Merge pull request #149 from OpenConext/feature/filter-on-available-g…

…ssp-tokens Filter on all available second factor types
OpenConext · Mar 15, 2018 · 09ddef3 · 09ddef3
2 parents 5d7c583 + 08bddf8
commit 09ddef3
Show file tree

Hide file tree

Showing 25 changed files with 433 additions and 210 deletions.
diff --git a/app/Resources/translations/messages.en_GB.xliff b/app/Resources/translations/messages.en_GB.xliff
diff --git a/app/Resources/translations/messages.nl_NL.xliff b/app/Resources/translations/messages.nl_NL.xliff
diff --git a/app/Resources/translations/validators.en_GB.xliff b/app/Resources/translations/validators.en_GB.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-01-22T13:36:21Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
+  <file date="2018-03-12T10:12:27Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -18,6 +18,10 @@
         <source>middleware_client.dto.configuration.use_ra_locations.must_be_boolean</source>
         <target>Use RA locations option must be boolean.</target>
       </trans-unit>
+      <trans-unit id="77ed46e12521792cd4b8d2040443b43b6df3dc25" resname="middleware_client.dto.configuration.verify_email.must_be_boolean">
+        <source>middleware_client.dto.configuration.verify_email.must_be_boolean</source>
+        <target state="new">middleware_client.dto.configuration.verify_email.must_be_boolean</target>
+      </trans-unit>
       <trans-unit id="f033a6177f4f371fbc302f07a6b8c67ec8b46549" resname="middleware_client.dto.identity.common_name.must_be_string">
         <source>middleware_client.dto.identity.common_name.must_be_string</source>
         <target>Remote identity common name must be a string.</target>
@@ -418,10 +422,6 @@
         <source>ra.search_ra_second_factors.status.invalid_choice</source>
         <target>Cannot filter by given status.</target>
       </trans-unit>
-      <trans-unit id="35adfd1c62274a4757400abb4c2cb8a4d7d295c6" resname="ra.search_ra_second_factors.type.invalid_choice">
-        <source>ra.search_ra_second_factors.type.invalid_choice</source>
-        <target>Cannot filter by given token type.</target>
-      </trans-unit>
       <trans-unit id="25f28c755234f7056ca31e9a493447c1f328fbfd" resname="ra.start_vetting_procedure.registration_code.may_not_be_empty">
         <source>ra.start_vetting_procedure.registration_code.may_not_be_empty</source>
         <target>Please enter the registration code the user has received by e-mail</target>

diff --git a/app/Resources/translations/validators.nl_NL.xliff b/app/Resources/translations/validators.nl_NL.xliff
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2018-01-22T13:36:17Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
+  <file date="2018-03-12T10:12:23Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
@@ -19,6 +19,10 @@
         <target xml:space="preserve">Use RA locations option must be boolean.
 </target>
       </trans-unit>
+      <trans-unit id="77ed46e12521792cd4b8d2040443b43b6df3dc25" resname="middleware_client.dto.configuration.verify_email.must_be_boolean">
+        <source>middleware_client.dto.configuration.verify_email.must_be_boolean</source>
+        <target state="new">middleware_client.dto.configuration.verify_email.must_be_boolean</target>
+      </trans-unit>
       <trans-unit id="f033a6177f4f371fbc302f07a6b8c67ec8b46549" resname="middleware_client.dto.identity.common_name.must_be_string">
         <source>middleware_client.dto.identity.common_name.must_be_string</source>
         <target>Remote identity common name must be a string.</target>
@@ -419,10 +423,6 @@
         <source>ra.search_ra_second_factors.status.invalid_choice</source>
         <target>Kan niet filteren op de opgegeven status.</target>
       </trans-unit>
-      <trans-unit id="35adfd1c62274a4757400abb4c2cb8a4d7d295c6" resname="ra.search_ra_second_factors.type.invalid_choice">
-        <source>ra.search_ra_second_factors.type.invalid_choice</source>
-        <target>Kan niet filteren op het opgegeven tokentype.</target>
-      </trans-unit>
       <trans-unit id="25f28c755234f7056ca31e9a493447c1f328fbfd" resname="ra.start_vetting_procedure.registration_code.may_not_be_empty">
         <source>ra.start_vetting_procedure.registration_code.may_not_be_empty</source>
         <target>Typ hier de registratiecode die de gebruiker per e-mail heeft ontvangen.</target>

