Merge branch 'release/2.3'

CHANGELOG.md

@@ -1,3 +1,11 @@
+## 2.3.2
+
+**Feature**
+* Add 'show oidc create options' feature toggle #314
+
+**Bugfix**
+* Ensure all OIDCng entities are shown in the entity listings #316
+
 ## 2.3.1
 
 **Bugfix**

ansible/roles/spdashboard/defaults/main.yml

@@ -37,3 +37,4 @@ spdashboard_playground_uri_test: https://authz-playground.dev.support.surfconext
 spdashboard_playground_uri_prod: https://authz-playground.dev.support.surfconext.nl/redirect
 spdashboard_oidcng_playground_uri_test: https://oidc-playground.dev.support.surfconext.nl/redirect
 spdashboard_oidcng_playground_uri_prod: https://oidc-playground.dev.support.surfconext.nl/redirect
+spdashboard_oidc_create_enabled: true

ansible/roles/spdashboard/templates/parameters.yml.j2

@@ -57,3 +57,4 @@ parameters:
     playground_uri_prod: {{ spdashboard_playground_uri_prod }}
     oidcng_playground_uri_test: {{ spdashboard_oidcng_playground_uri_test }}
     oidcng_playground_uri_prod: {{ spdashboard_oidcng_playground_uri_prod }}
+    oidc_create_enabled: {{ spdashboard_oidc_create_enabled }}

app/config/parameters.yml.dist

@@ -88,4 +88,7 @@ parameters:
     playground_uri_prod: https://prod.dev.playground.surfconext.nl
     # Playground uri's for OIDC TNG entities
     oidcng_playground_uri_test: 'https://test.dev.playground.surfconext.nl'
-    oidcng_playground_uri_prod: 'https://prod.dev.playground.surfconext.nl'
+    oidcng_playground_uri_prod: 'https://prod.dev.playground.surfconext.nl'
+
+    # Globally enable/disable OIDC entitiy creation support
+    oidc_create_enabled: true

src/Surfnet/ServiceProviderDashboard/Domain/Service/OidcCreateEntityEnabledMarshaller.php

@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * Copyright 2019 SURFnet B.V.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\ServiceProviderDashboard\Domain\Service;
+
+/**
+ * Is the application configured to allow creation of OIDC entities
+ */
+class OidcCreateEntityEnabledMarshaller
+{
+    private $isAllowed = false;
+
+    public function __construct($isAllowed)
+    {
+        $this->isAllowed = $isAllowed;
+    }
+
+    /**
+     * @return bool
+     */
+    public function allowed()
+    {
+        return $this->isAllowed;
+    }
+}

src/Surfnet/ServiceProviderDashboard/Infrastructure/DashboardBundle/Controller/EntityCreateController.php

@@ -145,6 +145,11 @@ public function createAction(Request $request, $serviceId, $targetEnvironment, $
 
         $service = $this->authorizationService->changeActiveService($serviceId);
 
+        if ($type === Entity::TYPE_OPENID_CONNECT && !$this->authorizationService->isOidcCreateEntityAllowed()) {
+            throw $this->createAccessDeniedException(
+                'You are not allowed to create oidc entities'
+            );
+        }
 
         if ($type === Entity::TYPE_OPENID_CONNECT_TNG &&
             !$this->authorizationService->isOidcngAllowed($service, $targetEnvironment)

src/Surfnet/ServiceProviderDashboard/Infrastructure/DashboardBundle/Form/Entity/ProtocolChoiceFactory.php

@@ -21,6 +21,7 @@
 use Surfnet\ServiceProviderDashboard\Application\ViewObject\Manage\Config;
 use Surfnet\ServiceProviderDashboard\Domain\Entity\Entity;
 use Surfnet\ServiceProviderDashboard\Domain\Entity\Service;
+use Surfnet\ServiceProviderDashboard\Domain\Service\OidcCreateEntityEnabledMarshaller;
 use Surfnet\ServiceProviderDashboard\Domain\Service\OidcngEnabledMarshaller;
 
 class ProtocolChoiceFactory
@@ -30,6 +31,11 @@ class ProtocolChoiceFactory
      */
     private $oidcngEnabledMarshaller;
 
+    /**
+     * @var OidcCreateEntityEnabledMarshaller
+     */
+    private $oidcCreateMarshaller;
+
     /**
      * @var Config[] $manageConfig
      */
@@ -47,14 +53,18 @@ class ProtocolChoiceFactory
         Entity::TYPE_OPENID_CONNECT_TNG_RESOURCE_SERVER => 'entity.type.oidcng.resource_server.title',
     ];
 
