Use secure cookie feature from stepup-gateway

.github/dependabot.yml

@@ -2,6 +2,12 @@ version: 2
 updates:
   - package-ecosystem: "composer"
     directory: "/"
+    schedule:
+      interval: "weekly"
     ignore:
       - dependency-name: "symfony/*"
-        update-types: ["version-update:semver-major"]
+        update-types: ["version-update:semver-major"]
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"

assets/typescript/AuthenticationPageService.ts

@@ -134,6 +134,7 @@ export class AuthenticationPageService {
         this.switchToNotificationFailed();
         break;
       case 'no-device':
+      case 'no-trusted-device':
         this.switchToNoDevice();
         break;
     }

assets/typescript/__test__/AuthenticationPageService.test.ts

@@ -231,6 +231,15 @@ describe('AuthenticationPageService', () => {
       expect(spy).toBeCalled();
     });
 
+    it('Should show qr when there is no trusted-device cookie', () => {
+      if (!successCallback || !errorCallback) {
+        throw new Error('Should have started notification request');
+      }
+      const spy = jest.spyOn(context.authenticationPageService, 'switchToNoDevice');
+      successCallback('no-trusted-device');
+      expect(spy).toBeCalled();
+    });
+
     it('Should handle connection errors', () => {
       if (!successCallback || !errorCallback) {
         throw new Error('Should have started notification request');

ci/qa/phpstan-baseline.neon

@@ -181,7 +181,7 @@ parameters:
 			path: ../../dev/FileLogger.php
 
 		-
-			message: "#^Method Surfnet\\\\Tiqr\\\\Dev\\\\FileLogger\\:\\:log\\(\\) has parameter \\$message with no type specified\\.$#"
+			message: "#^Parameter \\#1 \\$record of method League\\\\Csv\\\\Writer\\:\\:insertOne\\(\\) expects array\\<float\\|int\\|string\\|Stringable\\|null\\>, array\\<int, mixed\\> given\\.$#"
 			count: 1
 			path: ../../dev/FileLogger.php
 
@@ -240,11 +240,6 @@ parameters:
 			count: 1
 			path: ../../src/Controller/TiqrAppApiController.php
 
-		-
-			message: "#^Parameter \\#2 \\$notificationType of method Surfnet\\\\Tiqr\\\\Controller\\\\TiqrAppApiController\\:\\:loginAction\\(\\) expects string, mixed given\\.$#"
-			count: 1
-			path: ../../src/Controller/TiqrAppApiController.php
-
 		-
 			message: "#^Parameter \\#2 \\$secret of method Surfnet\\\\Tiqr\\\\Tiqr\\\\TiqrUserRepositoryInterface\\:\\:createUser\\(\\) expects string, mixed given\\.$#"
 			count: 1
@@ -255,16 +250,6 @@ parameters:
 			count: 2
 			path: ../../src/Controller/TiqrAppApiController.php
 
-		-
-			message: "#^Parameter \\#3 \\$notificationAddress of method Surfnet\\\\Tiqr\\\\Controller\\\\TiqrAppApiController\\:\\:loginAction\\(\\) expects string, mixed given\\.$#"
-			count: 1
-			path: ../../src/Controller/TiqrAppApiController.php
-
-		-
-			message: "#^Parameter \\#3 \\$notificationType of method Surfnet\\\\Tiqr\\\\Controller\\\\TiqrAppApiController\\:\\:registerAction\\(\\) expects string, mixed given\\.$#"
-			count: 1
-			path: ../../src/Controller/TiqrAppApiController.php
-
 		-
 			message: "#^Parameter \\#3 \\$response of method Surfnet\\\\Tiqr\\\\Tiqr\\\\AuthenticationRateLimitServiceInterface\\:\\:authenticate\\(\\) expects string, mixed given\\.$#"
 			count: 1
@@ -275,11 +260,6 @@ parameters:
 			count: 2
 			path: ../../src/Controller/TiqrAppApiController.php
 
-		-
-			message: "#^Parameter \\#4 \\$notificationAddress of method Surfnet\\\\Tiqr\\\\Controller\\\\TiqrAppApiController\\:\\:registerAction\\(\\) expects string, mixed given\\.$#"
-			count: 1
-			path: ../../src/Controller/TiqrAppApiController.php
-
 		-
 			message: "#^Method Surfnet\\\\Tiqr\\\\DependencyInjection\\\\Configuration\\:\\:createBlockingConfig\\(\\) has no return type specified\\.$#"
 			count: 1
@@ -332,7 +312,7 @@ parameters:
 
 		-
 			message: "#^Call to an undefined method Behat\\\\Mink\\\\Driver\\\\DriverInterface\\:\\:getClient\\(\\)\\.$#"
-			count: 2
+			count: 5
 			path: ../../src/Features/Context/TiqrContext.php
 
 		-
@@ -342,7 +322,7 @@ parameters:
 
 		-
 			message: "#^Cannot access offset 'sari' on mixed\\.$#"
-			count: 2
+			count: 3
 			path: ../../src/Features/Context/TiqrContext.php
 
 		-
@@ -352,12 +332,12 @@ parameters:
 
 		-
 			message: "#^Cannot access offset 1 on mixed\\.$#"
-			count: 1
+			count: 2
 			path: ../../src/Features/Context/TiqrContext.php
 
 		-
 			message: "#^Cannot access offset 2 on mixed\\.$#"
-			count: 1
+			count: 2
 			path: ../../src/Features/Context/TiqrContext.php
 
 		-
@@ -372,7 +352,7 @@ parameters:
 
 		-
 			message: "#^Cannot use array destructuring on mixed\\.$#"
-			count: 1
+			count: 2
 			path: ../../src/Features/Context/TiqrContext.php
 
 		-

composer.json

@@ -17,6 +17,7 @@
     "ext-zlib": "*",
     "incenteev/composer-parameter-handler": "^2.2",
     "openconext/monitor-bundle": "^4.3.1",
+    "paragonie/halite": "^5.1",
     "surfnet/stepup-bundle": "^6.0.17",
     "surfnet/stepup-gssp-bundle": "^5.1",
     "surfnet/stepup-saml-bundle": "^6.1",
@@ -48,7 +49,6 @@
     "khanamiryan/qrcode-detector-decoder": "^2.0.2",
     "league/csv": "^9.18",
     "malukenho/docheader": "^1.1",
-    "mockery/mockery": "^1.6.12",
     "overtrue/phplint": ">=9.4.2",
     "phpmd/phpmd": "^2.15",
     "phpstan/phpstan": "^1.12.11",
@@ -87,6 +87,7 @@
     "unit-tests": "./ci/qa/phpunit",
     "behat": "./ci/qa/behat",
     "jest": "./ci/qa/jest",
+    "jscpd": "./ci/qa/jscpd",
     "encore": [
       "yarn encore production"
     ],