Merge branch 'develop'

CHANGELOG.md

@@ -0,0 +1,9 @@
+# Changelog
+
+## 2.10.0
+**Features & Bugfixes**
+* Fixed missing translations for validation messages on forms #154
+
+**Improvements**
+* Symfony 3.4.15 upgrade #153
+* Behat test support #152

README.md

@@ -31,3 +31,6 @@ bin/extract-translations.sh
 Then, translate the strings using the web interface available at: https://ss-dev.stepup.coin.surf.net/app_dev.php/_trans/
 
 For more information about the JMSTranslationBundle, see http://jmsyst.com/bundles/JMSTranslationBundle
+
+## Release strategy
+Please read: https://github.com/OpenConext/Stepup-Deploy/wiki/Release-Management fro more information on the release strategy used in Stepup projects.

app/AppCache.php

@@ -0,0 +1,7 @@
+<?php
+
+use Symfony\Bundle\FrameworkBundle\HttpCache\HttpCache;
+
+class AppCache extends HttpCache
+{
+}

app/AppKernel.php

@@ -38,16 +38,13 @@ public function registerBundles()
             new Surfnet\SamlBundle\SurfnetSamlBundle(),
             new Surfnet\StepupBundle\SurfnetStepupBundle(),
             new JMS\TranslationBundle\JMSTranslationBundle(),
-            new JMS\DiExtraBundle\JMSDiExtraBundle($this),
-            new JMS\AopBundle\JMSAopBundle(),
             new Surfnet\StepupU2fBundle\SurfnetStepupU2fBundle(),
             new OpenConext\MonitorBundle\OpenConextMonitorBundle(),
         );
 
         if (in_array($this->getEnvironment(), array('dev', 'test'))) {
             $bundles[] = new Symfony\Bundle\WebProfilerBundle\WebProfilerBundle();
             $bundles[] = new Sensio\Bundle\DistributionBundle\SensioDistributionBundle();
-            $bundles[] = new Sensio\Bundle\GeneratorBundle\SensioGeneratorBundle();
         }
 
         return $bundles;

app/config/config.yml

@@ -18,10 +18,9 @@ framework:
     templating:
         engines: ['twig']
     assets:
-        version: %asset_version%
+        version: "%asset_version%"
     default_locale:  "%default_locale%"
     trusted_hosts:   ~
-    trusted_proxies: %trusted_proxies%
     session:
         # handler_id set to null will use default session handler from php.ini
         handler_id:  ~
@@ -85,11 +84,11 @@ services:
 
 surfnet_stepup_middleware_client:
     authorisation:
-        username: %middleware_credentials_username%
-        password: %middleware_credentials_password%
+        username: "%middleware_credentials_username%"
+        password: "%middleware_credentials_password%"
     url:
-        command_api: %middleware_url_command_api%
-        api: %middleware_url_api%
+        command_api: "%middleware_url_command_api%"
+        api: "%middleware_url_api%"
 
 surfnet_saml:
     hosted:
@@ -98,63 +97,63 @@ surfnet_saml:
         service_provider:
             enabled: true
             assertion_consumer_route: selfservice_serviceprovider_consume_assertion
-            public_key: %saml_sp_publickey%
-            private_key: %saml_sp_privatekey%
+            public_key: "%saml_sp_publickey%"
+            private_key: "%saml_sp_privatekey%"
         metadata:
             entity_id_route: selfservice_saml_metadata
-            public_key: %saml_metadata_publickey%
-            private_key: %saml_metadata_privatekey%
+            public_key: "%saml_metadata_publickey%"
+            private_key: "%saml_metadata_privatekey%"
     remote:
         identity_provider:
             enabled: true
-            entity_id: %saml_remote_idp_entity_id%
-            sso_url: %saml_remote_idp_sso_url%
-            certificate: %saml_remote_idp_certificate%
+            entity_id: "%saml_remote_idp_entity_id%"
+            sso_url: "%saml_remote_idp_sso_url%"
+            certificate: "%saml_remote_idp_certificate%"
 
 surfnet_stepup:
     logging:
         application_name: self-service
     loa_definition:
-        loa1: %stepup_loa_loa1%
-        loa2: %stepup_loa_loa2%
-        loa3: %stepup_loa_loa3%
+        loa1: "%stepup_loa_loa1%"
+        loa2: "%stepup_loa_loa2%"
+        loa3: "%stepup_loa_loa3%"
     sms:
-        originator: %sms_originator%
-        otp_expiry_interval: %sms_otp_expiry_interval%
-        maximum_otp_requests: %sms_maximum_otp_requests%
+        originator: "%sms_originator%"
+        otp_expiry_interval: "%sms_otp_expiry_interval%"
+        maximum_otp_requests: "%sms_maximum_otp_requests%"
     gateway_api:
-        url: %gateway_api_url%
+        url: "%gateway_api_url%"
         credentials:
-            username: %gateway_api_username%
-            password: %gateway_api_password%
+            username: "%gateway_api_username%"
+            password: "%gateway_api_password%"
     attach_request_id_injector_to:
         - surfnet_stepup.guzzle.gateway_api
         - surfnet_stepup_middleware_client.guzzle.api
         - surfnet_stepup_middleware_client.guzzle.commands
     locale_cookie:
-        domain: %locale_cookie_domain%
+        domain: "%locale_cookie_domain%"
 
