From 50e4d45f8dc08d7eb73c0e109ceb1937f94eb5c0 Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Mon, 4 Apr 2016 09:25:54 -0300
Subject: [PATCH 01/14] Updating from Rede Livre

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index c9eea18d1..0a4699b94 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,4 @@
 /.buildpath
 /app/check.php
 /.vagrant
+.idea

From eddccf5a93608c2885e192415472b6be9a154927 Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Mon, 4 Apr 2016 15:02:53 -0300
Subject: [PATCH 02/14] Deprecated usernames #378

* added feature flag to hide/show username change link #378

* username hidden #378
---
 app/config/security.yml                       |  2 +
 src/LoginCidadao/CoreBundle/Entity/Person.php |  9 +++
 .../views/Default/dashboard.html.twig         | 58 +++++++++++++------
 .../views/Person/profile/edit.html.twig       |  2 +-
 .../views/Person/profile/show.html.twig       |  2 +-
 .../Person/registration/confirmed.html.twig   |  2 +-
 .../views/Person/registration/email.html.twig |  8 +--
 .../views/Person/resetting/email.html.twig    |  5 +-
 .../Resources/views/base.loggedIn.html.twig   | 22 +++----
 .../Resources/views/navbar.html.twig          |  2 +-
 10 files changed, 72 insertions(+), 40 deletions(-)

diff --git a/app/config/security.yml b/app/config/security.yml
index 50effd324..1c0518976 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -17,6 +17,7 @@ security:
             - ROLE_USER
             - ROLE_ORGANIZATIONS_BIND_CLIENT
             - ROLE_EDIT_CLIENT_ALLOWED_SCOPES
+            - FEATURE_EDIT_USERNAME
         ROLE_SUPER:
             - ROLE_DEV
             - ROLE_ORGANIZATIONS_CREATE
@@ -47,6 +48,7 @@ security:
         FEATURE_IGP_VALIDATION:
         FEATURE_ORGANIZATIONS:
         FEATURE_IMPERSONATION_REPORTS:
+        FEATURE_EDIT_USERNAME:
 
     providers:
         chainprovider:
diff --git a/src/LoginCidadao/CoreBundle/Entity/Person.php b/src/LoginCidadao/CoreBundle/Entity/Person.php
index 5d65f8fb9..645fc0273 100644
--- a/src/LoginCidadao/CoreBundle/Entity/Person.php
+++ b/src/LoginCidadao/CoreBundle/Entity/Person.php
@@ -1317,4 +1317,13 @@ public function getEncoderName()
 
         return $encoder;
     }
+
+    public function getShortDisplayName()
+    {
+        if ($this->getGivenName()) {
+            return $this->getGivenName();
+        } else {
+            return $this->getEmail();
+        }
+    }
 }
diff --git a/src/LoginCidadao/CoreBundle/Resources/views/Default/dashboard.html.twig b/src/LoginCidadao/CoreBundle/Resources/views/Default/dashboard.html.twig
index 5e8f276ec..d58d38702 100644
--- a/src/LoginCidadao/CoreBundle/Resources/views/Default/dashboard.html.twig
+++ b/src/LoginCidadao/CoreBundle/Resources/views/Default/dashboard.html.twig
@@ -7,15 +7,20 @@
                 <div class="panel panel-default">
                     <div class="panel-heading">
                         {% trans %}Profile{% endtrans %}
-                        <a href="{{ path('fos_user_profile_edit') }}" class="btn btn-primary btn-xs btn-section pull-right" role="button" title="{% trans %}more{% endtrans %}"><span class="glyphicon glyphicon-pencil"></span></a>
+                        <a href="{{ path('fos_user_profile_edit') }}"
+                           class="btn btn-primary btn-xs btn-section pull-right" role="button"
+                           title="{% trans %}more{% endtrans %}"><span class="glyphicon glyphicon-pencil"></span></a>
                     </div>
                     <div class="panel-body">
-                        <img src="{{ include("LoginCidadaoCoreBundle:Person:currentUserPicture.html.twig", {'targetPerson': app.user}) }}" class="profile-picture pull-left">
+                        <img src="{{ include("LoginCidadaoCoreBundle:Person:currentUserPicture.html.twig", {'targetPerson': app.user}) }}"
+                             class="profile-picture pull-left">
                         <div class="about pull-left">
-                            <h4 class="media-heading">
-                                <span class="glyphicon glyphicon-user" aria-hidden="true"></span>
-                                {{ app.user.firstName }}
-                            </h4>
+                            {% if app.user.firstName is not null %}
+                                <h4 class="media-heading">
+                                    <span class="glyphicon glyphicon-user" aria-hidden="true"></span>
+                                    {{ app.user.firstName }}
+                                </h4>
+                            {% endif %}
                             {% if app.user.birthdate is not null %}
                                 <div class="birthdate">{{ app.user.birthdate | date('birthdate.format' | trans) }}</div>
                             {% endif %}
@@ -41,21 +46,24 @@
                 <div class="panel panel-default">
                     <div class="panel-heading">
                         {% trans %}Services{% endtrans %}
-                        <a href="{{ path('lc_authorization_list') }}" class="btn btn-primary btn-xs btn-section pull-right" role="button" title="{% trans %}more{% endtrans %}"><span class="glyphicon glyphicon-plus"></span></a>
+                        <a href="{{ path('lc_authorization_list') }}"
+                           class="btn btn-primary btn-xs btn-section pull-right" role="button"
+                           title="{% trans %}more{% endtrans %}"><span class="glyphicon glyphicon-plus"></span></a>
                     </div>
                     <div class="panel-body">
                         {% if app.user.getAuthorizations|length > 0 %}
                             {% for auth in app.user.getAuthorizations %}
                                 {% if auth.client.uid != defaultClientUid %}
                                     <a href="{{ auth.client.siteUrl }}" target="_blank" title="{{ auth.client.name }}">
-                                        <img src="{{ include('LoginCidadaoCoreBundle:Client:imageUrl.html.twig', { 'client': auth.client }) }}" width="65" height="65" class="media-object service-img">
+                                        <img src="{{ include('LoginCidadaoCoreBundle:Client:imageUrl.html.twig', { 'client': auth.client }) }}"
+                                             width="65" height="65" class="media-object service-img">
                                     </a>
                                 {% endif %}
                             {% endfor %}
                         {% else %}
                             <p class="text-center">{% trans %}You don't have any active service.{% endtrans %}</p>
                             <p class="text-center"><a href="">{{ 'Check the services available' | trans }}</a></p>
-                            {% endif %}
+                        {% endif %}
                     </div>
                 </div>
             </div>
@@ -67,15 +75,18 @@
                 <div class="panel panel-default">
                     <div class="panel-heading">
                         {{ 'Badges' | trans }}
-                        <a href="{{ path('lc_profile_badges') }}" class="btn btn-primary btn-xs btn-section pull-right" role="button" title="{% trans %}more{% endtrans %}"><span class="glyphicon glyphicon-plus"></span></a>
+                        <a href="{{ path('lc_profile_badges') }}" class="btn btn-primary btn-xs btn-section pull-right"
+                           role="button" title="{% trans %}more{% endtrans %}"><span
+                                    class="glyphicon glyphicon-plus"></span></a>
                     </div>
                     <div class="panel-body">
                         {% if userBadges|length == 0 %}
-                            <div class="alert alert-warning" role="alert">{% trans %}You don't have any badges yet!{% endtrans %}</div>
+                            <div class="alert alert-warning" role="alert">{% trans %}You don't have any badges
+                                yet!{% endtrans %}</div>
                         {% endif %}
                         {% for client, badges in allBadges %}
                             {% for badge, content in badges %}
-                                {% set key = client ~ '.' ~ badge  %}
+                                {% set key = client ~ '.' ~ badge %}
                                 {% if key in userBadges|keys %}
                                     <div class="badge-icon badge-{{ badge }}"></div>
                                 {% endif %}
@@ -92,11 +103,14 @@
                     <div class="panel-body">
                         <div class="list-group">
                             {% if notifications|length == 0 %}
-                                <div class="alert alert-warning" role="alert">{% trans %}You don't have any unread notification.{% endtrans %}</div>
+                                <div class="alert alert-warning" role="alert">{% trans %}You don't have any unread
+                                    notification.{% endtrans %}</div>
                             {% endif %}
                             {% for notification in notifications %}
-                                <a href="{{ path('lc_notifications', { id: notification.id }) }}" class="list-group-item notification">
-                                    {{ notification.sender.name }} - {{ notification.title }} - {{ notification.createdAt|date("d/m/Y H:i:s") }}
+                                <a href="{{ path('lc_notifications', { id: notification.id }) }}"
+                                   class="list-group-item notification">
+                                    {{ notification.sender.name }} - {{ notification.title }}
+                                    - {{ notification.createdAt|date("d/m/Y H:i:s") }}
                                 </a>
                             {% endfor %}
                         </div>
@@ -111,12 +125,15 @@
                 <div class="panel panel-default">
                     <div class="panel-heading">
                         {{ 'access_log.panel_title' | trans }}
-                        <a href="{{ path('lc_access_log_list') }}" class="btn btn-primary btn-xs btn-section pull-right" role="button" title="{% trans %}more{% endtrans %}"><span class="glyphicon glyphicon-plus"></span></a>
+                        <a href="{{ path('lc_access_log_list') }}" class="btn btn-primary btn-xs btn-section pull-right"
+                           role="button" title="{% trans %}more{% endtrans %}"><span
+                                    class="glyphicon glyphicon-plus"></span></a>
                     </div>
                     <div class="panel-body">
                         <ul class="list-group">
                             {% if logs.logins|length == 0 %}
-                                <div class="alert alert-warning" role="alert">{% trans %}You don't have any login log.{% endtrans %}</div>
+                                <div class="alert alert-warning" role="alert">{% trans %}You don't have any login
+                                    log.{% endtrans %}</div>
                             {% endif %}
                             {% for log in logs.logins %}
                                 <li class="list-group-item">
@@ -132,12 +149,15 @@
                 <div class="panel panel-default">
                     <div class="panel-heading">
                         {% trans %}Activity Log{% endtrans %}
-                        <a href="{{ path('lc_activity_log_list') }}" class="btn btn-primary btn-xs btn-section pull-right" role="button" title="{% trans %}more{% endtrans %}"><span class="glyphicon glyphicon-plus"></span></a>
+                        <a href="{{ path('lc_activity_log_list') }}"
+                           class="btn btn-primary btn-xs btn-section pull-right" role="button"
+                           title="{% trans %}more{% endtrans %}"><span class="glyphicon glyphicon-plus"></span></a>
                     </div>
                     <div class="panel-body">
                         <ul class="media-list">
                             {% if logs.activity|length == 0 %}
-                                <div class="alert alert-warning" role="alert">{% trans %}You don't have any activity log.{% endtrans %}</div>
+                                <div class="alert alert-warning" role="alert">{% trans %}You don't have any activity
+                                    log.{% endtrans %}</div>
                             {% endif %}
                             {% for log in logs.activity %}
                                 <li class="media">
diff --git a/src/LoginCidadao/CoreBundle/Resources/views/Person/profile/edit.html.twig b/src/LoginCidadao/CoreBundle/Resources/views/Person/profile/edit.html.twig
index 36d0a0f7c..d69485902 100644
--- a/src/LoginCidadao/CoreBundle/Resources/views/Person/profile/edit.html.twig
+++ b/src/LoginCidadao/CoreBundle/Resources/views/Person/profile/edit.html.twig
@@ -23,7 +23,7 @@
                             </div>
                             <div class="media-body">
                                 <h2 class="media-heading personal-info">{{ 'Personal Information' | trans }}</h2>
-                                {{ app.user.username }}
+                                {{ app.user.shortDisplayName }}
                             </div>
                         </div>
                     </div>
diff --git a/src/LoginCidadao/CoreBundle/Resources/views/Person/profile/show.html.twig b/src/LoginCidadao/CoreBundle/Resources/views/Person/profile/show.html.twig
index 650a43dd6..4b17fc65c 100644
--- a/src/LoginCidadao/CoreBundle/Resources/views/Person/profile/show.html.twig
+++ b/src/LoginCidadao/CoreBundle/Resources/views/Person/profile/show.html.twig
@@ -13,7 +13,7 @@
     {% trans_default_domain 'FOSUserBundle' %}
 
     <div class="fos_user_user_show">
-        <p>{{ 'profile.show.username'|trans }}: {{ user.username }}</p>
+        <p>{{ 'profile.show.username'|trans }}: {{ user.shortDisplayName }}</p>
         <p>{{ 'profile.show.email'|trans }}: {{ user.email }}</p>
     </div>
 
diff --git a/src/LoginCidadao/CoreBundle/Resources/views/Person/registration/confirmed.html.twig b/src/LoginCidadao/CoreBundle/Resources/views/Person/registration/confirmed.html.twig
index bfd5c32cd..345ea7b32 100644
--- a/src/LoginCidadao/CoreBundle/Resources/views/Person/registration/confirmed.html.twig
+++ b/src/LoginCidadao/CoreBundle/Resources/views/Person/registration/confirmed.html.twig
@@ -4,7 +4,7 @@
 
     {% trans_default_domain 'FOSUserBundle' %}
 
-    <p>{{ 'registration.confirmed'|trans({'%username%': user.username}) }}</p>
+    <p>{{ 'registration.confirmed'|trans({'%username%': user.shortDisplayName}) }}</p>
     {% if app.session is not empty %}
         {% set targetUrl = app.session.get('_security.' ~ app.security.token.providerKey ~ '.target_path') %}
         {% if targetUrl is not empty %}<p><a href="{{ targetUrl }}">{{ 'registration.back'|trans }}</a></p>{% endif %}
diff --git a/src/LoginCidadao/CoreBundle/Resources/views/Person/registration/email.html.twig b/src/LoginCidadao/CoreBundle/Resources/views/Person/registration/email.html.twig
index 197b6cdf5..9ef32dbfe 100644
--- a/src/LoginCidadao/CoreBundle/Resources/views/Person/registration/email.html.twig
+++ b/src/LoginCidadao/CoreBundle/Resources/views/Person/registration/email.html.twig
@@ -2,13 +2,13 @@
 
 {% block subject %}
 {% autoescape false %}
-{{ 'registration.email.subject'|trans({'%username%': user.username, '%confirmationUrl%': confirmationUrl}) }}
+{{ 'registration.email.subject'|trans({'%username%': user.shortDisplayName, '%confirmationUrl%': confirmationUrl}) }}
 {% endautoescape %}
 {% endblock %}
 
 {% block body_text %}
 {% autoescape false %}
-{{ 'registration.email.message'|trans({'%username%': user.username, '%confirmationUrl%': confirmationUrl}) }}
+{{ 'registration.email.message'|trans({'%username%': user.shortDisplayName, '%confirmationUrl%': confirmationUrl}) }}
 {% endautoescape %}
 {% endblock %}
 
@@ -16,8 +16,8 @@
 {% block body_html %}
 {% autoescape false %}
 {{ include("LoginCidadaoCoreBundle::common.email.html.twig", {
-    'subject' : 'registration.email.subject' | trans({'%username%': user.username}),
-    'msg' : 'registration.email.message.html' | trans({'%username%': user.username}) | raw,
+    'subject' : 'registration.email.subject' | trans({'%username%': user.shortDisplayName}),
+    'msg' : 'registration.email.message.html' | trans({'%username%': user.shortDisplayName}) | raw,
     'url' : confirmationUrl,
     'urlsubject' : 'registration.email.click' | trans
 } ) }}
diff --git a/src/LoginCidadao/CoreBundle/Resources/views/Person/resetting/email.html.twig b/src/LoginCidadao/CoreBundle/Resources/views/Person/resetting/email.html.twig
index 269043519..5db8a1145 100644
--- a/src/LoginCidadao/CoreBundle/Resources/views/Person/resetting/email.html.twig
+++ b/src/LoginCidadao/CoreBundle/Resources/views/Person/resetting/email.html.twig
@@ -8,14 +8,13 @@
 
 {% block body_text %}
 {% autoescape false %}
-{{ 'resetting.email.message'|trans({'%username%': user.username, '%confirmationUrl%': confirmationUrl}) }}
+{{ 'resetting.email.message'|trans({'%username%': user.shortDisplayName, '%confirmationUrl%': confirmationUrl}) }}
 {% endautoescape %}
 {% endblock %}
 
 
 {% block body_html %}
 {% autoescape false %}
-{{ include("LoginCidadaoCoreBundle::common.email.html.twig", {'subject' : 'registration.email.subject'|trans({'%username%': user.username}), 'msg' : 'resetting.email.message'|trans, 'url' : confirmationUrl } ) }}
+{{ include("LoginCidadaoCoreBundle::common.email.html.twig", {'subject' : 'registration.email.subject'|trans({'%username%': user.shortDisplayName}), 'msg' : 'resetting.email.message'|trans, 'url' : confirmationUrl } ) }}
 {% endautoescape %}
 {% endblock %}
-
diff --git a/src/LoginCidadao/CoreBundle/Resources/views/base.loggedIn.html.twig b/src/LoginCidadao/CoreBundle/Resources/views/base.loggedIn.html.twig
index 54ecf682d..315099399 100644
--- a/src/LoginCidadao/CoreBundle/Resources/views/base.loggedIn.html.twig
+++ b/src/LoginCidadao/CoreBundle/Resources/views/base.loggedIn.html.twig
@@ -31,7 +31,7 @@
                             <i class="glyphicon glyphicon-file icon"></i>
                         </a>
                     </li>
-                    <li class="profile glyph {{ app.request.attributes.get('_route') == 'lc_person_addresses' or app.request.attributes.get('_route') == 'lc_person_addresses_edit' or app.request.attributes.get('_route') == 'lc_person_addresses_new' ? 'active'  }}">
+                    <li class="profile glyph {{ app.request.attributes.get('_route') == 'lc_person_addresses' or app.request.attributes.get('_route') == 'lc_person_addresses_edit' or app.request.attributes.get('_route') == 'lc_person_addresses_new' ? 'active' }}">
                         <a href="{{ path('lc_person_addresses') }}" class="clearfix">
                             <span>{% trans %}Addresses{% endtrans %}</span>
                             <i class="glyphicon glyphicon-map-marker icon"></i>
@@ -49,14 +49,16 @@
                             <i class="glyphicon glyphicon-bell icon"></i>
                         </a>
                     </li>
-                    <li class="username {{ app.request.attributes.get('_route') == 'lc_update_username' ? 'active' }}">
-                        <a href="{{ path('lc_update_username')}}" class="clearfix">
-                            <span>{% trans %}Change Username{% endtrans %}</span>
-                            <i class="glyphicon glyphicon-pencil icon"></i>
-                        </a>
-                    </li>
-                    <li class="password {{ app.request.attributes.get('_route') == 'fos_user_change_password' ? 'active' }}"   >
-                        <a href="{{ path('fos_user_change_password')}}" class="clearfix">
+                    {% if is_granted('FEATURE_EDIT_USERNAME') %}
+                        <li class="username {{ app.request.attributes.get('_route') == 'lc_update_username' ? 'active' }}">
+                            <a href="{{ path('lc_update_username') }}" class="clearfix">
+                                <span>{% trans %}Change Username{% endtrans %}</span>
+                                <i class="glyphicon glyphicon-pencil icon"></i>
+                            </a>
+                        </li>
+                    {% endif %}
+                    <li class="password {{ app.request.attributes.get('_route') == 'fos_user_change_password' ? 'active' }}">
+                        <a href="{{ path('fos_user_change_password') }}" class="clearfix">
                             <span>{% trans %}Security{% endtrans %}</span>
                             <i class="glyphicon glyphicon-lock icon"></i>
                         </a>
@@ -125,7 +127,7 @@
 
 {% block stylesheets_custom %}
     {% stylesheets '@lc_logged_css' filter='cssrewrite' filter='?uglifycss' %}
-    <link rel="stylesheet" href="{{ asset_url }}" />
+    <link rel="stylesheet" href="{{ asset_url }}"/>
     {% endstylesheets %}
 
 {% endblock %}
diff --git a/src/LoginCidadao/CoreBundle/Resources/views/navbar.html.twig b/src/LoginCidadao/CoreBundle/Resources/views/navbar.html.twig
index 11c9f326d..5b53abdee 100644
--- a/src/LoginCidadao/CoreBundle/Resources/views/navbar.html.twig
+++ b/src/LoginCidadao/CoreBundle/Resources/views/navbar.html.twig
@@ -41,7 +41,7 @@
             {# Profile Card #}
             <li class="btn-group pull-right profile">
                 <button type="button" class="btn dropdown-toggle profile-card" data-toggle="dropdown">
-                    <span class="profile-username">{{ app.user.username }}</span>
+                    <span class="profile-username">{{ app.user.shortDisplayName }}</span>
                     <span class="profile-picture-container">
                         <img src="{{ include("LoginCidadaoCoreBundle:Person:currentUserPicture.html.twig", {'targetPerson': app.user}) }}" alt="" class="profile-picture img-circle" width="30" height="30">
                     </span>

From 2e486615aaf839070abd35c03b28abb52545ee56 Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Mon, 4 Apr 2016 15:05:24 -0300
Subject: [PATCH 03/14] Preventing double form submission #377

---
 app/config/config.yml                         |  1 +
 .../js/jquery.preventDoubleSubmission.js      | 27 +++++++++++++++++++
 .../Resources/views/Default/index.html.twig   |  9 +++++++
 3 files changed, 37 insertions(+)
 create mode 100644 src/LoginCidadao/CoreBundle/Resources/public/js/jquery.preventDoubleSubmission.js

diff --git a/app/config/config.yml b/app/config/config.yml
index 6efb7d971..d5ee1428b 100644
--- a/app/config/config.yml
+++ b/app/config/config.yml
@@ -73,6 +73,7 @@ assetic:
           - '@LoginCidadaoCoreBundle/Resources/public/js/jquery.infinitescroll.js'
           - '@LoginCidadaoCoreBundle/Resources/public/js/jquery.infinitescroll.local.js'
           - '@LoginCidadaoCoreBundle/Resources/public/js/jquery.visible.min.js'
+          - '@LoginCidadaoCoreBundle/Resources/public/js/jquery.preventDoubleSubmission.js'
           - '@LoginCidadaoCoreBundle/Resources/public/js/general.js'
       lc_base_css:
         inputs:
diff --git a/src/LoginCidadao/CoreBundle/Resources/public/js/jquery.preventDoubleSubmission.js b/src/LoginCidadao/CoreBundle/Resources/public/js/jquery.preventDoubleSubmission.js
new file mode 100644
index 000000000..9c1ef9507
--- /dev/null
+++ b/src/LoginCidadao/CoreBundle/Resources/public/js/jquery.preventDoubleSubmission.js
@@ -0,0 +1,27 @@
+/*
+ * This file is part of the login-cidadao project or it's bundles.
+ *
+ * (c) Guilherme Donato <guilhermednt on github>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+// jQuery plugin to prevent double submission of forms
+// Extracted from http://stackoverflow.com/a/4473801
+jQuery.fn.preventDoubleSubmission = function() {
+    $(this).on('submit',function(e){
+        var $form = $(this);
+
+        if ($form.data('submitted') === true) {
+            // Previously submitted - don't submit again
+            e.preventDefault();
+        } else {
+            // Mark it so that the next submit can be ignored
+            $form.data('submitted', true);
+        }
+    });
+
+    // Keep chainability
+    return this;
+};
diff --git a/src/LoginCidadao/CoreBundle/Resources/views/Default/index.html.twig b/src/LoginCidadao/CoreBundle/Resources/views/Default/index.html.twig
index 672ceb76c..d6a4a895e 100644
--- a/src/LoginCidadao/CoreBundle/Resources/views/Default/index.html.twig
+++ b/src/LoginCidadao/CoreBundle/Resources/views/Default/index.html.twig
@@ -38,3 +38,12 @@
     <link rel="stylesheet" href="{{ asset_url }}" />
     {% endstylesheets %}
 {% endblock %}
+
+{% block javascripts %}
+    {{ parent() }}
+    <script>
+        $(document).ready(function(){
+            $('form').preventDoubleSubmission();
+        });
+    </script>
+{% endblock %}

