Merge pull request #139 from OpenConext/feature/gssp-add-through-conf…

…iguration

Feature/gssp add through configuration

app/Resources/translations/validators.en_GB.xliff

@@ -1,11 +1,15 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2016-11-03T10:43:41Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
+  <file date="2017-06-15T15:47:57Z" source-language="en" target-language="en_GB" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
     </header>
     <body>
+      <trans-unit id="9fe9614ee06100ffa9474b193d1aec7a4c1d1334" resname="middleware_client.dto.configuration.allowed_second_factors.must_be_array">
+        <source>middleware_client.dto.configuration.allowed_second_factors.must_be_array</source>
+        <target state="new">middleware_client.dto.configuration.allowed_second_factors.must_be_array</target>
+      </trans-unit>
       <trans-unit id="e921db3beb8170142aa4dcd8c364595343b6fc64" resname="middleware_client.dto.configuration.show_raa_contact_information.must_be_boolean">
         <source>middleware_client.dto.configuration.show_raa_contact_information.must_be_boolean</source>
         <target>Show RAA Contact Information option must be boolean.</target>

app/Resources/translations/validators.nl_NL.xliff

@@ -1,11 +1,15 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2016-11-03T10:45:46Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
+  <file date="2017-06-15T15:47:50Z" source-language="en" target-language="nl_NL" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>
     </header>
     <body>
+      <trans-unit id="9fe9614ee06100ffa9474b193d1aec7a4c1d1334" resname="middleware_client.dto.configuration.allowed_second_factors.must_be_array">
+        <source>middleware_client.dto.configuration.allowed_second_factors.must_be_array</source>
+        <target state="new">middleware_client.dto.configuration.allowed_second_factors.must_be_array</target>
+      </trans-unit>
       <trans-unit id="e921db3beb8170142aa4dcd8c364595343b6fc64" resname="middleware_client.dto.configuration.show_raa_contact_information.must_be_boolean">
         <source>middleware_client.dto.configuration.show_raa_contact_information.must_be_boolean</source>
         <target>Show RAA Contact Information option must be boolean.</target>

app/config/config.yml

@@ -76,6 +76,7 @@ services:
 surfnet_stepup_ra_ra:
     required_loa: %loa_required_for_login%
     enabled_second_factors: %enabled_second_factors%
+    enabled_generic_second_factors: %enabled_generic_second_factors%
     session_lifetimes:
         max_absolute_lifetime: "%session_max_absolute_lifetime%"
         max_relative_lifetime: "%session_max_relative_lifetime%"

app/config/parameters.yml.dist

@@ -39,6 +39,11 @@ parameters:
     enabled_second_factors:
         - sms
         - yubikey
+    enabled_generic_second_factors:
+            biometric:
+                loa: 3
+            tiqr:
+                loa: 3
     graylog_hostname: 'g2-dev.stepup.coin.surf.net'
     asset_version: 1
 

app/config/samlstepupproviders.yml

@@ -18,6 +18,11 @@ surfnet_stepup_ra_saml_stepup_provider:
                 entity_id: %gssp_tiqr_remote_entity_id%
                 sso_url: %gssp_tiqr_remote_sso_url%
                 certificate: %gssp_tiqr_remote_certificate%
+            view_config:
+                page_title: %gssp_tiqr_page_title%
+                explanation: %gssp_tiqr_explanation%
+                initiate: %gssp_tiqr_initiate%
+                gssf_id_mismatch: %gssp_tiqr_gssf_id_mismatch%
         biometric:
             hosted:
                 service_provider:
@@ -30,3 +35,8 @@ surfnet_stepup_ra_saml_stepup_provider:
                 entity_id: %gssp_biometric_remote_entity_id%
                 sso_url: %gssp_biometric_remote_sso_url%
                 certificate: %gssp_biometric_remote_certificate%
+            view_config:
+                page_title: %gssp_biometric_page_title%
+                explanation: %gssp_biometric_explanation%
+                initiate: %gssp_biometric_initiate%
+                gssf_id_mismatch: %gssp_biometric_gssf_id_mismatch%

