Skip to content

Commit

Permalink
Rework
Browse files Browse the repository at this point in the history
  • Loading branch information
@johanib
johanib committed Dec 19, 2024
1 parent c820e66 commit d494b86
Show file tree
Hide file tree
Showing 5 changed files with 48 additions and 5 deletions.
2 changes: 1 addition & 1 deletion ci/qa/phpstan-baseline.neon
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@ parameters:

-
message: "#^Call to an undefined method Behat\\\\Mink\\\\Driver\\\\DriverInterface\\:\\:getClient\\(\\)\\.$#"
count: 5
count: 6
path: ../../src/Features/Context/TiqrContext.php

-
Expand Down
18 changes: 14 additions & 4 deletions src/Controller/TiqrAppApiController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,8 @@ public function tiqr(UserAgentMatcherInterface $userAgentMatcher, Request $reque

/**
* @SuppressWarnings(PHPMD.NPathComplexity)
* @SuppressWarnings(PHPMD.CyclomaticComplexity)
* @SuppressWarnings(PHPMD.ExcessiveMethodLength)
*
* @throws \InvalidArgumentException
*/
Expand Down Expand Up @@ -247,7 +249,15 @@ private function registerAction(
$logger->warning('Error finalizing enrollment', ['exception' => $e]);
}

return new Response('OK', Response::HTTP_OK);
$okResponse = new Response('OK', Response::HTTP_OK);

try {
$this->registerTrustedDevice($notificationAddress, $userId, $okResponse);
} catch (Throwable $e) {
$logger->warning('Could not register trusted device on registration', ['exception' => $e]);
}

return $okResponse;
}

/** Handle login operation from the app, returns response for the app
Expand Down Expand Up @@ -316,7 +326,7 @@ private function loginAction(Request $request, string $notificationType, string
}

try {
$this->registerTrustedDevice($notificationAddress, $user, $responseObject);
$this->registerTrustedDevice($notificationAddress, $user->getId(), $responseObject);
} catch (Throwable $e) {
$this->logger->warning('Could not create trusted device cookie.', ['exception' => $e]);
}
Expand All @@ -335,13 +345,13 @@ private function loginAction(Request $request, string $notificationType, string

private function registerTrustedDevice(
string $notificationAddress,
TiqrUserInterface $user,
string $userId,
Response $responseObject
): void {
if (trim($notificationAddress) !== '') {
$this->cookieService->registerTrustedDevice(
$responseObject,
$user->getId(),
$userId,
$notificationAddress
);
}
Expand Down
29 changes: 29 additions & 0 deletions src/Features/Context/TiqrContext.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -666,6 +666,19 @@ private function logsContain(string $string): void
Assertion::eq($string, '', sprintf('The logs do not contain %s', $string));
}

private function logsContainLineStartingWith(string $string): void
{
/** @var array<array<string>> $logs */
$logs = $this->fileLogger->cleanLogs();
foreach ($logs as $log) {
if (str_contains($log[1], $string)) {
return;
}
}

Assertion::eq($string, '', sprintf('The logs do not contain a line starting with "%s"', $string));
}

/**
* @Then /^the logs should say: no trusted cookie for address "([^"]*)"$/
*/
Expand All @@ -688,6 +701,14 @@ public function theLogsShouldMentionSignatureMismatch(string $address): void
);
}

/**
* @Given /^the logs should mention: Writing a trusted\-device cookie with fingerprint$/
*/
public function theLogsShouldMentionWritingATrustedDeviceCookieWithFingerprint(): void
{
$this->logsContainLineStartingWith('Writing a trusted-device cookie with fingerprint ');
}

/**
* @Then /^I dump the page$/
*/
Expand All @@ -709,4 +730,12 @@ public function iDumpTheAuthResponse(): void
{
dump($this->authenticatioResponse);
}

/**
* @When /^the trusted device cookie is cleared$/
*/
public function theTrustedDeviceCookieIsCleared(): void
{
$this->minkContext->getSession()->getDriver()->getClient()->getCookieJar()->expire('tiqr-trusted-device');
}
}
2 changes: 2 additions & 0 deletions src/Features/mfaFatigueMitigation.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ Feature: When an user needs to authenticate
Given the registration QR code is scanned
And the user registers the service with notification type "APNS" address: "0000000000111111111122222222223333333333"
Then we have a registered user
And the logs should mention: Writing a trusted-device cookie with fingerprint
And I clear the logs
And the trusted device cookie is cleared

Scenario: When a user authenticates using a qr code it should set a trusted cookie
Given I am on "/demo/sp"
Expand Down
2 changes: 2 additions & 0 deletions src/Features/registration.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ Feature: When an user needs to register for a new token
| info | Setting user secret and notification type and address | present |
| info | Finalizing enrollment | present |
| notice | Enrollment finalized | present |
| notice | /Writing a trusted-device cookie with fingerprint .*/ | present |
| info | User made a request with a session cookie. | present |
| info | Created new session. | |
| info | User has a session. | present |
Expand Down Expand Up @@ -161,6 +162,7 @@ Feature: When an user needs to register for a new token
| info | Setting user secret and notification type and address | present |
| info | Finalizing enrollment | present |
| notice | Enrollment finalized | present |
| notice | /Writing a trusted-device cookie with fingerprint .*/ | present |
| info | User made a request with a session cookie. | present |
| info | Created new session. | |
| info | User has a session. | present |
Expand Down

0 comments on commit d494b86

Please sign in to comment.