Connection::disconnect() - Code Metrics - Inspection of "refactor connect/disconnect and otp verify" - eduVPN/vpn-server-api - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 71cc31...7de261 )

by François

created 2016-10-10 13:59 UTC

Connection::disconnect() A

↳ Parent: Connection

Complexity

Conditions	1
Paths	1

Size

Total Lines	6
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	3
nc	1
nop	1
dl	0
loc	6
rs	9.4285
c	0
b	0
f	0

<?php
/**
 *  Copyright (C) 2016 SURFnet.
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
namespace SURFnet\VPN\Server;

use Psr\Log\LoggerInterface;
use SURFnet\VPN\Common\HttpClient\ServerClient;
use SURFnet\VPN\Server\Exception\InputValidationException;

class Connection
{
    /** @var \Psr\Log\LoggerInterface */
    private $logger;

    /** @var \SURFnet\VPN\Common\HttpClient\ServerClient */
    private $serverClient;

    public function __construct(LoggerInterface $logger, ServerClient $serverClient)
    {
        $this->logger = $logger;
        $this->serverClient = $serverClient;
    }

    public function connect(array $envData)
    {
        try {
            $poolId = InputValidation::poolId($envData['POOL_ID']);
            $commonName = InputValidation::commonName($envData['common_name']);
            $userId = self::getUserId($commonName);

            // XXX turn the >= 3 calls below into one call

            // check if user is disabled
            if (true === $this->serverClient->isDisabledUser($userId)) {
                $this->logger->error('user is disabled', $envData);

                return false;
            }

            // check if the common_name is disabled
            if (true === $this->serverClient->isDisabledCommonName($commonName)) {
                $this->logger->error('common_name is disabled', $envData);

                return false;
            }

            // if the ACL is enabled, verify that the user is allowed to
            // connect
            $serverPool = $this->serverClient->serverPool($poolId);
            if ($serverPool['enableAcl']) {
                $userGroups = $this->serverClient->userGroups($userId);
                if (false === self::isMember($userGroups, $serverPool['aclGroupList'])) {
                    $this->logger->error('user is not a member of required group', $envData);

                    return false;
                }
            }

            $this->logger->info(json_encode(array_merge($envData, ['ok' => true])));

            return true;
        } catch (InputValidationException $e) {
            $this->logger->error($e->getMessage(), $envData);

            return false;
        }
    }

    public function disconnect(array $envData)
    {
        $this->logger->info(json_encode(array_merge($envData, ['ok' => true])));

        return true;
    }

    private static function isMember(array $memberOf, array $aclGroupList)
    {
        // one of the groups must be listed in the pool ACL list
        foreach ($memberOf as $memberGroup) {
            if (in_array($memberGroup['id'], $aclGroupList)) {
                return true;
            }
        }

        return false;
    }

    private static function getUserId($commonName)
    {
        // XXX share this with "Otp" class and possibly others

        // return the part before the first underscore, it is already validated
        // so we can be sure this is fine
        return substr($commonName, 0, strpos($commonName, '_'));
    }
}


1			<?php
2			/**
3			* Copyright (C) 2016 SURFnet.
4			*
5			* This program is free software: you can redistribute it and/or modify
6			* it under the terms of the GNU Affero General Public License as
7			* published by the Free Software Foundation, either version 3 of the
8			* License, or (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU Affero General Public License for more details.
14			*
15			* You should have received a copy of the GNU Affero General Public License
16			* along with this program. If not, see <http://www.gnu.org/licenses/>.
17			*/
18			namespace SURFnet\VPN\Server;
19
20			use Psr\Log\LoggerInterface;
21			use SURFnet\VPN\Common\HttpClient\ServerClient;
22			use SURFnet\VPN\Server\Exception\InputValidationException;
23
24			class Connection
25			{
26			/** @var \Psr\Log\LoggerInterface */
27			private $logger;
28
29			/** @var \SURFnet\VPN\Common\HttpClient\ServerClient */
30			private $serverClient;
31
32			public function __construct(LoggerInterface $logger, ServerClient $serverClient)
33			{
34			$this->logger = $logger;
35			$this->serverClient = $serverClient;
36			}
37
38			public function connect(array $envData)
39			{
40			try {
41			$poolId = InputValidation::poolId($envData['POOL_ID']);
42			$commonName = InputValidation::commonName($envData['common_name']);
43			$userId = self::getUserId($commonName);
44
45			// XXX turn the >= 3 calls below into one call
46
47			// check if user is disabled
48			if (true === $this->serverClient->isDisabledUser($userId)) {
49			$this->logger->error('user is disabled', $envData);
50
51			return false;
52			}
53
54			// check if the common_name is disabled
55			if (true === $this->serverClient->isDisabledCommonName($commonName)) {
56			$this->logger->error('common_name is disabled', $envData);
57
58			return false;
59			}
60
61			// if the ACL is enabled, verify that the user is allowed to
62			// connect
63			$serverPool = $this->serverClient->serverPool($poolId);
64			if ($serverPool['enableAcl']) {
65			$userGroups = $this->serverClient->userGroups($userId);
66			if (false === self::isMember($userGroups, $serverPool['aclGroupList'])) {
67			$this->logger->error('user is not a member of required group', $envData);
68
69			return false;
70			}
71			}
72
73			$this->logger->info(json_encode(array_merge($envData, ['ok' => true])));
74
75			return true;
76			} catch (InputValidationException $e) {
77			$this->logger->error($e->getMessage(), $envData);
78
79			return false;
80			}
81			}
82
83			public function disconnect(array $envData)
84			{
85			$this->logger->info(json_encode(array_merge($envData, ['ok' => true])));
86
87			return true;
88			}
89
90			private static function isMember(array $memberOf, array $aclGroupList)
91			{
92			// one of the groups must be listed in the pool ACL list
93			foreach ($memberOf as $memberGroup) {
94			if (in_array($memberGroup['id'], $aclGroupList)) {
95			return true;
96			}
97			}
98
99			return false;
100			}
101
102			private static function getUserId($commonName)
103			{
104			// XXX share this with "Otp" class and possibly others
105
106			// return the part before the first underscore, it is already validated
107			// so we can be sure this is fine
108			return substr($commonName, 0, strpos($commonName, '_'));
109			}
110			}
111

eduVPN / vpn-server-api

GitHub Access Token became invalid

Push — master ( 71cc31...7de261 )

Connection::disconnect() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like