 jms_translation:
-    locales: %locales%
+    locales: "%locales%"
     configs:
         default:
-            dirs: [%kernel.root_dir%/../src, %kernel.root_dir%, %kernel.root_dir%/../vendor/surfnet]
-            output_dir: %kernel.root_dir%/Resources/translations
+            dirs: ["%kernel.root_dir%/../src", "%kernel.root_dir%", "%kernel.root_dir%/../vendor/surfnet"]
+            output_dir: "%kernel.root_dir%/Resources/translations"
             ignored_domains: []
             excluded_names: ['*TestCase.php', '*Test.php']
             excluded_dirs: [cache, data, logs, Tests]
             extractors: []
 
 surfnet_stepup_self_service_self_service:
-    enabled_second_factors: %enabled_second_factors%
-    enabled_generic_second_factors: %enabled_generic_second_factors%
+    enabled_second_factors: "%enabled_second_factors%"
+    enabled_generic_second_factors: "%enabled_generic_second_factors%"
     second_factor_test_identity_provider:
-        entity_id: '%second_factor_test_idp_entity_id%'
-        sso_url: '%second_factor_test_idp_sso_url%'
-        certificate: '%second_factor_test_idp_certificate%'
+        entity_id: "%second_factor_test_idp_entity_id%"
+        sso_url: "%second_factor_test_idp_sso_url%"
+        certificate: "%second_factor_test_idp_certificate%"
     session_lifetimes:
         max_absolute_lifetime: "%session_max_absolute_lifetime%"
         max_relative_lifetime: "%session_max_relative_lifetime%"
 
 surfnet_stepup_u2f:
-    app_id: %u2f_app_id%
+    app_id: "%u2f_app_id%"

app/config/config_dev.yml

@@ -31,7 +31,7 @@ monolog:
             type: stream
             handler: logfile
             level: NOTICE
-            path: %kernel.logs_dir%/%kernel.environment%.log
+            path: "%kernel.logs_dir%/%kernel.environment%.log"
 
 assetic:
     use_controller: "%use_assetic_controller%"

app/config/routing_dev.yml

@@ -6,10 +6,6 @@ _profiler:
     resource: "@WebProfilerBundle/Resources/config/routing/profiler.xml"
     prefix:   /_profiler
 
-_configurator:
-    resource: "@SensioDistributionBundle/Resources/config/routing/webconfigurator.xml"
-    prefix:   /_configurator
-
 JMSTranslationBundle_ui:
     resource: "@JMSTranslationBundle/Controller/"
     type:     annotation

