SimpleSAML\Module\ldap\Auth\Source\Ldap

Complexity

Total Complexity

11

Size/Duplication

Total Lines	168
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

3 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	11	1
A	resolveConnector()	0	23	2
B	login()	0	97	8

<?php

declare(strict_types=1);

namespace SimpleSAML\Module\ldap\Auth\Source;

use SimpleSAML\Assert\Assert;
use SimpleSAML\Configuration;
use SimpleSAML\Error;
use SimpleSAML\Module\core\Auth\UserPassBase;
use SimpleSAML\Module\ldap\Connector;
use SimpleSAML\Module\ldap\ConnectorInterface;
use Symfony\Component\Ldap\Adapter\ExtLdap\Query;

use function array_fill_keys;
use function array_keys;
use function array_map;
use function array_values;
use function sprintf;
use function str_replace;
use function var_export;

/**
 * LDAP authentication source.
 *
 * See the ldap-entry in config-templates/authsources.php for information about
 * configuration of this authentication source.
 *
 * @package simplesamlphp/simplesamlphp-module-ldap
 */

class Ldap extends UserPassBase
{
    /**
     * @var \SimpleSAML\Module\ldap\ConnectorInterface
     */
    protected ConnectorInterface $connector;

    /**
     * An LDAP configuration object.
     */
    protected Configuration $ldapConfig;


    /**
     * Constructor for this authentication source.
     *
     * @param array $info  Information about this authentication source.
     * @param array $config  Configuration.
     */
    public function __construct(array $info, array $config)
    {
        // Call the parent constructor first, as required by the interface
        parent::__construct($info, $config);

        $this->ldapConfig = Configuration::loadFromArray(
            $config,
            'authsources[' . var_export($this->authId, true) . ']'
        );

        $this->connector = $this->resolveConnector();
    }


    /**
     * Attempt to log in using the given username and password.
     *
     * @param string $username  The username the user wrote.
     * @param string $password  The password the user wrote.
     * @return array  Associative array with the users attributes.
     */
    protected function login(string $username, string $password): array
    {
        $encryption = $this->ldapConfig->getOptionalString('encryption', 'ssl');
        Assert::oneOf($encryption, ['none', 'ssl', 'tls']);

        $version = $this->ldapConfig->getOptionalInteger('version', 3);
        Assert::positiveInteger($version);

        $timeout = $this->ldapConfig->getOptionalInteger('timeout', 3);
        Assert::positiveInteger($timeout);

        $ldapUtils = new Utils\Ldap();

The type SimpleSAML\Module\ldap\Auth\Source\Utils\Ldap was not found. Maybe you did not declare it correctly or list all dependencies?

        $ldapObject = $ldapUtils->create(

The assignment to $ldapObject is dead and can be removed.

            $this->ldapConfig->getString('connection_string'),
            $encryption,
            $version,
            $this->ldapConfig->getOptionalString('extension', 'ext_ldap'),
            $this->ldapConfig->getOptionalBoolean('debug', false),
            $this->ldapConfig->getOptionalArray('options', []),
        );

        $searchScope = $this->ldapConfig->getOptionalString('search.scope', Query::SCOPE_SUB);
        Assert::oneOf($searchScope, [Query::SCOPE_BASE, Query::SCOPE_ONE, Query::SCOPE_SUB]);

        $timeout = $this->ldapConfig->getOptionalInteger('timeout', 3);
        $searchBase = $this->ldapConfig->getArray('search.base');
        $options = [
            'scope' => $searchScope,
            'timeout' => $timeout,
        ];

        $searchEnable = $this->ldapConfig->getOptionalBoolean('search.enable', false);
        if ($searchEnable === false) {
            $dnPattern = $this->ldapConfig->getString('dnpattern');
            $dn = str_replace('%username%', $username, $dnPattern);
        } else {
            $searchUsername = $this->ldapConfig->getString('search.username');
            Assert::notWhitespaceOnly($searchUsername);

            $searchPassword = $this->ldapConfig->getOptionalString('search.password', null);
            Assert::nullOrnotWhitespaceOnly($searchPassword);

            $searchAttributes = $this->ldapConfig->getArray('search.attributes');
            $searchFilter = $this->ldapConfig->getOptionalString('search.filter', null);

            try {
                $this->connector->bind($searchUsername, $searchPassword);
            } catch (Error\Error $e) {
                throw new Error\Exception("Unable to bind using the configured search.username and search.password.");
            }

            $filter = '';
            foreach ($searchAttributes as $attr) {
                $filter .= '(' . $attr . '=' . $username . ')';
            }
            $filter = '(|' . $filter . ')';

            // Append LDAP filters if defined
            if ($searchFilter !== null) {
                $filter = "(&" . $filter . $searchFilter . ")";
            }

            try {
                /** @psalm-var \Symfony\Component\Ldap\Entry $entry */
                $entry = $this->connector->search($searchBase, $filter, $options, false);
                $dn = $entry->getDn();
            } catch (Error\Exception $e) {
                throw new Error\Error('WRONGUSERPASS');
            }
        }

        $this->connector->bind($dn, $password);
        $filter = sprintf('(distinguishedName=%s)', $dn);

        /** @psalm-var \Symfony\Component\Ldap\Entry $entry */
        $entry = $this->connector->search($searchBase, $filter, $options, false);

        $attributes = $this->ldapConfig->getOptionalValue('attributes', []);
        if ($attributes === null) {
            $result = $entry->getAttributes();
        } else {
            Assert::isArray($attributes);
            $result = array_intersect_key(
                $entry->getAttributes(),
                array_fill_keys(array_values($attributes), null)
            );
        }

        $binaries = array_intersect(
            array_keys($result),
            $this->ldapConfig->getOptionalArray('attributes.binary', []),
        );
        foreach ($binaries as $binary) {
            $result[$binary] = array_map('base64_encode', $result[$binary]);
        }

        return $result;
    }

    /**
     * Resolve the connector
     *
     * @return \SimpleSAML\Module\ldap\ConnectorInterface
     * @throws \Exception
     */
    protected function resolveConnector(): ConnectorInterface
    {
        if (!empty($this->connector)) {
            return $this->connector;
        }

        $encryption = $this->ldapConfig->getString('encryption', 'ssl');

The call to SimpleSAML\Configuration::getString() has too many arguments starting with 'ssl'.

        Assert::oneOf($encryption, ['none', 'ssl', 'tls']);

        $version = $this->ldapConfig->getInteger('version', 3);

The call to SimpleSAML\Configuration::getInteger() has too many arguments starting with 3.

        Assert::positiveInteger($version);

        $class = $this->ldapConfig->getString('connector', Connector\Ldap::class);
        Assert::classExists($class);
        Assert::implementsInterface($class, ConnectorInterface::class);

        return $this->connector = new $class(
            $this->ldapConfig->getString('connection_string'),
            $encryption,
            $version,
            $this->ldapConfig->getString('extension', 'ext_ldap'),
            $this->ldapConfig->getBoolean('debug', false),

The call to SimpleSAML\Configuration::getBoolean() has too many arguments starting with false.

            $this->ldapConfig->getArray('options', []),

The call to SimpleSAML\Configuration::getArray() has too many arguments starting with array().

        );
    }
}