From f43e0dd088e8ece87c8dc0a2267a246cb2096a66 Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Mon, 11 Apr 2016 10:22:16 -0300
Subject: [PATCH 04/14] Enforcing HTTPS #381 (#382)

* removed unused code #381

* removed unused routes #381

* enforcing HTTPS (fixes URL generation bugs) closes #381

* fixed tests to use https

* added new tests to check if HTTPS is enforced #381

* fixed tests to use HTTPS #381
---
 app/config/security.yml                       | 75 ++++++++----------
 .../Controller/DefaultController.php          | 10 ---
 .../Resources/views/Info/terms.html.twig      | 40 ----------
 .../Controller/DefaultControllerTest.php      | 14 +++-
 .../ClientRegistrationControllerTest.php      | 79 +++++++++++--------
 .../Controller/JsonWebKeyControllerTest.php   | 19 +++--
 6 files changed, 107 insertions(+), 130 deletions(-)
 delete mode 100644 src/LoginCidadao/CoreBundle/Resources/views/Info/terms.html.twig

diff --git a/app/config/security.yml b/app/config/security.yml
index 1c0518976..2c38217f9 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -153,44 +153,37 @@ security:
           anonymous:  true
 
     access_control:
-        - { path: ^/admin, role: [ROLE_SUPER] }
-        - { path: ^/dev, role: [ROLE_DEV] }
-
-        - { path: ^/api/v1/address/(cities|states|countries)/search, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/api/v1/address/cities/prefetch, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/api/v1/public/lc_consultaCep2, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
-
-        - { path: ^/oauth$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/.well-known, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/openid/connect/authorize, role: IS_AUTHENTICATED_FULLY }
-        - { path: ^/openid/connect, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-
-        - { path: ^/connect/twitter$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/connect/google$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/login/facebook$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-
-        - { path: ^/monitor/health, role: IS_AUTHENTICATED_ANONYMOUSLY, ip: %allowed_monitors% }
-
-        - { path: ^/contact$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/general$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/privacy$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/about$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/help$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/person/checkEmailAvailable, role: IS_AUTHENTICATED_ANONYMOUSLY }
-
-        - { path: ^/job, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/external/navbar.js, role: IS_AUTHENTICATED_ANONYMOUSLY }
-
-        - { path: ^/logout/if-not-remembered, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/terms$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-
-        - { path: ^/, roles: IS_AUTHENTICATED_REMEMBERED }
-        - { path: ^/profile/edit, roles: IS_AUTHENTICATED_FULLY }
-        - { path: ^/profile/change-username, roles: IS_AUTHENTICATED_FULLY }
-        - { path: ^/profile/change-password, roles: IS_AUTHENTICATED_FULLY }
-        - { path: ^/person, role: IS_AUTHENTICATED_REMEMBERED }
+        - { path: ^/admin, role: [ROLE_SUPER], requires_channel: https }
+        - { path: ^/dev, role: [ROLE_DEV], requires_channel: https }
+
+        - { path: ^/api/v1/address/(cities|states|countries)/search, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+        - { path: ^/api/v1/address/cities/prefetch, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+        - { path: ^/api/v1/public/lc_consultaCep2, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+        - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ], requires_channel: https }
+
+        - { path: ^/oauth$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+        - { path: ^/.well-known, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+        - { path: ^/openid/connect/authorize, role: IS_AUTHENTICATED_FULLY, requires_channel: https }
+        - { path: ^/openid/connect, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+
+        - { path: ^/connect/twitter$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+        - { path: ^/connect/google$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+        - { path: ^/login/facebook$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+
+        - { path: ^/monitor/health, role: IS_AUTHENTICATED_ANONYMOUSLY, ip: %allowed_monitors%, requires_channel: https }
+
+        - { path: ^/(contact|privacy|about|help|register)$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+        - { path: ^/person/checkEmailAvailable, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+
+        - { path: ^/job, role: ROLE_SUPER_ADMIN, requires_channel: https }
+        - { path: ^/external/navbar.js, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+
+        - { path: ^/logout/if-not-remembered, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+        - { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+
+        - { path: ^/, roles: IS_AUTHENTICATED_REMEMBERED, requires_channel: https }
+        - { path: ^/profile/edit, roles: IS_AUTHENTICATED_FULLY, requires_channel: https }
+        - { path: ^/profile/change-username, roles: IS_AUTHENTICATED_FULLY, requires_channel: https }
+        - { path: ^/profile/change-password, roles: IS_AUTHENTICATED_FULLY, requires_channel: https }
+        - { path: ^/person, role: IS_AUTHENTICATED_REMEMBERED, requires_channel: https }
diff --git a/src/LoginCidadao/CoreBundle/Controller/DefaultController.php b/src/LoginCidadao/CoreBundle/Controller/DefaultController.php
index f9a3176a6..c1e29c18c 100644
--- a/src/LoginCidadao/CoreBundle/Controller/DefaultController.php
+++ b/src/LoginCidadao/CoreBundle/Controller/DefaultController.php
@@ -39,16 +39,6 @@ public function facebookLoginAction(Request $request)
         return new RedirectResponse($redirect_url);
     }
 
-    /**
-     * @Route("/general", name="lc_general")
-     * @Template()
-     */
-    public function generalAction()
-    {
-        return $this->render('LoginCidadaoCoreBundle:Info:terms.html.twig',
-                compact('user', 'apps'));
-    }
-
     /**
      * @Route("/help", name="lc_help")
      * @Template()
diff --git a/src/LoginCidadao/CoreBundle/Resources/views/Info/terms.html.twig b/src/LoginCidadao/CoreBundle/Resources/views/Info/terms.html.twig
deleted file mode 100644
index 279eb5f5d..000000000
--- a/src/LoginCidadao/CoreBundle/Resources/views/Info/terms.html.twig
+++ /dev/null
@@ -1,40 +0,0 @@
-{% extends 'LoginCidadaoCoreBundle::base.html.twig' %}
-
-{% block body %}
-
-{% block notificationExtreme %}
-{{ include("LoginCidadaoCoreBundle::notification_extreme.html.twig", { columns: 'col-sm-10 col-sm-offset-1 col-md-6 col-md-offset-3' } ) }}
-{% endblock %}
-
-<div class="row">
-    <div class="col-xs-12 text-center header-shadows">
-        <h1>{% trans %}Citizen's Login{% endtrans %}</h1>
-        <h2 class="slogan hidden-xs">{% trans %}One account. The entire Government.{% endtrans %}</h2>
-    </div>
-</div>
-
-<div class="row">
-    <div class="general-content col-sm-10 col-sm-offset-1 col-md-6 col-md-offset-3">
-        {% trans_default_domain 'FOSUserBundle' %}
-
-        <div class="title text-center">
-            <h4>Termos de uso</h3>
-        </div>
-
-        <div class="text">
-            Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
-            tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
-            quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo
-            consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse
-            cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non
-            proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
-        </div>
-    </div>
-</div>
-{% endblock %}
-
-{% block stylesheets_custom %}
-    {% stylesheets '@lc_base_css' 'bundles/logincidadaocore/css/home/*.css' filter='cssrewrite' filter='?uglifycss' %}
-    <link rel="stylesheet" href="{{ asset_url }}" />
-    {% endstylesheets %}
-{% endblock %}
\ No newline at end of file
diff --git a/src/LoginCidadao/CoreBundle/Tests/Controller/DefaultControllerTest.php b/src/LoginCidadao/CoreBundle/Tests/Controller/DefaultControllerTest.php
index e9015a404..1774355b7 100644
--- a/src/LoginCidadao/CoreBundle/Tests/Controller/DefaultControllerTest.php
+++ b/src/LoginCidadao/CoreBundle/Tests/Controller/DefaultControllerTest.php
@@ -12,12 +12,24 @@ class DefaultControllerTest extends WebTestCase
      */
     public function testAnonymousPages($url)
     {
-        $client = self::createClient();
+        $client = self::createClient(array(), array('HTTPS' => true));
         $client->request('GET', $url);
 
         $this->assertTrue($client->getResponse()->isSuccessful());
     }
 
+    /**
+     * @dataProvider urlProvider
+     */
+    public function testHttps($url)
+    {
+        $client = self::createClient(array(), array('HTTPS' => false));
+        $client->request('GET', $url);
+
+        $this->assertFalse($client->getResponse()->isSuccessful());
+        $this->assertEquals(301, $client->getResponse()->getStatusCode());
+    }
+
     public function urlProvider()
     {
         return array(
diff --git a/src/LoginCidadao/OpenIDBundle/Tests/Controller/ClientRegistrationControllerTest.php b/src/LoginCidadao/OpenIDBundle/Tests/Controller/ClientRegistrationControllerTest.php
index c82d471ce..8a8409dd2 100644
--- a/src/LoginCidadao/OpenIDBundle/Tests/Controller/ClientRegistrationControllerTest.php
+++ b/src/LoginCidadao/OpenIDBundle/Tests/Controller/ClientRegistrationControllerTest.php
@@ -9,15 +9,19 @@ class ClientRegistrationControllerTest extends WebTestCase
 
     public function testRegister()
     {
-        $client = static::createClient();
+        $client = static::createClient(array(), array('HTTPS' => true));
 
         $data = array(
-            'redirect_uris' => array('http://google.com/test')
+            'redirect_uris' => array('http://google.com/test'),
         );
 
         $client->request(
-            'POST', '/openid/connect/register', array(), array(),
-            array('CONTENT_TYPE' => 'application/json'), json_encode($data)
+            'POST',
+            '/openid/connect/register',
+            array(),
+            array(),
+            array('CONTENT_TYPE' => 'application/json'),
+            json_encode($data)
         );
 
         $this->assertJsonResponse($client->getResponse(), 201, false);
@@ -26,17 +30,45 @@ public function testRegister()
         $this->assertNotEmpty($response->client_secret);
     }
 
+    protected function assertJsonResponse(
+        $response,
+        $statusCode = 200,
+        $checkValidJson = true,
+        $contentType = 'application/json'
+    ) {
+        $this->assertEquals(
+            $statusCode,
+            $response->getStatusCode(),
+            $response->getContent()
+        );
+        $this->assertTrue(
+            $response->headers->contains('Content-Type', $contentType),
+            $response->headers
+        );
+        if ($checkValidJson) {
+            $decode = json_decode($response->getContent());
+            $this->assertTrue(
+                ($decode != null && $decode != false),
+                'is response valid json: ['.$response->getContent().']'
+            );
+        }
+    }
+
     public function testRegisterInvalidRedirectUri()
     {
-        $client = static::createClient();
+        $client = static::createClient(array(), array('HTTPS' => true));
 
         $data = array(
-            'redirect_uris' => array('this.is.an.invalid.test')
+            'redirect_uris' => array('this.is.an.invalid.test'),
         );
 
         $client->request(
-            'POST', '/openid/connect/register', array(), array(),
-            array('CONTENT_TYPE' => 'application/json'), json_encode($data)
+            'POST',
+            '/openid/connect/register',
+            array(),
+            array(),
+            array('CONTENT_TYPE' => 'application/json'),
+            json_encode($data)
         );
 
         $this->assertJsonResponse($client->getResponse(), 400, false);
@@ -46,39 +78,24 @@ public function testRegisterInvalidRedirectUri()
 
     public function testRegisterInvalidMetadata()
     {
-        $client = static::createClient();
+        $client = static::createClient(array(), array('HTTPS' => true));
 
         $data = array(
             'redirect_uris' => array('https://google.com/valid/'),
-            'logo_uri' => 'this.is.an.invalid.uri'
+            'logo_uri' => 'this.is.an.invalid.uri',
         );
 
         $client->request(
-            'POST', '/openid/connect/register', array(), array(),
-            array('CONTENT_TYPE' => 'application/json'), json_encode($data)
+            'POST',
+            '/openid/connect/register',
+            array(),
+            array(),
+            array('CONTENT_TYPE' => 'application/json'),
+            json_encode($data)
         );
 
         $this->assertJsonResponse($client->getResponse(), 400, false);
         $response = json_decode($client->getResponse()->getContent());
         $this->assertEquals('invalid_client_metadata', $response->error);
     }
-
-    protected function assertJsonResponse($response, $statusCode = 200,
-                                            $checkValidJson = true,
-                                            $contentType = 'application/json')
-    {
-        $this->assertEquals(
-            $statusCode, $response->getStatusCode(), $response->getContent()
-        );
-        $this->assertTrue(
-            $response->headers->contains('Content-Type', $contentType),
-            $response->headers
-        );
-        if ($checkValidJson) {
-            $decode = json_decode($response->getContent());
-            $this->assertTrue(($decode != null && $decode != false),
-                'is response valid json: ['.$response->getContent().']'
-            );
-        }
-    }
 }
diff --git a/src/LoginCidadao/OpenIDBundle/Tests/Controller/JsonWebKeyControllerTest.php b/src/LoginCidadao/OpenIDBundle/Tests/Controller/JsonWebKeyControllerTest.php
index 4b3d1cc7e..34c7a95f3 100644
--- a/src/LoginCidadao/OpenIDBundle/Tests/Controller/JsonWebKeyControllerTest.php
+++ b/src/LoginCidadao/OpenIDBundle/Tests/Controller/JsonWebKeyControllerTest.php
@@ -9,7 +9,7 @@ class JsonWebKeyControllerTest extends WebTestCase
 
     public function testGet()
     {
-        $client = static::createClient();
+        $client = static::createClient(array(), array('HTTPS' => true));
 
         $client->request('GET', '/openid/connect/jwks');
 
@@ -23,12 +23,16 @@ public function testGet()
         }
     }
 
-    protected function assertJsonResponse($response, $statusCode = 200,
-                                          $checkValidJson = true,
-                                          $contentType = 'application/json')
-    {
+    protected function assertJsonResponse(
+        $response,
+        $statusCode = 200,
+        $checkValidJson = true,
+        $contentType = 'application/json'
+    ) {
         $this->assertEquals(
-            $statusCode, $response->getStatusCode(), $response->getContent()
+            $statusCode,
+            $response->getStatusCode(),
+            $response->getContent()
         );
         $this->assertTrue(
             $response->headers->contains('Content-Type', $contentType),
@@ -36,7 +40,8 @@ protected function assertJsonResponse($response, $statusCode = 200,
         );
         if ($checkValidJson) {
             $decode = json_decode($response->getContent());
-            $this->assertTrue(($decode != null && $decode != false),
+            $this->assertTrue(
+                ($decode != null && $decode != false),
                 'is response valid json: ['.$response->getContent().']'
             );
         }

From 161aab55d4a2834eaf509d1cd1f4a1abec7ca8b5 Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Mon, 11 Apr 2016 10:56:04 -0300
Subject: [PATCH 05/14] very important update to README.md

---
 README.md | 115 ++++++++++++++++++++++++++----------------------------
 1 file changed, 56 insertions(+), 59 deletions(-)

diff --git a/README.md b/README.md
index 02c2b7ecb..8bfecc213 100644
--- a/README.md
+++ b/README.md
@@ -1,102 +1,99 @@
 Login Cidadão
 =============
 
+[![Build Status](https://travis-ci.org/redelivre/login-cidadao.svg?branch=master)](https://travis-ci.org/redelivre/login-cidadao)
 [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/redelivre/login-cidadao/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/redelivre/login-cidadao/?branch=master)
 [![Join the chat at https://gitter.im/PROCERGS/login-cidadao](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/PROCERGS/login-cidadao?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
-This is the source code for the 'Login Cidadão' (Citizen's Login) project.
+## Requirements
+
+Running an Identity Provider is not an easy task.
+If you plan to maintain one yourself, you MUST:
 
-This project's main objective is to provide a way for citizens to authenticate against official online services, eliminating the need to create and maintain several credentials on several services.
+**FULLY understand**:
+ * [RFC 7231 - Response Status Codes](https://tools.ietf.org/html/rfc7231#section-6)
+ * [OpenID Connect Core 1.0 - TLS Requirements](http://openid.net/specs/openid-connect-core-1_0.html#TLSRequirements)
+ * [RFC 6749 - Ensuring Endpoint Authenticity](http://tools.ietf.org/html/rfc6749#section-10.9)
+ * How to debug a REST API
+ * How to debug PHP code
+ * You SHOULD NOT be using plain OAuth 2.0
 
-It also allows government agencies to better understand its citizen's needs and learn how to interact more effectively with them.
+Have at least a **very good** understanding of:
+ * [OpenID Connect Core 1.0](http://openid.net/specs/openid-connect-core-1_0.html)
+ * [OpenID Connect Discovery 1.0](http://openid.net/specs/openid-connect-discovery-1_0.html)
+ * [OpenID Connect Dynamic Client Registration 1.0](http://openid.net/specs/openid-connect-registration-1_0.html)
+ * [RFC 6749](http://tools.ietf.org/html/rfc6749)
 
-*Note*: Since this project is just on it's initial stages, it's not recommended to fork it just yet.
+To perform customizations you **MUST** have a good understanding of:
+ * [The Symfony Book](https://symfony.com/doc/2.8/book/index.html)
+ * [The Symfony Cookbook](https://symfony.com/doc/2.8/cookbook/index.html)
 
-Dependencies
-============
+If you fail to comply with the aforementioned requirements you and your users are very likely going to get hurt
+
+## OS Dependencies
 
  * PHP >=5.4
- * composer
- * node.js
- * memcached
+ * [composer](https://getcomposer.org)
+ * [node.js](http://nvm.sh)
+ * [memcached](https://memcached.org/)
 
- PHP Extensions
+### PHP Extensions
   * php5-curl
   * php5-intl
   * php5-mysql or php5-pgsql or your preferred driver
   * php5-memcache (you can use php5-memcached instead, just remember to change the `Memcache` classes to `Memcached`)
- 
- System Configuration
-  * php timezone (date.timezone = America/Sao_Paulo)
-  * write permission to app/cache app/logs web/uploads
 
-Docs
-====
+### System Configuration
+  * php timezone (example: `date.timezone = America/Sao_Paulo`)
+  * write permission to `app/cache`, `app/logs` and `web/uploads`
 
-[ Read the docs ](app/Resources/doc/index.md)
+## Docs
 
-Setup - Development
-===================
+[ Read the docs ](app/Resources/doc/index.md)
 
-Setting up on Linux
--------------------
+## Setup (Development)
 
-### Requirements
+### Linux
+#### Requirements
  * Sudoer user
  * PHP CLI
  * ACL-enabled filesystem
  * Composer
 
-### Before you start
+#### Before you start
 It's highly recommended to create your `app/config/parameters.yml` before installing to avoid database connection problems.
 
 You can start by using `app/config/parameters.yml.dist` as a template by simply copying it to the same folder but naming it as `parameters.yml`, then edit the default values.
 
-### Running the script
+#### Running the script
 Check if your environment meets Symfony's prerequesites:
-    `php app/check.php`
-Just execute the `install.sh` script and follow instructions in case of errors or warnings.
-Run:
-	`php app/console server:run`
-Test on default: http://localhost:8000
+``` bash
+php app/check.php
+```
 
-### Using Vagrant
-## Requirements
+Just execute the `install.sh` script and follow instructions in case of errors or warnings. Then run:
+``` bash
+php app/console server:run
+```
+Browse to `http://localhost:8000`
+
+### Vagrant
+
+#### Requirements
 * virtualbox
 * [vagrant](https://www.vagrantup.com/)
 * vagrant plugin [vagrant-vbguest](https://github.com/dotless-de/vagrant-vbguest) for port forward
 
-## Before you start
+#### Before you start
 It's highly recommended to create your `app/config/parameters.yml` before installing to avoid database connection problems.
 
 You can start by using `app/config/parameters.yml.vagrant` as a template by simply copying it to the same folder but naming it as `parameters.yml`, then edit the default values. Do not edit database values if you want to use the default vm database.
 
-## Run
-	`vagrant up`
-	
-Setting up on Windows
----------------------
-Currently we do not have a setup script for Windows, but it should be pretty straightforward to convert the install.sh to be Windows compatible.
-
-General Steps for Installation
-------------------------------
-
-1. Make sure the following directories are writeable by your http/PHP user via ACL permissions ([you can read more here](http://symfony.com/doc/current/book/installation.html)):
-  * app/cache
-  * app/logs
-  * web/uploads
-2. Make sure you have all dependencies and needed PHP extensions installed.
-3. Check if your environment meets Symfony's prerequesites:
-
-    `$ php app/check.php`
-
-4. Run `$ composer install`
-5. Create the database if you didn't do it yet:
-
-    `$ php app/console doctrine:database:create`
-
-6. Create the schema:
+#### Run
+``` bash
+$ vagrant up
+```
 
-    `$ php app/console doctrine:schema:create`
+### General Steps for Installation
 
-7. Point your server's Document Root to the /web folder and make sure app.php is your index. Symfony already comes with .htaccess to do it for you on Apache.
+[Instructions in Brazilian Portuguese](doc/docs/como-instalar.md)

From 9a5dfb9d8212e7a93d5fcb3faf739abaf3037518 Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Mon, 11 Apr 2016 14:13:56 -0300
Subject: [PATCH 06/14] preventing session invalidation for users without this
 feature #358

---
 .../CoreBundle/EventListener/LoggedInUserListener.php         | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/LoginCidadao/CoreBundle/EventListener/LoggedInUserListener.php b/src/LoginCidadao/CoreBundle/EventListener/LoggedInUserListener.php
index 49f38c345..d7627c18c 100644
--- a/src/LoginCidadao/CoreBundle/EventListener/LoggedInUserListener.php
+++ b/src/LoginCidadao/CoreBundle/EventListener/LoggedInUserListener.php
@@ -135,6 +135,10 @@ private function passwordEncoderMigration(GetResponseEvent $event)
 
     private function checkSessionInvalidation(GetResponseEvent $event)
     {
+        if (!$this->authChecker->isGranted('FEATURE_INVALIDATE_SESSIONS')) {
+            return;
+        }
+
         $person  = $this->tokenStorage->getToken()->getUser();
         $repo    = $this->getInvalidateSessionRequestRepository();
         $request = $repo->findMostRecent($person);

From 27faff6f922a3de7034fe39336e9315e253ee178 Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Mon, 11 Apr 2016 14:28:51 -0300
Subject: [PATCH 07/14] added permission for nelmio report endpoint

---
 app/config/security.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/config/security.yml b/app/config/security.yml
index 2c38217f9..a47b50c3a 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -173,6 +173,7 @@ security:
 
         - { path: ^/monitor/health, role: IS_AUTHENTICATED_ANONYMOUSLY, ip: %allowed_monitors%, requires_channel: https }
 
+        - { path: ^/nelmio/csp/report$, role: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/(contact|privacy|about|help|register)$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
         - { path: ^/person/checkEmailAvailable, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
 

From 2fcc35277e033d9ccab9064c8d0a0a3e4fb852eb Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Tue, 12 Apr 2016 12:02:37 -0300
Subject: [PATCH 08/14] fixed bug in subject type detection

---
 .../EventListenner/PersonSerializeEventListenner.php            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/LoginCidadao/OpenIDBundle/EventListenner/PersonSerializeEventListenner.php b/src/LoginCidadao/OpenIDBundle/EventListenner/PersonSerializeEventListenner.php
index ae7d5aebb..8e47f1d60 100644
--- a/src/LoginCidadao/OpenIDBundle/EventListenner/PersonSerializeEventListenner.php
+++ b/src/LoginCidadao/OpenIDBundle/EventListenner/PersonSerializeEventListenner.php
@@ -48,7 +48,7 @@ private function setSubjectIdentifier(ObjectEvent $event)
         $metadata = $client->getMetadata();
 
         $id = $event->getObject()->getId();
-        if ($metadata === null || $metadata->getSubjectType() === 'public') {
+        if ($metadata === null || $metadata->getSubjectType() !== 'pairwise') {
             $event->getVisitor()->addData('sub', $id);
             $event->getVisitor()->addData('id', $id);
             return;

