convert loginuserpass template to Twig

silinternational · Jun 24, 2024 · e5c5e37 · e5c5e37
1 parent 1ded60a
commit e5c5e37
Show file tree

Hide file tree

Showing 15 changed files with 396 additions and 263 deletions.
diff --git a/actions-services.yml b/actions-services.yml
@@ -122,6 +122,9 @@ services:
 
   ssp-idp2.local:
     build: .
+    depends_on:
+      - db
+      - broker
     volumes:
       # Utilize custom certs
       - ./development/idp2-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
@@ -142,6 +145,15 @@ services:
       ADMIN_PASS: "b"
       SECRET_SALT: "h57fjemb&dn^nsJFGNjweJ"
       IDP_NAME: "IDP 2"
+      IDP_DOMAIN_NAME: "ssp-idp1.local"
+      ID_BROKER_ACCESS_TOKEN: "test-cli-abc123"
+      ID_BROKER_ASSERT_VALID_IP: "true"
+      ID_BROKER_BASE_URI: "http://broker"
+      ID_BROKER_TRUSTED_IP_RANGES: "10.20.38.0/24"
+      MYSQL_HOST: "db"
+      MYSQL_DATABASE: "silauth"
+      MYSQL_USER: "silauth"
+      MYSQL_PASSWORD: "silauth"
       SECURE_COOKIE: "false"
       SHOW_SAML_ERRORS: "true"
 
@@ -277,12 +289,19 @@ services:
       EMAIL_SIGNATURE: "one red pill, please"
       API_ACCESS_KEYS: "test-cli-abc123"
       APP_ENV: "prod"
-      MFA_TOTP_apiBaseUrl: not_needed_here
-      MFA_TOTP_apiKey: not_needed_here
-      MFA_TOTP_apiSecret: not_needed_here
-      MFA_WEBAUTHN_apiBaseUrl: not_needed_here
-      MFA_WEBAUTHN_apiKey: not_needed_here
-      MFA_WEBAUTHN_apiSecret: not_needed_here
+      RP_ORIGINS: "https://ssp-idp1.local,https://ssp-idp3.local,https://ssp-idp3.local"
+      HIBP_CHECK_ON_LOGIN: "false"
+      MFA_TOTP_apiBaseUrl: dummy
+      MFA_TOTP_apiKey: 10345678-1234-1234-1234-123456789012
+      MFA_TOTP_apiSecret: 11345678-1234-1234-1234-12345678
+      MFA_WEBAUTHN_apiBaseUrl: dummy
+      MFA_WEBAUTHN_apiKey: 10345678-1234-1234-1234-123456789012
+      MFA_WEBAUTHN_apiSecret: 11345678-1234-1234-1234-12345678
+      MFA_WEBAUTHN_appId: ourApp99
+      MFA_WEBAUTHN_rpDisplayName: Our App
+      MFA_WEBAUTHN_rpId: http://app99
+    volumes:
+      - ./development/m991231_235959_insert_test_users.php:/data/console/migrations/m991231_235959_insert_test_users.php
     command: "bash -c 'whenavail brokerDb 3306 60 ./yii migrate --interactive=0 && ./run.sh'"
 
   brokerDb:

diff --git a/development/idp2-local/config/authsources.php b/development/idp2-local/config/authsources.php
@@ -1,5 +1,7 @@
 <?php
 
+use SimpleSAML\Module\silauth\Auth\Source\config\ConfigManager;
+
 $config = [
 
     // This is a authentication source which handles admin authentication.
@@ -10,6 +12,9 @@
         'core:AdminPassword',
     ],
 
+    // Use SilAuth
+    'silauth' => ConfigManager::getSspConfig(),
+
     'example-userpass' => [
         'exampleauth:UserPass',
 

diff --git a/development/idp2-local/metadata/saml20-idp-hosted.php b/development/idp2-local/metadata/saml20-idp-hosted.php
@@ -21,7 +21,7 @@
      * Authentication source to use. Must be one that is configured in
      * 'config/authsources.php'.
      */
-    'auth' => 'example-userpass',
+    'auth' => 'silauth',
 ];
 
 // Copy configuration for port 80 and modify host.

