Merge branch 'release/2.10'

.travis.yml

@@ -11,6 +11,10 @@ php:
   - 5.6
   - 7.0
 
+matrix:
+  allow_failures:
+  - php: 7.0
+
 env:
   global:
     - SYMFONY_ENV=test
@@ -27,7 +31,6 @@ before_script:
 script:
   - ant
 
-
 branches:
   only:
     - master

CHANGELOG.md

@@ -0,0 +1,11 @@
+# Changelog
+
+## 2.10.0
+**Features & Bugfixes**
+* Improved the AccessDenied error page #159
+* Fixed missing translations for validation messages on forms #163
+
+**Improvements**
+* Symfony 3.4.15 upgrade #162
+* Behat test support #160
+* Removed RMT from the project

README.md

@@ -19,3 +19,6 @@ This component is part of "Step-up Authentication as-a Service" and requires oth
 Clone the repository or download the archive to a directory. Install the dependencies by running `composer install`.
 
 Run `app/console mopa:bootstrap:symlink:less` to configure Bootstrap symlinks.
+
+## Release strategy
+Please read: https://github.com/OpenConext/Stepup-Deploy/wiki/Release-Management fro more information on the release strategy used in Stepup projects.

app/AppCache.php

@@ -0,0 +1,7 @@
+<?php
+
+use Symfony\Bundle\FrameworkBundle\HttpCache\HttpCache;
+
+class AppCache extends HttpCache
+{
+}

app/AppKernel.php

@@ -39,8 +39,6 @@ public function registerBundles()
             new Surfnet\SamlBundle\SurfnetSamlBundle(),
             new Surfnet\StepupBundle\SurfnetStepupBundle(),
             new JMS\TranslationBundle\JMSTranslationBundle(),
-            new JMS\DiExtraBundle\JMSDiExtraBundle($this),
-            new JMS\AopBundle\JMSAopBundle(),
             // Replace with Pagerfanta https://www.pivotaltracker.com/story/show/89688680
             new Knp\Bundle\PaginatorBundle\KnpPaginatorBundle(),
             new Surfnet\StepupU2fBundle\SurfnetStepupU2fBundle(),
@@ -50,7 +48,6 @@ public function registerBundles()
         if (in_array($this->getEnvironment(), array('dev', 'test'))) {
             $bundles[] = new Symfony\Bundle\WebProfilerBundle\WebProfilerBundle();
             $bundles[] = new Sensio\Bundle\DistributionBundle\SensioDistributionBundle();
-            $bundles[] = new Sensio\Bundle\GeneratorBundle\SensioGeneratorBundle();
         }
 
         return $bundles;

app/Resources/translations/messages.en_GB.xliff

@@ -1362,7 +1362,7 @@ The token is now activated and ready to be used.</target>
       </trans-unit>
       <trans-unit id="e3fdeb24bc6d32318d6612b0c02d8a4c9cc28863" resname="stepup.error.user_not_ra.description">
         <source>stepup.error.user_not_ra.description</source>
-        <target>You are not authorised to sign in. You are fully authenticated but not granted RA privileges.</target>
+        <target>Authentication was successful, but you are not authorised to use the RA management portal.</target>
         <jms:reference-file line="39">/../src/Surfnet/StepupRa/RaBundle/Controller/ExceptionController.php</jms:reference-file>
       </trans-unit>
       <trans-unit id="c32d6032c1e192b50f5ecbdfc12a7970a402a386" resname="stepup.error.user_not_ra.title">

app/Resources/translations/messages.nl_NL.xliff

@@ -1362,7 +1362,7 @@ Het token is nu geactiveerd en klaar voor gebruik.</target>
       </trans-unit>
       <trans-unit id="e3fdeb24bc6d32318d6612b0c02d8a4c9cc28863" resname="stepup.error.user_not_ra.description">
         <source>stepup.error.user_not_ra.description</source>
-        <target>Je hebt niet de juiste rechten om in te mogen loggen. Je account is niet gemachtigd om in te loggen als registration authority (RA).</target>
+        <target>Het inloggen is geslaagd, maar je bent niet geautoriseerd om het RA management portal te gebruiken.</target>
         <jms:reference-file line="39">/../src/Surfnet/StepupRa/RaBundle/Controller/ExceptionController.php</jms:reference-file>
       </trans-unit>
       <trans-unit id="c32d6032c1e192b50f5ecbdfc12a7970a402a386" resname="stepup.error.user_not_ra.title">

