From e042e705cffe6ec14522f23ef96678120f607e5f Mon Sep 17 00:00:00 2001 From: Schparky <3172830+Schparky@users.noreply.github.com> Date: Mon, 1 Apr 2019 15:34:34 -0600 Subject: [PATCH 1/6] add validatePassword method --- CHANGELOG.md | 2 ++ features/request/RequestContext.php | 11 ++++++++++ features/request/request.feature | 16 +++++++++++++++ features/response/ResponseContext.php | 15 ++++++++++++++ features/response/response.feature | 10 +++++++++ src/IdBrokerClient.php | 29 +++++++++++++++++++++++++++ src/descriptions/id-broker-api.php | 17 ++++++++++++++++ 7 files changed, 100 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 11c7f3a..862fea4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] +### Added +- new 'validatePassword' method, executes validation but does not save password ## [3.0.0] - 2019-03-13 ### Changed diff --git a/features/request/RequestContext.php b/features/request/RequestContext.php index 7ccd538..c6237a4 100644 --- a/features/request/RequestContext.php +++ b/features/request/RequestContext.php @@ -354,6 +354,17 @@ public function iCallSetpassword() ); } + /** + * @When I call validatePassword + */ + public function iCallValidatepassword() + { + $this->getIdBrokerClient()->validatePassword( + $this->requestData['employee_id'], + $this->requestData['password'] + ); + } + /** * @When I call updateUser */ diff --git a/features/request/request.feature b/features/request/request.feature index 0cf5bb9..3e41f65 100644 --- a/features/request/request.feature +++ b/features/request/request.feature @@ -194,6 +194,22 @@ Feature: Formatting requests for sending to the ID Broker API } """ + Scenario: Validating a password + Given I am using a baseUri of "https://api.example.com/" + And I have indicated not to validate the id broker ip + And I provide an "employee_id" of "123" + And I provide a "password" of "correcthorsebatterystaple" + When I call validatePassword + Then the method should be "PUT" + And the url should be 'https://api.example.com/user/123/pwdvalidate' + And an authorization header should be present + And the body should equal the following: + """ + { + "password": "correcthorsebatterystaple" + } + """ + Scenario: Creating a recovery method Given I am using a baseUri of "https://api.example.com/" And I have indicated not to validate the id broker ip diff --git a/features/response/ResponseContext.php b/features/response/ResponseContext.php index 654cf27..7760720 100644 --- a/features/response/ResponseContext.php +++ b/features/response/ResponseContext.php @@ -262,6 +262,21 @@ public function iCallSetpasswordWithTheNecessaryData() } } + /** + * @When I call validatePassword with the necessary data + */ + public function iCallValidatepasswordWithTheNecessaryData() + { + try { + $this->result = $this->getIdBrokerClient()->validatePassword( + '12345', + 'correcthorsebatterystaple' + ); + } catch (Exception $e) { + $this->exceptionThrown = $e; + } + } + /** * @Then an exception should NOT have been thrown */ diff --git a/features/response/response.feature b/features/response/response.feature index 99b3efa..d246bac 100644 --- a/features/response/response.feature +++ b/features/response/response.feature @@ -208,6 +208,16 @@ Feature: Handling responses from the ID Broker API When I call setPassword with the necessary data Then an exception should NOT have been thrown + Scenario: Handling a successful validatePassword call + Given a call to "validatePassword" will return a 204 response + When I call validatePassword with the necessary data + Then the result should be true + + Scenario: Handling a negative validatePassword call + Given a call to "validatePassword" will return a 400 response + When I call validatePassword with the necessary data + Then the result should be false + Scenario: Handling a "correct" response from mfaVerify Given a call to "mfaVerify" will return a 200 response When I