Skip to content

Commit

Permalink
Merge pull request #139 from OpenConext/feature/gssp-add-through-conf…
Browse files Browse the repository at this point in the history
…iguration

Feature/gssp add through configuration
  • Loading branch information
MKodde authored Jul 10, 2017
2 parents 22a0d85 + c6fe2f0 commit 79ef1f5
Show file tree
Hide file tree
Showing 24 changed files with 492 additions and 215 deletions.
106 changes: 33 additions & 73 deletions app/Resources/translations/messages.en_GB.xliff

Large diffs are not rendered by default.

106 changes: 33 additions & 73 deletions app/Resources/translations/messages.nl_NL.xliff

Large diffs are not rendered by default.

6 changes: 5 additions & 1 deletion app/Resources/translations/validators.en_GB.xliff
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
<?xml version="1.0" encoding="utf-8"?>
<xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
<file date="2016-11-03T10:43:41Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
<file date="2017-06-15T15:47:57Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
<header>
<tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
<note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
</header>
<body>
<trans-unit id="9fe9614ee06100ffa9474b193d1aec7a4c1d1334" resname="middleware_client.dto.configuration.allowed_second_factors.must_be_array">
<source>middleware_client.dto.configuration.allowed_second_factors.must_be_array</source>
<target state="new">middleware_client.dto.configuration.allowed_second_factors.must_be_array</target>
</trans-unit>
<trans-unit id="e921db3beb8170142aa4dcd8c364595343b6fc64" resname="middleware_client.dto.configuration.show_raa_contact_information.must_be_boolean">
<source>middleware_client.dto.configuration.show_raa_contact_information.must_be_boolean</source>
<target>Show RAA Contact Information option must be boolean.</target>
Expand Down
6 changes: 5 additions & 1 deletion app/Resources/translations/validators.nl_NL.xliff
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
<?xml version="1.0" encoding="utf-8"?>
<xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
<file date="2016-11-03T10:45:46Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
<file date="2017-06-15T15:47:50Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
<header>
<tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
<note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
</header>
<body>
<trans-unit id="9fe9614ee06100ffa9474b193d1aec7a4c1d1334" resname="middleware_client.dto.configuration.allowed_second_factors.must_be_array">
<source>middleware_client.dto.configuration.allowed_second_factors.must_be_array</source>
<target state="new">middleware_client.dto.configuration.allowed_second_factors.must_be_array</target>
</trans-unit>
<trans-unit id="e921db3beb8170142aa4dcd8c364595343b6fc64" resname="middleware_client.dto.configuration.show_raa_contact_information.must_be_boolean">
<source>middleware_client.dto.configuration.show_raa_contact_information.must_be_boolean</source>
<target>Show RAA Contact Information option must be boolean.</target>
Expand Down
1 change: 1 addition & 0 deletions app/config/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ services:
surfnet_stepup_ra_ra:
required_loa: %loa_required_for_login%
enabled_second_factors: %enabled_second_factors%
enabled_generic_second_factors: %enabled_generic_second_factors%
session_lifetimes:
max_absolute_lifetime: "%session_max_absolute_lifetime%"
max_relative_lifetime: "%session_max_relative_lifetime%"
Expand Down
5 changes: 5 additions & 0 deletions app/config/parameters.yml.dist
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ parameters:
enabled_second_factors:
- sms
- yubikey
enabled_generic_second_factors:
biometric:
loa: 3
tiqr:
loa: 3
graylog_hostname: 'g2-dev.stepup.coin.surf.net'
asset_version: 1