-    public function __construct(Config $manageConfigTest, Config $manageConfigProd)
-    {
+    public function __construct(
+        Config $manageConfigTest,
+        Config $manageConfigProd,
+        OidcCreateEntityEnabledMarshaller $oidcCreateMarshaller
+    ) {
         $this->manageConfig = [
             Entity::ENVIRONMENT_TEST => $manageConfigTest,
             Entity::ENVIRONMENT_PRODUCTION => $manageConfigProd,
         ];
 
         $this->oidcngEnabledMarshaller = new OidcngEnabledMarshaller();
+        $this->oidcCreateMarshaller = $oidcCreateMarshaller;
     }
 
     public function setService(Service $service)
@@ -75,6 +85,11 @@ public function buildOptions($targetEnvironment)
             unset($options[Entity::TYPE_OPENID_CONNECT_TNG]);
             unset($options[Entity::TYPE_OPENID_CONNECT_TNG_RESOURCE_SERVER]);
         }
+
+        if (!$this->oidcCreateMarshaller->allowed()) {
+            unset($options[Entity::TYPE_OPENID_CONNECT]);
+        }
+
         return array_flip($options);
     }
 }

src/Surfnet/ServiceProviderDashboard/Infrastructure/DashboardBundle/Resources/config/services.yml

@@ -469,3 +469,6 @@ services:
             - '@surfnet.manage.client.query_client.prod_environment'
             - '%manage_test_publication_status%'
             - '%manage_prod_publication_status%'
+
+    Surfnet\ServiceProviderDashboard\Domain\Service\OidcCreateEntityEnabledMarshaller:
+        arguments: ['%oidc_create_enabled%']

src/Surfnet/ServiceProviderDashboard/Infrastructure/DashboardBundle/Service/AuthorizationService.php

@@ -22,6 +22,7 @@
 use Surfnet\ServiceProviderDashboard\Application\Service\ServiceService;
 use Surfnet\ServiceProviderDashboard\Application\ViewObject\Manage\Config;
 use Surfnet\ServiceProviderDashboard\Domain\Entity\Service;
+use Surfnet\ServiceProviderDashboard\Domain\Service\OidcCreateEntityEnabledMarshaller;
 use Surfnet\ServiceProviderDashboard\Domain\Service\OidcngEnabledMarshaller;
 use Surfnet\ServiceProviderDashboard\Infrastructure\DashboardBundle\Exception\ManageConfigNotFoundException;
 use Surfnet\ServiceProviderDashboard\Infrastructure\DashboardSamlBundle\Security\Identity;
@@ -50,6 +51,10 @@ class AuthorizationService
      */
     private $oidcngMarshaller;
 
+    /**
+     * @var OidcCreateEntityEnabledMarshaller
+     */
+    private $oidcCreateEntityEnabledMarshaller;
     /**
      * @var Config[]
      */
@@ -60,7 +65,8 @@ public function __construct(
         Session $session,
         TokenStorageInterface $tokenStorage,
         Config $manageTestConfig,
-        Config $manageProdConfig
+        Config $manageProdConfig,
+        OidcCreateEntityEnabledMarshaller $oidcCreateEntityEnabledMarshaller
     ) {
         $this->serviceService = $serviceService;
         $this->session = $session;
@@ -71,6 +77,7 @@ public function __construct(
             'production' => $manageProdConfig,
         ];
         $this->oidcngMarshaller = new OidcngEnabledMarshaller();
+        $this->oidcCreateEntityEnabledMarshaller = $oidcCreateEntityEnabledMarshaller;
     }
 
     /**
@@ -312,4 +319,12 @@ public function isOidcngAllowed(Service $service, $environment)
             $this->manageConfig[$environment]->getOidcngEnabled()->isEnabled()
         );
     }
+
+    /**
+     * @return bool
+     */
+    public function isOidcCreateEntityAllowed()
+    {
+        return $this->oidcCreateEntityEnabledMarshaller->allowed();
+    }
 }

src/Surfnet/ServiceProviderDashboard/Infrastructure/Manage/Client/QueryClient.php

@@ -235,7 +235,7 @@ private function doSearchQuery(array $params)
                 json_encode($params),
                 sprintf('/manage/api/internal/search/%s', $protocol)
             );
-            $results += $response;
+            $results = array_merge($response, $results);
         }
         return $results;
     }

tests/unit/Infrastructure/DashboardBundle/Form/Entity/ProtocolChoiceFactoryTest.php

