These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace AerialShip\SamlSPBundle\Bridge; |
||
4 | |||
5 | use AerialShip\SamlSPBundle\Error\SSOSessionException; |
||
6 | use AerialShip\SamlSPBundle\RelyingParty\RelyingPartyInterface; |
||
7 | use AerialShip\SamlSPBundle\Security\Core\Authentication\Token\SamlSpToken; |
||
8 | use AerialShip\SamlSPBundle\State\SSO\SSOStateStoreInterface; |
||
9 | use Symfony\Component\HttpFoundation\Request; |
||
10 | use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; |
||
11 | use Symfony\Component\Security\Core\SecurityContextInterface; |
||
12 | use Symfony\Component\Security\Http\HttpUtils; |
||
13 | |||
14 | class SSOSessionCheck implements RelyingPartyInterface |
||
15 | { |
||
16 | /** @var string */ |
||
17 | protected $providerKey; |
||
18 | |||
19 | /** @var \Symfony\Component\Security\Core\SecurityContextInterface */ |
||
20 | protected $securityContext; |
||
21 | |||
22 | /** @var \AerialShip\SamlSPBundle\State\SSO\SSOStateStoreInterface */ |
||
23 | protected $ssoStore; |
||
24 | |||
25 | /** @var \Symfony\Component\Security\Http\HttpUtils */ |
||
26 | protected $httpUtils; |
||
27 | |||
28 | |||
29 | function __construct($providerKey, SecurityContextInterface $securityContext, SSOStateStoreInterface $ssoStore, HttpUtils $httpUtils) |
||
0 ignored issues
–
show
|
|||
30 | { |
||
31 | $this->providerKey = $providerKey; |
||
32 | $this->securityContext = $securityContext; |
||
33 | $this->ssoStore = $ssoStore; |
||
34 | $this->httpUtils = $httpUtils; |
||
35 | } |
||
36 | |||
37 | |||
38 | |||
39 | /** |
||
40 | * @param \Symfony\Component\HttpFoundation\Request $request |
||
41 | * @return bool |
||
42 | */ |
||
43 | public function supports(Request $request) |
||
44 | { |
||
45 | if ($this->httpUtils->checkRequestPath($request, $request->attributes->get('failure_path'))) { |
||
46 | return false; |
||
47 | } |
||
48 | $token = $this->securityContext->getToken(); |
||
49 | $result = $token != null |
||
50 | && $token->isAuthenticated() |
||
51 | && $token instanceof SamlSpToken |
||
52 | && $token->getSamlSpInfo() != null |
||
53 | && $token->getSamlSpInfo()->getAuthnStatement() != null |
||
54 | ; |
||
55 | return $result; |
||
56 | } |
||
57 | |||
58 | |||
59 | /** |
||
60 | * @param \Symfony\Component\HttpFoundation\Request $request |
||
61 | * @throws \AerialShip\SamlSPBundle\Error\SSOSessionException |
||
62 | * @return \Symfony\Component\HttpFoundation\Response|SamlSpInfo|null |
||
63 | */ |
||
64 | public function manage(Request $request) |
||
65 | { |
||
66 | /** @var SamlSpToken $token */ |
||
67 | $token = $this->securityContext->getToken(); |
||
68 | $samlSpInfo = $token->getSamlSpInfo(); |
||
69 | |||
70 | $ssoState = $this->ssoStore->getOneByNameIDSessionIndex( |
||
71 | $token->getProviderKey(), |
||
72 | $samlSpInfo->getAuthenticationServiceID(), |
||
73 | $samlSpInfo->getNameID()->getValue(), |
||
74 | $samlSpInfo->getAuthnStatement()->getSessionIndex() |
||
75 | ); |
||
76 | if ($ssoState == null || $ssoState->getNameID() != $samlSpInfo->getNameID()->getValue()) { |
||
77 | $this->securityContext->setToken(new AnonymousToken($this->providerKey, 'anon.')); |
||
78 | $ex = new SSOSessionException('SSO session has expired'); |
||
79 | $ex->setToken($token); |
||
80 | throw $ex; |
||
81 | } |
||
82 | |||
83 | return null; |
||
84 | } |
||
85 | } |
||
86 |
Adding explicit visibility (
private
,protected
, orpublic
) is generally recommend to communicate to other developers how, and from where this method is intended to be used.