call mfaVerify with the necessary data diff --git a/src/IdBrokerClient.php b/src/IdBrokerClient.php index 9a88544..4442588 100644 --- a/src/IdBrokerClient.php +++ b/src/IdBrokerClient.php @@ -571,6 +571,35 @@ public function setPassword(string $employeeId, string $password) $this->reportUnexpectedResponse($result, 1490808839); } + /** + * Validate a new password for a specified user, but do not save it. + * + * @param string $employeeId The Employee ID of the user for whom we + * are validating a new password. + * @param string $password The desired password, in plaintext. + * + * @return bool + * @throws ServiceException + */ + public function validatePassword(string $employeeId, string $password) + { + $result = $this->validatePasswordInternal([ + 'employee_id' => $employeeId, + 'password' => $password, + ]); + $statusCode = (int)$result[ 'statusCode' ]; + + if ($statusCode >= 200 && $statusCode <= 299) { + return true; + } + + if ($statusCode >= 400 && $statusCode <= 499) { + return false; + } + + $this->reportUnexpectedResponse($result, 1490808839); + } + /** * @param \GuzzleHttp\Command\Result $response * @param int $uniqueErrorCode diff --git a/src/descriptions/id-broker-api.php b/src/descriptions/id-broker-api.php index 528c02a..a322884 100644 --- a/src/descriptions/id-broker-api.php +++ b/src/descriptions/id-broker-api.php @@ -276,6 +276,23 @@ ], ], ], + 'validatePasswordInternal' => [ + 'httpMethod' => 'PUT', + 'uri' => '/user/{employee_id}/pwdvalidate', + 'responseModel' => 'Result', + 'parameters' => [ + 'employee_id' => [ + 'required' => true, + 'type' => 'string', + 'location' => 'uri', + ], + 'password' => [ + 'required' => true, + 'type' => 'string', + 'location' => 'json', + ], + ], + ], 'updateUserInternal' => [ 'httpMethod' => 'PUT', 'uri' => '/user/{employee_id}', From fe69bcfed38240b99f1bee56fa7392881d293488 Mon Sep 17 00:00:00 2001 From: Schparky <3172830+Schparky@users.noreply.github.com> Date: Thu, 4 Apr 2019 13:04:37 -0600 Subject: [PATCH 2/6] rename validatePassword to assessPassword --- CHANGELOG.md | 2 +- features/request/RequestContext.php | 6 +++--- features/request/request.feature | 4 ++-- features/response/ResponseContext.php | 6 +++--- features/response/response.feature | 12 ++++++------ src/IdBrokerClient.php | 4 ++-- src/descriptions/id-broker-api.php | 4 ++-- 7 files changed, 19 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 862fea4..2f43bd7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ### Added -- new 'validatePassword' method, executes validation but does not save password +- new 'assessPassword' method, executes validation but does not save password ## [3.0.0] - 2019-03-13 ### Changed diff --git a/features/request/RequestContext.php b/features/request/RequestContext.php index c6237a4..bd78a4f 100644 --- a/features/request/RequestContext.php +++ b/features/request/RequestContext.php @@ -355,11 +355,11 @@ public function iCallSetpassword() } /** - * @When I call validatePassword + * @When I call assessPassword */ - public function iCallValidatepassword() + public function iCallassessPassword() { - $this->getIdBrokerClient()->validatePassword( + $this->getIdBrokerClient()->assessPassword( $this->requestData['employee_id'], $this->requestData['password'] ); diff --git a/features/request/request.feature b/features/request/request.feature index 3e41f65..7055ba4 100644 --- a/features/request/request.feature +++ b/features/request/request.feature @@ -199,9 +199,9 @@ Feature: Formatting requests for sending to the ID Broker API And I have indicated not to validate the id broker ip And I provide an "employee_id" of "123" And I provide a "password" of "correcthorsebatterystaple" - When I call validatePassword + When I call assessPassword Then the method should be "PUT" - And the url should be 'https://api.example.com/user/123/pwdvalidate' + And the url should be 