app/config/samlstepupproviders_parameters.yml.dist

@@ -6,10 +6,34 @@ parameters:
     gssp_tiqr_remote_entity_id: 'https://actual-gssp.entity-id.tld'
     gssp_tiqr_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url'
     gssp_tiqr_remote_certificate: 'The contents of the certificate published by the gssp'
+    gssp_tiqr_page_title:
+        en_GB: 'EN ra.vetting.gssf.initiate.tiqr.title.page'
+        nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.title.page'
+    gssp_tiqr_explanation: 
+        en_GB: 'EN ra.vetting.gssf.initiate.tiqr.text.explanation'
+        nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.text.explanation'
+    gssp_tiqr_initiate:
+        en_GB: 'EN ra.vetting.gssf.initiate.tiqr.button.initiate'
+        nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.button.initiate'
+    gssp_tiqr_gssf_id_mismatch: 
+        en_GB: 'EN ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch'
+        nl_NL: 'NL ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch'
     gssp_biometric_sp_publickey: '/full/path/to/the/gateway-as-sp/public-key-file.cer'
     gssp_biometric_sp_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem'
     gssp_biometric_metadata_publickey: '/full/path/to/the/gateway-metadata/public-key-file.cer'
     gssp_biometric_metadata_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem'
     gssp_biometric_remote_entity_id: 'https://actual-gssp.entity-id.tld'
     gssp_biometric_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url'
     gssp_biometric_remote_certificate: 'The contents of the certificate published by the gssp'
+    gssp_biometric_page_title:
+        en_GB: 'EN ra.vetting.gssf.initiate.biometric.title.page'
+        nl_NL: 'NL ra.vetting.gssf.initiate.biometric.title.page'
+    gssp_biometric_explanation:
+        en_GB: 'EN ra.vetting.gssf.initiate.biometric.text.explanation'
+        nl_NL: 'NL ra.vetting.gssf.initiate.biometric.text.explanation'
+    gssp_biometric_initiate:
+        en_GB: 'EN ra.vetting.gssf.initiate.biometric.button.initiate'
+        nl_NL: 'NL ra.vetting.gssf.initiate.biometric.button.initiate'
+    gssp_biometric_gssf_id_mismatch:
+        en_GB: 'EN ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch'
+        nl_NL: 'NL ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch'

composer.json

@@ -25,7 +25,7 @@
         "jms/di-extra-bundle": "~1.4.0",
         "surfnet/stepup-middleware-client-bundle": "^2.0",
         "surfnet/stepup-saml-bundle": "^2.5",
-        "surfnet/stepup-bundle": "^1.7",
+        "surfnet/stepup-bundle": "^2.0",
         "surfnet/stepup-u2f-bundle": "dev-develop",
         "guzzlehttp/guzzle": "^6",
         "knplabs/knp-paginator-bundle": "~2.4",

src/Surfnet/StepupRa/RaBundle/Controller/Vetting/GssfController.php

@@ -25,6 +25,7 @@
 use Surfnet\SamlBundle\SAML2\Response\Assertion\InResponseTo;
 use Surfnet\StepupRa\RaBundle\Exception\RuntimeException;
 use Surfnet\StepupRa\RaBundle\Service\VettingService;
+use Surfnet\StepupRa\SamlStepupProviderBundle\Provider\ViewConfig;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
@@ -253,11 +254,28 @@ private function getVettingService()
      */
     private function renderInitiateForm($procedureId, $provider, array $parameters = [])
     {
-        $form = $this->createForm('ra_initiate_gssf', null, ['procedureId' => $procedureId, 'provider' => $provider]);
+        /** @var ViewConfig $secondFactorConfig */
+        $secondFactorConfig = $this->get("gssp.view_config.{$provider}");
+
+        $form = $this->createForm(
+            'ra_initiate_gssf',
+            null,
+            [
+                'procedureId' => $procedureId,
+                'provider' => $provider,
+                /** @Ignore from translation message extraction */
+                'label' => $secondFactorConfig->getInitiate()
+            ]
+        );
 
         $templateParameters = array_merge(
             $parameters,
-            ['form' => $form->createView(), 'procedureId' => $procedureId, 'provider' => $provider]
+            [
+                'form' => $form->createView(),
+                'procedureId' => $procedureId,
+                'provider' => $provider,
+                'secondFactorConfig' => $secondFactorConfig
+            ]
         );
 
         return $this->render('SurfnetStepupRaRaBundle:Vetting/Gssf:initiate.html.twig', $templateParameters);

src/Surfnet/StepupRa/RaBundle/DependencyInjection/Configuration.php

@@ -18,9 +18,6 @@
 
 namespace Surfnet\StepupRa\RaBundle\DependencyInjection;
 