From 7b0d569f38ba12cd143ff6dc6b33ba4b3fd13a51 Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Thu, 14 Apr 2016 10:58:07 -0300
Subject: [PATCH 09/14] Fixed statistics page timing out #384 (#385)

* work in progress #384

* huge speedup in stats queries. fixes #384
---
 .../Controller/StatisticsController.php       |   5 +-
 .../OAuthBundle/Entity/ClientRepository.php   |  95 ++++++++-----
 .../Entity/StatisticsRepository.php           | 133 +++++++++++-------
 .../EventListener/StatisticsSubscriber.php    |  78 +++++++---
 .../StatsBundle/Handler/StatsHandler.php      |  49 +++++--
 5 files changed, 247 insertions(+), 113 deletions(-)

diff --git a/src/LoginCidadao/CoreBundle/Controller/StatisticsController.php b/src/LoginCidadao/CoreBundle/Controller/StatisticsController.php
index 0fdae6a49..bc5901573 100644
--- a/src/LoginCidadao/CoreBundle/Controller/StatisticsController.php
+++ b/src/LoginCidadao/CoreBundle/Controller/StatisticsController.php
@@ -2,6 +2,7 @@
 
 namespace LoginCidadao\CoreBundle\Controller;
 
+use LoginCidadao\OAuthBundle\Entity\ClientRepository;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Symfony\Component\Routing\Annotation\Route;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
@@ -91,6 +92,7 @@ public function usersByCityAction($stateId)
      */
     public function usersByServicesAction(Request $request)
     {
+        /** @var ClientRepository $repo */
         $repo   = $this->getDoctrine()
             ->getRepository('LoginCidadaoOAuthBundle:Client');
         $totals = $repo->getCountPerson($this->getUser());
@@ -100,8 +102,7 @@ public function usersByServicesAction(Request $request)
             $client = $total['client'];
             $keys[] = $client->getId();
         }
-        $evoData = $this->getStatsHandler()->getIndexedUniqueLastDays('client.users',
-            $keys, 30);
+        $evoData = $this->getStatsHandler()->getIndexed('agg.client.users', $keys, 30);
 
         $context    = SerializationContext::create()->setGroups('date');
         $serializer = $this->get('jms_serializer');
diff --git a/src/LoginCidadao/OAuthBundle/Entity/ClientRepository.php b/src/LoginCidadao/OAuthBundle/Entity/ClientRepository.php
index ad2a5a813..5107c1c1b 100644
--- a/src/LoginCidadao/OAuthBundle/Entity/ClientRepository.php
+++ b/src/LoginCidadao/OAuthBundle/Entity/ClientRepository.php
@@ -11,49 +11,73 @@ class ClientRepository extends EntityRepository
     public function findOneOwned(PersonInterface $person, $id)
     {
         return $this->createQueryBuilder('c')
-                ->where(':person MEMBER OF c.owners')
-                ->andWhere('c.id = :id ')
-                ->setParameters(compact('person', 'id'))
-                ->getQuery()
-                ->getOneOrNullResult();
+            ->where(':person MEMBER OF c.owners')
+            ->andWhere('c.id = :id ')
+            ->setParameters(compact('person', 'id'))
+            ->getQuery()
+            ->getOneOrNullResult();
     }
 
-    public function getCountPerson(PersonInterface $person = null,
-                                    $clientId = null)
-    {
+    public function getCountPerson(
+        PersonInterface $person = null,
+        $clientId = null
+    ) {
         $qb = $this->getEntityManager()->createQueryBuilder()
-                ->select('count(a.id) AS qty, c AS client')
-                ->from('LoginCidadaoCoreBundle:Authorization', 'a')
-            ->innerJoin('LoginCidadaoOAuthBundle:Client', 'c', 'WITH',
-                'a.client = c')
-                ->where('c.published = true')
-                ->groupBy('a.client, c')
+            ->select('count(a.id) AS qty, c.id AS client')
+            ->from('LoginCidadaoCoreBundle:Authorization', 'a')
+            ->innerJoin(
+                'LoginCidadaoOAuthBundle:Client',
+                'c',
+                'WITH',
+                'a.client = c'
+            )
+            ->where('c.published = true')
+            ->groupBy('a.client, c.id')
             ->orderBy('qty', 'DESC');
 
         if ($person !== null) {
-            $clients = $this->getEntityManager()->createQueryBuilder()
-                    ->select('c.id')
-                    ->from($this->getEntityName(), 'c', 'c.id')
-                    ->join('c.authorizations', 'a')
-                    ->where('a.person = :person')
-                    ->setParameters(compact('person'))
-                    ->getQuery()->getArrayResult();
-
-            $ids = array_keys($clients);
-            $qb->orWhere('c.id IN (:clients)')->setParameter('clients', $ids);
-    }
+            $qb->leftJoin('a.person', 'p')
+                ->orWhere('p.id IS NOT NULL');
+        }
 
         if ($clientId !== null) {
             $qb->andWhere('c.id = :clientId')
                 ->setParameter('clientId', $clientId);
         }
 
-        return $qb->getQuery()->getResult();
+        $items = $this->injectObject($qb->getQuery()->getResult(), 'client');
+
+        return $items;
     }
 
-    public function statsUsersByServiceByDay($days, $clientId = null,
-                                                PersonInterface $person = null)
+    private function injectObject(array $items = [], $idKey)
     {
+        $ids = [];
+        foreach ($items as $item) {
+            $ids[] = $item[$idKey];
+        }
+
+        $clients = $this->findBy(['id' => $ids]);
+        $indexedClients = [];
+        foreach ($clients as $client) {
+            $indexedClients[$client->getId()] = $client;
+        }
+
+        return array_map(
+            function ($item) use ($idKey, $indexedClients) {
+                $id = $item[$idKey];
+                $item[$idKey] = $indexedClients[$id];
+                return $item;
+            },
+            $items
+        );
+    }
+
+    public function statsUsersByServiceByDay(
+        $days,
+        $clientId = null,
+        PersonInterface $person = null
+    ) {
         $date = new \DateTime("-$days days");
 
         $query = $this->createQueryBuilder('c')
@@ -73,15 +97,16 @@ public function statsUsersByServiceByDay($days, $clientId = null,
 
         if ($person !== null) {
             $clients = $this->getEntityManager()->createQueryBuilder()
-                    ->select('c.id')
-                    ->from($this->getEntityName(), 'c', 'c.id')
-                    ->join('c.authorizations', 'a')
-                    ->where('a.person = :person')
-                    ->setParameters(compact('person'))
-                    ->getQuery()->getArrayResult();
+                ->select('c.id')
+                ->from($this->getEntityName(), 'c', 'c.id')
+                ->join('c.authorizations', 'a')
+                ->where('a.person = :person')
+                ->setParameters(compact('person'))
+                ->getQuery()->getArrayResult();
 
             $ids = array_keys($clients);
-            $query->orWhere($query->expr()
+            $query->orWhere(
+                $query->expr()
                     ->andX('a.createdAt >= :date', 'c.id IN (:clients)')
             )->setParameter('clients', $ids);
         }
diff --git a/src/LoginCidadao/StatsBundle/Entity/StatisticsRepository.php b/src/LoginCidadao/StatsBundle/Entity/StatisticsRepository.php
index 0e44bf44d..f2f2ad460 100644
--- a/src/LoginCidadao/StatsBundle/Entity/StatisticsRepository.php
+++ b/src/LoginCidadao/StatsBundle/Entity/StatisticsRepository.php
@@ -16,53 +16,53 @@
 class StatisticsRepository extends EntityRepository
 {
 
-    public function findStatsByIndexKeyDate($index, $keys = null,
-                                            \DateTime $afterDate = null)
-    {
-        $query = $this->getFindStatsByIndexKeyDateQuery($index, $keys,
-            $afterDate);
-
-        return $query->getQuery()->getResult();
-    }
-
-    public function findIndexedStatsByIndexKeyDate($index, $keys = null,
-                                                    \DateTime $afterDate = null)
-    {
-        $data = $this->findStatsByIndexKeyDate($index, $keys, $afterDate);
+    public function findIndexedStatsByIndexKeyDays(
+        $index,
+        $keys = null,
+        $days = null
+    ) {
+        $data = $this->findStatsByIndexKeyDays($index, $keys, $days);
 
         return $this->indexResults($data);
     }
 
-    public function findIndexedUniqueStatsByIndexKeyDate($index, $keys = null,
-                                                            \DateTime $afterDate = null)
-    {
-        $query = $this->getFindStatsByIndexKeyDateQuery($index, $keys,
-            $afterDate);
-        $this->applyGreatestNPerGroupDate($query);
-        $data  = $query->getQuery()->getResult();
+    public function findStatsByIndexKeyDays(
+        $index,
+        $keys = null,
+        $days = null
+    ) {
+        $query = $this->getFindStatsByIndexKeyDateQuery(
+            $index,
+            $keys,
+            null,
+            $days
+        );
 
-        return $this->indexResults($data);
+        return $query->getQuery()->getResult();
     }
+    public function findStatsByIndexKeyDate(
+        $index,
+        $keys = null,
+        \DateTime $afterDate = null
+    ) {
+        $query = $this->getFindStatsByIndexKeyDateQuery(
+            $index,
+            $keys,
+            $afterDate
+        );
 
-    public function findIndexedUniqueStatsByIndexKeyDays($index, $keys = null,
-                                                            $days = null)
-    {
-        $query = $this->getFindStatsByIndexKeyDateQuery($index, $keys, null,
-            $days);
-        $this->applyGreatestNPerGroupDate($query);
-        $data  = $query->getQuery()->getResult();
-
-        return $this->indexResults($data);
+        return $query->getQuery()->getResult();
     }
 
-    public function getFindStatsByIndexKeyDateQuery($index, $keys = null,
-                                                    \DateTime $afterDate = null,
-                                                    $days = null)
-    {
+    public function getFindStatsByIndexKeyDateQuery(
+        $index,
+        $keys = null,
+        \DateTime $afterDate = null,
+        $days = null
+    ) {
         $query = $this->createQueryBuilder('s')
             ->where('s.index = :index')
-            ->setParameter('index', $index)
-        ;
+            ->setParameter('index', $index);
 
         if ($keys !== null) {
             $query->andWhere('s.key IN (:keys)')
@@ -82,19 +82,6 @@ public function getFindStatsByIndexKeyDateQuery($index, $keys = null,
         return $query;
     }
 
-    public function applyGreatestNPerGroupDate(QueryBuilder $qb)
-    {
-        $qb->distinct();
-        $qb2 = $this->createQueryBuilder('ss')
-            ->select('MAX(ss.timestamp)')
-            ->where('DATE(ss.timestamp) = DATE(s.timestamp)')
-        ;
-
-        $qb->innerJoin($this->getEntityName(), 'sub', 'WITH',
-            $qb->expr()->eq('s.timestamp', '('.$qb2->getDQL().')'))
-        ;
-    }
-
     /**
      * @param Statistics[] $data
      * @return Statistics[]
@@ -108,4 +95,52 @@ public function indexResults(array $data)
 
         return $result;
     }
+
+    public function findIndexedUniqueStatsByIndexKeyDate(
+        $index,
+        $keys = null,
+        \DateTime $afterDate = null
+    ) {
+        $query = $this->getFindStatsByIndexKeyDateQuery(
+            $index,
+            $keys,
+            $afterDate
+        );
+        $this->applyGreatestNPerGroupDate($query);
+        $data = $query->getQuery()->getResult();
+
+        return $this->indexResults($data);
+    }
+
+    public function applyGreatestNPerGroupDate(QueryBuilder $qb)
+    {
+        $qb->distinct();
+        $qb2 = $this->createQueryBuilder('ss')
+            ->select('MAX(ss.timestamp)')
+            ->where('DATE(ss.timestamp) = DATE(s.timestamp)');
+
+        $qb->innerJoin(
+            $this->getEntityName(),
+            'sub',
+            'WITH',
+            $qb->expr()->eq('s.timestamp', '('.$qb2->getDQL().')')
+        );
+    }
+
+    public function findIndexedUniqueStatsByIndexKeyDays(
+        $index,
+        $keys = null,
+        $days = null
+    ) {
+        $query = $this->getFindStatsByIndexKeyDateQuery(
+            $index,
+            $keys,
+            null,
+            $days
+        );
+        $this->applyGreatestNPerGroupDate($query);
+        $data = $query->getQuery()->getResult();
+
+        return $this->indexResults($data);
+    }
 }
diff --git a/src/LoginCidadao/StatsBundle/EventListener/StatisticsSubscriber.php b/src/LoginCidadao/StatsBundle/EventListener/StatisticsSubscriber.php
index 40e177cce..85311fc9f 100644
--- a/src/LoginCidadao/StatsBundle/EventListener/StatisticsSubscriber.php
+++ b/src/LoginCidadao/StatsBundle/EventListener/StatisticsSubscriber.php
@@ -38,11 +38,7 @@ public function getSubscribedEvents()
     public function postPersist(LifecycleEventArgs $args)
     {
         $this->authorizations($args);
-    }
-
-    public function postRemove(LifecycleEventArgs $args)
-    {
-        $this->authorizations($args);
+        $this->authorizationsAggregate($args);
     }
 
     public function authorizations(LifecycleEventArgs $args)
@@ -52,12 +48,29 @@ public function authorizations(LifecycleEventArgs $args)
             return;
         }
 
+        $em = $args->getEntityManager();
+        $key = $entity->getClient()->getId();
+
         /** @var ClientRepository $clientRepo */
-        $clientRepo = $args->getEntityManager()
-            ->getRepository('LoginCidadaoOAuthBundle:Client');
+        $clientRepo = $em->getRepository('LoginCidadaoOAuthBundle:Client');
+
+        $count = $this->getClientCount($clientRepo, $entity);
 
-        $counts = $clientRepo->getCountPerson($entity->getPerson(),
-            $entity->getClient()->getId());
+        $statistics = new Statistics();
+        $statistics->setIndex('client.users')
+            ->setKey($key)
+            ->setTimestamp(new \DateTime())
+            ->setValue($count);
+        $em->persist($statistics);
+        $em->flush($statistics);
+    }
+
+    private function getClientCount(ClientRepository $clientRepo, Authorization $entity)
+    {
+        $counts = $clientRepo->getCountPerson(
+            $entity->getPerson(),
+            $entity->getClient()->getId()
+        );
         if (count($counts) > 0) {
             $count = $counts[0]['qty'];
         } else {
@@ -68,13 +81,44 @@ public function authorizations(LifecycleEventArgs $args)
             $count = 0;
         }
 
-        $statistics = new Statistics();
-        $statistics->setIndex('client.users')
-            ->setKey($entity->getClient()->getId())
-            ->setTimestamp(new \DateTime())
-            ->setValue($count)
-        ;
-        $args->getEntityManager()->persist($statistics);
-        $args->getEntityManager()->flush($statistics);
+        return $count;
+    }
+
+    public function authorizationsAggregate(LifecycleEventArgs $args)
+    {
+        $entity = $args->getEntity();
+        if (!($entity instanceof Authorization)) {
+            return;
+        }
+
+        $em = $args->getEntityManager();
+        $key = $entity->getClient()->getId();
+        $date = \DateTime::createFromFormat('Y-m-d H:i:s', date('Y-m-d 00:00:00'));
+        $clientRepo = $em->getRepository('LoginCidadaoOAuthBundle:Client');
+        $statsRepo = $em->getRepository('LoginCidadaoStatsBundle:Statistics');
+        $count = $this->getClientCount($clientRepo, $entity);
+
+        $statistics = $statsRepo->findOneBy(
+            array(
+                'timestamp' => $date,
+                'index' => 'agg.client.users',
+                'key' => $key,
+            )
+        );
+        if (!($statistics instanceof Statistics)) {
+            $statistics = new Statistics();
+            $statistics->setIndex('agg.client.users')
+                ->setKey($key)
+                ->setTimestamp($date);
+            $em->persist($statistics);
+        }
+        $statistics->setValue($count);
+        $em->flush($statistics);
+    }
+
+    public function postRemove(LifecycleEventArgs $args)
+    {
+        $this->authorizations($args);
+        $this->authorizationsAggregate($args);
     }
 }
diff --git a/src/LoginCidadao/StatsBundle/Handler/StatsHandler.php b/src/LoginCidadao/StatsBundle/Handler/StatsHandler.php
index 54cd7d48a..2c1c903fb 100644
--- a/src/LoginCidadao/StatsBundle/Handler/StatsHandler.php
+++ b/src/LoginCidadao/StatsBundle/Handler/StatsHandler.php
@@ -10,6 +10,7 @@
 
 namespace LoginCidadao\StatsBundle\Handler;
 
+use LoginCidadao\StatsBundle\Entity\Statistics;
 use LoginCidadao\StatsBundle\Entity\StatisticsRepository;
 
 class StatsHandler
@@ -27,22 +28,50 @@ public function get($index, $key = null, \DateTime $afterDate = null)
         return $this->repo->findStatsByIndexKeyDate($index, $key, $afterDate);
     }
 
-    public function getIndexed($index, $key = null, \DateTime $afterDate = null)
+    public function getIndexed($index, $key = null, $days = null)
     {
-        return $this->repo->findIndexedStatsByIndexKeyDate($index, $key,
-                $afterDate);
+        return $this->repo->findIndexedStatsByIndexKeyDays(
+            $index,
+            $key,
+            $days
+        );
     }
 
-    public function getIndexedUniqueDate($index, $keys = null,
-                                            \DateTime $afterDate = null)
-    {
-        return $this->repo->findIndexedUniqueStatsByIndexKeyDate($index, $keys,
-                $afterDate);
+    public function getIndexedUniqueDate(
+        $index,
+        $keys = null,
+        \DateTime $afterDate = null
+    ) {
+        return $this->repo->findIndexedUniqueStatsByIndexKeyDate(
+            $index,
+            $keys,
+            $afterDate
+        );
     }
 
     public function getIndexedUniqueLastDays($index, $keys = null, $days = null)
     {
-        return $this->repo->findIndexedUniqueStatsByIndexKeyDays($index, $keys,
-                $days);
+        return $this->repo->findIndexedUniqueStatsByIndexKeyDays(
+            $index,
+            $keys,
+            $days
+        );
+    }
+
+    /**
+     * @param \DateTime $date
+     * @param $index
+     * @param $key
+     * @return null|Statistics
+     */
+    public function getOneByDate(\DateTime $date, $index, $key)
+    {
+        return $this->repo->findOneBy(
+            array(
+                'timestamp' => $date,
+                'index' => $index,
+                'key' => $key,
+            )
+        );
     }
 }

From 15de7320f789e54732f99342f7a502251d13b3ec Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Thu, 14 Apr 2016 14:35:48 -0300
Subject: [PATCH 10/14] fixes #386 (#387)

---
 .../OAuthBundle/Entity/ClientRepository.php   | 62 +++++++++++--------
 1 file changed, 35 insertions(+), 27 deletions(-)

diff --git a/src/LoginCidadao/OAuthBundle/Entity/ClientRepository.php b/src/LoginCidadao/OAuthBundle/Entity/ClientRepository.php
index 5107c1c1b..f7393d532 100644
--- a/src/LoginCidadao/OAuthBundle/Entity/ClientRepository.php
+++ b/src/LoginCidadao/OAuthBundle/Entity/ClientRepository.php
@@ -36,8 +36,15 @@ public function getCountPerson(
             ->orderBy('qty', 'DESC');
 
         if ($person !== null) {
-            $qb->leftJoin('a.person', 'p')
-                ->orWhere('p.id IS NOT NULL');
+            $clients = $this->getEntityManager()->createQueryBuilder()
+                ->select('IDENTITY(a.client)')
+                ->from('LoginCidadaoCoreBundle:Authorization', 'a')
+                ->where('a.person = :person')
+                ->setParameter('person', $person)
+                ->getQuery()->getScalarResult();
+
+            $qb->orWhere('a.id IN (:clients)')
+                ->setParameter('clients', $clients);
         }
 
         if ($clientId !== null) {
@@ -45,32 +52,9 @@ public function getCountPerson(
                 ->setParameter('clientId', $clientId);
         }
 
-        $items = $this->injectObject($qb->getQuery()->getResult(), 'client');
+        $result = $qb->getQuery()->getResult();
 
-        return $items;
-    }
-
-    private function injectObject(array $items = [], $idKey)
-    {
-        $ids = [];
-        foreach ($items as $item) {
-            $ids[] = $item[$idKey];
-        }
-
-        $clients = $this->findBy(['id' => $ids]);
-        $indexedClients = [];
-        foreach ($clients as $client) {
-            $indexedClients[$client->getId()] = $client;
-        }
-
-        return array_map(
-            function ($item) use ($idKey, $indexedClients) {
-                $id = $item[$idKey];
-                $item[$idKey] = $indexedClients[$id];
-                return $item;
-            },
-            $items
-        );
+        return $this->injectObject($result, 'client');
     }
 
     public function statsUsersByServiceByDay(
@@ -113,4 +97,28 @@ public function statsUsersByServiceByDay(
 
         return $query->getQuery()->getScalarResult();
     }
+
+    private function injectObject(array $items = [], $idKey)
+    {
+        $ids = [];
+        foreach ($items as $item) {
+            $ids[] = $item[$idKey];
+        }
+
+        $clients = $this->findBy(['id' => $ids]);
+        $indexedClients = [];
+        foreach ($clients as $client) {
+            $indexedClients[$client->getId()] = $client;
+        }
+
+        return array_map(
+            function ($item) use ($idKey, $indexedClients) {
+                $id = $item[$idKey];
+                $item[$idKey] = $indexedClients[$id];
+
+                return $item;
+            },
+            $items
+        );
+    }
 }

From 7b06e3bb64ec608fb2bd3ed10a3550085f0066f9 Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Mon, 25 Apr 2016 14:05:16 -0300
Subject: [PATCH 11/14] Make Organizations OIDC-compliant #383 (#389)

* almost ready. auth page needs attention #383

* updated auth page #383

* fixed bug in service declaration #383

* checking sector id uri for each auth request #383

* restricting to HTTPS as demanded by the spec #383

* events to handle clients #383

* added parameter to configure if sect. id. uri should be revalidated uppon auth #383
---
 app/config/parameters.yml.dist                |   2 +
 .../CoreBundle/Event/GetClientEvent.php       |  45 +++
 .../Event/LoginCidadaoCoreEvents.php          |  20 ++
 .../Form/Type/ClientBaseFormType.php          | 280 ++++++++++--------
 .../Resources/translations/messages.en.yml    |   1 +
 .../Resources/translations/messages.pt_BR.yml |   1 +
 .../Resources/translations/validators.en.yml  |   5 +-
 .../translations/validators.pt_BR.yml         |   5 +-
 .../Resources/views/Client/form.html.twig     |   2 +-
 .../Controller/ClientController.php           |  33 ---
 .../OAuthBundle/Entity/Client.php             | 116 ++++----
 .../OAuthBundle/Entity/Organization.php       |  72 +++--
 .../OAuthBundle/Form/OrganizationType.php     | 246 ++++++++-------
 .../OAuthBundle/Model/ClientInterface.php     |  10 -
 .../Organization/fragment.form.html.twig      |   1 +
 .../Constraints/DomainOwnershipValidator.php  |   2 +-
 .../Constraints/SectorIdentifier.php          |  31 ++
 .../Constraints/SectorIdentifierValidator.php |  46 +++
 .../Controller/AuthorizeController.php        | 134 ++++++---
 .../OpenIDBundle/Entity/ClientMetadata.php    |  44 ++-
 .../EventListenner/CoreEventsSubscriber.php   |  70 +++++
 .../Form/ClientMetadataWebForm.php            |   1 +
 .../OpenIDBundle/Manager/ClientManager.php    |  35 ++-
 .../Resources/config/services.yml             |  38 +++
 .../Resources/views/Authorize/form.html.twig  |   8 +-
 .../Constraints/SectorIdentifierUri.php       |  31 ++
 .../SectorIdentifierUriValidator.php          |  72 +++++
 .../Validator/SectorIdentifierUriChecker.php  |  70 +++++
 28 files changed, 1007 insertions(+), 414 deletions(-)
 create mode 100644 src/LoginCidadao/CoreBundle/Event/GetClientEvent.php
 create mode 100644 src/LoginCidadao/CoreBundle/Event/LoginCidadaoCoreEvents.php
 create mode 100644 src/LoginCidadao/OAuthBundle/Validator/Constraints/SectorIdentifier.php
 create mode 100644 src/LoginCidadao/OAuthBundle/Validator/Constraints/SectorIdentifierValidator.php
 create mode 100644 src/LoginCidadao/OpenIDBundle/EventListenner/CoreEventsSubscriber.php
 create mode 100644 src/LoginCidadao/OpenIDBundle/Validator/Constraints/SectorIdentifierUri.php
 create mode 100644 src/LoginCidadao/OpenIDBundle/Validator/Constraints/SectorIdentifierUriValidator.php
 create mode 100644 src/LoginCidadao/OpenIDBundle/Validator/SectorIdentifierUriChecker.php

diff --git a/app/config/parameters.yml.dist b/app/config/parameters.yml.dist
index 428e236b2..f421cc33c 100644
--- a/app/config/parameters.yml.dist
+++ b/app/config/parameters.yml.dist
@@ -137,3 +137,5 @@ parameters:
     # Password Encoder
     default_password_encoder: bcrypt
 
