diff --git a/ci/config/gateway/gateway_gssp_sp.crt b/ci/config/gateway/gateway_gssp_sp.crt new file mode 100644 index 00000000..e1274265 --- /dev/null +++ b/ci/config/gateway/gateway_gssp_sp.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEDTCCAnUCFBMocfuF+dFtf+GObdEWZPt1MghZMA0GCSqGSIb3DQEBCwUAMEMx +GDAWBgNVBAMMD0dhdGV3YXkgVGlxciBTUDEnMCUGA1UECgweRGV2ZWxvcG1lbnQg +RG9ja2VyIGVudmlyb25tZW50MB4XDTIzMDUyNTA5MzMyMFoXDTI4MDUyMzA5MzMy +MFowQzEYMBYGA1UEAwwPR2F0ZXdheSBUaXFyIFNQMScwJQYDVQQKDB5EZXZlbG9w +bWVudCBEb2NrZXIgZW52aXJvbm1lbnQwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw +ggGKAoIBgQDh+7sR9nMukFww2qOa1mBe4DmzBq3PCWcD012kmaYC83rvsWSvQRNX +PnP/ZiKKVCaq32cEQZL30Tu5E7IL/41Uitc8m6STwG9G4t+rwEzcXup3dPKh026T +IsfcZGS3aVWvF+K6xfu7Tq64PPL1ZuwGLf9+EmgH+l1Snoyf1pn4YtVTb4O5ihPN +GINxJI4lwrHM7QihSjZTkyMD8gsfNTouVtLOWKptw6Sv2UPeRQm8XQUAEjI0UMF3 +vcoZzd81OCNeM3QuNRibSRKc1lf88TE1nQg3GzOjB1trPfiRY15/8QBXSnsxcEjZ +mSF7wOuiZakAlM/AiybxL08hTtPtQsJEBlIIKALClV6i4ladLwho4LTkrHURnKDP +J1CBCbQ3PE1gqiRTlXX0e4SUVQceSnMPQv3ROuN7KT4jZOCKxWFB3DuXZTM0/YiP +kXXOjWNEdtlHcFg/eLxhZcMyQfXXVNHNcHQqqq2hUojP6EkMQSEGvz6sNjrTn1pR +bu5PWuNtwIsCAwEAATANBgkqhkiG9w0BAQsFAAOCAYEA03dkEyU9jjC2m4ggBqs2 +0CM+/n52DUm4TbbvgYYsDLYfrvr1Rqw5Nlp3lCBfxHD1dRgz4sWodSJ0ribGh/2E +eF4l0ItMsdwJVVlKAcy6ewbtwWJXUHrxCFUCy5lozChkNN58wr/ZVhcHtidBXRCl +TedUNOXYSPddSYVm30exIq+VBON3Exy0v2Gn0LYOKcdqSTziP+7+4GAbhZigEQWw +iWU55GM+aiGpAsw7b+J39kfBrlHxdfiKG7U5X8/h1BWOo7Se9k264Df9Clnbw77O +3H/oui12hbsMuDFCk43m1Q0OwUQI58XLVFoO586KKSkFNY6zAObJpX91VBkZTcHX ++85duekGshkMmloOQE9QQImoWnGTur3+aqnED9IEUjHKwAlWkb79G7UzJSwDRKDL +nF9hqBJFYoBUAG9y21hs3tCPs8uMKp7qUw8fmCiqBJEDp5oiEQvlylVI80yRc/pC +Qc7akEgj42EdsOsjwMZJ/JgFrcO+YZJGz2u4kyxrTwZZ +-----END CERTIFICATE----- diff --git a/ci/config/readme.md b/ci/config/readme.md new file mode 100644 index 00000000..2a522cb4 --- /dev/null +++ b/ci/config/readme.md @@ -0,0 +1,5 @@ +Having the azure dev/test certificates in the ci/config folder is a hack to get the acceptance +tests to run without the need to mount the DevConf config to /config in the container. + +Once we start using DevConf for the test-acceptance.yml GitHub Actions integration. This setup should +be dismantled. diff --git a/ci/config/tiqr/tiqr_idp.crt b/ci/config/tiqr/tiqr_idp.crt new file mode 100644 index 00000000..6d3db5cf --- /dev/null +++ b/ci/config/tiqr/tiqr_idp.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECTCCAnECFBUR9XrBzQngLPLSgfl2Mvgc5I/CMA0GCSqGSIb3DQEBCwUAMEEx +FjAUBgNVBAMMDVRpcXIgR1NTUCBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERv +Y2tlciBlbnZpcm9ubWVudDAeFw0yMzA1MjUwOTMzMjFaFw0yODA1MjMwOTMzMjFa +MEExFjAUBgNVBAMMDVRpcXIgR1NTUCBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50 +IERvY2tlciBlbnZpcm9ubWVudDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoC +ggGBAKgkKO9o7SLoJoQURuF0R6tNVNfAYxuA5Kl3A6PfhzG80nkZDyoZZIo0fxcd +ZZd5gwoqHO9+SvAL2pgn3IDEUkDdU5lwWaI619SQ9tP1zkG7wODx/rLlGRN84abf +UOjR9HuhhF5Pxf04iVbD1PN/cfCGSEQrOCqE1FE3pE5P4uS2li0hYkZJU9R1cDcj +sC5ViAehp5wIBEF/2jzT/0iDTjv2sOqe+yTrBi8VKLiO5fQnUGSiKV8lBB0DUZH6 +NdGCmbZ41pTIiAfsIIig+MYsNW0ydv3Ry8p0Ye6uHdCwp6JgsKR4kETfi6fxsCoe +rlb2IIEmbOhoMXYhGW62zMBQ51FPgvB/sUeBI7MykUB2zWSBYHt+uAMEfEZZvJlx +SQt9uM+sSqDuvKHkglAIqC/hScSExFnrH8fUBYApMT7GrLr7gVL0ayKLNGpfqEZw +9+UkVKwneZ8by5QN5uVw/UDLVfzX7zJKxquhSyCl57gzKekNQX1AryNyskQ0i91S +qT/jDQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQBzmxjfbGMGygaoPW0Hr88oqGbg +tlOY9FQ8xgREM3FyEeVQuM5em9cayze2WJ911W9UGdthipcxeveD7Rq9Vlbt+se/ +L59uwl2wFLasArSUsb6ToELdvcpZLzoOGHHXpUadHFimbmjcTxZmBwAYJT2r8R7c +ZN+qcCC4spu7oZLQMzdMjuTfTKiC53AkShcRa5xNvq0TXlHPsbjeQ5iVEkCBI5pq +jPSrwoAJE6cnZKIuYCWrOmI9Ub7vJrJgZIABKk5FV2tpdywS3TE9q3zBEyKaeU40 +YqAQ0GscjTq12Uw/tj9OXj+Gb+7fJoBUycxGwjPrzS5iBOPjrrs0wn8IafM3zGtf +z4TAfmTEsRSRUjsZGV9IVjpwEMqoz5+TcaVWgo8ozhgrWN1w21LBbrJgNJ5Uxgu5 +bNE6U/W+rwZipoGw2BkDIv1PlSBb2EaHkZS2GQ2/GoQXM1O52SHfAUQiMzFoYrP+ +mgALw47AbXvegI7cA//CuUupygtDAVZ7kvmbNwc= +-----END CERTIFICATE----- diff --git a/ci/config/tiqr/tiqr_idp.key b/ci/config/tiqr/tiqr_idp.key new file mode 100644 index 00000000..f62668c4 --- /dev/null +++ b/ci/config/tiqr/tiqr_idp.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCoJCjvaO0i6CaE +FEbhdEerTVTXwGMbgOSpdwOj34cxvNJ5GQ8qGWSKNH8XHWWXeYMKKhzvfkrwC9qY +J9yAxFJA3VOZcFmiOtfUkPbT9c5Bu8Dg8f6y5RkTfOGm31Do0fR7oYReT8X9OIlW +w9Tzf3HwhkhEKzgqhNRRN6ROT+LktpYtIWJGSVPUdXA3I7AuVYgHoaecCARBf9o8 +0/9Ig0479rDqnvsk6wYvFSi4juX0J1BkoilfJQQdA1GR+jXRgpm2eNaUyIgH7CCI +oPjGLDVtMnb90cvKdGHurh3QsKeiYLCkeJBE34un8bAqHq5W9iCBJmzoaDF2IRlu +tszAUOdRT4Lwf7FHgSOzMpFAds1kgWB7frgDBHxGWbyZcUkLfbjPrEqg7ryh5IJQ +CKgv4UnEhMRZ6x/H1AWAKTE+xqy6+4FS9GsiizRqX6hGcPflJFSsJ3mfG8uUDebl +cP1Ay1X81+8ySsaroUsgpee4MynpDUF9QK8jcrJENIvdUqk/4w0CAwEAAQKCAYAD +rDKGtDSF0CtTNDwuHYOZPsmtIsMnbSPRfcuDD1VdJUI1qfH2WfKjwCzMfPRkoB9Y +H/5cztXlM2UVcL10xJUFXLBASD909zMSrg3uKE7WibrXTwHgt3daQR6Org8O3tMn +xinlg3mQI+WAEyv6G50KA2zdrFIAP8GBeqUonr8WftR97N5AKcbee6g1VB67jFu5 +yvKlylkJczj5ninT1CZn0eYgYdObhVSvv5cRnPFx6U/suswLi3vxBEsKVLxLNL6M +uPwS0+k1zKRqQ09cYBrz9am6C3zTYKq2XJ96BHL0U2D3SwDlS+Lys8tPT6lt42WR +aNs9mfxDUF9Bsvow7xH1kN3e/zVAjA10KBTMSl8bXWJkxCuQMu1Ns/hcCxVtYY2p +0ME+KFAfTuXeBsBm++yT9CF4iYhtDAogOy725eKSY3Ca8a4YZk2cplnAQYsOhCBd +UKwS6iJB2XBO1jyzBwQKXyGOL53caA9a6Qr6ZyH7AKRcx9cYyunbECXrMC0NfPMC +gcEAzjjvNmMAUggUofr4NkTJH8oqS0Z9cc9hvhgI5KeTF5xOq8IWK1CcvD0yBRIi +gEzbaoVindO9+W3K7ssLQmIXYE2gIICG8kjcJTf2PmhjMRXCRSarMxgt27SidXT8 +lMcyXCl/K+ZY39G5AQEs89zYSQIh1K4Or0SmIxGwMDIBuCENkalRQsslza3QFhHX +CyJzSaWFJLCQyZiPMTuedWKVLaFZIwzQf6OgjOVwqUKgM85eI3/o5/SjtaF/tRsZ +0x6vAoHBANC6FVzKNN9+957OfF7/xmw8RfQ6I4ouxpmuKejrTz1cslOQzH0HVXc9 +vsYu1tmkoMZvkN74nz9tAzK2ZMhex/WCY5jP/4vMiEFAzkRIpLn+e8KJtPBiEVJd +MyzCLt+DSA/TcC2rE/oLbD1Nr64N//HzOVYdgl9iXW/+Kgo56lvSIzYcJnev9cM9 +cRKLEL74g1QxxJ/vzct/D5W1ll1MfD84vsbfh3hHB9gVnBYpm0yETLKB77Ku2hLS +Lc6axQupAwKBwAJ7kv2voXBbYow0rkpQ967nSy0O0zHMklushGbkUZQGMLhGpOeu +l8R4ZCLFfh7XTgjxRCesRew70yae0SribW+eX6Aki/tcvzG/g7pqnU8Y+PbGKWd7 +EgpEGXSajPPplgSgB0TrCAThzH1jmzvwW7Y9TVT3J3wasnlXnCxoXbbuxvAK/sx0 +D6dzQT8Sxej/aC3pzTmM2qFisc6g7h5xqmQbPix62gO/X45ysLGI+M7G3EFHJ/Gq +81GbeSMgCWaORwKBwQC0z74Zt4C96vsOssjCcseskzn2KzcGSSb5kgn0H4NxII/K +HDFITcYXmYFdpM2xlA9CVvskbDNnekO+9omvmYuWffFROz2gGPofrMgCFvu7s1v6 +VdhMNGfU9a+TIlQAg3U1YHBY305a2PJW2KlLGg2RxqTwmHeLsWZH0eERIsKF8C9Y +fGJGZEN9cgg1jAphpF3/3Wz7L30Sv2r8wWUURWGMUtfQ52ovIzkEUxP3jutdCW53 +ZGAEZbu7eh78Ts5LH4kCgcEAvn1Ie7cFcZZiBf9HacRKp5bBCvpz3M4hJpYL+H7b +JwONtl/Wlz8gRjDD6Vn0cIP8jYmet6GQOiMGfKMNZgimRoWYlHF+pCdDYtnm+wdC +w7XK9plyCMB57nsndq+dg5miTBMEcfTq8DfywNd1PuOB3c9+U9Cg8NCU+MJfkG4M +dtZnrspg1ZMDsRCNklfpcHhWNIi7dFvz4G4/ojORc2068RcYevB/Sh0aLqMCmhQS +Qzf3BU8+uzredx/aJ6c16iFR +-----END PRIVATE KEY----- diff --git a/ci/docker/docker-compose.yml b/ci/docker/docker-compose.yml deleted file mode 100644 index db11a44e..00000000 --- a/ci/docker/docker-compose.yml +++ /dev/null @@ -1,23 +0,0 @@ -version: '2.4' - -services: - tiqr.stepup.example.com: - image: nginx:latest - container_name: tiqr-nginx - volumes: - - ../docker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf - - ../../public:/var/www/public - - ../../ci/files/tiqr.stepup.example.com.crt:/etc/nginx/certs/tiqr.stepup.example.com.crt - - ../../ci/files/tiqr.stepup.example.com.key:/etc/nginx/certs/tiqr.stepup.example.com.key - ports: - - 443:443 - depends_on: - - app.tiqr.stepup.example.com - - app.tiqr.stepup.example.com: - stdin_open: true - image: ghcr.io/openconext/openconext-containers/openconext-php-test-stepup:latest - user: "${UID}:${GID}" - container_name: tiqr-test - volumes: - - ../../:/var/www/ diff --git a/ci/docker/nginx/nginx.conf b/ci/docker/nginx/nginx.conf deleted file mode 100644 index aaedba47..00000000 --- a/ci/docker/nginx/nginx.conf +++ /dev/null @@ -1,37 +0,0 @@ -server { - listen 443 ssl; - server_name localhost; - root /var/www/public; - - ssl_certificate /etc/nginx/certs/tiqr.stepup.example.com.crt; - ssl_certificate_key /etc/nginx/certs/tiqr.stepup.example.com.key; - - - location = /tiqr.php { - try_files $uri /index.php$is_args$args; - } - - location / { - try_files $uri /index.php$is_args$args; - } - - - location ~ ^/index\.php(/|$) { - fastcgi_pass app.tiqr.stepup.example.com:9000; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - - include fastcgi_params; - - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; - fastcgi_param DOCUMENT_ROOT $realpath_root; - - internal; - } - - location ~ \.php$ { - return 404; - } - - error_log /var/log/nginx/error.log; - access_log /var/log/nginx/access.log; -} diff --git a/ci/files/.gitignore b/ci/files/.gitignore deleted file mode 100644 index 5e7d2734..00000000 --- a/ci/files/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -# Ignore everything in this directory -* -# Except this file -!.gitignore diff --git a/ci/qa/behat b/ci/qa/behat index