Expand Down
10 changes: 10 additions & 0 deletions app/config/samlstepupproviders.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,11 @@ surfnet_stepup_ra_saml_stepup_provider:
entity_id: %gssp_tiqr_remote_entity_id%
sso_url: %gssp_tiqr_remote_sso_url%
certificate: %gssp_tiqr_remote_certificate%
view_config:
page_title: %gssp_tiqr_page_title%
explanation: %gssp_tiqr_explanation%
initiate: %gssp_tiqr_initiate%
gssf_id_mismatch: %gssp_tiqr_gssf_id_mismatch%
biometric:
hosted:
service_provider:
Expand All @@ -30,3 +35,8 @@ surfnet_stepup_ra_saml_stepup_provider:
entity_id: %gssp_biometric_remote_entity_id%
sso_url: %gssp_biometric_remote_sso_url%
certificate: %gssp_biometric_remote_certificate%
view_config:
page_title: %gssp_biometric_page_title%
explanation: %gssp_biometric_explanation%
initiate: %gssp_biometric_initiate%
gssf_id_mismatch: %gssp_biometric_gssf_id_mismatch%
24 changes: 24 additions & 0 deletions app/config/samlstepupproviders_parameters.yml.dist
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,34 @@ parameters:
gssp_tiqr_remote_entity_id: 'https://actual-gssp.entity-id.tld'
gssp_tiqr_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url'
gssp_tiqr_remote_certificate: 'The contents of the certificate published by the gssp'
gssp_tiqr_page_title:
en_GB: 'EN ra.vetting.gssf.initiate.tiqr.title.page'
nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.title.page'
gssp_tiqr_explanation:
en_GB: 'EN ra.vetting.gssf.initiate.tiqr.text.explanation'
nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.text.explanation'
gssp_tiqr_initiate:
en_GB: 'EN ra.vetting.gssf.initiate.tiqr.button.initiate'
nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.button.initiate'
gssp_tiqr_gssf_id_mismatch:
en_GB: 'EN ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch'
nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch'
gssp_biometric_sp_publickey: '/full/path/to/the/gateway-as-sp/public-key-file.cer'
gssp_biometric_sp_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem'
gssp_biometric_metadata_publickey: '/full/path/to/the/gateway-metadata/public-key-file.cer'
gssp_biometric_metadata_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem'
gssp_biometric_remote_entity_id: 'https://actual-gssp.entity-id.tld'
gssp_biometric_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url'
gssp_biometric_remote_certificate: 'The contents of the certificate published by the gssp'
gssp_biometric_page_title:
en_GB: 'EN ra.vetting.gssf.initiate.biometric.title.page'
nl_NL: 'NL ra.vetting.gssf.initiate.biometric.title.page'
gssp_biometric_explanation:
en_GB: 'EN ra.vetting.gssf.initiate.biometric.text.explanation'
nl_NL: 'NL ra.vetting.gssf.initiate.biometric.text.explanation'
gssp_biometric_initiate:
en_GB: 'EN ra.vetting.gssf.initiate.biometric.button.initiate'
nl_NL: 'NL ra.vetting.gssf.initiate.biometric.button.initiate'
gssp_biometric_gssf_id_mismatch:
en_GB: 'EN ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch'
nl_NL: 'NL ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch'
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
"jms/di-extra-bundle": "~1.4.0",
"surfnet/stepup-middleware-client-bundle": "^2.0",
"surfnet/stepup-saml-bundle": "^2.5",
"surfnet/stepup-bundle": "^1.7",
"surfnet/stepup-bundle": "^2.0",
"surfnet/stepup-u2f-bundle": "dev-develop",
"guzzlehttp/guzzle": "^6",
"knplabs/knp-paginator-bundle": "~2.4",
Expand Down
16 changes: 8 additions & 8 deletions composer.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
use Surfnet\SamlBundle\SAML2\Response\Assertion\InResponseTo;
use Surfnet\StepupRa\RaBundle\Exception\RuntimeException;
use Surfnet\StepupRa\RaBundle\Service\VettingService;
use Surfnet\StepupRa\SamlStepupProviderBundle\Provider\ViewConfig;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
Expand Down Expand Up @@ -253,11 +254,28 @@ private function getVettingService()
*/
private function renderInitiateForm($procedureId, $provider, array $parameters = [])
{
$form = $this->createForm('ra_initiate_gssf', null, ['procedureId' => $procedureId, 'provider' => $provider]);
/** @var ViewConfig $secondFactorConfig */
$secondFactorConfig = $this->get("gssp.view_config.{$provider}");