+    # Should sector_identifier_uri be revalidated on each auth request?
+    revalidate_sector_identifier_uri_on_auth: true
diff --git a/src/LoginCidadao/CoreBundle/Event/GetClientEvent.php b/src/LoginCidadao/CoreBundle/Event/GetClientEvent.php
new file mode 100644
index 000000000..90f20b463
--- /dev/null
+++ b/src/LoginCidadao/CoreBundle/Event/GetClientEvent.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * This file is part of the login-cidadao project or it's bundles.
+ *
+ * (c) Guilherme Donato <guilhermednt on github>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace LoginCidadao\CoreBundle\Event;
+
+use LoginCidadao\OAuthBundle\Model\ClientInterface;
+use Symfony\Component\EventDispatcher\Event;
+
+class GetClientEvent extends Event
+{
+    /** @var ClientInterface */
+    protected $client;
+
+    /**
+     * GetClientEvent constructor.
+     * @param ClientInterface $client
+     */
+    public function __construct(ClientInterface $client = null)
+    {
+        $this->client = $client;
+    }
+
+    /**
+     * @return ClientInterface
+     */
+    public function getClient()
+    {
+        return $this->client;
+    }
+
+    /**
+     * @param ClientInterface $client
+     */
+    public function setClient($client)
+    {
+        $this->client = $client;
+    }
+}
diff --git a/src/LoginCidadao/CoreBundle/Event/LoginCidadaoCoreEvents.php b/src/LoginCidadao/CoreBundle/Event/LoginCidadaoCoreEvents.php
new file mode 100644
index 000000000..8ad520b60
--- /dev/null
+++ b/src/LoginCidadao/CoreBundle/Event/LoginCidadaoCoreEvents.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * This file is part of the login-cidadao project or it's bundles.
+ *
+ * (c) Guilherme Donato <guilhermednt on github>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace LoginCidadao\CoreBundle\Event;
+
+
+class LoginCidadaoCoreEvents
+{
+    /**
+     * Receives a GetClientEvent
+     */
+    const GET_CLIENT = 'login_cidadao.core.get_client';
+}
\ No newline at end of file
diff --git a/src/LoginCidadao/CoreBundle/Form/Type/ClientBaseFormType.php b/src/LoginCidadao/CoreBundle/Form/Type/ClientBaseFormType.php
index e708c7de8..80b09d527 100644
--- a/src/LoginCidadao/CoreBundle/Form/Type/ClientBaseFormType.php
+++ b/src/LoginCidadao/CoreBundle/Form/Type/ClientBaseFormType.php
@@ -8,6 +8,7 @@
 use Symfony\Component\Form\FormEvent;
 use Symfony\Component\Form\FormEvents;
 use Doctrine\ORM\EntityRepository;
+use Symfony\Component\OptionsResolver\OptionsResolver;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use LoginCidadao\OpenIDBundle\Form\ClientMetadataWebForm;
@@ -33,144 +34,191 @@ public function setTokenStorage(TokenStorageInterface $tokenStorage)
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
         $checker = $this->security;
-        $person  = $this->tokenStorage->getToken()->getUser();
+        $person = $this->tokenStorage->getToken()->getUser();
 
-        $organizationQueryBuilder = function(EntityRepository $er) use ($person, $checker) {
+        $organizationQueryBuilder = function (EntityRepository $er) use ($person, $checker) {
             $query = $er->createQueryBuilder('o');
             if (!$checker->isGranted('ROLE_ORGANIZATIONS_BIND_CLIENT_ANY_ORG')) {
                 $query->where(':person MEMBER OF o.members')
                     ->setParameters(compact('person'));
             }
+
             return $query;
         };
 
-        $builder->add('name',
-                'Symfony\Component\Form\Extension\Core\Type\TextType',
-                array('required' => true))
-            ->add('description',
+        $builder->add(
+            'name',
+            'Symfony\Component\Form\Extension\Core\Type\TextType',
+            array('required' => true)
+        )
+            ->add(
+                'description',
                 'Symfony\Component\Form\Extension\Core\Type\TextareaType',
-                array('required' => true, 'attr' => array('rows' => 4)))
-            ->add('metadata',
-                'LoginCidadao\OpenIDBundle\Form\ClientMetadataWebForm')
-            ->add('siteUrl',
+                array('required' => true, 'attr' => array('rows' => 4))
+            )
+            ->add(
+                'metadata',
+                'LoginCidadao\OpenIDBundle\Form\ClientMetadataWebForm'
+            )
+            ->add(
+                'siteUrl',
                 'Symfony\Component\Form\Extension\Core\Type\TextType',
-                array('required' => true))
-            ->add($builder->create('redirectUris',
+                array('required' => true)
+            )
+            ->add(
+                $builder->create(
+                    'redirectUris',
                     'Symfony\Component\Form\Extension\Core\Type\TextareaType',
                     array(
-                    'required' => true,
-                    'attr' => array('rows' => 4)
-                ))
-                ->addModelTransformer(new FromArray())
+                        'required' => true,
+                        'attr' => array('rows' => 4),
+                    )
+                )
+                    ->addModelTransformer(new FromArray())
             )
-            ->add('landingPageUrl',
+            ->add(
+                'landingPageUrl',
                 'Symfony\Component\Form\Extension\Core\Type\TextType',
-                array('required' => true))
-            ->add('termsOfUseUrl',
+                array('required' => true)
+            )
+            ->add(
+                'termsOfUseUrl',
                 'Symfony\Component\Form\Extension\Core\Type\TextType',
-                array('required' => true))
-            ->add('image', 'Vich\UploaderBundle\Form\Type\VichFileType',
-                array(
-                'required' => false,
-                'allow_delete' => true, // not mandatory, default is true
-                'download_link' => true, // not mandatory, default is true
-            ))
-            ->add('id', 'Symfony\Component\Form\Extension\Core\Type\HiddenType',
-                array(
-                'required' => false
-            ))
-            ->add('published', 'LoginCidadao\CoreBundle\Form\Type\SwitchType',
-                array('required' => false))
-            ->add('visible', 'LoginCidadao\CoreBundle\Form\Type\SwitchType',
-                array('required' => false))
-        ;
-
-        if ($checker->isGranted('ROLE_ORGANIZATIONS_BIND_CLIENT')) {
-            $builder->add('organization',
-                'Symfony\Bridge\Doctrine\Form\Type\EntityType',
+                array('required' => true)
+            )
+            ->add(
+                'image',
+                'Vich\UploaderBundle\Form\Type\VichFileType',
                 array(
-                'required' => false,
-                'placeholder' => 'organizations.form.client_form.placeholder',
-                'class' => 'LoginCidadaoOAuthBundle:Organization',
-                'query_builder' => $organizationQueryBuilder
-            ));
-        }
-
-        $builder->addEventListener(FormEvents::PRE_SUBMIT,
-            function(FormEvent $event) {
-            $entity = $event->getData();
-            $form   = $event->getForm();
-            $form->add('owners',
-                'LoginCidadao\CoreBundle\Form\Type\AjaxChoiceType',
+                    'required' => false,
+                    'allow_delete' => true, // not mandatory, default is true
+                    'download_link' => true, // not mandatory, default is true
+                )
+            )
+            ->add(
+                'id',
+                'Symfony\Component\Form\Extension\Core\Type\HiddenType',
                 array(
-                'label' => 'dev.ac.owners',
-                'ajax_choice_attr' => array(
-                    'filter' => array(
-                        'route' => 'lc_dev_client_grid_developer_filter',
-                        'search_prop' => 'username',
-                        'extra_form_prop' => array('service_id' => 'id')
-                    ),
-                    'selected' => array(
-                        'route' => 'lc_dev_client_grid_developer',
-                        'extra_form_prop' => array('person_id' => 'owners')
-                    ),
-                    'property_value' => 'id',
-                    'property_text' => 'fullNameOrUsername',
-                    'search_prop_label' => 'dev.client.persons.filter'
-                ),
-                'required' => false,
-                'class' => 'LoginCidadaoCoreBundle:Person',
-                'choice_label' => 'fullNameOrUsername',
-                'query_builder' => function(EntityRepository $er) use (&$entity) {
-                //$country = $er->createQueryBuilder('h')->getEntityManager()->getRepository('LoginCidadaoCoreBundle:Person')->findOneBy(array('iso2' => 'BR'));
-                $sql = $er->createQueryBuilder('u');
-                if (!empty($entity['owners'])) {
-                    $sql->where('u.id in (:owners)');
-                    $sql->setParameter('owners', $entity['owners']);
-                    $sql->orderBy('u.username', 'ASC');
-                } else {
-                    $sql->where('1 != 1');
-                }
-                return $sql;
-            }
-            ));
-        })
-        ;
-
-        $builder->addEventListener(FormEvents::PRE_SET_DATA,
-            function(FormEvent $event) {
-            $entity = $event->getData();
-            $form   = $event->getForm();
-            if ($entity->getId()) {
-                $form->add('owners',
+                    'required' => false,
+                )
+            )
+            ->add(
+                'published',
+                'LoginCidadao\CoreBundle\Form\Type\SwitchType',
+                array('required' => false)
+            )
+            ->add(
+                'visible',
+                'LoginCidadao\CoreBundle\Form\Type\SwitchType',
+                array('required' => false)
+            );
+
+//        if ($checker->isGranted('ROLE_ORGANIZATIONS_BIND_CLIENT')) {
+//            $builder->add('organization',
+//                'Symfony\Bridge\Doctrine\Form\Type\EntityType',
+//                array(
+//                'required' => false,
+//                'placeholder' => 'organizations.form.client_form.placeholder',
+//                'class' => 'LoginCidadaoOAuthBundle:Organization',
+//                'query_builder' => $organizationQueryBuilder
+//            ));
+//        }
+
+        $builder->addEventListener(
+            FormEvents::PRE_SUBMIT,
+            function (FormEvent $event) {
+                $entity = $event->getData();
+                $form = $event->getForm();
+                $form->add(
+                    'owners',
                     'LoginCidadao\CoreBundle\Form\Type\AjaxChoiceType',
                     array(
-                    'label' => 'dev.ac.owners',
-                    'ajax_choice_attr' => array(
-                        'filter' => array(
-                            'route' => 'lc_dev_client_grid_developer_filter',
-                            'search_prop' => 'username',
-                            'extra_form_prop' => array('service_id' => 'id')
+                        'label' => 'dev.ac.owners',
+                        'ajax_choice_attr' => array(
+                            'filter' => array(
+                                'route' => 'lc_dev_client_grid_developer_filter',
+                                'search_prop' => 'username',
+                                'extra_form_prop' => array('service_id' => 'id'),
+                            ),
+                            'selected' => array(
+                                'route' => 'lc_dev_client_grid_developer',
+                                'extra_form_prop' => array('person_id' => 'owners'),
+                            ),
+                            'property_value' => 'id',
+                            'property_text' => 'fullNameOrUsername',
+                            'search_prop_label' => 'dev.client.persons.filter',
                         ),
-                        'selected' => array(
-                            'route' => 'lc_dev_client_grid_developer',
-                            'extra_form_prop' => array('person_id' => 'owners')
-                        ),
-                        'property_value' => 'id',
-                        'property_text' => 'fullNameOrUsername',
-                        'search_prop_label' => 'dev.client.persons.filter'
-                    ),
-                    'required' => false,
-                    'class' => 'LoginCidadaoCoreBundle:Person',
-                    'choice_label' => 'fullNameOrUsername',
-                    'query_builder' => function(EntityRepository $er) use (&$entity) {
-                    return $er->createQueryBuilder('u')
-                            ->where(':client MEMBER OF u.clients')->setParameter('client',
-                                $entity)
-                            ->orderBy('u.username', 'ASC');
+                        'required' => false,
+                        'class' => 'LoginCidadaoCoreBundle:Person',
+                        'choice_label' => 'fullNameOrUsername',
+                        'query_builder' => function (EntityRepository $er) use (&$entity) {
+                            //$country = $er->createQueryBuilder('h')->getEntityManager()->getRepository('LoginCidadaoCoreBundle:Person')->findOneBy(array('iso2' => 'BR'));
+                            $sql = $er->createQueryBuilder('u');
+                            if (!empty($entity['owners'])) {
+                                $sql->where('u.id in (:owners)');
+                                $sql->setParameter('owners', $entity['owners']);
+                                $sql->orderBy('u.username', 'ASC');
+                            } else {
+                                $sql->where('1 != 1');
+                            }
+
+                            return $sql;
+                        },
+                    )
+                );
+            }
+        );
+
+        $builder->addEventListener(
+            FormEvents::PRE_SET_DATA,
+            function (FormEvent $event) {
+                $entity = $event->getData();
+                $form = $event->getForm();
+                if ($entity->getId()) {
+                    $form->add(
+                        'owners',
+                        'LoginCidadao\CoreBundle\Form\Type\AjaxChoiceType',
+                        array(
+                            'label' => 'dev.ac.owners',
+                            'ajax_choice_attr' => array(
+                                'filter' => array(
+                                    'route' => 'lc_dev_client_grid_developer_filter',
+                                    'search_prop' => 'username',
+                                    'extra_form_prop' => array('service_id' => 'id'),
+                                ),
+                                'selected' => array(
+                                    'route' => 'lc_dev_client_grid_developer',
+                                    'extra_form_prop' => array('person_id' => 'owners'),
+                                ),
+                                'property_value' => 'id',
+                                'property_text' => 'fullNameOrUsername',
+                                'search_prop_label' => 'dev.client.persons.filter',
+                            ),
+                            'required' => false,
+                            'class' => 'LoginCidadaoCoreBundle:Person',
+                            'choice_label' => 'fullNameOrUsername',
+                            'query_builder' => function (EntityRepository $er) use (&$entity) {
+                                return $er->createQueryBuilder('u')
+                                    ->where(':client MEMBER OF u.clients')->setParameter(
+                                        'client',
+                                        $entity
+                                    )
+                                    ->orderBy('u.username', 'ASC');
+                            },
+                        )
+                    );
                 }
-                ));
             }
-        });
+        );
     }
+
+    public function configureOptions(OptionsResolver $resolver)
+    {
+        $resolver->setDefaults(
+            array(
+                'cascade_validation' => true,
+            )
+        );
+    }
+
 }
diff --git a/src/LoginCidadao/CoreBundle/Resources/translations/messages.en.yml b/src/LoginCidadao/CoreBundle/Resources/translations/messages.en.yml
index 1960b7b57..3a814679f 100644
--- a/src/LoginCidadao/CoreBundle/Resources/translations/messages.en.yml
+++ b/src/LoginCidadao/CoreBundle/Resources/translations/messages.en.yml
@@ -300,6 +300,7 @@ organizations:
     form:
         name.label: Name
         domain.label: Domain
+        sectorIdentifierUri.label: Sector Identifier URI
         validationUrl.label: Validation Url
         trusted.label: Trusted Organization
         members:
diff --git a/src/LoginCidadao/CoreBundle/Resources/translations/messages.pt_BR.yml b/src/LoginCidadao/CoreBundle/Resources/translations/messages.pt_BR.yml
index b423eaeb4..8b55c33ed 100644
--- a/src/LoginCidadao/CoreBundle/Resources/translations/messages.pt_BR.yml
+++ b/src/LoginCidadao/CoreBundle/Resources/translations/messages.pt_BR.yml
@@ -720,6 +720,7 @@ organizations:
     form:
         name.label: Nome
         domain.label: Domínio
+        sectorIdentifierUri.label: URI de Sector Identifier
         validationUrl.label: URL para Validação
         trusted.label: Organização Confiável
         members:
diff --git a/src/LoginCidadao/CoreBundle/Resources/translations/validators.en.yml b/src/LoginCidadao/CoreBundle/Resources/translations/validators.en.yml
index 8bae5415d..bc0b15493 100644
--- a/src/LoginCidadao/CoreBundle/Resources/translations/validators.en.yml
+++ b/src/LoginCidadao/CoreBundle/Resources/translations/validators.en.yml
@@ -1,8 +1,9 @@
 change_username.invalid.username: 'Usernames must contain only letters, numbers and underline (_).'
 organizations.validation.error:
-    invalid_domain: The domain given in the Validation URL is not the same as the Organization''s
+    invalid_domain: The domain given is not the same as the Organization''s
     code_not_found: The code was not found in this address
-    query_string: The Validation URL cannot have a query string
+    query_string: The URL cannot have a query string
     code_in_url: Your validation code must not be in the validation URL!
 admin.impersonation_report.validation.error:
     report.short: Please elaborate on your description. Don''t forget to include the reasons of such access as well as the actions that were made.
+client.edit.sector_identifier_uri.not_allowed: All your Redirect URIs MUST be listed in the Sector Identifier list
diff --git a/src/LoginCidadao/CoreBundle/Resources/translations/validators.pt_BR.yml b/src/LoginCidadao/CoreBundle/Resources/translations/validators.pt_BR.yml
index bebeb044c..4a4647ae1 100644
--- a/src/LoginCidadao/CoreBundle/Resources/translations/validators.pt_BR.yml
+++ b/src/LoginCidadao/CoreBundle/Resources/translations/validators.pt_BR.yml
@@ -4,9 +4,10 @@ change_username.invalid.username: 'Nomes de usuário devem conter apenas letras
 'You already have an ID Card in this state.': 'Você já cadastrou um documento de identidade nesse Estado.'
 'This field accepts only letters and numbers': 'Esse campo apenas aceita letras e números'
 organizations.validation.error:
-    invalid_domain: O domínio informado na URL para Validação é diferente do domínio da Organização
+    invalid_domain: O domínio informado é diferente do domínio da Organização
     code_not_found: O código de verificação não foi encontrado nesse endereço
-    query_string: A URL para Validação não pode conter uma query string
+    query_string: A URL não pode conter uma query string
     code_in_url: Seu código de validação não pode estar na URL para Validação!
 admin.impersonation_report.validation.error:
     report.short: Elabore mais sobre o acesso realizado. Não esqueça de incluir os motivos do acesso e as ações realizadas.
+client.edit.sector_identifier_uri.not_allowed: Todas as suas URIs para Redirectionamento precisam estar listadas pelo seu Sector Identifier
diff --git a/src/LoginCidadao/CoreBundle/Resources/views/Client/form.html.twig b/src/LoginCidadao/CoreBundle/Resources/views/Client/form.html.twig
index c52082891..d58df7f72 100644
--- a/src/LoginCidadao/CoreBundle/Resources/views/Client/form.html.twig
+++ b/src/LoginCidadao/CoreBundle/Resources/views/Client/form.html.twig
@@ -80,7 +80,7 @@
                 {{ form_row(form.metadata.logo_uri) }}
                 {{ form_row(form.landingPageUrl) }}
                 {{ form_row(form.termsOfUseUrl) }}
-                {{ form_row(form.organization) }}
+                {{ form_row(form.metadata.organization) }}
                 {{ form_row(form.published) }}
                 {{ form_row(form.visible) }}
             </div>
diff --git a/src/LoginCidadao/OAuthBundle/Controller/ClientController.php b/src/LoginCidadao/OAuthBundle/Controller/ClientController.php
index 3612cd676..08c32b026 100644
--- a/src/LoginCidadao/OAuthBundle/Controller/ClientController.php
+++ b/src/LoginCidadao/OAuthBundle/Controller/ClientController.php
@@ -9,38 +9,5 @@
 
 class ClientController extends Controller
 {
-    /**
-     * @Route("/auth/initClient", name="lc_oauth_init")
-     * @Template()
-     */
-    public function initClientAction()
-    {
-        $clientManager = $this->get('fos_oauth_server.client_manager');
-        
-        $client = $clientManager->findClientBy(array('name' => "VPR"));
-        if ($client instanceof Client) {
-            $client->setAllowedGrantTypes(array('authorization_code'));
-        } else {
-            $client = $clientManager->createClient();
-            $client->setRedirectUris(array('http://vpr.des.dona.to'));
-            $client->setAllowedGrantTypes(array('authorization_code'));
-            $client->setName("VPR");
-            $client->setDescription("Votação de Prioridades do RS");
-        }
-        $clientManager->updateClient($client);
-        
-        die("ok");
-    }
-    
-    /**
-     * @Route("/auth/getPub/{id}", name="lc_oauth_getid")
-     */
-    public function getPublicIdAction($id)
-    {
-        $clientManager = $this->get('fos_oauth_server.client_manager');
-        $client = $clientManager->findClientBy(array('id' => $id));
-        die($client->getPublicId());
-        
-    }
 
 }
diff --git a/src/LoginCidadao/OAuthBundle/Entity/Client.php b/src/LoginCidadao/OAuthBundle/Entity/Client.php
index 0fc1a510c..8ca4ded41 100644
--- a/src/LoginCidadao/OAuthBundle/Entity/Client.php
+++ b/src/LoginCidadao/OAuthBundle/Entity/Client.php
@@ -16,7 +16,6 @@
 use LoginCidadao\CoreBundle\Model\AbstractUniqueEntity;
 use LoginCidadao\CoreBundle\Model\UniqueEntityInterface;
 use LoginCidadao\OAuthBundle\Model\ClientInterface;
-use LoginCidadao\OAuthBundle\Model\OrganizationInterface;
 use Vich\UploaderBundle\Mapping\Annotation as Vich;
 
 /**
@@ -158,24 +157,22 @@ class Client extends BaseClient implements UniqueEntityInterface, ClientInterfac
      * @ORM\Column(name="updated_at", type="datetime")
      */
     protected $updatedAt;
-
     /**
-     * @var OrganizationInterface
-     * @ORM\ManyToOne(targetEntity="LoginCidadao\OAuthBundle\Model\OrganizationInterface", inversedBy="clients")
-     * @ORM\JoinColumn(name="organization_id", referencedColumnName="id", onDelete="SET NULL")
+     * @ORM\Column(type="string", nullable=true, unique=true)
+     * @var string
      */
-    protected $organization;
+    private $uid;
 
     public function __construct()
     {
         parent::__construct();
-        $this->authorizations       = new ArrayCollection();
-        $this->owners               = new ArrayCollection();
+        $this->authorizations = new ArrayCollection();
+        $this->owners = new ArrayCollection();
         $this->maxNotificationLevel = Notification::LEVEL_NORMAL;
 
         $this->allowedScopes = array(
             'public_profile',
-            'openid'
+            'openid',
         );
     }
 
@@ -191,6 +188,21 @@ public static function getAllGrants()
         );
     }
 
+    public function getName()
+    {
+        if ($this->getMetadata()) {
+            if ($this->getMetadata()->getClientName() === null &&
+                $this->name !== null
+            ) {
+                $this->getMetadata()->setClientName($this->name);
+            }
+
+            return $this->getMetadata()->getClientName();
+        }
+
+        return $this->name;
+    }
+
     public function setName($name)
     {
         if ($this->getMetadata()) {
@@ -201,16 +213,9 @@ public function setName($name)
         return $this;
     }
 