-use Surfnet\StepupBundle\Exception\DomainException;
-use Surfnet\StepupBundle\Exception\InvalidArgumentException;
-use Surfnet\StepupBundle\Value\SecondFactorType;
 use Symfony\Component\Config\Definition\Builder\NodeBuilder;
 use Symfony\Component\Config\Definition\Builder\TreeBuilder;
 use Symfony\Component\Config\Definition\ConfigurationInterface;
@@ -68,25 +65,17 @@ private function appendSecondFactorTypesConfiguration(NodeBuilder $childNodes)
             ->arrayNode('enabled_second_factors')
                 ->isRequired()
                 ->prototype('scalar')
-                    ->validate()
-                        ->ifTrue(
-                            function ($type) {
-                                try {
-                                    new SecondFactorType($type);
-                                } catch (InvalidArgumentException $e) {
-                                    return true;
-                                } catch (DomainException $e) {
-                                    return true;
-                                }
-                            }
-                        )
-                        ->thenInvalid(
-                            'Enabled second factor type "%s" is not one of the valid types. See SecondFactorType'
-                        )
-                    ->end()
+            ->end();
+        $childNodes
+            ->arrayNode('enabled_generic_second_factors')
+                ->isRequired()
+                ->prototype('array')
+                ->children()
+                    ->scalarNode('loa')
+                    ->isRequired()
+                    ->info('The lao level of the Gssf')
                 ->end()
-            ->end()
-        ->end();
+            ->end();
     }
 
     /**

src/Surfnet/StepupRa/RaBundle/DependencyInjection/SurfnetStepupRaRaExtension.php

@@ -40,7 +40,11 @@ public function load(array $configs, ContainerBuilder $container)
         // inject the required loa as parameter into the service container
         $container->setParameter('surfnet_stepup_ra.security.required_loa', $config['required_loa']);
 
-        $container->setParameter('surfnet_stepup_ra.enabled_second_factors', $config['enabled_second_factors']);
+        $gssfSecondFactors = array_keys($config['enabled_generic_second_factors']);
+        $container->setParameter(
+            'surfnet_stepup_ra.enabled_second_factors',
+            array_merge($config['enabled_second_factors'], $gssfSecondFactors)
+        );
 
         $container->setParameter(
             'ra.security.authentication.session.maximum_absolute_lifetime_in_seconds',

src/Surfnet/StepupRa/RaBundle/Form/Type/InitiateGssfType.php

@@ -45,7 +45,8 @@ public function buildForm(FormBuilderInterface $builder, array $options)
         $builder
             ->add('submit', 'submit', [
                 'attr'  => ['class' => 'btn btn-primary'],
-                'label' => /** @Ignore */ 'ra.vetting.gssf.initiate.' . $options['provider'] . '.button.initiate'
+                /** @Ignore */
+                'label' => $options['label']
             ])
             ->setAction($action);
     }

src/Surfnet/StepupRa/RaBundle/Resources/config/services.yml

@@ -100,6 +100,7 @@ services:
             - "@ra.repository.vetting_procedure"
             - "@translator"
             - "@ra.service.identity"
+            - "@surfnet_stepup.service.second_factor_type"
 
     ra.service.yubikey:
         public: false
@@ -185,6 +186,7 @@ services:
             - "@surfnet_stepup_middleware_client.identity.service.ra_candidate"
             - "@ra.service.command"
             - "@logger"
+            - "@surfnet_stepup.service.second_factor_type"
 
     ra.service.ra_location:
         class: Surfnet\StepupRa\RaBundle\Service\RaLocationService

src/Surfnet/StepupRa/RaBundle/Resources/views/Vetting/Gssf/initiate.html.twig

@@ -1,6 +1,6 @@
 {% extends "::base.html.twig" %}
 
-{% block page_title %}{{ ('ra.vetting.gssf.initiate.' ~ provider ~ '.title.page')|trans }}{% endblock %}
+{% block page_title %}{{ secondFactorConfig.getPageTitle() }}{% endblock %}
 