app/config/samlstepupproviders.yml

@@ -9,50 +9,50 @@ surfnet_stepup_self_service_saml_stepup_provider:
         tiqr:
             hosted:
                 service_provider:
-                    public_key: %gssp_tiqr_sp_publickey%
-                    private_key: %gssp_tiqr_sp_privatekey%
+                    public_key: "%gssp_tiqr_sp_publickey%"
+                    private_key: "%gssp_tiqr_sp_privatekey%"
                 metadata:
-                    public_key: %gssp_tiqr_metadata_publickey%
-                    private_key: %gssp_tiqr_metadata_privatekey%
+                    public_key: "%gssp_tiqr_metadata_publickey%"
+                    private_key: "%gssp_tiqr_metadata_privatekey%"
             remote:
-                entity_id: %gssp_tiqr_remote_entity_id%
-                sso_url: %gssp_tiqr_remote_sso_url%
-                certificate: %gssp_tiqr_remote_certificate%
+                entity_id: "%gssp_tiqr_remote_entity_id%"
+                sso_url: "%gssp_tiqr_remote_sso_url%"
+                certificate: "%gssp_tiqr_remote_certificate%"
             view_config:
-                loa: %gssp_tiqr_loa%
-                logo: %gssp_tiqr_logo%
-                alt: %gssp_tiqr_alt%
-                title: %gssp_tiqr_title%
-                description: %gssp_tiqr_description%
-                button_use: %gssp_tiqr_button_use%
-                initiate_title: %gssp_tiqr_initiate_title%
-                initiate_button: %gssp_tiqr_initiate_button%
-                explanation: %gssp_tiqr_initiate_title%
-                authn_failed: %gssp_tiqr_authn_failed%
-                pop_failed: %gssp_tiqr_pop_failed%
-                app_android_url: %gssp_tiqr_app_android_url%
-                app_ios_url: %gssp_tiqr_app_ios_url%
+                loa: "%gssp_tiqr_loa%"
+                logo: "%gssp_tiqr_logo%"
+                alt: "%gssp_tiqr_alt%"
+                title: "%gssp_tiqr_title%"
+                description: "%gssp_tiqr_description%"
+                button_use: "%gssp_tiqr_button_use%"
+                initiate_title: "%gssp_tiqr_initiate_title%"
+                initiate_button: "%gssp_tiqr_initiate_button%"
+                explanation: "%gssp_tiqr_initiate_title%"
+                authn_failed: "%gssp_tiqr_authn_failed%"
+                pop_failed: "%gssp_tiqr_pop_failed%"
+                app_android_url: "%gssp_tiqr_app_android_url%"
+                app_ios_url: "%gssp_tiqr_app_ios_url%"
         biometric:
             hosted:
                 service_provider:
-                    public_key: %gssp_biometric_sp_publickey%
-                    private_key: %gssp_biometric_sp_privatekey%
+                    public_key: "%gssp_biometric_sp_publickey%"
+                    private_key: "%gssp_biometric_sp_privatekey%"
                 metadata:
-                    public_key: %gssp_biometric_metadata_publickey%
-                    private_key: %gssp_biometric_metadata_privatekey%
+                    public_key: "%gssp_biometric_metadata_publickey%"
+                    private_key: "%gssp_biometric_metadata_privatekey%"
             remote:
-                entity_id: %gssp_biometric_remote_entity_id%
-                sso_url: %gssp_biometric_remote_sso_url%
-                certificate: %gssp_biometric_remote_certificate%
+                entity_id: "%gssp_biometric_remote_entity_id%"
+                sso_url: "%gssp_biometric_remote_sso_url%"
+                certificate: "%gssp_biometric_remote_certificate%"
             view_config:
-                loa: %gssp_biometric_loa%
-                logo: %gssp_biometric_logo%
-                alt: %gssp_biometric_alt%
-                title: %gssp_biometric_title%
-                description: %gssp_biometric_description%
-                button_use: %gssp_biometric_button_use%
-                initiate_title: %gssp_biometric_initiate_title%
-                initiate_button: %gssp_biometric_initiate_button%
-                explanation: %gssp_biometric_initiate_title%
-                authn_failed: %gssp_biometric_authn_failed%
-                pop_failed: %gssp_biometric_pop_failed%
+                loa: "%gssp_biometric_loa%"
+                logo: "%gssp_biometric_logo%"
+                alt: "%gssp_biometric_alt%"
+                title: "%gssp_biometric_title%"
+                description: "%gssp_biometric_description%"
+                button_use: "%gssp_biometric_button_use%"
+                initiate_title: "%gssp_biometric_initiate_title%"
+                initiate_button: "%gssp_biometric_initiate_button%"
+                explanation: "%gssp_biometric_initiate_title%"
+                authn_failed: "%gssp_biometric_authn_failed%"
+                pop_failed: "%gssp_biometric_pop_failed%"

app/config/security.yml

@@ -10,6 +10,7 @@ security:
 
         default:
             pattern: ^/authentication/(metadata|session-expired)$
+            logout_on_user_change: true
             anonymous: ~
 
         monitor:
@@ -22,11 +23,12 @@ security:
 
         saml_based:
             saml: true
+            logout_on_user_change: true
             logout:
                 path: /logout
-                target: %logout_redirect_url%
+                target: "%logout_redirect_url%"
                 invalidate_session: true
-                csrf_token_generator: form.csrf_provider
+                csrf_token_generator: security.csrf.token_manager
                 csrf_parameter: 't'
                 csrf_token_id: 'self_service_logout_token'
 

app/console

@@ -1,23 +1,26 @@
 #!/usr/bin/env php
 <?php
 
-set_time_limit(0);
-
-require_once __DIR__.'/bootstrap.php.cache';
-require_once __DIR__.'/AppKernel.php';
-
 use Symfony\Bundle\FrameworkBundle\Console\Application;
 use Symfony\Component\Console\Input\ArgvInput;
 use Symfony\Component\Debug\Debug;
 
+// if you don't want to setup permissions the proper way, just uncomment the following PHP line
+// read http://symfony.com/doc/current/setup.html#checking-symfony-application-configuration-and-setup
+// for more information
+//umask(0000);
+
+set_time_limit(0);
+
+/** @var Composer\Autoload\ClassLoader $loader */
+$loader = require __DIR__.'/../app/autoload.php';
+
 $input = new ArgvInput();
-$env = $input->getParameterOption(array('--env', '-e'), getenv('SYMFONY_ENV') ?: 'dev');
-$debug = getenv('SYMFONY_DEBUG') !== '0' && !$input->hasParameterOption(array('--no-debug', ''))
-    && $env !== 'prod'
-    && $env !== 'build';
+$env = $input->getParameterOption(['--env', '-e'], getenv('SYMFONY_ENV') ?: 'dev');
+$debug = getenv('SYMFONY_DEBUG') !== '0' && !$input->hasParameterOption(['--no-debug', '']) && $env !== 'prod';
 
 if ($debug) {
-    Debug::enable(~E_USER_DEPRECATED);
+    Debug::enable();
 }
 
 $kernel = new AppKernel($env, $debug);