-    public function getName()
+    public function getDescription()
     {
-        if ($this->getMetadata()) {
-            if ($this->getMetadata()->getClientName() === null &&
-                $this->name !== null) {
-                $this->getMetadata()->setClientName($this->name);
-            }
-            return $this->getMetadata()->getClientName();
-        }
-        return $this->name;
+        return $this->description;
     }
 
     public function setDescription($description)
@@ -218,9 +223,13 @@ public function setDescription($description)
         $this->description = $description;
     }
 
-    public function getDescription()
+    public function getSiteUrl()
     {
-        return $this->description;
+        if ($this->getMetadata()) {
+            return $this->getMetadata()->getClientUri();
+        }
+
+        return $this->siteUrl;
     }
 
     public function setSiteUrl($url)
@@ -233,14 +242,6 @@ public function setSiteUrl($url)
         return $this;
     }
 
-    public function getSiteUrl()
-    {
-        if ($this->getMetadata()) {
-            return $this->getMetadata()->getClientUri();
-        }
-        return $this->siteUrl;
-    }
-
     public function getAuthorizations()
     {
         return $this->authorizations;
@@ -270,6 +271,7 @@ public function getLandingPageUrl()
         if ($this->getMetadata()) {
             return $this->getMetadata()->getInitiateLoginUri();
         }
+
         return $this->landingPageUrl;
     }
 
@@ -279,6 +281,7 @@ public function setLandingPageUrl($landingPageUrl)
             $this->getMetadata()->setInitiateLoginUri($landingPageUrl);
         }
         $this->landingPageUrl = $landingPageUrl;
+
         return $this;
     }
 
@@ -287,6 +290,7 @@ public function getTermsOfUseUrl()
         if ($this->getMetadata()) {
             return $this->getMetadata()->getTosUri();
         }
+
         return $this->termsOfUseUrl;
     }
 
@@ -345,6 +349,7 @@ public function setPublished($published)
     public function setId($var)
     {
         $this->id = $var;
+
         return $this;
     }
 
@@ -358,17 +363,14 @@ public function getOwners()
         return $this->owners;
     }
 
+    /* Unique Interface Stuff */
+
     public function setOwners(ArrayCollection $owners)
     {
         $this->owners = $owners;
+
         return $this;
     }
-    /* Unique Interface Stuff */
-    /**
-     * @ORM\Column(type="string", nullable=true, unique=true)
-     * @var string
-     */
-    private $uid;
 
     /**
      * Gets the Unique Id of the Entity.
@@ -415,6 +417,7 @@ public function getMetadata()
     public function setMetadata(\LoginCidadao\OpenIDBundle\Entity\ClientMetadata $metadata)
     {
         $this->metadata = $metadata;
+
         return $this;
     }
 
@@ -423,6 +426,7 @@ public function getRedirectUris()
         if ($this->getMetadata()) {
             return $this->getMetadata()->getRedirectUris();
         }
+
         return parent::getRedirectUris();
     }
 
@@ -433,9 +437,18 @@ public function setRedirectUris(array $redirectUris)
         } else {
             parent::setRedirectUris($redirectUris);
         }
+
         return $this;
     }
 
+    /**
+     * @return File
+     */
+    public function getImage()
+    {
+        return $this->image;
+    }
+
     /**
      * If manually uploading a file (i.e. not using Symfony Form) ensure an instance
      * of 'UploadedFile' is injected into this setter to trigger the  update. If this
@@ -455,11 +468,11 @@ public function setImage($image)
     }
 
     /**
-     * @return File
+     * @return string
      */
-    public function getImage()
+    public function getImageName()
     {
-        return $this->image;
+        return $this->imageName;
     }
 
     /**
@@ -470,14 +483,6 @@ public function setImageName($imageName)
         $this->imageName = $imageName;
     }
 
-    /**
-     * @return string
-     */
-    public function getImageName()
-    {
-        return $this->imageName;
-    }
-
     public function getUpdatedAt()
     {
         return $this->updatedAt;
@@ -494,6 +499,7 @@ public function setUpdatedAt($updatedAt = null)
         } else {
             $this->updatedAt = new \DateTime('now');
         }
+
         return $this;
     }
 
@@ -505,26 +511,8 @@ public function getAllowedGrantTypes()
         if ($this->getMetadata()) {
             return $this->getMetadata()->getGrantTypes();
         }
-        return parent::getAllowedGrantTypes();
-    }
 
-    /**
-     * @return OrganizationInterface
-     */
-    public function getOrganization()
-    {
-        return $this->organization;
-    }
-
-    /**
-     * @param OrganizationInterface $organization
-     * @return \LoginCidadao\OAuthBundle\Entity\Client
-     */
-    public function setOrganization(OrganizationInterface $organization)
-    {
-        $this->organization = $organization;
-
-        return $this;
+        return parent::getAllowedGrantTypes();
     }
 
     public function ownsDomain($domain)
diff --git a/src/LoginCidadao/OAuthBundle/Entity/Organization.php b/src/LoginCidadao/OAuthBundle/Entity/Organization.php
index f24594222..299897d50 100644
--- a/src/LoginCidadao/OAuthBundle/Entity/Organization.php
+++ b/src/LoginCidadao/OAuthBundle/Entity/Organization.php
@@ -16,6 +16,7 @@
 use LoginCidadao\OAuthBundle\Model\ClientInterface;
 use LoginCidadao\OAuthBundle\Model\OrganizationInterface;
 use LoginCidadao\OAuthBundle\Validator\Constraints\DomainOwnership;
+use LoginCidadao\OAuthBundle\Validator\Constraints\SectorIdentifier;
 use Symfony\Component\Validator\Constraints as Assert;
 use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
 
@@ -26,6 +27,7 @@
  * @UniqueEntity("domain")
  * @UniqueEntity("name")
  * @DomainOwnership
+ * @SectorIdentifier
  */
 class Organization implements OrganizationInterface
 {
@@ -37,7 +39,7 @@ class Organization implements OrganizationInterface
     protected $id;
 
     /**
-     * @ORM\Column(type="string", nullable=false, unique=true)
+     * @ORM\Column(name="name", type="string", nullable=false, unique=true)
      * @Assert\NotBlank
      * @var string
      */
@@ -54,48 +56,55 @@ class Organization implements OrganizationInterface
     protected $members;
 
     /**
-     * @ORM\Column(type="datetime", nullable=true)
+     * @ORM\Column(name="verified_at", type="datetime", nullable=true)
      * @var \DateTime
      */
     protected $verifiedAt;
 
     /**
-     * @ORM\Column(type="string", nullable=false, unique=true)
+     * @ORM\Column(name="domain", type="string", nullable=false, unique=true)
      * @var string
      */
     protected $domain;
 
     /**
-     * @ORM\OneToMany(targetEntity="LoginCidadao\OAuthBundle\Model\ClientInterface", mappedBy="organization")
+     * @ORM\OneToMany(targetEntity="LoginCidadao\OpenIDBundle\Entity\ClientMetadata", mappedBy="organization")
      * @var ClientInterface
      */
     protected $clients;
 
     /**
      * @Assert\Url
-     * @ORM\Column(type="string", nullable=true, unique=true)
+     * @ORM\Column(name="validation_url", type="string", nullable=true, unique=true)
      * @var string
      */
     protected $validationUrl;
 
     /**
-     * @ORM\Column(type="string", nullable=true)
+     * @ORM\Column(name="validation_secret", type="string", nullable=true)
      * @var string
      */
     protected $validationSecret;
 
     /**
-     * @ORM\Column(type="string", nullable=true)
+     * @ORM\Column(name="validated_url", type="string", nullable=true)
      * @var string
      */
     protected $validatedUrl;
 
     /**
-     * @ORM\Column(type="boolean", nullable=false)
+     * @ORM\Column(name="trusted", type="boolean", nullable=false)
      * @var boolean
      */
     protected $trusted;
 
+    /**
+     * @Assert\Url
+     * @ORM\Column(name="sector_identifier_uri", type="string", nullable=true, unique=true)
+     * @var string
+     */
+    protected $sectorIdentifierUri;
+
     public function __construct()
     {
         $this->members = new ArrayCollection();
@@ -205,6 +214,7 @@ public function setValidationUrl($validationUrl)
     public function getValidationSecret()
     {
         $this->initializeValidationCode();
+
         return $this->validationSecret;
     }
 
@@ -215,26 +225,15 @@ public function setValidationSecret($validationSecret)
         return $this;
     }
 
-    /**
-     * @ORM\PrePersist
-     * @ORM\PreUpdate
-     */
-    private function initializeValidationCode()
-    {
-        if ($this->validationSecret) {
-            return;
-        }
-        $random = base64_encode(random_bytes(35));
-        $this->setValidationSecret($random);
-    }
-
     public function checkValidation()
     {
         if ($this->validatedUrl !== $this->getValidationUrl()) {
             $this->setVerifiedAt(null);
             $this->validatedUrl = null;
+
             return false;
         }
+
         return true;
     }
 
@@ -271,4 +270,35 @@ public function setTrusted($trusted)
 
         return $this;
     }
+
+    /**
+     * @return string
+     */
+    public function getSectorIdentifierUri()
+    {
+        return $this->sectorIdentifierUri;
+    }
+
+    /**
+     * @param string $sectorIdentifierUri
+     */
+    public function setSectorIdentifierUri($sectorIdentifierUri)
+    {
+        $this->sectorIdentifierUri = $sectorIdentifierUri;
+    }
+
+    /**
+     * @ORM\PrePersist
+     * @ORM\PreUpdate
+     */
+    private function initializeValidationCode()
+    {
+        if ($this->validationSecret) {
+            return;
+        }
+        $random = base64_encode(random_bytes(35));
+        $this->setValidationSecret($random);
+    }
+
+
 }
diff --git a/src/LoginCidadao/OAuthBundle/Form/OrganizationType.php b/src/LoginCidadao/OAuthBundle/Form/OrganizationType.php
index e4da04e29..7a26b7100 100644
--- a/src/LoginCidadao/OAuthBundle/Form/OrganizationType.php
+++ b/src/LoginCidadao/OAuthBundle/Form/OrganizationType.php
@@ -29,11 +29,12 @@ class OrganizationType extends AbstractType
     /** @var TokenStorageInterface */
     protected $tokenStorage;
 
-    public function __construct(AuthorizationCheckerInterface $authorizationChecker,
-                                TokenStorageInterface $tokenStorage)
-    {
+    public function __construct(
+        AuthorizationCheckerInterface $authorizationChecker,
+        TokenStorageInterface $tokenStorage
+    ) {
         $this->authorizationChecker = $authorizationChecker;
-        $this->tokenStorage         = $tokenStorage;
+        $this->tokenStorage = $tokenStorage;
     }
 
     /**
@@ -42,33 +43,51 @@ public function __construct(AuthorizationCheckerInterface $authorizationChecker,
      */
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
-        $members = function(EntityRepository $er) {
+        $members = function (EntityRepository $er) {
             return $er->createQueryBuilder('p')
-                    ->innerJoin('LoginCidadaoOAuthBundle:Organization', 'o',
-                        'WITH', 'p MEMBER OF o.members');
+                ->innerJoin(
+                    'LoginCidadaoOAuthBundle:Organization',
+                    'o',
+                    'WITH',
+                    'p MEMBER OF o.members'
+                );
         };
 
         $builder
-            ->add('name', 'Symfony\Component\Form\Extension\Core\Type\TextType',
-                array('label' => 'organizations.form.name.label'))
-            ->add('domain',
+            ->add(
+                'name',
+                'Symfony\Component\Form\Extension\Core\Type\TextType',
+                array('label' => 'organizations.form.name.label')
+            )
+            ->add(
+                'domain',
                 'Symfony\Component\Form\Extension\Core\Type\TextType',
-                array('label' => 'organizations.form.domain.label'))
-        ;
+                array('label' => 'organizations.form.domain.label')
+            )
+            ->add(
+                'sectorIdentifierUri',
+                'Symfony\Component\Form\Extension\Core\Type\UrlType',
+                array('label' => 'organizations.form.sectorIdentifierUri.label')
+            );
 
         if ($this->authorizationChecker->isGranted('ROLE_ORGANIZATIONS_CAN_TRUST')) {
-            $builder->add('trusted',
+            $builder->add(
+                'trusted',
                 'LoginCidadao\CoreBundle\Form\Type\SwitchType',
-                array('label' => 'organizations.form.trusted.label', 'required' => false));
+                array('label' => 'organizations.form.trusted.label', 'required' => false)
+            );
         }
         if ($this->authorizationChecker->isGranted('ROLE_ORGANIZATIONS_VALIDATE')
-            && $builder->getData()->getId()) {
-            $builder->add('validationUrl',
+            && $builder->getData()->getId()
+        ) {
+            $builder->add(
+                'validationUrl',
                 'Symfony\Component\Form\Extension\Core\Type\UrlType',
                 array(
-                'required' => false,
-                'label' => 'organizations.form.validationUrl.label'
-            ));
+                    'required' => false,
+                    'label' => 'organizations.form.validationUrl.label',
+                )
+            );
         }
 
         $organization = $builder->getData();
@@ -77,9 +96,11 @@ public function buildForm(FormBuilderInterface $builder, array $options)
 
     public function configureOptions(OptionsResolver $resolver)
     {
-        $resolver->setDefaults(array(
-            'data_class' => 'LoginCidadao\OAuthBundle\Entity\Organization'
-        ));
+        $resolver->setDefaults(
+            array(
+                'data_class' => 'LoginCidadao\OAuthBundle\Entity\Organization',
+            )
+        );
     }
 
     /**
@@ -90,102 +111,117 @@ public function setDefaultOptions(OptionsResolverInterface $resolver)
         $this->configureOptions($resolver);
     }
 
-    private function prepareMembersField(FormBuilderInterface $builder,
-                                            OrganizationInterface $organization)
-    {
+    private function prepareMembersField(
+        FormBuilderInterface $builder,
+        OrganizationInterface $organization
+    ) {
         $checker = $this->authorizationChecker;
-        $person  = $this->tokenStorage->getToken()->getUser();
+        $person = $this->tokenStorage->getToken()->getUser();
 
         if (!$checker->isGranted('ROLE_ORGANIZATIONS_MANAGE_MEMBERS_ANY_ORG') &&
-            !$checker->isGranted('ROLE_ORGANIZATIONS_MANAGE_MEMBERS')) {
+            !$checker->isGranted('ROLE_ORGANIZATIONS_MANAGE_MEMBERS')
+        ) {
             return;
         }
 
         if (!$organization->getMembers()->contains($person) &&
-            !$checker->isGranted('ROLE_ORGANIZATIONS_MANAGE_MEMBERS_ANY_ORG')) {
+            !$checker->isGranted('ROLE_ORGANIZATIONS_MANAGE_MEMBERS_ANY_ORG')
+        ) {
             return;
         }
 
-        $builder->addEventListener(FormEvents::PRE_SUBMIT,
-            function(FormEvent $event) {
-            $entity = $event->getData();
-            $form   = $event->getForm();
-
-            $qb = function(EntityRepository $er) use ($entity) {
-                $sql = $er->createQueryBuilder('u');
-                if (!empty($entity['members'])) {
-                    $sql->where('u.id in (:members)');
-                    $sql->setParameter('members', $entity['members']);
-                    $sql->orderBy('u.username', 'ASC');
-                } else {
-                    $sql->where('1 != 1');
-                }
-                return $sql;
-            };
-
-            $form->add('members',
-                'LoginCidadao\CoreBundle\Form\Type\AjaxChoiceType',
-                array(
-                'label' => 'organizations.form.members.label',
-                'ajax_choice_attr' => array(
-                    'filter' => array(
-                        'route' => 'lc_organizations_members_filter',
-                        'search_prop' => 'username',
-                        'extra_form_prop' => array('service_id' => 'id')
-                    ),
-                    'selected' => array(
-                        'route' => 'lc_organizations_members',
-                        'extra_form_prop' => array('person_id' => 'members')
-                    ),
-                    'property_value' => 'id',
-                    'property_text' => 'fullNameOrUsername',
-                    'search_prop_label' => 'organizations.form.members.search.label'
-                ),
-                'required' => false,
-                'class' => 'LoginCidadaoCoreBundle:Person',
-                'choice_label' => 'fullNameOrUsername',
-                'query_builder' => $qb
-            ))
-            ;
-        });
-
-        $builder->addEventListener(FormEvents::PRE_SET_DATA,
-            function(FormEvent $event) {
-            $entity = $event->getData();
-            $form   = $event->getForm();
-
-            $qb = function(EntityRepository $er) use (&$entity) {
-                return $er->createQueryBuilder('p')
-                        ->innerJoin('LoginCidadaoOAuthBundle:Organization', 'o',
-                            'WITH', 'p MEMBER OF o.members')
-                        ->orderBy('p.username', 'ASC');
-            };
-
-            if ($entity->getId()) {
-                $form->add('members',
+        $builder->addEventListener(
+            FormEvents::PRE_SUBMIT,
+            function (FormEvent $event) {
+                $entity = $event->getData();
+                $form = $event->getForm();
+
+                $qb = function (EntityRepository $er) use ($entity) {
+                    $sql = $er->createQueryBuilder('u');
+                    if (!empty($entity['members'])) {
+                        $sql->where('u.id in (:members)');
+                        $sql->setParameter('members', $entity['members']);
+                        $sql->orderBy('u.username', 'ASC');
+                    } else {
+                        $sql->where('1 != 1');
+                    }
+
+                    return $sql;
+                };
+
+                $form->add(
+                    'members',
                     'LoginCidadao\CoreBundle\Form\Type\AjaxChoiceType',
                     array(
-                    'label' => 'organizations.form.members.label',
-                    'ajax_choice_attr' => array(
-                        'filter' => array(
-                            'route' => 'lc_organizations_members_filter',
-                            'search_prop' => 'username',
-                            'extra_form_prop' => array('service_id' => 'id')
+                        'label' => 'organizations.form.members.label',
+                        'ajax_choice_attr' => array(
+                            'filter' => array(
+                                'route' => 'lc_organizations_members_filter',
+                                'search_prop' => 'username',
+                                'extra_form_prop' => array('service_id' => 'id'),
+                            ),
+                            'selected' => array(
+                                'route' => 'lc_organizations_members',
+                                'extra_form_prop' => array('person_id' => 'members'),
+                            ),
+                            'property_value' => 'id',
+                            'property_text' => 'fullNameOrUsername',
+                            'search_prop_label' => 'organizations.form.members.search.label',
                         ),
-                        'selected' => array(
-                            'route' => 'lc_organizations_members',
-                            'extra_form_prop' => array('person_id' => 'members')
-                        ),
-                        'property_value' => 'id',
-                        'property_text' => 'fullNameOrUsername',
-                        'search_prop_label' => 'organizations.form.members.search.label'
-                    ),
-                    'required' => false,
-                    'class' => 'LoginCidadaoCoreBundle:Person',
-                    'choice_label' => 'fullNameOrUsername',
-                    'query_builder' => $qb
-                ));
+                        'required' => false,
+                        'class' => 'LoginCidadaoCoreBundle:Person',
+                        'choice_label' => 'fullNameOrUsername',
+                        'query_builder' => $qb,
+                    )
+                );
+            }
+        );
+
+        $builder->addEventListener(
+            FormEvents::PRE_SET_DATA,
+            function (FormEvent $event) {
+                $entity = $event->getData();
+                $form = $event->getForm();
+
+                $qb = function (EntityRepository $er) use (&$entity) {
+                    return $er->createQueryBuilder('p')
+                        ->innerJoin(
+                            'LoginCidadaoOAuthBundle:Organization',
+                            'o',
+                            'WITH',
+                            'p MEMBER OF o.members'
+                        )
+                        ->orderBy('p.username', 'ASC');
+                };
+
+                if ($entity->getId()) {
+                    $form->add(
+                        'members',
+                        'LoginCidadao\CoreBundle\Form\Type\AjaxChoiceType',
+                        array(
+                            'label' => 'organizations.form.members.label',
+                            'ajax_choice_attr' => array(
+                                'filter' => array(
+                                    'route' => 'lc_organizations_members_filter',
+                                    'search_prop' => 'username',
+                                    'extra_form_prop' => array('service_id' => 'id'),
+                                ),
+                                'selected' => array(
+                                    'route' => 'lc_organizations_members',
+                                    'extra_form_prop' => array('person_id' => 'members'),
+                                ),
+                                'property_value' => 'id',
+                                'property_text' => 'fullNameOrUsername',
+                                'search_prop_label' => 'organizations.form.members.search.label',
+                            ),
+                            'required' => false,
+                            'class' => 'LoginCidadaoCoreBundle:Person',
+                            'choice_label' => 'fullNameOrUsername',
+                            'query_builder' => $qb,
+                        )
+                    );
+                }
             }
-        });
+        );
     }
 }
diff --git a/src/LoginCidadao/OAuthBundle/Model/ClientInterface.php b/src/LoginCidadao/OAuthBundle/Model/ClientInterface.php
index 58cfd147a..12a723a7e 100644
--- a/src/LoginCidadao/OAuthBundle/Model/ClientInterface.php
+++ b/src/LoginCidadao/OAuthBundle/Model/ClientInterface.php
@@ -79,14 +79,4 @@ public function setImageName($imageName);
      * @return string
      */
     public function getImageName();
-
-    /**
-     * @return OrganizationInterface
-     */
-    public function getOrganization();
-
-    /**
-     * @param \LoginCidadao\OAuthBundle\Model\OrganizationInterface $organization
-     */
-    public function setOrganization(OrganizationInterface $organization);
 }
diff --git a/src/LoginCidadao/OAuthBundle/Resources/views/Organization/fragment.form.html.twig b/src/LoginCidadao/OAuthBundle/Resources/views/Organization/fragment.form.html.twig
index 35199304c..f05bc1b93 100644
--- a/src/LoginCidadao/OAuthBundle/Resources/views/Organization/fragment.form.html.twig
+++ b/src/LoginCidadao/OAuthBundle/Resources/views/Organization/fragment.form.html.twig
@@ -6,6 +6,7 @@
     <div class="panel-body">
         {{ form_row(form.name) }}
         {{ form_row(form.domain) }}
+        {{ form_row(form.sectorIdentifierUri) }}
         {% if is_granted('ROLE_ORGANIZATIONS_VALIDATE') and organization is defined %}
             {{ form_row(form.validationUrl) }}
             <div class="well">
diff --git a/src/LoginCidadao/OAuthBundle/Validator/Constraints/DomainOwnershipValidator.php b/src/LoginCidadao/OAuthBundle/Validator/Constraints/DomainOwnershipValidator.php
index 069d0a798..f10265fa6 100644
--- a/src/LoginCidadao/OAuthBundle/Validator/Constraints/DomainOwnershipValidator.php
+++ b/src/LoginCidadao/OAuthBundle/Validator/Constraints/DomainOwnershipValidator.php
@@ -65,7 +65,7 @@ private function checkUrl($validationUrl, $domain, $validationCode)
             $response = false;
         }
 
