SAMLConfiguration::asArray() - Code Metrics - Inspection of "Allow using cert and key path absolute paths." - silverstripe/silverstripe-activedirectory - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#61)

by Sean

created 2016-04-06 23:57 UTC

SAMLConfiguration::asArray() B

↳ Parent: SAMLConfiguration

Complexity

Conditions	4
Paths	8

Size

Total Lines	74
Code Lines	39

Duplication

Lines	0
Ratio	0 %

Importance

Changes	4
Bugs	0	Features	0

Metric	Value
c	4
b	0
f	0
dl	0
loc	74
rs	8.6628
cc	4
eloc	39
nc	8
nop	0

How to fix Long Method

<?php
/**
 * Class SAMLConfiguration
 *
 * This object's job is to convert configuration from SilverStripe config system
 * into an array that can be consumed by the Onelogin SAML implementation.
 *
 * The configuration tells the IdP and SP how to establish the circle of trust - i.e.
 * how to exchange certificates and which endpoints to use (e.g. see SAMLConfiguration::metadata).
 *
 * https://syncplicity.zendesk.com/hc/en-us/articles/202392814-Single-sign-on-with-ADFS
 */
class SAMLConfiguration extends Object
namespace YourVendor;

class YourClass { }
{
    /**
     * @var bool
     */
    private static $strict;


    /**
     * @var bool
     */
    private static $debug;


    /**
     * @var array
     */
    private static $SP;


    /**
     * @var array
     */
    private static $IdP;


    /**
     * @return array
     */
    public function asArray()
    {
        $conf = array();

        $conf['strict'] = $this->config()->get('strict');
        $conf['debug'] = $this->config()->get('debug');

        // SERVICE PROVIDER SECTION
        $sp = $this->config()->get('SP');
        $certPath = Director::is_absolute($sp['x509cert']) ? $sp['x509cert'] : sprintf('%s/%s', BASE_PATH, $sp['x509cert']);
        $keyPath = Director::is_absolute($sp['privateKey']) ? $sp['privateKey'] : sprintf('%s/%s', BASE_PATH, $sp['privateKey']);
        $conf['sp']['entityId'] = $sp['entityId'];
        $conf['sp']['assertionConsumerService'] = array(
            'url' => $sp['entityId'] . '/saml/acs',
            'binding' => OneLogin_Saml2_Constants::BINDING_HTTP_POST
        );
        $conf['sp']['NameIDFormat'] = OneLogin_Saml2_Constants::NAMEID_TRANSIENT;
        $conf['sp']['x509cert'] = file_get_contents($certPath);
        $conf['sp']['privateKey'] = file_get_contents($keyPath);

        // IDENTITY PROVIDER SECTION
        $idp = $this->config()->get('IdP');
        $conf['idp']['entityId'] = $idp['entityId'];
        $conf['idp']['singleSignOnService'] = array(
            'url' => $idp['singleSignOnService'],
            'binding' => OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT,
        );
        if (isset($idp['singleLogoutService'])) {
            $conf['idp']['singleLogoutService'] = array(
                'url' => $idp['singleLogoutService'],
                'binding' => OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT,
            );
        }

        $conf['idp']['x509cert'] = file_get_contents($certPath);

        // SECURITY SECTION
        $conf['security'] = array(
            /** signatures and encryptions offered */
            // Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted.
            'nameIdEncrypted' => true,
            // Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]
            'authnRequestsSigned' => true,
            // Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed.
            'logoutRequestSigned' => true,
            // Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed.
            'logoutResponseSigned' => true,
            'signMetadata' => false,
            /** signatures and encryptions required **/
            // Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest>
            // and <samlp:LogoutResponse> elements received by this SP to be signed.
            'wantMessagesSigned' => false,
            // Indicates a requirement for the <saml:Assertion> elements received by
            // this SP to be signed. [Metadata of the SP will offer this info]
            'wantAssertionsSigned' => true,
            // Indicates a requirement for the NameID received by
            // this SP to be encrypted.
            'wantNameIdEncrypted' => false,
            // Authentication context.
            // Set to false and no AuthContext will be sent in the AuthNRequest,
            // Set true or don't present thi parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
            // Set an array with the possible auth context values: array ('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'),
            'requestedAuthnContext' => array(
                'urn:federation:authentication:windows',
                'urn:oasis:names:tc:SAML:2.0:ac:classes:Password',
                'urn:oasis:names:tc:SAML:2.0:ac:classes:X509',
            ),
            // Indicates if the SP will validate all received xmls.
            // (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true).
            'wantXMLValidation' => true,
        );

