Response - Code Metrics - flipboxfactory/saml-idp - Measure and Improve Code Quality continuously with Scrutinizer

Response A
last analyzed 2020-12-15 16:30 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	152
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	14

Test Coverage

Coverage

96.61%

Importance

Changes

Metric	Value
wmc	9
lcom	1
cbo	14
dl	0
loc	152
ccs	57
cts	59
cp	0.9661
rs	10
c	0
b	0
f	0

4 Methods

Rating	Name	Size	Complexity
A	create()	52	2
A	createGeneral()	34	1
A	finalizeWithAuthnRequest()	9	1
A	isAllowed()	18	5

<?php

namespace flipbox\saml\idp\services\messages;

use craft\base\Component;
use craft\elements\User;
use flipbox\saml\core\exceptions\AccessDenied;
use flipbox\saml\core\helpers\MessageHelper;
use flipbox\saml\core\records\AbstractProvider;
use flipbox\saml\core\services\bindings\Factory;
use flipbox\saml\idp\events\ResponseEvent;
use flipbox\saml\idp\models\Settings;
use flipbox\saml\idp\records\ProviderRecord;
use flipbox\saml\idp\records\ProviderRecord as Provider;
use flipbox\saml\idp\Saml;
use SAML2\AuthnRequest as SamlAuthnRequest;
use SAML2\Constants;
use SAML2\Response as ResponseMessage;
use SAML2\XML\saml\Issuer;
use yii\base\Event;

class Response extends Component
{

    const CONSENT_IMPLICIT = Constants::CONSENT_IMPLICIT;
    const EVENT_AFTER_MESSAGE_CREATED = 'eventAfterMessageCreated';

    /**
     * @param User $user
     * @param SamlAuthnRequest $authnRequest
     * @param Provider $identityProvider
     * @param Provider $serviceProvider
     * @param Settings $settings
     * @return ResponseMessage
     * @throws \Exception
     */
    public function create(
        User $user,
        Provider $identityProvider,
        Provider $serviceProvider,
        Settings $settings,
        SamlAuthnRequest $authnRequest = null
    ) {
        // Check Conditional login on the user
        if (! $this->isAllowed($user, $serviceProvider)) {
            throw new AccessDenied(
                sprintf(
                    'Entity (%s) Access denied for user %s',
                    $serviceProvider->getEntityId(),
                    $user->username
                )
            );
        }


        $response = $this->createGeneral($identityProvider, $serviceProvider, $authnRequest);
function notNullable(stdClass $x) { }

// Unsafe
function withoutCheck(stdClass $x = null) {
    notNullable($x);
}

// Safe - Alternative 1: Adding Additional Type-Check
function withCheck(stdClass $x = null) {
    if ($x instanceof stdClass) {
        notNullable($x);
    }
}

// Safe - Alternative 2: Changing Parameter
function withNonNullableParam(stdClass $x) {
    notNullable($x);
}

        Saml::getInstance()->getResponseAssertion()->create(
            $user,
            $response,
            $identityProvider,
            $serviceProvider,
            $settings,
            $authnRequest
        );


        $response->setSignatureKey(
            $identityProvider->keychainPrivateXmlSecurityKey()
        );

        $response->setCertificates(
            [
                $identityProvider->keychain->getDecryptedCertificate(),
            ]
        );


        /**
         * Kick off event here so people can manipulate this object if needed
         */
        $event = new ResponseEvent();
        $event->response = $response;
        $event->user = $user;
        $this->trigger(static::EVENT_AFTER_MESSAGE_CREATED, $event);

        return $response;
    }

    /**
     * @param SamlAuthnRequest $authnRequest
     * @param Provider $identityProvider
     * @return ResponseMessage
     * @throws \Exception
     */
    protected function createGeneral(
        Provider $identityProvider,
        Provider $serviceProvider,
        \SAML2\AuthnRequest $authnRequest
    ) {

        $acsService = $serviceProvider->firstSpAcsService(
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
            Constants::BINDING_HTTP_POST
        ) ?? $serviceProvider->firstSpAcsService();
        $response = new ResponseMessage();
        $issuer = new Issuer();
        $issuer->setFormat(Constants::NAMEID_ENTITY);
        $issuer->setValue($identityProvider->getEntityId());
        $response->setIssuer(
            $issuer
        );

