Response - Code Metrics - Inspection of "Adding more detail to the Response (Issuer)." - flipboxfactory/saml-idp - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 0fb162...1139e4 )

by Damien

created 2019-12-17 19:11 UTC

Response A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	187
Duplicated Lines	0 %

Test Coverage

Coverage

75.94%

Importance

Changes	5
Bugs	0	Features	0

Metric	Value
eloc	75
c	5
b	0
f	0
dl	0
loc	187
ccs	60
cts	79
cp	0.7594
rs	10
wmc	12

5 Methods

Rating	Name	Size	Complexity
A	isAllowed()	17	5
A	createGeneral()	32	1
A	createAndSendFromSession()	34	3
A	create()	50	2
A	finalizeWithAuthnRequest()	7	1

<?php

namespace flipbox\saml\idp\services\messages;

use craft\base\Component;
use craft\elements\User;
use flipbox\saml\core\exceptions\AccessDenied;
use flipbox\saml\core\helpers\MessageHelper;
use flipbox\saml\core\records\AbstractProvider;
use flipbox\saml\core\services\bindings\Factory;
use flipbox\saml\idp\models\Settings;
use flipbox\saml\idp\records\ProviderRecord;
use flipbox\saml\idp\records\ProviderRecord as Provider;
use flipbox\saml\idp\Saml;
use SAML2\AuthnRequest as SamlAuthnRequest;
use SAML2\Constants;
use SAML2\Response as ResponseMessage;
use SAML2\XML\saml\Issuer;
use yii\base\Event;

class Response extends Component
{

    const CONSENT_IMPLICIT = Constants::CONSENT_IMPLICIT;
    const EVENT_AFTER_MESSAGE_CREATED = 'eventAfterMessageCreated';

    /**
     * @param User $user
     * @param SamlAuthnRequest $authnRequest
     * @param Provider $identityProvider
     * @param Provider $serviceProvider
     * @param Settings $settings
     * @return ResponseMessage
     * @throws \Exception
     */
    public function create(
        User $user,
        Provider $identityProvider,
        Provider $serviceProvider,
        Settings $settings,
        SamlAuthnRequest $authnRequest = null
    ) {
        // Check Conditional login on the user
        if (! $this->isAllowed($user, $serviceProvider)) {
            throw new AccessDenied(
                sprintf(
                    'Entity (%s) Access denied for user %s',
                    $serviceProvider->getEntityId(),
                    $user->username
                )
            );
        }


        $response = $this->createGeneral($identityProvider, $serviceProvider);

        Saml::getInstance()->getResponseAssertion()->create(
            $user,
            $response,
            $identityProvider,
            $serviceProvider,
            $settings,
            $authnRequest
        );


        $response->setSignatureKey(
            $identityProvider->keychainPrivateXmlSecurityKey()
        );

        $response->setCertificates(
            [
                $identityProvider->keychain->getDecryptedCertificate(),
            ]
        );


        /**
         * Kick off event here so people can manipulate this object if needed
         */
        $event = new Event();
        $event->data = $response;
        $this->trigger(static::EVENT_AFTER_MESSAGE_CREATED, $event);

        return $response;
    }

    /**
     * @param SamlAuthnRequest $authnRequest
     * @param Provider $identityProvider
     * @return ResponseMessage
     * @throws \Exception
     */
    protected function createGeneral(
        Provider $identityProvider,
        Provider $serviceProvider
    ) {

        $acsService = $serviceProvider->firstSpAcsService(
            Constants::BINDING_HTTP_POST
        ) ?? $serviceProvider->firstSpAcsService();
        $response = new ResponseMessage();
        $issuer = new Issuer();
        $issuer->setFormat(Constants::NAMEID_ENTITY);
        $issuer->setValue($identityProvider->getEntityId());
        $response->setIssuer(
            $issuer
        );

        $response->setId($requestId = MessageHelper::generateId());
        $response->setDestination(
            $acsService->getLocation()
        );
        $response->setConsent(static::CONSENT_IMPLICIT);
        $response->setStatus(
            [
                'Code' => Constants::STATUS_SUCCESS,
                'Message' => Constants::STATUS_SUCCESS,
            ]
        );
        $response->setIssueInstant(
            (new \DateTime())->getTimestamp()
        );

        return $response;
    }


    /**
     * @throws \flipbox\saml\core\exceptions\InvalidMetadata
     */
    public function createAndSendFromSession()
    {
        if (! $authnRequest = Saml::getInstance()->getSession()->getAuthnRequest()) {
            return;
        }

