Merge branch 'develop' into WS-407-limited-access-fields-for-agency-m…

…anager

.github/workflows/test-pull-requests.yml

@@ -20,6 +20,7 @@ jobs:
           ddev exec blt setup --no-interaction || true
           ddev drush cim
           ddev drush cr
+          ddev drush pmu samlauth
       - name: Validate code
         run: ddev exec blt validate --no-interaction
       - name: Run tests

config/default/core.extension.yml

@@ -147,6 +147,7 @@ module:
   serialization: 0
   shortcut: 0
   simplesamlphp_auth: 0
+  swiftmailer: 0
   symfony_mailer: 0
   syslog: 0
   system: 0

config/default/samlauth.authentication.yml

@@ -1,15 +1,110 @@
 _core:
   default_config_hash: oDGEkhP0h5rXXqlDplxeBDre0goLigOJupHKMDMwcqM
-metadata_cache_http: false
-metadata_valid_secs: 60
+login_menu_item_title: ''
+logout_menu_item_title: ''
+login_link_show: true
+login_link_title: 'Login via MAX.gov'
+login_redirect_url: ''
+logout_redirect_url: ''
+error_redirect_url: ''
+error_throw: false
 local_login_saml_error: false
-security_authn_requests_sign: true
-security_logout_requests_sign: true
-security_logout_responses_sign: true
+logout_different_user: false
+drupal_login_roles:
+  authenticated: '0'
+  administrator: '0'
+  page_creator: '0'
+  layout_manager: '0'
+  page_reviewer: '0'
+  landing_page_creator: '0'
+  landing_page_reviewer: '0'
+  media_creator: '0'
+  media_manager: '0'
+  agency_component_creator: '0'
+  agency_component_reviewer: '0'
+  agency_administrator: '0'
+  agency_manager: '0'
+  non_sso: '0'
+  quarterly_foia_report_data_creator: '0'
+  quarterly_foia_report_data_reviewer: '0'
+  cfo_meeting_creator: '0'
+  cfo_meeting_reviewer: '0'
+  cfo_committee_creator: '0'
+  cfo_committee_reviewer: '0'
+  cfo_council_creator: '0'
+  cfo_council_reviewer: '0'
+  cfo_page_creator: '0'
+  cfo_page_reviewer: '0'
+sp_entity_id: doj_foia_api_dev
+sp_name_id_format: ''
+sp_x509_certificate: 'file:/var/www/html/foia.dev/acquia-files/saml/samlauth_key.pub'
+sp_new_certificate: ''
+sp_private_key: 'file:/var/www/html/foia.dev/acquia-files/saml/samlauth_key'
+metadata_valid_secs: 60
+metadata_cache_http: false
+idp_entity_id: 'https://login.test.max.gov/idp/shibboleth'
+idp_single_sign_on_service: 'https://login.test.max.gov/idp/profile/SAML2/Redirect/SSO'
+idp_single_log_out_service: ''
+idp_change_password_service: ''
+idp_certs:
+  - 'file:/var/www/html/foia.dev/acquia-files/saml/max_key.pub'
+idp_cert_encryption: ''
+unique_id_attribute: maxEmail
+map_users: false
+map_users_name: true
+map_users_mail: true
+map_users_roles:
+  administrator: administrator
+  page_creator: page_creator
+  layout_manager: layout_manager
+  page_reviewer: page_reviewer
+  landing_page_creator: landing_page_creator
+  landing_page_reviewer: landing_page_reviewer
+  media_creator: media_creator
+  media_manager: media_manager
+  agency_component_creator: agency_component_creator
+  agency_component_reviewer: agency_component_reviewer
+  agency_administrator: agency_administrator
+  agency_manager: agency_manager
+  non_sso: non_sso
+  quarterly_foia_report_data_creator: quarterly_foia_report_data_creator
+  quarterly_foia_report_data_reviewer: quarterly_foia_report_data_reviewer
+  cfo_meeting_creator: cfo_meeting_creator
+  cfo_meeting_reviewer: cfo_meeting_reviewer
+  cfo_committee_creator: cfo_committee_creator
+  cfo_committee_reviewer: cfo_committee_reviewer
+  cfo_council_creator: cfo_council_creator
+  cfo_council_reviewer: cfo_council_reviewer
+  cfo_page_creator: cfo_page_creator
+  cfo_page_reviewer: cfo_page_reviewer
+create_users: true
+sync_name: true
+sync_mail: true
+user_name_attribute: maxEmail
+user_mail_attribute: maxEmail
+request_set_name_id_policy: false
 strict: true
+security_metadata_sign: false
+security_authn_requests_sign: true
+security_logout_requests_sign: false
+security_logout_responses_sign: false
+security_nameid_encrypt: false
+security_signature_algorithm: ''
+security_encryption_algorithm: ''
 security_messages_sign: true
-security_lowercase_url_encoding: true
-request_set_name_id_policy: true
-security_want_name_id: true
-security_request_authn_context: true
+security_assertions_signed: false
+security_assertions_encrypt: false
+security_nameid_encrypted: false
+security_want_name_id: false
+security_request_authn_context: false
+security_lowercase_url_encoding: false
+security_logout_reuse_sigs: false
+security_allow_repeat_attribute_name: false
+debug_display_error_details: false
+debug_log_in: false
+debug_log_saml_in: true
+debug_log_saml_out: true
+debug_phpsaml: false
+use_proxy_headers: false
 use_base_url: true
+bypass_relay_state_check: false

