): \Surfnet\SamlBundle\Http\XMLResponse
    {
        $this->assertSecondFactorEnabled($provider);

        $provider = $this->getProvider($provider);

        /** @var \Surfnet\SamlBundle\Metadata\MetadataFactory $factory */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $factory = $this->get('gssp.provider.' . $provider->getName() . '.metadata.factory');

        return new XMLResponse($factory->generate());
    }

    /**

Missing short description in doc comment

     * @param string $provider

Missing parameter comment

Tag value for @param tag indented incorrectly; expected 2 spaces but found 1

     * @return \Surfnet\StepupSelfService\SamlStepupProviderBundle\Provider\Provider

Tag @return cannot be grouped with parameter tags in a doc comment

     * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException

Tag @throws cannot be grouped with parameter tags in a doc comment

     */
    private function getProvider($provider)

Private method name "GssfController::getProvider" must be prefixed with an underscore

    {
        /** @var \Surfnet\StepupSelfService\SamlStepupProviderBundle\Provider\ProviderRepository $providerRepository */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $providerRepository = $this->get('gssp.provider_repository');

        if (!$providerRepository->has($provider)) {
            $this->get('logger')->info(sprintf('Requested GSSP "%s" does not exist or is not registered', $provider));

            throw new NotFoundHttpException('Requested provider does not exist');
        }

        return $providerRepository->get($provider);
    }

    /**

Missing short description in doc comment

     * @return \Psr\Log\LoggerInterface
     */
    private function getLogger()

Private method name "GssfController::getLogger" must be prefixed with an underscore

    {
        return $this->get('logger');
    }

    private function renderStatusForm(string $provider, array $parameters = []): Response

Missing doc comment for function renderStatusForm()

Private method name "GssfController::renderStatusForm" must be prefixed with an underscore

    {
        /** @var ViewConfig $secondFactorConfig */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $secondFactorConfig = $this->get("gssp.view_config.{$provider}");

        $form = $this->createForm(
            StatusGssfType::class,
            null,
            [
                'provider' => $provider,
                /** @Ignore from translation message extraction */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

                'label' => $secondFactorConfig->getInitiateButton()
            ]
        );
        /** @var ViewConfig $secondFactorConfig */

The open comment tag must be the only content on the line

Missing short description in doc comment

The close comment tag must be the only content on the line

        $templateParameters = array_merge(
            $parameters,
            [
                'form' => $form->createView(),
                'provider' => $provider,
                'secondFactorConfig' => $secondFactorConfig,
                'verifyEmail' => $this->emailVerificationIsRequired(),
            ]
        );
        return $this->render(
            'SurfnetStepupSelfServiceSelfServiceBundle:registration/gssf:status.html.twig',
            $templateParameters
        );
    }
}