Merge pull request #313 from OpenConext/bugfix/4.2-double-render

Ensure consume_assertion.html.twig is rendered once
OpenConext · Jan 9, 2024 · 43f4dc2 · 43f4dc2
2 parents 098c675 + 0a51aa6
commit 43f4dc2
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 16 deletions.
diff --git a/src/Surfnet/StepupGateway/SecondFactorOnlyBundle/Controller/SecondFactorOnlyController.php b/src/Surfnet/StepupGateway/SecondFactorOnlyBundle/Controller/SecondFactorOnlyController.php
@@ -132,33 +132,32 @@ public function respondAction(Request $request)
         // Reset state
         $this->getSecondFactorRespondService()->resetRespondState($responseContext);
 
-        // Handle SAML response
-        $httpResponse =  $responseRendering->renderResponse($responseContext, $response, $request);
-
-        $ssoCookieService = $this->get('gateway.service.sso_2fa_cookie');
-        $ssoCookieService->handleSsoOn2faCookieStorage($responseContext, $request, $httpResponse);
-
-        // We can now forget the selected second factor.
-        $responseContext->finalizeAuthentication();
-
-        // Check if ADFS response
+        // Check if ADFS response, if it is, we use the ADFS ACS twig template
         $adfsParameters = $this->getSecondFactorAdfsService()->handleAdfsResponse($logger, $responseContext);
-
         if (!is_null($adfsParameters)) {
             // Handle Adfs response
-            $responseRendering = $this->get('second_factor_only.response_rendering');
             $xmlResponse = $responseRendering->getResponseAsXML($response);
 
-            return $this->render(
+            $httpResponse = $this->render(
                 '@SurfnetStepupGatewaySecondFactorOnly/adfs/consume_assertion.html.twig',
                 [
                     'acu' => $responseContext->getDestinationForAdfs(),
                     'samlResponse' => $xmlResponse,
                     'adfs' => $adfsParameters,
                 ]
             );
+        } else {
+            // Render the regular SAML response, we do not return it yet, the SSO on 2FA handler will use it to store
+            // the SSO on 2FA cookie.
+            $httpResponse =  $responseRendering->renderResponse($responseContext, $response, $request);
         }
 
+        $ssoCookieService = $this->get('gateway.service.sso_2fa_cookie');
+        $ssoCookieService->handleSsoOn2faCookieStorage($responseContext, $request, $httpResponse);
+
+        // We can now forget the selected second factor.
+        $responseContext->finalizeAuthentication();
+
         return $httpResponse;
     }
 

diff --git a/src/Surfnet/StepupGateway/SecondFactorOnlyBundle/Service/Gateway/AdfsService.php b/src/Surfnet/StepupGateway/SecondFactorOnlyBundle/Service/Gateway/AdfsService.php
@@ -77,15 +77,13 @@ public function handleAdfsRequest(LoggerInterface $logger, Request $httpRequest,
     }
 
     /**
-     * This method detectds if we need to return a ADFS response, If so ADFS parameters are returned.
+     * This method detects if we need to return a ADFS response, If so ADFS parameters are returned.
      *
      * Second factor verification handled by SecondFactorController is
      * finished. The user was forwarded back to this action with an internal
      * redirect. This method sends a AuthnResponse back to the service
      * provider in response to the AuthnRequest received in ssoAction().
      *
-     * @param LoggerInterface $logger
-     * @param ResponseContext $responseContext
      * @return null|\Surfnet\StepupGateway\SecondFactorOnlyBundle\Adfs\ValueObject\Response
      * @throws InvalidAdfsResponseException
      */