diff --git a/app/config/samlstepupproviders.yml b/app/config/samlstepupproviders.yml
@@ -19,6 +19,7 @@ surfnet_stepup_ra_saml_stepup_provider:
                 sso_url: %gssp_tiqr_remote_sso_url%
                 certificate: %gssp_tiqr_remote_certificate%
             view_config:
+                title: %gssp_tiqr_title%
                 page_title: %gssp_tiqr_page_title%
                 explanation: %gssp_tiqr_explanation%
                 initiate: %gssp_tiqr_initiate%
@@ -36,6 +37,7 @@ surfnet_stepup_ra_saml_stepup_provider:
                 sso_url: %gssp_biometric_remote_sso_url%
                 certificate: %gssp_biometric_remote_certificate%
             view_config:
+                title: %gssp_biometric_title%
                 page_title: %gssp_biometric_page_title%
                 explanation: %gssp_biometric_explanation%
                 initiate: %gssp_biometric_initiate%

diff --git a/app/config/samlstepupproviders_parameters.yml.dist b/app/config/samlstepupproviders_parameters.yml.dist
@@ -6,6 +6,9 @@ parameters:
     gssp_tiqr_remote_entity_id: 'https://actual-gssp.entity-id.tld'
     gssp_tiqr_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url'
     gssp_tiqr_remote_certificate: 'The contents of the certificate published by the gssp'
+    gssp_tiqr_title:
+        en_GB: 'Tiqr'
+        nl_NL: 'Tiqr'
     gssp_tiqr_page_title:
         en_GB: 'EN ra.vetting.gssf.initiate.tiqr.title.page'
         nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.title.page'
@@ -25,6 +28,9 @@ parameters:
     gssp_biometric_remote_entity_id: 'https://actual-gssp.entity-id.tld'
     gssp_biometric_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url'
     gssp_biometric_remote_certificate: 'The contents of the certificate published by the gssp'
+    gssp_biometric_title:
+        en_GB: 'Biometric'
+        nl_NL: 'Biometrisch'
     gssp_biometric_page_title:
         en_GB: 'EN ra.vetting.gssf.initiate.biometric.title.page'
         nl_NL: 'NL ra.vetting.gssf.initiate.biometric.title.page'

diff --git a/composer.json b/composer.json
@@ -24,7 +24,7 @@
         "jms/translation-bundle": "~1.3.0",
         "jms/di-extra-bundle": "~1.4.0",
         "surfnet/stepup-middleware-client-bundle": "^2.0",
-        "surfnet/stepup-bundle": "^3.0",
+        "surfnet/stepup-bundle": "^3.2",
         "surfnet/stepup-u2f-bundle": "dev-develop",
         "guzzlehttp/guzzle": "^6",
         "knplabs/knp-paginator-bundle": "~2.4",

diff --git a/composer.lock b/composer.lock
diff --git a/src/Surfnet/StepupRa/RaBundle/Command/ExportRaSecondFactorsCommand.php b/src/Surfnet/StepupRa/RaBundle/Command/ExportRaSecondFactorsCommand.php
@@ -41,8 +41,6 @@ final class ExportRaSecondFactorsCommand
     public $name;
 
     /**
-     * @Assert\Choice({"sms", "yubikey", "tiqr"}, message="ra.search_ra_second_factors.type.invalid_choice")
-     *
      * @var string|null
      */
     public $type;

diff --git a/src/Surfnet/StepupRa/RaBundle/Command/SearchRaSecondFactorsCommand.php b/src/Surfnet/StepupRa/RaBundle/Command/SearchRaSecondFactorsCommand.php
@@ -41,8 +41,6 @@ final class SearchRaSecondFactorsCommand
     public $name;
 
     /**
-     * @Assert\Choice({"sms", "yubikey", "tiqr"}, message="ra.search_ra_second_factors.type.invalid_choice")
-     *
      * @var string|null
      */
     public $type;

diff --git a/src/Surfnet/StepupRa/RaBundle/Controller/Vetting/GssfController.php b/src/Surfnet/StepupRa/RaBundle/Controller/Vetting/GssfController.php
@@ -254,8 +254,8 @@ private function getVettingService()
      */
     private function renderInitiateForm($procedureId, $provider, array $parameters = [])
     {
-        /** @var ViewConfig $secondFactorConfig */
-        $secondFactorConfig = $this->get("gssp.view_config.{$provider}");
+        $collection = $this->get("surfnet_stepup.provider.collection");
+        $secondFactorConfig = $collection->getByIdentifier($provider);
 
