Merge branch 'feature/always-material' into feature/remove-default-theme

README.md

@@ -214,7 +214,7 @@ The login page looks for `/simplesamlphp/www/logo.png` which is **NOT** provided
 Update `/simplesamlphp/config/config.php`:
 
 ```
-'analytics.trackingId' => 'UA-some-unique-id-for-your-site'
+'analytics.trackingId' => 'G-some-unique-id-for-your-site'
 ```
 
 This project provides a convenience by loading this config with whatever is in the environment variable `ANALYTICS_ID`._

development/idp-local/config/authsources.php

@@ -43,6 +43,20 @@
             'mfa' => [
                 'prompt' => 'no',
             ],
+            'schacExpiryDate' => [
+                gmdate('YmdHis\Z', strtotime('+3 days')), // Soon but not tomorrow
+            ],
+        ],
+
+        // expirychecker test user whose password expires in one day
+        'next_day:a' => [
+            'eduPersonPrincipalName' => ['[email protected]'],
+            'eduPersonTargetID' => ['22888888-2222-2222-2222-222222222222'],
+            'sn' => ['Day'],
+            'givenName' => ['Next'],
+            'mail' => ['[email protected]'],
+            'employeeNumber' => ['22888'],
+            'cn' => ['NEXT_DAY'],
             'schacExpiryDate' => [
                 gmdate('YmdHis\Z', strtotime('+1 day')), // Very soon
             ],

dockerbuild/run-idp.sh

@@ -1,17 +1,16 @@
 #!/usr/bin/env bash
 
-# Try to run database migrations
-cd /data/vendor/simplesamlphp/simplesamlphp/modules/silauth
-chmod a+x ./lib/Auth/Source/yii
+# echo script commands to stdout
+set -x
+
+# exit if any command fails
+set -e
 
-output=$(./lib/Auth/Source/yii migrate --interactive=0 2>&1)
+# Try to run database migrations
+cd /data/vendor/simplesamlphp/simplesamlphp/modules/silauth/lib/Auth/Source
+chmod a+x ./yii
 
-# If they failed, exit.
-rc=$?;
-if [[ $rc != 0 ]]; then
-    logger --priority user.err --stderr "Migrations failed with status ${rc} and output: ${output}"
-    exit $rc;
-fi
+./yii migrate --interactive=0
 
 cd /data
 ./run.sh

dockerbuild/run-integration-tests.sh

@@ -1,8 +1,11 @@
 #!/usr/bin/env bash
 
-set -e
+# echo script commands to stdout
 set -x
 
+# exit if any command fails
+set -e
+
 cd /data
 export COMPOSER_ALLOW_SUPERUSER=1; composer install
 

dockerbuild/run-metadata-tests.sh

@@ -1,8 +1,11 @@
 #!/usr/bin/env bash
 
-set -e
+# echo script commands to stdout
 set -x
 
+# exit if any command fails
+set -e
+
 cd /data
 export COMPOSER_ALLOW_SUPERUSER=1; composer install
 

dockerbuild/run-tests.sh

@@ -1,8 +1,11 @@
 #!/usr/bin/env bash
 
-set -e
+# echo script commands to stdout
 set -x
 
+# exit if any command fails
+set -e
+
 /data/run-metadata-tests.sh
 
 ./vendor/bin/phpunit -v tests/AnnouncementTest.php

dockerbuild/run.sh

@@ -1,5 +1,11 @@
 #!/usr/bin/env bash
 
+# echo script commands to stdout
+set -x
+
+# exit if any command fails
+set -e
+
 # This is a temporary fix (bug workaround) until ssp 2.0 is in use
 sed -i 's_\(\\SimpleSAML\\Error\\Assertion::installHandler()\)_// \1 _' /data/vendor/simplesamlphp/simplesamlphp/www/_include.php
 

docs/material_tests.md

@@ -54,9 +54,21 @@ See [Local Testing](../README.md#local-testing) for instructions to set up your
 