'https://api.example.com/user/123/password/assess' And an authorization header should be present And the body should equal the following: """ diff --git a/features/response/ResponseContext.php b/features/response/ResponseContext.php index 7760720..851ce9f 100644 --- a/features/response/ResponseContext.php +++ b/features/response/ResponseContext.php @@ -263,12 +263,12 @@ public function iCallSetpasswordWithTheNecessaryData() } /** - * @When I call validatePassword with the necessary data + * @When I call assessPassword with the necessary data */ - public function iCallValidatepasswordWithTheNecessaryData() + public function iCallassessPasswordWithTheNecessaryData() { try { - $this->result = $this->getIdBrokerClient()->validatePassword( + $this->result = $this->getIdBrokerClient()->assessPassword( '12345', 'correcthorsebatterystaple' ); diff --git a/features/response/response.feature b/features/response/response.feature index d246bac..bf2b2e6 100644 --- a/features/response/response.feature +++ b/features/response/response.feature @@ -208,14 +208,14 @@ Feature: Handling responses from the ID Broker API When I call setPassword with the necessary data Then an exception should NOT have been thrown - Scenario: Handling a successful validatePassword call - Given a call to "validatePassword" will return a 204 response - When I call validatePassword with the necessary data + Scenario: Handling a successful assessPassword call + Given a call to "assessPassword" will return a 204 response + When I call assessPassword with the necessary data Then the result should be true - Scenario: Handling a negative validatePassword call - Given a call to "validatePassword" will return a 400 response - When I call validatePassword with the necessary data + Scenario: Handling a negative assessPassword call + Given a call to "assessPassword" will return a 409 response + When I call assessPassword with the necessary data Then the result should be false Scenario: Handling a "correct" response from mfaVerify diff --git a/src/IdBrokerClient.php b/src/IdBrokerClient.php index 4442588..75e0e02 100644 --- a/src/IdBrokerClient.php +++ b/src/IdBrokerClient.php @@ -581,9 +581,9 @@ public function setPassword(string $employeeId, string $password) * @return bool * @throws ServiceException */ - public function validatePassword(string $employeeId, string $password) + public function assessPassword(string $employeeId, string $password) { - $result = $this->validatePasswordInternal([ + $result = $this->assessPasswordInternal([ 'employee_id' => $employeeId, 'password' => $password, ]); diff --git a/src/descriptions/id-broker-api.php b/src/descriptions/id-broker-api.php index a322884..24cf6fb 100644 --- a/src/descriptions/id-broker-api.php +++ b/src/descriptions/id-broker-api.php @@ -276,9 +276,9 @@ ], ], ], - 'validatePasswordInternal' => [ + 'assessPasswordInternal' => [ 'httpMethod' => 'PUT', - 'uri' => '/user/{employee_id}/pwdvalidate', + 'uri' => '/user/{employee_id}/password/assess', 'responseModel' => 'Result', 'parameters' => [ 'employee_id' => [ From d3fc0014c25754f2e6188c50f66bfd643196dca0 Mon Sep 17 00:00:00 2001 From: Schparky <3172830+Schparky@users.noreply.github.com> Date: Thu, 4 Apr 2019 13:09:08 -0600 Subject: [PATCH 3/6] correct search-and-replace errors --- features/request/RequestContext.php | 2 +- features/response/ResponseContext.