Merge branch 'wip-version-7' of github.com:simplesamlphp/simplesamlphp-module-oidc into wip-version-7

cicnavi · cicnavi · commit 1455157f25d3 · 2026-05-11T14:00:18.000+02:00
diff --git a/composer.json b/composer.json
@@ -31,7 +31,7 @@
         "psr/container": "^2.0",
         "psr/log": "^3",
         "simplesamlphp/composer-module-installer": "^1.3",
-        "simplesamlphp/openid": "~v0.1.1",
+        "simplesamlphp/openid": "~0.2.0",
         "spomky-labs/base64url": "^2.0",
         "symfony/expression-language": "^7.4",
         "symfony/psr-http-message-bridge": "^7.4",
diff --git a/public/assets/css/src/default.css b/public/assets/css/src/default.css
@@ -104,8 +104,31 @@ table.client-table {
     font-weight: bolder;
 }
 
-.confirm-action {}
+
 
 form.pure-form-stacked .full-width {
     width: 100%;
 }
+
+/* Form loading state */
+.form-loading-spinner {
+    display: inline-block;
+    width: 0.85em;
+    height: 0.85em;
+    border: 2px solid currentColor;
+    border-top-color: transparent;
+    border-radius: 50%;
+    animation: form-spinner-rotate 0.7s linear infinite;
+    vertical-align: middle;
+    margin-right: 0.4em;
+    opacity: 0.8;
+}
+
+@keyframes form-spinner-rotate {
+    to { transform: rotate(360deg); }
+}
+
+button[disabled].loading {
+    opacity: 0.7;
+    cursor: not-allowed;
+}
diff --git a/public/assets/js/src/default.js b/public/assets/js/src/default.js
@@ -1,4 +1,3 @@
-
 (function() {
 
     // Attach `confirm-action` click event to all elements with the `confirm-action` class.
@@ -19,4 +18,17 @@
             }
         });
     });
+
+    // Handle forms with loading state
+    document.querySelectorAll('form.form-with-loading-state').forEach(form => {
+        form.addEventListener('submit', function (event) {
+            const submitter = event.submitter || this.querySelector('button[type="submit"]');
+            if (submitter) {
+                const loadingText = submitter.getAttribute('data-loading-text') || 'Processing...';
+                submitter.disabled = true;
+                submitter.classList.add('loading');
+                submitter.innerHTML = `<span class="form-loading-spinner"></span> ${loadingText}`;
+            }
+        });
+    });
 })();
diff --git a/routing/routes/routes.php b/routing/routes/routes.php
@@ -77,6 +77,9 @@
     $routes->add(RoutesEnum::AdminTestTrustMarkValidation->name, RoutesEnum::AdminTestTrustMarkValidation->value)
         ->controller([FederationTestController::class, 'trustMarkValidation'])
         ->methods([HttpMethodsEnum::GET->value, HttpMethodsEnum::POST->value]);
+    $routes->add(RoutesEnum::AdminTestFederationDiscovery->name, RoutesEnum::AdminTestFederationDiscovery->value)
+        ->controller([FederationTestController::class, 'federationDiscovery'])
+        ->methods([HttpMethodsEnum::GET->value, HttpMethodsEnum::POST->value]);
     $routes->add(
         RoutesEnum::AdminTestVerifiableCredentialIssuance->name,
         RoutesEnum::AdminTestVerifiableCredentialIssuance->value,
diff --git a/src/Codebooks/RoutesEnum.php b/src/Codebooks/RoutesEnum.php
@@ -28,6 +28,7 @@ enum RoutesEnum: string
     // Testing
     case AdminTestTrustChainResolution = 'admin/test/trust-chain-resolution';
     case AdminTestTrustMarkValidation = 'admin/test/trust-mark-validation';
+    case AdminTestFederationDiscovery = 'admin/test/federation-discovery';
     case AdminTestVerifiableCredentialIssuance = 'admin/test/verifiable-credential-issuance';
 
