From a890b214489cec18c7cca18195841063e1d431eb Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Tue, 27 Aug 2024 08:00:09 +0200
Subject: [PATCH] Test disabling the unsolicited sso

1. The TestFeatureConfiguration missed the default setting. Causing some
   of the behat tests to fail (the ones running the check in the
   controller)
2. I added a dedicated test that tests if the flag can disable the
   unsolicited sso flow

See: https://github.com/OpenConext/OpenConext-engineblock/issues/1312
---
 .../Configuration/TestFeatureConfiguration.php             | 1 +
 .../Features/UnsolicitedSingleSignOn.feature               | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/src/OpenConext/EngineBlockBundle/Configuration/TestFeatureConfiguration.php b/src/OpenConext/EngineBlockBundle/Configuration/TestFeatureConfiguration.php
index 7d4167991c..4a13a5a00e 100644
--- a/src/OpenConext/EngineBlockBundle/Configuration/TestFeatureConfiguration.php
+++ b/src/OpenConext/EngineBlockBundle/Configuration/TestFeatureConfiguration.php
@@ -46,6 +46,7 @@ public function __construct()
         $this->setFeature(new Feature('eb.feature_enable_consent', true));
         $this->setFeature(new Feature('eb.enable_sso_session_cookie', true));
         $this->setFeature(new Feature('eb.stepup.sfo.override_engine_entityid', false));
+        $this->setFeature(new Feature('eb.feature_enable_idp_initiated_flow', true));
     }
 
     public function setFeature(Feature $feature): void
diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature
index 3dcaf28b6d..16b25175c3 100644
--- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature
+++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/UnsolicitedSingleSignOn.feature
@@ -40,3 +40,10 @@ Feature:
     When An IdP initiated Single Sign on for SP "Dummy SP" is triggered by IdP "Dummy IdP" and specifies an invalid signing key
     Then I should see "Error - unknown key id"
      And I should see "Key ID: does-not-exist"
+
+  # The feature flag: eb.feature_enable_idp_initiated_flow can disable unsolicited login
+  # EB Shows a 404 page in that case as the entire HTTP route is blocked in that case
+  Scenario: Engine disallows unsolicited login
+    Given feature "eb.feature_enable_idp_initiated_flow" is disabled
+    When An IdP initiated Single Sign on for SP "Dummy SP" is triggered by IdP "Dummy IdP"
+    Then I should see "404 - Page not found"