diff --git a/development/m991231_235959_insert_test_users.php b/development/m991231_235959_insert_test_users.php
@@ -0,0 +1,43 @@
+<?php
+
+use common\helpers\MySqlDateTime;
+use yii\db\Migration;
+
+class m991231_235959_insert_test_users extends Migration
+{
+
+    public function safeUp()
+    {
+        $now = MySqlDateTime::now();
+        $later = MySqlDateTime::relative('+1 month');
+        $users = [
+            [1, '10001', 'sildisco_idp2', '[email protected]', 'no', $later, $later, $later, '[email protected]', '', '', $now, $now, 'yes', 'no', '06974223-d832-4938-8923-5c598e4446b3'],
+        ];
+        $this->batchInsert('{{user}}',
+            ['id', 'employee_id', 'username', 'email', 'require_mfa', 'review_profile_after', 'nag_for_mfa_after', 'nag_for_method_after', 'manager_email', 'first_name', 'last_name', 'last_changed_utc', 'last_synced_utc', 'active', 'locked', 'uuid'],
+            $users);
+
+        $nextYear = MySqlDateTime::relative('+1 year');
+        $passwords = [1, 1, $now, $nextYear, $nextYear, password_hash('sildisco_password', PASSWORD_BCRYPT)];
+        $this->batchInsert('{{password}}',
+            ['id', 'user_id', 'created_utc', 'expires_on', 'grace_period_ends_on', 'hash'], [
+                $passwords,
+            ]);
+
+        for ($i = 0; $i < count($users); $i++) {
+            $this->update('{{user}}', ['current_password_id' => $i], 'id=' . $i);
+        }
+    }
+
+    public function safeDown()
+    {
+        $this->delete('{{email_log}}');
+        $this->delete('{{mfa_backupcode}}');
+        $this->delete('{{mfa_failed_attempt}}');
+        $this->delete('{{mfa}}');
+        $this->delete('{{method}}');
+        $this->delete('{{user}}');
+        $this->delete('{{password}}');
+
+    }
+}
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -60,7 +60,7 @@ services:
       - ./modules/silauth:/data/vendor/simplesamlphp/simplesamlphp/modules/silauth
       - ./modules/sildisco:/data/vendor/simplesamlphp/simplesamlphp/modules/sildisco
       - ./modules/material:/data/vendor/simplesamlphp/simplesamlphp/modules/material
-    command: ["/data/run-tests.sh"]
+    command: [ "/data/run-tests.sh" ]
 
   test-browser:
     image: justinribeiro/chrome-headless:stable
@@ -127,7 +127,7 @@ services:
       HELP_CENTER_URL: "https://example.org/help"
       LOGGING_LEVEL: INFO
 
-  ssp-idp1.local:  # using a database session store type ("sql")
+  ssp-idp1.local: # using a database session store type ("sql")
     build: .
     depends_on:
       - db
@@ -191,6 +191,9 @@ services:
 
   ssp-idp2.local:
     build: .
+    depends_on:
+      - db
+      - broker
     volumes:
       # Utilize custom certs
       - ./development/idp2-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
@@ -220,8 +223,18 @@ services:
       ADMIN_PASS: "b"
       SECRET_SALT: "h57fjemb&dn^nsJFGNjweJ"
       IDP_NAME: "IDP 2"
+      IDP_DOMAIN_NAME: "ssp-idp2.local"
+      ID_BROKER_ACCESS_TOKEN: "test-cli-abc123"
+      ID_BROKER_ASSERT_VALID_IP: "true"
+      ID_BROKER_BASE_URI: "http://broker"
+      ID_BROKER_TRUSTED_IP_RANGES: "10.20.38.0/24"
+      MYSQL_HOST: "db"
+      MYSQL_DATABASE: "silauth"
+      MYSQL_USER: "silauth"
+      MYSQL_PASSWORD: "silauth"
       SECURE_COOKIE: "false"
       SHOW_SAML_ERRORS: "true"
+      RECAPTCHA_SITE_KEY: "0123456789abcdefghijklmnoABCDEFGHIJKLMNO"
 
   ssp-idp3.local:
     build: .
@@ -377,7 +390,20 @@ services:
       EMAIL_SIGNATURE: "one red pill, please"
       API_ACCESS_KEYS: "test-cli-abc123"
       APP_ENV: "dev"
-    command: ["bash", "-c", "whenavail brokerDb 3306 60 ./yii migrate --interactive=0 && ./run.sh"]
+      RP_ORIGINS: "https://ssp-idp1.local,https://ssp-idp3.local,https://ssp-idp3.local"
+      HIBP_CHECK_ON_LOGIN: "false"
+      MFA_TOTP_apiBaseUrl: dummy
+      MFA_TOTP_apiKey: 10345678-1234-1234-1234-123456789012
+      MFA_TOTP_apiSecret: 11345678-1234-1234-1234-12345678
+      MFA_WEBAUTHN_apiBaseUrl: dummy
+      MFA_WEBAUTHN_apiKey: 10345678-1234-1234-1234-123456789012
+      MFA_WEBAUTHN_apiSecret: 11345678-1234-1234-1234-12345678
+      MFA_WEBAUTHN_appId: ourApp99
+      MFA_WEBAUTHN_rpDisplayName: Our App
+      MFA_WEBAUTHN_rpId: http://app99
+    volumes:
+      - ./development/m991231_235959_insert_test_users.php:/data/console/migrations/m991231_235959_insert_test_users.php
+    command: [ "bash", "-c", "whenavail brokerDb 3306 60 ./yii migrate --interactive=0 && ./run.sh" ]
 
   brokerDb:
     image: mariadb:10
@@ -389,6 +415,15 @@ services:
       MYSQL_USER: "user"
       MYSQL_PASSWORD: "pass"
 
