These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Created by PhpStorm. |
||
4 | * User: dsmrt |
||
5 | * Date: 1/11/18 |
||
6 | * Time: 8:30 PM |
||
7 | */ |
||
8 | |||
9 | namespace flipbox\saml\sp\services\messages; |
||
10 | |||
11 | |||
12 | use craft\base\Component; |
||
13 | use flipbox\keychain\records\KeyChainRecord; |
||
14 | use flipbox\saml\core\exceptions\InvalidMessage; |
||
15 | use flipbox\saml\core\helpers\SecurityHelper; |
||
16 | use flipbox\saml\sp\Saml; |
||
17 | use LightSaml\Model\Assertion\Assertion; |
||
18 | use LightSaml\Model\Assertion\EncryptedAssertionReader; |
||
19 | use LightSaml\Validator\Model\Assertion\AssertionTimeValidator; |
||
20 | use LightSaml\Validator\Model\Assertion\AssertionValidator; |
||
21 | use LightSaml\Validator\Model\NameId\NameIdValidator; |
||
22 | use LightSaml\Validator\Model\Statement\StatementValidator; |
||
23 | use LightSaml\Validator\Model\Subject\SubjectValidator; |
||
24 | |||
25 | class Response extends Component |
||
26 | { |
||
27 | |||
28 | /** |
||
29 | * @param Assertion $assertion |
||
30 | * @return bool |
||
31 | */ |
||
32 | public function isValidTimeAssertion(Assertion $assertion) |
||
33 | { |
||
34 | $validator = new AssertionTimeValidator(); |
||
35 | $validator->validateTimeRestrictions($assertion, (new \DateTime())->getTimestamp(), 0); |
||
36 | return true; |
||
37 | } |
||
38 | |||
39 | /** |
||
40 | * @param Assertion $assertion |
||
41 | * @return bool |
||
42 | */ |
||
43 | public function isValidAssertion(Assertion $assertion) |
||
44 | { |
||
45 | $nameValidator = new NameIdValidator; |
||
46 | $validator = new AssertionValidator( |
||
47 | $nameValidator, |
||
48 | new SubjectValidator($nameValidator), |
||
49 | new StatementValidator |
||
50 | ); |
||
51 | |||
52 | $validator->validateAssertion($assertion); |
||
53 | |||
54 | return true; |
||
55 | } |
||
56 | |||
57 | |||
58 | /** |
||
59 | * @param KeyChainRecord $chainRecord |
||
60 | * @param EncryptedAssertionReader $encryptedAssertion |
||
0 ignored issues
–
show
|
|||
61 | */ |
||
62 | public function decryptAssertions(\LightSaml\Model\Protocol\Response $response, KeyChainRecord $keyChainRecord) |
||
63 | { |
||
64 | $credential = SecurityHelper::createCredential($keyChainRecord); |
||
65 | |||
66 | $decryptDeserializeContext = new \LightSaml\Model\Context\DeserializationContext(); |
||
67 | |||
68 | /** @var \LightSaml\Model\Assertion\EncryptedAssertionReader $encryptedAssertion */ |
||
69 | foreach ($response->getAllEncryptedAssertions() as $encryptedAssertion) { |
||
70 | $response->addAssertion( |
||
71 | $encryptedAssertion->decryptMultiAssertion([$credential], $decryptDeserializeContext) |
||
0 ignored issues
–
show
It seems like you code against a specific sub-type and not the parent class
LightSaml\Model\Assertion\EncryptedElement as the method decryptMultiAssertion() does only exist in the following sub-classes of LightSaml\Model\Assertion\EncryptedElement : LightSaml\Model\Assertion\EncryptedAssertionReader . Maybe you want to instanceof check for one of these explicitly?
Let’s take a look at an example: abstract class User
{
/** @return string */
abstract public function getPassword();
}
class MyUser extends User
{
public function getPassword()
{
// return something
}
public function getDisplayName()
{
// return some name.
}
}
class AuthSystem
{
public function authenticate(User $user)
{
$this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
// do something.
}
}
In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different sub-classes of User which does not have a getDisplayName() method, the code will break. Available Fixes
Note: PHP Analyzer uses reverse abstract interpretation to narrow down the types
inside the if block in such a case.
Loading history...
|
|||
72 | ); |
||
73 | } |
||
74 | |||
75 | } |
||
76 | } |
This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function.
Consider the following example. The parameter
$italy
is not defined by the methodfinale(...)
.The most likely cause is that the parameter was removed, but the annotation was not.