Add complete remote vetting E2E test

Add a remote vetting E2E test to validate the flow of the remote vetting process.
OpenConext · Mar 23, 2020 · b26bf18 · b26bf18
1 parent 68e2cad
commit b26bf18
Show file tree

Hide file tree

Showing 8 changed files with 205 additions and 104 deletions.
diff --git a/app/Resources/views/dev/mock-acs.html.twig b/app/Resources/views/dev/mock-acs.html.twig
@@ -12,9 +12,15 @@
     ]
 },
 {
-    "name":"mail",
+    "name":"firstName",
     "value": [
-        "test@mail.com"
+        "John"
+    ]
+},
+{
+    "name":"lastName",
+    "value": [
+        "Doe"
     ]
 },
 {

diff --git a/app/config/remote_vetting.yml b/app/config/remote_vetting.yml
@@ -14,8 +14,8 @@ parameters:
         certificateFile: "%saml_rv_publickey%"
         privateKey: "%saml_rv_privatekey%"
         attributeMapping:
-          mail: mail
-          uid: uid
+          givenName: firstName
+          surname: lastName
       - name: "ReadId"
         logo: "/images/remote-vetting/readid.png"
         description:
@@ -27,8 +27,8 @@ parameters:
         certificateFile: "%saml_rv_publickey%"
         privateKey: "%saml_rv_privatekey%"
         attributeMapping:
-          mail: mail
-          uid: uid
+          givenName: firstName
+          surname: lastName
       - name: "iDIN"
         logo: "/images/remote-vetting/idin.png"
         description:
@@ -40,8 +40,8 @@ parameters:
         certificateFile: '%saml_rv_publickey%'
         privateKey: '%saml_rv_privatekey%'
         attributeMapping:
-          mail: mail
-          uid: uid
+          givenName: firstName
+          surname: lastName
   remote_vetting_sp:
     entityId: https://selfservice.stepup.example.com/saml/metadata
     assertionConsumerUrl: https://selfservice.stepup.example.com/second-factor/acs
@@ -109,6 +109,7 @@ services:
     public: true
     arguments:
       - '@Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVettingService'
+      - '@surfnet_stepup_self_service_self_service.service.second_factor'
       - '@Surfnet\StepupSelfService\SelfServiceBundle\Service\RemoteVetting\SamlCalloutHelper'
       - '@surfnet_stepup.registration_expiration_helper'
       - '@logger'

diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Command/RemoteVetCommand.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Command/RemoteVetCommand.php
@@ -18,18 +18,15 @@
 
 namespace Surfnet\StepupSelfService\SelfServiceBundle\Command;
 
-use Surfnet\StepupMiddlewareClientBundle\Identity\Dto\Identity;
-use Surfnet\StepupMiddlewareClientBundle\Identity\Dto\VerifiedSecondFactor;
-
 class RemoteVetCommand
 {
     /**
-     * @var Identity
+     * @var string
      */
     public $identity;
 
     /**
-     * @var VerifiedSecondFactor
+     * @var string
      */
     public $secondFactor;
 }
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/RemoteVettingController.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/RemoteVettingController.php
@@ -17,7 +17,6 @@
 
 namespace Surfnet\StepupSelfService\SelfServiceBundle\Controller;
 
-use Exception;
 use Psr\Log\LoggerInterface;
 use SAML2\Response\Exception\PreconditionNotMetException;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
@@ -63,13 +62,19 @@ class RemoteVettingController extends Controller
      * @var RegistrationExpirationHelper
      */
     private $expirationHelper;
+    /**
+     * @var SecondFactorService
+     */
+    private $secondFactorService;
 
     public function __construct(
         RemoteVettingService $remoteVettingService,
+        SecondFactorService $secondFactorService,
         SamlCalloutHelper $samlCalloutHelper,
         RegistrationExpirationHelper $expirationHelper,
         LoggerInterface $logger
     ) {
+        $this->secondFactorService = $secondFactorService;
         $this->remoteVettingService = $remoteVettingService;
         $this->samlCalloutHelper = $samlCalloutHelper;
         $this->expirationHelper = $expirationHelper;
@@ -87,20 +92,11 @@ public function remoteVetAction(Request $request, $secondFactorId, $identityProv
     {
         $identity = $this->getIdentity();
 
