Skip to content

Commit

Permalink
Merge branch 'feature/remove-default-theme' into feature/twig-prep
Browse files Browse the repository at this point in the history
  • Loading branch information
briskt committed May 29, 2024
2 parents de7c619 + 3a24380 commit 308cb1e
Show file tree
Hide file tree
Showing 18 changed files with 166 additions and 86 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ The login page looks for `/simplesamlphp/www/logo.png` which is **NOT** provided
Update `/simplesamlphp/config/config.php`:

```
'analytics.trackingId' => 'UA-some-unique-id-for-your-site'
'analytics.trackingId' => 'G-some-unique-id-for-your-site'
```

This project provides a convenience by loading this config with whatever is in the environment variable `ANALYTICS_ID`._
Expand Down
14 changes: 14 additions & 0 deletions development/idp-local/config/authsources.php
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,20 @@
'mfa' => [
'prompt' => 'no',
],
'schacExpiryDate' => [
gmdate('YmdHis\Z', strtotime('+3 days')), // Soon but not tomorrow
],
],

// expirychecker test user whose password expires in one day
'next_day:a' => [
'eduPersonPrincipalName' => ['[email protected]'],
'eduPersonTargetID' => ['22888888-2222-2222-2222-222222222222'],
'sn' => ['Day'],
'givenName' => ['Next'],
'mail' => ['[email protected]'],
'employeeNumber' => ['22888'],
'cn' => ['NEXT_DAY'],
'schacExpiryDate' => [
gmdate('YmdHis\Z', strtotime('+1 day')), // Very soon
],
Expand Down
19 changes: 9 additions & 10 deletions dockerbuild/run-idp.sh
Original file line number Diff line number Diff line change
@@ -1,17 +1,16 @@
#!/usr/bin/env bash

# Try to run database migrations
cd /data/vendor/simplesamlphp/simplesamlphp/modules/silauth
chmod a+x ./lib/Auth/Source/yii
# echo script commands to stdout
set -x

# exit if any command fails
set -e

output=$(./lib/Auth/Source/yii migrate --interactive=0 2>&1)
# Try to run database migrations
cd /data/vendor/simplesamlphp/simplesamlphp/modules/silauth/lib/Auth/Source
chmod a+x ./yii

# If they failed, exit.
rc=$?;
if [[ $rc != 0 ]]; then
logger --priority user.err --stderr "Migrations failed with status ${rc} and output: ${output}"
exit $rc;
fi
./yii migrate --interactive=0

cd /data
./run.sh
5 changes: 4 additions & 1 deletion dockerbuild/run-integration-tests.sh
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
#!/usr/bin/env bash

set -e
# echo script commands to stdout
set -x

# exit if any command fails
set -e

cd /data
export COMPOSER_ALLOW_SUPERUSER=1; composer install

Expand Down
5 changes: 4 additions & 1 deletion dockerbuild/run-metadata-tests.sh
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
#!/usr/bin/env bash

set -e
# echo script commands to stdout
set -x

# exit if any command fails
set -e

cd /data
export COMPOSER_ALLOW_SUPERUSER=1; composer install

Expand Down
5 changes: 4 additions & 1 deletion dockerbuild/run-tests.sh
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
#!/usr/bin/env bash

set -e
# echo script commands to stdout
set -x

# exit if any command fails
set -e

/data/run-metadata-tests.sh

./vendor/bin/phpunit -v tests/AnnouncementTest.php
Expand Down
6 changes: 6 additions & 0 deletions dockerbuild/run.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
#!/usr/bin/env bash

# echo script commands to stdout
set -x

# exit if any command fails
set -e

# This is a temporary fix (bug workaround) until ssp 2.0 is in use
sed -i 's_\(\\SimpleSAML\\Error\\Assertion::installHandler()\)_// \1 _' /data/vendor/simplesamlphp/simplesamlphp/www/_include.php

Expand Down
17 changes: 15 additions & 2 deletions docs/material_tests.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,21 @@ See [Local Testing](../README.md#local-testing) for instructions to set up your

## Expiry functionality

### About to expire page
### About to expire page (expires in one day)

_Note: This nag only works once since choosing later will simply set the nag date into the future a little._
_Note: This nag only works once since choosing later will simply set the nag date into the future a little.
If needed, use a new private/incognito browser window to retry.__

1. Goto [SP 1](http://ssp-sp1.local:8081/module.php/core/authenticate.php?as=ssp-hub-custom-port)
1. Click **idp2** (second one)
1. Login as an "about to expire" user: `username=`**next_day** `password=`**a**
1. Click **Later**
1. Click **Logout**

### About to expire page (expires in three days)

_Note: This nag only works once since choosing later will simply set the nag date into the future a little.
If needed, use a new private/incognito browser window to retry.__

