Response - Code Metrics - Inspection of "Adding more detail to the Response." - flipboxfactory/saml-idp - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( ad0fa8...0fb162 )

by Damien

created 2019-12-17 18:31 UTC

Response A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	184
Duplicated Lines	0 %

Test Coverage

Coverage

75%

Importance

Changes	4
Bugs	0	Features	0

Metric	Value
eloc	72
c	4
b	0
f	0
dl	0
loc	184
ccs	57
cts	76
cp	0.75
rs	10
wmc	12

5 Methods

Rating	Name	Size	Complexity
A	isAllowed()	17	5
A	createGeneral()	29	1
A	createAndSendFromSession()	34	3
A	create()	50	2
A	finalizeWithAuthnRequest()	7	1

<?php

namespace flipbox\saml\idp\services\messages;

use craft\base\Component;
use craft\elements\User;
use flipbox\saml\core\exceptions\AccessDenied;
use flipbox\saml\core\helpers\MessageHelper;
use flipbox\saml\core\records\AbstractProvider;
use flipbox\saml\core\services\bindings\Factory;
use flipbox\saml\idp\models\Settings;
use flipbox\saml\idp\records\ProviderRecord;
use flipbox\saml\idp\records\ProviderRecord as Provider;
use flipbox\saml\idp\Saml;
use SAML2\AuthnRequest as SamlAuthnRequest;
use SAML2\Constants;
use SAML2\Response as ResponseMessage;
use yii\base\Event;

class Response extends Component
{

    const CONSENT_IMPLICIT = Constants::CONSENT_IMPLICIT;
    const EVENT_AFTER_MESSAGE_CREATED = 'eventAfterMessageCreated';

    /**
     * @param User $user
     * @param SamlAuthnRequest $authnRequest
     * @param Provider $identityProvider
     * @param Provider $serviceProvider
     * @param Settings $settings
     * @return ResponseMessage
     * @throws \Exception
     */
    public function create(
        User $user,
        Provider $identityProvider,
        Provider $serviceProvider,
        Settings $settings,
        SamlAuthnRequest $authnRequest = null
    ) {
        // Check Conditional login on the user
        if (! $this->isAllowed($user, $serviceProvider)) {
            throw new AccessDenied(
                sprintf(
                    'Entity (%s) Access denied for user %s',
                    $serviceProvider->getEntityId(),
                    $user->username
                )
            );
        }


        $response = $this->createGeneral($identityProvider, $serviceProvider);

        Saml::getInstance()->getResponseAssertion()->create(
            $user,
            $response,
            $identityProvider,
            $serviceProvider,
            $settings,
            $authnRequest
        );


        $response->setSignatureKey(
            $identityProvider->keychainPrivateXmlSecurityKey()
        );

        $response->setCertificates(
            [
                $identityProvider->keychain->getDecryptedCertificate(),
            ]
        );


        /**
         * Kick off event here so people can manipulate this object if needed
         */
        $event = new Event();
        $event->data = $response;
        $this->trigger(static::EVENT_AFTER_MESSAGE_CREATED, $event);

        return $response;
    }

    /**
     * @param SamlAuthnRequest $authnRequest
     * @param Provider $identityProvider
     * @return ResponseMessage
     * @throws \Exception
     */
    protected function createGeneral(
        Provider $identityProvider,
        Provider $serviceProvider
    ) {

        $acsService = $serviceProvider->firstSpAcsService(
            Constants::BINDING_HTTP_POST
        ) ?? $serviceProvider->firstSpAcsService();
        $response = new ResponseMessage();
        $response->setIssuer(
            $identityProvider->getEntityId()
        );

        $response->setId($requestId = MessageHelper::generateId());
        $response->setDestination(
            $acsService->getLocation()
        );
        $response->setConsent(static::CONSENT_IMPLICIT);
        $response->setStatus(
            [
                'Code' => Constants::STATUS_SUCCESS,
                'Message' => Constants::STATUS_SUCCESS,
            ]
        );
        $response->setIssueInstant(
            (new \DateTime())->getTimestamp()
        );

        return $response;
    }


    /**
     * @throws \flipbox\saml\core\exceptions\InvalidMetadata
     */
    public function createAndSendFromSession()
    {
        if (! $authnRequest = Saml::getInstance()->getSession()->getAuthnRequest()) {
            return;
        }