 ## Expiry functionality
 
-### About to expire page
+### About to expire page (expires in one day)
 
-_Note:  This nag only works once since choosing later will simply set the nag date into the future a little._
+_Note:  This nag only works once since choosing later will simply set the nag date into the future a little.
+If needed, use a new private/incognito browser window to retry.__
+
+1.  Goto [SP 1](http://ssp-sp1.local:8081/module.php/core/authenticate.php?as=ssp-hub-custom-port)
+1.  Click **idp2** (second one)
+1.  Login as an "about to expire" user: `username=`**next_day** `password=`**a**
+1.  Click **Later**
+1.  Click **Logout**
+
+### About to expire page (expires in three days)
+
+_Note:  This nag only works once since choosing later will simply set the nag date into the future a little.
+If needed, use a new private/incognito browser window to retry.__
 
 1.  Goto [SP 1](http://ssp-sp1.local:8081/module.php/core/authenticate.php?as=ssp-hub-custom-port)
 1.  Click **idp2** (second one)
@@ -115,6 +127,7 @@ _Note:  This nag only works once since choosing later will simply set the nag da
 1.  Goto [SP 1](http://ssp-sp1.local:8081/module.php/core/authenticate.php?as=ssp-hub-custom-port)
 1.  Click **idp4** (third one)
 1.  Login as a "totp" user: `username=`**has_totp** `password=`**a**
+1.  You should see the form to enter a totp code. 
 1.  Set up an app using this secret, `JVRXKYTMPBEVKXLS`
 1.  Enter code from app to verify
 1.  Click **Logout**

features/bootstrap/MfaContext.php

@@ -171,7 +171,7 @@ public function iShouldSeeAPromptForATotpCode()
     {
         $page = $this->session->getPage();
         $pageHtml = $page->getHtml();
-        Assert::assertContains('Smartphone app', $pageHtml);
+        Assert::assertContains('Authenticator app', $pageHtml);
         Assert::assertContains('Enter 6-digit code', $pageHtml);
     }
 
@@ -659,7 +659,7 @@ public function iShouldSeeAPromptForAManagerRescueCode()
     {
         $page = $this->session->getPage();
         $pageHtml = $page->getHtml();
-        Assert::assertContains('Recovery contact help', $pageHtml);
+        Assert::assertContains('Ask Your Recovery Contact for Help', $pageHtml);
         Assert::assertContains('Enter code', $pageHtml);
     }
 

