diff --git a/Dockerfile b/Dockerfile index 9a51e21..35a56ac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,13 @@ FROM silintl/php8:8.1 -LABEL maintainer="Steve Bagwell " - -ENV REFRESHED_AT 2021-06-14 +LABEL maintainer="gtis_itse@groups.sil.org" RUN apt-get update -y \ - && apt-get install -y \ - php-gmp \ + && apt-get --no-install-recommends install -y php-gmp \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -# Create required directories -RUN mkdir -p /data +WORKDIR /data COPY dockerbuild/vhost.conf /etc/apache2/sites-enabled/ COPY dockerbuild/run.sh /data/run.sh @@ -22,16 +18,11 @@ COPY dockerbuild/apply-dictionaries-overrides.php /data/ # Note the name change: repos extending this one should only run the metadata # tests, so those are the only tests we make available to them. COPY dockerbuild/run-metadata-tests.sh /data/run-tests.sh +COPY tests/MetadataTest.php /data/tests/MetadataTest.php # ErrorLog inside a VirtualHost block is ineffective for unknown reasons RUN sed -i -E 's@ErrorLog .*@ErrorLog /proc/1/fd/2@i' /etc/apache2/apache2.conf -# get s3-expand -RUN curl https://raw.githubusercontent.com/silinternational/s3-expand/1.5/s3-expand -fo /usr/local/bin/s3-expand \ - && chmod a+x /usr/local/bin/s3-expand - -WORKDIR /data - # Install/cleanup composer dependencies ARG COMPOSER_FLAGS="--prefer-dist --no-interaction --no-dev --optimize-autoloader --no-scripts --no-progress" COPY composer.json /data/ @@ -39,7 +30,7 @@ COPY composer.lock /data/ RUN composer self-update --no-interaction RUN COMPOSER_ALLOW_SUPERUSER=1 composer install $COMPOSER_FLAGS -ENV SSP_PATH /data/vendor/simplesamlphp/simplesamlphp +ENV SSP_PATH=/data/vendor/simplesamlphp/simplesamlphp # Copy modules into simplesamlphp COPY modules/ $SSP_PATH/modules @@ -52,21 +43,13 @@ COPY modules/material/themes/material/profilereview/* $SSP_PATH/modules/profiler COPY modules/material/themes/material/silauth/* $SSP_PATH/modules/silauth/templates/ # Copy in SSP override files -RUN mv $SSP_PATH/public/index.php $SSP_PATH/public/ssp-index.php -COPY dockerbuild/ssp-overrides/index.php $SSP_PATH/public/index.php COPY dockerbuild/ssp-overrides/saml20-idp-remote.php $SSP_PATH/metadata/saml20-idp-remote.php COPY dockerbuild/ssp-overrides/saml20-sp-remote.php $SSP_PATH/metadata/saml20-sp-remote.php COPY dockerbuild/config/* $SSP_PATH/config/ -COPY dockerbuild/ssp-overrides/id.php $SSP_PATH/public/id.php -COPY dockerbuild/ssp-overrides/announcement.php $SSP_PATH/announcement/announcement.php COPY dockerbuild/ssp-overrides/sp-php.patch sp-php.patch RUN patch /data/vendor/simplesamlphp/simplesamlphp/modules/saml/src/Auth/Source/SP.php sp-php.patch -COPY tests /data/tests - -RUN chmod a+x /data/run.sh /data/run-tests.sh - -ADD https://github.com/silinternational/config-shim/releases/latest/download/config-shim.gz config-shim.gz +ADD https://github.com/silinternational/config-shim/releases/download/v1.0.0/config-shim.gz config-shim.gz RUN gzip -d config-shim.gz && chmod 755 config-shim && mv config-shim /usr/local/bin # Set permissions for cache directory. Corresponds to the `cachedir` setting in config.php. @@ -74,5 +57,4 @@ RUN mkdir /data/cache RUN chown -R www-data:www-data /data/cache EXPOSE 80 -ENTRYPOINT ["/usr/local/bin/s3-expand"] CMD ["/data/run.sh"] diff --git a/composer.json b/composer.json index e9b88a1..7787ff2 100644 --- a/composer.json +++ b/composer.json @@ -18,11 +18,10 @@ "simplesamlphp/composer-module-installer": "^1.0", "rlanvin/php-ip": "^1.0", "silinternational/ssp-utilities": "v2.0.0", - "silinternational/php-env": "^3.1.0", + "silinternational/php-env": "^3.2.0", "silinternational/psr3-adapters": "v4.0.0", "silinternational/yii2-json-log-targets": "^2.0", "silinternational/idp-id-broker-php-client": "^4.3", - "sinergi/browser-detector": "^6.1", "yiisoft/yii2": "~2.0.12", "yiisoft/yii2-gii": "^2.0", "google/recaptcha": "^1.1", diff --git a/composer.lock b/composer.lock index 0029c94..3b0db7c 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "a4096531caaadf1c30b8c7600e11a4e1", + "content-hash": "e806cb0ece59b36ea060f0d8bc0e906a", "packages": [ { "name": "aws/aws-crt-php", @@ -2940,16 +2940,16 @@ }, { "name": "silinternational/php-env", - "version": "3.1.0", + "version": "3.2.0", "source": { "type": "git", "url": "https://github.com/silinternational/php-env.git", - "reference": "d69cf17b7fc02cf6450d7d947634d07b7c2168af" + "reference": "9a60ee2653d89c1719263122cbb3abbbe7880d1f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/silinternational/php-env/zipball/d69cf17b7fc02cf6450d7d947634d07b7c2168af", - "reference": "d69cf17b7fc02cf6450d7d947634d07b7c2168af", + "url": "https://api.github.com/repos/silinternational/php-env/zipball/9a60ee2653d89c1719263122cbb3abbbe7880d1f", + "reference": "9a60ee2653d89c1719263122cbb3abbbe7880d1f", "shasum": "" }, "require": { @@ -2971,9 +2971,9 @@ "description": "Simple PHP library for getting (or requiring) environment variables, designed to handle true, false, and null more intelligently. If desired, an environment variable's value can be split into an array automatically.", "support": { "issues": "https://github.com/silinternational/php-env/issues", - "source": "https://github.com/silinternational/php-env/tree/3.1.0" + "source": "https://github.com/silinternational/php-env/tree/3.2.0" }, - "time": "2022-08-29T20:48:09+00:00" + "time": "2024-07-17T13:16:07+00:00" }, { "name": "silinternational/psr3-adapters", @@ -3446,60 +3446,6 @@ }, "time": "2024-06-12T21:08:27+00:00" }, - { - "name": "sinergi/browser-detector", - "version": "6.1.4", - "source": { - "type": "git", - "url": "https://github.com/sinergi/php-browser-detector.git", - "reference": "4927f7c2bedc48b68f183bd420aa3549c59e133b" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/sinergi/php-browser-detector/zipball/4927f7c2bedc48b68f183bd420aa3549c59e133b", - "reference": "4927f7c2bedc48b68f183bd420aa3549c59e133b", - "shasum": "" - }, - "require": { - "php": ">=7.2" - }, - "require-dev": { - "phpunit/phpunit": "^8.0 || ^9.4" - }, - "type": "library", - "autoload": { - "psr-4": { - "Sinergi\\BrowserDetector\\": "src" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Gabriel Bull", - "email": "me@gabrielbull.com" - }, - { - "name": "Chris Schuld" - } - ], - "description": "Detecting the user's browser, operating system and language.", - "keywords": [ - "browser", - "detection", - "language", - "operating system", - "os" - ], - "support": { - "issues": "https://github.com/sinergi/php-browser-detector/issues", - "source": "https://github.com/sinergi/php-browser-detector/tree/6.1.4" - }, - "abandoned": true, - "time": "2021-09-23T13:51:44+00:00" - }, { "name": "symfony/cache", "version": "v6.4.8", diff --git a/development/hub/metadata/idp-remote.php b/development/hub/metadata/idp-remote.php index cfb91c1..af01b35 100644 --- a/development/hub/metadata/idp-remote.php +++ b/development/hub/metadata/idp-remote.php @@ -18,7 +18,6 @@ ], 'IDPNamespace' => 'IDP-1-custom-port', 'logoCaption' => 'IDP-1:8085 staff', - 'enabled' => true, 'logoURL' => 'https://dummyimage.com/125x125/0f4fbd/ffffff.png&text=IDP+1+8085', 'description' => 'Local IDP for testing SSP Hub (custom port)', @@ -39,7 +38,6 @@ ], 'IDPNamespace' => 'IDP-1', 'logoCaption' => 'IDP-1 staff', - 'enabled' => true, 'logoURL' => 'https://dummyimage.com/125x125/0f4fbd/ffffff.png&text=IDP+1', 'description' => 'Local IDP for testing SSP Hub (default port)', @@ -65,7 +63,6 @@ ], 'IDPNamespace' => 'IDP-2-custom-port', 'logoCaption' => 'IDP-2:8086 staff', - 'enabled' => true, 'logoURL' => 'https://dummyimage.com/125x125/0f4fbd/ffffff.png&text=IDP+2+8086', 'description' => 'Local IDP2 for testing SSP Hub (custom port)', @@ -85,7 +82,6 @@ ], 'IDPNamespace' => 'IDP-2', 'logoCaption' => 'IDP-2 staff', - 'enabled' => true, 'logoURL' => 'https://dummyimage.com/125x125/0f4fbd/ffffff.png&text=IDP+2', 'description' => 'Local IDP2 for testing SSP Hub (normal port)', @@ -109,7 +105,6 @@ ], 'IDPNamespace' => 'IDP-3-custom-port', 'logoCaption' => 'IDP-3:8087 staff', - 'enabled' => false, 'logoURL' => 'https://dummyimage.com/125x125/0f4fbd/ffffff.png&text=IDP+3+8087', 'description' => 'Local IDP3 for testing SSP Hub (custom port)', @@ -126,7 +121,6 @@ ], 'IDPNamespace' => 'IDP-3', 'logoCaption' => 