        // Clear the session
        Saml::getInstance()->getSession()->remove();

        if (! $user = \Craft::$app->getUser()->getIdentity()) {
            return;
        }

        // load our container
        Saml::getInstance()->loadSaml2Container();

        /** @var ProviderRecord $serviceProvider */
        $serviceProvider = Saml::getInstance()->getProvider()->findByEntityId(
            MessageHelper::getIssuer($authnRequest->getIssuer())
        )->one();

        $identityProvider = Saml::getInstance()->getProvider()->findOwn();

        $response = $this->create(
            $user,
            $identityProvider,
            $serviceProvider,
            Saml::getInstance()->getSettings(),
            $authnRequest
        );

        Saml::getInstance()->getResponse()->finalizeWithAuthnRequest($response, $authnRequest);

        Factory::send($response, $serviceProvider);
    }

    /**
     * Utils
     */

    /**
     * @param ResponseMessage $response
     * @param SamlAuthnRequest $authnRequest
     */
    public function finalizeWithAuthnRequest(ResponseMessage $response, SamlAuthnRequest $authnRequest)
    {
        $response->setInResponseTo(
            $authnRequest->getId()
        );
        $response->setRelayState(
            $authnRequest->getRelayState()
        );
    }

    /**
     * @param User $user
     * @param AbstractProvider $serviceProvider
     * @return bool
     */
    protected function isAllowed(User $user, AbstractProvider $serviceProvider): bool
    {
        $options = $serviceProvider->getGroupOptions();
        if ($options->shouldAllowAny()) {
            return true;
        }

        if ($options->shouldAllowNoGroupAssigned($user)) {
            return true;
        }

        foreach ($user->getGroups() as $group) {
            if ($options->shouldAllow($group->id)) {
                return true;
            }
        }
        return false;
    }
}