app/config/config.yml

@@ -18,10 +18,9 @@ framework:
     templating:
         engines: ['twig', 'php']
     assets:
-        version: %asset_version%
+        version: "%asset_version%"
     default_locale:  "%default_locale%"
     trusted_hosts:   ~
-    trusted_proxies: %trusted_proxies%
     session:
         # handler_id set to null will use default session handler from php.ini
         handler_id:  ~
@@ -74,9 +73,9 @@ services:
         tags: [{ name: twig.extension }]
 
 surfnet_stepup_ra_ra:
-    required_loa: %loa_required_for_login%
-    enabled_second_factors: %enabled_second_factors%
-    enabled_generic_second_factors: %enabled_generic_second_factors%
+    required_loa: "%loa_required_for_login%"
+    enabled_second_factors: "%enabled_second_factors%"
+    enabled_generic_second_factors: "%enabled_generic_second_factors%"
     session_lifetimes:
         max_absolute_lifetime: "%session_max_absolute_lifetime%"
         max_relative_lifetime: "%session_max_relative_lifetime%"
@@ -92,11 +91,11 @@ mopa_bootstrap:
 
 surfnet_stepup_middleware_client:
     authorisation:
-        username: %middleware_credentials_username%
-        password: %middleware_credentials_password%
+        username: "%middleware_credentials_username%"
+        password: "%middleware_credentials_password%"
     url:
-        command_api: %middleware_url_command_api%
-        api: %middleware_url_api%
+        command_api: "%middleware_url_command_api%"
+        api: "%middleware_url_api%"
 
 surfnet_saml:
     hosted:
@@ -105,48 +104,48 @@ surfnet_saml:
         service_provider:
             enabled: true
             assertion_consumer_route: ra_serviceprovider_consume_assertion
-            public_key: %saml_sp_publickey%
-            private_key: %saml_sp_privatekey%
+            public_key: "%saml_sp_publickey%"
+            private_key: "%saml_sp_privatekey%"
         metadata:
             entity_id_route: ra_saml_metadata
-            public_key: %saml_metadata_publickey%
-            private_key: %saml_metadata_privatekey%
+            public_key: "%saml_metadata_publickey%"
+            private_key: "%saml_metadata_privatekey%"
     remote:
         identity_provider:
             enabled: true
-            entity_id: %saml_remote_idp_entity_id%
-            sso_url: %saml_remote_idp_sso_url%
-            certificate: %saml_remote_idp_certificate%
+            entity_id: "%saml_remote_idp_entity_id%"
+            sso_url: "%saml_remote_idp_sso_url%"
+            certificate: "%saml_remote_idp_certificate%"
 
 surfnet_stepup:
     logging:
         application_name: registration-authority
     loa_definition:
-        loa1: %stepup_loa_loa1%
-        loa2: %stepup_loa_loa2%
-        loa3: %stepup_loa_loa3%
+        loa1: "%stepup_loa_loa1%"
+        loa2: "%stepup_loa_loa2%"
+        loa3: "%stepup_loa_loa3%"
     sms:
-        originator: %sms_originator%
-        otp_expiry_interval: %sms_otp_expiry_interval%
-        maximum_otp_requests: %sms_maximum_otp_requests%
+        originator: "%sms_originator%"
+        otp_expiry_interval: "%sms_otp_expiry_interval%"
+        maximum_otp_requests: "%sms_maximum_otp_requests%"
     gateway_api:
-        url: %gateway_api_url%
+        url: "%gateway_api_url%"
         credentials:
-            username: %gateway_api_username%
-            password: %gateway_api_password%
+            username: "%gateway_api_username%"
+            password: "%gateway_api_password%"
     attach_request_id_injector_to:
         - surfnet_stepup.guzzle.gateway_api
         - surfnet_stepup_middleware_client.guzzle.api
         - surfnet_stepup_middleware_client.guzzle.commands
     locale_cookie:
-        domain: %locale_cookie_domain%
+        domain: "%locale_cookie_domain%"
 
