Issues in SamlValidateResponder.php - Fixed Issues - Inspection of "Import Shib13-class from SSP" - simplesamlphp/simplesamlphp-module-casserver - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 38fbdf...ca585a )

by Tim

created 2020-02-19 20:00 UTC

lib/Cas/Protocol/SamlValidateResponder.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php

namespace SimpleSAML\Module\casserver\Cas\Protocol;

use SimpleSAML\Configuration;
use SimpleSAML\XML\Shib13\AuthnResponse;
filter:
    dependency_paths: ["lib/*"]

class SamlValidateResponder
{
    /**
     * Converts a ticket to saml1 response. Caller likely needs wrap in SOAP
     * to return to a client.
     * @param array $ticket The cas ticket
     * @return string The saml 1 xml for the CAS response
     */
    public function convertToSaml(array $ticket): string
    {
        $serviceUrl = $ticket['service'];
        $attributes = $ticket['attributes'];
        $user = $ticket['userName'];

        $ar = new AuthnResponse();
        $idpMetadata = [
            // CAS doesn't seem to care what this is, however SSP code requires it to be set
            'entityid' => 'localhost'
        ];
        $spMetadata = [
            'entityid' => $serviceUrl,
        ];
        $shire = $serviceUrl; //the recpient
        $authnResponseXML = $ar->generate(
            Configuration::loadFromArray($idpMetadata),
            Configuration::loadFromArray($spMetadata),
            $shire,
            $attributes
        );

        // replace NameIdentifier with actually username
        $ret = preg_replace(
            '|<NameIdentifier(.*)>.*</NameIdentifier>|',
            '<NameIdentifier$1>' . htmlspecialchars($user) . '</NameIdentifier>',
            $authnResponseXML
        );
        // CAS seems to prefer this type of assertiond
        $ret = str_replace('urn:oasis:names:tc:SAML:1.0:cm:bearer', 'urn:oasis:names:tc:SAML:1.0:cm:artifact', $ret);
        // CAS uses a different namespace for attributes
        $ret = str_replace(
            'urn:mace:shibboleth:1.0:attributeNamespace:uri',
            'http://www.ja-sig.org/products/cas/',
            $ret
        );
        return $ret;
    }


    /**
     * @param string $samlResponse
     * @return string
     */
    public function wrapInSoap(string $samlResponse): string
    {
        $envelope = <<<SOAP
<?xml version="1.0" encoding="utf-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header />
    <SOAP-ENV:Body>$samlResponse</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
SOAP;
        return $envelope;
    }
}


1			<?php
2
3			namespace SimpleSAML\Module\casserver\Cas\Protocol;
4
5			use SimpleSAML\Configuration;
6			use SimpleSAML\XML\Shib13\AuthnResponse;
			0 ignored issues – show Bug introduced 2020-02-16 20:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `SimpleSAML\XML\Shib13\AuthnResponse` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
7
8			class SamlValidateResponder
9			{
10			/**
11			* Converts a ticket to saml1 response. Caller likely needs wrap in SOAP
12			* to return to a client.
13			* @param array $ticket The cas ticket
14			* @return string The saml 1 xml for the CAS response
15			*/
16			public function convertToSaml(array $ticket): string
17			{
18			$serviceUrl = $ticket['service'];
19			$attributes = $ticket['attributes'];
20			$user = $ticket['userName'];
21
22			$ar = new AuthnResponse();
23			$idpMetadata = [
24			// CAS doesn't seem to care what this is, however SSP code requires it to be set
25			'entityid' => 'localhost'
26			];
27			$spMetadata = [
28			'entityid' => $serviceUrl,
29			];
30			$shire = $serviceUrl; //the recpient
31			$authnResponseXML = $ar->generate(
32			Configuration::loadFromArray($idpMetadata),
33			Configuration::loadFromArray($spMetadata),
34			$shire,
35			$attributes
36			);
37
38			// replace NameIdentifier with actually username
39			$ret = preg_replace(
40			'\|<NameIdentifier(.)>.</NameIdentifier>\|',
41			'<NameIdentifier$1>' . htmlspecialchars($user) . '</NameIdentifier>',
42			$authnResponseXML
43			);
44			// CAS seems to prefer this type of assertiond
45			$ret = str_replace('urn:oasis:names:tc:SAML:1.0:cm:bearer', 'urn:oasis:names:tc:SAML:1.0:cm:artifact', $ret);
46			// CAS uses a different namespace for attributes
47			$ret = str_replace(
48			'urn:mace:shibboleth:1.0:attributeNamespace:uri',
49			'http://www.ja-sig.org/products/cas/',
50			$ret
51			);
52			return $ret;
53			}
54
55
56			/**
57			* @param string $samlResponse
58			* @return string
59			*/
60			public function wrapInSoap(string $samlResponse): string
61			{
62			$envelope = <<<SOAP
63			<?xml version="1.0" encoding="utf-8"?>
64			<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
65			<SOAP-ENV:Header />
66			<SOAP-ENV:Body>$samlResponse</SOAP-ENV:Body>
67			</SOAP-ENV:Envelope>
68			SOAP;
69			return $envelope;
70			}
71			}
72

simplesamlphp / simplesamlphp-module-casserver

Push — master ( 38fbdf...ca585a )

lib/Cas/Protocol/SamlValidateResponder.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like