@@ -0,0 +1,172 @@
+<?php
+
+/**
+ * Copyright 2019 SURFnet B.V.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\ServiceProviderDashboard\Tests\Unit\Infrastructure\DashboardBundle\Form\Entity;
+
+use Mockery as m;
+use Mockery\Adapter\Phpunit\MockeryTestCase;
+use Surfnet\ServiceProviderDashboard\Application\ViewObject\Manage\Config;
+use Surfnet\ServiceProviderDashboard\Domain\Entity\Entity;
+use Surfnet\ServiceProviderDashboard\Domain\Entity\Service;
+use Surfnet\ServiceProviderDashboard\Domain\Service\OidcCreateEntityEnabledMarshaller;
+use Surfnet\ServiceProviderDashboard\Infrastructure\DashboardBundle\Form\Entity\ProtocolChoiceFactory;
+
+class ProtocolChoiceFactoryTest extends MockeryTestCase
+{
+    /** @var ProtocolChoiceFactory  */
+    private $protocolChoiceFactory;
+    /** @var m\MockInterface&OidcCreateEntityEnabledMarshaller */
+    private $oidcCreateEnabledMarshaller;
+    /** @var m\MockInterface&Config */
+    private $manageTestConfig;
+    /** @var m\MockInterface&Config */
+    private $manageProdConfig;
+    /** @var m\MockInterface&Service */
+    private $service;
+
+    /**
+     * @param string $testDescription
+     * @param array $expectation
+     * @param bool $testOidcngEnabled
+     * @param bool $oidcngEnabledForService
+     * @param bool $oidcEnabled
+     *
+     * @dataProvider provideTestVariations
+     */
+    public function test_variations_test(
+        $testDescription,
+        $expectation,
+        $testOidcngEnabled,
+        $oidcngEnabledForService,
+        $oidcEnabled
+    ) {
+        $this->manageTestConfig
+            ->shouldReceive('getOidcngEnabled->isEnabled')
+            ->once()
+            ->andReturn($testOidcngEnabled);
+
+        $this->service
+            ->shouldReceive('isOidcngEnabled')
+            ->andReturn($oidcngEnabledForService);
+
+        $this->oidcCreateEnabledMarshaller
+            ->shouldReceive('allowed')
+            ->andReturn($oidcEnabled);
+
+        $testOptions = $this->protocolChoiceFactory->buildOptions(Entity::ENVIRONMENT_TEST);
+        $this->assertEquals($expectation, array_values($testOptions), $testDescription);
+    }
+
+    /**
+     * @param string $testDescription
+     * @param array $expectation
+     * @param bool $productionOidcngEnabled
+     * @param bool $oidcngEnabledForService
+     * @param bool $oidcEnabled
+     *
+     * @dataProvider provideTestVariations Note that the test generator is used, as for now behaviour is similar
+     *                                     between prod and test
+     */
+    public function test_variations_production(
+        $testDescription,
+        $expectation,
+        $productionOidcngEnabled,
+        $oidcngEnabledForService,
+        $oidcEnabled
+    ) {
+        $this->manageProdConfig
+            ->shouldReceive('getOidcngEnabled->isEnabled')
+            ->once()
+            ->andReturn($productionOidcngEnabled);
+
+        $this->service
+            ->shouldReceive('isOidcngEnabled')
+            ->andReturn($oidcngEnabledForService);
+
+        $this->oidcCreateEnabledMarshaller
+            ->shouldReceive('allowed')
+            ->andReturn($oidcEnabled);
+
+        $testOptions = $this->protocolChoiceFactory->buildOptions(Entity::ENVIRONMENT_PRODUCTION);
+        $this->assertEquals($expectation, array_values($testOptions), $testDescription);
+    }
+
+    public function provideTestVariations()
+    {
+        return [
+            [
+                'All systems go, all options are set to true, so all options are displayed',
+                [
+                    'saml20',
+                    'oidc',
+                    'oidcng',
+                    'oidcng_rs',
+                ],
+                true,
+                true,
+                true,
+            ],
+            [
+                'OIDC is disabled, all other options should be present',
+                [
+                    'saml20',
+                    'oidcng',
+                    'oidcng_rs',
+                ],
+                true,
+                true,
+                false,
+            ],
+            [
+                'OIDC & OIDCng is disabled, Only SAML should be visible',
+                [
+                    'saml20',
+                ],
+                false,
+                true,
+                false,
+            ],
+            [
+                'OIDCng is disabled for the service, Only SAML and OIDC should be visible',
+                [
+                    'saml20',
+                    'oidc',
+                ],
+                true,
+                false,
+                true,
+            ],
+        ];
+    }
+
+    protected function setUp()
+    {
+        $this->oidcCreateEnabledMarshaller = m::mock(OidcCreateEntityEnabledMarshaller::class);
+        $this->manageTestConfig = m::mock(Config::class);
+        $this->manageProdConfig = m::mock(Config::class);
+
+
+        $this->protocolChoiceFactory = new ProtocolChoiceFactory(
+            $this->manageTestConfig,
+            $this->manageProdConfig,
+            $this->oidcCreateEnabledMarshaller
+        );
+        $this->service = m::mock(Service::class);
+        $this->protocolChoiceFactory->setService($this->service);
+    }
+}