'IDP-3 staff', - 'enabled' => false, 'logoURL' => 'https://dummyimage.com/125x125/0f4fbd/ffffff.png&text=IDP+3', 'description' => 'Local IDP3 for testing SSP Hub', diff --git a/development/idp-local/config/authsources.php b/development/idp-local/config/authsources.php index dc78562..429c5e0 100644 --- a/development/idp-local/config/authsources.php +++ b/development/idp-local/config/authsources.php @@ -1,7 +1,5 @@ [ 'exampleauth:UserPass', - // expirychecker test user whose password expires in the distant future - 'distant_future:a' => [ - 'eduPersonPrincipalName' => ['DISTANT_FUTURE@ssp-idp1.local'], - 'sn' => ['Future'], - 'givenName' => ['Distant'], - 'mail' => ['distant_future@example.com'], - 'employeeNumber' => ['11111'], - 'cn' => ['DISTANT_FUTURE'], - 'mfa' => [ - 'prompt' => 'no', - ], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), // Distant future + 'users' => [ + // expirychecker test user whose password expires in the distant future + 'distant_future:a' => [ + 'eduPersonPrincipalName' => ['DISTANT_FUTURE@ssp-idp1.local'], + 'sn' => ['Future'], + 'givenName' => ['Distant'], + 'mail' => ['distant_future@example.com'], + 'employeeNumber' => ['11111'], + 'cn' => ['DISTANT_FUTURE'], + 'mfa' => [ + 'prompt' => 'no', + 'add' => 'no', + ], + 'method' => [ + 'add' => 'no', + ], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), // Distant future + ], ], - ], - // expirychecker test user whose password expires in the near future - 'near_future:b' => [ - 'eduPersonPrincipalName' => ['NEAR_FUTURE@ssp-idp1.local'], - 'sn' => ['Future'], - 'givenName' => ['Near'], - 'mail' => ['near_future@example.com'], - 'employeeNumber' => ['22222'], - 'cn' => ['NEAR_FUTURE'], - 'mfa' => [ - 'prompt' => 'no', - ], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+3 days')), // Soon but not tomorrow + // expirychecker test user whose password expires in the near future + 'near_future:b' => [ + 'eduPersonPrincipalName' => ['NEAR_FUTURE@ssp-idp1.local'], + 'sn' => ['Future'], + 'givenName' => ['Near'], + 'mail' => ['near_future@example.com'], + 'employeeNumber' => ['22222'], + 'cn' => ['NEAR_FUTURE'], + 'mfa' => [ + 'prompt' => 'no', + 'add' => 'no', + ], + 'method' => [ + 'add' => 'no', + ], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+3 days')), // Soon but not tomorrow + ], ], - ], - // expirychecker test user whose password expires in one day - 'next_day:a' => [ - 'eduPersonPrincipalName' => ['NEXT_DAY@ssp-hub-idp2.local'], - 'eduPersonTargetID' => ['22888888-2222-2222-2222-222222222222'], - 'sn' => ['Day'], - 'givenName' => ['Next'], - 'mail' => ['next_day@example.com'], - 'employeeNumber' => ['22888'], - 'cn' => ['NEXT_DAY'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+1 day')), // Very soon + // expirychecker test user whose password expires in one day + 'next_day:a' => [ + 'eduPersonPrincipalName' => ['NEXT_DAY@ssp-hub-idp2.local'], + 'eduPersonTargetID' => ['22888888-2222-2222-2222-222222222222'], + 'sn' => ['Day'], + 'givenName' => ['Next'], + 'mail' => ['next_day@example.com'], + 'employeeNumber' => ['22888'], + 'cn' => ['NEXT_DAY'], + 'mfa' => [ + 'prompt' => 'no', + 'add' => 'no', + ], + 'method' => [ + 'add' => 'no', + ], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+1 day')), // Very soon + ], ], - ], - // expirychecker test user whose password expires in the past - 'already_past:c' => [ - 'eduPersonPrincipalName' => ['ALREADY_PAST@ssp-idp1.local'], - 'sn' => ['Past'], - 'givenName' => ['Already'], - 'mail' => ['already_past@example.com'], - 'employeeNumber' => ['33333'], - 'cn' => ['ALREADY_PAST'], - 'mfa' => [ - 'prompt' => 'no', - ], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('-1 day')), // In the past + // expirychecker test user whose password expires in the past + 'already_past:c' => [ + 'eduPersonPrincipalName' => ['ALREADY_PAST@ssp-idp1.local'], + 'sn' => ['Past'], + 'givenName' => ['Already'], + 'mail' => ['already_past@example.com'], + 'employeeNumber' => ['33333'], + 'cn' => ['ALREADY_PAST'], + 'mfa' => [ + 'prompt' => 'no', + 'add' => 'no', + ], + 'method' => [ + 'add' => 'no', + ], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('-1 day')), // In the past + ], ], - ], - // expirychecker test user whose password expiry is missing - 'missing_exp:d' => [ - 'eduPersonPrincipalName' => ['MISSING_EXP@ssp-idp-1.local'], - 'sn' => ['Expiration'], - 'givenName' => ['Missing'], - 'mail' => ['missing_exp@example.com'], - 'employeeNumber' => ['44444'], - 'cn' => ['MISSING_EXP'], - 'mfa' => [ - 'prompt' => 'no', + // expirychecker test user whose password expiry is missing + 'missing_exp:d' => [ + 'eduPersonPrincipalName' => ['MISSING_EXP@ssp-idp-1.local'], + 'sn' => ['Expiration'], + 'givenName' => ['Missing'], + 'mail' => ['missing_exp@example.com'], + 'employeeNumber' => ['44444'], + 'cn' => ['MISSING_EXP'], + 'mfa' => [ + 'prompt' => 'no', + 'add' => 'no', + ], + 'method' => [ + 'add' => 'no', + ], ], - ], - // expirychecker test user whose password expiry is invalid - 'invalid_exp:e' => [ - 'eduPersonPrincipalName' => ['INVALID_EXP@ssp-idp-1.local'], - 'sn' => ['Expiration'], - 'givenName' => ['Invalid'], - 'mail' => ['invalid_exp@example.com'], - 'employeeNumber' => ['55555'], - 'cn' => ['INVALID_EXP'], - 'mfa' => [ - 'prompt' => 'no', - ], - 'schacExpiryDate' => [ - 'invalid' + // expirychecker test user whose password expiry is invalid + 'invalid_exp:e' => [ + 'eduPersonPrincipalName' => ['INVALID_EXP@ssp-idp-1.local'], + 'sn' => ['Expiration'], + 'givenName' => ['Invalid'], + 'mail' => ['invalid_exp@example.com'], + 'employeeNumber' => ['55555'], + 'cn' => ['INVALID_EXP'], + 'mfa' => [ + 'prompt' => 'no', + 'add' => 'no', + ], + 'method' => [ + 'add' => 'no', + ], + 'schacExpiryDate' => [ + 'invalid' + ], ], - ], - // profilereview test user whose profile is not due for review - 'no_review:e' => [ - 'eduPersonPrincipalName' => ['NO_REVIEW@idp'], - 'eduPersonTargetID' => ['11111111-1111-1111-1111-111111111111'], - 'sn' => ['Review'], - 'givenName' => ['No'], - 'mail' => ['no_review@example.com'], - 'employeeNumber' => ['11111'], - 'cn' => ['NO_REVIEW'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'mfa' => [ - 'prompt' => 'no', - 'add' => 'no', - 'options' => [ - [ - 'id' => 111, - 'type' => 'backupcode', - 'label' => '2SV #1', - 'created_utc' => '2017-10-24T20:40:47Z', - 'last_used_utc' => null, - 'data' => [ - 'count' => 10 + // profilereview test user whose profile is not due for review + 'no_review:e' => [ + 'eduPersonPrincipalName' => ['NO_REVIEW@idp'], + 'eduPersonTargetID' => ['11111111-1111-1111-1111-111111111111'], + 'sn' => ['Review'], + 'givenName' => ['No'], + 'mail' => ['no_review@example.com'], + 'employeeNumber' => ['11111'], + 'cn' => ['NO_REVIEW'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'mfa' => [ + 'prompt' => 'no', + 'add' => 'no', + 'options' => [ + [ + 'id' => 111, + 'type' => 'backupcode', + 'label' => '2SV #1', + 'created_utc' => '2017-10-24T20:40:47Z', + 'last_used_utc' => null, + 'data' => [ + 'count' => 10 + ], ], ], ], + 'method' => [ + 'add' => 'no', + ], + 'profile_review' => 'no' ], - 'method' => [ - 'add' => 'no', - ], - 'profile_review' => 'no' - ], - // profilereview test user whose profile is flagged for mfa_add review - 'mfa_add:f' => [ - 'eduPersonPrincipalName' => ['MFA_ADD@idp'], - 'eduPersonTargetID' => ['22222222-2222-2222-2222-222222222222'], - 'sn' => ['Add'], - 'givenName' => ['Mfa'], - 'mail' => ['mfa_add@example.com'], - 'employeeNumber' => ['22222'], - 'cn' => ['MFA_ADD'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'mfa' => [ - 'prompt' => 'no', - 'add' => 'yes', - 'options' => [], - ], - 'method' => [ - 'add' => 'no', + // profilereview test user whose profile is flagged for mfa_add review + 'mfa_add:f' => [ + 'eduPersonPrincipalName' => ['MFA_ADD@idp'], + 'eduPersonTargetID' => ['22222222-2222-2222-2222-222222222222'], + 'sn' => ['Add'], + 'givenName' => ['Mfa'], + 'mail' => ['mfa_add@example.com'], + 'employeeNumber' => ['22222'], + 'cn' => ['MFA_ADD'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'mfa' => [ + 'prompt' => 'no', + 'add' => 'yes', + 'options' => [], + ], + 'method' => [ + 'add' => 'no', + ], + 'profile_review' => 'no' ], - 'profile_review' => 'no' - ], - // profilereview