1		<?php
2
3		namespace flipbox\saml\idp\services\messages;
4
5		use craft\base\Component;
6		use craft\elements\User;
7		use flipbox\saml\core\exceptions\AccessDenied;
8		use flipbox\saml\core\helpers\MessageHelper;
9		use flipbox\saml\core\records\AbstractProvider;
10		use flipbox\saml\core\services\bindings\Factory;
11		use flipbox\saml\idp\models\Settings;
12		use flipbox\saml\idp\records\ProviderRecord;
13		use flipbox\saml\idp\records\ProviderRecord as Provider;
14		use flipbox\saml\idp\Saml;
15		use SAML2\AuthnRequest as SamlAuthnRequest;
16		use SAML2\Constants;
17		use SAML2\Response as ResponseMessage;
18		use yii\base\Event;
19
20		class Response extends Component
21		{
22
23		const CONSENT_IMPLICIT = Constants::CONSENT_IMPLICIT;
24		const EVENT_AFTER_MESSAGE_CREATED = 'eventAfterMessageCreated';
25
26		/**
27		* @param User $user
28		* @param SamlAuthnRequest $authnRequest
29		* @param Provider $identityProvider
30		* @param Provider $serviceProvider
31		* @param Settings $settings
32		* @return ResponseMessage
33		* @throws \Exception
34		*/
35	2	public function create(
36		User $user,
37		Provider $identityProvider,
38		Provider $serviceProvider,
39		Settings $settings,
40		SamlAuthnRequest $authnRequest = null
41		) {
42		// Check Conditional login on the user
43	2	if (! $this->isAllowed($user, $serviceProvider)) {
44	2	throw new AccessDenied(
45	2	sprintf(
46	2	'Entity (%s) Access denied for user %s',
47	2	$serviceProvider->getEntityId(),
48	2	$user->username
49		)
50		);
51		}
52
53
54	2	$response = $this->createGeneral($identityProvider, $serviceProvider);
55
56	2	Saml::getInstance()->getResponseAssertion()->create(
57	2	$user,
58	1	$response,
59	1	$identityProvider,
60	1	$serviceProvider,
61	1	$settings,
62	1	$authnRequest
63		);
64
65
66	2	$response->setSignatureKey(
67	2	$identityProvider->keychainPrivateXmlSecurityKey()
68		);
69
70	2	$response->setCertificates(
71		[
72	2	$identityProvider->keychain->getDecryptedCertificate(),
73		]
74		);
75
76
77		/**
78		* Kick off event here so people can manipulate this object if needed
79		*/
80	2	$event = new Event();
81	2	$event->data = $response;
82	2	$this->trigger(static::EVENT_AFTER_MESSAGE_CREATED, $event);
83
84	2	return $response;
85		}
86
87		/**
88		* @param SamlAuthnRequest $authnRequest
89		* @param Provider $identityProvider
90		* @return ResponseMessage
91		* @throws \Exception
92		*/
93	2	protected function createGeneral(
94		Provider $identityProvider,
95		Provider $serviceProvider
96		) {
97
98	2	$acsService = $serviceProvider->firstSpAcsService(
99	2	Constants::BINDING_HTTP_POST
100	2	) ?? $serviceProvider->firstSpAcsService();
101	2	$response = new ResponseMessage();
102	2	$response->setIssuer(
103	2	$identityProvider->getEntityId()
104		);
105
106	2	$response->setId($requestId = MessageHelper::generateId());
107	2	$response->setDestination(
108	2	$acsService->getLocation()
109		);
110	2	$response->setConsent(static::CONSENT_IMPLICIT);
111	2	$response->setStatus(
112		[
113	2	'Code' => Constants::STATUS_SUCCESS,
114	2	'Message' => Constants::STATUS_SUCCESS,
115		]
116		);
117	2	$response->setIssueInstant(
118	2	(new \DateTime())->getTimestamp()
119		);
120
121	2	return $response;
122		}
123
124
125		/**
126		* @throws \flipbox\saml\core\exceptions\InvalidMetadata
127		*/
128	2	public function createAndSendFromSession()
129		{
130	2	if (! $authnRequest = Saml::getInstance()->getSession()->getAuthnRequest()) {
131	2	return;
132		}
133
134		// Clear the session
135		Saml::getInstance()->getSession()->remove();
136
137		if (! $user = \Craft::$app->getUser()->getIdentity()) {
138		return;
139		}
140
141		// load our container
142		Saml::getInstance()->loadSaml2Container();
143
144		/** @var ProviderRecord $serviceProvider */
145		$serviceProvider = Saml::getInstance()->getProvider()->findByEntityId(
146		MessageHelper::getIssuer($authnRequest->getIssuer())
147		)->one();
148
149		$identityProvider = Saml::getInstance()->getProvider()->findOwn();
150
151		$response = $this->create(
152		$user,
153		$identityProvider,
154		$serviceProvider,
155		Saml::getInstance()->getSettings(),
156		$authnRequest
157		);
158
159		Saml::getInstance()->getResponse()->finalizeWithAuthnRequest($response, $authnRequest);
160
161		Factory::send($response, $serviceProvider);
162		}
163
164		/**
165		* Utils
166		*/
167
168		/**
169		* @param ResponseMessage $response
170		* @param SamlAuthnRequest $authnRequest
171		*/
172	2	public function finalizeWithAuthnRequest(ResponseMessage $response, SamlAuthnRequest $authnRequest)
173		{
174	2	$response->setInResponseTo(
175	2	$authnRequest->getId()
176		);
177	2	$response->setRelayState(
178	2	$authnRequest->getRelayState()
179		);
180	2	}
181
182		/**
183		* @param User $user
184		* @param AbstractProvider $serviceProvider
185		* @return bool
186		*/
187	2	protected function isAllowed(User $user, AbstractProvider $serviceProvider): bool
188		{
189	2	$options = $serviceProvider->getGroupOptions();
190	2	if ($options->shouldAllowAny()) {
191		return true;
192		}
193
194	2	if ($options->shouldAllowNoGroupAssigned($user)) {
195		return true;
196		}
197
198	2	foreach ($user->getGroups() as $group) {
199	2	if ($options->shouldAllow($group->id)) {
200	2	return true;
201		}
202		}
203	2	return false;
204		}
205		}
206

flipboxfactory / saml-idp

GitHub Access Token became invalid

Push — master ( ad0fa8...0fb162 )

Response A

Complexity

Size/Duplication

Test Coverage

Importance

5 Methods

Duplication Side-by-Side

Filter issues like