-        if ($uri['query']) {
+        if (array_key_exists('query', $uri) && $uri['query']) {
             $this->buildUrlViolation('organizations.validation.error.query_string');
             $response = false;
         }
diff --git a/src/LoginCidadao/OAuthBundle/Validator/Constraints/SectorIdentifier.php b/src/LoginCidadao/OAuthBundle/Validator/Constraints/SectorIdentifier.php
new file mode 100644
index 000000000..135181a08
--- /dev/null
+++ b/src/LoginCidadao/OAuthBundle/Validator/Constraints/SectorIdentifier.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * This file is part of the login-cidadao project or it's bundles.
+ *
+ * (c) Guilherme Donato <guilhermednt on github>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace LoginCidadao\OAuthBundle\Validator\Constraints;
+
+use Symfony\Component\Validator\Constraint;
+
+/**
+ * @Annotation
+ * @Target("CLASS")
+ */
+class SectorIdentifier extends Constraint
+{
+
+    public function validatedBy()
+    {
+        return get_class($this).'Validator';
+    }
+
+    public function getTargets()
+    {
+        return self::CLASS_CONSTRAINT;
+    }
+}
diff --git a/src/LoginCidadao/OAuthBundle/Validator/Constraints/SectorIdentifierValidator.php b/src/LoginCidadao/OAuthBundle/Validator/Constraints/SectorIdentifierValidator.php
new file mode 100644
index 000000000..396437c7b
--- /dev/null
+++ b/src/LoginCidadao/OAuthBundle/Validator/Constraints/SectorIdentifierValidator.php
@@ -0,0 +1,46 @@
+<?php
+/**
+ * This file is part of the login-cidadao project or it's bundles.
+ *
+ * (c) Guilherme Donato <guilhermednt on github>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace LoginCidadao\OAuthBundle\Validator\Constraints;
+
+use LoginCidadao\OAuthBundle\Entity\Organization;
+use Symfony\Component\Validator\Constraint;
+use Symfony\Component\Validator\ConstraintValidator;
+
+class SectorIdentifierValidator extends ConstraintValidator
+{
+
+    /**
+     * @param Organization $organization
+     * @param Constraint $constraint
+     */
+    public function validate($organization, Constraint $constraint)
+    {
+        if (!$organization->getSectorIdentifierUri()) {
+            return;
+        }
+
+        $sectorIdentifierUri = $organization->getSectorIdentifierUri();
+        $domain = $organization->getDomain();
+
+        $uri = parse_url($sectorIdentifierUri);
+
+        if ($uri['host'] !== $domain) {
+            $this->buildUrlViolation('organizations.validation.error.invalid_domain');
+        }
+    }
+
+    private function buildUrlViolation($message)
+    {
+        $this->context->buildViolation($message)
+            ->atPath('sectorIdentifierUri')
+            ->addViolation();
+    }
+}
diff --git a/src/LoginCidadao/OpenIDBundle/Controller/AuthorizeController.php b/src/LoginCidadao/OpenIDBundle/Controller/AuthorizeController.php
index 4d60616da..e75ac4077 100644
--- a/src/LoginCidadao/OpenIDBundle/Controller/AuthorizeController.php
+++ b/src/LoginCidadao/OpenIDBundle/Controller/AuthorizeController.php
@@ -3,6 +3,11 @@
 namespace LoginCidadao\OpenIDBundle\Controller;
 
 use FOS\OAuthServerBundle\Event\OAuthEvent;
+use LoginCidadao\OAuthBundle\Entity\Organization;
+use LoginCidadao\OpenIDBundle\Entity\ClientMetadata;
+use LoginCidadao\OpenIDBundle\Manager\ClientManager;
+use LoginCidadao\OpenIDBundle\Validator\SectorIdentifierUriChecker;
+use Symfony\Bundle\FrameworkBundle\Client;
 use Symfony\Component\HttpFoundation\Request;
 use OAuth2\ServerBundle\Controller\AuthorizeController as BaseController;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
@@ -20,8 +25,8 @@ class AuthorizeController extends BaseController
      */
     public function handleAuthorizeAction()
     {
-        $request       = $this->getRequest();
-        $scope         = $request->request->get('scope');
+        $request = $this->getRequest();
+        $scope = $request->request->get('scope');
         $is_authorized = $request->request->has('rejected') === false || $request->request->has('accepted')
             === true;
         $request->request->set('scope', implode(' ', $scope));
@@ -41,9 +46,14 @@ public function handleAuthorizeAction()
     /**
      * @Template()
      */
-    public function authorizeAction($client_id, $scope, $response_type,
-                                    $redirect_uri, $state = null, $nonce = null)
-    {
+    public function authorizeAction(
+        $client_id,
+        $scope,
+        $response_type,
+        $redirect_uri,
+        $state = null,
+        $nonce = null
+    ) {
         $client = $this->getClient($client_id);
 
         $scope = explode(' ', $scope);
@@ -52,23 +62,27 @@ public function authorizeAction($client_id, $scope, $response_type,
         }
 
         $scopeManager = $this->getScopeManager();
-        $scopes       = array_map(function($value) {
-            return $value->getScope();
-        }, $scopeManager->findScopesByScopes($scope));
+        $scopes = array_map(
+            function ($value) {
+                return $value->getScope();
+            },
+            $scopeManager->findScopesByScopes($scope)
+        );
 
         $warnUntrusted = $this->shouldWarnUntrusted($client);
-
-        $qs = compact('client_id', 'scope', 'response_type', 'redirect_uri',
-            'state', 'nonce');
-        return compact('qs', 'scopes', 'client', 'warnUntrusted');
-    }
-
-    /**
-     * @return \OAuth2\ServerBundle\Manager\ScopeManager
-     */
-    private function getScopeManager()
-    {
-        return $this->get('oauth2.scope_manager');
+        $metadata = $this->getMetadata($client);
+        $organization = $this->getOrganization($metadata);
+
+        $qs = compact(
+            'client_id',
+            'scope',
+            'response_type',
+            'redirect_uri',
+            'state',
+            'nonce'
+        );
+
+        return compact('qs', 'scopes', 'client', 'warnUntrusted', 'metadata', 'organization');
     }
 
     /**
@@ -79,7 +93,7 @@ private function getScopeManager()
     public function validateAuthorizeAction()
     {
         $request = $this->getRequest();
-        $client  = $this->getClient($request);
+        $client = $this->getClient($request);
 
         if ($client instanceof \FOS\OAuthServerBundle\Model\ClientInterface) {
             $event = $this->get('event_dispatcher')->dispatch(
@@ -89,19 +103,32 @@ public function validateAuthorizeAction()
 
             $server = $this->get('oauth2.server');
             if ($event->isAuthorizedClient()) {
-                return $this->handleAuthorize($server,
-                        $event->isAuthorizedClient());
+                return $this->handleAuthorize(
+                    $server,
+                    $event->isAuthorizedClient()
+                );
             }
         }
 
         return parent::validateAuthorizeAction();
     }
 
+    /**
+     * @return \OAuth2\ServerBundle\Manager\ScopeManager
+     */
+    private function getScopeManager()
+    {
+        return $this->get('oauth2.scope_manager');
+    }
+
     private function handleAuthorize($server, $is_authorized)
     {
-        return $server->handleAuthorizeRequest($this->get('oauth2.request'),
-                $this->get('oauth2.response'), $is_authorized,
-                $this->getUser()->getId());
+        return $server->handleAuthorizeRequest(
+            $this->get('oauth2.request'),
+            $this->get('oauth2.response'),
+            $is_authorized,
+            $this->getUser()->getId()
+        );
     }
 
     private function getClient($fullId)
@@ -110,27 +137,66 @@ private function getClient($fullId)
             $fullId = $fullId->get('client_id');
         }
 
-        $id = explode('_', $fullId);
-        $er = $this->getDoctrine()
-            ->getRepository('LoginCidadaoOAuthBundle:Client');
+        /** @var ClientManager $clientManager */
+        $clientManager = $this->get('lc.client_manager');
 
-        return $er->find($id[0]);
+        return $clientManager->getClientById($fullId);
     }
 
     private function shouldWarnUntrusted(ClientInterface $client)
     {
-        $authorizeUntrusted = $this->getParameter('warn_untrusted');
+        $warnUntrusted = $this->getParameter('warn_untrusted');
+        $metadata = $this->getMetadata($client);
 
-        if ($client->getOrganization() instanceof OrganizationInterface) {
-            $isTrusted = $client->getOrganization()->isTrusted();
+        if ($metadata->getOrganization() instanceof OrganizationInterface) {
+            $isTrusted = $metadata->getOrganization()->isTrusted();
         } else {
             $isTrusted = false;
         }
 
-        if ($isTrusted || $authorizeUntrusted) {
+        if ($isTrusted || !$warnUntrusted) {
             return false; // do not warn
         }
 
         return true; // warn
     }
+
+    private function getMetadata(ClientInterface $client)
+    {
+        $repo = $this->getDoctrine()->getRepository('LoginCidadaoOpenIDBundle:ClientMetadata');
+
+        return $repo->findOneBy(['client' => $client]);
+    }
+
+    private function getOrganization(ClientMetadata $metadata = null)
+    {
+        if ($metadata === null) {
+            return null;
+        }
+
+        if ($metadata->getOrganization() === null && $metadata->getSectorIdentifierUri()) {
+            $sectorIdentifierUri = $metadata->getSectorIdentifierUri();
+            $verified = $this->getSectorIdentifierUriChecker()->check($metadata, $sectorIdentifierUri);
+            $uri = parse_url($sectorIdentifierUri);
+            $domain = $uri['host'];
+
+            $organization = new Organization();
+            $organization->setDomain($domain)
+                ->setName($domain)
+                ->setTrusted(false)
+                ->setVerifiedAt($verified ? new \DateTime() : null);
+
+            return $organization;
+        }
+
+        return $metadata->getOrganization();
+    }
+
+    /**
+     * @return SectorIdentifierUriChecker
+     */
+    private function getSectorIdentifierUriChecker()
+    {
+        return $this->get('checker.sector_identifier_uri');
+    }
 }
diff --git a/src/LoginCidadao/OpenIDBundle/Entity/ClientMetadata.php b/src/LoginCidadao/OpenIDBundle/Entity/ClientMetadata.php
index b4177928d..171e51c30 100644
--- a/src/LoginCidadao/OpenIDBundle/Entity/ClientMetadata.php
+++ b/src/LoginCidadao/OpenIDBundle/Entity/ClientMetadata.php
@@ -10,8 +10,9 @@
 
 namespace LoginCidadao\OpenIDBundle\Entity;
 
+use LoginCidadao\OAuthBundle\Model\OrganizationInterface;
 use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
-use LoginCidadao\OpenIDBundle\Constraints\SectorIdentifier;
+use LoginCidadao\OpenIDBundle\Validator\Constraints\SectorIdentifierUri;
 use Symfony\Component\Validator\Constraints as Assert;
 use LoginCidadao\OAuthBundle\Entity\Client;
 use JMS\Serializer\Annotation as JMS;
@@ -23,7 +24,7 @@
  * @ORM\HasLifecycleCallbacks
  * @ORM\Table(name="client_metadata")
  * @JMS\ExclusionPolicy("all")
- * @SectorIdentifier
+ * @SectorIdentifierUri
  */
 class ClientMetadata
 {
@@ -157,7 +158,7 @@ class ClientMetadata
     /**
      * @JMS\Expose
      * @JMS\Groups({"client_metadata"})
-     * @Assert\Url(checkDNS = true)
+     * @Assert\Url(checkDNS = true, protocols = {"https"})
      * @Assert\Type(type="string")
      * @ORM\Column(type="string", length=2000, nullable=true)
      */
@@ -310,6 +311,13 @@ class ClientMetadata
      */
     protected $registration_access_token;
 
+    /**
+     * @var OrganizationInterface
+     * @ORM\ManyToOne(targetEntity="LoginCidadao\OAuthBundle\Model\OrganizationInterface", inversedBy="clients")
+     * @ORM\JoinColumn(name="organization_id", referencedColumnName="id", onDelete="SET NULL")
+     */
+    protected $organization;
+
     public function __construct()
     {
         $this->response_types = array('code');
@@ -693,6 +701,13 @@ public function getClientId()
         return $this->client_id;
     }
 
+    public function setClientId($client_id)
+    {
+        $this->client_id = $client_id;
+
+        return $this;
+    }
+
     /**
      * @JMS\Groups({"client_metadata"})
      * @JMS\VirtualProperty
@@ -707,13 +722,6 @@ public function getClientSecret()
         return $this->client_secret;
     }
 
-    public function setClientId($client_id)
-    {
-        $this->client_id = $client_id;
-
-        return $this;
-    }
-
     public function setClientSecret($client_secret)
     {
         $this->client_secret = $client_secret;
@@ -841,4 +849,20 @@ public function getRegistrationAccessToken()
     {
         return $this->registration_access_token;
     }
+
+    /**
+     * @return OrganizationInterface
+     */
+    public function getOrganization()
+    {
+        return $this->organization;
+    }
+
+    /**
+     * @param OrganizationInterface $organization
+     */
+    public function setOrganization($organization = null)
+    {
+        $this->organization = $organization;
+    }
 }
diff --git a/src/LoginCidadao/OpenIDBundle/EventListenner/CoreEventsSubscriber.php b/src/LoginCidadao/OpenIDBundle/EventListenner/CoreEventsSubscriber.php
new file mode 100644
index 000000000..b30a30258
--- /dev/null
+++ b/src/LoginCidadao/OpenIDBundle/EventListenner/CoreEventsSubscriber.php
@@ -0,0 +1,70 @@
+<?php
+/**
+ * This file is part of the login-cidadao project or it's bundles.
+ *
+ * (c) Guilherme Donato <guilhermednt on github>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace LoginCidadao\OpenIDBundle\EventListenner;
+
+use Doctrine\ORM\EntityManager;
+use LoginCidadao\CoreBundle\Event\GetClientEvent;
+use LoginCidadao\CoreBundle\Event\LoginCidadaoCoreEvents;
+use LoginCidadao\OpenIDBundle\Validator\SectorIdentifierUriChecker;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+
+class CoreEventsSubscriber implements EventSubscriberInterface
+{
+    /** @var EntityManager */
+    protected $em;
+
+    /** @var SectorIdentifierUriChecker */
+    protected $sectorIdentifierUriChecker;
+
+    /** @var boolean */
+    protected $revalidateSectorIdentifierUriOnAuth;
+
+    /**
+     * CoreEventsListener constructor.
+     * @param EntityManager $em
+     * @param SectorIdentifierUriChecker $sectorIdentifierUriChecker
+     * @param boolean $revalidateSectorIdentifierUriOnAuth
+     */
+    public function __construct(
+        EntityManager $em,
+        SectorIdentifierUriChecker $sectorIdentifierUriChecker,
+        $revalidateSectorIdentifierUriOnAuth
+    ) {
+        $this->em = $em;
+        $this->sectorIdentifierUriChecker = $sectorIdentifierUriChecker;
+        $this->revalidateSectorIdentifierUriOnAuth = $revalidateSectorIdentifierUriOnAuth;
+    }
+
+
+    public static function getSubscribedEvents()
+    {
+        return array(
+            LoginCidadaoCoreEvents::GET_CLIENT => array(
+                array('onGetClient', 10),
+            ),
+        );
+    }
+
+    public function onGetClient(GetClientEvent $event)
+    {
+        if ($this->revalidateSectorIdentifierUriOnAuth === false) {
+            return;
+        }
+
+        $repo = $this->em->getRepository('LoginCidadaoOpenIDBundle:ClientMetadata');
+        $metadata = $repo->findOneBy(
+            array(
+                'client' => $event->getClient(),
+            )
+        );
+        $this->sectorIdentifierUriChecker->recheck($metadata);
+    }
+}
diff --git a/src/LoginCidadao/OpenIDBundle/Form/ClientMetadataWebForm.php b/src/LoginCidadao/OpenIDBundle/Form/ClientMetadataWebForm.php
index cff8d2b00..6db723fb7 100644
--- a/src/LoginCidadao/OpenIDBundle/Form/ClientMetadataWebForm.php
+++ b/src/LoginCidadao/OpenIDBundle/Form/ClientMetadataWebForm.php
@@ -21,6 +21,7 @@ class ClientMetadataWebForm extends AbstractType
     public function buildForm(FormBuilderInterface $builder, array $options)
     {
         $builder
+            ->add('organization', 'text', array('disabled' => true))
             ->add($builder->create('request_uris',
                     'Symfony\Component\Form\Extension\Core\Type\TextareaType',
                     array('required' => false)
diff --git a/src/LoginCidadao/OpenIDBundle/Manager/ClientManager.php b/src/LoginCidadao/OpenIDBundle/Manager/ClientManager.php
index 261c6b277..4ea95bc09 100644
--- a/src/LoginCidadao/OpenIDBundle/Manager/ClientManager.php
+++ b/src/LoginCidadao/OpenIDBundle/Manager/ClientManager.php
@@ -11,26 +11,39 @@
 namespace LoginCidadao\OpenIDBundle\Manager;
 
 use Doctrine\ORM\EntityManager;
-use LoginCidadao\OAuthBundle\Model\AccessTokenManager;
+use LoginCidadao\CoreBundle\Event\GetClientEvent;
+use LoginCidadao\CoreBundle\Event\LoginCidadaoCoreEvents;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 
 class ClientManager
 {
+    /** @var EventDispatcherInterface */
+    protected $dispatcher;
+
     /** @var EntityManager */
     private $em;
 
-    /** @var AccessTokenManager */
-    private $accessTokenManager;
-
-    public function __construct(EntityManager $em,
-                                AccessTokenManager $accessTokenManager)
-    {
+    public function __construct(
+        EntityManager $em,
+        EventDispatcherInterface $dispatcher
+    ) {
         $this->em = $em;
-
-        $this->accessTokenManager = $accessTokenManager;
+        $this->dispatcher = $dispatcher;
     }
 
-    public function getClient()
+    public function getClientById($id)
     {
-        
+        if (strstr($id, '_') !== false) {
+            $parts = explode('_', $id);
+            $id = $parts[0];
+        }
+
+        $repo = $this->em->getRepository('LoginCidadaoOAuthBundle:Client');
+
+        $client = $repo->find($id);
+        $event = new GetClientEvent($client);
+        $this->dispatcher->dispatch(LoginCidadaoCoreEvents::GET_CLIENT, $event);
+
+        return $event->getClient();
     }
 }
diff --git a/src/LoginCidadao/OpenIDBundle/Resources/config/services.yml b/src/LoginCidadao/OpenIDBundle/Resources/config/services.yml
index d0a17bf8b..efcef4b52 100644
--- a/src/LoginCidadao/OpenIDBundle/Resources/config/services.yml
+++ b/src/LoginCidadao/OpenIDBundle/Resources/config/services.yml
@@ -1,4 +1,7 @@
 parameters:
+    validator.sector_identifier_uri.class: LoginCidadao\OpenIDBundle\Validator\Constraints\SectorIdentifierUriValidator
+    checker.sector_identifier_uri.class: LoginCidadao\OpenIDBundle\Validator\SectorIdentifierUriChecker
+
     oidc.person.serialize.listenner.class: LoginCidadao\OpenIDBundle\EventListenner\PersonSerializeEventListenner
     oidc.storage.session_state.class: LoginCidadao\OpenIDBundle\Storage\SessionState
 
@@ -78,3 +81,38 @@ services:
         arguments:
             - "@oauth2.response_types.code"
             - "@oauth2.response_types.id_token"
+
+    organization.repository:
+        class: Doctrine\ORM\EntityRepository
+        factory: ["@doctrine.orm.entity_manager", getRepository]
+        arguments:
+            - LoginCidadao\OAuthBundle\Entity\Organization
+
+    checker.sector_identifier_uri:
+        arguments:
+            - "@doctrine.orm.entity_manager"
+        class: %checker.sector_identifier_uri.class%
+
+    validator.sector_identifier_uri:
+        class: %validator.sector_identifier_uri.class%
+        arguments:
+            - "@organization.repository"
+            - "@checker.sector_identifier_uri"
+        tags:
+            - { name: validator.constraint_validator, alias: sector_identifier_uri }
+
+    oidc.core.events_subscriber:
+        class: LoginCidadao\OpenIDBundle\EventListenner\CoreEventsSubscriber
+        arguments:
+            - "@doctrine.orm.entity_manager"
+            - "@checker.sector_identifier_uri"
+            - "%revalidate_sector_identifier_uri_on_auth%"
+        tags:
+            - { name: kernel.event_subscriber }
+
+    lc.client_manager:
+        class: LoginCidadao\OpenIDBundle\Manager\ClientManager
+        arguments:
+            - "@doctrine.orm.entity_manager"
+            - "@event_dispatcher"
+            - ""
diff --git a/src/LoginCidadao/OpenIDBundle/Resources/views/Authorize/form.html.twig b/src/LoginCidadao/OpenIDBundle/Resources/views/Authorize/form.html.twig
index f71432012..005a85bd3 100644
--- a/src/LoginCidadao/OpenIDBundle/Resources/views/Authorize/form.html.twig
+++ b/src/LoginCidadao/OpenIDBundle/Resources/views/Authorize/form.html.twig
@@ -3,7 +3,7 @@
 {% set not_verified %}<span class="label label-danger" title="{{ 'organizations.validation.on_authorize.info.domain_not_verified' | trans }}"><span class="glyphicon glyphicon-alert"></span></span>{% endset %}
 <form action="{{ qs is defined ? '?' ~ qs|url_encode : path('fos_oauth_server_authorize') }}" method="post" class="fos_oauth_server_authorize">
     {% if is_granted('FEATURE_ORGANIZATIONS') %}
-        {% if client.organization is empty or client.organization.isVerified is same as(false) %}
+        {% if organization is empty or organization.isVerified is same as(false) %}
             {% set status_label = not_verified %}
             <div class="alert bg-danger" role="alert">
                 <strong>{{ 'organizations.validation.on_authorize.warn_not_verified.attention' | trans }}</strong>
@@ -77,9 +77,9 @@
                 <div class="row">
                     <div class="col-xs-12 text-center">
                         <div class="well well-sm">
-                            {% if client.organization is not empty %}
-                                <p>{{ 'organizations.validation.on_authorize.info.provided_by' | trans({'%name%': client.organization.name | striptags, '%domain%': client.organization.domain | striptags, '%label%': status_label }) | raw }}</p>
-                                <p>{{ 'organizations.validation.on_authorize.info.warn_trust' | trans({'%name%': client.organization.name | striptags, '%domain%': client.organization.domain | striptags}) | raw }}</p>
+                            {% if organization is not empty %}
+                                <p>{{ 'organizations.validation.on_authorize.info.provided_by' | trans({'%name%': organization.name | striptags, '%domain%': organization.domain | striptags, '%label%': status_label }) | raw }}</p>
+                                <p>{{ 'organizations.validation.on_authorize.info.warn_trust' | trans({'%name%': organization.name | striptags, '%domain%': organization.domain | striptags}) | raw }}</p>
                             {% else %}
                                 <p>{{ 'organizations.validation.on_authorize.info.no_organization.provided_by' | trans | raw }}</p>
                                 <p>{{ 'organizations.validation.on_authorize.info.no_organization.warn_trust' | trans | raw }}</p>
diff --git a/src/LoginCidadao/OpenIDBundle/Validator/Constraints/SectorIdentifierUri.php b/src/LoginCidadao/OpenIDBundle/Validator/Constraints/SectorIdentifierUri.php
new file mode 100644
index 000000000..0f25b6612
--- /dev/null
+++ b/src/LoginCidadao/OpenIDBundle/Validator/Constraints/SectorIdentifierUri.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * This file is part of the login-cidadao project or it's bundles.
+ *
+ * (c) Guilherme Donato <guilhermednt on github>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace LoginCidadao\OpenIDBundle\Validator\Constraints;
+
+use Symfony\Component\Validator\Constraint;
+
+/**
+ * @Annotation
+ * @Target("CLASS")
+ */
+class SectorIdentifierUri extends Constraint
+{
+
+    public function validatedBy()
+    {
+        return 'sector_identifier_uri';
+    }
+
+    public function getTargets()
+    {
+        return self::CLASS_CONSTRAINT;
+    }
+}
diff --git a/src/LoginCidadao/OpenIDBundle/Validator/Constraints/SectorIdentifierUriValidator.php b/src/LoginCidadao/OpenIDBundle/Validator/Constraints/SectorIdentifierUriValidator.php
new file mode 100644
index 000000000..d2151e811
--- /dev/null
+++ b/src/LoginCidadao/OpenIDBundle/Validator/Constraints/SectorIdentifierUriValidator.php
@@ -0,0 +1,72 @@
+<?php
+/**
+ * This file is part of the login-cidadao project or it's bundles.
+ *
+ * (c) Guilherme Donato <guilhermednt on github>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace LoginCidadao\OpenIDBundle\Validator\Constraints;
+
+use Doctrine\ORM\EntityManager;
+use LoginCidadao\OAuthBundle\Entity\Client;
+use LoginCidadao\OAuthBundle\Entity\Organization;
+use LoginCidadao\OAuthBundle\Entity\OrganizationRepository;
+use LoginCidadao\OpenIDBundle\Entity\ClientMetadata;
+use LoginCidadao\OpenIDBundle\Validator\SectorIdentifierUriChecker;
+use Symfony\Component\Validator\Constraint;
+use Symfony\Component\Validator\ConstraintValidator;
+
+class SectorIdentifierUriValidator extends ConstraintValidator
+{
+
+    /** @var OrganizationRepository */
+    private $orgRepo;
+
+    /** @var SectorIdentifierUriChecker */
+    private $uriChecker;
+
+    /**
+     * SectorIdentifierUriValidator constructor.
+     * @param OrganizationRepository $orgRepo
+     */
+    public function __construct(OrganizationRepository $orgRepo, SectorIdentifierUriChecker $uriChecker)
+    {
+        $this->orgRepo = $orgRepo;
+        $this->uriChecker = $uriChecker;
+    }
+
+    /**
+     * @param ClientMetadata $metadata
+     * @param Constraint $constraint
+     */
+    public function validate($metadata, Constraint $constraint)
+    {
+        if (!$metadata->getSectorIdentifierUri()) {
+            return;
+        }
+
+        $sectorIdentifierUri = $metadata->getSectorIdentifierUri();
+
+        /** @var Organization $organization */
+        $organization = $this->orgRepo->findOneBy(compact('sectorIdentifierUri'));
+
+        $success = $this->uriChecker->check($metadata, $sectorIdentifierUri);
+        if (!$success) {
+            $metadata->setOrganization(null);
+        }
+
+        if ($success && $organization instanceof Organization) {
+            $metadata->setOrganization($organization);
+        }
+    }
+
+    private function buildUrlViolation($message)
+    {
+        $this->context->buildViolation($message)
+            ->atPath('sector_identifier_uri')
+            ->addViolation();
+    }
+}
diff --git a/src/LoginCidadao/OpenIDBundle/Validator/SectorIdentifierUriChecker.php b/src/LoginCidadao/OpenIDBundle/Validator/SectorIdentifierUriChecker.php
new file mode 100644
index 000000000..51b8cbe8b
--- /dev/null
+++ b/src/LoginCidadao/OpenIDBundle/Validator/SectorIdentifierUriChecker.php
@@ -0,0 +1,70 @@
+<?php
+/**
+ * This file is part of the login-cidadao project or it's bundles.
+ *
+ * (c) Guilherme Donato <guilhermednt on github>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace LoginCidadao\OpenIDBundle\Validator;
+
+use Doctrine\ORM\EntityManager;
+use LoginCidadao\OpenIDBundle\Entity\ClientMetadata;
+
+class SectorIdentifierUriChecker
+{
+    /** @var EntityManager */
+    private $em;
+
+    /**
+     * SectorIdentifierUriChecker constructor.
+     * @param EntityManager $em
+     */
+    public function __construct(EntityManager $em)
+    {
+        $this->em = $em;
+    }
+
+    /**
+     * @param ClientMetadata $metadata
+     * @param $sectorIdentifierUri
+     * @return bool
+     */
+    public function check(ClientMetadata $metadata, $sectorIdentifierUri)
+    {
+        $ch = curl_init();
+        curl_setopt($ch, CURLOPT_URL, $sectorIdentifierUri);
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+        $response = curl_exec($ch);
+
+        $allowedUris = json_decode(trim($response));
+
+        if (!is_array($allowedUris)) {
+            return false;
+        }
+        
+        foreach ($metadata->getRedirectUris() as $uri) {
+            if (array_search($uri, $allowedUris) === false) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    public function recheck(ClientMetadata $metadata)
+    {
+        $url = $metadata->getSectorIdentifierUri();
+
+        if ($url !== null && !$this->check($metadata, $url)) {
+            $metadata->setOrganization(null);
+            $metadata->setSectorIdentifierUri(null);
+            $this->em->persist($metadata);
+            $this->em->flush($metadata);
+        }
+
+        return $metadata;
+    }
+}
\ No newline at end of file