test user whose profile is flagged for method_add review - 'method_add:g' => [ - 'eduPersonPrincipalName' => ['METHOD_ADD@methodidp'], - 'eduPersonTargetID' => ['44444444-4444-4444-4444-444444444444'], - 'sn' => ['Add'], - 'givenName' => ['Method'], - 'mail' => ['method_add@example.com'], - 'employeeNumber' => ['44444'], - 'cn' => ['METHOD_ADD'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'mfa' => [ - 'prompt' => 'no', - 'add' => 'no', - 'options' => [ - [ - 'id' => 444, - 'type' => 'backupcode', - 'label' => '2SV #1', - 'created_utc' => '2017-10-24T20:40:47Z', - 'last_used_utc' => null, - 'data' => [ - 'count' => 10 + // profilereview test user whose profile is flagged for method_add review + 'method_add:g' => [ + 'eduPersonPrincipalName' => ['METHOD_ADD@methodidp'], + 'eduPersonTargetID' => ['44444444-4444-4444-4444-444444444444'], + 'sn' => ['Add'], + 'givenName' => ['Method'], + 'mail' => ['method_add@example.com'], + 'employeeNumber' => ['44444'], + 'cn' => ['METHOD_ADD'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'mfa' => [ + 'prompt' => 'no', + 'add' => 'no', + 'options' => [ + [ + 'id' => 444, + 'type' => 'backupcode', + 'label' => '2SV #1', + 'created_utc' => '2017-10-24T20:40:47Z', + 'last_used_utc' => null, + 'data' => [ + 'count' => 10 + ], ], ], ], + 'method' => [ + 'add' => 'yes', + ], + 'profile_review' => 'no' ], - 'method' => [ - 'add' => 'yes', - ], - 'profile_review' => 'no' - ], - // profilereview test user whose profile is flagged for profile review - 'profile_review:h' => [ - 'eduPersonPrincipalName' => ['METHOD_REVIEW@methodidp'], - 'eduPersonTargetID' => ['55555555-5555-5555-5555-555555555555'], - 'sn' => ['Review'], - 'givenName' => ['Method'], - 'mail' => ['method_review@example.com'], - 'employeeNumber' => ['55555'], - 'cn' => ['METHOD_REVIEW'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'mfa' => [ - 'prompt' => 'no', - 'add' => 'no', - 'options' => [ - [ - 'id' => 555, - 'type' => 'backupcode', - 'label' => '2SV #1', - 'created_utc' => '2017-10-24T20:40:47Z', - 'last_used_utc' => null, - 'data' => [ - 'count' => 10 + // profilereview test user whose profile is flagged for profile review + 'profile_review:h' => [ + 'eduPersonPrincipalName' => ['METHOD_REVIEW@methodidp'], + 'eduPersonTargetID' => ['55555555-5555-5555-5555-555555555555'], + 'sn' => ['Review'], + 'givenName' => ['Method'], + 'mail' => ['method_review@example.com'], + 'employeeNumber' => ['55555'], + 'cn' => ['METHOD_REVIEW'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'mfa' => [ + 'prompt' => 'no', + 'add' => 'no', + 'options' => [ + [ + 'id' => 555, + 'type' => 'backupcode', + 'label' => '2SV #1', + 'created_utc' => '2017-10-24T20:40:47Z', + 'last_used_utc' => null, + 'data' => [ + 'count' => 10 + ], ], - ], - [ - 'id' => 556, - 'type' => 'manager', - 'label' => '2SV #2', - 'created_utc' => '2017-10-24T20:40:47Z', - 'last_used_utc' => '2017-10-24T20:41:57Z', - 'data' => [ + [ + 'id' => 556, + 'type' => 'manager', + 'label' => '2SV #2', + 'created_utc' => '2017-10-24T20:40:47Z', + 'last_used_utc' => '2017-10-24T20:41:57Z', + 'data' => [ + ], ], ], ], - ], - 'method' => [ - 'add' => 'no', - 'options' => [ - [ - 'id' => '55555555555555555555555555555555', - 'value' => 'method@example.com', - 'verified' => true, - 'created' => '2017-10-24T20:40:47Z', + 'method' => [ + 'add' => 'no', + 'options' => [ + [ + 'id' => '55555555555555555555555555555555', + 'value' => 'method@example.com', + 'verified' => true, + 'created' => '2017-10-24T20:40:47Z', + ], ], ], + 'profile_review' => 'yes' ], - 'profile_review' => 'yes' - ], - // mfa test user who does not require mfa - 'no_mfa_needed:a' => [ - 'eduPersonPrincipalName' => ['NO_MFA_NEEDED@mfaidp'], - 'eduPersonTargetID' => ['11111111-1111-1111-1111-111111111111'], - 'sn' => ['Needed'], - 'givenName' => ['No MFA'], - 'mail' => ['no_mfa_needed@example.com'], - 'employeeNumber' => ['11111'], - 'cn' => ['NO_MFA_NEEDED'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'no', - 'add' => 'no', - 'options' => [], - ], - 'method' => [ - 'add' => 'no', - 'options' => [], + // mfa test user who does not require mfa + 'no_mfa_needed:a' => [ + 'eduPersonPrincipalName' => ['NO_MFA_NEEDED@mfaidp'], + 'eduPersonTargetID' => ['11111111-1111-1111-1111-111111111111'], + 'sn' => ['Needed'], + 'givenName' => ['No MFA'], + 'mail' => ['no_mfa_needed@example.com'], + 'employeeNumber' => ['11111'], + 'cn' => ['NO_MFA_NEEDED'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'no', + 'add' => 'no', + 'options' => [], + ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - ], - // mfa test user who requires mfa to be set up - 'must_set_up_mfa:a' => [ - 'eduPersonPrincipalName' => ['MUST_SET_UP_MFA@mfaidp'], - 'eduPersonTargetID' => ['22222222-2222-2222-2222-222222222222'], - 'sn' => ['Set Up MFA'], - 'givenName' => ['Must'], - 'mail' => ['must_set_up_mfa@example.com'], - 'employeeNumber' => ['22222'], - 'cn' => ['MUST_SET_UP_MFA'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [], - ], - 'method' => [ - 'add' => 'no', - 'options' => [], + // mfa test user who requires mfa to be set up + 'must_set_up_mfa:a' => [ + 'eduPersonPrincipalName' => ['MUST_SET_UP_MFA@mfaidp'], + 'eduPersonTargetID' => ['22222222-2222-2222-2222-222222222222'], + 'sn' => ['Set Up MFA'], + 'givenName' => ['Must'], + 'mail' => ['must_set_up_mfa@example.com'], + 'employeeNumber' => ['22222'], + 'cn' => ['MUST_SET_UP_MFA'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [], + ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - ], - // mfa test user who requires mfa and has backup codes - 'has_backupcode:a' => [ - 'eduPersonPrincipalName' => ['HAS_BACKUPCODE@mfaidp'], - 'eduPersonTargetID' => ['33333333-3333-3333-3333-333333333333'], - 'sn' => ['Backupcode'], - 'givenName' => ['Has'], - 'mail' => ['has_backupcode@example.com'], - 'employeeNumber' => ['33333'], - 'cn' => ['HAS_BACKUPCODE'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '7', - 'type' => 'backupcode', - 'data' => [ - 'count' => 10, + // mfa test user who requires mfa and has backup codes + 'has_backupcode:a' => [ + 'eduPersonPrincipalName' => ['HAS_BACKUPCODE@mfaidp'], + 'eduPersonTargetID' => ['33333333-3333-3333-3333-333333333333'], + 'sn' => ['Backupcode'], + 'givenName' => ['Has'], + 'mail' => ['has_backupcode@example.com'], + 'employeeNumber' => ['33333'], + 'cn' => ['HAS_BACKUPCODE'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '7', + 'type' => 'backupcode', + 'data' => [ + 'count' => 10, + ], ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has backup codes and a manager email - 'has_backupcode_and_mgr:a' => [ - 'eduPersonPrincipalName' => ['HAS_BACKUPCODE@mfaidp'], - 'eduPersonTargetID' => ['33333333-3333-3333-3333-333333333333'], - 'sn' => ['Backupcode'], - 'givenName' => ['Has'], - 'mail' => ['has_backupcode@example.com'], - 'employeeNumber' => ['33333'], - 'cn' => ['HAS_BACKUPCODE'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '7', - 'type' => 'backupcode', - 'data' => [ - 'count' => 10, + // mfa test user who requires mfa and has backup codes and a manager email + 'has_backupcode_and_mgr:a' => [ + 'eduPersonPrincipalName' => ['HAS_BACKUPCODE@mfaidp'], + 'eduPersonTargetID' => ['33333333-3333-3333-3333-333333333333'], + 'sn' => ['Backupcode'], + 'givenName' => ['Has'], + 'mail' => ['has_backupcode@example.com'], + 'employeeNumber' => ['33333'], + 'cn' => ['HAS_BACKUPCODE'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '7', + 'type' => 'backupcode', + 'data' => [ + 'count' => 10, + ], ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], + 'manager_email' => ['manager@example.com'], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - 'manager_email' => ['manager@example.com'], - ], - // mfa test user who requires mfa and has totp - 'has_totp:a' => [ - 'eduPersonPrincipalName' => ['HAS_TOTP@mfaidp'], - 'eduPersonTargetID' => ['44444444-4444-4444-4444-444444444444'], - 'sn' => ['TOTP'], - 'givenName' => ['Has'], - 'mail' => ['has_totp@example.com'], - 'employeeNumber' => ['44444'], - 'cn' => ['HAS_TOTP'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '2', - 'type' => 'totp', - 'data' => '', + // mfa test user who requires mfa and has totp + 'has_totp:a' => [ + 