         $form = $this->createForm(
             'ra_initiate_gssf',

diff --git a/src/Surfnet/StepupRa/RaBundle/Form/Extension/SecondFactorTypeChoiceList.php b/src/Surfnet/StepupRa/RaBundle/Form/Extension/SecondFactorTypeChoiceList.php
@@ -0,0 +1,104 @@
+<?php
+
+/**
+ * Copyright 2018 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupRa\RaBundle\Form\Extension;
+
+use Psr\Log\LoggerInterface;
+use Surfnet\StepupBundle\Service\SecondFactorTypeService;
+use Surfnet\StepupBundle\Service\SecondFactorTypeTranslationService;
+
+/**
+ * Used to build a choice list of second factor types
+ *
+ * Second factor types are indexed on their identifier. Some examples: 'sms', 'tiqr', 'u2f'. These not very human
+ * readable keys are linked to a more human readable value which is read from the translator. This results in an
+ * associative array like this:
+ *
+ * [
+ *     'sms' => 'SMS',
+ *     'yubi' => 'Yubikey',
+ *     'tiqr' => 'Tiqr'
+ * ]
+ *
+ * A message is logged when the second factor type id cannot be translated. Second factor type id's that cannot be
+ * translated, are not added to the choice list.
+ */
+class SecondFactorTypeChoiceList
+{
+    /**
+     * @var SecondFactorTypeService
+     */
+    private $secondFactorTypeService;
+
+    /**
+     * @var SecondFactorTypeTranslationService
+     */
+    private $translator;
+
+    /**
+     * @var LoggerInterface
+     */
+    private $logger;
+
+    /**
+     * @param SecondFactorTypeService $service
+     * @param SecondFactorTypeTranslationService $translator
+     */
+    public function __construct(
+        SecondFactorTypeService $service,
+        SecondFactorTypeTranslationService $translator,
+        LoggerInterface $logger
+    ) {
+        $this->secondFactorTypeService = $service;
+        $this->translator = $translator;
+        $this->logger = $logger;
+    }
+
+    /**
+     * @return array
+     */
+    public function create()
+    {
+        $selectOptions = [];
+        $collection = $this->secondFactorTypeService->getAvailableSecondFactorTypes();
+
+        sort($collection);
+
+        foreach ($collection as $sfTypeIdentifier) {
+
+            $translation = $this->translator->translate(
+                $sfTypeIdentifier,
+                'ra.form.ra_search_ra_second_factors.choice.type.%s'
+            );
+
+            // Test if the translator was able to translate the second factor type
+            if ($sfTypeIdentifier === $translation) {
+                $this->logger->warning(
+                    sprintf(
+                        'Unable to add a filter option on the second factor type select list for type: "%s"',
+                        $sfTypeIdentifier
+                    )
+                );
+                continue;
+            }
+            $selectOptions[$sfTypeIdentifier] = $translation;
+        }
+
+        return $selectOptions;
+    }
+}
diff --git a/src/Surfnet/StepupRa/RaBundle/Form/Type/SearchRaSecondFactorsType.php b/src/Surfnet/StepupRa/RaBundle/Form/Type/SearchRaSecondFactorsType.php
@@ -18,24 +18,31 @@
 
 namespace Surfnet\StepupRa\RaBundle\Form\Type;
 
+use Surfnet\StepupRa\RaBundle\Form\Extension\SecondFactorTypeChoiceList;
 use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
 
 class SearchRaSecondFactorsType extends AbstractType
 {
+    /**
+     * @var SecondFactorTypeChoiceList
+     */
+    private $secondFactorTypeChoiseList;
+
+    public function __construct(SecondFactorTypeChoiceList $secondFactorTypeChoiceList)
+    {
+        $this->secondFactorTypeChoiseList = $secondFactorTypeChoiceList;
+    }
+
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
         $builder->add('name', null, [
             'label' => 'ra.form.ra_search_ra_second_factors.label.name',
         ]);
         $builder->add('type', 'choice', [
             'label' => 'ra.form.ra_search_ra_second_factors.label.type',
-            'choices' => [
-                'sms'     => 'ra.form.ra_search_ra_second_factors.choice.type.sms',
-                'yubikey' => 'ra.form.ra_search_ra_second_factors.choice.type.yubikey',
-                'tiqr'    => 'ra.form.ra_search_ra_second_factors.choice.type.tiqr',
-            ],
+            'choices' => $this->secondFactorTypeChoiseList->create(),
             'required' => false,
         ]);
         $builder->add('secondFactorId', null, [