modules/material/dictionaries/mfa.definition.json

@@ -37,22 +37,22 @@
 		"ko": "코드 입력"
 	},
 	"totp_header": {
-		"en": "Smartphone app",
-		"es": "Aplicación de teléfono inteligente",
-		"fr": "Application pour smartphone",
-		"ko": "스마트폰 앱"
+		"en": "Get a code from your authenticator app",
+		"es": "Obtenga un código de su aplicación de autenticación",
+		"fr": "Obtenez un code depuis votre application d'authentification",
+		"ko": "인증 앱에서 코드 받기"
 	},
 	"totp_icon": {
-		"en": "Smartphone app icon",
+		"en": "Authenticator app icon",
 		"es": "Icono de aplicación de teléfono inteligente",
 		"fr": "Icône de l'application Smartphone",
-		"ko": "스마트폰 응용 프로그램 아이콘"
+		"ko": "인증 응용 프로그램 아이콘"
 	},
 	"totp_instructions": {
-		"en": "You will need to check your smartphone app for the current code.",
-		"es": "Deberá verificar la aplicación de su teléfono inteligente para ver el código actual.",
-		"fr": "Vous devriez vérifier l'application sur votre smartphone pour voir le code actuel.",
-		"ko": "스마트폰 앱에서 현재 코드를 확인해야합니다."
+		"en": "You will need to check your authenticator app for the current code.",
+		"es": "Deberá verificar la aplicación de autenticación para ver el código actual.",
+		"fr": "Vous devriez vérifier l'application d'authentification pour voir le code actuel.",
+		"ko": "인증 앱에서 현재 코드를 확인해야합니다."
 	},
 	"totp_input": {
 		"en": "Enter 6-digit code",
@@ -134,15 +134,15 @@
 	},
 	"webauthn_error_abort": {
 		"en": "It looks like you clicked cancel. Would you like us to try again?",
-		"es": "It looks like you clicked cancel. Would you like us to try again?",
+		"es": "Parece que has hecho clic en cancelar. ¿Quieres que lo intentemos de nuevo?",
 		"fr": "Il semble que vous ayez cliqué sur annuler. Souhaitez-vous que nous essayions à nouveau ?",
-		"ko": "It looks like you clicked cancel. Would you like us to try again?"
+		"ko": "취소를 클릭하신 것 같습니다. 다시 시도해 보시겠어요?"
 	},
 	"webauthn_error_not_allowed": {
 		"en": "Something about that didn't work. Please ensure that your security key is plugged in and that you touch it within 60 seconds when it blinks.",
-		"es": "Something about that didn't work. Please ensure that your security key is plugged in and that you touch it within 60 seconds when it blinks.",
+		"es": "Algo de eso no funcionó. Por favor, asegúrese de que su clave de seguridad está conectada y de que la toca en un plazo de 60 segundos cuando parpadea.",
 		"fr": "Quelque chose n'a pas fonctionné avec ça. Veuillez vous assurer que votre clé de sécurité est insérée et que vous la touchez dans les 60 secondes lorsqu'elle clignote.",
-		"ko": "Something about that didn't work. Please ensure that your security key is plugged in and that you touch it within 60 seconds when it blinks."
+		"ko": "문제가 해결되지 않았습니다. 보안 키가 연결되어 있고 깜박일 때 60초 이내에 터치했는지 확인하세요."
 	},
 	"manager_icon": {
 		"en": "Recovery contact icon",
@@ -151,16 +151,16 @@
 		"ko": "복구 연락처 아이콘"
 	},
 	"manager_header": {
-		"en": "Recovery contact help",
-		"es": "Ayuda de contacto de recuperación",
-		"fr": "Aide de contact de récupération",
-		"ko": "복구 연락처"
+		"en": "Ask Your Recovery Contact for Help",
+		"es": "Pida ayuda de contacto de recuperación",
+		"fr": "Demandez de l'aide à votre contact de récupération",
+		"ko": "복구 담당자에게 도움을 요청하십시오"
 	},
 	"manager_info": {
-		"en": "We can send a code to your recovery contact which can be used as a temporary 2-Step Verification option.  The email address on file (masked for privacy) is {managerEmail}.",
-		"es": "Podemos enviar un código a su contacto de recuperación que puede usarse como una opción de Verificación temporal de 2 pasos. La dirección de correo electrónico en el archivo (enmascarada por privacidad) es {managerEmail}.",
-		"fr": "Nous pouvons envoyer un code à votre contact de récupération, qui peut être utilisé comme option de vérification temporaire en deux étapes. L'adresse électronique au dossier (masquée pour la confidentialité) est {managerEmail}.",
-		"ko": "\n임시 2 단계 인증 옵션으로 사용할 수있는 코드를 복구 담당자에게 보낼 수 있습니다. 파일의 이메일 주소 (개인 정보 보호를 위해 마스크 됨)는 {managerEmail}입니다."
+		"en": "You can send a 2-step verification code to your recovery contact (usually your supervisor). The email we have for your recovery contact is:<br><br><code>{managerEmail}</code><br><br>We've hidden most of the letters for your contact's protection.",
+		"es": "Puede enviar un código de verificación de dos pasos a su contacto de recuperación (normalmente su supervisor). La dirección de correo electrónico que tenemos para su contacto de recuperación es:<br><br><code>{managerEmail}</code><br><br>Ocultamos la mayoría de las letras para proteger a su contacto.",
+		"fr": "Vous pouvez envoyer un code de vérification en deux étapes à votre contact de récupération (en général votre superviseur). L'adresse électronique que nous avons pour votre contact de récupération est:<br><br><code>{managerEmail}</code><br><br>. Nous avons caché la plupart des lettres pour la protection de votre contact.",
+		"ko": "2단계 인증 코드를 복구 연락처(보통 상사)에게 보낼 수 있습니다. 복구 연락처에 대한 이메일은 다음과 같습니다. <br><br><code>{managerEmail}</code><br><br> 연락처 보호를 위해 대부분의 편지를 숨겼습니다."
 	},
 	"manager_sent": {
 		"en": "A temporary code was sent your recovery contact at {managerEmail}.",
@@ -283,10 +283,10 @@
 		"ko": "내 보안키 사용"
 	},
 	"use_totp": {
-		"en": "Use my smartphone app instead",
-		"es": "Use la aplicación de mi teléfono inteligente en su lugar",
-		"fr": "Utiliser plutôt mon application smartphone",
-		"ko": "내 스마트폰 앱 사용"
+		"en": "Use my authenticator app instead",
+		"es": "Use la aplicación autenticación en su lugar",
+		"fr": "Utiliser plutôt mon application d'authentification",
+		"ko": "내 인증 앱 사용"
 	},
 	"use_backupcode": {
 		"en": "Use a printable code instead",
@@ -367,10 +367,10 @@
 		"ko": "사본"
 	},
 	"button_send": {
-		"en": "Send",
-		"es": "Enviar",
-		"fr": "Envoyer",
-		"ko": "보내다"
+		"en": "Send code",
+		"es": "Enviar código",
+		"fr": "Envoyer code",
+		"ko": "코드 보내기"
 	},
 	"button_cancel": {
 		"en": "Cancel",

