App\Security\UserCreator

Complexity

Total Complexity

17

Size/Duplication

Total Lines	142
Duplicated Lines	0 %

Test Coverage

Coverage

12.07%

Importance

Changes	2
Bugs	0	Features	0

6 Methods

Rating	Name	Duplication	Size	Complexity
B	createUser()	0	50	7
A	getTargetUserType()	0	10	2
A	__construct()	0	8	1
A	getGrade()	0	10	2
A	canCreateUser()	0	3	1
A	initialize()	0	14	4

<?php

namespace App\Security;

use App\ActiveDirectory\OptionResolver;
use App\Entity\ActiveDirectoryGradeSyncOption;
use App\Entity\ActiveDirectoryRoleSyncOption;
use App\Entity\ActiveDirectorySyncOption;
use App\Entity\ActiveDirectoryUser;
use App\Entity\UserType;
use App\Repository\ActiveDirectoryGradeSyncOptionRepositoryInterface;
use App\Repository\ActiveDirectoryRoleSyncOptionRepositoryInterface;
use App\Repository\ActiveDirectorySyncOptionRepositoryInterface;
use App\Repository\UserRepositoryInterface;
use Ramsey\Uuid\Uuid;

/**
 * Helper which creates users after successful Active Directory authentication.
 */
class UserCreator {
    /** @var ActiveDirectorySyncOption[] */
    private ?array $syncOptions = null;

    /** @var ActiveDirectoryGradeSyncOption[] */
    private ?array $gradeSyncOptions = null;

    /** @var ActiveDirectoryRoleSyncOption[] */
    private ?array $roleSyncOptions = null;

    private OptionResolver $optionsResolver;

    private ActiveDirectorySyncOptionRepositoryInterface $syncOptionRepository;
    private ActiveDirectoryGradeSyncOptionRepositoryInterface $gradeSyncOptionRepository;
    private ActiveDirectoryRoleSyncOptionRepositoryInterface $roleSyncOptionRepository;
    private UserRepositoryInterface $userRepository;

    public function __construct(ActiveDirectorySyncOptionRepositoryInterface $syncOptionRepository,
                                ActiveDirectoryGradeSyncOptionRepositoryInterface $gradeSyncOptionRepository,
                                ActiveDirectoryRoleSyncOptionRepositoryInterface $roleSyncOptionRepository, OptionResolver $optionResolver, UserRepositoryInterface $userRepository) {
        $this->syncOptionRepository = $syncOptionRepository;
        $this->gradeSyncOptionRepository = $gradeSyncOptionRepository;
        $this->roleSyncOptionRepository = $roleSyncOptionRepository;
        $this->optionsResolver = $optionResolver;
        $this->userRepository = $userRepository;
    }

    private function initialize(): void {
        if ($this->syncOptions === null) {
            $this->syncOptions = $this->syncOptionRepository
                ->findAll();
        }

        if ($this->gradeSyncOptions === null) {
            $this->gradeSyncOptions = $this->gradeSyncOptionRepository
                ->findAll();
        }

        if($this->roleSyncOptions === null) {
            $this->roleSyncOptions = $this->roleSyncOptionRepository
                ->findAll();
        }
    }

    /**
     * Determines whether the user can be imported from Active Directory.
     *
     * @param ActiveDirectoryUserInformation $response
     * @return bool
     */
    public function canCreateUser(ActiveDirectoryUserInformation $response): bool {
        $this->initialize();
        return $this->getTargetUserType($response) !== null;
    }

    /**
     * @param ActiveDirectoryUserInformation $response
     * @return UserType|null
     */
    private function getTargetUserType(ActiveDirectoryUserInformation $response): ?UserType {
        /** @var ActiveDirectorySyncOption|null $option */
        $option = $this->optionsResolver
            ->getOption($this->syncOptions, $response->getOu(), $response->getGroups());

It seems like $this->syncOptions can also be of type null; however, parameter $options of App\ActiveDirectory\OptionResolver::getOption() does only seem to accept array, maybe add an additional type check?

        if ($option !== null) {
            return $option->getUserType();
        }

        return null;
    }

    /**
     * @param ActiveDirectoryUserInformation $response
     * @param ActiveDirectoryUser|null $user Already existing AD user
     * @return ActiveDirectoryUser
     */
    public function createUser(ActiveDirectoryUserInformation $response, ?ActiveDirectoryUser $user = null): ?ActiveDirectoryUser {
        $this->initialize();

        if ($user === null) {
            // Try to find already existing user by GUID (because username has changed)
            $user = $this->userRepository->findActiveDirectoryUserByObjectGuid($response->getGuid());

            if($user === null) {
                $user = new ActiveDirectoryUser();
                $user->setObjectGuid(Uuid::fromString($response->getGuid()));
            }
        }

        $user->setUsername(mb_strtolower($response->getUserPrincipalName()));
        $user->setFirstname($response->getFirstname());
        $user->setLastname($response->getLastname());
        $user->setGrade($this->getGrade($response));
        $user->setUserPrincipalName(mb_strtolower($response->getUserPrincipalName()));
        $user->setType($this->getTargetUserType($response));

It seems like $this->getTargetUserType($response) can also be of type null; however, parameter $userType of App\Entity\User::setType() does only seem to accept App\Entity\UserType, maybe add an additional type check?

        $user->setEmail($response->getEmail());
        $user->setExternalId($response->getUniqueId());

        $user->setOu($response->getOu());
        $user->setGroups($response->getGroups());

        // Set roles

        /** @var ActiveDirectoryRoleSyncOption[] $options */
        $options = $this->optionsResolver->getAllOptions(
            $this->roleSyncOptions,

It seems like $this->roleSyncOptions can also be of type null; however, parameter $options of App\ActiveDirectory\OptionResolver::getAllOptions() does only seem to accept array, maybe add an additional type check?

            $response->getOu(),
            $response->getGroups()
        );

        foreach($options as $option) {
            $role = $option->getUserRole();

            if($user->getUserRoles()->contains($role) !== true) {
                $user->addUserRole($role);
            }
        }

        $existingUser = $this->userRepository->findOneByUsername($user->getUserPrincipalName());

        // Convert user (if necessary)
        if($existingUser !== null && !$existingUser instanceof ActiveDirectoryUser) {
            $user = $this->userRepository->convertToActiveDirectory($existingUser, $user);
        }

        return $user;
    }

    /**
     * @param ActiveDirectoryUserInformation $response
     * @return string|null
     */
    private function getGrade(ActiveDirectoryUserInformation $response): ?string {
        /** @var ActiveDirectoryGradeSyncOption|null $option */
        $option = $this->optionsResolver
            ->getOption($this->gradeSyncOptions, $response->getOu(), $response->getGroups());

It seems like $this->gradeSyncOptions can also be of type null; however, parameter $options of App\ActiveDirectory\OptionResolver::getOption() does only seem to accept array, maybe add an additional type check?

        if($option !== null) {
            return $option->getGrade();
        }

        return null;
    }
}