'eduPersonPrincipalName' => ['HAS_TOTP@mfaidp'], + 'eduPersonTargetID' => ['44444444-4444-4444-4444-444444444444'], + 'sn' => ['TOTP'], + 'givenName' => ['Has'], + 'mail' => ['has_totp@example.com'], + 'employeeNumber' => ['44444'], + 'cn' => ['HAS_TOTP'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '2', + 'type' => 'totp', + 'data' => '', + ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has totp and a manager email - 'has_totp_and_mgr:a' => [ - 'eduPersonPrincipalName' => ['HAS_TOTP@mfaidp'], - 'eduPersonTargetID' => ['44444444-4444-4444-4444-444444444444'], - 'sn' => ['TOTP'], - 'givenName' => ['Has'], - 'mail' => ['has_totp@example.com'], - 'employeeNumber' => ['44444'], - 'cn' => ['HAS_TOTP'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '2', - 'type' => 'totp', - 'data' => '', + // mfa test user who requires mfa and has totp and a manager email + 'has_totp_and_mgr:a' => [ + 'eduPersonPrincipalName' => ['HAS_TOTP@mfaidp'], + 'eduPersonTargetID' => ['44444444-4444-4444-4444-444444444444'], + 'sn' => ['TOTP'], + 'givenName' => ['Has'], + 'mail' => ['has_totp@example.com'], + 'employeeNumber' => ['44444'], + 'cn' => ['HAS_TOTP'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '2', + 'type' => 'totp', + 'data' => '', + ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], + 'manager_email' => ['manager@example.com'], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - 'manager_email' => ['manager@example.com'], - ], - // mfa test user who requires mfa and has a webauthn - 'has_webauthn:a' => [ - 'eduPersonPrincipalName' => ['HAS_WEBAUTHN@mfaidp'], - 'eduPersonTargetID' => ['55555555-5555-5555-5555-555555555555'], - 'sn' => ['WebAuthn'], - 'givenName' => ['Has'], - 'mail' => ['has_webauthn@example.com'], - 'employeeNumber' => ['55555'], - 'cn' => ['HAS_WEBAUTHN'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '3', - 'type' => 'webauthn', - 'label' => 'Blue security key (work)', - 'created_utc' => '2017-10-24T20:40:57Z', - 'last_used_utc' => null, - 'data' => [ - // Response from "POST /webauthn/login" MFA API call. - "id" => 88, - "label" => "My Webauthn Key", - "last_used_utc" => null, - "created_utc" => "2022-12-15 19:42:37", - "publicKey" => [ - "challenge" => "xxxxxxx", + // mfa test user who requires mfa and has a webauthn + 'has_webauthn:a' => [ + 'eduPersonPrincipalName' => ['HAS_WEBAUTHN@mfaidp'], + 'eduPersonTargetID' => ['55555555-5555-5555-5555-555555555555'], + 'sn' => ['WebAuthn'], + 'givenName' => ['Has'], + 'mail' => ['has_webauthn@example.com'], + 'employeeNumber' => ['55555'], + 'cn' => ['HAS_WEBAUTHN'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '3', + 'type' => 'webauthn', + 'label' => 'Blue security key (work)', + 'created_utc' => '2017-10-24T20:40:57Z', + 'last_used_utc' => null, + 'data' => [ + // Response from "POST /webauthn/login" MFA API call. + "id" => 88, + "label" => "My Webauthn Key", + "last_used_utc" => null, + "created_utc" => "2022-12-15 19:42:37", + "publicKey" => [ + "challenge" => "xxxxxxx", + ], ], ], - ], - ] - ], - 'method' => [ - 'add' => 'no', - 'options' => [], + ] + ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - ], - // mfa test user who requires mfa and has webauthn and a manager email - 'has_webauthn_and_mgr:a' => [ - 'eduPersonPrincipalName' => ['HAS_WEBAUTHN@mfaidp'], - 'eduPersonTargetID' => ['55555555-5555-5555-5555-555555555555'], - 'sn' => ['WebAuthn'], - 'givenName' => ['Has'], - 'mail' => ['has_webauthn@example.com'], - 'employeeNumber' => ['55555'], - 'cn' => ['HAS_WEBAUTHN'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '3', - 'type' => 'webauthn', - 'data' => '', - ], - ] - ], - 'method' => [ - 'add' => 'no', - 'options' => [], + // mfa test user who requires mfa and has webauthn and a manager email + 'has_webauthn_and_mgr:a' => [ + 'eduPersonPrincipalName' => ['HAS_WEBAUTHN@mfaidp'], + 'eduPersonTargetID' => ['55555555-5555-5555-5555-555555555555'], + 'sn' => ['WebAuthn'], + 'givenName' => ['Has'], + 'mail' => ['has_webauthn@example.com'], + 'employeeNumber' => ['55555'], + 'cn' => ['HAS_WEBAUTHN'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '3', + 'type' => 'webauthn', + 'data' => '', + ], + ] + ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], + 'manager_email' => ['manager@example.com'], ], - 'manager_email' => ['manager@example.com'], - ], - // mfa test user who requires mfa and has all forms of mfa - 'has_all:a' => [ - 'eduPersonPrincipalName' => ['has_all@mfaidp'], - 'eduPersonTargetID' => ['77777777-7777-7777-7777-777777777777'], - 'sn' => ['All'], - 'givenName' => ['Has'], - 'mail' => ['has_all@example.com'], - 'employeeNumber' => ['777777'], - 'cn' => ['HAS_ALL'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '1', - 'type' => 'backupcode', - 'data' => [ - 'count' => 8, + // mfa test user who requires mfa and has all forms of mfa + 'has_all:a' => [ + 'eduPersonPrincipalName' => ['has_all@mfaidp'], + 'eduPersonTargetID' => ['77777777-7777-7777-7777-777777777777'], + 'sn' => ['All'], + 'givenName' => ['Has'], + 'mail' => ['has_all@example.com'], + 'employeeNumber' => ['777777'], + 'cn' => ['HAS_ALL'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '1', + 'type' => 'backupcode', + 'data' => [ + 'count' => 8, + ], + ], + [ + 'id' => '2', + 'type' => 'totp', + 'data' => '', + ], + [ + 'id' => '3', + 'type' => 'webauthn', + 'data' => '', ], - ], - [ - 'id' => '2', - 'type' => 'totp', - 'data' => '', - ], - [ - 'id' => '3', - 'type' => 'webauthn', - 'data' => '', ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], + 'manager_email' => ['manager@example.com'], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - 'manager_email' => ['manager@example.com'], - ], - // mfa test user who has a rate-limited mfa - 'has_rate_limited_mfa:a' => [ - 'eduPersonPrincipalName' => ['HAS_RATE_LIMITED_MFA@mfaidp'], - 'eduPersonTargetID' => ['88888888-8888-8888-8888-888888888888'], - 'sn' => ['Rate-Limited MFA'], - 'givenName' => ['Has'], - 'mail' => ['has_rate_limited_mfa@example.com'], - 'employeeNumber' => ['88888'], - 'cn' => ['HAS_RATE_LIMITED_MFA'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => 987, //FakeIdBrokerClient::RATE_LIMITED_MFA_ID, - 'type' => 'backupcode', - 'data' => [ - 'count' => 5, + // mfa test user who has a rate-limited mfa + 'has_rate_limited_mfa:a' => [ + 'eduPersonPrincipalName' => ['HAS_RATE_LIMITED_MFA@mfaidp'], + 'eduPersonTargetID' => ['88888888-8888-8888-8888-888888888888'], + 'sn' => ['Rate-Limited MFA'], + 'givenName' => ['Has'], + 'mail' => ['has_rate_limited_mfa@example.com'], + 'employeeNumber' => ['88888'], + 'cn' => ['HAS_RATE_LIMITED_MFA'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => 987, //FakeIdBrokerClient::RATE_LIMITED_MFA_ID, + 'type' => 'backupcode', + 'data' => [ + 'count' => 5, + ], ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has 4 backup codes - 'has_4_backupcodes:a' => [ - 'eduPersonPrincipalName' => ['HAS_4_BACKUPCODES@mfaidp'], - 'eduPersonTargetID' => ['99999999-9999-9999-9999-999999999999'], - 'sn' => ['Backupcodes'], - 'givenName' => ['Has 4'], - 'mail' => ['has_4_backupcodes@example.com'], - 'employeeNumber' => ['99999'], - 'cn' => ['HAS_4_BACKUPCODES'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '90', - 'type' => 'backupcode', - 'data' => [ - 'count' => 4, + // mfa test user who requires mfa and has 4 backup codes + 'has_4_backupcodes:a' => [ + 'eduPersonPrincipalName' => ['HAS_4_BACKUPCODES@mfaidp'], + 'eduPersonTargetID' => ['99999999-9999-9999-9999-999999999999'], + 'sn' => ['Backupcodes'], + 'givenName' => ['Has 4'], + 'mail' => ['has_4_backupcodes@example.com'], + 'employeeNumber' => ['99999'], + 'cn' => ['HAS_4_BACKUPCODES'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '90', + 'type' => 'backupcode', + 'data' => [ + 'count' => 4, + ], ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has 1 backup code remaining - 'has_1_backupcode_only:a' => [ - 'eduPersonPrincipalName' => ['HAS_1_BACKUPCODE_ONLY@mfaidp'], - 'eduPersonTargetID' => ['00000010-0010-0010-0010-000000000010'], - 'sn' => ['Only, And No Other MFA'], - 'givenName' => ['Has 1 Backupcode'], - 'mail' => ['has_1_backupcode_only@example.com'], - 'employeeNumber' => ['00010'], - 'cn' => ['HAS_1_BACKUPCODE_ONLY'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '100', - 