SamlController::consumeAssertion() - Code Metrics - Inspection of "Flex recipe ran" - OpenConext/Stepup-SelfService - Measure and Improve Code Quality continuously with Scrutinizer

Passed
Push — feature/symfony6-upgrade ( 166417...86e2b9 )

by Paul
created 2023-11-28 13:23 UTC
SamlController::consumeAssertion() B

↳ Parent: SamlController
Complexity

Conditions	6
Paths	9
Size

Total Lines	61
Code Lines	38
Duplication

Lines	0
Ratio	0 %
Importance

Changes
Metric	Value
cc	6
eloc	38
nc	9
nop	1
dl	0
loc	61
rs	8.6897
c	0
b	0
f	0
How to fix Long Method

<?php

/**
 * Copyright 2014 SURFnet bv
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */


namespace Surfnet\StepupSelfService\SelfServiceBundle\Controller;

use Exception;
use Surfnet\SamlBundle\Http\XMLResponse;
use Surfnet\SamlBundle\SAML2\Response\Assertion\InResponseTo;
use Surfnet\StepupBundle\Value\Loa;
use Surfnet\StepupSelfService\SelfServiceBundle\Service\SelfAssertedTokens\RecoveryTokenState;
use Surfnet\StepupSelfService\SelfServiceBundle\Value\SelfVetRequestId;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Core\Exception\AuthenticationException;

/**

 * @SuppressWarnings(PHPMD.CouplingBetweenObjects) -- Hard to reduce due to different commands and queries used.
 */

class SamlController extends Controller
{
    /**
     * A SelfService user is able to test it's token in this endpoint
     *
     * @return RedirectResponse
     * @throws NotFoundHttpException
     * @throws AccessDeniedException
     */
#[Route(path:'/second-factor/test', name:'ss_second_factor_test', methods:  ['GET'])]

public function testSecondFactor(): RedirectResponse

    {

        $logger = $this->get('logger');
        $logger = $this->get('logger');
        $logger->notice('Starting second factor test');

        $secondFactorService = $this->get('surfnet_stepup_self_service_self_service.service.second_factor');
        $loaResolutionService = $this->get('surfnet_stepup.service.loa_resolution');
        $identity = $this->getIdentity();

        $vettedSecondFactors = $secondFactorService->findVettedByIdentity($identity->id);
        if (!$vettedSecondFactors || $vettedSecondFactors->getTotalItems() === 0) {
            $logger->error(
                sprintf(
                    'Identity "%s" tried to test a second factor, but does not own a suitable vetted token.',
                    $identity->id
                )
            );

            throw new NotFoundHttpException();
        }

        $authenticationRequestFactory = $this->get('self_service.test_second_factor_authentication_request_factory');

        // By requesting LoA 1.5 any relevant token can be tested (LoA 2 and 3)
        $authenticationRequest = $authenticationRequestFactory->createSecondFactorTestRequest(
            $identity->nameId,
            $loaResolutionService->getLoaByLevel(Loa::LOA_SELF_VETTED)
        );

        $this->get('session')->set('second_factor_test_request_id', $authenticationRequest->getRequestId());

        $samlLogger = $this->get('surfnet_saml.logger')->forAuthentication($authenticationRequest->getRequestId());
        $samlLogger->notice('Sending authentication request to the second factor test IDP');

        return $this->get('surfnet_saml.http.redirect_binding')->createRedirectResponseFor($authenticationRequest);
    }


    #[Route(
        path: '/authentication/consume-assertion',
        name: 'selfservice_serviceprovider_consume_assertion',
        methods: ['POST'],
    )]
    public function consumeAssertion(Request $httpRequest): Response

    {
        $logger = $this->get('logger');

        $session = $this->get('session');
        if ($session->has(SelfVetController::SELF_VET_SESSION_ID)) {
            // The test authentication IdP is also used for self vetting, a different session id is
            // used to mark a self vet command
            /** @var SelfVetRequestId $selfVetRequestId */

            $selfVetRequestId = $session->get(SelfVetController::SELF_VET_SESSION_ID);
            $secondFactorId = $selfVetRequestId->vettingSecondFactorId();
            return $this->forward(
                'SurfnetStepupSelfServiceSelfServiceBundle:SelfVet:consumeSelfVetAssertion',
                ['secondFactorId' => $secondFactorId]
            );
        }
        if ($session->has(RecoveryTokenState::RECOVERY_TOKEN_STEP_UP_REQUEST_ID_IDENTIFIER)) {
            // The test authentication IdP is also used for self-asserted recovery token
            // verification a different session id is used to mark the authentication.
            return $this->forward('SurfnetStepupSelfServiceSelfServiceBundle:RecoveryToken:stepUpConsumeAssertion');
        }
        if (!$session->has('second_factor_test_request_id')) {
            $logger->error(
                'Received an authentication response for testing a second factor, but no second factor test response was expected'
            );

            throw new AccessDeniedHttpException('Did not expect an authentication response');
        }
        $logger->notice('Received an authentication response for testing a second factor');
        $initiatedRequestId = $session->get('second_factor_test_request_id');
        $samlLogger = $this->get('surfnet_saml.logger')->forAuthentication($initiatedRequestId);
        $session->remove('second_factor_test_request_id');
        $postBinding = $this->get('surfnet_saml.http.post_binding');
        try {
            $assertion = $postBinding->processResponse(
                $httpRequest,
                $this->get('self_service.second_factor_test_idp'),
                $this->get('surfnet_saml.hosted.service_provider')
            );

            if (!InResponseTo::assertEquals($assertion, $initiatedRequestId)) {
                $samlLogger->error(
                    sprintf(
                        'Expected a response to the request with ID "%s", but the SAMLResponse was a response to a different request',
                        $initiatedRequestId
                    )
                );

                throw new AuthenticationException('Unexpected InResponseTo in SAMLResponse');
            }

            $session->getFlashBag()->add('success', 'ss.test_second_factor.verification_successful');
        } catch (Exception) {
            $session->getFlashBag()->add('error', 'ss.test_second_factor.verification_failed');
        }
        return $this->redirectToRoute('ss_second_factor_list');
    }

    #[Route(
        path: '/authentication/metadata',
        name: 'selfservice_saml_metadata',
        methods: ['GET'],
    )]
    public function metadata(): XMLResponse

    {
        /** @var \Surfnet\SamlBundle\Metadata\MetadataFactory $metadataFactory */

        $metadataFactory = $this->get('surfnet_saml.metadata_factory');

        return new XMLResponse($metadataFactory->generate());
    }
}

OpenConext / Stepup-SelfService

Push — feature/symfony6-upgrade ( 166417...86e2b9 )

SamlController::consumeAssertion() B

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like
