Issues in LogoutSendRequest.php - All Issues - Inspection of "Merge pull request #110 from tmilos/limit_symfony_..." - aerialship/SamlSPBundle - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( d5bbb9...ab4758 )

by Milos

created 2016-01-03 08:15 UTC

SamlSPBundle/Bridge/LogoutSendRequest.php (2 issues)

Labels

Best Practice 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace AerialShip\SamlSPBundle\Bridge;

use AerialShip\LightSaml\Meta\LogoutRequestBuilder;
use AerialShip\LightSaml\Model\Protocol\LogoutRequest;
use AerialShip\SamlSPBundle\Config\ServiceInfo;
use AerialShip\SamlSPBundle\Config\ServiceInfoCollection;
use AerialShip\SamlSPBundle\RelyingParty\RelyingPartyInterface;
use AerialShip\SamlSPBundle\Security\Core\Authentication\Token\SamlSpToken;
use AerialShip\SamlSPBundle\State\Request\RequestState;
use AerialShip\SamlSPBundle\State\Request\RequestStateStoreInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Core\SecurityContextInterface;

class LogoutSendRequest implements RelyingPartyInterface
{
    /** @var \Symfony\Component\Security\Core\SecurityContextInterface  */
    protected $securityContext;

    /** @var  ServiceInfoCollection */
    protected $serviceInfoCollection;

    /** @var RequestStateStoreInterface */
    protected $requestStateStore;



    /**
     * @param SecurityContextInterface $securityContext
     * @param ServiceInfoCollection $serviceInfoCollection
     * @param \AerialShip\SamlSPBundle\State\Request\RequestStateStoreInterface $requestStateStore
     */
    public function __construct(
        SecurityContextInterface $securityContext,
        ServiceInfoCollection $serviceInfoCollection,
        RequestStateStoreInterface $requestStateStore
    ) {
        $this->securityContext = $securityContext;
        $this->serviceInfoCollection = $serviceInfoCollection;
        $this->requestStateStore = $requestStateStore;
    }



    /**
     * @param \Symfony\Component\HttpFoundation\Request $request
     * @return bool
     */
    function supports(Request $request)

    {
        if ($request->attributes->get('logout_path') != $request->getPathInfo()) {
            return false;
        }
        /** @var $token SamlSpToken */
        $token = $this->securityContext->getToken();
        if (!$token || !$token instanceof SamlSpToken) {
            return false;
        }
        if (!$token->getSamlSpInfo()) {
            return false;
        }
        return true;
    }

    /**
     * @param \Symfony\Component\HttpFoundation\Request $request
     * @throws \RuntimeException  if no signing provider set
     * @throws \InvalidArgumentException if cannot manage the Request
     * @return \Symfony\Component\HttpFoundation\Response|SamlSpInfo
     */
    function manage(Request $request)

    {
        if (!$this->supports($request)) {
            throw new \InvalidArgumentException('Unsupported request');
        }

        $samlInfo = $this->getSamlInfo();
        $serviceInfo = $this->getServiceInfo($samlInfo, $request);

        $builder = $this->createLogoutRequestBuilder($serviceInfo);
        $logoutRequest = $this->createLogoutRequest($builder, $serviceInfo, $samlInfo);
        $bindingResponse = $builder->send($logoutRequest);

        $this->createRequestState($logoutRequest, $serviceInfo);

        if ($bindingResponse instanceof \AerialShip\LightSaml\Binding\PostResponse) {
            return new Response($bindingResponse->render());
        } else if ($bindingResponse instanceof \AerialShip\LightSaml\Binding\RedirectResponse) {
            return new RedirectResponse($bindingResponse->getDestination());
        }

        throw new \RuntimeException('Unknown binding response '.get_class($bindingResponse));
    }


    /**
     * @return SamlSpInfo
     */
    protected function getSamlInfo()
    {
        /** @var $token SamlSpToken */
        $token = $this->securityContext->getToken();
        $samlInfo = $token->getSamlSpInfo();
        return $samlInfo;
    }


