Ldap::login() - Code Metrics - Inspection of "AD support" - simplesamlphp/simplesamlphp-module-ldap - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#32)

by Tim

created 2022-03-11 09:23 UTC

Ldap::login() B

↳ Parent: Ldap

Complexity

Conditions	8
Paths	17

Size

Total Lines	81
Code Lines	52

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	8
eloc	52
c	1
b	0
f	0
nc	17
nop	2
dl	0
loc	81
rs	7.8028

How to fix Long Method

<?php

declare(strict_types=1);

namespace SimpleSAML\Module\ldap\Auth\Source;

use SimpleSAML\Assert\Assert;
use SimpleSAML\Configuration;
use SimpleSAML\Error;
use SimpleSAML\Module\core\Auth\UserPassBase;
use SimpleSAML\Module\ldap\Connector;
use SimpleSAML\Module\ldap\ConnectorInterface;
use Symfony\Component\Ldap\Adapter\ExtLdap\Query;

use function array_fill_keys;
use function array_keys;
use function array_map;
use function array_values;
use function sprintf;
use function str_replace;
use function var_export;

/**
 * LDAP authentication source.
 *
 * See the ldap-entry in config-templates/authsources.php for information about
 * configuration of this authentication source.
 *
 * @package simplesamlphp/simplesamlphp-module-ldap
 */

class Ldap extends UserPassBase
{
    /**
     * @var \SimpleSAML\Module\ldap\ConnectorInterface
     */
    protected ConnectorInterface $connector;

    /**
     * An LDAP configuration object.
     */
    protected Configuration $ldapConfig;


    /**
     * Constructor for this authentication source.
     *
     * @param array $info  Information about this authentication source.
     * @param array $config  Configuration.
     */
    public function __construct(array $info, array $config)
    {
        // Call the parent constructor first, as required by the interface
        parent::__construct($info, $config);

        $this->ldapConfig = Configuration::loadFromArray(
            $config,
            'authsources[' . var_export($this->authId, true) . ']'
        );

        $this->connector = $this->resolveConnector();
    }


    /**
     * Attempt to log in using the given username and password.
     *
     * @param string $username  The username the user wrote.
     * @param string $password  The password the user wrote.
     * @return array  Associative array with the users attributes.
     */
    protected function login(string $username, string $password): array
    {
        $timeout = $this->ldapConfig->getInteger('timeout', 3);
        Assert::positiveInteger($timeout);

        $searchScope = $this->ldapConfig->getString('search.scope', Query::SCOPE_SUB);
        Assert::oneOf($searchScope, [Query::SCOPE_BASE, Query::SCOPE_ONE, Query::SCOPE_SUB]);

        $timeout = $this->ldapConfig->getInteger('timeout', 3);
        $searchBase = $this->ldapConfig->getArray('search.base');
        $options = [
            'scope' => $searchScope,
            'timeout' => $timeout,
        ];

        $searchEnable = $this->ldapConfig->getBoolean('search.enable', false);
        if ($searchEnable === false) {
            $dnPattern = $this->ldapConfig->getString('dnpattern');
            $dn = str_replace('%username%', $username, $dnPattern);
        } else {
            $searchUsername = $this->ldapConfig->getString('search.username');
            Assert::notWhitespaceOnly($searchUsername);

            $searchPassword = $this->ldapConfig->getString('search.password', null);
            Assert::nullOrnotWhitespaceOnly($searchPassword);

            $searchAttributes = $this->ldapConfig->getArray('search.attributes');
            $searchFilter = $this->ldapConfig->getString('search.filter', null);

            try {
                $this->connector->bind($searchUsername, $searchPassword);
            } catch (Error\Error $e) {
                throw new Error\Exception("Unable to bind using the configured search.username and search.password.");
            }

            $filter = '';
            foreach ($searchAttributes as $attr) {
                $filter .= '(' . $attr . '=' . $username . ')';
            }
            $filter = '(|' . $filter . ')';

            // Append LDAP filters if defined
            if ($searchFilter !== null) {
                $filter = "(&" . $filter . $searchFilter . ")";
            }

            try {
                /** @psalm-var \Symfony\Component\Ldap\Entry $entry */
                $entry = $this->connector->search($searchBase, $filter, $options, false);
                $dn = $entry->getDn();
            } catch (Error\Exception $e) {
                throw new Error\Error('WRONGUSERPASS');
            }
        }