modules/material/themes/material/common-head-elements.php

@@ -8,26 +8,20 @@
 <?php
 $trackingId = htmlentities($this->configuration->getValue('analytics.trackingId'));
 if (! empty($trackingId)) {
-?>
-    <script>
-        window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
-        ga('create', '<?= $trackingId ?>', 'auto');
-        ga('send', 'pageview');
-    </script>
-    <script async src='https://www.google-analytics.com/analytics.js'></script>
-<?php
-} else {
-?>
-    <script>
-        window.ga = function () {
-            // Null object pattern to avoid `if (window.ga)` wherever ga is used.
-        }
-    </script>
-<?php
+    ?>
+  <!-- Google tag (gtag.js) -->
+  <script async src="https://www.googletagmanager.com/gtag/js?id=<?= $trackingId ?>"></script>
+  <script>
+    window.dataLayer = window.dataLayer || [];
+    function gtag(){dataLayer.push(arguments);}
+    gtag('js', new Date());
+
+    gtag('config', '<?= $trackingId ?>');
+  </script>
+    <?php
 }
 ?>
 
-
 <?php
 $colors = htmlentities($this->configuration->getValue('theme.color-scheme') ?: 'indigo-purple');
 ?>

modules/material/themes/material/core/loginuserpass.php

@@ -82,7 +82,7 @@ function onRecaptchaLoad() {
                         <?php
                         $username = htmlentities($this->data['username'] ?? null);
                         ?>
-                        <input type="text" name="username" class="mdl-textfield__input" value="<?= $username ?>" 
+                        <input type="text" required name="username" class="mdl-textfield__input mdl-color-text--black" value="<?= $username ?>"
                                <?= empty($username) ? 'autofocus' : '' ?> id="username"/>
                     </div>
 
@@ -91,7 +91,7 @@ function onRecaptchaLoad() {
                             <?= $this->t('{material:login:label_password}') ?>
                         </label>
 
-                        <input type="password" name="password" class="mdl-textfield__input" <?= ! empty($username) ? 'autofocus' : '' ?> 
+                        <input type="password" required name="password" class="mdl-textfield__input mdl-color-text--black" <?= ! empty($username) ? 'autofocus' : '' ?>
                                id="password"/>
                     </div>
                 </div>