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/features/request/RequestContext.php b/features/request/RequestContext.php index bd78a4f..e1fb600 100644 --- a/features/request/RequestContext.php +++ b/features/request/RequestContext.php @@ -357,7 +357,7 @@ public function iCallSetpassword() /** * @When I call assessPassword */ - public function iCallassessPassword() + public function iCallAssessPassword() { $this->getIdBrokerClient()->assessPassword( $this->requestData['employee_id'], diff --git a/features/response/ResponseContext.php b/features/response/ResponseContext.php index 851ce9f..265c20f 100644 --- a/features/response/ResponseContext.php +++ b/features/response/ResponseContext.php @@ -265,7 +265,7 @@ public function iCallSetpasswordWithTheNecessaryData() /** * @When I call assessPassword with the necessary data */ - public function iCallassessPasswordWithTheNecessaryData() + public function iCallAssessPasswordWithTheNecessaryData() { try { $this->result = $this->getIdBrokerClient()->assessPassword( From 83b76e245e911c7eb509fa139a3c63489ea662cb Mon Sep 17 00:00:00 2001 From: Schparky <3172830+Schparky@users.noreply.github.com> Date: Thu, 4 Apr 2019 13:09:26 -0600 Subject: [PATCH 4/6] use unique exception code number --- src/IdBrokerClient.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/IdBrokerClient.php b/src/IdBrokerClient.php index 75e0e02..8f19338 100644 --- a/src/IdBrokerClient.php +++ b/src/IdBrokerClient.php @@ -597,7 +597,7 @@ public function assessPassword(string $employeeId, string $password) return false; } - $this->reportUnexpectedResponse($result, 1490808839); + $this->reportUnexpectedResponse($result, 1554404870); } /** From 260698ea04977148eff2312d89c1507a8d03f311 Mon Sep 17 00:00:00 2001 From: Schparky <3172830+Schparky@users.noreply.github.com> Date: Thu, 4 Apr 2019 13:32:01 -0600 Subject: [PATCH 5/6] need to distinguish multiple error codes --- features/response/response.feature | 7 ++++++- src/IdBrokerClient.php | 4 ---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/features/response/response.feature b/features/response/response.feature index bf2b2e6..30f01a2 100644 --- a/features/response/response.feature +++ b/features/response/response.feature @@ -216,7 +216,12 @@ Feature: Handling responses from the ID Broker API Scenario: Handling a negative assessPassword call Given a call to "assessPassword" will return a 409 response When I call assessPassword with the necessary data - Then the result should be false + Then an exception with status code 409 SHOULD have been thrown + + Scenario: Handling a negative assessPassword call + Given a call to "assessPassword" will return a 422 response + When I call assessPassword with the necessary data + Then an exception with status code 422 SHOULD have been thrown Scenario: Handling a "correct" response from mfaVerify Given a call to "mfaVerify" will return a 200 response diff --git a/src/IdBrokerClient.php b/src/IdBrokerClient.php index 8f19338..45ffba4 100644 --- a/src/IdBrokerClient.php +++ b/src/IdBrokerClient.php @@ -593,10 +593,6 @@ public function assessPassword(string $employeeId, string $password) return true; } - if ($statusCode >= 400 && $statusCode <= 499) { - return false; - } - $this->reportUnexpectedResponse($result, 1554404870); } From b49cb514bbdf1b51e0bec8a9714ef10bbc9f5b4c Mon Sep 17 00:00:00 2001 From: Schparky <3172830+Schparky@users.noreply.github.com> Date: Wed, 10 Apr 2019 07:47:12 -0600 Subject: [PATCH 6/6] Add 3.1.0 to CHANGELOG --- CHANGELOG.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f43bd7..55d918b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] + +## [3.1.0] - 2019-04-10 ### Added - new 'assessPassword' method, executes validation but does not save password @@ -71,7 +73,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ### Added - Initial version of ID Broker API client. -[Unreleased]: https://github.com/silinternational/idp-id-broker-php-client/compare/3.0.0...HEAD +[Unreleased]: https://github.com/silinternational/idp-id-broker-php-client/compare/3.1.0...HEAD +[3.1.0]: https://github.com/silinternational/idp-id-broker-php-client/compare/3.0.0...3.1.0 [3.0.0]: https://github.com/silinternational/idp-id-broker-php-client/compare/2.6.0...3.0.0 [2.6.0]: https://github.com/silinternational/idp-id-broker-php-client/compare/2.5.1...2.6.0 [2.5.1]: https://github.com/silinternational/idp-id-broker-php-client/compare/2.5.0...2.5.1