Use php8 ssp-base feature branch and get manual tests mostly passing

Steve Bagwell · Steve Bagwell · commit 29c57f53f549 · 2022-08-26T13:32:35.000-04:00
diff --git a/README.md b/README.md
@@ -173,6 +173,7 @@ _Note:  This nag only works once since choosing later will simply set the nag da
 1.  Goto [SP 1](http://ssp-sp1.local:8082/module.php/core/authenticate.php?as=hub-discovery)
 1.  Click **idp4** (third one)
 1.  Login as a "totp" user: `username=`**has_totp** `password=`**a**
+1.  You should see the form to enter a totp code. 
 1.  Set up an app using this secret, `JVRXKYTMPBEVKXLS`
 1.  Enter code from app to verify
 1.  Click **Logout**
diff --git a/development/idp4/authsources.php b/development/idp4/authsources.php
@@ -7,4 +7,127 @@
         'core:AdminPassword',
     ],
     'silauth' => ConfigManager::getSspConfig(),
+    'example-userpass' => [
+        'exampleauth:UserPass',
+        'nag_for_mfa:a' => [
+            'eduPersonPrincipalName' => ['NAG_FOR_MFA@ssp-hub-idp4.local'],
+            'eduPersonTargetID' => ['2b2d424e-8cb0-49c7-8c0b-7f660340f5fa'],
+            'sn' => ['Mfas'],
+            'givenName' => ['No'],
+            'mail' => ['nag_for_mfa@example.com'],
+            'employeeNumber' => ['11111'],
+            'cn' => ['NAG_FOR_MFA'],
+            'schacExpiryDate' => [
+                gmdate('YmdHis\Z', strtotime('+6 months')), // Distant future
+            ],
+        ],
+        'must_set_up_mfa:a' => [
+            'eduPersonPrincipalName' => ['MUST_SET_UP_MFA@ssp-hub-idp4.local'],
+            'eduPersonTargetID' => ['ef960c92-09fc-44f4-aadf-2d3aea6e0dbd'],
+            'sn' => ['Have'],
+            'givenName' => ['Must'],
+            'mail' => ['must_set_up_mfa@example.com'],
+            'employeeNumber' => ['22222'],
+            'cn' => ['MUST_SET_UP_MFA'],
+            'schacExpiryDate' => [
+                gmdate('YmdHis\Z', strtotime('+6 months')), // Distant future
+            ],
+        ],
+        'has_backupcode:a' => [
+            'eduPersonPrincipalName' => ['HAS_BACKUPCODE@ssp-hub-idp4.local'],
+            'eduPersonTargetID' => ['ef960c92-09fc-44f4-aadf-2d3aea6e0dbd'],
+            'sn' => ['BackupCode'],
+            'givenName' => ['Has'],
+            'mail' => ['has_backupcode@example.com'],
+            'employeeNumber' => ['33333'],
+            'cn' => ['HAS_BACKUPCODE'],
+            'schacExpiryDate' => [
+                gmdate('YmdHis\Z', strtotime('+6 months')), // Distant future
+            ],
+        ],
+        'has_totp:a' => [
+            'eduPersonPrincipalName' => ['HAS_TOTP@ssp-hub-idp4.local'],
+            'eduPersonTargetID' => ['7bab90d3-9f54-4187-804d-7f6400021789'],
+            'sn' => ['TOTP'],
+            'givenName' => ['Has'],
+            'mail' => ['has_totp@example.com'],
+            'employeeNumber' => ['44444'],
+            'cn' => ['HAS_TOTP'],
+            'schacExpiryDate' => [
+                gmdate('YmdHis\Z', strtotime('+6 months')), // Distant future
+            ],
+        ],
+        'has_u2f:a' => [
+            'eduPersonPrincipalName' => ['HAS_U2F@ssp-hub-idp4.local'],
+            'eduPersonTargetID' => ['6b614606-bbe8-4793-b0db-ca862295c661'],
+            'sn' => ['U2F'],
+            'givenName' => ['Has'],
+            'mail' => ['has_u2f@example.com'],
+            'employeeNumber' => ['55555'],