'type' => 'backupcode', - 'data' => [ - 'count' => 1, + // mfa test user who requires mfa and has 1 backup code remaining + 'has_1_backupcode_only:a' => [ + 'eduPersonPrincipalName' => ['HAS_1_BACKUPCODE_ONLY@mfaidp'], + 'eduPersonTargetID' => ['00000010-0010-0010-0010-000000000010'], + 'sn' => ['Only, And No Other MFA'], + 'givenName' => ['Has 1 Backupcode'], + 'mail' => ['has_1_backupcode_only@example.com'], + 'employeeNumber' => ['00010'], + 'cn' => ['HAS_1_BACKUPCODE_ONLY'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '100', + 'type' => 'backupcode', + 'data' => [ + 'count' => 1, + ], ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has one backup code plus another option - 'has_1_backupcode_plus:a' => [ - 'eduPersonPrincipalName' => ['HAS_1_BACKUPCODE_PLUS@mfaidp'], - 'eduPersonTargetID' => ['00000011-0011-0011-0011-000000000011'], - 'sn' => ['Plus Other MFA'], - 'givenName' => ['Has 1 Backupcode'], - 'mail' => ['has_1_backupcode_plus@example.com'], - 'employeeNumber' => ['00011'], - 'cn' => ['HAS_1_BACKUPCODE_PLUS'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '110', - 'type' => 'backupcode', - 'data' => [ - 'count' => 1, + // mfa test user who requires mfa and has one backup code plus another option + 'has_1_backupcode_plus:a' => [ + 'eduPersonPrincipalName' => ['HAS_1_BACKUPCODE_PLUS@mfaidp'], + 'eduPersonTargetID' => ['00000011-0011-0011-0011-000000000011'], + 'sn' => ['Plus Other MFA'], + 'givenName' => ['Has 1 Backupcode'], + 'mail' => ['has_1_backupcode_plus@example.com'], + 'employeeNumber' => ['00011'], + 'cn' => ['HAS_1_BACKUPCODE_PLUS'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '110', + 'type' => 'backupcode', + 'data' => [ + 'count' => 1, + ], + ], + [ + 'id' => '112', + 'type' => 'totp', + 'data' => '', ], - ], - [ - 'id' => '112', - 'type' => 'totp', - 'data' => '', ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has webauthn and totp - 'has_webauthn_totp:a' => [ - 'eduPersonPrincipalName' => ['has_webauthn_totp@mfaidp'], - 'eduPersonTargetID' => ['00000012-0012-0012-0012-000000000012'], - 'sn' => ['WebAuthn And TOTP'], - 'givenName' => ['Has'], - 'mail' => ['has_webauthn_totp@example.com'], - 'employeeNumber' => ['00012'], - 'cn' => ['HAS_WEBAUTHN_TOTP'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '120', - 'type' => 'totp', - 'data' => '', - ], - [ - 'id' => '121', - 'type' => 'webauthn', - 'data' => '', + // mfa test user who requires mfa and has webauthn and totp + 'has_webauthn_totp:a' => [ + 'eduPersonPrincipalName' => ['has_webauthn_totp@mfaidp'], + 'eduPersonTargetID' => ['00000012-0012-0012-0012-000000000012'], + 'sn' => ['WebAuthn And TOTP'], + 'givenName' => ['Has'], + 'mail' => ['has_webauthn_totp@example.com'], + 'employeeNumber' => ['00012'], + 'cn' => ['HAS_WEBAUTHN_TOTP'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '120', + 'type' => 'totp', + 'data' => '', + ], + [ + 'id' => '121', + 'type' => 'webauthn', + 'data' => '', + ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has webauthn, totp and a manager email - 'has_webauthn_totp_and_mgr:a' => [ - 'eduPersonPrincipalName' => ['has_webauthn_totp@mfaidp'], - 'eduPersonTargetID' => ['00000012-0012-0012-0012-000000000012'], - 'sn' => ['WebAuthn And TOTP'], - 'givenName' => ['Has'], - 'mail' => ['has_webauthn_totp@example.com'], - 'employeeNumber' => ['00012'], - 'cn' => ['HAS_WEBAUTHN_TOTP'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '120', - 'type' => 'totp', - 'data' => '', - ], - [ - 'id' => '121', - 'type' => 'webauthn', - 'data' => '', + // mfa test user who requires mfa and has webauthn, totp and a manager email + 'has_webauthn_totp_and_mgr:a' => [ + 'eduPersonPrincipalName' => ['has_webauthn_totp@mfaidp'], + 'eduPersonTargetID' => ['00000012-0012-0012-0012-000000000012'], + 'sn' => ['WebAuthn And TOTP'], + 'givenName' => ['Has'], + 'mail' => ['has_webauthn_totp@example.com'], + 'employeeNumber' => ['00012'], + 'cn' => ['HAS_WEBAUTHN_TOTP'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '120', + 'type' => 'totp', + 'data' => '', + ], + [ + 'id' => '121', + 'type' => 'webauthn', + 'data' => '', + ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], + 'manager_email' => ['manager@example.com'], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - 'manager_email' => ['manager@example.com'], - ], - // mfa test user who requires mfa and has webauthn and backup codes - 'has_webauthn_backupcodes:a' => [ - 'eduPersonPrincipalName' => ['has_webauthn_backupcodes@mfaidp'], - 'eduPersonTargetID' => ['00000013-0013-0013-0013-000000000013'], - 'sn' => ['WebAuthn And Backup Codes'], - 'givenName' => ['Has'], - 'mail' => ['has_webauthn_backupcodes@example.com'], - 'employeeNumber' => ['00013'], - 'cn' => ['HAS_WEBAUTHN_BACKUPCODES'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '130', - 'type' => 'backupcode', - 'data' => [ - 'count' => 10, + // mfa test user who requires mfa and has webauthn and backup codes + 'has_webauthn_backupcodes:a' => [ + 'eduPersonPrincipalName' => ['has_webauthn_backupcodes@mfaidp'], + 'eduPersonTargetID' => ['00000013-0013-0013-0013-000000000013'], + 'sn' => ['WebAuthn And Backup Codes'], + 'givenName' => ['Has'], + 'mail' => ['has_webauthn_backupcodes@example.com'], + 'employeeNumber' => ['00013'], + 'cn' => ['HAS_WEBAUTHN_BACKUPCODES'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '130', + 'type' => 'backupcode', + 'data' => [ + 'count' => 10, + ], + ], + [ + 'id' => '131', + 'type' => 'webauthn', + 'data' => '', ], - ], - [ - 'id' => '131', - 'type' => 'webauthn', - 'data' => '', ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has backup codes and a manager email - 'has_webauthn_backupcodes_and_mgr:a' => [ - 'eduPersonPrincipalName' => ['has_webauthn_backupcodes@mfaidp'], - 'eduPersonTargetID' => ['00000013-0013-0013-0013-000000000013'], - 'sn' => ['WebAuthn And Backup Codes'], - 'givenName' => ['Has'], - 'mail' => ['has_webauthn_backupcodes@example.com'], - 'employeeNumber' => ['00013'], - 'cn' => ['HAS_WEBAUTHN_BACKUPCODES'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '130', - 'type' => 'backupcode', - 'data' => [ - 'count' => 10, + // mfa test user who requires mfa and has backup codes and a manager email + 'has_webauthn_backupcodes_and_mgr:a' => [ + 'eduPersonPrincipalName' => ['has_webauthn_backupcodes@mfaidp'], + 'eduPersonTargetID' => ['00000013-0013-0013-0013-000000000013'], + 'sn' => ['WebAuthn And Backup Codes'], + 'givenName' => ['Has'], + 'mail' => ['has_webauthn_backupcodes@example.com'], + 'employeeNumber' => ['00013'], + 'cn' => ['HAS_WEBAUTHN_BACKUPCODES'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '130', + 'type' => 'backupcode', + 'data' => [ + 'count' => 10, + ], + ], + [ + 'id' => '131', + 'type' => 'webauthn', + 'data' => '', ], - ], - [ - 'id' => '131', - 'type' => 'webauthn', - 'data' => '', ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], + 'manager_email' => ['manager@example.com'], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - 'manager_email' => ['manager@example.com'], - ], - // mfa test user who requires mfa and has totp and backup codes - 'has_webauthn_totp_backupcodes:a' => [ - 'eduPersonPrincipalName' => ['has_webauthn_totp_backupcodes@mfaidp'], - 'eduPersonTargetID' => ['00000014-0014-0014-0014-000000000014'], - 'sn' => ['WebAuthn, TOTP, And Backup Codes'], - 'givenName' => ['Has'], - 'mail' => ['has_webauthn_totp_backupcodes@example.com'], - 'employeeNumber' => ['00014'], - 'cn' => ['HAS_WEBAUTHN_TOTP_BACKUPCODES'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '140', - 'type' => 'totp', - 'data' => '', - ], - [ - 'id' => '141', - 'type' => 'backupcode', - 'data' => [ - 'count' => 10, + // mfa test user who requires mfa and has totp and backup codes + 'has_webauthn_totp_backupcodes:a' => [ + 'eduPersonPrincipalName' => ['has_webauthn_totp_backupcodes@mfaidp'], + 'eduPersonTargetID' => ['00000014-0014-0014-0014-000000000014'], + 'sn' => ['WebAuthn, TOTP, And Backup Codes'], + 'givenName' => ['Has'], + 'mail' => ['has_webauthn_totp_backupcodes@example.com'], + 'employeeNumber' => ['00014'], + 'cn' => ['HAS_WEBAUTHN_TOTP_BACKUPCODES'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '140', + 'type' => 'totp', + 'data' => '', + ], + [ + 