    /**
     * @param SamlSpInfo $samlInfo
     * @param Request $request
     * @return ServiceInfo
     * @throws \RuntimeException
     */
    protected function getServiceInfo(SamlSpInfo $samlInfo, Request $request)
    {
        $serviceInfo = $this->serviceInfoCollection->get($samlInfo->getAuthenticationServiceID());
        if (!$serviceInfo) {
            throw new \RuntimeException("redirect to discovery");
        }
        if (!$serviceInfo->getSpSigningProvider()->isEnabled()) {
            throw new \RuntimeException('Signing is required for Logout');
        }
        $serviceInfo->getSpProvider()->setRequest($request);

        return $serviceInfo;
    }

    /**
     * @param ServiceInfo $serviceInfo
     * @return LogoutRequestBuilder
     */
    protected function createLogoutRequestBuilder(ServiceInfo $serviceInfo)
    {
        $builder = new LogoutRequestBuilder(
            $serviceInfo->getSpProvider()->getEntityDescriptor(),
            $serviceInfo->getIdpProvider()->getEntityDescriptor(),
            $serviceInfo->getSpMetaProvider()->getSpMeta()
        );

        return $builder;
    }

    /**
     * @param LogoutRequestBuilder $builder
     * @param ServiceInfo $serviceInfo
     * @param SamlSpInfo $samlInfo
     * @return LogoutRequest
     */
    protected function createLogoutRequest(LogoutRequestBuilder $builder, ServiceInfo $serviceInfo, SamlSpInfo $samlInfo)
    {
        $logoutRequest = $builder->build(
            $samlInfo->getNameID()->getValue(),
            $samlInfo->getNameID()->getFormat(),
            $samlInfo->getAuthnStatement()->getSessionIndex()
        );
        $logoutRequest->sign($serviceInfo->getSpSigningProvider()->getCertificate(), $serviceInfo->getSpSigningProvider()->getPrivateKey());

        return $logoutRequest;
    }

    /**
     * @param LogoutRequest $request
     * @param ServiceInfo $serviceInfo
     * @return RequestState
     */
    protected function createRequestState(LogoutRequest $request, ServiceInfo $serviceInfo)
    {
        $state = new RequestState();
        $state->setId($request->getID());
        $state->setDestination($serviceInfo->getIdpProvider()->getEntityDescriptor()->getEntityID());
        $this->requestStateStore->set($state);

