Ldap - Code Metrics - Inspection of "WIP: Migrate to symfony/ldap" - simplesamlphp/simplesamlphp-module-ldap - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#28)

by Tim

created 2021-09-06 12:07 UTC

Ldap A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	241
Duplicated Lines	0 %

Importance

Changes	4
Bugs	0	Features	0

Metric	Value
wmc	25
eloc	86
c	4
b	0
f	0
dl	0
loc	241
rs	10

6 Methods

Rating	Name	Size	Complexity
A	searchForMultiple()	33	5
A	create()	26	2
A	asc2hex32()	16	4
B	search()	49	7
A	escapeFilterValue()	28	4
A	bind()	12	3

<?php

declare(strict_types=1);

namespace SimpleSAML\Module\ldap\Utils;

use SimpleSAML\Assert\Assert;
use SimpleSAML\Error;
use SimpleSAML\Logger;
use SimpleSAML\Utils;
use Symfony\Component\Ldap\Entry;
use Symfony\Component\Ldap\Exception\ConnectionException;
use Symfony\Component\Ldap\Ldap as LdapObject;

use function array_pop;
use function count;
use function dechex;
use function is_array;
use function ord;
use function sprintf;
use function strlen;
use function strval;
use function substr;
use function str_replace;

/**
 * LDAP utilities
 *
 * @package simplesamlphp/simplesamlphp-module-ldap
 */

class Ldap
{
    /**
     * Create Ldap resource objects
     *
     * @param array $connection_strings
     * @param string $encryption
     * @param int $version
     * @param string $extension
     * @param bool $debug
     * @param array $options
     * @return \Symfony\Component\Ldap\Ldap[]
     */
    public function create(
        array $connection_strings,
        string $encryption = 'ssl',
        int $version = 3,
        string $extension = 'ext_ldap',
        bool $debug = false,
        array $options = ['referrals' => false, 'network_timeout' => 3]
    ): array {
        $ldapServers = [];

        foreach ($connection_strings as $connection_string) {
            Assert::regex($connection_string, '#^ldap[s]?:\/\/#');

            $ldapServers[] = LdapObject::create(
                $extension,
                [
                    'connection_string' => $connection_string,
                    'encryption' => $encryption,
                    'version' => $version,
                    'debug' => $debug,
                    'options' => $options,
                ]
            );
        }

        return $ldapServers;
    }


    /**
     * Bind to an LDAP-server
     *
     * @param \Symfony\Component\Ldap\Ldap[] $ldapServers
     * @param string $username
     * @param string|null $password  Null for passwordless logon
     * @throws \SimpleSAML\Error\Exception if none of the LDAP-servers could be contacted
     */
    public function bind(array $ldapServers, string $username, ?string $password): LdapObject
    {
        foreach ($ldapServers as $ldap) {
            try {
                $ldap->bind($username, strval($password));
                return $ldap;
            } catch (ConnectionException $e) {
                // Try next server
            }
        }

        throw new Error\Exception("Unable to bind to any of the configured LDAP servers.");
    }


    /**
     * Search the LDAP-directory for a specific object
     *
     * @param \Symfony\Component\Ldap\Ldap $ldap
     * @param array $searchBase
     * @param string $filter
     * @param array $options
     * @param boolean $allowMissing
     * @return \Symfony\Component\Ldap\Entry|null The result of the search or null if none found
     * @throws \SimpleSAML\Error\Exception if more than one entry was found
     * @throws \SimpleSAML\Error\Exception if the object cannot be found using the given search base and filter
     */
    public function search(
        LdapObject $ldap,
        array $searchBase,
        string $filter,
        array $options,
        bool $allowMissing
    ): ?Entry {
        $entry = null;

        foreach ($searchBase as $base) {
            $query = $ldap->query($base, $filter, $options);
            $result = $query->execute();
            $result = is_array($result) ? $result : $result->toArray();