+            'cn' => ['HAS_U2F'],
+            'schacExpiryDate' => [
+                gmdate('YmdHis\Z', strtotime('+6 months')), // Distant future
+            ],
+        ],
+        'has_webauthn:a' => [
+            'eduPersonPrincipalName' => ['HAS_WEBAUTHN@ssp-hub-idp4.local'],
+            'eduPersonTargetID' => ['c818d44a-a322-45f4-a1d0-6afc3c2a54e9'],
+            'sn' => ['Webauthn'],
+            'givenName' => ['Has'],
+            'mail' => ['has_webauthn@example.com'],
+            'employeeNumber' => ['66666'],
+            'cn' => ['HAS_WEBAUTHN'],
+            'schacExpiryDate' => [
+                gmdate('YmdHis\Z', strtotime('+6 months')), // Distant future
+            ],
+        ],
+        'has_all_legacy:a' => [
+            'eduPersonPrincipalName' => ['HAS_ALL_LEGACY@ssp-hub-idp4.local'],
+            'eduPersonTargetID' => ['7c695eac-dbca-45d0-b3dc-2df2e1d2294c'],
+            'sn' => ['All'],
+            'givenName' => ['Has'],
+            'mail' => ['has_all_legacy@example.com'],
+            'employeeNumber' => ['77777'],
+            'cn' => ['HAS_ALL_LEGACY'],
+            'schacExpiryDate' => [
+                gmdate('YmdHis\Z', strtotime('+6 months')), // Distant future
+            ],
+        ],
+        'has_all:a' => [
+            'eduPersonPrincipalName' => ['HAS_ALL@ssp-hub-idp4.local'],
+            'eduPersonTargetID' => ['7c695eac-dbca-45d0-b3dc-2df2e1d2294c'],
+            'sn' => ['All'],
+            'givenName' => ['Has'],
+            'mail' => ['has_all@example.com'],
+            'employeeNumber' => ['77778'],
+            'cn' => ['HAS_ALL'],
+            'schacExpiryDate' => [
+                gmdate('YmdHis\Z', strtotime('+6 months')), // Distant future
+            ],
+        ],
+        'needs_review:a' => [
+            'eduPersonPrincipalName' => ['NEEDS_REVIEW@ssp-hub-idp4.local'],
+            'eduPersonTargetID' => ['7c695eac-dbca-45d0-b3dc-123jkhf23bql'],
+            'sn' => ['Needed'],
+            'givenName' => ['Review'],
+            'mail' => ['needs_review@example.com'],
+            'employeeNumber' => ['88888'],
+            'cn' => ['NEEDS_REVIEW'],
+            'schacExpiryDate' => [
+                gmdate('YmdHis\Z', strtotime('+6 months')), // Distant future
+            ],
+        ],
+        'nag_for_method:a' => [
+            'eduPersonPrincipalName' => ['NAG_FOR_METHOD@ssp-hub-idp4.local'],
+            'eduPersonTargetID' => ['7c695eac-dbca-45d0-b3dc-123jkhf23bbq'],
+            'sn' => ['For_Method'],
+            'givenName' => ['Nag'],
+            'mail' => ['nag_for_method@example.com'],
+            'employeeNumber' => ['99999'],
+            'cn' => ['NAG_FOR_METHOD'],
+            'schacExpiryDate' => [
+                gmdate('YmdHis\Z', strtotime('+6 months')), // Distant future
+            ],
+        ],
+    ],
 ];
diff --git a/development/idp4/saml20-idp-hosted.php b/development/idp4/saml20-idp-hosted.php
@@ -9,6 +9,7 @@
     'authproc' => [
         10 => [
             'class' => 'mfa:Mfa',
+            'idpDomainName' => 'idp4',
             'employeeIdAttr' => 'employeeNumber',
             'idBrokerAccessToken' => Env::get('ID_BROKER_ACCESS_TOKEN'),
             'idBrokerAssertValidIp' => Env::get('ID_BROKER_ASSERT_VALID_IP'),
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '2.0'
 
