Merge branch 'release/3.0'

.github/workflows/main.yml

@@ -4,7 +4,9 @@ on:
   pull_request:
     branches: [ develop ]
   release:
-    types: [published]
+    types: [ published ]
+  push: 
+    branches: [ develop ]
 
 jobs:
   build:

.stylelintrc

@@ -2,7 +2,7 @@
   "extends": "stylelint-config-recommended",
   "rules": {
     "at-rule-no-unknown": [true, {
-      "ignoreAtRules": ["mixin", "include"]
+      "ignoreAtRules": ["mixin", "include", "function", "return"]
     }]
   }
-}
+}

.travis.yml

@@ -18,12 +18,17 @@ cache:
   directories:
     - ~/.composer/cache/files
 
+before_install:
+  - sudo rm -rf ~/.nvm - curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
+  - sudo apt-get install -y nodejs
+
 before_script:
   - phpenv config-add travis.php.ini
   - composer self-update --1
   - composer install --no-interaction
   - curl -o- -L https://yarnpkg.com/install.sh | bash
   - export PATH="$HOME/.yarn/bin:$PATH"
+  - nvm install --lts
   - yarn install
   - yarn encore production
 

CHANGELOG.md

@@ -1,3 +1,42 @@
+## 3.0.0
+An updated theme, further deprovisioning of the ORM layer and some nifty changes to the entity actions.
+
+**Features**
+ - Adjust create new entity modal #408
+ - The entity details screen was replaced by a detailed service overview page #392
+ - A Docker dev env was introduced, replacing Vagrant and Ansible with Docker #407
+ - Use `oauth20_rs` Manage entity scheme for resource servers #409
+ - The OIDCng restriction is no longer configurable. OIDCng for all! #396
+ - Organization name is now manageble for Services #397  
+ - Drop attribute constraint, an entity without ARP is allowed #399
+ - Allow setting multiple grants #412
+
+**Bugfixes**
+ - Remove trailing slashes from ClientID #402
+ - Refrain from overwriting Manage tracked attributes #421
+
+**Improvements**
+Infra: 
+ - Apache: Set the Referer policy header #393
+ - Register required php extensions in composer.json #368
+
+Jira:
+ - Stop matching the Jira status to the entity status #394
+ - Consider closed and resolved status from Jira #419
+
+Other:
+ - Remove default scope from Oidcng RP entities #404
+ - Remove remaining OIDC crud #405
+ - Remove all leftover Entity entity references #406
+ - Support attributes with multiple values #413
+ - Allow Resource Servers from outside of RP's team #418
+ - Add info fields to create entity titles #415
+
+## 2.7.2
+
+**Bugfix**
+Set correct publication state for prod entities PART II #394
+
 ## 2.7.1
 
 **Bugfix**

README.md

@@ -10,24 +10,39 @@
 
 The Service Provider Dashboard is a dashboard application where
 [SURFconext](https://www.surf.nl/diensten-en-producten/surfconext/index.html) Service Providers can register and manage
-their services. This can be both SAML 2.0 and OpenID Connect entities.
+their services. This can be both SAML 2.0, OpenID Connect Relying Parties and Oauth 2.0 Resource Server entities.
 
 ## Prerequisites
 
-- [PHP](https://secure.php.net/manual/en/install.php) (5.6 or higher)
+- [PHP](https://secure.php.net/manual/en/install.php) (7.2)
 - [Composer](https://getcomposer.org/doc/00-intro.md)
 - [Apache Ant](https://ant.apache.org/manual/install.html)
 - [Ansible](https://docs.ansible.com/ansible/intro_installation.html)
 - [Vagrant](https://www.vagrantup.com/docs/installation/)
   - Optional, but recommended: [Hostsupdater plugin](https://github.com/cogitatio/vagrant-hostsupdater)
+- [Docker](https://docs.docker.com/engine/install/)
+- [Docker Compose](https://docs.docker.com/compose/install/)
 
