Skip to content

Commit

Permalink
Allow test authentication to pass through Saml bundle authn
Browse files Browse the repository at this point in the history
  • Loading branch information
MKodde authored and parijke committed May 23, 2024
1 parent f9e0242 commit a58ca0d
Showing 1 changed file with 7 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@
use Surfnet\StepupBundle\Service\LoaResolutionService;
use Surfnet\StepupBundle\Value\Loa;
use Surfnet\StepupSelfService\SelfServiceBundle\Controller\SelfVet\SelfVetController;
use Surfnet\StepupSelfService\SelfServiceBundle\Security\Authentication\SamlAuthenticationStateHandler;
use Surfnet\StepupSelfService\SelfServiceBundle\Security\Authentication\Session\SessionStorage;
use Surfnet\StepupSelfService\SelfServiceBundle\Service\SecondFactorService;
use Surfnet\StepupSelfService\SelfServiceBundle\Service\SelfAssertedTokens\RecoveryTokenState;
use Surfnet\StepupSelfService\SelfServiceBundle\Service\TestSecondFactor\TestAuthenticationRequestFactory;
Expand Down Expand Up @@ -63,6 +65,7 @@ public function __construct(
private readonly LoaResolutionService $loaResolutionService,
private readonly MetadataFactory $metadataFactory,
private readonly SamlAuthenticationLogger $samlAuthenticationLogger,
private readonly SessionStorage $authenticationStateHandler,
private readonly TestAuthenticationRequestFactory $testAuthenticationRequestFactory,
private readonly RedirectBinding $redirectBinding,
private readonly PostBinding $postBinding,
Expand Down Expand Up @@ -103,7 +106,7 @@ public function testSecondFactor(): RedirectResponse
$this->loaResolutionService->getLoaByLevel(Loa::LOA_SELF_VETTED),
);

$this->requestStack->getSession()->set('second_factor_test_request_id', $authenticationRequest->getRequestId());
$this->authenticationStateHandler->setRequestId($authenticationRequest->getRequestId());

$samlLogger = $this->samlAuthenticationLogger->forAuthentication($authenticationRequest->getRequestId());
$samlLogger->notice('Sending authentication request to the second factor test IDP');
Expand Down Expand Up @@ -135,17 +138,17 @@ public function consumeAssertion(Request $httpRequest): Response
// verification a different session id is used to mark the authentication.
return $this->forward('Surfnet\StepupSelfService\SelfServiceBundle\Controller\RecoveryTokenController::stepUpConsumeAssertion');
}
if (!$session->has('second_factor_test_request_id')) {
if (!$this->authenticationStateHandler->hasRequestId()) {
$this->logger->error(
'Received an authentication response for testing a second factor, but no second factor test response was expected',
);

throw new AccessDeniedHttpException('Did not expect an authentication response');
}
$this->logger->notice('Received an authentication response for testing a second factor');
$initiatedRequestId = $session->get('second_factor_test_request_id');
$initiatedRequestId = $this->authenticationStateHandler->getRequestId();
$samlLogger = $this->samlAuthenticationLogger->forAuthentication($initiatedRequestId);
$session->remove('second_factor_test_request_id');
$this->authenticationStateHandler->clearRequestId();
try {
$assertion = $this->postBinding->processResponse(
$httpRequest,
Expand Down

0 comments on commit a58ca0d

Please sign in to comment.