-        /** @var SecondFactorService $service */
-        $service = $this->get('surfnet_stepup_self_service_self_service.service.second_factor');
-        if (!$service->identityHasSecondFactorOfStateWithId($identity->id, 'verified', $secondFactorId)) {
-            $this->get('logger')->error(sprintf(
-                'Identity "%s" tried to vet "%s" second factor "%s", but does not own that second factor',
-                $identity->id,
-                'verified',
-                $secondFactorId
-            ));
-            throw new NotFoundHttpException();
-        }
-
-        $secondFactor = $service->findOneVerified($secondFactorId);
-        if ($secondFactor === null || $this->expirationHelper->hasExpired($secondFactor->registrationRequestedAt)) {
+        $secondFactor = $this->secondFactorService->findOneVerified($secondFactorId);
+        if ($secondFactor === null ||
+            $secondFactor->identityId != $identity->id ||
+            $this->expirationHelper->hasExpired($secondFactor->registrationRequestedAt)
+        ) {
             throw new NotFoundHttpException(
                 sprintf("No %s second factor with id '%s' exists.", 'verified', $secondFactorId)
             );
@@ -202,9 +198,7 @@ public function remoteVetMatchAction(Request $request, $processId)
                 $command->identity = $token->getIdentityId();
                 $command->secondFactor = $token->getSecondFactorId();
 
-                /** @var SecondFactorService $service */
-                $service = $this->get('surfnet_stepup_self_service_self_service.service.second_factor');
-                if ($service->remoteVet($command)) {
+                if ($this->secondFactorService->remoteVet($command)) {
                     $flashBag->add('success', 'ss.second_factor.revoke.alert.remote_vetting_successful');
                 } else {
                     $flashBag->add('error', 'ss.second_factor.revoke.alert.remote_vetting_failed');

diff --git a/...pSelfService/SelfServiceBundle/Resources/views/Registration/displayVettingTypes.html.twig b/...pSelfService/SelfServiceBundle/Resources/views/Registration/displayVettingTypes.html.twig
@@ -44,7 +44,7 @@
                         {{ identityProvider.description(app.request.locale) }}
                     </p>
                     <form action="{{ url('ss_second_factor_remote_vet', {'secondFactorId': secondFactorId, 'identityProviderSlug': identityProvider.slug }) }}" method="get">
-                        <button type="submit" class="btn btn-primary">Continue</button>
+                        <button type="submit" class="btn btn-primary" id="select-rv-idp-{{ identityProvider.slug }}">Continue</button>
                     </form>
                 </div>
             </div>

diff --git a/...ervice/SelfServiceBundle/Resources/views/RemoteVetting/displayRemoteVettingIdPs.html.twig b/...ervice/SelfServiceBundle/Resources/views/RemoteVetting/displayRemoteVettingIdPs.html.twig
diff --git a/...et/StepupSelfService/SelfServiceBundle/Service/InstitutionConfigurationOptionsService.php b/...et/StepupSelfService/SelfServiceBundle/Service/InstitutionConfigurationOptionsService.php
@@ -21,7 +21,7 @@
 use Surfnet\StepupMiddlewareClientBundle\Configuration\Dto\InstitutionConfigurationOptions;
 use Surfnet\StepupMiddlewareClientBundle\Configuration\Service\InstitutionConfigurationOptionsService as ApiInstitutionConfigurationOptionsService;
 
-final class InstitutionConfigurationOptionsService
+class InstitutionConfigurationOptionsService
 {
     /**
      * @var ApiInstitutionConfigurationOptionsService