+As of release 2.8 the Vagrant + Ansible dev environment has been discontinued in favour of a docker-compose installable
+dev machine. Instructions below should still help you in building a Vagrant based dev env, but this will be removed from
+the project in the next release. For now use `docker-compose up -d` to create and build the development environment.
+
+An entry in your hostsfile is still required for things to work. An example entry would look like:
+
+```
+127.0.0.1 welcome.vm.openconext.org static.vm.openconext.org mujina-sp.vm.openconext.org mujina-idp.vm.openconext.org engine-api.vm.openconext.org oidc.vm.openconext.org manage.vm.openconext.org spdashboard.vm.openconext.org
+```
+
+
+**Deprecation warning!**
 The Ansible playbook for SP Dashboard depends on some roles from
 [OpenConext-deploy](https://github.com/OpenConext/OpenConext-deploy), so in order to provision the Vagrant box you need
 to have that repository checked out in a directory called `OpenConext-deploy` in the parent directory of where this
 project lives.
 
 ## Provision the VM
 
+**Deprecation warning!** Try the Docker dev env! 
 The VM is provisioned using Ansible and Vagrant. After you have installed those, you can run
 ```
 vagrant up
@@ -45,27 +60,18 @@ ANSIBLE_TAGS=eb,profile vagrant provision
 
 First, run `composer install`. This will install all PHP dependencies, including the development dependencies.
 
-In order to start the development environment, run `vagrant up`. This will build and start the virtual machine that is
-used in development to run the application. When started for the first time, the Vagrant box will be provisioned using
-Ansible.
-
-Note: if you don't use the Vagrant Hostsupdater plugin, you have to manually add
-`192.168.33.19  dev.support.surfconext.nl` to your hosts file so that requests will be routed to the virtual machine.
+In order to start the development environment, run `docker-compose up -d`. This will build and start the container that is
+used in development to run the application. 
 
 Install database migrations
 ```
-bin/console doctrine:migrations:migrate
+$ docker exec sp-dashboard_php-fpm_1  /var/www/html/bin/console doctrine:migrations:migrate
 ```
 
-Now follow the instructions in [SAML configuration for development](docs/saml-dev-setup.md) to setup authentication.
-
 The application is now up and running and can be accessed at
-[https://spdashboard.dev.support.surfconext.nl/](https://spdashboard.dev.support.surfconext.nl/). Note that in development the `app_dev.php`
+[https://spdashboard.vm.openconext.org/](https://spdashboard.vm.openconext.org). Note that in development the `app_dev.php`
 front controller is used automatically, so you don't have to include `/app_dev.php/` in the URLs.
-* To view mails caught by Mailcatcher, visit [spdashboard.dev.support.surfconext.nl:1080](https://spdashboard.dev.support.surfconext.nl:1080/)
-
-If you run into the `shibsp::ConfigurationException`, please reload your box, the issue should be resolved after a 
-reboot. The Shiboleth deamon might not come out 100% correctly out of the initial provisioning run.
+* To view mails caught by Mailcatcher, visit [spdashboard.vm.openconext.org:1080](https://spdashboard.vm.openconext.org:1080/)
 
 ### Running the tests
 

Vagrantfile

@@ -9,7 +9,7 @@ Vagrant.configure(2) do |config|
     v.customize ["modifyvm", :id, "--ioapic", "on"]
     v.customize ["modifyvm", :id, "--memory", "6072"]
   end
-  
+
   config.vm.provision "ansible" do |ansible|
     ansible.playbook = "ansible/vagrant.yml"
     ansible.groups = {

app/DoctrineMigrations/Version20210209152257.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace Application\Migrations;
+
+use Doctrine\DBAL\Migrations\AbstractMigration;
+use Doctrine\DBAL\Schema\Schema;
+
+/**
+ * The oidcng enabled field was removed from the Service entity
+ */
+class Version20210209152257 extends AbstractMigration
+{
+    /**
+     * @param Schema $schema
+     */
+    public function up(Schema $schema)
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('ALTER TABLE service DROP oidcng_enabled');
+    }
+
+    /**
+     * @param Schema $schema
+     */
+    public function down(Schema $schema)
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('ALTER TABLE service ADD oidcng_enabled TINYINT(1) NOT NULL COLLATE utf8_unicode_ci');
+    }
+}

app/DoctrineMigrations/Version20210211124755.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace Application\Migrations;
+
+use Doctrine\DBAL\Migrations\AbstractMigration;
+use Doctrine\DBAL\Schema\Schema;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+class Version20210211124755 extends AbstractMigration