 
diff --git a/src/Controllers/Admin/FederationTestController.php b/src/Controllers/Admin/FederationTestController.php
@@ -169,4 +169,135 @@ public function trustMarkValidation(Request $request): Response
             RoutesEnum::AdminTestTrustMarkValidation->value,
         );
     }
+
+
+    /**
+     * @throws \SimpleSAML\Error\ConfigurationError
+     * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException
+     * @throws \SimpleSAML\Module\oidc\Exceptions\OidcException
+     */
+    public function federationDiscovery(Request $request): Response
+    {
+        $trustAnchorId = null;
+        $isFormSubmitted = false;
+        $entities = [];
+        $forceRefresh = false;
+        $filterEntityTypes = [];
+        $filterTrustMarkTypes = '';
+        $filterQuery = '';
+        $sortBy = 'entity_id';
+        $sortOrder = 'asc';
+        $pageLimit = 50;
+        $pageFrom = null;
+        $nextPageToken = null;
+        $totalCount = 0;
+
+        if ($request->isMethod(Request::METHOD_POST)) {
+            $isFormSubmitted = true;
+
+            !empty($trustAnchorId = $request->request->getString('trustAnchorId')) ||
+            throw new OidcException('Empty Trust Anchor ID.');
+
+            $forceRefresh = $request->request->getBoolean('forceRefresh');
+            /** @var string[] $filterEntityTypes */
+            $filterEntityTypes = $request->request->all('filterEntityTypes');
+            $filterTrustMarkTypes = $request->request->getString('filterTrustMarkTypes');
+            $filterQuery = $request->request->getString('filterQuery');
+            $sortBy = $request->request->getString('sortBy', 'entity_id');
+            $sortOrder = $request->request->getString('sortOrder', 'asc');
+            /** @var 'asc'|'desc' $sortOrder */
+            $sortOrder = in_array($sortOrder, ['asc', 'desc']) ? $sortOrder : 'asc';
+            $pageLimit = $request->request->getInt('pageLimit', 50);
+            $pageFrom = $request->request->get('pageFrom');
+            $pageFrom = is_string($pageFrom) ? $pageFrom : null;
+
+            try {
+                $entityCollection = $this->federationWithArrayLogger->federationDiscovery()->discover(
+                    trustAnchorId: $trustAnchorId,
+                    forceRefresh: $forceRefresh,
+                );
+
+                // 1. Filtering
+                $criteria = array_filter([
+                    'entity_type' => $filterEntityTypes,
+                    'trust_mark_type' => $this->helpers->str()->convertTextToArray($filterTrustMarkTypes),
+                    'query' => $filterQuery,
+                ]);
+                if (!empty($criteria)) {
+                    $entityCollection->filter($criteria);
+                }
+
+                $totalCount = count($entityCollection->getEntities());
+
+                // 2. Sorting
+                $claimPaths = match ($sortBy) {
+                    'display_name' => [
+                        ['metadata', EntityTypesEnum::OpenIdProvider->value, 'display_name'],
+                        ['metadata', EntityTypesEnum::FederationEntity->value, 'display_name'],
+                        ['metadata', EntityTypesEnum::OpenIdRelyingParty->value, 'display_name'],
+                    ],
+                    'organization_name' => [
+                        ['metadata', EntityTypesEnum::OpenIdProvider->value, 'organization_name'],
+                        ['metadata', EntityTypesEnum::FederationEntity->value, 'organization_name'],
+                        ['metadata', EntityTypesEnum::OpenIdRelyingParty->value, 'organization_name'],
+                    ],
+                    default => [['sub']],
+                };
+                $entityCollection->sort($claimPaths, $sortOrder);
+
+                // 3. Pagination
+                /** @var positive-int $pageLimit */
+                $entityCollection->paginate($pageLimit, $pageFrom);
+
+                $nextPageToken = $entityCollection->getNextPageToken();
+
+                foreach ($entityCollection->getEntities() as $id => $payload) {
+                    $entities[] = [
+                        'id' => $id,
+                        'payload' => $payload,
+                    ];
+                }
+            } catch (\Throwable $exception) {
+                $this->arrayLogger->error(sprintf(
+                    'Error during entity discovery under Trust Anchor %s. Error was %s',
+                    $trustAnchorId,
+                    $exception->getMessage(),
+                ));
+            }
+        }
+
+        $logMessages = $this->arrayLogger->getEntries();
+
+        try {
+            $trustAnchorIds = $this->moduleConfig->getFederationTrustAnchorIds();
+        } catch (\Throwable $exception) {
+            $this->arrayLogger->error('Module config error: ' . $exception->getMessage());
+            $trustAnchorIds = [];
+        }
+
+        $entityTypeOptions = array_map(fn (EntityTypesEnum $enum) => $enum->value, EntityTypesEnum::cases());
+
+        return $this->templateFactory->build(
+            'oidc:tests/federation-discovery.twig',
+            compact(
+                'trustAnchorId',
+                'logMessages',
+                'isFormSubmitted',
+                'entities',
+                'trustAnchorIds',
+                'forceRefresh',
+                'filterEntityTypes',
+                'filterTrustMarkTypes',
+                'filterQuery',
+                'sortBy',
+                'sortOrder',
+                'pageLimit',
+                'pageFrom',
+                'nextPageToken',
+                'totalCount',
+                'entityTypeOptions',
+            ),
+            RoutesEnum::AdminTestFederationDiscovery->value,
+        );
+    }
 }
diff --git a/src/Controllers/Federation/EntityStatementController.php b/src/Controllers/Federation/EntityStatementController.php
@@ -95,8 +95,6 @@ public function configuration(): Response
                             ClaimsEnum::OrganizationUri->value => $this->moduleConfig->getOrganizationUri(),
                         ],
                     )),
-                    ClaimsEnum::FederationFetchEndpoint->value => $this->routes->urlFederationFetch(),
-                    ClaimsEnum::FederationListEndpoint->value => $this->routes->urlFederationList(),
                     // TODO v7 mivanci Add when ready. Use ClaimsEnum for keys.
                     // https://openid.net/specs/openid-federation-1_0.html#name-federation-entity
                     //'federation_resolve_endpoint',
diff --git a/src/Factories/TemplateFactory.php b/src/Factories/TemplateFactory.php
@@ -142,6 +142,13 @@ protected function includeDefaultMenuItems(): void
             ),
         );
 