        return $conf;
    }
}


1			<?php
2			/**
3			* Class SAMLConfiguration
4			*
5			* This object's job is to convert configuration from SilverStripe config system
6			* into an array that can be consumed by the Onelogin SAML implementation.
7			*
8			* The configuration tells the IdP and SP how to establish the circle of trust - i.e.
9			* how to exchange certificates and which endpoints to use (e.g. see SAMLConfiguration::metadata).
10			*
11			* https://syncplicity.zendesk.com/hc/en-us/articles/202392814-Single-sign-on-with-ADFS
12			*/
13			class SAMLConfiguration extends Object
			0 ignored issues – show Coding Style Compatibility introduced 2016-03-22 20:04 UTC by Report Bug Copy Issue Report PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
14			{
15			/**
16			* @var bool
17			*/
18			private static $strict;
			0 ignored issues – show Unused Code introduced 2016-03-22 20:04 UTC by Report Bug Copy Issue Report The property `$strict` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
19
20			/**
21			* @var bool
22			*/
23			private static $debug;
			0 ignored issues – show Unused Code introduced 2016-03-22 20:04 UTC by Report Bug Copy Issue Report The property `$debug` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
24
25			/**
26			* @var array
27			*/
28			private static $SP;
			0 ignored issues – show Unused Code introduced 2016-03-22 20:04 UTC by Report Bug Copy Issue Report The property `$SP` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
29
30			/**
31			* @var array
32			*/
33			private static $IdP;
			0 ignored issues – show Unused Code introduced 2016-03-22 20:04 UTC by Report Bug Copy Issue Report The property `$IdP` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
34
35			/**
36			* @return array
37			*/
38			public function asArray()
39			{
40			$conf = array();
41
42			$conf['strict'] = $this->config()->get('strict');
43			$conf['debug'] = $this->config()->get('debug');
44
45			// SERVICE PROVIDER SECTION
46			$sp = $this->config()->get('SP');
47			$certPath = Director::is_absolute($sp['x509cert']) ? $sp['x509cert'] : sprintf('%s/%s', BASE_PATH, $sp['x509cert']);
48			$keyPath = Director::is_absolute($sp['privateKey']) ? $sp['privateKey'] : sprintf('%s/%s', BASE_PATH, $sp['privateKey']);
49			$conf['sp']['entityId'] = $sp['entityId'];
50			$conf['sp']['assertionConsumerService'] = array(
51			'url' => $sp['entityId'] . '/saml/acs',
52			'binding' => OneLogin_Saml2_Constants::BINDING_HTTP_POST
53			);
54			$conf['sp']['NameIDFormat'] = OneLogin_Saml2_Constants::NAMEID_TRANSIENT;
55			$conf['sp']['x509cert'] = file_get_contents($certPath);
56			$conf['sp']['privateKey'] = file_get_contents($keyPath);
57
58			// IDENTITY PROVIDER SECTION
59			$idp = $this->config()->get('IdP');
60			$conf['idp']['entityId'] = $idp['entityId'];
61			$conf['idp']['singleSignOnService'] = array(
62			'url' => $idp['singleSignOnService'],
63			'binding' => OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT,
64			);
65			if (isset($idp['singleLogoutService'])) {
66			$conf['idp']['singleLogoutService'] = array(
67			'url' => $idp['singleLogoutService'],
68			'binding' => OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT,
69			);
70			}
71
72			$conf['idp']['x509cert'] = file_get_contents($certPath);
73
74			// SECURITY SECTION
75			$conf['security'] = array(
76			/** signatures and encryptions offered */
77			// Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted.
78			'nameIdEncrypted' => true,
79			// Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]
80			'authnRequestsSigned' => true,
81			// Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed.
82			'logoutRequestSigned' => true,
83			// Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed.
84			'logoutResponseSigned' => true,
85			'signMetadata' => false,
86			/ signatures and encryptions required /
87			// Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest>
88			// and <samlp:LogoutResponse> elements received by this SP to be signed.
89			'wantMessagesSigned' => false,
90			// Indicates a requirement for the <saml:Assertion> elements received by
91			// this SP to be signed. [Metadata of the SP will offer this info]
92			'wantAssertionsSigned' => true,
93			// Indicates a requirement for the NameID received by
94			// this SP to be encrypted.
95			'wantNameIdEncrypted' => false,
96			// Authentication context.
97			// Set to false and no AuthContext will be sent in the AuthNRequest,
98			// Set true or don't present thi parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
99			// Set an array with the possible auth context values: array ('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'),
100			'requestedAuthnContext' => array(
101			'urn:federation:authentication:windows',
102			'urn:oasis:names:tc:SAML:2.0:ac:classes:Password',
103			'urn:oasis:names:tc:SAML:2.0:ac:classes:X509',
104			),
105			// Indicates if the SP will validate all received xmls.
106			// (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true).
107			'wantXMLValidation' => true,
108			);
109
110			return $conf;
111			}
112			}
113

silverstripe / silverstripe-activedirectory

Pull Request — master (#61)

SAMLConfiguration::asArray() B

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like