Radius - Code Metrics - Inspection of "Drop extension" - simplesamlphp/simplesamlphp-module-radius - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#5)

by Tim

created 2022-05-21 10:11 UTC

Radius A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	227
Duplicated Lines	0 %

Importance

Changes	16
Bugs	1	Features	0

Metric	Value
eloc	93
c	16
b	1
f	0
dl	0
loc	227
rs	10
wmc	20

3 Methods

Rating	Name	Size	Complexity
A	__construct()	32	3
B	getAttributes()	54	9
B	login()	54	8

<?php

declare(strict_types=1);

namespace SimpleSAML\Module\radius\Auth\Source;

use Exception;
use Dapphp\Radius\Radius as RadiusClient;
use SimpleSAML\Assert\Assert;
use SimpleSAML\Configuration;
use SimpleSAML\Logger;
use SimpleSAML\Module\core\Auth\UserPassBase;
use SimpleSAML\Utils;

use function array_key_exists;
use function array_merge;
use function is_array;
use function sprintf;
use function strtok;
use function var_export;

/**
 * RADIUS authentication source.
 *
 * This class is based on www/auth/login-radius.php.
 *
 * @package SimpleSAMLphp
 */
class Radius extends UserPassBase
{
    public const RADIUS_USERNAME = 1;
    public const RADIUS_VENDOR_SPECIFIC = 26;
    public const RADIUS_NAS_IDENTIFIER = 32;

    /**
     * @var array The list of radius servers to use.
     */
    private array $servers;

    /**
     * @var string The hostname of the radius server.
     */
    private string $hostname;

    /**
     * @var int The port of the radius server.
     */
    private int $port;

    /**
     * @var string The secret used when communicating with the radius server.
     */
    private string $secret;

    /**
     * @var int The timeout for contacting the radius server.
     */
    private int $timeout;

    /**
     * @var string|null The realm to be added to the entered username.
     */
    private ?string $realm;

    /**
     * @var string|null The attribute name where the username should be stored.
     */
    private ?string $usernameAttribute = null;

    /**
     * @var int|null The vendor for the RADIUS attributes we are interrested in.
     */
    private ?int $vendor = null;

    /**
     * @var int The vendor-specific attribute for the RADIUS attributes we are
     *     interrested in.
     */
    private int $vendorType;

    /**
     * @var string|null The NAS-Identifier that should be set in Access-Request packets.
     */
    private ?string $nasIdentifier = null;

    /**
     * @var bool Debug modus
     */
    private bool $debug;


    /**
     * Constructor for this authentication source.
     *
     * @param array $info  Information about this authentication source.
     * @param array $config  Configuration.
     */
    public function __construct(array $info, array $config)
    {
        // Call the parent constructor first, as required by the interface
        parent::__construct($info, $config);

        // Parse configuration.
        $cfg = Configuration::loadFromArray(
            $config,
            'Authentication source ' . var_export($this->authId, true)
        );

        $this->servers = $cfg->getArray('servers');
        // For backwards compatibility
        if (empty($this->servers)) {
            $this->hostname = $cfg->getString('hostname');
            $this->port = $cfg->getOptionalIntegerRange('port', 1, 65535, 1812);
            $this->secret = $cfg->getString('secret');
            $this->servers[] = [
                'hostname' => $this->hostname,
                'port' => $this->port,
                'secret' => $this->secret
            ];
        }
        $this->debug = $cfg->getOptionalBoolean('debug', false);
        $this->timeout = $cfg->getOptionalInteger('timeout', 5);
        $this->realm = $cfg->getOptionalString('realm', null);
        $this->usernameAttribute = $cfg->getOptionalString('username_attribute', null);
        $this->nasIdentifier = $cfg->getOptionalString('nas_identifier', null);

        $this->vendor = $cfg->getOptionalInteger('attribute_vendor', null);
        if ($this->vendor !== null) {
            $this->vendorType = $cfg->getInteger('attribute_vendor_type');
        }
    }


    /**
     * Attempt to log in using the given username and password.
     *
     * @param string $username  The username the user wrote.
     * @param string $password  The password the user wrote.
     * @return array[] Associative array with the user's attributes.
     */
    protected function login(string $username, string $password): array
    {
        $radius = new RadiusClient();
        $response = false;

        // Try to add all radius servers, trigger a failure if no one works
        foreach ($this->servers as $server) {
            $radius->setServer($server['hostname']);
            $radius->setAuthenticationPort($server['port']);
            $radius->setSecret($server['secret']);
            $radius->setDebug($this->debug);
            $radius->setTimeout($this->timeout);

            $httpUtils = new Utils\HTTP();
            $radius->setNasIpAddress($httpUtils->getSelfHost());

            if ($this->nasIdentifier !== null) {
                $radius->setAttribute(self::RADIUS_NAS_IDENTIFIER, $this->nasIdentifier);
            }

            if ($this->realm !== null) {
                $radius->setRadiusSuffix($this->realm);
            }
            $response = $radius->accessRequest($username, $password);

            if ($response !== false) {
                break;
            }
        }

        if ($response === false) {
            throw new Exception(sprintf(
                'Error during radius authentication; %s (%d)',
                $radius->getErrorMessage(),
                $radius->getErrorCode()
            ));
        }