        $this->connector->bind($dn, $password);
        $filter = sprintf('(distinguishedName=%s)', $dn);

        /** @psalm-var \Symfony\Component\Ldap\Entry $entry */
        $entry = $this->connector->search($searchBase, $filter, $options, false);

        $attributes = $this->ldapConfig->getValue('attributes', []);
        if ($attributes === null) {
            $result = $entry->getAttributes();
        } else {
            Assert::isArray($attributes);
            $result = array_intersect_key(
                $entry->getAttributes(),
                array_fill_keys(array_values($attributes), null)
            );
        }

        $binaries = array_intersect(
            array_keys($result),
            $this->ldapConfig->getArray('attributes.binary', []),
        );
        foreach ($binaries as $binary) {
            $result[$binary] = array_map('base64_encode', $result[$binary]);
        }

        return $result;
    }

    /**
     * Resolve the connector
     *
     * @return \SimpleSAML\Module\ldap\ConnectorInterface
     * @throws \Exception
     */
    protected function resolveConnector(): ConnectorInterface
    {
        if (!empty($this->connector)) {
            return $this->connector;
        }

        $encryption = $this->ldapConfig->getString('encryption', 'ssl');
        Assert::oneOf($encryption, ['none', 'ssl', 'tls']);

        $version = $this->ldapConfig->getInteger('version', 3);
        Assert::positiveInteger($version);

        $class = $this->ldapConfig->getString('connector', Connector\Ldap::class);
        Assert::classExists($class);
        Assert::implementsInterface($class, ConnectorInterface::class);

