Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Upgrade the app to use Symfony 6 and PHP 8.2 (#109)
* Upgrade Symfony requirements to ^6.3
* Kick Symfony 6 back into gear
Kind off.. Most accute issues have been addressed. Some details remain
to be fixed (in next commits)
* Move and reorganize SF config folder
* Adjust config to get app working again
* Remove Vagrant Homestead dev vm
Use the OpenConext devconf stepup environment instead
* Update Docker dev and prod images
- They should use the PHP82 base images.
- The prod container no longer overwrites the monolog config. This is now
set by default
- The parameters.yaml overwrite action was modified to use the new
config location
* Move linting tools to ci/qa
* Move composer lockfile validation to ci/qa
* Move docheader to ci/qa
* Move PHP CodeStyle to ci/qa folder
* Move PHP Copy paste detector to ci/qa
* Move PHP Mess Detectro to ci/qa
And cleaned up some mess while at it
* Add PHP Stan analysis and baseline script to ci/qa
* Move PHP unit to ci/qa
* Address PHPStan level 1-3 issues
* Address PHPStan level 4-6 issues
* Basslined PHPStan level 7-9 issues
The rule of diminishing returns applied here. Much effort should be put
into making the app and the infra it uses type safe on a higher level.
That was not worth it at this point.
* Repair PHPUnit tests
- The logger now wraps the context of the log message in {} curly
brackets, updated the snapshots accordingly.
- Some of the classes we used to mock are now marked as final in the
webauthn library. I now use a real instance of these options classes
to work around that. Seems to work just fine.
* Update Github Actions test-integration workflow
* Use Doctrine\Persistence\ManagerRepository
The SF bridge variant can not be autowired
* Update new Stepup-gssp-bundle
* Move .env parameters to parameters
The database url and the app secret are no longer configurable via the
env-vars. But need to be configured in the parameters.yaml file.
* Upgrade to Symfony 6.4
* Remove coverage reporting
We get these insights from other tools like scrutenizer.
* Upgrade the GSSP Bundle
* Tweak SURF SAML config
* Run and fix Rector code sniffer
* Upgrade code and config
By running through the app, some additional deprecations or other issues
are identified and taken care of
* Stop using dotenv in favour of parameters
* Prevent logo from sagging
* Repair Session Framework settings
The handler_id no longer exists and is replaced by the storage factory
id.
* Working on configuration
* Add the favicon to the images of the project
* Install composer updates
* Address some PHPStan issues
* Allow APP_ENV override from $_ENV
* Update component_info to modern day standards
* Ensure we build a PHP82 compat tarbal
* Upgrade Composer packages
Mainly to get the new Stepup-Bundle which fixes a parameter conversion
issue that we ran into with the PSR7 request
* Docker image: .env files are no longer used
* Add Scrutinizer.yml with same checks as SelfService
* Install Webauthn Stimulus.
* Setting up routing and Initializing WebAuthn options in browser
* Attempting to work around 'Unable to create the response object' error
* Draft for extending the AttestationStatementSupportManager.php to make allowed Attestatiostatements customisable.
* Setting default environment
* Fix for cannot autowire HttpMessageFactory by using https://symfony.com/doc/6.4/components/psr7.html
* Automatically start Registration flow by using the userEntity from the RegistrationController.php
* Remove Webauthn_id from parameters to resemble old situation
* These changes solve the PSR7Request autowiring issue in the AttestationResponseController.php they are more relevant to the 6.4 upgrade changes than the prototype
* Revert unneeded changes and remove the ./assets/typescript folder
* Adjust route names to more resemble their purpose, Add a AttestationRequestController.php to retrieve the Options from the store set in the registrationController, in order to resemble the old flow.
* Change $publicKeyCredentialSources collection type so it passes $this->userRegistrationRepository->saveUserEntity($publicKeyCredentialCreationOptions->user); in the AttestationResponseController.php
* Clean up AttestationResponseController.php
* PoC code: disabled a check in AttestationResponseController.php because it couldnt be fixed before the timebox of this PoC.
PLEASE REVERT IF EVER MERGING
* Removing Webauthn framework 5.0 deprecations
* Current bug sets duplicate certificate in $credentialSource , workaround for PoC, PLEASE REVERT IF EVER MERGING
* Docker: Set SetEnv HTTPS on in Apache
* GHA: Add action to build a test image
* Add smoketest parameters to override the default database used for testing
* Docker test image: Use zip in stead of tar for the composer archive. This makes sure long filenames can be used
* Docker: Remove the line to copy .env.dist to .env. No longer needed
* Docker test: Use busybox image to unzip
* Remove TS/RXJS/Ramda/React dependencies
They are not needed in the POST react app playing field. No need to keep
them here.
* Remove old TS related config
* Set the WebAuthn id on the client
* Set cookie_samesite to none
But require secure and http only to be 'true'
* Implement the registration process
Major changes: MDS validation is performed where previously we would do
a certificate check. Now we allow all FIDO verified certificates.
* Reinstate the old look and feel of the app
* Implement the authentication flow
For this, we also use the stimulus controller from the webauth library.
And we use the ty-in for the Spomky WebAuthn Symfony integration.
* Re-add missing saml_idp_publickey to parameters
* Upgrade NPM and Composer dependencies
* Remove unbound dependency requirements
* Correct copyright statements
* Optimize cache handling in MetadataStatementRepository
* Simplify ValidationJsonResponse api
The different error report methods that did add some verbosity to the
application, but did lead to additional class complexity were removed in
this commit. The app was updated to no longer call the old methods.
* Repaired QA test findings
Note of warning; 4 unit tests have been disabled. With the new mentality
of the webauthn library where we access all properties directly. Mocking
these has become very difficult. I was forced to skip 4 tests because of
this. We could investigate to repair the tests. Or to replace them with
the cypress tests @KarsanHAM has been building
* Update documentation
* Rename FIDO root certificate name
Renamed from fido2-mds.cer to root.crt
* Docker build enhancements:
- Add version info the environment of the container
- Upgrade github actions
* Remove remaining reference to cert folder
* Optimize the surfnet_saml.yaml
By merging the test and dev config to be the default config. And only
provide a prod override
* Upgrade the OpenConext Monitor Bundle
* Reformat registration.html.twig
* Add the other_ui field to public_key_credential_sources
* Implement error handling in JS
* Upgrade checkout action to v4
* Remove extra slash from mapping name
* Remove commented config
* Remove debug left-over
* Remove unneeded alias
* Simplify the Kernel
The MicroKernelTrait provides 90% of all logic for the kernel
We only need the getProjectDir implementation.
* Update baseline after code changes
Some namespace changes needed an update of the existing baseline
* Improve AuthenticatorStatusValidators logging
* Change WebAuthn config
1. The attestation conveyance is reset to NONE, it was previously
enabled to allow for vendor certificate based attestation.
* Do not prefer the resident_key
* Sync the monolog config
* Also the /internal/{info,health} paths must be publically available
---------
Co-authored-by: Bart Geesink <[email protected]>
Co-authored-by: KarsanHAM <[email protected]>
Co-authored-by: Thijs Kinkhorst <[email protected]>- Loading branch information
4 people
authored
Apr 18, 2024
1 parent
0fb7ff8
commit 4f42611