        $response->setId($requestId = MessageHelper::generateId());
        $response->setDestination(
            $authnRequest->getAssertionConsumerServiceURL()
        );
        $response->setConsent(static::CONSENT_IMPLICIT);
        $response->setStatus(
            [
                'Code' => Constants::STATUS_SUCCESS,
                'Message' => Constants::STATUS_SUCCESS,
            ]
        );
        $response->setIssueInstant(
            (new \DateTime())->getTimestamp()
        );

        return $response;
    }


    /**
     * Utils
     */

    /**
     * @param ResponseMessage $response
     * @param SamlAuthnRequest $authnRequest
     */
    public function finalizeWithAuthnRequest(ResponseMessage $response, SamlAuthnRequest $authnRequest)
    {
        $response->setInResponseTo(
            $authnRequest->getId()
        );
        $response->setRelayState(
            $authnRequest->getRelayState()
        );
    }

    /**
     * @param User $user
     * @param AbstractProvider $serviceProvider
     * @return bool
     */
    protected function isAllowed(User $user, AbstractProvider $serviceProvider): bool
    {
        $options = $serviceProvider->getGroupOptions();
        if ($options->shouldAllowAny()) {
            return true;
        }

        if ($options->shouldAllowNoGroupAssigned($user)) {
            return true;
        }

        foreach ($user->getGroups() as $group) {
            if ($options->shouldAllow($group->id)) {
                return true;
            }
        }
        return false;
    }
}