        return $this->connector = new $class(
            $this->ldapConfig->getString('connection_string'),
            $encryption,
            $version,
            $this->ldapConfig->getString('extension', 'ext_ldap'),
            $this->ldapConfig->getBoolean('debug', false),
            $this->ldapConfig->getArray('options', []),
        );
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace SimpleSAML\Module\ldap\Auth\Source;
6
7			use SimpleSAML\Assert\Assert;
8			use SimpleSAML\Configuration;
9			use SimpleSAML\Error;
10			use SimpleSAML\Module\core\Auth\UserPassBase;
11			use SimpleSAML\Module\ldap\Connector;
12			use SimpleSAML\Module\ldap\ConnectorInterface;
13			use Symfony\Component\Ldap\Adapter\ExtLdap\Query;
14
15			use function array_fill_keys;
16			use function array_keys;
17			use function array_map;
18			use function array_values;
19			use function sprintf;
20			use function str_replace;
21			use function var_export;
22
23			/**
24			* LDAP authentication source.
25			*
26			* See the ldap-entry in config-templates/authsources.php for information about
27			* configuration of this authentication source.
28			*
29			* @package simplesamlphp/simplesamlphp-module-ldap
30			*/
31
32			class Ldap extends UserPassBase
33			{
34			/**
35			* @var \SimpleSAML\Module\ldap\ConnectorInterface
36			*/
37			protected ConnectorInterface $connector;
38
39			/**
40			* An LDAP configuration object.
41			*/
42			protected Configuration $ldapConfig;
43
44
45			/**
46			* Constructor for this authentication source.
47			*
48			* @param array $info Information about this authentication source.
49			* @param array $config Configuration.
50			*/
51			public function __construct(array $info, array $config)
52			{
53			// Call the parent constructor first, as required by the interface
54			parent::__construct($info, $config);
55
56			$this->ldapConfig = Configuration::loadFromArray(
57			$config,
58			'authsources[' . var_export($this->authId, true) . ']'
59			);
60
61			$this->connector = $this->resolveConnector();
62			}
63
64
65			/**
66			* Attempt to log in using the given username and password.
67			*
68			* @param string $username The username the user wrote.
69			* @param string $password The password the user wrote.
70			* @return array Associative array with the users attributes.
71			*/
72			protected function login(string $username, string $password): array
73			{
74			$timeout = $this->ldapConfig->getInteger('timeout', 3);
75			Assert::positiveInteger($timeout);
76
77			$searchScope = $this->ldapConfig->getString('search.scope', Query::SCOPE_SUB);
78			Assert::oneOf($searchScope, [Query::SCOPE_BASE, Query::SCOPE_ONE, Query::SCOPE_SUB]);
79
80			$timeout = $this->ldapConfig->getInteger('timeout', 3);
81			$searchBase = $this->ldapConfig->getArray('search.base');
82			$options = [
83			'scope' => $searchScope,
84			'timeout' => $timeout,
85			];
86
87			$searchEnable = $this->ldapConfig->getBoolean('search.enable', false);
88			if ($searchEnable === false) {
89			$dnPattern = $this->ldapConfig->getString('dnpattern');
90			$dn = str_replace('%username%', $username, $dnPattern);
91			} else {
92			$searchUsername = $this->ldapConfig->getString('search.username');
93			Assert::notWhitespaceOnly($searchUsername);
94
95			$searchPassword = $this->ldapConfig->getString('search.password', null);
96			Assert::nullOrnotWhitespaceOnly($searchPassword);
97
98			$searchAttributes = $this->ldapConfig->getArray('search.attributes');
99			$searchFilter = $this->ldapConfig->getString('search.filter', null);
100
101			try {
102			$this->connector->bind($searchUsername, $searchPassword);
103			} catch (Error\Error $e) {
104			throw new Error\Exception("Unable to bind using the configured search.username and search.password.");
105			}
106
107			$filter = '';
108			foreach ($searchAttributes as $attr) {
109			$filter .= '(' . $attr . '=' . $username . ')';
110			}
111			$filter = '(\|' . $filter . ')';
112
113			// Append LDAP filters if defined
114			if ($searchFilter !== null) {
115			$filter = "(&" . $filter . $searchFilter . ")";
116			}
117
118			try {
119			/** @psalm-var \Symfony\Component\Ldap\Entry $entry */
120			$entry = $this->connector->search($searchBase, $filter, $options, false);
121			$dn = $entry->getDn();
122			} catch (Error\Exception $e) {
123			throw new Error\Error('WRONGUSERPASS');
124			}
125			}
126
127			$this->connector->bind($dn, $password);
128			$filter = sprintf('(distinguishedName=%s)', $dn);
129
130			/** @psalm-var \Symfony\Component\Ldap\Entry $entry */
131			$entry = $this->connector->search($searchBase, $filter, $options, false);
132
133			$attributes = $this->ldapConfig->getValue('attributes', []);
134			if ($attributes === null) {
135			$result = $entry->getAttributes();
136			} else {
137			Assert::isArray($attributes);
138			$result = array_intersect_key(
139			$entry->getAttributes(),
140			array_fill_keys(array_values($attributes), null)
141			);
142			}
143
144			$binaries = array_intersect(
145			array_keys($result),
146			$this->ldapConfig->getArray('attributes.binary', []),
147			);
148			foreach ($binaries as $binary) {
149			$result[$binary] = array_map('base64_encode', $result[$binary]);
150			}
151
152			return $result;
153			}
154
155			/**
156			* Resolve the connector
157			*
158			* @return \SimpleSAML\Module\ldap\ConnectorInterface
159			* @throws \Exception
160			*/
161			protected function resolveConnector(): ConnectorInterface
162			{
163			if (!empty($this->connector)) {
164			return $this->connector;
165			}
166
167			$encryption = $this->ldapConfig->getString('encryption', 'ssl');
168			Assert::oneOf($encryption, ['none', 'ssl', 'tls']);
169
170			$version = $this->ldapConfig->getInteger('version', 3);
171			Assert::positiveInteger($version);
172
173			$class = $this->ldapConfig->getString('connector', Connector\Ldap::class);
174			Assert::classExists($class);
175			Assert::implementsInterface($class, ConnectorInterface::class);
176
177			return $this->connector = new $class(
178			$this->ldapConfig->getString('connection_string'),
179			$encryption,
180			$version,
181			$this->ldapConfig->getString('extension', 'ext_ldap'),
182			$this->ldapConfig->getBoolean('debug', false),
183			$this->ldapConfig->getArray('options', []),
184			);
185			}
186			}
187

simplesamlphp / simplesamlphp-module-ldap

Pull Request — master (#32)

Ldap::login() B

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like