diff --git a/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml b/src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml
@@ -48,6 +48,8 @@ services:
 
     ra.form.type.search_ra_second_factors:
         class: Surfnet\StepupRa\RaBundle\Form\Type\SearchRaSecondFactorsType
+        arguments:
+            - "@ra.form.extension.second_factor_type_choice_list"
         tags: [{ name: form.type, alias: ra_search_ra_second_factors }]
 
     ra.form.type.ra_revoke_second_factor:
@@ -88,6 +90,13 @@ services:
         arguments:
             - "@surfnet_stepup_middleware_client.identity.service.institution_listing"
 
+    ra.form.extension.second_factor_type_choice_list:
+        class: Surfnet\StepupRa\RaBundle\Form\Extension\SecondFactorTypeChoiceList
+        arguments:
+            - "@surfnet_stepup.service.second_factor_type"
+            - "@surfnet_stepup.service.second_factor_type_translator"
+            - "@logger"
+
     # Services
     ra.service.vetting:
         class: Surfnet\StepupRa\RaBundle\Service\VettingService
@@ -268,3 +277,10 @@ services:
         class: Surfnet\StepupRa\RaBundle\Twig\InstitutionConfigurationOptions
         arguments:
             - "@security.token_storage"
+
+    ra.twig.second_factor_type:
+        class: Surfnet\StepupRa\RaBundle\Twig\Extensions\Extension\SecondFactorType
+        arguments:
+            - "@surfnet_stepup.service.second_factor_type_translator"
+        tags:
+            - { name : twig.extension }
diff --git a/src/Surfnet/StepupRa/RaBundle/Resources/views/SecondFactor/auditLog.html.twig b/src/Surfnet/StepupRa/RaBundle/Resources/views/SecondFactor/auditLog.html.twig
@@ -30,7 +30,7 @@
             {% for logEntry in auditLog.elements %}
                 <tr>
                     <td>{{ logEntry.secondFactorIdentifier }}</td>
-                    <td>{{ logEntry.secondFactorType }}</td>
+                    <td>{{ logEntry.secondFactorType|trans_second_factor_type }}</td>
                     <td>{{ ('ra.auditlog.action.' ~ logEntry.action)|trans }}</td>
                     <td><time datetime="{{ logEntry.recordedOn.format('c') }}">{{ logEntry.recordedOn.format("Y-m-d H:i e") }}</time></td>
                     <td>{{ logEntry.actorCommonName }}</td>

diff --git a/src/Surfnet/StepupRa/RaBundle/Resources/views/SecondFactor/search.html.twig b/src/Surfnet/StepupRa/RaBundle/Resources/views/SecondFactor/search.html.twig
@@ -30,7 +30,7 @@
                     {% for secondFactor in secondFactors.elements %}
                         <tr>
                             <td>{{ secondFactor.secondFactorId }}</td>
-                            <td>{{ ('ra.second_factor.search.type.'~secondFactor.type)|trans }}</td>
+                            <td>{{ secondFactor.type|trans_second_factor_type }}</td>
                             <td>{{ secondFactor.name }}</td>
                             <td>{{ secondFactor.email }}</td>
                             <td>{% if secondFactor.documentNumber is not empty %}{{ secondFactor.documentNumber}}{% else %}&mdash;{% endif %}</td>

diff --git a/src/Surfnet/StepupRa/RaBundle/Resources/views/Vetting/secondFactorTypeDisabled.html.twig b/src/Surfnet/StepupRa/RaBundle/Resources/views/Vetting/secondFactorTypeDisabled.html.twig
@@ -7,7 +7,7 @@
         <div class="col-sm-12">
             <h2>{{ block('page_title') }}</h2>
 
-            <p>{{ ('ra.vetting.second_factor_type_disabled.text.explanation.' ~ secondFactorType)|trans }}</p>
+            <p>{{ 'ra.vetting.second_factor_type_disabled.text.explanation'|trans({'%token_name%': secondFactorType|trans_second_factor_type}) }}</p>
         </div>
     </div>
 {% endblock %}