diff --git a/src/Surfnet/Stepup/Identity/Identity.php b/src/Surfnet/Stepup/Identity/Identity.php index 9296365ff..5c5d16e58 100644 --- a/src/Surfnet/Stepup/Identity/Identity.php +++ b/src/Surfnet/Stepup/Identity/Identity.php @@ -477,10 +477,10 @@ public function vetSecondFactor( throw new DomainException('Will not vet second factor when physical identity has not been verified.'); } - if (!$secondFactorProvePossessionHelper->canSkipProvePossession($registrantsSecondFactorType)) { + if ($provePossessionSkipped && !$secondFactorProvePossessionHelper->canSkipProvePossession($registrantsSecondFactorType)) { throw new DomainException(sprintf( - 'The possession of registrants second factor with ID %s of type %s has to be physically proven', - $$registrantsSecondFactorId, + "The possession of registrants second factor with ID '%s' of type '%s' has to be physically proven", + $registrantsSecondFactorId, $registrantsSecondFactorType->getSecondFactorType() )); } diff --git a/src/Surfnet/Stepup/Tests/Identity/Event/ForgettableEventsTest.php b/src/Surfnet/Stepup/Tests/Identity/Event/ForgettableEventsTest.php index f968af3ed..8f8fe1a26 100644 --- a/src/Surfnet/Stepup/Tests/Identity/Event/ForgettableEventsTest.php +++ b/src/Surfnet/Stepup/Tests/Identity/Event/ForgettableEventsTest.php @@ -44,6 +44,7 @@ public function certain_events_are_forgettable_events_and_others_are_not() 'Surfnet\Stepup\Identity\Event\RegistrationAuthorityRetractedEvent', 'Surfnet\Stepup\Identity\Event\SecondFactorRevokedEvent', 'Surfnet\Stepup\Identity\Event\SecondFactorVettedEvent', + 'Surfnet\Stepup\Identity\Event\SecondFactorPossessionSkippedEvent', 'Surfnet\Stepup\Identity\Event\U2fDevicePossessionProvenEvent', 'Surfnet\Stepup\Identity\Event\U2fDevicePossessionProvenAndVerifiedEvent', 'Surfnet\Stepup\Identity\Event\UnverifiedSecondFactorRevokedEvent', diff --git a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Identity/CommandHandler/IdentityCommandHandler.php b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Identity/CommandHandler/IdentityCommandHandler.php index 2b6186675..fc14c0163 100644 --- a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Identity/CommandHandler/IdentityCommandHandler.php +++ b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Identity/CommandHandler/IdentityCommandHandler.php @@ -19,12 +19,9 @@ namespace Surfnet\StepupMiddleware\CommandHandlingBundle\Identity\CommandHandler; use Broadway\CommandHandling\SimpleCommandHandler; -use Broadway\Repository\AggregateNotFoundException; use Broadway\Repository\Repository as RepositoryInterface; use Surfnet\Stepup\Configuration\EventSourcing\InstitutionConfigurationRepository; -use Surfnet\Stepup\Configuration\InstitutionConfiguration; use Surfnet\Stepup\Configuration\Value\Institution as ConfigurationInstitution; -use Surfnet\Stepup\Configuration\Value\InstitutionConfigurationId; use Surfnet\Stepup\Helper\SecondFactorProvePossessionHelper; use Surfnet\Stepup\Identity\Api\Identity as IdentityApi; use Surfnet\Stepup\Identity\Entity\ConfigurableSettings; diff --git a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Resources/config/command_handlers.yml b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Resources/config/command_handlers.yml index 75489700d..726d9a985 100644 --- a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Resources/config/command_handlers.yml +++ b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Resources/config/command_handlers.yml @@ -7,9 +7,9 @@ services: - "@identity.entity.configurable_settings" - "@surfnet_stepup_middleware_api.service.allowed_second_factor_list" - "@surfnet_stepup.service.second_factor_type" + - '@Surfnet\Stepup\Helper\SecondFactorProvePossessionHelper' - "@surfnet_stepup_middleware_api.service.institution_configuration_options" - "@surfnet_stepup.repository.institution_configuration" - - '@Surfnet\Stepup\Helper\SecondFactorProvePossessionHelper' tags: [{ name: command_bus.command_handler }] surfnet_stepup_middleware_command_handling.command_handler.registration_authority_command_handler: diff --git a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerTest.php b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerTest.php index 64b444017..121649f0c 100644 --- a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerTest.php +++ b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerTest.php @@ -23,6 +23,7 @@ use Broadway\EventSourcing\AggregateFactory\PublicConstructorAggregateFactory; use Broadway\EventStore\EventStore as EventStoreInterface; use DateTime as CoreDateTime; +use Hamcrest\Matchers; use Mockery as m; use Surfnet\Stepup\Configuration\EventSourcing\InstitutionConfigurationRepository; use Surfnet\Stepup\Configuration\InstitutionConfiguration; @@ -37,6 +38,7 @@ use Surfnet\Stepup\Identity\Event\IdentityRenamedEvent; use Surfnet\Stepup\Identity\Event\LocalePreferenceExpressedEvent; use Surfnet\Stepup\Identity\Event\PhonePossessionProvenEvent; +use