'id' => '141', + 'type' => 'backupcode', + 'data' => [ + 'count' => 10, + ], + ], + [ + 'id' => '142', + 'type' => 'webauthn', + 'data' => '', ], - ], - [ - 'id' => '142', - 'type' => 'webauthn', - 'data' => '', ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has backup codes, totp, and a manager email - 'has_webauthn_totp_backupcodes_and_mgr:a' => [ - 'eduPersonPrincipalName' => ['has_webauthn_totp_backupcodes@mfaidp'], - 'eduPersonTargetID' => ['00000014-0014-0014-0014-000000000014'], - 'sn' => ['WebAuthn, TOTP, And Backup Codes'], - 'givenName' => ['Has'], - 'mail' => ['has_webauthn_totp_backupcodes@example.com'], - 'employeeNumber' => ['00014'], - 'cn' => ['HAS_WEBAUTHN_TOTP_BACKUPCODES'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '140', - 'type' => 'totp', - 'data' => '', - ], - [ - 'id' => '141', - 'type' => 'backupcode', - 'data' => [ - 'count' => 10, + // mfa test user who requires mfa and has backup codes, totp, and a manager email + 'has_webauthn_totp_backupcodes_and_mgr:a' => [ + 'eduPersonPrincipalName' => ['has_webauthn_totp_backupcodes@mfaidp'], + 'eduPersonTargetID' => ['00000014-0014-0014-0014-000000000014'], + 'sn' => ['WebAuthn, TOTP, And Backup Codes'], + 'givenName' => ['Has'], + 'mail' => ['has_webauthn_totp_backupcodes@example.com'], + 'employeeNumber' => ['00014'], + 'cn' => ['HAS_WEBAUTHN_TOTP_BACKUPCODES'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '140', + 'type' => 'totp', + 'data' => '', + ], + [ + 'id' => '141', + 'type' => 'backupcode', + 'data' => [ + 'count' => 10, + ], + ], + [ + 'id' => '142', + 'type' => 'webauthn', + 'data' => '', ], - ], - [ - 'id' => '142', - 'type' => 'webauthn', - 'data' => '', ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], + 'manager_email' => ['manager@example.com'], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - 'manager_email' => ['manager@example.com'], - ], - // mfa test user who requires mfa and has manager code, webauthn, and a more-recently used totp - 'has_mgr_code_webauthn_and_more_recently_used_totp:a' => [ - 'eduPersonPrincipalName' => ['has_mgr_code_webauthn_and_more_recently_used_totp@mfaidp'], - 'eduPersonTargetID' => ['00000114-0014-0014-0014-000000000014'], - 'sn' => ['Manager Code, WebAuthn, More Recently Used TOTP'], - 'givenName' => ['Has'], - 'mail' => ['has_mgr_code_webauthn_and_more_recently_used_totp@example.com'], - 'employeeNumber' => ['00114'], - 'cn' => ['HAS_MGR_CODE_WEBAUTHN_AND_MORE_RECENTLY_USED_TOTP'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '1140', - 'type' => 'totp', - 'last_used_utc' => '2011-01-01T00:00:00Z', - 'data' => '', - ], - [ - 'id' => '1141', - 'type' => 'webauthn', - 'last_used_utc' => '2000-01-01T00:00:00Z', - 'data' => '', - ], - [ - 'id' => '1142', - 'type' => 'manager', - 'data' => '', + // mfa test user who requires mfa and has manager code, webauthn, and a more-recently used totp + 'has_mgr_code_webauthn_and_more_recently_used_totp:a' => [ + 'eduPersonPrincipalName' => ['has_mgr_code_webauthn_and_more_recently_used_totp@mfaidp'], + 'eduPersonTargetID' => ['00000114-0014-0014-0014-000000000014'], + 'sn' => ['Manager Code, WebAuthn, More Recently Used TOTP'], + 'givenName' => ['Has'], + 'mail' => ['has_mgr_code_webauthn_and_more_recently_used_totp@example.com'], + 'employeeNumber' => ['00114'], + 'cn' => ['HAS_MGR_CODE_WEBAUTHN_AND_MORE_RECENTLY_USED_TOTP'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '1140', + 'type' => 'totp', + 'last_used_utc' => '2011-01-01T00:00:00Z', + 'data' => '', + ], + [ + 'id' => '1141', + 'type' => 'webauthn', + 'last_used_utc' => '2000-01-01T00:00:00Z', + 'data' => '', + ], + [ + 'id' => '1142', + 'type' => 'manager', + 'data' => '', + ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], + 'manager_email' => ['manager@example.com'], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - 'manager_email' => ['manager@example.com'], - ], - // mfa test user who requires mfa and has webauthn and more recently used totp - 'has_webauthn_and_more_recently_used_totp:a' => [ - 'eduPersonPrincipalName' => ['has_webauthn_and_more_recently_used_totp@mfaidp'], - 'eduPersonTargetID' => ['00000214-0014-0014-0014-000000000014'], - 'sn' => ['WebAuthn And More Recently Used TOTP'], - 'givenName' => ['Has'], - 'mail' => ['has_webauthn_and_more_recently_used_totp@example.com'], - 'employeeNumber' => ['00214'], - 'cn' => ['HAS_WEBAUTHN_AND_MORE_RECENTLY_USED_TOTP'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '2140', - 'type' => 'totp', - 'last_used_utc' => '2011-01-01T00:00:00Z', - 'data' => '', - ], - [ - 'id' => '2141', - 'type' => 'webauthn', - 'last_used_utc' => '2000-01-01T00:00:00Z', - 'data' => '', + // mfa test user who requires mfa and has webauthn and more recently used totp + 'has_webauthn_and_more_recently_used_totp:a' => [ + 'eduPersonPrincipalName' => ['has_webauthn_and_more_recently_used_totp@mfaidp'], + 'eduPersonTargetID' => ['00000214-0014-0014-0014-000000000014'], + 'sn' => ['WebAuthn And More Recently Used TOTP'], + 'givenName' => ['Has'], + 'mail' => ['has_webauthn_and_more_recently_used_totp@example.com'], + 'employeeNumber' => ['00214'], + 'cn' => ['HAS_WEBAUTHN_AND_MORE_RECENTLY_USED_TOTP'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '2140', + 'type' => 'totp', + 'last_used_utc' => '2011-01-01T00:00:00Z', + 'data' => '', + ], + [ + 'id' => '2141', + 'type' => 'webauthn', + 'last_used_utc' => '2000-01-01T00:00:00Z', + 'data' => '', + ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has totp and more recently used webauthn - 'has_totp_and_more_recently_used_webauthn:a' => [ - 'eduPersonPrincipalName' => ['has_totp_and_more_recently_used_webauthn@mfaidp'], - 'eduPersonTargetID' => ['00000314-0014-0014-0014-000000000014'], - 'sn' => ['TOTP And More Recently Used Webauthn'], - 'givenName' => ['Has'], - 'mail' => ['has_totp_and_more_recently_used_webauthn@example.com'], - 'employeeNumber' => ['00314'], - 'cn' => ['HAS_TOTP_AND_MORE_RECENTLY_USED_WEBAUTHN'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '3140', - 'type' => 'totp', - 'last_used_utc' => '2000-01-01T00:00:00Z', - 'data' => '', - ], - [ - 'id' => '3141', - 'type' => 'webauthn', - 'last_used_utc' => '2011-01-01T00:00:00Z', - 'data' => '', + // mfa test user who requires mfa and has totp and more recently used webauthn + 'has_totp_and_more_recently_used_webauthn:a' => [ + 'eduPersonPrincipalName' => ['has_totp_and_more_recently_used_webauthn@mfaidp'], + 'eduPersonTargetID' => ['00000314-0014-0014-0014-000000000014'], + 'sn' => ['TOTP And More Recently Used Webauthn'], + 'givenName' => ['Has'], + 'mail' => ['has_totp_and_more_recently_used_webauthn@example.com'], + 'employeeNumber' => ['00314'], + 'cn' => ['HAS_TOTP_AND_MORE_RECENTLY_USED_WEBAUTHN'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '3140', + 'type' => 'totp', + 'last_used_utc' => '2000-01-01T00:00:00Z', + 'data' => '', + ], + [ + 'id' => '3141', + 'type' => 'webauthn', + 'last_used_utc' => '2011-01-01T00:00:00Z', + 'data' => '', + ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has totp and more recently-used backup code - 'has_totp_and_more_recently_used_backup_code:a' => [ - 'eduPersonPrincipalName' => ['has_totp_and_more_recently_used_backup_code@mfaidp'], - 'eduPersonTargetID' => ['00000414-0014-0014-0014-000000000014'], - 'sn' => ['TOTP And More Recently Used Backup Code'], - 'givenName' => ['Has'], - 'mail' => ['has_totp_and_more_recently_used_backup_code@example.com'], - 'employeeNumber' => ['00414'], - 'cn' => ['HAS_TOTP_AND_MORE_RECENTLY_USED_BACKUP_CODE'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '4140', - 'type' => 'totp', - 'last_used_utc' => '2000-01-01T00:00:00Z', - 'data' => '', - ], - [ - 'id' => '4141', - 'type' => 'backupcode', - 'last_used_utc' => '2011-01-01T00:00:00Z', - 'data' => [ - 'count' => 10, + // mfa test user who requires mfa and has totp and more recently-used backup code + 'has_totp_and_more_recently_used_backup_code:a' => [ + 'eduPersonPrincipalName' => ['has_totp_and_more_recently_used_backup_code@mfaidp'], + 'eduPersonTargetID' => ['00000414-0014-0014-0014-000000000014'], + 'sn' => ['TOTP And More Recently Used Backup Code'], + 'givenName' => ['Has'], + 'mail' => ['has_totp_and_more_recently_used_backup_code@example.com'], + 