f

OpenConext · Jul 21, 2020 · 127e07a · 127e07a
1 parent 241f76d
commit 127e07a
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 12 deletions.
diff --git a/src/Surfnet/Stepup/Identity/Identity.php b/src/Surfnet/Stepup/Identity/Identity.php
@@ -477,10 +477,10 @@ public function vetSecondFactor(
             throw new DomainException('Will not vet second factor when physical identity has not been verified.');
         }
 
-        if (!$secondFactorProvePossessionHelper->canSkipProvePossession($registrantsSecondFactorType)) {
+        if ($provePossessionSkipped && !$secondFactorProvePossessionHelper->canSkipProvePossession($registrantsSecondFactorType)) {
             throw new DomainException(sprintf(
-                'The possession of registrants second factor with ID %s of type %s has to be physically proven',
-                $$registrantsSecondFactorId,
+                "The possession of registrants second factor with ID '%s' of type '%s' has to be physically proven",
+                $registrantsSecondFactorId,
                 $registrantsSecondFactorType->getSecondFactorType()
             ));
         }

diff --git a/src/Surfnet/Stepup/Tests/Identity/Event/ForgettableEventsTest.php b/src/Surfnet/Stepup/Tests/Identity/Event/ForgettableEventsTest.php
@@ -44,6 +44,7 @@ public function certain_events_are_forgettable_events_and_others_are_not()
             'Surfnet\Stepup\Identity\Event\RegistrationAuthorityRetractedEvent',
             'Surfnet\Stepup\Identity\Event\SecondFactorRevokedEvent',
             'Surfnet\Stepup\Identity\Event\SecondFactorVettedEvent',
+            'Surfnet\Stepup\Identity\Event\SecondFactorPossessionSkippedEvent',
             'Surfnet\Stepup\Identity\Event\U2fDevicePossessionProvenEvent',
             'Surfnet\Stepup\Identity\Event\U2fDevicePossessionProvenAndVerifiedEvent',
             'Surfnet\Stepup\Identity\Event\UnverifiedSecondFactorRevokedEvent',

diff --git a/...StepupMiddleware/CommandHandlingBundle/Identity/CommandHandler/IdentityCommandHandler.php b/...StepupMiddleware/CommandHandlingBundle/Identity/CommandHandler/IdentityCommandHandler.php
@@ -19,12 +19,9 @@
 namespace Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\CommandHandler;
 
 use Broadway\CommandHandling\SimpleCommandHandler;
-use Broadway\Repository\AggregateNotFoundException;
 use Broadway\Repository\Repository as RepositoryInterface;
 use Surfnet\Stepup\Configuration\EventSourcing\InstitutionConfigurationRepository;
-use Surfnet\Stepup\Configuration\InstitutionConfiguration;
 use Surfnet\Stepup\Configuration\Value\Institution as ConfigurationInstitution;
-use Surfnet\Stepup\Configuration\Value\InstitutionConfigurationId;
 use Surfnet\Stepup\Helper\SecondFactorProvePossessionHelper;
 use Surfnet\Stepup\Identity\Api\Identity as IdentityApi;
 use Surfnet\Stepup\Identity\Entity\ConfigurableSettings;

diff --git a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Resources/config/command_handlers.yml b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Resources/config/command_handlers.yml
@@ -7,9 +7,9 @@ services:
             - "@identity.entity.configurable_settings"
             - "@surfnet_stepup_middleware_api.service.allowed_second_factor_list"
             - "@surfnet_stepup.service.second_factor_type"
+            - '@Surfnet\Stepup\Helper\SecondFactorProvePossessionHelper'
             - "@surfnet_stepup_middleware_api.service.institution_configuration_options"
             - "@surfnet_stepup.repository.institution_configuration"
-            - '@Surfnet\Stepup\Helper\SecondFactorProvePossessionHelper'
         tags: [{ name: command_bus.command_handler }]
 
     surfnet_stepup_middleware_command_handling.command_handler.registration_authority_command_handler:

diff --git a/...leware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerTest.php b/...leware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerTest.php
@@ -23,6 +23,7 @@
 use Broadway\EventSourcing\AggregateFactory\PublicConstructorAggregateFactory;
 use Broadway\EventStore\EventStore as EventStoreInterface;
 use DateTime as CoreDateTime;
+use Hamcrest\Matchers;
 use Mockery as m;
 use Surfnet\Stepup\Configuration\EventSourcing\InstitutionConfigurationRepository;
 use Surfnet\Stepup\Configuration\InstitutionConfiguration;
@@ -37,6 +38,7 @@
 use Surfnet\Stepup\Identity\Event\IdentityRenamedEvent;
 use Surfnet\Stepup\Identity\Event\LocalePreferenceExpressedEvent;
 use Surfnet\Stepup\Identity\Event\PhonePossessionProvenEvent;
+use Surfnet\Stepup\Identity\Event\SecondFactorPossessionSkippedEvent;
 use Surfnet\Stepup\Identity\Event\SecondFactorVettedEvent;
 use Surfnet\Stepup\Identity\Event\U2fDevicePossessionProvenEvent;
 use Surfnet\Stepup\Identity\Event\YubikeyPossessionProvenEvent;
@@ -1198,6 +1200,7 @@ public function a_second_factor_can_be_vetted()
         $command->secondFactorIdentifier = '00028278';
         $command->documentNumber         = 'NH9392';
         $command->identityVerified       = true;
+        $command->provePossessionSkipped = false;
 