            if (count($result) > 1) {
                throw new Error\Exception(
                    sprintf(
                        "Library - LDAP search(): Found %d entries searching base '%s' for '%s'",
                        count($result),
                        $base,
                        $filter,
                    )
                );
            } elseif (count($result) === 1) {
                $entry = array_pop($result);
                break;
            } else {
                Logger::debug(
                    sprintf(
                        "Library - LDAP search(): Found no entries searching base '%s' for '%s'",
                        count($result),
                        $base,
                        $filter,
                    )
                );
            }
        }

        if ($entry === null && $allowMissing === false) {
            throw new Error\Exception(
                sprintf(
                    "Object not found using search base [%s] and filter '%s'",
                    implode(', ', $searchBase),
                    $filter
                )
            );
        }

        return $entry;
    }


    /**
     * Search the LDAP-directory for any object matching the search filter
     *
     * @param \Symfony\Component\Ldap\Ldap $ldap
     * @param array $searchBase
     * @param string $filter
     * @param array $options
     * @param boolean $allowMissing
     * @return \Symfony\Component\Ldap\Entry[] The result of the search
     * @throws \SimpleSAML\Error\Exception if more than one entry was found
     * @throws \SimpleSAML\Error\Exception if the object cannot be found using the given search base and filter
     */
    public function searchForMultiple(
        LdapObject $ldap,
        array $searchBase,
        string $filter,
        array $options,
        bool $allowMissing
    ): array {
        $results = [];

        foreach ($searchBase as $base) {
            $query = $ldap->query($base, $filter, $options);
            $result = $query->execute();
            $results = array_merge($results, is_array($result) ? $result : $result->toArray());

            sprintf(
                "Library - LDAP search(): Found %d entries searching base '%s' for '%s'",
                count($result),
                $base,
                $filter,
            );
        }

        if (empty($results) && ($allowMissing === false)) {
            throw new Error\Exception(
                sprintf(
                    "No Objects found using search base [%s] and filter '%s'",
                    implode(', ', $searchBase),
                    $filter
                )
            );
        }

        return $results;
    }


    /**
     * Escapes the given VALUES according to RFC 2254 so that they can be safely used in LDAP filters.
     *
     * Any control characters with an ASCII code < 32 as well as the characters with special meaning in
     * LDAP filters "*", "(", ")", and "\" (the backslash) are converted into the representation of a
     * backslash followed by two hex digits representing the hexadecimal value of the character.
     *
     * @param string|string[] $values Array of values to escape
     * @param bool $singleValue
     * @return string|string[] Array $values, but escaped
     */
    public function escapeFilterValue($values = [], bool $singleValue = true)
    {
        // Parameter validation
        $arrayUtils = new Utils\Arrays();
        $values = $arrayUtils->arrayize($values);

        foreach ($values as $key => $val) {
            if ($val === null) {
                $val = '\0'; // apply escaped "null" if string is empty
            } else {
                // Escaping of filter meta characters
                $val = str_replace('\\', '\5c', $val);
                $val = str_replace('*', '\2a', $val);
                $val = str_replace('(', '\28', $val);
                $val = str_replace(')', '\29', $val);

                // ASCII < 32 escaping
                $val = $this->asc2hex32($val);
            }

            $values[$key] = $val;
        }

        if ($singleValue) {
            return $values[0];
        }

        return $values;
    }


    /**
     * Converts all ASCII chars < 32 to "\HEX"
     *
     * @param string $string String to convert
     * @return string
     */
    public function asc2hex32(string $string): string
    {
        for ($i = 0; $i < strlen($string); $i++) {
            $char = substr($string, $i, 1);

            if (ord($char) < 32) {
                $hex = dechex(ord($char));
                if (strlen($hex) == 1) {
                    $hex = '0' . $hex;
                }