'employeeNumber' => ['00414'], + 'cn' => ['HAS_TOTP_AND_MORE_RECENTLY_USED_BACKUP_CODE'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '4140', + 'type' => 'totp', + 'last_used_utc' => '2000-01-01T00:00:00Z', + 'data' => '', + ], + [ + 'id' => '4141', + 'type' => 'backupcode', + 'last_used_utc' => '2011-01-01T00:00:00Z', + 'data' => [ + 'count' => 10, + ], ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has backup code and a more recently used totp - 'has_backup_code_and_more_recently_used_totp:a' => [ - 'eduPersonPrincipalName' => ['has_backup_code_and_more_recently_used_totp@mfaidp'], - 'eduPersonTargetID' => ['00000514-0014-0014-0014-000000000014'], - 'sn' => ['Backup Code And More Recently Used TOTP'], - 'givenName' => ['Has'], - 'mail' => ['has_backup_code_and_more_recently_used_totp@example.com'], - 'employeeNumber' => ['00514'], - 'cn' => ['HAS_BACKUP_CODE_AND_MORE_RECENTLY_USED_TOTP'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '5140', - 'type' => 'backupcode', - 'last_used_utc' => '2000-01-01T00:00:00Z', - 'data' => [ - 'count' => 10, + // mfa test user who requires mfa and has backup code and a more recently used totp + 'has_backup_code_and_more_recently_used_totp:a' => [ + 'eduPersonPrincipalName' => ['has_backup_code_and_more_recently_used_totp@mfaidp'], + 'eduPersonTargetID' => ['00000514-0014-0014-0014-000000000014'], + 'sn' => ['Backup Code And More Recently Used TOTP'], + 'givenName' => ['Has'], + 'mail' => ['has_backup_code_and_more_recently_used_totp@example.com'], + 'employeeNumber' => ['00514'], + 'cn' => ['HAS_BACKUP_CODE_AND_MORE_RECENTLY_USED_TOTP'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '5140', + 'type' => 'backupcode', + 'last_used_utc' => '2000-01-01T00:00:00Z', + 'data' => [ + 'count' => 10, + ], + ], + [ + 'id' => '5141', + 'type' => 'totp', + 'last_used_utc' => '2011-01-01T00:00:00Z', + 'data' => '', ], - ], - [ - 'id' => '5141', - 'type' => 'totp', - 'last_used_utc' => '2011-01-01T00:00:00Z', - 'data' => '', ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has totp and backup codes - 'has_totp_backupcodes:a' => [ - 'eduPersonPrincipalName' => ['has_totp_backupcodes@mfaidp'], - 'eduPersonTargetID' => ['00000015-0015-0015-0015-000000000015'], - 'sn' => ['TOTP And Backup Codes'], - 'givenName' => ['Has'], - 'mail' => ['has_totp_backupcodes@example.com'], - 'employeeNumber' => ['00015'], - 'cn' => ['HAS_TOTP_BACKUPCODES'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '150', - 'type' => 'totp', - 'data' => '', - ], - [ - 'id' => '151', - 'type' => 'backupcode', - 'data' => [ - 'count' => 10, + // mfa test user who requires mfa and has totp and backup codes + 'has_totp_backupcodes:a' => [ + 'eduPersonPrincipalName' => ['has_totp_backupcodes@mfaidp'], + 'eduPersonTargetID' => ['00000015-0015-0015-0015-000000000015'], + 'sn' => ['TOTP And Backup Codes'], + 'givenName' => ['Has'], + 'mail' => ['has_totp_backupcodes@example.com'], + 'employeeNumber' => ['00015'], + 'cn' => ['HAS_TOTP_BACKUPCODES'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '150', + 'type' => 'totp', + 'data' => '', + ], + [ + 'id' => '151', + 'type' => 'backupcode', + 'data' => [ + 'count' => 10, + ], ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - ], - // mfa test user who requires mfa and has totp, backup codes, and manager email - 'has_totp_backupcodes_and_mgr:a' => [ - 'eduPersonPrincipalName' => ['has_totp_backupcodes@mfaidp'], - 'eduPersonTargetID' => ['00000015-0015-0015-0015-000000000015'], - 'sn' => ['TOTP And Backup Codes'], - 'givenName' => ['Has'], - 'mail' => ['has_totp_backupcodes@example.com'], - 'employeeNumber' => ['00015'], - 'cn' => ['HAS_TOTP_BACKUPCODES'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '150', - 'type' => 'totp', - 'data' => '', - ], - [ - 'id' => '151', - 'type' => 'backupcode', - 'data' => [ - 'count' => 10, + // mfa test user who requires mfa and has totp, backup codes, and manager email + 'has_totp_backupcodes_and_mgr:a' => [ + 'eduPersonPrincipalName' => ['has_totp_backupcodes@mfaidp'], + 'eduPersonTargetID' => ['00000015-0015-0015-0015-000000000015'], + 'sn' => ['TOTP And Backup Codes'], + 'givenName' => ['Has'], + 'mail' => ['has_totp_backupcodes@example.com'], + 'employeeNumber' => ['00015'], + 'cn' => ['HAS_TOTP_BACKUPCODES'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '150', + 'type' => 'totp', + 'data' => '', + ], + [ + 'id' => '151', + 'type' => 'backupcode', + 'data' => [ + 'count' => 10, + ], ], ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], + 'manager_email' => ['manager@example.com'], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - 'manager_email' => ['manager@example.com'], - ], - // mfa test user who requires mfa and has backup codes and manager code - 'has_mgr_code:a' => [ - 'eduPersonPrincipalName' => ['has_mgr_code@mfaidp'], - 'eduPersonTargetID' => ['00000015-0015-0015-0015-000000000015'], - 'sn' => ['Manager Code'], - 'givenName' => ['Has'], - 'mail' => ['has_mgr_code@example.com'], - 'employeeNumber' => ['00015'], - 'cn' => ['HAS_MGR_CODE'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'profile_review' => 'no', - 'mfa' => [ - 'prompt' => 'yes', - 'add' => 'no', - 'options' => [ - [ - 'id' => '151', - 'type' => 'backupcode', - 'data' => [ - 'count' => 10, + // mfa test user who requires mfa and has backup codes and manager code + 'has_mgr_code:a' => [ + 'eduPersonPrincipalName' => ['has_mgr_code@mfaidp'], + 'eduPersonTargetID' => ['00000015-0015-0015-0015-000000000015'], + 'sn' => ['Manager Code'], + 'givenName' => ['Has'], + 'mail' => ['has_mgr_code@example.com'], + 'employeeNumber' => ['00015'], + 'cn' => ['HAS_MGR_CODE'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'profile_review' => 'no', + 'mfa' => [ + 'prompt' => 'yes', + 'add' => 'no', + 'options' => [ + [ + 'id' => '151', + 'type' => 'backupcode', + 'data' => [ + 'count' => 10, + ], + ], + [ + 'id' => '152', + 'type' => 'manager', + 'data' => '', ], - ], - [ - 'id' => '152', - 'type' => 'manager', - 'data' => '', ], ], + 'method' => [ + 'add' => 'no', + 'options' => [], + ], + 'manager_email' => ['manager@example.com'], ], - 'method' => [ - 'add' => 'no', - 'options' => [], - ], - 'manager_email' => ['manager@example.com'], - ], - // sildisco test user - 'sildisco_idp1:sildisco_password' => [ - 'eduPersonPrincipalName' => ['sildisco@idp1'], - 'eduPersonTargetID' => ['57de1930-c5d2-4f6f-9318-d85a939c45d8'], - 'sn' => ['IDP1'], - 'givenName' => ['SilDisco'], - 'mail' => ['sildisco_idp1@example.com'], - 'employeeNumber' => ['50001'], - 'cn' => ['SILDISCO_IDP1'], - 'schacExpiryDate' => [ - gmdate('YmdHis\Z', strtotime('+6 months')), - ], - 'mfa' => [ - 'prompt' => 'no', - 'add' => 'no', - 'options' => [], - ], - 'method' => [ - 'add' => 'no', + // sildisco test user + 'sildisco_idp1:sildisco_password' => [ + 'eduPersonPrincipalName' => ['sildisco@idp1'], + 'eduPersonTargetID' => ['57de1930-c5d2-4f6f-9318-d85a939c45d8'], + 'sn' => ['IDP1'], + 'givenName' => ['SilDisco'], + 'mail' => ['sildisco_idp1@example.com'], + 'employeeNumber' => ['50001'], + 'cn' => ['SILDISCO_IDP1'], + 'schacExpiryDate' => [ + gmdate('YmdHis\Z', strtotime('+6 months')), + ], + 'mfa' => [ + 'prompt' => 'no', + 'add' => 'no', + 'options' => [], + ], + 'method' => [ + 'add' => 'no', + ], + 'profile_review' => 'no' ], - 'profile_review' => 'no' - ], - ], + ], + ] ]; diff --git a/dockerbuild/config/config.php b/dockerbuild/config/config.php index 05cc948..db551f8 100644 --- a/dockerbuild/config/config.php +++ b/dockerbuild/config/config.php @@ -71,7 +71,7 @@ $PASSWORD_CHANGE_URL = Env::get('PASSWORD_CHANGE_URL'); $PASSWORD_FORGOT_URL = Env::get('PASSWORD_FORGOT_URL'); $HELP_CENTER_URL = Env::get('HELP_CENTER_URL'); -$TRUSTED_URL_DOMAINS = Env::getArray('TRUSTED_URL_DOMAINS', []); +$TRUSTED_URL_DOMAINS = Env::getArray('TRUSTED_URL_DOMAINS', null); $config = [ diff --git a/dockerbuild/ssp-overrides/announcement.php b/dockerbuild/ssp-overrides/announcement.php deleted file mode 100644 index 26bd18a..0000000 --- a/dockerbuild/ssp-overrides/announcement.php +++ /dev/null @@ -1,13 +0,0 @@ - "2017-12-20 01:02:03", // "Y-m-d H:i:s", - * 'end_datetime' => "2017-12-24 01:02:03", // "Y-m-d H:i:s", - * 'announcement_text' => '

Notice:

Christmas is almost here!