        return $state;
    }
}


1			<?php
2
3			namespace AerialShip\SamlSPBundle\Bridge;
4
5			use AerialShip\LightSaml\Meta\LogoutRequestBuilder;
6			use AerialShip\LightSaml\Model\Protocol\LogoutRequest;
7			use AerialShip\SamlSPBundle\Config\ServiceInfo;
8			use AerialShip\SamlSPBundle\Config\ServiceInfoCollection;
9			use AerialShip\SamlSPBundle\RelyingParty\RelyingPartyInterface;
10			use AerialShip\SamlSPBundle\Security\Core\Authentication\Token\SamlSpToken;
11			use AerialShip\SamlSPBundle\State\Request\RequestState;
12			use AerialShip\SamlSPBundle\State\Request\RequestStateStoreInterface;
13			use Symfony\Component\HttpFoundation\RedirectResponse;
14			use Symfony\Component\HttpFoundation\Request;
15			use Symfony\Component\HttpFoundation\Response;
16			use Symfony\Component\Security\Core\SecurityContextInterface;
17
18			class LogoutSendRequest implements RelyingPartyInterface
19			{
20			/** @var \Symfony\Component\Security\Core\SecurityContextInterface */
21			protected $securityContext;
22
23			/** @var ServiceInfoCollection */
24			protected $serviceInfoCollection;
25
26			/** @var RequestStateStoreInterface */
27			protected $requestStateStore;
28
29
30
31			/**
32			* @param SecurityContextInterface $securityContext
33			* @param ServiceInfoCollection $serviceInfoCollection
34			* @param \AerialShip\SamlSPBundle\State\Request\RequestStateStoreInterface $requestStateStore
35			*/
36			public function __construct(
37			SecurityContextInterface $securityContext,
38			ServiceInfoCollection $serviceInfoCollection,
39			RequestStateStoreInterface $requestStateStore
40			) {
41			$this->securityContext = $securityContext;
42			$this->serviceInfoCollection = $serviceInfoCollection;
43			$this->requestStateStore = $requestStateStore;
44			}
45
46
47
48			/**
49			* @param \Symfony\Component\HttpFoundation\Request $request
50			* @return bool
51			*/
52			function supports(Request $request)
			0 ignored issues – show Best Practice introduced 2016-01-03 07:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
53			{
54			if ($request->attributes->get('logout_path') != $request->getPathInfo()) {
55			return false;
56			}
57			/** @var $token SamlSpToken */
58			$token = $this->securityContext->getToken();
59			if (!$token \|\| !$token instanceof SamlSpToken) {
60			return false;
61			}
62			if (!$token->getSamlSpInfo()) {
63			return false;
64			}
65			return true;
66			}
67
68			/**
69			* @param \Symfony\Component\HttpFoundation\Request $request
70			* @throws \RuntimeException if no signing provider set
71			* @throws \InvalidArgumentException if cannot manage the Request
72			* @return \Symfony\Component\HttpFoundation\Response\|SamlSpInfo
73			*/
74			function manage(Request $request)
			0 ignored issues – show Best Practice introduced 2016-01-03 07:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
75			{
76			if (!$this->supports($request)) {
77			throw new \InvalidArgumentException('Unsupported request');
78			}
79
80			$samlInfo = $this->getSamlInfo();
81			$serviceInfo = $this->getServiceInfo($samlInfo, $request);
82
83			$builder = $this->createLogoutRequestBuilder($serviceInfo);
84			$logoutRequest = $this->createLogoutRequest($builder, $serviceInfo, $samlInfo);
85			$bindingResponse = $builder->send($logoutRequest);
86
87			$this->createRequestState($logoutRequest, $serviceInfo);
88
89			if ($bindingResponse instanceof \AerialShip\LightSaml\Binding\PostResponse) {
90			return new Response($bindingResponse->render());
91			} else if ($bindingResponse instanceof \AerialShip\LightSaml\Binding\RedirectResponse) {
92			return new RedirectResponse($bindingResponse->getDestination());
93			}
94
95			throw new \RuntimeException('Unknown binding response '.get_class($bindingResponse));
96			}
97
98
99			/**
100			* @return SamlSpInfo
101			*/
102			protected function getSamlInfo()
103			{
104			/** @var $token SamlSpToken */
105			$token = $this->securityContext->getToken();
106			$samlInfo = $token->getSamlSpInfo();
107			return $samlInfo;
108			}
109
110
111			/**
112			* @param SamlSpInfo $samlInfo
113			* @param Request $request
114			* @return ServiceInfo
115			* @throws \RuntimeException
116			*/
117			protected function getServiceInfo(SamlSpInfo $samlInfo, Request $request)
118			{
119			$serviceInfo = $this->serviceInfoCollection->get($samlInfo->getAuthenticationServiceID());
120			if (!$serviceInfo) {
121			throw new \RuntimeException("redirect to discovery");
122			}
123			if (!$serviceInfo->getSpSigningProvider()->isEnabled()) {
124			throw new \RuntimeException('Signing is required for Logout');
125			}
126			$serviceInfo->getSpProvider()->setRequest($request);
127
128			return $serviceInfo;
129			}
130
131			/**
132			* @param ServiceInfo $serviceInfo
133			* @return LogoutRequestBuilder
134			*/
135			protected function createLogoutRequestBuilder(ServiceInfo $serviceInfo)
136			{
137			$builder = new LogoutRequestBuilder(
138			$serviceInfo->getSpProvider()->getEntityDescriptor(),
139			$serviceInfo->getIdpProvider()->getEntityDescriptor(),
140			$serviceInfo->getSpMetaProvider()->getSpMeta()
141			);
142
143			return $builder;
144			}
145
146			/**
147			* @param LogoutRequestBuilder $builder
148			* @param ServiceInfo $serviceInfo
149			* @param SamlSpInfo $samlInfo
150			* @return LogoutRequest
151			*/
152			protected function createLogoutRequest(LogoutRequestBuilder $builder, ServiceInfo $serviceInfo, SamlSpInfo $samlInfo)
153			{
154			$logoutRequest = $builder->build(
155			$samlInfo->getNameID()->getValue(),
156			$samlInfo->getNameID()->getFormat(),
157			$samlInfo->getAuthnStatement()->getSessionIndex()
158			);
159			$logoutRequest->sign($serviceInfo->getSpSigningProvider()->getCertificate(), $serviceInfo->getSpSigningProvider()->getPrivateKey());
160
161			return $logoutRequest;
162			}
163
164			/**
165			* @param LogoutRequest $request
166			* @param ServiceInfo $serviceInfo
167			* @return RequestState
168			*/
169			protected function createRequestState(LogoutRequest $request, ServiceInfo $serviceInfo)
170			{
171			$state = new RequestState();
172			$state->setId($request->getID());
173			$state->setDestination($serviceInfo->getIdpProvider()->getEntityDescriptor()->getEntityID());
174			$this->requestStateStore->set($state);
175
176			return $state;
177			}
178			}
179

aerialship / SamlSPBundle

Push — master ( d5bbb9...ab4758 )

SamlSPBundle/Bridge/LogoutSendRequest.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like