Merge branch 'release/2.5'

.travis.yml

@@ -36,4 +36,6 @@ branches:
   only:
     - develop
     - master
-    - feature/php72-support
+    - /^feature\/(.*)$/
+    - /^bugfix\/(.*)$/
+    - /^release\/(.*)$/

CHANGELOG.md

@@ -1,3 +1,7 @@
+## 2.5.2
+**Bugfix**
+* Interpret missing exclude from push correctly #348
+
 ## 2.5.1
 **Bugfix**
 * Only preserve the exclude-from-push flag on client secret reset #342

src/Surfnet/ServiceProviderDashboard/Application/Dto/MetadataConversionDto.php

@@ -562,6 +562,11 @@ public function isExcludedFromPush()
         return $this->manageEntity->isExcludedFromPush();
     }
 
+    public function isExcludedFromPushSet()
+    {
+        return $this->manageEntity->isExcludedFromPushSet();
+    }
+
     /**
      * @return array
      */

src/Surfnet/ServiceProviderDashboard/Application/Metadata/OidcngJsonGenerator.php

@@ -225,17 +225,7 @@ private function generateMetadataFields(MetadataConversionDto $entity)
             $metadata['scopes'] = ['openid'];
         }
 
-        // When publishing to production, the coin:exclude_from_push must be present and set to '1'. This prevents the
-        // entity from being pushed to engineblock.
-        if ($entity->isProduction()) {
-            $metadata['coin:exclude_from_push'] = '1';
-        }
-
-        // When dealing with a client secret reset, keep the current exclude from push state.
-        $secret = $entity->getClientSecret();
-        if ($secret && $entity->isManageEntity() && !$entity->isExcludedFromPush()) {
-            $metadata['coin:exclude_from_push'] = '0';
-        }
+        $this->setExcludeFromPush($metadata, $entity);
 
         $metadata += $this->generateOidcClient($entity);
 
@@ -426,4 +416,26 @@ private function generateAllowedResourceServers(MetadataConversionDto $entity)
             'allowedResourceServers' => $allowedResourceServers,
         ];
     }
+
+    private function setExcludeFromPush(&$metadata, MetadataConversionDto $entity)
+    {
+        // Scenario 1: When publishing to production, the coin:exclude_from_push must be present and set to '1'.
+        // This prevents the entity from being pushed to EngineBlock.
+        if ($entity->isProduction()) {
+            $metadata['coin:exclude_from_push'] = '1';
+        }
+
+        // Scenario 2: When dealing with a client secret reset, keep the current exclude from push state.
+        $secret = $entity->getClientSecret();
+        if ($secret && $entity->isManageEntity() && !$entity->isExcludedFromPush()) {
+            $metadata['coin:exclude_from_push'] = '0';
+        }
+
+        // Scenario 3: We are resetting the client secret, the service desk removed the exclude from push coin
+        // attribute. This also indicates the entity is published. But now we do not want to reset the coin to '0', we
+        // simply unset it.
+        if ($secret && $entity->isManageEntity() && !$entity->isExcludedFromPushSet()) {
+            unset($metadata['coin:exclude_from_push']);
+        }
+    }
 }

src/Surfnet/ServiceProviderDashboard/Application/Metadata/OidcngResourceServerJsonGenerator.php

@@ -188,17 +188,7 @@ private function generateMetadataFields(MetadataConversionDto $entity)
         // Will become configurable some time in the future.
         $metadata['scopes'] = ['openid'];
 
-        // When publishing to production, the coin:exclude_from_push must be present and set to '1'. This prevents the
-        // entity from being pushed to engineblock.
-        if ($entity->isProduction()) {
-            $metadata['coin:exclude_from_push'] = '1';
-        }
-
-        // When dealing with a client secret reset, keep the current exclude from push state.
-        $secret = $entity->getClientSecret();
-        if ($secret && $entity->isManageEntity() && !$entity->isExcludedFromPush()) {
-            $metadata['coin:exclude_from_push'] = '0';
-        }
+        $this->setExcludeFromPush($metadata, $entity);
 
         $metadata += $this->generateOidcClient($entity);
 
@@ -325,4 +315,26 @@ private function generateAclData(MetadataConversionDto $entity)
             'allowedall' => false,
         ];
     }
+
+    private function setExcludeFromPush(&$metadata, MetadataConversionDto $entity)
+    {
+        // Scenario 1: When publishing to production, the coin:exclude_from_push must be present and set to '1'.
+        // This prevents the entity from being pushed to EngineBlock.
+        if ($entity->isProduction()) {
+            $metadata['coin:exclude_from_push'] = '1';
+        }
+
+        // Scenario 2: When dealing with a client secret reset, keep the current exclude from push state.
+        $secret = $entity->getClientSecret();
+        if ($secret && $entity->isManageEntity() && !$entity->isExcludedFromPush()) {
+            $metadata['coin:exclude_from_push'] = '0';
+        }
+
+        // Scenario 3: We are resetting the client secret, the service desk removed the exclude from push coin
+        // attribute. This also indicates the entity is published. But now we do not want to reset the coin to '0', we
+        // simply unset it.
+        if ($secret && $entity->isManageEntity() && !$entity->isExcludedFromPushSet()) {
+            unset($metadata['coin:exclude_from_push']);
+        }
+    }
 }

src/Surfnet/ServiceProviderDashboard/Infrastructure/Manage/Dto/ManageEntity.php

@@ -167,10 +167,18 @@ public function isOidcngResourceServer()
         return false;
     }
 
+    public function isExcludedFromPushSet()
+    {
+        if (is_null($this->getMetaData()->getCoin()->getExcludeFromPush())) {
+            return false;
+        }
+        return true;
+    }
+
     public function isExcludedFromPush()
     {
         if (is_null($this->getMetaData()->getCoin()->getExcludeFromPush())) {
-            return true;
+            return false;
         }
         return $this->getMetaData()->getCoin()->getExcludeFromPush() == 1 ? true : false;
     }