        // Clear the session
        Saml::getInstance()->getSession()->remove();

        if (! $user = \Craft::$app->getUser()->getIdentity()) {
            return;
        }

        // load our container
        Saml::getInstance()->loadSaml2Container();

        /** @var ProviderRecord $serviceProvider */
        $serviceProvider = Saml::getInstance()->getProvider()->findByEntityId(
            MessageHelper::getIssuer($authnRequest->getIssuer())
        )->one();

        $identityProvider = Saml::getInstance()->getProvider()->findOwn();

        $response = $this->create(
            $user,
            $identityProvider,
            $serviceProvider,
            Saml::getInstance()->getSettings(),
            $authnRequest
        );

        Saml::getInstance()->getResponse()->finalizeWithAuthnRequest($response, $authnRequest);

        Factory::send($response, $serviceProvider);
    }

    /**
     * Utils
     */

    /**
     * @param ResponseMessage $response
     * @param SamlAuthnRequest $authnRequest
     */
    public function finalizeWithAuthnRequest(ResponseMessage $response, SamlAuthnRequest $authnRequest)
    {
        $response->setInResponseTo(
            $authnRequest->getId()
        );
        $response->setRelayState(
            $authnRequest->getRelayState()
        );
    }

    /**
     * @param User $user
     * @param AbstractProvider $serviceProvider
     * @return bool
     */
    protected function isAllowed(User $user, AbstractProvider $serviceProvider): bool
    {
        $options = $serviceProvider->getGroupOptions();
        if ($options->shouldAllowAny()) {
            return true;
        }

        if ($options->shouldAllowNoGroupAssigned($user)) {
            return true;
        }

        foreach ($user->getGroups() as $group) {
            if ($options->shouldAllow($group->id)) {
                return true;
            }
        }
        return false;
    }
}