 services:
   hub1:
-    image: silintl/ssp-base:develop
+    image: silintl/ssp-base:featurephp8
     volumes:
       - ./development/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
       - ./development/hub1/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
@@ -35,7 +35,7 @@ services:
       ANALYTICS_ID: "UA-XXXX-Y"
 
   idp1:  # used for basic testing
-    image: silintl/ssp-base:develop
+    image: silintl/ssp-base:featurephp8
     volumes:
       - ./development/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
       - ./development/idp1/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
@@ -57,7 +57,7 @@ services:
       IDP_DISPLAY_NAME: "IdP 1"
 
   idp2:  # used for expiry testing
-    image: silintl/ssp-base:develop
+    image: silintl/ssp-base:featurephp8
     volumes:
       - ./development/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
       - ./development/idp2/enable:/data/vendor/simplesamlphp/simplesamlphp/modules/exampleauth/enable
@@ -87,7 +87,7 @@ services:
       PASSWORD_FORGOT_URL:  "https://example.org/forgot"
 
   idp4:  # used for mfa testing (as well as some helpful links)
-    image: silintl/ssp-base:develop
+    image: silintl/ssp-base:featurephp8
     volumes:
       - ./development/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
       - ./development/idp4/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
@@ -140,7 +140,7 @@ services:
         MYSQL_PASSWORD: "pass"
 
   broker:
-    image: silintl/idp-id-broker:develop
+    image: silintl/idp-id-broker:latest
     volumes:
       - ./development/idp4/m991231_235959_insert_mfa_test_users.php:/data/console/migrations/m991231_235959_insert_mfa_test_users.php
     ports:
@@ -167,6 +167,17 @@ services:
       API_ACCESS_KEYS: "test-cli-abc123"
       APP_ENV: "dev"
       MIGRATE_PW_FROM_LDAP: "false"
+      # The first is the actual url, the second is based on the idpDomainName in the saml20-idp-hosted.php file
+      RP_ORIGINS: "https://idp-4.local,https://idp4"
+      MFA_TOTP_apiBaseUrl: "http://totpbackend.org/"
+      MFA_TOTP_apiKey: "abc"
+      MFA_TOTP_apiSecret: "abcd"
+      MFA_WEBAUTHN_apiBaseUrl: "http://webauthnbackend.org/"
+      MFA_WEBAUTHN_apiKey: "abc"
+      MFA_WEBAUTHN_apiSecret: "abcd"
+      MFA_WEBAUTHN_appId: "idp4"
+      MFA_WEBAUTHN_rpDisplayName: "IdP4"
+      MFA_WEBAUTHN_rpId: "idp4"
     command: ["bash", "-c", "whenavail brokerDb 3306 60 ./yii migrate --interactive=0 && ./run.sh"]
 
   brokerDb:
@@ -191,7 +202,7 @@ services:
           PMA_PASSWORD: "pass"
 
   hub2:  # used for announcement testing
-    image: silintl/ssp-base:develop
+    image: silintl/ssp-base:featurephp8
     volumes:
       - ./development/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
       - ./development/hub2/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
@@ -221,7 +232,7 @@ services:
       IDP_DISPLAY_NAME: "Hub 2"
 
   idp3:  # used for announcement testing
-    image: silintl/ssp-base:develop
+    image: silintl/ssp-base:featurephp8
     volumes:
       - ./development/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
       - ./development/idp3/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
@@ -248,7 +259,7 @@ services:
       IDP_DISPLAY_NAME: "IdP 3"
 
   sp1:
-    image: silintl/ssp-base:develop
+    image: silintl/ssp-base:featurephp8
     volumes:
       - ./development/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
       - ./development/sp1/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
@@ -269,7 +280,7 @@ services:
       IDP_DISPLAY_NAME: "SP 1"
 
   sp2:  # used for announcement testing
-    image: silintl/ssp-base:develop
+    image: silintl/ssp-base:featurephp8
     volumes:
       - ./development/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
       - ./development/sp2/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