1. Goto [SP 1](http://ssp-sp1.local:8081/module.php/core/authenticate.php?as=ssp-hub-custom-port)
1. Click **idp2** (second one)
Expand Down Expand Up @@ -115,6 +127,7 @@ _Note: This nag only works once since choosing later will simply set the nag da
1. Goto [SP 1](http://ssp-sp1.local:8081/module.php/core/authenticate.php?as=ssp-hub-custom-port)
1. Click **idp4** (third one)
1. Login as a "totp" user: `username=`**has_totp** `password=`**a**
1. You should see the form to enter a totp code.
1. Set up an app using this secret, `JVRXKYTMPBEVKXLS`
1. Enter code from app to verify
1. Click **Logout**
Expand Down
4 changes: 2 additions & 2 deletions features/bootstrap/MfaContext.php
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ public function iShouldSeeAPromptForATotpCode()
{
$page = $this->session->getPage();
$pageHtml = $page->getHtml();
Assert::assertContains('Smartphone app', $pageHtml);
Assert::assertContains('Authenticator app', $pageHtml);
Assert::assertContains('Enter 6-digit code', $pageHtml);
}

Expand Down Expand Up @@ -659,7 +659,7 @@ public function iShouldSeeAPromptForAManagerRescueCode()
{
$page = $this->session->getPage();
$pageHtml = $page->getHtml();
Assert::assertContains('Recovery contact help', $pageHtml);
Assert::assertContains('Ask Your Recovery Contact for Help', $pageHtml);
Assert::assertContains('Enter code', $pageHtml);
}