 {% block page_header %}
     {{ parent() }}
@@ -11,12 +11,12 @@
 {% block content %}
     <h2>{{ block('page_title') }}</h2>
 
-    <p>{{ ('ra.vetting.gssf.initiate.' ~ provider ~ '.text.explanation')|trans }}</p>
+    <p>{{ secondFactorConfig.getExplanation() }}</p>
 
     <hr>
 
     {% if gssfIdMismatch is defined %}
-        <div class="alert alert-danger">{{ ('ra.vetting.gssf.initiate.' ~ provider ~ '.error.gssf_id_mismatch')|trans }}</div>
+        <div class="alert alert-danger">{{ secondFactorConfig.getGssfIdMismatch() }}</div>
     {% endif %}
     {{ form(form) }}
 

src/Surfnet/StepupRa/RaBundle/Resources/views/translations.html.twig

@@ -36,16 +36,6 @@
 {{ 'ra.second_factor.search.status.vetted'|trans }}
 {{ 'ra.second_factor.search.status.revoked'|trans }}
 
-{# GssfController #}
-{{ ('ra.vetting.gssf.initiate.tiqr.title.page')|trans }}
-{{ ('ra.vetting.gssf.initiate.tiqr.text.explanation')|trans }}
-{{ ('ra.vetting.gssf.initiate.tiqr.button.initiate')|trans }}
-{{ ('ra.vetting.gssf.initiate.tiqr.error.gssf_id_mismatch')|trans }}
-{{ ('ra.vetting.gssf.initiate.biometric.title.page')|trans }}
-{{ ('ra.vetting.gssf.initiate.biometric.text.explanation')|trans }}
-{{ ('ra.vetting.gssf.initiate.biometric.button.initiate')|trans }}
-{{ ('ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch')|trans }}
-
 {# RaRoleChoiceList labels #}
 {{ ('ra.form.extension.ra_role_choice.ra'|trans) }}
 {{ ('ra.form.extension.ra_role_choice.raa'|trans) }}

src/Surfnet/StepupRa/RaBundle/Service/RaCandidateService.php

@@ -19,6 +19,7 @@
 namespace Surfnet\StepupRa\RaBundle\Service;
 
 use Psr\Log\LoggerInterface;
+use Surfnet\StepupBundle\Service\SecondFactorTypeService;
 use Surfnet\StepupBundle\Value\Loa;
 use Surfnet\StepupBundle\Value\SecondFactorType;
 use Surfnet\StepupMiddlewareClient\Identity\Dto\RaCandidateSearchQuery;
@@ -28,6 +29,9 @@
 use Surfnet\StepupRa\RaBundle\Command\SearchRaCandidatesCommand;
 use Surfnet\StepupRa\RaBundle\Exception\InvalidArgumentException;
 
+/**
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
 class RaCandidateService
 {
     /**
@@ -45,14 +49,21 @@ class RaCandidateService
      */
     private $logger;
 
+    /**
+     * @var SecondFactorTypeService
+     */
+    private $secondFactorTypeService;
+
     public function __construct(
         ApiRaCandidateService $raCandidateService,
         CommandService $commandService,
-        LoggerInterface $logger
+        LoggerInterface $logger,
+        SecondFactorTypeService $secondFactorTypeService
     ) {
         $this->apiRaCandidateService = $raCandidateService;
         $this->commandService = $commandService;
         $this->logger = $logger;
+        $this->secondFactorTypeService = $secondFactorTypeService;
     }
 
     /**
@@ -129,13 +140,11 @@ public function accreditCandidate(AccreditCandidateCommand $command)
     private function getLoa3SecondFactorTypes()
     {
         $loa3 = new Loa(Loa::LOA_3, 'LOA3');
-
         return array_filter(
-            SecondFactorType::getAvailableSecondFactorTypes(),
+            $this->secondFactorTypeService->getAvailableSecondFactorTypes(),
             function ($secondFactorType) use ($loa3) {
                 $secondFactorType = new SecondFactorType($secondFactorType);
-
-                return $secondFactorType->canSatisfy($loa3);
+                return $this->secondFactorTypeService->canSatisfy($secondFactorType, $loa3);
             }
         );
     }