        // If we get this far, we have a valid login

        $attributes = [];
        if ($this->usernameAttribute !== null) {
            $attributes[$this->usernameAttribute] = [$username];
        }

        if ($this->vendor === null) {
            /*
             * We aren't interested in any vendor-specific attributes. We are
             * therefore done now.
             */
            return $attributes;
        }

        return array_merge($attributes, $this->getAttributes($resa));

    }


    /**
     * @param \Dapphp\Radius\Radius $radius
     * @return array
     */
    private function getAttributes(RadiusClient $radius): array
    {
        // get AAI attribute sets.
        $resa = $radius->getReceivedAttributes();

        if (!is_array($resa)) {

            throw new Exception(sprintf(
                'Error getting radius attributes: %s (%d)',
                $radius->getErrorMessage(),
                $radius->getErrorCode()
            ));
        }

        $attributes = [];

        // Use the received user name
        if ($resa['attr'] === self::RADIUS_USERNAME && $this->usernameAttribute !== null) {
            $attributes[$this->usernameAttribute] = [$resa['data']];
            return $attributes;
        }

        if ($resa['attr'] !== self::RADIUS_VENDOR_SPECIFIC) {
            return $attributes;
        }

        $resv = $resa['data'];
        if ($resv === false) {
            throw new Exception(sprintf(
                'Error getting vendor specific attribute',
                $radius->getErrorMessage(),
                $radius->getErrorCode()
            ));
        }

        $vendor = $resv['vendor'];
        $attrv = $resv['attr'];
        $datav = $resv['data'];

        if ($vendor !== $this->vendor || $attrv !== $this->vendorType) {
            return $attributes;
        }

        $attrib_name = strtok($datav, '=');
        /** @psalm-suppress TooFewArguments */
        $attrib_value = strtok('=');

        // if the attribute name is already in result set, add another value
        if (array_key_exists($attrib_name, $attributes)) {
            $attributes[$attrib_name][] = $attrib_value;
        } else {
            $attributes[$attrib_name] = [$attrib_value];
        }