 jms_translation:
-    locales: %locales%
+    locales: "%locales%"
     configs:
         default:
-            dirs: [%kernel.root_dir%/../src, %kernel.root_dir%, %kernel.root_dir%/../vendor/surfnet/stepup-middleware-client-bundle, %kernel.root_dir%/../vendor/surfnet/stepup-bundle]
-            output_dir: %kernel.root_dir%/Resources/translations
+            dirs: ["%kernel.root_dir%/../src", "%kernel.root_dir%", "%kernel.root_dir%/../vendor/surfnet/stepup-middleware-client-bundle", "%kernel.root_dir%/../vendor/surfnet/stepup-bundle"]
+            output_dir: "%kernel.root_dir%/Resources/translations"
             ignored_domains: []
             excluded_names: ['*TestCase.php', '*Test.php']
             excluded_dirs: [cache, data, logs, Tests]
@@ -163,4 +162,4 @@ knp_paginator:
         sortable: SurfnetStepupRaRaBundle:Pagination:sortable_link.html.twig
 
 surfnet_stepup_u2f:
-    app_id: %u2f_app_id%
+    app_id: "%u2f_app_id%"

app/config/config_dev.yml

@@ -31,7 +31,7 @@ monolog:
             type: stream
             handler: logfile
             level: NOTICE
-            path: %kernel.logs_dir%/%kernel.environment%.log
+            path: "%kernel.logs_dir%/%kernel.environment%.log"
 
 assetic:
     use_controller: "%use_assetic_controller%"

app/config/routing_dev.yml

@@ -6,10 +6,6 @@ _profiler:
     resource: "@WebProfilerBundle/Resources/config/routing/profiler.xml"
     prefix:   /_profiler
 
-_configurator:
-    resource: "@SensioDistributionBundle/Resources/config/routing/webconfigurator.xml"
-    prefix:   /_configurator
-
 JMSTranslationBundle_ui:
     resource: "@JMSTranslationBundle/Controller/"
     type:     annotation

app/config/samlstepupproviders.yml

@@ -5,40 +5,23 @@ surfnet_stepup_ra_saml_stepup_provider:
     routes:
         consume_assertion: ra_vetting_gssf_verify
         metadata: ra_vetting_gssf_metadata
+
     providers:
         tiqr:
             hosted:
                 service_provider:
-                    public_key: %gssp_tiqr_sp_publickey%
-                    private_key: %gssp_tiqr_sp_privatekey%
-                metadata:
-                    public_key: %gssp_tiqr_metadata_publickey%
-                    private_key: %gssp_tiqr_metadata_privatekey%
-            remote:
-                entity_id: %gssp_tiqr_remote_entity_id%
-                sso_url: %gssp_tiqr_remote_sso_url%
-                certificate: %gssp_tiqr_remote_certificate%
-            view_config:
-                title: %gssp_tiqr_title%
-                page_title: %gssp_tiqr_page_title%
-                explanation: %gssp_tiqr_explanation%
-                initiate: %gssp_tiqr_initiate%
-                gssf_id_mismatch: %gssp_tiqr_gssf_id_mismatch%
-        biometric:
-            hosted:
-                service_provider:
-                    public_key: %gssp_biometric_sp_publickey%
-                    private_key: %gssp_biometric_sp_privatekey%
+                    public_key: "%gssp_tiqr_sp_publickey%"
+                    private_key: "%gssp_tiqr_sp_privatekey%"
                 metadata:
-                    public_key: %gssp_biometric_metadata_publickey%
-                    private_key: %gssp_biometric_metadata_privatekey%
+                    public_key: "%gssp_tiqr_metadata_publickey%"
+                    private_key: "%gssp_tiqr_metadata_privatekey%"
             remote:
-                entity_id: %gssp_biometric_remote_entity_id%
-                sso_url: %gssp_biometric_remote_sso_url%
-                certificate: %gssp_biometric_remote_certificate%
+                entity_id: "%gssp_tiqr_remote_entity_id%"
+                sso_url: "%gssp_tiqr_remote_sso_url%"
+                certificate: "%gssp_tiqr_remote_certificate%"
             view_config:
-                title: %gssp_biometric_title%
-                page_title: %gssp_biometric_page_title%
-                explanation: %gssp_biometric_explanation%
-                initiate: %gssp_biometric_initiate%
-                gssf_id_mismatch: %gssp_biometric_gssf_id_mismatch%
+                title: "%gssp_tiqr_title%"
+                page_title: "%gssp_tiqr_page_title%"
+                explanation: "%gssp_tiqr_explanation%"
+                initiate: "%gssp_tiqr_initiate%"
+                gssf_id_mismatch: "%gssp_tiqr_gssf_id_mismatch%"