1		<?php
2
3		namespace flipbox\saml\idp\services\messages;
4
5		use craft\base\Component;
6		use craft\elements\User;
7		use flipbox\saml\core\exceptions\AccessDenied;
8		use flipbox\saml\core\helpers\MessageHelper;
9		use flipbox\saml\core\records\AbstractProvider;
10		use flipbox\saml\core\services\bindings\Factory;
11		use flipbox\saml\idp\events\ResponseEvent;
12		use flipbox\saml\idp\models\Settings;
13		use flipbox\saml\idp\records\ProviderRecord;
14		use flipbox\saml\idp\records\ProviderRecord as Provider;
15		use flipbox\saml\idp\Saml;
16		use SAML2\AuthnRequest as SamlAuthnRequest;
17		use SAML2\Constants;
18		use SAML2\Response as ResponseMessage;
19		use SAML2\XML\saml\Issuer;
20		use yii\base\Event;
21
22		class Response extends Component
23		{
24
25		const CONSENT_IMPLICIT = Constants::CONSENT_IMPLICIT;
26		const EVENT_AFTER_MESSAGE_CREATED = 'eventAfterMessageCreated';
27
28		/**
29		* @param User $user
30		* @param SamlAuthnRequest $authnRequest
31		* @param Provider $identityProvider
32		* @param Provider $serviceProvider
33		* @param Settings $settings
34		* @return ResponseMessage
35		* @throws \Exception
36		*/
37	2	public function create(
38		User $user,
39		Provider $identityProvider,
40		Provider $serviceProvider,
41		Settings $settings,
42		SamlAuthnRequest $authnRequest = null
43		) {
44		// Check Conditional login on the user
45	2	if (! $this->isAllowed($user, $serviceProvider)) {
46	2	throw new AccessDenied(
47	2	sprintf(
48	2	'Entity (%s) Access denied for user %s',
49	2	$serviceProvider->getEntityId(),
50	2	$user->username
51		)
52		);
53		}
54
55
56	2	$response = $this->createGeneral($identityProvider, $serviceProvider, $authnRequest);
		0 ignored issues – show Bug introduced 2020-10-30 17:42 UTC by Report Bug Copy Issue Report It seems like `$authnRequest` defined by parameter `$authnRequest` on line `42` can be `null`; however, `flipbox\saml\idp\service...sponse::createGeneral()` does not accept `null`, maybe add an additional type check? It seems like you allow that null is being passed for a parameter, however the function which is called does not seem to accept null. We recommend to add an additional type check (or disallow null for the parameter): function notNullable(stdClass $x) { } // Unsafe function withoutCheck(stdClass $x = null) { notNullable($x); } // Safe - Alternative 1: Adding Additional Type-Check function withCheck(stdClass $x = null) { if ($x instanceof stdClass) { notNullable($x); } } // Safe - Alternative 2: Changing Parameter function withNonNullableParam(stdClass $x) { notNullable($x); } Loading history...
57
58	2	Saml::getInstance()->getResponseAssertion()->create(
59	2	$user,
60	2	$response,
61	2	$identityProvider,
62	2	$serviceProvider,
63	2	$settings,
64	2	$authnRequest
65		);
66
67
68	2	$response->setSignatureKey(
69	2	$identityProvider->keychainPrivateXmlSecurityKey()
70		);
71
72	2	$response->setCertificates(
73		[
74	2	$identityProvider->keychain->getDecryptedCertificate(),
75		]
76		);
77
78
79		/**
80		* Kick off event here so people can manipulate this object if needed
81		*/
82	2	$event = new ResponseEvent();
83	2	$event->response = $response;
84	2	$event->user = $user;
85	2	$this->trigger(static::EVENT_AFTER_MESSAGE_CREATED, $event);
86
87	2	return $response;
88		}
89
90		/**
91		* @param SamlAuthnRequest $authnRequest
92		* @param Provider $identityProvider
93		* @return ResponseMessage
94		* @throws \Exception
95		*/
96	2	protected function createGeneral(
97		Provider $identityProvider,
98		Provider $serviceProvider,
99		\SAML2\AuthnRequest $authnRequest
100		) {
101	2
102	2	$acsService = $serviceProvider->firstSpAcsService(
		0 ignored issues – show Unused Code introduced 2020-10-30 17:42 UTC by Report Bug Copy Issue Report `$acsService` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
103	2	Constants::BINDING_HTTP_POST
104	2	) ?? $serviceProvider->firstSpAcsService();
105	2	$response = new ResponseMessage();
106	2	$issuer = new Issuer();
107	2	$issuer->setFormat(Constants::NAMEID_ENTITY);
108	2	$issuer->setValue($identityProvider->getEntityId());
109	2	$response->setIssuer(
110		$issuer
111		);
112	2
113	2	$response->setId($requestId = MessageHelper::generateId());
114	2	$response->setDestination(
115		$authnRequest->getAssertionConsumerServiceURL()
116	2	);
117	2	$response->setConsent(static::CONSENT_IMPLICIT);
118		$response->setStatus(
119	2	[
120		'Code' => Constants::STATUS_SUCCESS,
121		'Message' => Constants::STATUS_SUCCESS,
122		]
123	2	);
124	2	$response->setIssueInstant(
125		(new \DateTime())->getTimestamp()
126		);
127	2
128		return $response;
129		}
130
131
132		/**
133		* Utils
134		*/
135
136		/**
137		* @param ResponseMessage $response
138		* @param SamlAuthnRequest $authnRequest
139	2	*/
140		public function finalizeWithAuthnRequest(ResponseMessage $response, SamlAuthnRequest $authnRequest)
141	2	{
142	2	$response->setInResponseTo(
143		$authnRequest->getId()
144	2	);
145	2	$response->setRelayState(
146		$authnRequest->getRelayState()
147	2	);
148		}
149
150		/**
151		* @param User $user
152		* @param AbstractProvider $serviceProvider
153		* @return bool
154	2	*/
155		protected function isAllowed(User $user, AbstractProvider $serviceProvider): bool
156	2	{
157	2	$options = $serviceProvider->getGroupOptions();
158		if ($options->shouldAllowAny()) {
159		return true;
160		}
161	2
162		if ($options->shouldAllowNoGroupAssigned($user)) {
163		return true;
164		}
165	2
166	2	foreach ($user->getGroups() as $group) {
167	2	if ($options->shouldAllow($group->id)) {
168		return true;
169		}
170	2	}
171		return false;
172		}
173		}
174

flipboxfactory / saml-idp

GitHub Access Token became invalid

Response A last analyzed 2020-12-15 16:30 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

4 Methods

Duplication Side-by-Side

Filter issues like

Response A
last analyzed 2020-12-15 16:30 UTC