From 4fdc92d99ed32454179e43e081893a053d6fcc14 Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Mon, 25 Apr 2016 15:21:19 -0300
Subject: [PATCH 12/14] PathWell Topology check redelivre#32 (#390)

* implemented PathWell Topology check redelivre#32

* fixed composer.json
---
 app/AppKernel.php                             |   2 +
 composer.json                                 |  94 +++---
 composer.lock                                 | 308 ++++++++++--------
 src/LoginCidadao/CoreBundle/Entity/Person.php |  14 +
 4 files changed, 241 insertions(+), 177 deletions(-)

diff --git a/app/AppKernel.php b/app/AppKernel.php
index 489d01826..6d6f6080f 100644
--- a/app/AppKernel.php
+++ b/app/AppKernel.php
@@ -58,6 +58,8 @@ public function registerBundles()
             new Nelmio\CorsBundle\NelmioCorsBundle(),
             new Nelmio\SecurityBundle\NelmioSecurityBundle(),
             new Liip\MonitorBundle\LiipMonitorBundle(),
+
+            new Donato\PathWellBundle\DonatoPathWellBundle(),
         );
 
         if (in_array($this->getEnvironment(), array('dev', 'test'))) {
diff --git a/composer.json b/composer.json
index b6e40c468..52946a151 100644
--- a/composer.json
+++ b/composer.json
@@ -1,44 +1,44 @@
 {
-    "name" : "symfony/framework-standard-edition",
-    "license" : "MIT",
-    "type" : "project",
-    "description" : "The \"Symfony Standard Edition\" distribution",
-    "autoload" : {
-        "psr-4" : {
-            "" : "src/",
+    "name": "symfony/framework-standard-edition",
+    "license": "MIT",
+    "type": "project",
+    "description": "The \"Symfony Standard Edition\" distribution",
+    "autoload": {
+        "psr-4": {
+            "": "src/",
             "SymfonyStandard\\": "app/"
         }
     },
-    "repositories" : [
+    "repositories": [
         {
-            "type" : "vcs",
-            "url" : "https://github.com/PROCERGS/EWZRecaptchaBundle"
+            "type": "vcs",
+            "url": "https://github.com/PROCERGS/EWZRecaptchaBundle"
         },
         {
-            "type" : "vcs",
-            "url" : "https://github.com/PROCERGS/login-cidadao-badges-bundle"
+            "type": "vcs",
+            "url": "https://github.com/PROCERGS/login-cidadao-badges-bundle"
         }
     ],
-    "require" : {
-        "php" : ">=5.5",
-        "symfony/symfony" : "2.8.*",
-        "doctrine/orm" : "~2.4",
+    "require": {
+        "php": ">=5.4.16",
+        "symfony/symfony": "2.8.*",
+        "doctrine/orm": "~2.4",
         "doctrine/dbal": "<2.5",
-        "doctrine/doctrine-bundle" : "~1.5",
-        "symfony/assetic-bundle" : "^2.7",
-        "symfony/swiftmailer-bundle" : "~2.3",
-        "symfony/monolog-bundle" : "~2.4",
-        "sensio/distribution-bundle" : "~3.0,>=3.0.12",
-        "sensio/framework-extra-bundle" : "~3.0,>=3.0.2,<3.0.13",
-        "incenteev/composer-parameter-handler" : "~2.0",
-        "friendsofsymfony/user-bundle" : "~2.0@dev",
-        "friendsofsymfony/oauth-server-bundle" : "dev-master",
-        "jms/serializer-bundle" : "*",
-        "simplethings/entity-audit-bundle" : "0.7",
-        "hwi/oauth-bundle" : "0.3.*@dev",
-        "facebook/php-sdk" : "3.2.0",
-        "friendsofsymfony/facebook-bundle" : "1.3.*",
-        "excelwebzone/recaptcha-bundle" : "dev-test-proxy",
+        "doctrine/doctrine-bundle": "~1.5",
+        "symfony/assetic-bundle": "^2.7",
+        "symfony/swiftmailer-bundle": "~2.3",
+        "symfony/monolog-bundle": "~2.4",
+        "sensio/distribution-bundle": "~3.0,>=3.0.12",
+        "sensio/framework-extra-bundle": "~3.0,>=3.0.2,<3.0.13",
+        "incenteev/composer-parameter-handler": "~2.0",
+        "friendsofsymfony/user-bundle": "~2.0@dev",
+        "friendsofsymfony/oauth-server-bundle": "dev-master",
+        "jms/serializer-bundle": "*",
+        "simplethings/entity-audit-bundle": "0.7",
+        "hwi/oauth-bundle": "0.3.*@dev",
+        "facebook/php-sdk": "3.2.0",
+        "friendsofsymfony/facebook-bundle": "1.3.*",
+        "excelwebzone/recaptcha-bundle": "dev-test-proxy",
         "guilhermednt/hwi-oauth-proxy-bundle": "dev-master",
         "vich/uploader-bundle": "^0.14.0",
         "knplabs/knp-gaufrette-bundle": "0.2.*@dev",
@@ -57,16 +57,17 @@
         "oro/doctrine-extensions": "^1.0",
         "nelmio/cors-bundle": "^1.4",
         "nelmio/security-bundle": "^1.8",
-        "liip/monitor-bundle": "^2.2"
+        "liip/monitor-bundle": "^2.2",
+        "guilhermednt/pathwell-bundle": "0.0.3"
     },
     "require-dev": {
-        "sensio/generator-bundle" : "~2.3"
+        "sensio/generator-bundle": "~2.3"
     },
-    "scripts" : {
+    "scripts": {
         "post-root-package-install": [
             "SymfonyStandard\\Composer::hookRootPackageInstall"
         ],
-        "post-install-cmd" : [
+        "post-install-cmd": [
             "Incenteev\\ParameterHandler\\ScriptHandler::buildParameters",
             "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::buildBootstrap",
             "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::clearCache",
@@ -75,7 +76,7 @@
             "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::removeSymfonyStandardFiles",
             "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::prepareDeploymentTarget"
         ],
-        "post-update-cmd" : [
+        "post-update-cmd": [
             "Incenteev\\ParameterHandler\\ScriptHandler::buildParameters",
             "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::buildBootstrap",
             "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::clearCache",
@@ -85,18 +86,21 @@
             "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::prepareDeploymentTarget"
         ]
     },
-    "config" : {
-        "bin-dir" : "bin"
+    "config": {
+        "bin-dir": "bin",
+        "platfrom": {
+            "php": "5.4.16"
+        }
     },
-    "extra" : {
-        "symfony-app-dir" : "app",
-        "symfony-web-dir" : "web",
+    "extra": {
+        "symfony-app-dir": "app",
+        "symfony-web-dir": "web",
         "symfony-assets-install": "relative",
-        "incenteev-parameters" : {
-            "file" : "app/config/parameters.yml"
+        "incenteev-parameters": {
+            "file": "app/config/parameters.yml"
         },
-        "branch-alias" : {
-            "dev-master" : "2.7-dev"
+        "branch-alias": {
+            "dev-master": "2.8-dev"
         }
     }
 }
diff --git a/composer.lock b/composer.lock
index bedced7c5..c92044ea0 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,8 +4,8 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "43fde8f45d40a84ac37b13754756bb82",
-    "content-hash": "d40e08265ed205b1d627f58ddddf2b95",
+    "hash": "ffe8edfd458e4e4db2ec48fcca704a0e",
+    "content-hash": "849ca699ba95c8ba9c1aaa409534af0c",
     "packages": [
         {
             "name": "bshaffer/oauth2-server-bundle",
@@ -1119,17 +1119,18 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/FriendsOfSymfony/FOSOAuthServerBundle.git",
-                "reference": "0b25cdaae8983c630bb62d14b6993219b1dadb8d"
+                "reference": "1b851d77f3535396d20a402f57a3781bc6548409"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/FriendsOfSymfony/FOSOAuthServerBundle/zipball/0b25cdaae8983c630bb62d14b6993219b1dadb8d",
-                "reference": "0b25cdaae8983c630bb62d14b6993219b1dadb8d",
+                "url": "https://api.github.com/repos/FriendsOfSymfony/FOSOAuthServerBundle/zipball/1b851d77f3535396d20a402f57a3781bc6548409",
+                "reference": "1b851d77f3535396d20a402f57a3781bc6548409",
                 "shasum": ""
             },
             "require": {
                 "friendsofsymfony/oauth2-php": "~1.1",
                 "php": "^5.3.3|^7.0",
+                "symfony/dependency-injection": "^2.0.5|~3.0",
                 "symfony/framework-bundle": "~2.2|~3.0",
                 "symfony/security-bundle": "~2.1|~3.0"
             },
@@ -1140,6 +1141,7 @@
                 "phing/phing": "~2.4",
                 "propel/propel1": "^1.6.5",
                 "symfony/class-loader": "~2.1|~3.0",
+                "symfony/console": "~2.1|~3.0",
                 "symfony/form": "~2.3|~3.0",
                 "symfony/yaml": "~2.1|~3.0",
                 "willdurand/propel-typehintable-behavior": "^1.0.4"
@@ -1148,6 +1150,7 @@
                 "doctrine/doctrine-bundle": "*",
                 "doctrine/mongodb-odm-bundle": "*",
                 "propel/propel-bundle": "If you want to use Propel with Symfony2, then you will have to install the PropelBundle",
+                "symfony/console": "Needed to be able to use commands",
                 "symfony/form": "Needed to be able to use the AuthorizeFormType",
                 "willdurand/propel-typehintable-behavior": "The Typehintable behavior is useful to add type hints on generated methods, to be compliant with interfaces"
             },
@@ -1183,20 +1186,20 @@
                 "oauth2",
                 "server"
             ],
-            "time": "2016-02-22 13:57:55"
+            "time": "2016-04-18 17:03:14"
         },
         {
             "name": "friendsofsymfony/oauth2-php",
-            "version": "1.2.0",
+            "version": "1.2.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/FriendsOfSymfony/oauth2-php.git",
-                "reference": "4ae0a2aa85566146ef6f0f7169854c49e0c9243a"
+                "reference": "fa2aecb1fca2a03fd5f9aca19fe9adb9dfff928c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/FriendsOfSymfony/oauth2-php/zipball/4ae0a2aa85566146ef6f0f7169854c49e0c9243a",
-                "reference": "4ae0a2aa85566146ef6f0f7169854c49e0c9243a",
+                "url": "https://api.github.com/repos/FriendsOfSymfony/oauth2-php/zipball/fa2aecb1fca2a03fd5f9aca19fe9adb9dfff928c",
+                "reference": "fa2aecb1fca2a03fd5f9aca19fe9adb9dfff928c",
                 "shasum": ""
             },
             "require": {
@@ -1209,7 +1212,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.1.x-dev"
+                    "dev-master": "1.2.x-dev"
                 }
             },
             "autoload": {
@@ -1237,21 +1240,21 @@
                 "oauth",
                 "oauth2"
             ],
-            "time": "2015-12-21 11:32:17"
+            "time": "2016-03-31 14:24:17"
         },
         {
             "name": "friendsofsymfony/rest-bundle",
-            "version": "1.7.7",
+            "version": "1.7.8",
             "target-dir": "FOS/RestBundle",
             "source": {
                 "type": "git",
                 "url": "https://github.com/FriendsOfSymfony/FOSRestBundle.git",
-                "reference": "c79b7e5df96e5581591ceb6a026bd4e5f9346de0"
+                "reference": "691e7c52d7cf9df266c6404180eda1e47cc64f59"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/FriendsOfSymfony/FOSRestBundle/zipball/c79b7e5df96e5581591ceb6a026bd4e5f9346de0",
-                "reference": "c79b7e5df96e5581591ceb6a026bd4e5f9346de0",
+                "url": "https://api.github.com/repos/FriendsOfSymfony/FOSRestBundle/zipball/691e7c52d7cf9df266c6404180eda1e47cc64f59",
+                "reference": "691e7c52d7cf9df266c6404180eda1e47cc64f59",
                 "shasum": ""
             },
             "require": {
@@ -1264,15 +1267,16 @@
                 "willdurand/negotiation": "~1.2"
             },
             "conflict": {
-                "jms/serializer": "<0.12",
+                "jms/serializer": "<0.13",
                 "jms/serializer-bundle": "<0.11",
+                "sensio/framework-extra-bundle": ">=3.0.13",
                 "symfony/validator": ">=2.5.0,<2.5.5"
             },
             "require-dev": {
                 "jms/serializer": "~0.13|~1.0",
-                "jms/serializer-bundle": "~0.12|~1.0",
+                "jms/serializer-bundle": "~0.11|~1.0",
                 "phpoption/phpoption": "~1.1.0",
-                "sensio/framework-extra-bundle": "~2.0|~3.0",
+                "sensio/framework-extra-bundle": "~2.0|~3.0,<3.0.13",
                 "sllh/php-cs-fixer-styleci-bridge": "^1.3",
                 "symfony/browser-kit": "~2.3|~3.0",
                 "symfony/dependency-injection": "~2.3|~3.0",
@@ -1284,8 +1288,8 @@
                 "symfony/yaml": "~2.3|~3.0"
             },
             "suggest": {
-                "jms/serializer-bundle": "Add support for advanced serialization capabilities, recommended, requires ~0.12||~1.0",
-                "sensio/framework-extra-bundle": "Add support for route annotations and the view response listener, requires ~3.0",
+                "jms/serializer-bundle": "Add support for advanced serialization capabilities, recommended, requires ~0.12|~1.0",
+                "sensio/framework-extra-bundle": "Add support for route annotations and the view response listener, requires ~2.0|~3.0",
                 "symfony/serializer": "Add support for basic serialization capabilities and xml decoding, requires ~2.3",
                 "symfony/validator": "Add support for validation capabilities in the ParamFetcher, requires ~2.3"
             },
@@ -1323,7 +1327,7 @@
             "keywords": [
                 "rest"
             ],
-            "time": "2015-12-29 16:02:50"
+            "time": "2016-03-03 17:30:37"
         },
         {
             "name": "friendsofsymfony/user-bundle",
@@ -1331,12 +1335,12 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/FriendsOfSymfony/FOSUserBundle.git",
-                "reference": "a39d000577d735444bee97de9f5ee382e3f85fa1"
+                "reference": "16b04c49af05dd3fb381e4abe04f0e5e231ac76d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/FriendsOfSymfony/FOSUserBundle/zipball/a39d000577d735444bee97de9f5ee382e3f85fa1",
-                "reference": "a39d000577d735444bee97de9f5ee382e3f85fa1",
+                "url": "https://api.github.com/repos/FriendsOfSymfony/FOSUserBundle/zipball/16b04c49af05dd3fb381e4abe04f0e5e231ac76d",
+                "reference": "16b04c49af05dd3fb381e4abe04f0e5e231ac76d",
                 "shasum": ""
             },
             "require": {
@@ -1392,7 +1396,7 @@
             "keywords": [
                 "User management"
             ],
-            "time": "2016-03-01 11:42:24"
+            "time": "2016-03-08 11:05:28"
         },
         {
             "name": "gree/jose",
@@ -1493,6 +1497,44 @@
             ],
             "time": "2014-03-12 17:47:59"
         },
+        {
+            "name": "guilhermednt/pathwell-bundle",
+            "version": "v0.0.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/guilhermednt/pathwell-bundle.git",
+                "reference": "0cf3521af71b711b5824d4563d7be8f4ca3c77be"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/guilhermednt/pathwell-bundle/zipball/0cf3521af71b711b5824d4563d7be8f4ca3c77be",
+                "reference": "0cf3521af71b711b5824d4563d7be8f4ca3c77be",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.4.16",
+                "symfony/framework-bundle": ">=2.8",
+                "symfony/validator": ">=2.8"
+            },
+            "type": "symfony-bundle",
+            "autoload": {
+                "psr-4": {
+                    "Donato\\PathWellBundle\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "GPL-3.0"
+            ],
+            "authors": [
+                {
+                    "name": "Guilherme Donato",
+                    "email": "guilhermednt@users.noreply.github.com"
+                }
+            ],
+            "description": "Symfony Bundle implementing PathWell Topology password policy",
+            "time": "2016-04-01 17:00:22"
+        },
         {
             "name": "hwi/oauth-bundle",
             "version": "0.3.x-dev",
@@ -1848,21 +1890,22 @@
         },
         {
             "name": "jms/di-extra-bundle",
-            "version": "1.7.0",
+            "version": "1.7.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/schmittjoh/JMSDiExtraBundle.git",
-                "reference": "85a989bedcf22495c03bf94339ddc5e856bd9b46"
+                "reference": "27c3fc7150550ccc0731290b2c1ceb57449f909d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/schmittjoh/JMSDiExtraBundle/zipball/85a989bedcf22495c03bf94339ddc5e856bd9b46",
-                "reference": "85a989bedcf22495c03bf94339ddc5e856bd9b46",
+                "url": "https://api.github.com/repos/schmittjoh/JMSDiExtraBundle/zipball/27c3fc7150550ccc0731290b2c1ceb57449f909d",
+                "reference": "27c3fc7150550ccc0731290b2c1ceb57449f909d",
                 "shasum": ""
             },
             "require": {
                 "jms/aop-bundle": "~1.1",
                 "jms/metadata": "~1.0",
+                "php": "~5.3|~7.0",
                 "symfony/dependency-injection": "~2.3|~3.0",
                 "symfony/finder": "~2.3|~3.0",
                 "symfony/framework-bundle": "~2.3|~3.0",
@@ -1873,7 +1916,7 @@
             "require-dev": {
                 "doctrine/doctrine-bundle": "~1.5",
                 "doctrine/orm": "~2.3",
-                "jms/security-extra-bundle": "~1.0@dev",
+                "jms/security-extra-bundle": "~1.0",
                 "phpcollection/phpcollection": ">=0.2,<0.3-dev",
                 "sensio/framework-extra-bundle": "~2.0|~3.0",
                 "symfony/browser-kit": "~2.3|~3.0",
@@ -1912,7 +1955,7 @@
                 "annotations",
                 "dependency injection"
             ],
-            "time": "2016-02-21 22:14:09"
+            "time": "2016-04-18 22:27:09"
         },
         {
             "name": "jms/metadata",
@@ -2007,12 +2050,12 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/schmittjoh/JMSSecurityExtraBundle.git",
-                "reference": "f04ab951e35087e7d9a6cbbc4b3e8f4e5593f8b4"
+                "reference": "c0147c282f345eee1424a4a42817662f4d4e3875"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/schmittjoh/JMSSecurityExtraBundle/zipball/f04ab951e35087e7d9a6cbbc4b3e8f4e5593f8b4",
-                "reference": "f04ab951e35087e7d9a6cbbc4b3e8f4e5593f8b4",
+                "url": "https://api.github.com/repos/schmittjoh/JMSSecurityExtraBundle/zipball/c0147c282f345eee1424a4a42817662f4d4e3875",
+                "reference": "c0147c282f345eee1424a4a42817662f4d4e3875",
                 "shasum": ""
             },
             "require": {
@@ -2075,7 +2118,7 @@
                 "secure",
                 "security"
             ],
-            "time": "2016-02-21 23:30:55"
+            "time": "2016-03-15 21:07:37"
         },
         {
             "name": "jms/serializer",
@@ -2226,16 +2269,16 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/KnpLabs/Gaufrette.git",
-                "reference": "93ba4672b012c74bfe419c033eae1c0a48b1b493"
+                "reference": "f6b36f37bacc2ec3827708e61cf1fa990755b448"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/KnpLabs/Gaufrette/zipball/93ba4672b012c74bfe419c033eae1c0a48b1b493",
-                "reference": "93ba4672b012c74bfe419c033eae1c0a48b1b493",
+                "url": "https://api.github.com/repos/KnpLabs/Gaufrette/zipball/f6b36f37bacc2ec3827708e61cf1fa990755b448",
+                "reference": "f6b36f37bacc2ec3827708e61cf1fa990755b448",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.2"
+                "php": ">=5.4"
             },
             "require-dev": {
                 "amazonwebservices/aws-sdk-for-php": "1.5.*",
@@ -2244,10 +2287,11 @@
                 "dropbox-php/dropbox-php": "*",
                 "google/apiclient": "~1.1.3",
                 "herzult/php-ssh": "*",
+                "league/flysystem": "~1.0",
                 "microsoft/windowsazure": "dev-master",
                 "mikey179/vfsstream": "~1.2.0",
-                "phpseclib/phpseclib": "dev-master",
-                "phpspec/phpspec": "2.0.*",
+                "phpseclib/phpseclib": "^2.0",
+                "phpspec/phpspec": "~2.4",
                 "phpunit/phpunit": "3.7.*",
                 "rackspace/php-opencloud": "1.9.*"
             },
@@ -2265,6 +2309,7 @@
                 "google/apiclient": "to use GoogleCloudStorage adapter",
                 "herzult/php-ssh": "to use SFtp adapter",
                 "knplabs/knp-gaufrette-bundle": "to use with Symfony2",
+                "league/flysystem": "to use Flysystem adapters",
                 "microsoft/windowsazure": "to use Microsoft Azure Blob Storage adapter",
                 "phpseclib/phpseclib": "to use PhpseclibSftp adapter",
                 "rackspace/php-opencloud": "to use Opencloud adapter"
@@ -2302,7 +2347,7 @@
                 "filesystem",
                 "media"
             ],
-            "time": "2016-02-08 12:46:40"
+            "time": "2016-03-26 14:35:33"
         },
         {
             "name": "knplabs/knp-gaufrette-bundle",
@@ -2489,16 +2534,16 @@
         },
         {
             "name": "liip/monitor-bundle",
-            "version": "2.3.1",
+            "version": "2.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/liip/LiipMonitorBundle.git",
-                "reference": "71179b1a26346e452379e039bceba08d19e81880"
+                "reference": "bfda2148df091968114d7a894862206124397f4b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/liip/LiipMonitorBundle/zipball/71179b1a26346e452379e039bceba08d19e81880",
-                "reference": "71179b1a26346e452379e039bceba08d19e81880",
+                "url": "https://api.github.com/repos/liip/LiipMonitorBundle/zipball/bfda2148df091968114d7a894862206124397f4b",
+                "reference": "bfda2148df091968114d7a894862206124397f4b",
                 "shasum": ""
             },
             "require": {
@@ -2557,7 +2602,7 @@
                 "monitor",
                 "monitoring"
             ],
-            "time": "2016-01-12 10:55:23"
+            "time": "2016-04-06 12:11:11"
         },
         {
             "name": "michelf/php-markdown",
@@ -2612,16 +2657,16 @@
         },
         {
