SimpleSAML\Module\ldap\Connector\ActiveDirectory

Complexity

Total Complexity

5

Size/Duplication

Total Lines	35
Duplicated Lines	0 %

Importance

Changes

0

1 Method

Rating	Name	Duplication	Size	Complexity
A	resolveBindException()	0	21	5

<?php

declare(strict_types=1);

namespace SimpleSAML\Module\ldap\Connector;

use SimpleSAML\Module\ldap\Auth\InvalidCredentialResult;

use function ldap_get_option;

/**
 * Extends Ldap so that we can diagnose error messages from MS Active Directory
 */
class ActiveDirectory extends Ldap
{
    public const ERR_PASSWORD_RESET = 'RESETPASSWORD';

    public const ERR_ACCOUNT_RESET = 'RESETACCOUNT';

    public const ERR_LOGON_RESTRICTION = 'LOGONRESTRICTION';


    /**
     * Resolves the bind exception
     *
     * @return string
     */
    protected function resolveBindException(): string
    {
        ldap_get_option(
            $this->adapter->getConnection()->getResource(),

The method getResource() does not exist on Symfony\Component\Ldap\Adapter\ConnectionInterface. It seems like you code against a sub-type of Symfony\Component\Ldap\Adapter\ConnectionInterface such as Symfony\Component\Ldap\Adapter\ExtLdap\Connection.

            LDAP_OPT_DIAGNOSTIC_MESSAGE,
            $message,
        );

        $result  = InvalidCredentialResult::fromDiagnosticMessage($message);
        if ($result->isInvalidCredential()) {
            return self::ERR_WRONG_PASS;
        } elseif ($result->isPasswordError()) {
            return self::ERR_PASSWORD_RESET;
        } elseif ($result->isAccountError()) {
            return self::ERR_ACCOUNT_RESET;
        } elseif ($result->isRestricted()) {
            return self::ERR_LOGON_RESTRICTION;
        }

        // default to the wrong user pass
        return self::ERR_WRONG_PASS;
    }
}