Merge pull request #309 from OpenConext/feature/ra-optional-vetting

Make prove possession step optional
OpenConext · Jul 30, 2020 · f38f3d6 · f38f3d6
2 parents 07e68b6 + a96a5a7
commit f38f3d6
Show file tree

Hide file tree

Showing 24 changed files with 901 additions and 96 deletions.
diff --git a/config/legacy/parameters.yaml.dist b/config/legacy/parameters.yaml.dist
@@ -65,3 +65,9 @@ parameters:
     # institution config (middleware api). The value configured in the parameters.yml will be used as the
     # fallback/default value.
     number_of_tokens_per_identity: 1
+
+    # Sets the tokens that can skip the prove possession step.
+    #
+    # This is the global, application wide default. The configuration consists of an array with second factors types
+    # that will skip the prove possession step in RA.
+    skip_prove_possession_second_factors: []
diff --git a/config/packages/events.yaml b/config/packages/events.yaml
@@ -38,6 +38,7 @@ parameters:
         - Surfnet\Stepup\Identity\Event\InstitutionsRemovedFromWhitelistEvent
         - Surfnet\Stepup\Identity\Event\U2fDevicePossessionProvenEvent
         - Surfnet\Stepup\Identity\Event\SecondFactorVettedEvent
+        - Surfnet\Stepup\Identity\Event\SecondFactorVettedWithoutTokenProofOfPossession
         - Surfnet\Stepup\Identity\Event\VerifiedSecondFactorRevokedEvent
         - Surfnet\Stepup\Identity\Event\WhitelistCreatedEvent
         - Surfnet\Stepup\Identity\Event\UnverifiedSecondFactorRevokedEvent

diff --git a/config/services.yaml b/config/services.yaml
@@ -2,3 +2,10 @@
 imports:
   - { resource: 'legacy/bundles.yaml' }
   - { resource: 'legacy/parameters.yaml' }
+
+services:
+
+  Surfnet\Stepup\Helper\SecondFactorProvePossessionHelper:
+    arguments:
+      - "@surfnet_stepup.service.second_factor_type"
+      - '%skip_prove_possession_second_factors%'
diff --git a/docs/personal-data.md b/docs/personal-data.md
@@ -215,6 +215,18 @@ A list of all the [Identity events]((../src/Surfnet/Stepup/Identity/Event/) in s
 - Forgettable: secondFactorIdentifier
 - Forgettable: documentNumber
 
+[SecondFactorVettedWithoutTokenProofOfPossession](../src/Surfnet/Stepup/Identity/Event/SecondFactorVettedEvent.php)
+- identity_id
+- name_id
+- identity_institution
+- second_factor_id
+- second_factor_type
+- preferred_locale
+- Forgettable: email
+- Forgettable: commonName
+- Forgettable: secondFactorIdentifier
+- Forgettable: documentNumber
+
 [U2fDevicePossessionProvenAndVerifiedEvent](../src/Surfnet/Stepup/Identity/Event/U2fDevicePossessionProvenAndVerifiedEvent.php)
 - identity_id
 - identity_institution