config/default/simplesamlphp_auth.settings.yml

@@ -1,7 +1,7 @@
 _core:
   default_config_hash: SlvBDvDYAFLAkAikHJp_4rntvPn-nX6DLf92HOoX2cQ
 langcode: en
-activate: true
+activate: false
 auth_source: default-sp
 login_link_display_name: 'Login via MAX.gov'
 login_link_show: true
@@ -39,3 +39,5 @@ sync:
   user_name: true
 autoenablesaml: true
 debug: false
+secure: false
+httponly: false

config/default/user.role.anonymous.yml

@@ -10,6 +10,7 @@ dependencies:
     - foia_personnel
     - media
     - rest
+    - samlauth
     - system
     - view_unpublished
     - webform
@@ -51,3 +52,4 @@ permissions:
   - 'view own field_request_submission_form'
   - 'view own field_submission_web'
   - 'view published foia personnel entities'
+  - 'view sp metadata'

config/default/user.role.authenticated.yml

@@ -11,6 +11,7 @@ dependencies:
     - foia_personnel
     - form_mode_manager
     - media
+    - samlauth
     - shortcut
     - system
     - webform
@@ -30,3 +31,4 @@ permissions:
   - 'view files'
   - 'view media'
   - 'view published foia personnel entities'
+  - 'view sp metadata'

docroot/modules/custom/swiftmailer/swiftmailer.info.yml

@@ -0,0 +1,5 @@
+name: 'Swiftmailer - placeholder'
+type: module
+description: 'Placeholder for a missing module.'
+core_version_requirement: ^8 || ^9 || ^10
+package: 'FOIA'

docroot/modules/custom/swiftmailer/swiftmailer.module

@@ -0,0 +1,6 @@
+<?php
+
+/**
+ * @file
+ * Swiftmailer placeholder.
+ */

docroot/sites/default/settings/includes.settings.php

@@ -34,4 +34,31 @@
       ac_protect_this_site();
     }
   }
+
+  switch ($ah_env) {
+    case 'dev':
+      $config['samlauth.authentication']['sp_entity_id'] = 'doj_foia_api_dev';
+      $config['samlauth.authentication']['idp_single_sign_on_service'] = 'https://login.stage.max.gov/idp/profile/SAML2/Redirect/SSO';
+      $config['samlauth.authentication']['idp_entity_id'] = 'https://login.stage.max.gov/idp/shibboleth';
+      break;
+
+    case 'test':
+      $config['samlauth.authentication']['sp_entity_id'] = 'doj_foia_api_test';
+      $config['samlauth.authentication']['idp_single_sign_on_service'] = 'https://login.stage.max.gov/idp/profile/SAML2/Redirect/SSO';
+      $config['samlauth.authentication']['idp_entity_id'] = 'https://login.stage.max.gov/idp/shibboleth';
+      break;
+
+    case 'uat':
+      $config['samlauth.authentication']['sp_entity_id'] = 'doj_foia_api_uat';
+      $config['samlauth.authentication']['idp_single_sign_on_service'] = 'https://login.stage.max.gov/idp/profile/SAML2/Redirect/SSO';
+      $config['samlauth.authentication']['idp_entity_id'] = 'https://login.stage.max.gov/idp/shibboleth';
+      break;
+
+    case 'prod':
+      $config['samlauth.authentication']['sp_entity_id'] = 'doj_foia_api_prod';
+      $config['samlauth.authentication']['idp_single_sign_on_service'] = 'https://login.stage.max.gov/idp/profile/SAML2/Redirect/SSO';
+      $config['samlauth.authentication']['idp_entity_id'] = 'https://login.stage.max.gov/idp/shibboleth';
+      break;
+
+  }
 }