                $string = str_replace($char, '\\' . $hex, $string);
            }
        }

        return $string;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace SimpleSAML\Module\ldap\Utils;
6
7			use SimpleSAML\Assert\Assert;
8			use SimpleSAML\Error;
9			use SimpleSAML\Logger;
10			use SimpleSAML\Utils;
11			use Symfony\Component\Ldap\Entry;
12			use Symfony\Component\Ldap\Exception\ConnectionException;
13			use Symfony\Component\Ldap\Ldap as LdapObject;
14
15			use function array_pop;
16			use function count;
17			use function dechex;
18			use function is_array;
19			use function ord;
20			use function sprintf;
21			use function strlen;
22			use function strval;
23			use function substr;
24			use function str_replace;
25
26			/**
27			* LDAP utilities
28			*
29			* @package simplesamlphp/simplesamlphp-module-ldap
30			*/
31
32			class Ldap
33			{
34			/**
35			* Create Ldap resource objects
36			*
37			* @param array $connection_strings
38			* @param string $encryption
39			* @param int $version
40			* @param string $extension
41			* @param bool $debug
42			* @param array $options
43			* @return \Symfony\Component\Ldap\Ldap[]
44			*/
45			public function create(
46			array $connection_strings,
47			string $encryption = 'ssl',
48			int $version = 3,
49			string $extension = 'ext_ldap',
50			bool $debug = false,
51			array $options = ['referrals' => false, 'network_timeout' => 3]
52			): array {
53			$ldapServers = [];
54
55			foreach ($connection_strings as $connection_string) {
56			Assert::regex($connection_string, '#^ldap[s]?:\/\/#');
57
58			$ldapServers[] = LdapObject::create(
59			$extension,
60			[
61			'connection_string' => $connection_string,
62			'encryption' => $encryption,
63			'version' => $version,
64			'debug' => $debug,
65			'options' => $options,
66			]
67			);
68			}
69
70			return $ldapServers;
71			}
72
73
74			/**
75			* Bind to an LDAP-server
76			*
77			* @param \Symfony\Component\Ldap\Ldap[] $ldapServers
78			* @param string $username
79			* @param string\|null $password Null for passwordless logon
80			* @throws \SimpleSAML\Error\Exception if none of the LDAP-servers could be contacted
81			*/
82			public function bind(array $ldapServers, string $username, ?string $password): LdapObject
83			{
84			foreach ($ldapServers as $ldap) {
85			try {
86			$ldap->bind($username, strval($password));
87			return $ldap;
88			} catch (ConnectionException $e) {
89			// Try next server
90			}
91			}
92
93			throw new Error\Exception("Unable to bind to any of the configured LDAP servers.");
94			}
95
96
97			/**
98			* Search the LDAP-directory for a specific object
99			*
100			* @param \Symfony\Component\Ldap\Ldap $ldap
101			* @param array $searchBase
102			* @param string $filter
103			* @param array $options
104			* @param boolean $allowMissing
105			* @return \Symfony\Component\Ldap\Entry\|null The result of the search or null if none found
106			* @throws \SimpleSAML\Error\Exception if more than one entry was found
107			* @throws \SimpleSAML\Error\Exception if the object cannot be found using the given search base and filter
108			*/
109			public function search(
110			LdapObject $ldap,
111			array $searchBase,
112			string $filter,
113			array $options,
114			bool $allowMissing
115			): ?Entry {
116			$entry = null;
117
118			foreach ($searchBase as $base) {
119			$query = $ldap->query($base, $filter, $options);
120			$result = $query->execute();
121			$result = is_array($result) ? $result : $result->toArray();
122
123			if (count($result) > 1) {
124			throw new Error\Exception(
125			sprintf(
126			"Library - LDAP search(): Found %d entries searching base '%s' for '%s'",
127			count($result),
128			$base,
129			$filter,
130			)
131			);
132			} elseif (count($result) === 1) {
133			$entry = array_pop($result);
134			break;
135			} else {
136			Logger::debug(
137			sprintf(
138			"Library - LDAP search(): Found no entries searching base '%s' for '%s'",