+        $this->oidcMenu->addItem(
+            $this->oidcMenu->buildItem(
+                $this->moduleConfig->getModuleUrl(RoutesEnum::AdminTestFederationDiscovery->value),
+                Translate::noop('Test Federation Discovery'),
+            ),
+        );
+
         $this->oidcMenu->addItem(
             $this->oidcMenu->buildItem(
                 $this->moduleConfig->getModuleUrl(RoutesEnum::AdminConfigVerifiableCredential->value),
diff --git a/src/Utils/Routes.php b/src/Utils/Routes.php
@@ -146,6 +146,11 @@ public function urlAdminTestTrustMarkValidation(array $parameters = []): string
         return $this->getModuleUrl(RoutesEnum::AdminTestTrustMarkValidation->value, $parameters);
     }
 
+    public function urlAdminTestFederationDiscovery(array $parameters = []): string
+    {
+        return $this->getModuleUrl(RoutesEnum::AdminTestFederationDiscovery->value, $parameters);
+    }
+
     public function urlAdminTestVerifiableCredentialIssuance(array $parameters = []): string
     {
         return $this->getModuleUrl(RoutesEnum::AdminTestVerifiableCredentialIssuance->value, $parameters);
diff --git a/templates/tests/federation-discovery.twig b/templates/tests/federation-discovery.twig
diff --git a/templates/tests/trust-chain-resolution.twig b/templates/tests/trust-chain-resolution.twig
diff --git a/templates/tests/trust-mark-validation.twig b/templates/tests/trust-mark-validation.twig
diff --git a/templates/tests/verifiable-credential-issuance.twig b/templates/tests/verifiable-credential-issuance.twig

Original file line number	Diff line number	Diff line change
`@@ -146,6 +146,11 @@ public function urlAdminTestTrustMarkValidation(array $parameters = []): string`
`146`	`146`	`return $this->getModuleUrl(RoutesEnum::AdminTestTrustMarkValidation->value, $parameters);`
`147`	`147`	`}`
`148`	`148`
	`149`	`+ public function urlAdminTestFederationDiscovery(array $parameters = []): string`
	`150`	`+ {`
	`151`	`+ return $this->getModuleUrl(RoutesEnum::AdminTestFederationDiscovery->value, $parameters);`
	`152`	`+ }`
	`153`	`+`
`149`	`154`	`public function urlAdminTestVerifiableCredentialIssuance(array $parameters = []): string`
`150`	`155`	`{`
`151`	`156`	`return $this->getModuleUrl(RoutesEnum::AdminTestVerifiableCredentialIssuance->value, $parameters);`