', - * ]; - */ - -return null; diff --git a/dockerbuild/ssp-overrides/id.php b/dockerbuild/ssp-overrides/id.php deleted file mode 100644 index 5bba913..0000000 --- a/dockerbuild/ssp-overrides/id.php +++ /dev/null @@ -1,3 +0,0 @@ -iProvideCredentialsThatNeedMfaAndHaveUfAvailable(); } - /** - * @Given the user's browser supports WebAuthn - */ - public function theUsersBrowserSupportsUf() - { - $userAgentWithWebAuthn = self::USER_AGENT_WITH_WEBAUTHN_SUPPORT; - Assert::assertTrue( - LoginBrowser::supportsWebAuthn($userAgentWithWebAuthn), - 'Update USER_AGENT_WITH_WEBAUTHN_SUPPORT to a User Agent with WebAuthn support' - ); - -// $this->driver->getClient()->setServerParameter('HTTP_USER_AGENT', $userAgentWithWebAuthn); - } - /** * @Given I provide credentials that have WebAuthn, TOTP */ @@ -567,38 +548,6 @@ public function IHaveMoreRecentlyUsedBackupCode() $this->password = 'a'; } - /** - * @Given the user's browser does not support WebAuthn - */ - public function theUsersBrowserDoesNotSupportUf() - { - $userAgentWithoutWebAuthn = self::USER_AGENT_WITHOUT_WEBAUTHN_SUPPORT; - Assert::assertFalse( - LoginBrowser::supportsWebAuthn($userAgentWithoutWebAuthn), - 'Update USER_AGENT_WITHOUT_WEBAUTHN_SUPPORT to a User Agent without WebAuthn support' - ); - -// $this->driver->getClient()->setServerParameter('HTTP_USER_AGENT', $userAgentWithoutWebAuthn); - } - - /** - * @Then I should not see an error message about WebAuthn being unsupported - */ - public function iShouldNotSeeAnErrorMessageAboutUfBeingUnsupported() - { - $page = $this->session->getPage(); - Assert::assertNotContains('USB Security Keys are not supported', $page->getContent()); - } - - /** - * @Then I should see an error message about WebAuthn being unsupported - */ - public function iShouldSeeAnErrorMessageAboutUfBeingUnsupported() - { - $page = $this->session->getPage(); - Assert::assertContains('USB Security Keys are not supported', $page->getContent()); - } - /** * @Given the user has a manager email */ diff --git a/features/material.feature b/features/material.feature index 3cd3d5a..37cbbcb 100644 --- a/features/material.feature +++ b/features/material.feature @@ -1,8 +1,7 @@ Feature: Material theme Scenario: Hub (disco) page - When I go to the Hub's discovery page - And I log in as a hub administrator + When I go to the SP1 login page Then I should see our material theme Scenario: Error page @@ -11,15 +10,6 @@ Feature: Material theme Then I should see an "Error" page And I should see our material theme - # TODO: if this is really used, fix it. If not, delete the test, the template, and the translation file. - # (The reason this fails is because there is no "Logout" button on the new admin interface) -# Scenario: Logout page -# When I go to the Hub's home page -# And I log in as a hub administrator -# And I click on "Logout" -# Then I should see a "Logged out" page -# And I should see our material theme - Scenario: Login page When I go to the SP1 login page And I click on the "IDP 2" tile diff --git a/features/mfa.feature b/features/mfa.feature index 4486f38..3334d48 100644 --- a/features/mfa.feature +++ b/features/mfa.feature @@ -35,7 +35,6 @@ Feature: Prompt for MFA credentials Scenario: Needs MFA, has WebAuthn option available Given I provide credentials that need MFA and have WebAuthn available - And the user's browser supports WebAuthn When I log in Then I should see a prompt for a WebAuthn security key @@ -126,65 +125,24 @@ Feature: Prompt for MFA credentials When I click the remind-me-later button Then I should end up at my intended destination - Scenario Outline: Defaulting to another option when WebAuthn is not supported - Given I provide credentials that have - And the user's browser - When I log in - Then I should see a prompt for a - - Examples: - | WebAuthn? | TOTP? | backup codes? | supports WebAuthn or not | default MFA type | - | WebAuthn | | | supports WebAuthn | WebAuthn | - | WebAuthn | , TOTP | | supports WebAuthn | WebAuthn | - | WebAuthn | | , backup codes | supports WebAuthn | WebAuthn | - | WebAuthn | , TOTP | , backup codes | supports WebAuthn | WebAuthn | - | | TOTP | | supports WebAuthn | TOTP | - | | TOTP | , backup codes | supports WebAuthn | TOTP | - | | | backup codes | supports WebAuthn | backup code | -# The following cases are disabled due to lack of test support for changing web client user agent -# | WebAuthn | | | does not support WebAuthn | WebAuthn | -# | WebAuthn | , TOTP | | does not support WebAuthn | TOTP | -# | WebAuthn | | , backup codes | does not support WebAuthn | backup code | -# | WebAuthn | , TOTP | , backup codes | does not support WebAuthn | TOTP | -# | | TOTP | | does not support WebAuthn | TOTP | -# | | TOTP | , backup codes | does not support WebAuthn | TOTP | -# | | | backup codes | does not support WebAuthn | backup code | - - Scenario Outline: Defaulting to the most recently used mfa option Given I provide credentials that have a used And and I have a more recently used - And the user's browser When I log in Then I should see a prompt for a Examples: - | MFA type | recent MFA type | supports WebAuthn or not | default MFA type | - | WebAuthn | TOTP | supports WebAuthn | TOTP | - | TOTP | WebAuthn | supports WebAuthn | WebAuthn | - | TOTP | backup code | supports WebAuthn | backup code | - | backup code | TOTP | supports WebAuthn | TOTP | -# The following case is disabled due to lack of test support for changing web client user agent -# | TOTP | WebAuthn | does not support WebAuthn | TOTP | + | MFA type | recent MFA type | default MFA type | + | WebAuthn | TOTP | TOTP | + | TOTP | WebAuthn | WebAuthn | + | TOTP | backup code | backup code | + | backup code | TOTP | TOTP | Scenario: Defaulting to the manager code despite having a used mfa Given I provide credentials that have a manager code, a WebAuthn and a more recently used TOTP - And the user's browser supports WebAuthn When I log in Then I should see a prompt for a manager rescue code - Scenario Outline: When to show the WebAuthn-not-supported error message - Given I provide credentials that have WebAuthn - And the user's browser - When I log in - Then I see an error message about WebAuthn being unsupported - - Examples: - | supports WebAuthn or not | should or not | - | supports WebAuthn | should not | -# The following case is disabled due to lack of test support for changing web client user agent -# | does not support WebAuthn | should | - Scenario Outline: When to show the link to send a manager rescue code Given I provide credentials that have And the user a manager email diff --git a/modules/material/locales/en/LC_MESSAGES/material.po b/modules/material/locales/en/LC_MESSAGES/material.po index 465a43e..ff452ef 100644 --- a/modules/material/locales/en/LC_MESSAGES/material.po +++ b/modules/material/locales/en/LC_MESSAGES/material.po @@ -137,9 +137,6 @@ msgstr "USB key icon" msgid "{mfa:webauthn_instructions}" msgstr "You may now insert your security key and press its button." -msgid "{mfa:webauthn_unsupported}" -msgstr "Unsupported in your current browser. Please consider a more secure browser like Google Chrome." - msgid "{mfa:webauthn_error_unknown}" msgstr "Something went wrong with that request, unable to verify at this time." diff --git a/modules/material/locales/es/LC_MESSAGES/material.po b/modules/material/locales/es/LC_MESSAGES/material.po index 2c8fcbb..2b636e8 100644 --- a/modules/material/locales/es/LC_MESSAGES/material.po +++ b/modules/material/locales/es/LC_MESSAGES/material.po @@ -137,9 +137,6 @@ msgstr "Icono de la llave USB" msgid "{mfa:webauthn_instructions}" msgstr "Ahora puede insertar su clave de seguridad y presionar su botón." -msgid "{mfa:webauthn_unsupported}" -msgstr "No compatible en su navegador actual. Considere un navegador más seguro como Google Chrome." - msgid "{mfa:webauthn_error_unknown}" msgstr "Algo salió mal con esa solicitud, no se pudo verificar en este momento." diff --git a/modules/material/locales/fr/LC_MESSAGES/material.po b/modules/material/locales/fr/LC_MESSAGES/material.po index 579721c..3bc51ad 100644 --- a/modules/material/locales/fr/LC_MESSAGES/material.po +++ b/modules/material/locales/fr/LC_MESSAGES/material.po @@ -137,9 +137,6 @@ msgstr "Icône de clé USB" msgid "{mfa:webauthn_instructions}" msgstr "Vous pouvez maintenant insérer votre clé de sécurité et appuyer sur le bouton." -msgid "{mfa:webauthn_unsupported}" -msgstr "Non compatible avec votre navigateur actuel. Veuillez considérer un navigateur plus sûr comme Google Chrome." - msgid "{mfa:webauthn_error_unknown}" msgstr "Quelque chose s'est mal passé avec cette demande, impossible de vérifier pour le moment." diff --git a/modules/material/locales/ko/LC_MESSAGES/material.po b/modules/material/locales/ko/LC_MESSAGES/material.po index 7cb18c0..2cf6125 100644 --- a/modules/material/locales/ko/LC_MESSAGES/material.po +++ b/modules/material/locales/ko/LC_MESSAGES/material.po @@ -137,9 +137,6 @@ msgstr "USB 키 아이콘" msgid "{mfa:webauthn_instructions}" msgstr "이제 보안 키를 삽입하고 단추를 누를 수 있습니다." -msgid "{mfa:webauthn_unsupported}" -msgstr "현재 브라우저에서 지원되지 않습니다. Chrome과 같은 보다 안전한 브라우저를 고려하십시오." - msgid "{mfa:webauthn_error_unknown}" msgstr "요청에 문제가 발생하여 지금은 확인할 수 없습니다." diff --git a/modules/material/themes/material/default/logout.php b/modules/material/themes/material/default/logout.php deleted file mode 100644 index c1d81d3..0000000 --- a/modules/material/themes/material/default/logout.php +++ /dev/null @@ -1,27 +0,0 @@ - - - - <?= $this->t('{material:logout:title}') ?> - - - - -
-
-
- - t('{material:logout:header}') ?> - -
-
- -
-

- t('{material:logout:message}') ?> -

-
- - -
- - diff --git a/modules/material/themes/material/default/selectidp-links.twig b/modules/material/themes/material/default/selectidp-links.twig index 9a15823..3679b3f 100644 --- a/modules/material/themes/material/default/selectidp-links.twig +++ b/modules/material/themes/material/default/selectidp-links.twig @@ -55,7 +55,7 @@ - {% for idp in enabled_idps %} + {% for idp in idp_list %}
{% endfor %} - {% for idp in disabled_idps %} -
-
-
-
- -
- - {{ idp.logoCaption|e|default('
') }} - -
-
-
- {% endfor %} - - {{ include('footer.twig') }}