Expand Down
60 changes: 30 additions & 30 deletions modules/material/dictionaries/mfa.definition.json
Original file line number Diff line number Diff line change
Expand Up @@ -37,22 +37,22 @@
"ko": "코드 입력"
},
"totp_header": {
"en": "Smartphone app",
"es": "Aplicación de teléfono inteligente",
"fr": "Application pour smartphone",
"ko": "스마트폰 앱"
"en": "Get a code from your authenticator app",
"es": "Obtenga un código de su aplicación de autenticación",
"fr": "Obtenez un code depuis votre application d'authentification",
"ko": "인증 앱에서 코드 받기"
},
"totp_icon": {
"en": "Smartphone app icon",
"en": "Authenticator app icon",
"es": "Icono de aplicación de teléfono inteligente",
"fr": "Icône de l'application Smartphone",
"ko": "스마트폰 응용 프로그램 아이콘"
"ko": "인증 응용 프로그램 아이콘"
},
"totp_instructions": {
"en": "You will need to check your smartphone app for the current code.",
"es": "Deberá verificar la aplicación de su teléfono inteligente para ver el código actual.",
"fr": "Vous devriez vérifier l'application sur votre smartphone pour voir le code actuel.",
"ko": "스마트폰 앱에서 현재 코드를 확인해야합니다."
"en": "You will need to check your authenticator app for the current code.",
"es": "Deberá verificar la aplicación de autenticación para ver el código actual.",
"fr": "Vous devriez vérifier l'application d'authentification pour voir le code actuel.",
"ko": "인증 앱에서 현재 코드를 확인해야합니다."
},
"totp_input": {
"en": "Enter 6-digit code",
Expand Down Expand Up @@ -134,15 +134,15 @@
},
"webauthn_error_abort": {
"en": "It looks like you clicked cancel. Would you like us to try again?",
"es": "It looks like you clicked cancel. Would you like us to try again?",
"es": "Parece que has hecho clic en cancelar. ¿Quieres que lo intentemos de nuevo?",
"fr": "Il semble que vous ayez cliqué sur annuler. Souhaitez-vous que nous essayions à nouveau ?",
"ko": "It looks like you clicked cancel. Would you like us to try again?"
"ko": "취소를 클릭하신 것 같습니다. 다시 시도해 보시겠어요?"
},
"webauthn_error_not_allowed": {
"en": "Something about that didn't work. Please ensure that your security key is plugged in and that you touch it within 60 seconds when it blinks.",
"es": "Something about that didn't work. Please ensure that your security key is plugged in and that you touch it within 60 seconds when it blinks.",
"es": "Algo de eso no funcionó. Por favor, asegúrese de que su clave de seguridad está conectada y de que la toca en un plazo de 60 segundos cuando parpadea.",
"fr": "Quelque chose n'a pas fonctionné avec ça. Veuillez vous assurer que votre clé de sécurité est insérée et que vous la touchez dans les 60 secondes lorsqu'elle clignote.",
"ko": "Something about that didn't work. Please ensure that your security key is plugged in and that you touch it within 60 seconds when it blinks."
"ko": "문제가 해결되지 않았습니다. 보안 키가 연결되어 있고 깜박일 때 60초 이내에 터치했는지 확인하세요."
},
"manager_icon": {
"en": "Recovery contact icon",
Expand All @@ -151,16 +151,16 @@
"ko": "복구 연락처 아이콘"
},
"manager_header": {
"en": "Recovery contact help",
"es": "Ayuda de contacto de recuperación",
"fr": "Aide de contact de récupération",
"ko": "복구 연락처"
"en": "Ask Your Recovery Contact for Help",
"es": "Pida ayuda de contacto de recuperación",
"fr": "Demandez de l'aide à votre contact de récupération",
"ko": "복구 담당자에게 도움을 요청하십시오"
},
"manager_info": {
"en": "We can send a code to your recovery contact which can be used as a temporary 2-Step Verification option. The email address on file (masked for privacy) is {managerEmail}.",
"es": "Podemos enviar un código a su contacto de recuperación que puede usarse como una opción de Verificación temporal de 2 pasos. La dirección de correo electrónico en el archivo (enmascarada por privacidad) es {managerEmail}.",
"fr": "Nous pouvons envoyer un code à votre contact de récupération, qui peut être utilisé comme option de vérification temporaire en deux étapes. L'adresse électronique au dossier (masquée pour la confidentialité) est {managerEmail}.",
"ko": "\n임시 2 단계 인증 옵션으로 사용할 수있는 코드를 복구 담당자에게 보낼 수 있습니다. 파일의 이메일 주소 (개인 정보 보호를 위해 마스크 됨)는 {managerEmail}입니다."
"en": "You can send a 2-step verification code to your recovery contact (usually your supervisor). The email we have for your recovery contact is:<br><br><code>{managerEmail}</code><br><br>We've hidden most of the letters for your contact's protection.",
"es": "Puede enviar un código de verificación de dos pasos a su contacto de recuperación (normalmente su supervisor). La dirección de correo electrónico que tenemos para su contacto de recuperación es:<br><br><code>{managerEmail}</code><br><br>Ocultamos la mayoría de las letras para proteger a su contacto.",
"fr": "Vous pouvez envoyer un code de vérification en deux étapes à votre contact de récupération (en général votre superviseur). L'adresse électronique que nous avons pour votre contact de récupération est:<br><br><code>{managerEmail}</code><br><br>. Nous avons caché la plupart des lettres pour la protection de votre contact.",
"ko": "2단계 인증 코드를 복구 연락처(보통 상사)에게 보낼 수 있습니다. 복구 연락처에 대한 이메일은 다음과 같습니다. <br><br><code>{managerEmail}</code><br><br> 연락처 보호를 위해 대부분의 편지를 숨겼습니다."
},
"manager_sent": {
"en": "A temporary code was sent your recovery contact at {managerEmail}.",
Expand Down Expand Up @@ -283,10 +283,10 @@
"ko": "내 보안키 사용"
},
"use_totp": {
"en": "Use my smartphone app instead",
"es": "Use la aplicación de mi teléfono inteligente en su lugar",
"fr": "Utiliser plutôt mon application smartphone",
"ko": "스마트폰 앱 사용"
"en": "Use my authenticator app instead",
"es": "Use la aplicación autenticación en su lugar",
"fr": "Utiliser plutôt mon application d'authentification",
"ko": "인증 앱 사용"
},
"use_backupcode": {
"en": "Use a printable code instead",
Expand Down Expand Up @@ -367,10 +367,10 @@
"ko": "사본"
},
"button_send": {
"en": "Send",
"es": "Enviar",
"fr": "Envoyer",
"ko": "보내다"
"en": "Send code",
"es": "Enviar código",
"fr": "Envoyer code",
"ko": "코드 보내기"
},
"button_cancel": {
"en": "Cancel",
Expand Down
28 changes: 11 additions & 17 deletions modules/material/themes/material/common-head-elements.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,26 +8,20 @@
<?php
$trackingId = htmlentities($this->configuration->getValue('analytics.trackingId'));
if (! empty($trackingId)) {
?>
<script>
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', '<?= $trackingId ?>', 'auto');
ga('send', 'pageview');
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
<?php
} else {
?>
<script>
window.ga = function () {
// Null object pattern to avoid `if (window.ga)` wherever ga is used.
}
</script>
<?php
?>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=<?= $trackingId ?>"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());

gtag('config', '<?= $trackingId ?>');
</script>
<?php
}
?>


<?php
$colors = htmlentities($this->configuration->getValue('theme.color-scheme') ?: 'indigo-purple');
?>
Expand Down
4 changes: 2 additions & 2 deletions modules/material/themes/material/core/loginuserpass.php
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ function onRecaptchaLoad() {
<?php
$username = htmlentities($this->data['username'] ?? null);
?>
<input type="text" name="username" class="mdl-textfield__input" value="<?= $username ?>"
<input type="text" required name="username" class="mdl-textfield__input mdl-color-text--black" value="<?= $username ?>"
<?= empty($username) ? 'autofocus' : '' ?> id="username"/>
</div>

Expand All @@ -91,7 +91,7 @@ function onRecaptchaLoad() {
<?= $this->t('{material:login:label_password}') ?>
</label>

<input type="password" name="password" class="mdl-textfield__input" <?= ! empty($username) ? 'autofocus' : '' ?>
<input type="password" required name="password" class="mdl-textfield__input mdl-color-text--black" <?= ! empty($username) ? 'autofocus' : '' ?>
id="password"/>
</div>
</div>
Expand Down
Loading

0 comments on commit 308cb1e

Please sign in to comment.