app/config/security.yml

@@ -10,6 +10,7 @@ security:
 
         default:
             pattern: ^/authentication/(metadata|session-expired)$
+            logout_on_user_change: true
             anonymous: ~
 
         monitor:
@@ -22,11 +23,12 @@ security:
 
         saml_based:
             saml: true
+            logout_on_user_change: true
             logout:
                 path: /logout
-                target: %logout_redirect_url%
+                target: "%logout_redirect_url%"
                 invalidate_session: true
-                csrf_token_generator: form.csrf_provider
+                csrf_token_generator: security.csrf.token_manager
                 csrf_parameter: 't'
                 csrf_token_id: 'registration_authority_logout_token'
 

app/console

@@ -1,23 +1,26 @@
 #!/usr/bin/env php
 <?php
 
-set_time_limit(0);
-
-require_once __DIR__.'/bootstrap.php.cache';
-require_once __DIR__.'/AppKernel.php';
-
 use Symfony\Bundle\FrameworkBundle\Console\Application;
 use Symfony\Component\Console\Input\ArgvInput;
 use Symfony\Component\Debug\Debug;
 
+// if you don't want to setup permissions the proper way, just uncomment the following PHP line
+// read http://symfony.com/doc/current/setup.html#checking-symfony-application-configuration-and-setup
+// for more information
+//umask(0000);
+
+set_time_limit(0);
+
+/** @var Composer\Autoload\ClassLoader $loader */
+$loader = require __DIR__.'/../app/autoload.php';
+
 $input = new ArgvInput();
-$env = $input->getParameterOption(array('--env', '-e'), getenv('SYMFONY_ENV') ?: 'dev');
-$debug = getenv('SYMFONY_DEBUG') !== '0' && !$input->hasParameterOption(array('--no-debug', ''))
-    && $env !== 'prod'
-    && $env !== 'build';
+$env = $input->getParameterOption(['--env', '-e'], getenv('SYMFONY_ENV') ?: 'dev');
+$debug = getenv('SYMFONY_DEBUG') !== '0' && !$input->hasParameterOption(['--no-debug', '']) && $env !== 'prod';
 
 if ($debug) {
-    Debug::enable(~E_USER_DEPRECATED);
+    Debug::enable();
 }
 
 $kernel = new AppKernel($env, $debug);

app/phpunit.xml.dist

@@ -13,4 +13,13 @@
             <directory>../src/Surfnet/StepupRa/SamlStepupProviderBundle/Tests</directory>
         </testsuite>
     </testsuites>
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+            <directory>../src</directory>
+            <exclude>
+                <directory>../src/Surfnet/StepupRa/RaBundle/Tests</directory>
+                <directory>../src/Surfnet/StepupRa/SamlStepupProviderBundle/Tests</directory>
+            </exclude>
+        </whitelist>
+    </filter>
 </phpunit>