             "name": "monolog/monolog",
-            "version": "1.18.0",
+            "version": "1.19.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/Seldaek/monolog.git",
-                "reference": "e19b764b5c855580e8ffa7e615f72c10fd2f99cc"
+                "reference": "5f56ed5212dc509c8dc8caeba2715732abb32dbf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/Seldaek/monolog/zipball/e19b764b5c855580e8ffa7e615f72c10fd2f99cc",
-                "reference": "e19b764b5c855580e8ffa7e615f72c10fd2f99cc",
+                "url": "https://api.github.com/repos/Seldaek/monolog/zipball/5f56ed5212dc509c8dc8caeba2715732abb32dbf",
+                "reference": "5f56ed5212dc509c8dc8caeba2715732abb32dbf",
                 "shasum": ""
             },
             "require": {
@@ -2636,13 +2681,13 @@
                 "doctrine/couchdb": "~1.0@dev",
                 "graylog2/gelf-php": "~1.0",
                 "jakub-onderka/php-parallel-lint": "0.9",
+                "php-amqplib/php-amqplib": "~2.4",
                 "php-console/php-console": "^3.1.3",
                 "phpunit/phpunit": "~4.5",
                 "phpunit/phpunit-mock-objects": "2.3.0",
                 "raven/raven": "^0.13",
                 "ruflin/elastica": ">=0.90 <3.0",
-                "swiftmailer/swiftmailer": "~5.3",
-                "videlalvaro/php-amqplib": "~2.4"
+                "swiftmailer/swiftmailer": "~5.3"
             },
             "suggest": {
                 "aws/aws-sdk-php": "Allow sending log messages to AWS services like DynamoDB",
@@ -2651,11 +2696,11 @@
                 "ext-mongo": "Allow sending log messages to a MongoDB server",
                 "graylog2/gelf-php": "Allow sending log messages to a GrayLog2 server",
                 "mongodb/mongodb": "Allow sending log messages to a MongoDB server via PHP Driver",
+                "php-amqplib/php-amqplib": "Allow sending log messages to an AMQP server using php-amqplib",
                 "php-console/php-console": "Allow sending log messages to Google Chrome",
                 "raven/raven": "Allow sending log messages to a Sentry server",
                 "rollbar/rollbar": "Allow sending log messages to Rollbar",
-                "ruflin/elastica": "Allow sending log messages to an Elastic Search server",
-                "videlalvaro/php-amqplib": "Allow sending log messages to an AMQP server using php-amqplib"
+                "ruflin/elastica": "Allow sending log messages to an Elastic Search server"
             },
             "type": "library",
             "extra": {
@@ -2686,7 +2731,7 @@
                 "logging",
                 "psr-3"
             ],
-            "time": "2016-03-01 18:00:40"
+            "time": "2016-04-12 18:29:35"
         },
         {
             "name": "nelmio/api-doc-bundle",
@@ -2695,12 +2740,12 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/nelmio/NelmioApiDocBundle.git",
-                "reference": "2a0f95eac0ab2aa466545d0b21d15739636811b7"
+                "reference": "2d214fc93464e59ea817ef2ea5a8388eef84be3c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nelmio/NelmioApiDocBundle/zipball/2a0f95eac0ab2aa466545d0b21d15739636811b7",
-                "reference": "2a0f95eac0ab2aa466545d0b21d15739636811b7",
+                "url": "https://api.github.com/repos/nelmio/NelmioApiDocBundle/zipball/2d214fc93464e59ea817ef2ea5a8388eef84be3c",
+                "reference": "2d214fc93464e59ea817ef2ea5a8388eef84be3c",
                 "shasum": ""
             },
             "require": {
@@ -2713,6 +2758,7 @@
             "conflict": {
                 "jms/serializer": "<0.12",
                 "jms/serializer-bundle": "<0.11",
+                "symfony/symfony": "~2.7.8",
                 "twig/twig": "<1.12"
             },
             "require-dev": {
@@ -2741,7 +2787,7 @@
             "type": "symfony-bundle",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "2.11-dev"
+                    "dev-master": "2.12-dev"
                 }
             },
             "autoload": {
@@ -2770,7 +2816,7 @@
                 "documentation",
                 "rest"
             ],
-            "time": "2016-02-24 18:00:28"
+            "time": "2016-04-21 15:38:04"
         },
         {
             "name": "nelmio/cors-bundle",
@@ -2883,16 +2929,16 @@
         },
         {
             "name": "oro/doctrine-extensions",
-            "version": "1.0.11",
+            "version": "1.0.12",
             "source": {
                 "type": "git",
                 "url": "https://github.com/orocrm/doctrine-extensions.git",
-                "reference": "068102e896c8739355b99b794d59d321dff655d7"
+                "reference": "2aab7d5f530d9bc115b6bdb4bf48fe3156453089"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/orocrm/doctrine-extensions/zipball/068102e896c8739355b99b794d59d321dff655d7",
-                "reference": "068102e896c8739355b99b794d59d321dff655d7",
+                "url": "https://api.github.com/repos/orocrm/doctrine-extensions/zipball/2aab7d5f530d9bc115b6bdb4bf48fe3156453089",
+                "reference": "2aab7d5f530d9bc115b6bdb4bf48fe3156453089",
                 "shasum": ""
             },
             "require": {
@@ -2933,20 +2979,20 @@
                 "postgresql",
                 "type"
             ],
-            "time": "2016-01-05 20:17:20"
+            "time": "2016-03-29 10:30:36"
         },
         {
             "name": "paragonie/random_compat",
-            "version": "v1.2.1",
+            "version": "v1.4.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/paragonie/random_compat.git",
-                "reference": "f078eba3bcf140fd69b5fcc3ea5ac809abf729dc"
+                "reference": "c7e26a21ba357863de030f0b9e701c7d04593774"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/f078eba3bcf140fd69b5fcc3ea5ac809abf729dc",
-                "reference": "f078eba3bcf140fd69b5fcc3ea5ac809abf729dc",
+                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/c7e26a21ba357863de030f0b9e701c7d04593774",
+                "reference": "c7e26a21ba357863de030f0b9e701c7d04593774",
                 "shasum": ""
             },
             "require": {
@@ -2981,7 +3027,7 @@
                 "pseudorandom",
                 "random"
             ],
-            "time": "2016-02-29 17:25:04"
+            "time": "2016-03-18 20:34:03"
         },
         {
             "name": "phpcollection/phpcollection",
@@ -3651,16 +3697,16 @@
         },
         {
             "name": "symfony/assetic-bundle",
-            "version": "v2.7.1",
+            "version": "v2.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/assetic-bundle.git",
-                "reference": "d885ec8451d5a7b077bda81bb19ac9fbff9cdc76"
+                "reference": "aa5b4f8b712f38745928fa845ddb73300bb2af6d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/assetic-bundle/zipball/d885ec8451d5a7b077bda81bb19ac9fbff9cdc76",
-                "reference": "d885ec8451d5a7b077bda81bb19ac9fbff9cdc76",
+                "url": "https://api.github.com/repos/symfony/assetic-bundle/zipball/aa5b4f8b712f38745928fa845ddb73300bb2af6d",
+                "reference": "aa5b4f8b712f38745928fa845ddb73300bb2af6d",
                 "shasum": ""
             },
             "require": {
@@ -3717,24 +3763,24 @@
                 "compression",
                 "minification"
             ],
-            "time": "2015-11-17 09:45:47"
+            "time": "2015-12-28 13:12:39"
         },
         {
             "name": "symfony/monolog-bundle",
-            "version": "v2.9.0",
+            "version": "2.11.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/monolog-bundle.git",
-                "reference": "27c2e3eaec7a0ba3462f99ea92678cbfc7b146e4"
+                "reference": "e7caf4936c7be82bc6d68df87f1d23a0d5bf6e00"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/monolog-bundle/zipball/27c2e3eaec7a0ba3462f99ea92678cbfc7b146e4",
-                "reference": "27c2e3eaec7a0ba3462f99ea92678cbfc7b146e4",
+                "url": "https://api.github.com/repos/symfony/monolog-bundle/zipball/e7caf4936c7be82bc6d68df87f1d23a0d5bf6e00",
+                "reference": "e7caf4936c7be82bc6d68df87f1d23a0d5bf6e00",
                 "shasum": ""
             },
             "require": {
-                "monolog/monolog": "~1.12",
+                "monolog/monolog": "~1.18",
                 "php": ">=5.3.2",
                 "symfony/config": "~2.3|~3.0",
                 "symfony/dependency-injection": "~2.3|~3.0",
@@ -3742,13 +3788,14 @@
                 "symfony/monolog-bridge": "~2.3|~3.0"
             },
             "require-dev": {
+                "phpunit/phpunit": "^4.8",
                 "symfony/console": "~2.3|~3.0",
                 "symfony/yaml": "~2.3|~3.0"
             },
             "type": "symfony-bundle",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "2.9.x-dev"
+                    "dev-master": "2.x-dev"
                 }
             },
             "autoload": {
@@ -3776,20 +3823,20 @@
                 "log",
                 "logging"
             ],
-            "time": "2016-03-01 17:53:42"
+            "time": "2016-04-13 16:21:01"
         },
         {
             "name": "symfony/phpunit-bridge",
-            "version": "v2.8.3",
+            "version": "v2.8.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/phpunit-bridge.git",
-                "reference": "ee8ead4f78e21ed6c873d1cc19e141949d9ed493"
+                "reference": "a967db6a4cd5d276cf849d01b29dba559e149978"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/phpunit-bridge/zipball/ee8ead4f78e21ed6c873d1cc19e141949d9ed493",
-                "reference": "ee8ead4f78e21ed6c873d1cc19e141949d9ed493",
+                "url": "https://api.github.com/repos/symfony/phpunit-bridge/zipball/a967db6a4cd5d276cf849d01b29dba559e149978",
+                "reference": "a967db6a4cd5d276cf849d01b29dba559e149978",
                 "shasum": ""
             },
             "require": {
@@ -3831,20 +3878,20 @@
             ],
             "description": "Symfony PHPUnit Bridge",
             "homepage": "https://symfony.com",
-            "time": "2016-01-21 09:24:53"
+            "time": "2016-03-23 13:45:24"
         },
         {
             "name": "symfony/polyfill-apcu",
-            "version": "v1.1.0",
+            "version": "v1.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-apcu.git",
-                "reference": "d1911e6caeb4b6a4c8e2d5c46b978a66b3745e4c"
+                "reference": "0c901e4e65a2f7ece68f0fd249b56d6ad3adc214"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-apcu/zipball/d1911e6caeb4b6a4c8e2d5c46b978a66b3745e4c",
-                "reference": "d1911e6caeb4b6a4c8e2d5c46b978a66b3745e4c",
+                "url": "https://api.github.com/repos/symfony/polyfill-apcu/zipball/0c901e4e65a2f7ece68f0fd249b56d6ad3adc214",
+                "reference": "0c901e4e65a2f7ece68f0fd249b56d6ad3adc214",
                 "shasum": ""
             },
             "require": {
@@ -3859,9 +3906,6 @@
             "autoload": {
                 "files": [
                     "bootstrap.php"
-                ],
-                "classmap": [
-                    "Resources/stubs"
                 ]
             },
             "notification-url": "https://packagist.org/downloads/",
@@ -3887,26 +3931,29 @@
                 "portable",
                 "shim"
             ],
-            "time": "2016-01-20 09:13:37"
+            "time": "2016-03-03 16:49:40"
         },
         {
             "name": "symfony/polyfill-intl-icu",
-            "version": "v1.1.0",
+            "version": "v1.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-icu.git",
-                "reference": "66b0bb4abda229bc073eff6bbc8f2685bdaac165"
+                "reference": "8328069d9f5322f0e7b3c3518485acfdc94c3942"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-icu/zipball/66b0bb4abda229bc073eff6bbc8f2685bdaac165",
-                "reference": "66b0bb4abda229bc073eff6bbc8f2685bdaac165",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-icu/zipball/8328069d9f5322f0e7b3c3518485acfdc94c3942",
+                "reference": "8328069d9f5322f0e7b3c3518485acfdc94c3942",
                 "shasum": ""
             },
             "require": {
                 "php": ">=5.3.3",
                 "symfony/intl": "~2.3|~3.0"
             },
+            "suggest": {
+                "ext-intl": "For best performance"
+            },
             "type": "library",
             "extra": {
                 "branch-alias": {
@@ -3942,11 +3989,11 @@
                 "portable",
                 "shim"
             ],
-            "time": "2016-01-20 09:13:37"
+            "time": "2016-02-26 16:18:12"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.1.0",
+            "version": "v1.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
@@ -4005,16 +4052,16 @@
         },
         {
             "name": "symfony/polyfill-php54",
-            "version": "v1.1.0",
+            "version": "v1.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php54.git",
-                "reference": "74663d5a2ff3c530c1bc0571500e0feec9094054"
+                "reference": "9ba741ca01c77282ecf5796c2c1d667f03454ffb"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php54/zipball/74663d5a2ff3c530c1bc0571500e0feec9094054",
-                "reference": "74663d5a2ff3c530c1bc0571500e0feec9094054",
+                "url": "https://api.github.com/repos/symfony/polyfill-php54/zipball/9ba741ca01c77282ecf5796c2c1d667f03454ffb",
+                "reference": "9ba741ca01c77282ecf5796c2c1d667f03454ffb",
                 "shasum": ""
             },
             "require": {
@@ -4059,11 +4106,11 @@
                 "portable",
                 "shim"
             ],
-            "time": "2016-01-20 09:13:37"
+            "time": "2016-01-25 19:13:00"
         },
         {
             "name": "symfony/polyfill-php55",
-            "version": "v1.1.0",
+            "version": "v1.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php55.git",
@@ -4119,7 +4166,7 @@
         },
         {
             "name": "symfony/polyfill-php56",
-            "version": "v1.1.0",
+            "version": "v1.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php56.git",
@@ -4175,16 +4222,16 @@
         },
         {
             "name": "symfony/polyfill-php70",
-            "version": "v1.1.0",
+            "version": "v1.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php70.git",
-                "reference": "8428ceddbbaf102f2906769a8ef2438220c5cb95"
+                "reference": "386c1be9cad3ab531425211919e78c37971be4ce"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php70/zipball/8428ceddbbaf102f2906769a8ef2438220c5cb95",
-                "reference": "8428ceddbbaf102f2906769a8ef2438220c5cb95",
+                "url": "https://api.github.com/repos/symfony/polyfill-php70/zipball/386c1be9cad3ab531425211919e78c37971be4ce",
+                "reference": "386c1be9cad3ab531425211919e78c37971be4ce",
                 "shasum": ""
             },
             "require": {
@@ -4230,11 +4277,11 @@
                 "portable",
                 "shim"
             ],
-            "time": "2016-01-25 08:44:42"
+            "time": "2016-01-28 22:42:02"
         },
         {
             "name": "symfony/polyfill-util",
-            "version": "v1.1.0",
+            "version": "v1.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-util.git",
@@ -4404,16 +4451,16 @@
         },
         {
             "name": "symfony/symfony",
-            "version": "v2.8.3",
+            "version": "v2.8.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/symfony.git",
-                "reference": "7a9a5fce7ce6e448e527f635463dda00761e12c2"
+                "reference": "9e14f9f4869c19188a376eab61d9a1c1f1fee347"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/symfony/zipball/7a9a5fce7ce6e448e527f635463dda00761e12c2",
-                "reference": "7a9a5fce7ce6e448e527f635463dda00761e12c2",
+                "url": "https://api.github.com/repos/symfony/symfony/zipball/9e14f9f4869c19188a376eab61d9a1c1f1fee347",
+                "reference": "9e14f9f4869c19188a376eab61d9a1c1f1fee347",
                 "shasum": ""
             },
             "require": {
@@ -4500,11 +4547,7 @@
             },
             "autoload": {
                 "psr-4": {
-                    "Symfony\\Bridge\\Doctrine\\": "src/Symfony/Bridge/Doctrine/",
-                    "Symfony\\Bridge\\Monolog\\": "src/Symfony/Bridge/Monolog/",
-                    "Symfony\\Bridge\\ProxyManager\\": "src/Symfony/Bridge/ProxyManager/",
-                    "Symfony\\Bridge\\Swiftmailer\\": "src/Symfony/Bridge/Swiftmailer/",
-                    "Symfony\\Bridge\\Twig\\": "src/Symfony/Bridge/Twig/",
+                    "Symfony\\Bridge\\": "src/Symfony/Bridge/",
                     "Symfony\\Bundle\\": "src/Symfony/Bundle/",
                     "Symfony\\Component\\": "src/Symfony/Component/"
                 },
@@ -4534,7 +4577,7 @@
             "keywords": [
                 "framework"
             ],
-            "time": "2016-02-28 21:06:29"
+            "time": "2016-03-27 12:57:53"
         },
         {
             "name": "twig/twig",
@@ -4759,16 +4802,16 @@
         },
         {
             "name": "zendframework/zenddiagnostics",
-            "version": "v1.0.8",
+            "version": "v1.0.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/zendframework/ZendDiagnostics.git",
-                "reference": "6ffffbeec9a9d69aad394a9ceee55cf4bcdd4b2d"
+                "reference": "292653c287a9e9d811417d4cb8a0025a4c1894cf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/zendframework/ZendDiagnostics/zipball/6ffffbeec9a9d69aad394a9ceee55cf4bcdd4b2d",
-                "reference": "6ffffbeec9a9d69aad394a9ceee55cf4bcdd4b2d",
+                "url": "https://api.github.com/repos/zendframework/ZendDiagnostics/zipball/292653c287a9e9d811417d4cb8a0025a4c1894cf",
+                "reference": "292653c287a9e9d811417d4cb8a0025a4c1894cf",
                 "shasum": ""
             },
             "require": {
@@ -4778,6 +4821,7 @@
                 "doctrine/migrations": "~1.0@dev",
                 "guzzle/http": "3.*",
                 "guzzle/plugin-mock": "3.*",
+                "mikey179/vfsstream": "1.6.*",
                 "phpunit/phpunit": "4.7.*",
                 "predis/predis": "0.8.*",
                 "sensiolabs/security-checker": "1.3.*@dev",
@@ -4817,7 +4861,7 @@
                 "php",
                 "test"
             ],
-            "time": "2015-10-01 15:37:41"
+            "time": "2016-04-01 10:39:00"
         }
     ],
     "packages-dev": [
@@ -4887,7 +4931,7 @@
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": {
-        "php": ">=5.5"
+        "php": ">=5.4.16"
     },
     "platform-dev": []
 }
diff --git a/src/LoginCidadao/CoreBundle/Entity/Person.php b/src/LoginCidadao/CoreBundle/Entity/Person.php
index 645fc0273..5e3b1de96 100644
--- a/src/LoginCidadao/CoreBundle/Entity/Person.php
+++ b/src/LoginCidadao/CoreBundle/Entity/Person.php
@@ -21,6 +21,7 @@
 use LoginCidadao\OAuthBundle\Model\ClientInterface;
 use LoginCidadao\CoreBundle\Model\LocationAwareInterface;
 use LoginCidadao\ValidationBundle\Validator\Constraints as LCAssert;
+use Donato\PathWellBundle\Validator\Constraints\PathWell;
 
 /**
  * @ORM\Entity(repositoryClass="LoginCidadao\CoreBundle\Entity\PersonRepository")
@@ -88,6 +89,19 @@ class Person extends BaseUser implements PersonInterface, TwoFactorInterface, Ba
      */
     protected $username;
 
+    /**
+     * @JMS\Exclude
+     * @PathWell(
+     *     groups={"Registration", "ResetPassword", "ChangePassword", "LoginCidadaoRegistration"}
+     * )
+     * @Assert\Length(
+     *     min=8,
+     *     max=4096,
+     *     groups={"Registration", "ResetPassword", "ChangePassword", "LoginCidadaoRegistration"}
+     * )
+     */
+    protected $plainPassword;
+
     /**
      * @JMS\Expose
      * @JMS\Groups({"cpf"})

From 3bbf1d8692278a7cdf674d45a05536cf2350e0ff Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Thu, 28 Apr 2016 17:16:36 -0300
Subject: [PATCH 13/14] fixes #392

---
 app/config/security.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/config/security.yml b/app/config/security.yml
index a47b50c3a..0a2f64a84 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -166,6 +166,7 @@ security:
         - { path: ^/openid/connect/authorize, role: IS_AUTHENTICATED_FULLY, requires_channel: https }
         - { path: ^/openid/connect, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
         - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
 
         - { path: ^/connect/twitter$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
         - { path: ^/connect/google$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

From e39ea6d14a9d117a6b4a428da1025b474786742a Mon Sep 17 00:00:00 2001
From: Guilherme Donato <guilhermednt@users.noreply.github.com>
Date: Thu, 5 May 2016 16:33:03 -0300
Subject: [PATCH 14/14] fixed register route

---
 app/config/security.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/config/security.yml b/app/config/security.yml
index 0a2f64a84..8a4265db5 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -175,7 +175,7 @@ security:
         - { path: ^/monitor/health, role: IS_AUTHENTICATED_ANONYMOUSLY, ip: %allowed_monitors%, requires_channel: https }
 
         - { path: ^/nelmio/csp/report$, role: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/(contact|privacy|about|help|register)$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
+        - { path: ^/(contact|privacy|about|help|register), role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
         - { path: ^/person/checkEmailAvailable, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
 
         - { path: ^/job, role: ROLE_SUPER_ADMIN, requires_channel: https }