bffb8662..d8f75a2b 100755 --- a/ci/qa/behat +++ b/ci/qa/behat @@ -2,5 +2,4 @@ cd $(dirname $0)/../../ -printf "\nStart Behat tests\n" -vendor/bin/behat --stop-on-failure --config ./ci/qa/behat.yml --tags=~skip +vendor/bin/behat --stop-on-failure --config ./ci/qa/behat.yml --tags=~skip $1 diff --git a/ci/qa/behat.yml b/ci/qa/behat.yml index 1987aee5..41fb3ed7 100755 --- a/ci/qa/behat.yml +++ b/ci/qa/behat.yml @@ -3,22 +3,17 @@ default: progress: paths: false extensions: - Behat\Symfony2Extension: + FriendsOfBehat\SymfonyExtension: + bootstrap: config/bootstrap.php kernel: - bootstrap: config/bootstrap.php + environment: test + debug: false class: App\Kernel Behat\MinkExtension: - base_url: https://tiqr.stepup.example.com - default_session: 'symfony2' - goutte: - guzzle_parameters: - curl.CURLOPT_SSL_VERIFYPEER: false - curl.CURLOPT_CERTINFO: false - ssl.certificate_authority: false - verify: false + base_url: https://tiqr.dev.openconext.local/ sessions: - symfony2: - symfony2: ~ + symfony: + symfony: ~ Behatch\Extension: ~ suites: default: diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml index 764969a1..9ba26584 100644 --- a/config/packages/framework.yaml +++ b/config/packages/framework.yaml @@ -35,8 +35,8 @@ when@dev: - { resource: ../services_dev.yaml } when@test: framework: - test: ~ + test: true session: - storage_id: session.storage.mock_file + storage_factory_id: session.storage.factory.mock_file profiler: collect: false diff --git a/config/services_test.yaml b/config/services_test.yaml index 727334b0..ee3299e9 100644 --- a/config/services_test.yaml +++ b/config/services_test.yaml @@ -1,5 +1,6 @@ imports: - - { resource: '../dev/services.yaml' } + - { resource: 'services.yaml' } + - { resource: 'services_dev.yaml' } services: Dev\FileLogger: @@ -14,3 +15,7 @@ services: decorates: App\Service\UserAgentMatcher arguments: - '/^Behat UA$/' + + surfnet_gssp.value_store.service: + class: Surfnet\GsspBundle\Service\ValueStore\InMemoryValueStore + public: true diff --git a/src/Features/Context/TiqrContext.php b/src/Features/Context/TiqrContext.php index 0ad3df20..aa26b038 100644 --- a/src/Features/Context/TiqrContext.php +++ b/src/Features/Context/TiqrContext.php @@ -76,7 +76,7 @@ class TiqrContext implements Context protected Response $authenticatioResponse; public function __construct( private readonly TiqrUserRepositoryInterface $tiqrUserRepository, - private readonly TiqrConfigurationInterface $tiqrConfiguration, + private readonly TiqrConfigurationInterface $configuration, private readonly FileLogger $fileLogger ) { } @@ -345,7 +345,7 @@ public function weHaveTheAuthenticationError(string $error): void public function tiqrUserIsPermentlyBlockedConfiguration(int $attempts): void { $container = $this->kernel->getContainer(); - $config = $this->tiqrConfiguration; + $config = $this->configuration; $config->setMaxLoginAttempts($attempts); }