$form = $this->createForm(
'ra_initiate_gssf',
null,
[
'procedureId' => $procedureId,
'provider' => $provider,
/** @Ignore from translation message extraction */
'label' => $secondFactorConfig->getInitiate()
]
);

$templateParameters = array_merge(
$parameters,
['form' => $form->createView(), 'procedureId' => $procedureId, 'provider' => $provider]
[
'form' => $form->createView(),
'procedureId' => $procedureId,
'provider' => $provider,
'secondFactorConfig' => $secondFactorConfig
]
);

return $this->render('SurfnetStepupRaRaBundle:Vetting/Gssf:initiate.html.twig', $templateParameters);
Expand Down
31 changes: 10 additions & 21 deletions src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,6 @@

namespace Surfnet\StepupRa\RaBundle\DependencyInjection;

use Surfnet\StepupBundle\Exception\DomainException;
use Surfnet\StepupBundle\Exception\InvalidArgumentException;
use Surfnet\StepupBundle\Value\SecondFactorType;
use Symfony\Component\Config\Definition\Builder\NodeBuilder;
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface;
Expand Down Expand Up @@ -68,25 +65,17 @@ private function appendSecondFactorTypesConfiguration(NodeBuilder $childNodes)
->arrayNode('enabled_second_factors')
->isRequired()
->prototype('scalar')
->validate()
->ifTrue(
function ($type) {
try {
new SecondFactorType($type);
} catch (InvalidArgumentException $e) {
return true;
} catch (DomainException $e) {
return true;
}
}
)
->thenInvalid(
'Enabled second factor type "%s" is not one of the valid types. See SecondFactorType'
)
->end()
->end();
$childNodes
->arrayNode('enabled_generic_second_factors')
->isRequired()
->prototype('array')
->children()
->scalarNode('loa')
->isRequired()
->info('The lao level of the Gssf')
->end()
->end()
->end();
->end();
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,11 @@ public function load(array $configs, ContainerBuilder $container)
// inject the required loa as parameter into the service container
$container->setParameter('surfnet_stepup_ra.security.required_loa', $config['required_loa']);

$container->setParameter('surfnet_stepup_ra.enabled_second_factors', $config['enabled_second_factors']);
$gssfSecondFactors = array_keys($config['enabled_generic_second_factors']);
$container->setParameter(
'surfnet_stepup_ra.enabled_second_factors',
array_merge($config['enabled_second_factors'], $gssfSecondFactors)
);

$container->setParameter(
'ra.security.authentication.session.maximum_absolute_lifetime_in_seconds',
Expand Down
3 changes: 2 additions & 1 deletion src/Surfnet/StepupRa/RaBundle/Form/Type/InitiateGssfType.php
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,8 @@ public function buildForm(FormBuilderInterface $builder, array $options)
$builder
->add('submit', 'submit', [
'attr' => ['class' => 'btn btn-primary'],
'label' => /** @Ignore */ 'ra.vetting.gssf.initiate.' . $options['provider'] . '.button.initiate'
/** @Ignore */
'label' => $options['label']
])
->setAction($action);
}
Expand Down
2 changes: 2 additions & 0 deletions src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ services:
- "@ra.repository.vetting_procedure"
- "@translator"
- "@ra.service.identity"
- "@surfnet_stepup.service.second_factor_type"

ra.service.yubikey:
public: false
Expand Down Expand Up @@ -185,6 +186,7 @@ services:
- "@surfnet_stepup_middleware_client.identity.service.ra_candidate"
- "@ra.service.command"
- "@logger"
- "@surfnet_stepup.service.second_factor_type"

ra.service.ra_location:
class: Surfnet\StepupRa\RaBundle\Service\RaLocationService
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{% extends "::base.html.twig" %}

{% block page_title %}{{ ('ra.vetting.gssf.initiate.' ~ provider ~ '.title.page')|trans }}{% endblock %}
{% block page_title %}{{ secondFactorConfig.getPageTitle() }}{% endblock %}