+  brokerpma:
+    image: phpmyadmin/phpmyadmin
+    ports:
+      - "8088:80"
+    environment:
+      PMA_HOST: brokerDb
+      PMA_USER: user
+      PMA_PASSWORD: pass
+
   dynamo:
     image: cnadiminti/dynamodb-local
     command: "-sharedDb -inMemory"

diff --git a/features/material.feature b/features/material.feature
@@ -12,19 +12,16 @@ Feature: Material theme
     And I should see our material theme
 
     # TODO: if this is really used, fix it. If not, delete the test, the template, and the translation file.
+    #   (The reason this fails is because there is no "Logout" button on the new admin interface)
 #  Scenario: Logout page
 #    When I go to the Hub's home page
-#      And I click on "Authentication"
-#      And I click on "Test configured authentication sources"
-#      And I click on "admin"
-#      And I log in as a hub administrator
-#      And I click on "Logout"
+#    And I log in as a hub administrator
+#    And I click on "Logout"
 #    Then I should see a "Logged out" page
-#      And I should see our material theme
+#    And I should see our material theme
 
-  # FIXME: this feature is especially difficult to fix because the core controller doesn't provide the IdP name.
-#  Scenario: Login page
-#    When I go to the SP1 login page
-#      And I click on the "IDP 2" tile
-#    Then I should see a "Login with your IDP 2 identity" page
-#      And I should see our material theme
+  Scenario: Login page
+    When I go to the SP1 login page
+    And I click on the "IDP 2" tile
+    Then I should see a "Login with your IDP 2 identity" page
+    And I should see our material theme
diff --git a/modules/material/dictionaries/login.definition.json b/modules/material/dictionaries/login.definition.json
diff --git a/modules/material/locales/en/LC_MESSAGES/material.po b/modules/material/locales/en/LC_MESSAGES/material.po
@@ -44,6 +44,36 @@ msgstr "Change"
 msgid "{footer:copyright}"
 msgstr "Unauthorized use of this site is prohibited and may be subjected to civil and criminal prosecution."
 
+msgid "{login:title}"
+msgstr "Login with your %idpName% identity"
+
+msgid "{login:header}"
+msgstr "Login with your %idpName% identity"
+
+msgid "{login:label_username}"
+msgstr "Username"
+
+msgid "{login:label_password}"
+msgstr "Password"
+
+msgid "{login:error_wronguserpass}"
+msgstr "Something is wrong with that username or password, please verify and try again."
+
+msgid "{login:button_login}"
+msgstr "Login"
+
+msgid "{login:forgot}"
+msgstr "Forgot password?"
+
+msgid "{login:logo}"
+msgstr "%idpName% logo"
+
+msgid "{login:help}"
+msgstr "I need help"
+
+msgid "{login:profile}"
+msgstr "Manage my profile"
+
 msgid "{mfa:title}"
 msgstr "2-Step Verification"
 

diff --git a/modules/material/locales/es/LC_MESSAGES/material.po b/modules/material/locales/es/LC_MESSAGES/material.po
@@ -44,6 +44,36 @@ msgstr "Cambiar"
 msgid "{footer:copyright}"
 msgstr "El uso no autorizado de este sitio está prohibido y puede ser sometido a procesamiento civil y penal."
 
+msgid "{login:title}"
+msgstr "Inicie sesión con su identidad de %idpName%"
+
+msgid "{login:header}"
+msgstr "Inicie sesión con su identidad de %idpName%"
+
+msgid "{login:label_username}"
+msgstr "Nombre de usuario"
+
+msgid "{login:label_password}"
+msgstr "Contraseña"
+
+msgid "{login:error_wronguserpass}"
+msgstr "Algo está mal con ese nombre de usuario o contraseña, compruebe e inténtelo de nuevo."
+
+msgid "{login:button_login}"
+msgstr "Iniciar sesión"
+
+msgid "{login:forgot}"
+msgstr "¿Se te olvidó tu contraseña?"
+
+msgid "{login:logo}"
+msgstr "Logotipo de %idpName%"
+
+msgid "{login:help}"
+msgstr "necesito ayuda"
+
+msgid "{login:profile}"
+msgstr "Administrar mi perfil"
+
 msgid "{mfa:title}"
 msgstr "Verificación en 2 pasos"