         $authorityId                = new IdentityId($command->authorityId);
         $authorityNameId            = new NameId($this->uuid());
@@ -1215,6 +1218,11 @@ public function a_second_factor_can_be_vetted()
 
         $this->secondFactorTypeService->shouldReceive('hasEqualOrLowerLoaComparedTo')->andReturn(true);
 
+        $secondFactorType = new SecondFactorType($command->secondFactorType);
+        $this->secondFactorProvePossessionHelper->shouldReceive('canSkipProvePossession')
+            ->with(Matchers::equalTo($secondFactorType))
+            ->andReturn(false);
+
         $this->scenario
             ->withAggregateId($authorityId)
             ->given([
@@ -1451,6 +1459,7 @@ public function a_second_factor_can_be_vetted_without_a_physical_proven_possessi
         $command->secondFactorIdentifier = '00028278';
         $command->documentNumber         = 'NH9392';
         $command->identityVerified       = true;
+        $command->provePossessionSkipped = true;
 
         $authorityId                = new IdentityId($command->authorityId);
         $authorityNameId            = new NameId($this->uuid());
@@ -1468,8 +1477,9 @@ public function a_second_factor_can_be_vetted_without_a_physical_proven_possessi
 
         $this->secondFactorTypeService->shouldReceive('hasEqualOrLowerLoaComparedTo')->andReturn(true);
 
+        $secondFactorType = new SecondFactorType($command->secondFactorType);
         $this->secondFactorProvePossessionHelper->shouldReceive('canSkipProvePossession')
-            ->with($command->secondFactorType)
+            ->with(Matchers::equalTo($secondFactorType))
             ->andReturn(true);
 
         $this->scenario
@@ -1534,7 +1544,7 @@ public function a_second_factor_can_be_vetted_without_a_physical_proven_possessi
             ])
             ->when($command)
             ->then([
-                new SecondFactorVettedEvent(
+                new SecondFactorPossessionSkippedEvent(
                     $registrantId,
                     $registrantNameId,
                     $registrantInstitution,
@@ -1553,9 +1563,9 @@ public function a_second_factor_can_be_vetted_without_a_physical_proven_possessi
      * @test
      * @group command-handler
      */
-    public function a_second_factor_cannot_be_vetted_without_without_physical_prove_of_posession_when_configured()
+    public function a_second_factor_cannot_be_vetted_without_physical_prove_of_possession_when_not_configured()
     {
-        $this->expectExceptionMessage("Authority does not have the required LoA");
+        $this->expectExceptionMessage("The possession of registrants second factor with ID 'ISFID' of type 'yubikey' has to be physically proven");
         $this->expectException(\Surfnet\Stepup\Exception\DomainException::class);
 
         $command                         = new VetSecondFactorCommand();
@@ -1567,6 +1577,7 @@ public function a_second_factor_cannot_be_vetted_without_without_physical_prove_
         $command->secondFactorIdentifier = '00028278';
         $command->documentNumber         = 'NH9392';
         $command->identityVerified       = true;
+        $command->provePossessionSkipped = true;
 
         $authorityId                = new IdentityId($command->authorityId);
         $authorityInstitution       = new Institution('Wazoo');
@@ -1586,8 +1597,9 @@ public function a_second_factor_cannot_be_vetted_without_without_physical_prove_
 
         $this->secondFactorTypeService->shouldReceive('hasEqualOrLowerLoaComparedTo')->andReturn(true);
 
+        $secondFactorType = new SecondFactorType($command->secondFactorType);
         $this->secondFactorProvePossessionHelper->shouldReceive('canSkipProvePossession')
-            ->with($command->secondFactorType)
+            ->with(Matchers::equalTo($secondFactorType))
             ->andReturn(false);
 
         $this->scenario

diff --git a/...leware/CommandHandlingBundle/Tests/Identity/CommandHandler/SecondFactorRevocationTest.php b/...leware/CommandHandlingBundle/Tests/Identity/CommandHandler/SecondFactorRevocationTest.php
@@ -25,6 +25,7 @@
 use Mockery as m;
 use Surfnet\Stepup\Configuration\EventSourcing\InstitutionConfigurationRepository;
 use Surfnet\Stepup\DateTime\DateTime;
+use Surfnet\Stepup\Helper\SecondFactorProvePossessionHelper;
 use Surfnet\Stepup\Identity\Entity\ConfigurableSettings;
 use Surfnet\Stepup\Identity\Event\CompliedWithUnverifiedSecondFactorRevocationEvent;
 use Surfnet\Stepup\Identity\Event\CompliedWithVerifiedSecondFactorRevocationEvent;
@@ -84,6 +85,7 @@ protected function createCommandHandler(EventStoreInterface $eventStore, EventBu
             ConfigurableSettings::create(self::$window, []),
             m::mock(AllowedSecondFactorListService::class),
             m::mock(SecondFactorTypeService::class)->shouldIgnoreMissing(),
+            m::mock(SecondFactorProvePossessionHelper::class)->shouldIgnoreMissing(),
             m::mock(InstitutionConfigurationOptionsService::class)->shouldIgnoreMissing(),
             m::mock(InstitutionConfigurationRepository::class)
         );