{% block page_header %}
{{ parent() }}
Expand All @@ -11,12 +11,12 @@
{% block content %}
<h2>{{ block('page_title') }}</h2>

<p>{{ ('ra.vetting.gssf.initiate.' ~ provider ~ '.text.explanation')|trans }}</p>
<p>{{ secondFactorConfig.getExplanation() }}</p>

<hr>

{% if gssfIdMismatch is defined %}
<div class="alert alert-danger">{{ ('ra.vetting.gssf.initiate.' ~ provider ~ '.error.gssf_id_mismatch')|trans }}</div>
<div class="alert alert-danger">{{ secondFactorConfig.getGssfIdMismatch() }}</div>
{% endif %}
{{ form(form) }}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,16 +36,6 @@
{{ 'ra.second_factor.search.status.vetted'|trans }}
{{ 'ra.second_factor.search.status.revoked'|trans }}

{# GssfController #}
{{ ('ra.vetting.gssf.initiate.tiqr.title.page')|trans }}
{{ ('ra.vetting.gssf.initiate.tiqr.text.explanation')|trans }}
{{ ('ra.vetting.gssf.initiate.tiqr.button.initiate')|trans }}
{{ ('ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch')|trans }}
{{ ('ra.vetting.gssf.initiate.biometric.title.page')|trans }}
{{ ('ra.vetting.gssf.initiate.biometric.text.explanation')|trans }}
{{ ('ra.vetting.gssf.initiate.biometric.button.initiate')|trans }}
{{ ('ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch')|trans }}

{# RaRoleChoiceList labels #}
{{ ('ra.form.extension.ra_role_choice.ra'|trans) }}
{{ ('ra.form.extension.ra_role_choice.raa'|trans) }}
Expand Down
19 changes: 14 additions & 5 deletions src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
namespace Surfnet\StepupRa\RaBundle\Service;

use Psr\Log\LoggerInterface;
use Surfnet\StepupBundle\Service\SecondFactorTypeService;
use Surfnet\StepupBundle\Value\Loa;
use Surfnet\StepupBundle\Value\SecondFactorType;
use Surfnet\StepupMiddlewareClient\Identity\Dto\RaCandidateSearchQuery;
Expand All @@ -28,6 +29,9 @@
use Surfnet\StepupRa\RaBundle\Command\SearchRaCandidatesCommand;
use Surfnet\StepupRa\RaBundle\Exception\InvalidArgumentException;

/**
* @SuppressWarnings(PHPMD.CouplingBetweenObjects)
*/
class RaCandidateService
{
/**
Expand All @@ -45,14 +49,21 @@ class RaCandidateService
*/
private $logger;

/**
* @var SecondFactorTypeService
*/
private $secondFactorTypeService;

public function __construct(
ApiRaCandidateService $raCandidateService,
CommandService $commandService,
LoggerInterface $logger
LoggerInterface $logger,
SecondFactorTypeService $secondFactorTypeService
) {
$this->apiRaCandidateService = $raCandidateService;
$this->commandService = $commandService;
$this->logger = $logger;
$this->secondFactorTypeService = $secondFactorTypeService;
}

/**
Expand Down Expand Up @@ -129,13 +140,11 @@ public function accreditCandidate(AccreditCandidateCommand $command)
private function getLoa3SecondFactorTypes()
{
$loa3 = new Loa(Loa::LOA_3, 'LOA3');

return array_filter(
SecondFactorType::getAvailableSecondFactorTypes(),
$this->secondFactorTypeService->getAvailableSecondFactorTypes(),
function ($secondFactorType) use ($loa3) {
$secondFactorType = new SecondFactorType($secondFactorType);

return $secondFactorType->canSatisfy($loa3);
return $this->secondFactorTypeService->canSatisfy($secondFactorType, $loa3);
}
);
}
Expand Down
Loading

0 comments on commit 79ef1f5

Please sign in to comment.