        return $attributes;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace SimpleSAML\Module\radius\Auth\Source;
6
7			use Exception;
8			use Dapphp\Radius\Radius as RadiusClient;
9			use SimpleSAML\Assert\Assert;
10			use SimpleSAML\Configuration;
11			use SimpleSAML\Logger;
12			use SimpleSAML\Module\core\Auth\UserPassBase;
13			use SimpleSAML\Utils;
14
15			use function array_key_exists;
16			use function array_merge;
17			use function is_array;
18			use function sprintf;
19			use function strtok;
20			use function var_export;
21
22			/**
23			* RADIUS authentication source.
24			*
25			* This class is based on www/auth/login-radius.php.
26			*
27			* @package SimpleSAMLphp
28			*/
29			class Radius extends UserPassBase
30			{
31			public const RADIUS_USERNAME = 1;
32			public const RADIUS_VENDOR_SPECIFIC = 26;
33			public const RADIUS_NAS_IDENTIFIER = 32;
34
35			/**
36			* @var array The list of radius servers to use.
37			*/
38			private array $servers;
39
40			/**
41			* @var string The hostname of the radius server.
42			*/
43			private string $hostname;
44
45			/**
46			* @var int The port of the radius server.
47			*/
48			private int $port;
49
50			/**
51			* @var string The secret used when communicating with the radius server.
52			*/
53			private string $secret;
54
55			/**
56			* @var int The timeout for contacting the radius server.
57			*/
58			private int $timeout;
59
60			/**
61			* @var string\|null The realm to be added to the entered username.
62			*/
63			private ?string $realm;
64
65			/**
66			* @var string\|null The attribute name where the username should be stored.
67			*/
68			private ?string $usernameAttribute = null;
69
70			/**
71			* @var int\|null The vendor for the RADIUS attributes we are interrested in.
72			*/
73			private ?int $vendor = null;
74
75			/**
76			* @var int The vendor-specific attribute for the RADIUS attributes we are
77			* interrested in.
78			*/
79			private int $vendorType;
80
81			/**
82			* @var string\|null The NAS-Identifier that should be set in Access-Request packets.
83			*/
84			private ?string $nasIdentifier = null;
85
86			/**
87			* @var bool Debug modus
88			*/
89			private bool $debug;
90
91
92			/**
93			* Constructor for this authentication source.
94			*
95			* @param array $info Information about this authentication source.
96			* @param array $config Configuration.
97			*/
98			public function __construct(array $info, array $config)
99			{
100			// Call the parent constructor first, as required by the interface
101			parent::__construct($info, $config);
102
103			// Parse configuration.
104			$cfg = Configuration::loadFromArray(
105			$config,
106			'Authentication source ' . var_export($this->authId, true)
107			);
108
109			$this->servers = $cfg->getArray('servers');
110			// For backwards compatibility
111			if (empty($this->servers)) {
112			$this->hostname = $cfg->getString('hostname');
113			$this->port = $cfg->getOptionalIntegerRange('port', 1, 65535, 1812);
114			$this->secret = $cfg->getString('secret');
115			$this->servers[] = [
116			'hostname' => $this->hostname,
117			'port' => $this->port,
118			'secret' => $this->secret
119			];
120			}
121			$this->debug = $cfg->getOptionalBoolean('debug', false);
122			$this->timeout = $cfg->getOptionalInteger('timeout', 5);
123			$this->realm = $cfg->getOptionalString('realm', null);
124			$this->usernameAttribute = $cfg->getOptionalString('username_attribute', null);
125			$this->nasIdentifier = $cfg->getOptionalString('nas_identifier', null);
126
127			$this->vendor = $cfg->getOptionalInteger('attribute_vendor', null);
128			if ($this->vendor !== null) {
129			$this->vendorType = $cfg->getInteger('attribute_vendor_type');
130			}
131			}
132
133
134			/**
135			* Attempt to log in using the given username and password.
136			*
137			* @param string $username The username the user wrote.
138			* @param string $password The password the user wrote.
139			* @return array[] Associative array with the user's attributes.
140			*/
141			protected function login(string $username, string $password): array
142			{
143			$radius = new RadiusClient();
144			$response = false;
145
146			// Try to add all radius servers, trigger a failure if no one works
147			foreach ($this->servers as $server) {
148			$radius->setServer($server['hostname']);
149			$radius->setAuthenticationPort($server['port']);
150			$radius->setSecret($server['secret']);
151			$radius->setDebug($this->debug);
152			$radius->setTimeout($this->timeout);
153
154			$httpUtils = new Utils\HTTP();
155			$radius->setNasIpAddress($httpUtils->getSelfHost());
156
157			if ($this->nasIdentifier !== null) {
158			$radius->setAttribute(self::RADIUS_NAS_IDENTIFIER, $this->nasIdentifier);
159			}
160
161			if ($this->realm !== null) {
162			$radius->setRadiusSuffix($this->realm);
163			}
164			$response = $radius->accessRequest($username, $password);
165
166			if ($response !== false) {
167			break;
168			}
169			}
170
171			if ($response === false) {
172			throw new Exception(sprintf(
173			'Error during radius authentication; %s (%d)',
174			$radius->getErrorMessage(),
175			$radius->getErrorCode()
176			));
177			}
178
179			// If we get this far, we have a valid login
180
181			$attributes = [];
182			if ($this->usernameAttribute !== null) {
183			$attributes[$this->usernameAttribute] = [$username];
184			}
185
186			if ($this->vendor === null) {
187			/*
188			* We aren't interested in any vendor-specific attributes. We are
189			* therefore done now.
190			*/
191			return $attributes;
192			}
193
194			return array_merge($attributes, $this->getAttributes($resa));
			0 ignored issues – show Comprehensibility Best Practice introduced 2022-05-20 21:39 UTC by Report Bug Copy Issue Report The variable `$resa` seems to be never defined. Loading history...
195			}
196
197
198			/**
199			* @param \Dapphp\Radius\Radius $radius
200			* @return array
201			*/
202			private function getAttributes(RadiusClient $radius): array
203			{
204			// get AAI attribute sets.
205			$resa = $radius->getReceivedAttributes();
206
207			if (!is_array($resa)) {
			0 ignored issues – show introduced 2022-05-20 21:39 UTC by Report Bug Copy Issue Report The condition `is_array($resa)` is always `true`. Loading history...
208			throw new Exception(sprintf(
209			'Error getting radius attributes: %s (%d)',
210			$radius->getErrorMessage(),
211			$radius->getErrorCode()
212			));
213			}
214
215			$attributes = [];
216
217			// Use the received user name
218			if ($resa['attr'] === self::RADIUS_USERNAME && $this->usernameAttribute !== null) {
219			$attributes[$this->usernameAttribute] = [$resa['data']];
220			return $attributes;
221			}
222
223			if ($resa['attr'] !== self::RADIUS_VENDOR_SPECIFIC) {
224			return $attributes;
225			}
226
227			$resv = $resa['data'];
228			if ($resv === false) {
229			throw new Exception(sprintf(
230			'Error getting vendor specific attribute',
231			$radius->getErrorMessage(),
232			$radius->getErrorCode()
233			));
234			}
235
236			$vendor = $resv['vendor'];
237			$attrv = $resv['attr'];
238			$datav = $resv['data'];
239
240			if ($vendor !== $this->vendor \|\| $attrv !== $this->vendorType) {
241			return $attributes;
242			}
243
244			$attrib_name = strtok($datav, '=');
245			/** @psalm-suppress TooFewArguments */
246			$attrib_value = strtok('=');
247
248			// if the attribute name is already in result set, add another value
249			if (array_key_exists($attrib_name, $attributes)) {
250			$attributes[$attrib_name][] = $attrib_value;
251			} else {
252			$attributes[$attrib_name] = [$attrib_value];
253			}
254
255			return $attributes;
256			}
257			}
258

simplesamlphp / simplesamlphp-module-radius

Pull Request — master (#5)

Radius A

Complexity

Size/Duplication

Importance

3 Methods

Duplication Side-by-Side

Filter issues like