+{
+    /**
+     * @param Schema $schema
+     */
+    public function up(Schema $schema)
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('ALTER TABLE service ADD organization_name_nl VARCHAR(255) NOT NULL, ADD organization_name_en VARCHAR(255) NOT NULL');
+    }
+
+    /**
+     * @param Schema $schema
+     */
+    public function down(Schema $schema)
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('ALTER TABLE service DROP organization_name_nl, DROP organization_name_en');
+    }
+}

app/DoctrineMigrations/Version20210217105058.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace Application\Migrations;
+
+use Doctrine\DBAL\Migrations\AbstractMigration;
+use Doctrine\DBAL\Schema\Schema;
+
+/**
+ * Remove no longer tracked organization display name and organization url from Entity entity
+ */
+class Version20210217105058 extends AbstractMigration
+{
+    /**
+     * @param Schema $schema
+     */
+    public function up(Schema $schema)
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('ALTER TABLE entity DROP organization_display_name_en, DROP organization_url_en, DROP organization_display_name_nl, DROP organization_url_nl');
+    }
+
+    /**
+     * @param Schema $schema
+     */
+    public function down(Schema $schema)
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('ALTER TABLE entity ADD organization_display_name_en LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci, ADD organization_url_en LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci, ADD organization_display_name_nl LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci, ADD organization_url_nl LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci');
+    }
+}

app/DoctrineMigrations/Version20210218132251.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace Application\Migrations;
+
+use Doctrine\DBAL\Migrations\AbstractMigration;
+use Doctrine\DBAL\Schema\Schema;
+
+/**
+ * Get rid of the cursed entity entity. This entity was already unused. Lots of unused code needed to be removed.
+ */
+class Version20210218132251 extends AbstractMigration
+{
+    /**
+     * @param Schema $schema
+     */
+    public function up(Schema $schema)
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('DROP TABLE entity');
+    }
+
+    /**
+     * @param Schema $schema
+     */
+    public function down(Schema $schema)
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('CREATE TABLE entity (id CHAR(36) NOT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:guid)\', service_id INT NOT NULL, archived TINYINT(1) NOT NULL, environment VARCHAR(255) NOT NULL COLLATE utf8_unicode_ci, status VARCHAR(255) NOT NULL COLLATE utf8_unicode_ci, created DATETIME NOT NULL, updated DATETIME NOT NULL, manage_id VARCHAR(255) DEFAULT NULL COLLATE utf8_unicode_ci, import_url VARCHAR(255) DEFAULT NULL COLLATE utf8_unicode_ci, metadata_url VARCHAR(255) DEFAULT NULL COLLATE utf8_unicode_ci, pasted_metadata LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci, metadata_xml LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci, name_id_format VARCHAR(255) DEFAULT NULL COLLATE utf8_unicode_ci, acs_location VARCHAR(255) DEFAULT NULL COLLATE utf8_unicode_ci, entity_id VARCHAR(255) DEFAULT NULL COLLATE utf8_unicode_ci, certificate LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci, logo_url VARCHAR(255) DEFAULT NULL COLLATE utf8_unicode_ci, name_nl VARCHAR(255) DEFAULT NULL COLLATE utf8_unicode_ci, name_en VARCHAR(255) DEFAULT NULL COLLATE utf8_unicode_ci, description_nl LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci, description_en LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci, application_url VARCHAR(255) DEFAULT NULL COLLATE utf8_unicode_ci, eula_url VARCHAR(255) DEFAULT NULL COLLATE utf8_unicode_ci, administrative_contact LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', technical_contact LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', support_contact LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', given_name_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', sur_name_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', common_name_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', display_name_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', email_address_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', organization_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', organization_type_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', affiliation_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', entitlement_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', principle_name_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', uid_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', preferred_language_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', personal_code_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', scoped_affiliation_attribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', edu_person_targeted_idattribute LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', comments LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci, client_secret VARCHAR(50) DEFAULT NULL COLLATE utf8_unicode_ci, redirect_uris LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:json_array)\', grant_type VARCHAR(50) DEFAULT NULL COLLATE utf8_unicode_ci, protocol VARCHAR(50) DEFAULT NULL COLLATE utf8_unicode_ci, enable_playground TINYINT(1) DEFAULT NULL, is_public_client TINYINT(1) DEFAULT NULL, access_token_validity INT UNSIGNED DEFAULT NULL, oidcng_resource_servers LONGTEXT DEFAULT NULL COLLATE utf8_unicode_ci COMMENT \'(DC2Type:object)\', UNIQUE INDEX UNIQ_E284468BF396750 (id), INDEX IDX_E284468ED5CA9E6 (service_id), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB');
+        $this->addSql('ALTER TABLE entity ADD CONSTRAINT FK_E284468ED5CA9E6 FOREIGN KEY (service_id) REFERENCES service (id)');
+    }
+}

app/Resources/views/base.html.twig

@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html>
+<html lang="en">
     <head>
         <meta charset="UTF-8" />
         <title>{% block title %}Service Provider dashboard | SURFconext{% endblock %}</title>
@@ -43,18 +43,18 @@
         </div>
         <div class="page-container">
             {% block body_container %}
-            <h1>{% block page_heading %}{% endblock %}</h1>
-            <div class="card">
-                {% block body %}{% endblock %}
-            </div>
+                <h1>{% block page_heading %}{% endblock %}</h1>
+                <div class="card">
+                    {% block body %}{% endblock %}
+                </div>
             {% endblock %}
         </div>
-        <div class="footer">
+        <footer class="footer">
             <div class="footer-inner">
                 <span><a href="{{ 'page.footer.privacy_link'|trans }}" target="_blank">{{ 'page.footer.privacy'|trans }}</a></span>
                 <span><a href="{{ 'page.footer.contact_link'|trans }}" target="_blank">{{ 'page.footer.contact'|trans }}</a></span>
             </div>
-        </div>
+        </footer>
         {% block javascripts %}
             <script src="{{ asset('build/app.js') }}"></script>
         {% endblock %}

app/config/config.yml

@@ -134,14 +134,12 @@ dashboard:
                 username: "%manage_test_username%"
                 password: "%manage_test_password%"
             publication_status: "%manage_test_publication_status%"
-            oidcng_enabled: "%manage_test_oidcng_enabled%"
         production:
             connection:
                 host: "%manage_prod_host%"
                 username: "%manage_prod_username%"
                 password: "%manage_prod_password%"
             publication_status: "%manage_prod_publication_status%"
-            oidcng_enabled: "%manage_prod_oidcng_enabled%"
 
 dashboard_saml:
     session_lifetimes:

app/config/parameters.yml.dist

@@ -47,14 +47,12 @@ parameters:
     manage_test_username: sp-dashboard
     manage_test_password: secret
     manage_test_publication_status: testaccepted
-    manage_test_oidcng_enabled: true
 
     ## Manage production instance
     manage_prod_host: 'https://manage-prod.dev.support.surfconext.nl'
     manage_prod_username: sp-dashboard
     manage_prod_password: secret
     manage_prod_publication_status: prodaccepted
-    manage_prod_oidcng_enabled: true
 
     # Mail default settings
     mail_from: support@surfconext.nl

app/config/security.yml

@@ -77,6 +77,9 @@ nelmio_security:
                 - 'self'
             font-src:
                 - 'self'
+            img-src:
+                - 'self'
+                - 'data:'
             block-all-mixed-content: true # defaults to false, blocks HTTP content over HTTPS transport
             upgrade-insecure-requests: true # defaults to false, upgrades HTTP requests to HTTPS transport
     content_type:
@@ -87,4 +90,4 @@ nelmio_security:
     forced_ssl:
         enabled: true
         hsts_max_age: 31536000 # 365 days
-        hsts_subdomains: true
+        hsts_subdomains: true

app/js/application.js

@@ -2,6 +2,7 @@
 
 import './type_definitions.ts';
 import './components/form.ts';
+import './components/service_add_entity';
 import './components/service_switcher.js';
 import './components/service_form.ts';
 import './components/service_status.ts';