139			count($result),
140			$base,
141			$filter,
142			)
143			);
144			}
145			}
146
147			if ($entry === null && $allowMissing === false) {
148			throw new Error\Exception(
149			sprintf(
150			"Object not found using search base [%s] and filter '%s'",
151			implode(', ', $searchBase),
152			$filter
153			)
154			);
155			}
156
157			return $entry;
158			}
159
160
161			/**
162			* Search the LDAP-directory for any object matching the search filter
163			*
164			* @param \Symfony\Component\Ldap\Ldap $ldap
165			* @param array $searchBase
166			* @param string $filter
167			* @param array $options
168			* @param boolean $allowMissing
169			* @return \Symfony\Component\Ldap\Entry[] The result of the search
170			* @throws \SimpleSAML\Error\Exception if more than one entry was found
171			* @throws \SimpleSAML\Error\Exception if the object cannot be found using the given search base and filter
172			*/
173			public function searchForMultiple(
174			LdapObject $ldap,
175			array $searchBase,
176			string $filter,
177			array $options,
178			bool $allowMissing
179			): array {
180			$results = [];
181
182			foreach ($searchBase as $base) {
183			$query = $ldap->query($base, $filter, $options);
184			$result = $query->execute();
185			$results = array_merge($results, is_array($result) ? $result : $result->toArray());
186
187			sprintf(
188			"Library - LDAP search(): Found %d entries searching base '%s' for '%s'",
189			count($result),
190			$base,
191			$filter,
192			);
193			}
194
195			if (empty($results) && ($allowMissing === false)) {
196			throw new Error\Exception(
197			sprintf(
198			"No Objects found using search base [%s] and filter '%s'",
199			implode(', ', $searchBase),
200			$filter
201			)
202			);
203			}
204
205			return $results;
206			}
207
208
209			/**
210			* Escapes the given VALUES according to RFC 2254 so that they can be safely used in LDAP filters.
211			*
212			* Any control characters with an ASCII code < 32 as well as the characters with special meaning in
213			* LDAP filters "*", "(", ")", and "\" (the backslash) are converted into the representation of a
214			* backslash followed by two hex digits representing the hexadecimal value of the character.
215			*
216			* @param string\|string[] $values Array of values to escape
217			* @param bool $singleValue
218			* @return string\|string[] Array $values, but escaped
219			*/
220			public function escapeFilterValue($values = [], bool $singleValue = true)
221			{
222			// Parameter validation
223			$arrayUtils = new Utils\Arrays();
224			$values = $arrayUtils->arrayize($values);
225
226			foreach ($values as $key => $val) {
227			if ($val === null) {
228			$val = '\0'; // apply escaped "null" if string is empty
229			} else {
230			// Escaping of filter meta characters
231			$val = str_replace('\\', '\5c', $val);
232			$val = str_replace('*', '\2a', $val);
233			$val = str_replace('(', '\28', $val);
234			$val = str_replace(')', '\29', $val);
235
236			// ASCII < 32 escaping
237			$val = $this->asc2hex32($val);
238			}
239
240			$values[$key] = $val;
241			}
242
243			if ($singleValue) {
244			return $values[0];
245			}
246
247			return $values;
248			}
249
250
251			/**
252			* Converts all ASCII chars < 32 to "\HEX"
253			*
254			* @param string $string String to convert
255			* @return string
256			*/
257			public function asc2hex32(string $string): string
258			{
259			for ($i = 0; $i < strlen($string); $i++) {
260			$char = substr($string, $i, 1);
261
262			if (ord($char) < 32) {
263			$hex = dechex(ord($char));
264			if (strlen($hex) == 1) {
265			$hex = '0' . $hex;
266			}
267
268			$string = str_replace($char, '\\' . $hex, $string);
269			}
270			}
271
272			return $string;
273			}
274			}
275

simplesamlphp / simplesamlphp-module-ldap

Pull Request — master (#28)

Ldap A

Complexity

Size/Duplication

Importance

6 Methods

Duplication Side-by-Side

Filter issues like