ExpiryWarning::process() - Code Metrics - Inspection of "Fix regarding typed properties" - simplesamlphp/simplesamlphp-module-authX509 - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( ab5510...5e8a37 )

by Tim

created 2021-01-23 17:00 UTC

ExpiryWarning::process() B

↳ Parent: Project

Complexity

Conditions	7
Paths	5

Size

Total Lines	36
Code Lines	22

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	7
eloc	22
nc	5
nop	1
dl	0
loc	36
rs	8.6346
c	0
b	0
f	0

<?php

declare(strict_types=1);

namespace SimpleSAML\Module\authX509\Auth\Process;

use SimpleSAML\Assert\Assert;
use SimpleSAML\Auth;
use SimpleSAML\Logger;
use SimpleSAML\Module;
use SimpleSAML\Utils;
use Webmozart\Assert\Assert;


/**
 * Filter which shows a warning if the user's client certificate is about to expire.
 *
 ** <code>
 * // show about2xpire warning if client certificate is about to expire
 * 10 => array(
 *     'class' => 'authX509:ExpiryWarning',
 *     'warndaysbefore' => 30,
 * ),
 * </code>
 *
 * @package SimpleSAMLphp
 */

class ExpiryWarning extends Auth\ProcessingFilter
{
    /** @var int */
    private int $warndaysbefore = 30;

    /** @var string|null */
    private ?string $renewurl = null;

    /**
     * Initialize this filter.
     *
     * @param array $config  Configuration information about this filter.
     * @param mixed $reserved  For future use.
     */
    public function __construct(array $config, $reserved)
    {
        parent::__construct($config, $reserved);

        if (array_key_exists('warndaysbefore', $config)) {
            $this->warndaysbefore = $config['warndaysbefore'];
            Assert::integer(
                $this->warndaysbefore
                'Invalid value for \'warndaysbefore\'-option to authX509::ExpiryWarning filter.'
            );
        }

        if (array_key_exists('renewurl', $config)) {
            $this->renewurl = $config['renewurl'];
            Assert::string(
                $this->renewurl,
                'Invalid value for \'renewurl\'-option to authX509::ExpiryWarning filter.'
            );
        }
    }

    /**
     * Process an authentication response.
     *
     * This function saves the state, and if necessary redirects the user to the page where the user
     * is informed about the expiry date of his/her certificate.
     *
     * @param array $state  The state of the response.
     */
    public function process(array &$state): void
    {
        if (isset($state['isPassive']) && $state['isPassive'] === true) {
            // We have a passive request. Skip the warning
            return;
        }

        if (
            !isset($_SERVER['SSL_CLIENT_CERT']) ||
            ($_SERVER['SSL_CLIENT_CERT'] == '')
        ) {
            return;
        }

        $client_cert = $_SERVER['SSL_CLIENT_CERT'];
        $client_cert_data = openssl_x509_parse($client_cert);
        if ($client_cert_data == false) {
            Logger::error('authX509: invalid cert');
            return;
        }
        $validTo = $client_cert_data['validTo_time_t'];
        $now = time();
        $daysleft = (int) (($validTo - $now) / 86400); //24*60*60
        if ($daysleft > $this->warndaysbefore) {
            // We have a certificate that will be valid for some time. Skip the warning
            return;
        }

        Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days');
        $state['daysleft'] = $daysleft;
        $state['renewurl'] = $this->renewurl;

        // Save state and redirect
        $id = Auth\State::saveState($state, 'warning:expire');
        $url = Module::getModuleURL('authX509/expirywarning.php');
        Utils\HTTP::redirectTrustedURL($url, ['StateId' => $id]);
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace SimpleSAML\Module\authX509\Auth\Process;
6
7			use SimpleSAML\Assert\Assert;
8			use SimpleSAML\Auth;
9			use SimpleSAML\Logger;
10			use SimpleSAML\Module;
11			use SimpleSAML\Utils;
12			use Webmozart\Assert\Assert;
			0 ignored issues – show Bug introduced 2021-01-23 17:02 UTC by Report Bug Copy Issue Report A parse error occurred: Cannot use Webmozart\Assert\Assert as Assert because the name is already in use Loading history...
13
14			/**
15			* Filter which shows a warning if the user's client certificate is about to expire.
16			*
17			** <code>
18			* // show about2xpire warning if client certificate is about to expire
19			* 10 => array(
20			* 'class' => 'authX509:ExpiryWarning',
21			* 'warndaysbefore' => 30,
22			* ),
23			* </code>
24			*
25			* @package SimpleSAMLphp
26			*/
27
28			class ExpiryWarning extends Auth\ProcessingFilter
29			{
30			/** @var int */
31			private int $warndaysbefore = 30;
32
33			/** @var string\|null */
34			private ?string $renewurl = null;
35
36			/**
37			* Initialize this filter.
38			*
39			* @param array $config Configuration information about this filter.
40			* @param mixed $reserved For future use.
41			*/
42			public function __construct(array $config, $reserved)
43			{
44			parent::__construct($config, $reserved);
45
46			if (array_key_exists('warndaysbefore', $config)) {
47			$this->warndaysbefore = $config['warndaysbefore'];
48			Assert::integer(
49			$this->warndaysbefore
50			'Invalid value for \'warndaysbefore\'-option to authX509::ExpiryWarning filter.'
51			);
52			}
53
54			if (array_key_exists('renewurl', $config)) {
55			$this->renewurl = $config['renewurl'];
56			Assert::string(
57			$this->renewurl,
58			'Invalid value for \'renewurl\'-option to authX509::ExpiryWarning filter.'
59			);
60			}
61			}
62
63			/**
64			* Process an authentication response.
65			*
66			* This function saves the state, and if necessary redirects the user to the page where the user
67			* is informed about the expiry date of his/her certificate.
68			*
69			* @param array $state The state of the response.
70			*/
71			public function process(array &$state): void
72			{
73			if (isset($state['isPassive']) && $state['isPassive'] === true) {
74			// We have a passive request. Skip the warning
75			return;
76			}
77
78			if (
79			!isset($_SERVER['SSL_CLIENT_CERT']) \|\|
80			($_SERVER['SSL_CLIENT_CERT'] == '')
81			) {
82			return;
83			}
84
85			$client_cert = $_SERVER['SSL_CLIENT_CERT'];
86			$client_cert_data = openssl_x509_parse($client_cert);
87			if ($client_cert_data == false) {
88			Logger::error('authX509: invalid cert');
89			return;
90			}
91			$validTo = $client_cert_data['validTo_time_t'];
92			$now = time();
93			$daysleft = (int) (($validTo - $now) / 86400); //246060
94			if ($daysleft > $this->warndaysbefore) {
95			// We have a certificate that will be valid for some time. Skip the warning
96			return;
97			}
98
99			Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days');
100			$state['daysleft'] = $daysleft;
101			$state['renewurl'] = $this->renewurl;
102
103			// Save state and redirect
104			$id = Auth\State::saveState($state, 'warning:expire');
105			$url = Module::getModuleURL('authX509/expirywarning.php');
106			Utils\HTTP::redirectTrustedURL($url, ['StateId' => $id]);
107			}
108			}
109

simplesamlphp / simplesamlphp-module-authX509

Push — master ( ab5510...5e8a37 )

ExpiryWarning::process() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like