1		<?php
2
3		namespace flipbox\saml\idp\services\messages;
4
5		use craft\base\Component;
6		use craft\elements\User;
7		use flipbox\saml\core\exceptions\AccessDenied;
8		use flipbox\saml\core\helpers\MessageHelper;
9		use flipbox\saml\core\records\AbstractProvider;
10		use flipbox\saml\core\services\bindings\Factory;
11		use flipbox\saml\idp\models\Settings;
12		use flipbox\saml\idp\records\ProviderRecord;
13		use flipbox\saml\idp\records\ProviderRecord as Provider;
14		use flipbox\saml\idp\Saml;
15		use SAML2\AuthnRequest as SamlAuthnRequest;
16		use SAML2\Constants;
17		use SAML2\Response as ResponseMessage;
18		use SAML2\XML\saml\Issuer;
19		use yii\base\Event;
20
21		class Response extends Component
22		{
23
24		const CONSENT_IMPLICIT = Constants::CONSENT_IMPLICIT;
25		const EVENT_AFTER_MESSAGE_CREATED = 'eventAfterMessageCreated';
26
27		/**
28		* @param User $user
29		* @param SamlAuthnRequest $authnRequest
30		* @param Provider $identityProvider
31		* @param Provider $serviceProvider
32		* @param Settings $settings
33		* @return ResponseMessage
34		* @throws \Exception
35		*/
36	2	public function create(
37		User $user,
38		Provider $identityProvider,
39		Provider $serviceProvider,
40		Settings $settings,
41		SamlAuthnRequest $authnRequest = null
42		) {
43		// Check Conditional login on the user
44	2	if (! $this->isAllowed($user, $serviceProvider)) {
45	2	throw new AccessDenied(
46	2	sprintf(
47	2	'Entity (%s) Access denied for user %s',
48	2	$serviceProvider->getEntityId(),
49	2	$user->username
50		)
51		);
52		}
53
54
55	2	$response = $this->createGeneral($identityProvider, $serviceProvider);
56
57	2	Saml::getInstance()->getResponseAssertion()->create(
58	2	$user,
59	2	$response,
60	2	$identityProvider,
61	2	$serviceProvider,
62	2	$settings,
63	2	$authnRequest
64		);
65
66
67	2	$response->setSignatureKey(
68	2	$identityProvider->keychainPrivateXmlSecurityKey()
69		);
70
71	2	$response->setCertificates(
72		[
73	2	$identityProvider->keychain->getDecryptedCertificate(),
74		]
75		);
76
77
78		/**
79		* Kick off event here so people can manipulate this object if needed
80		*/
81	2	$event = new Event();
82	2	$event->data = $response;
83	2	$this->trigger(static::EVENT_AFTER_MESSAGE_CREATED, $event);
84
85	2	return $response;
86		}
87
88		/**
89		* @param SamlAuthnRequest $authnRequest
90		* @param Provider $identityProvider
91		* @return ResponseMessage
92		* @throws \Exception
93		*/
94	2	protected function createGeneral(
95		Provider $identityProvider,
96		Provider $serviceProvider
97		) {
98
99	2	$acsService = $serviceProvider->firstSpAcsService(
100	2	Constants::BINDING_HTTP_POST
101	2	) ?? $serviceProvider->firstSpAcsService();
102	2	$response = new ResponseMessage();
103	2	$issuer = new Issuer();
104	2	$issuer->setFormat(Constants::NAMEID_ENTITY);
105	2	$issuer->setValue($identityProvider->getEntityId());
106	2	$response->setIssuer(
107	2	$issuer
108		);
109
110	2	$response->setId($requestId = MessageHelper::generateId());
111	2	$response->setDestination(
112	2	$acsService->getLocation()
113		);
114	2	$response->setConsent(static::CONSENT_IMPLICIT);
115	2	$response->setStatus(
116		[
117	2	'Code' => Constants::STATUS_SUCCESS,
118	2	'Message' => Constants::STATUS_SUCCESS,
119		]
120		);
121	2	$response->setIssueInstant(
122	2	(new \DateTime())->getTimestamp()
123		);
124
125	2	return $response;
126		}
127
128
129		/**
130		* @throws \flipbox\saml\core\exceptions\InvalidMetadata
131		*/
132	2	public function createAndSendFromSession()
133		{
134	2	if (! $authnRequest = Saml::getInstance()->getSession()->getAuthnRequest()) {
135	2	return;
136		}
137
138		// Clear the session
139		Saml::getInstance()->getSession()->remove();
140
141		if (! $user = \Craft::$app->getUser()->getIdentity()) {
142		return;
143		}
144
145		// load our container
146		Saml::getInstance()->loadSaml2Container();
147
148		/** @var ProviderRecord $serviceProvider */
149		$serviceProvider = Saml::getInstance()->getProvider()->findByEntityId(
150		MessageHelper::getIssuer($authnRequest->getIssuer())
151		)->one();
152
153		$identityProvider = Saml::getInstance()->getProvider()->findOwn();
154
155		$response = $this->create(
156		$user,
157		$identityProvider,
158		$serviceProvider,
159		Saml::getInstance()->getSettings(),
160		$authnRequest
161		);
162
163		Saml::getInstance()->getResponse()->finalizeWithAuthnRequest($response, $authnRequest);
164
165		Factory::send($response, $serviceProvider);
166		}
167
168		/**
169		* Utils
170		*/
171
172		/**
173		* @param ResponseMessage $response
174		* @param SamlAuthnRequest $authnRequest
175		*/
176	2	public function finalizeWithAuthnRequest(ResponseMessage $response, SamlAuthnRequest $authnRequest)
177		{
178	2	$response->setInResponseTo(
179	2	$authnRequest->getId()
180		);
181	2	$response->setRelayState(
182	2	$authnRequest->getRelayState()
183		);
184	2	}
185
186		/**
187		* @param User $user
188		* @param AbstractProvider $serviceProvider
189		* @return bool
190		*/
191	2	protected function isAllowed(User $user, AbstractProvider $serviceProvider): bool
192		{
193	2	$options = $serviceProvider->getGroupOptions();
194	2	if ($options->shouldAllowAny()) {
195		return true;
196		}
197
198	2	if ($options->shouldAllowNoGroupAssigned($user)) {
199		return true;
200		}
201
202	2	foreach ($user->getGroups() as $group) {
203	2	if ($options->shouldAllow($group->id)) {
204	2	return true;
205		}
206		}
207	2	return false;
208		}
209		}
210

flipboxfactory / saml-idp

GitHub Access Token became invalid

Push — master ( 0fb162...1139e4 )

Response A

Complexity

Size/Duplication

Test Coverage

Importance

5 Methods

Duplication Side-by-Side

Filter issues like