Surfnet\Stepup\Identity\Event\SecondFactorPossessionSkippedEvent; use Surfnet\Stepup\Identity\Event\SecondFactorVettedEvent; use Surfnet\Stepup\Identity\Event\U2fDevicePossessionProvenEvent; use Surfnet\Stepup\Identity\Event\YubikeyPossessionProvenEvent; @@ -1198,6 +1200,7 @@ public function a_second_factor_can_be_vetted() $command->secondFactorIdentifier = '00028278'; $command->documentNumber = 'NH9392'; $command->identityVerified = true; + $command->provePossessionSkipped = false; $authorityId = new IdentityId($command->authorityId); $authorityNameId = new NameId($this->uuid()); @@ -1215,6 +1218,11 @@ public function a_second_factor_can_be_vetted() $this->secondFactorTypeService->shouldReceive('hasEqualOrLowerLoaComparedTo')->andReturn(true); + $secondFactorType = new SecondFactorType($command->secondFactorType); + $this->secondFactorProvePossessionHelper->shouldReceive('canSkipProvePossession') + ->with(Matchers::equalTo($secondFactorType)) + ->andReturn(false); + $this->scenario ->withAggregateId($authorityId) ->given([ @@ -1451,6 +1459,7 @@ public function a_second_factor_can_be_vetted_without_a_physical_proven_possessi $command->secondFactorIdentifier = '00028278'; $command->documentNumber = 'NH9392'; $command->identityVerified = true; + $command->provePossessionSkipped = true; $authorityId = new IdentityId($command->authorityId); $authorityNameId = new NameId($this->uuid()); @@ -1468,8 +1477,9 @@ public function a_second_factor_can_be_vetted_without_a_physical_proven_possessi $this->secondFactorTypeService->shouldReceive('hasEqualOrLowerLoaComparedTo')->andReturn(true); + $secondFactorType = new SecondFactorType($command->secondFactorType); $this->secondFactorProvePossessionHelper->shouldReceive('canSkipProvePossession') - ->with($command->secondFactorType) + ->with(Matchers::equalTo($secondFactorType)) ->andReturn(true); $this->scenario @@ -1534,7 +1544,7 @@ public function a_second_factor_can_be_vetted_without_a_physical_proven_possessi ]) ->when($command) ->then([ - new SecondFactorVettedEvent( + new SecondFactorPossessionSkippedEvent( $registrantId, $registrantNameId, $registrantInstitution, @@ -1553,9 +1563,9 @@ public function a_second_factor_can_be_vetted_without_a_physical_proven_possessi * @test * @group command-handler */ - public function a_second_factor_cannot_be_vetted_without_without_physical_prove_of_posession_when_configured() + public function a_second_factor_cannot_be_vetted_without_physical_prove_of_possession_when_not_configured() { - $this->expectExceptionMessage("Authority does not have the required LoA"); + $this->expectExceptionMessage("The possession of registrants second factor with ID 'ISFID' of type 'yubikey' has to be physically proven"); $this->expectException(\Surfnet\Stepup\Exception\DomainException::class); $command = new VetSecondFactorCommand(); @@ -1567,6 +1577,7 @@ public function a_second_factor_cannot_be_vetted_without_without_physical_prove_ $command->secondFactorIdentifier = '00028278'; $command->documentNumber = 'NH9392'; $command->identityVerified = true; + $command->provePossessionSkipped = true; $authorityId = new IdentityId($command->authorityId); $authorityInstitution = new Institution('Wazoo'); @@ -1586,8 +1597,9 @@ public function a_second_factor_cannot_be_vetted_without_without_physical_prove_ $this->secondFactorTypeService->shouldReceive('hasEqualOrLowerLoaComparedTo')->andReturn(true); + $secondFactorType = new SecondFactorType($command->secondFactorType); $this->secondFactorProvePossessionHelper->shouldReceive('canSkipProvePossession') - ->with($command->secondFactorType) + ->with(Matchers::equalTo($secondFactorType)) ->andReturn(false); $this->scenario diff --git a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/SecondFactorRevocationTest.php b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/SecondFactorRevocationTest.php index dba1e3eac..9381be40e 100644 --- a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/SecondFactorRevocationTest.php +++ b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/SecondFactorRevocationTest.php @@ -25,6 +25,7 @@ use Mockery as m; use Surfnet\Stepup\Configuration\EventSourcing\InstitutionConfigurationRepository; use Surfnet\Stepup\DateTime\DateTime; +use Surfnet\Stepup\Helper\SecondFactorProvePossessionHelper; use Surfnet\Stepup\Identity\Entity\ConfigurableSettings; use Surfnet\Stepup\Identity\Event\CompliedWithUnverifiedSecondFactorRevocationEvent; use Surfnet\Stepup\Identity\Event\CompliedWithVerifiedSecondFactorRevocationEvent; @@ -84,6 +85,7 @@ protected function createCommandHandler(EventStoreInterface $eventStore, EventBu ConfigurableSettings::create(self::$window, []), m::mock(AllowedSecondFactorListService::class), m::mock(SecondFactorTypeService::class)->shouldIgnoreMissing(), + m::mock(SecondFactorProvePossessionHelper::class)->shouldIgnoreMissing(), m::mock(InstitutionConfigurationOptionsService::class)->shouldIgnoreMissing(), m::mock(InstitutionConfigurationRepository::class) );