Merge remote-tracking branch 'origin/develop' into feature/fix-type-e…

…rrors

README.md

@@ -214,7 +214,7 @@ The login page looks for `/simplesamlphp/www/logo.png` which is **NOT** provided
 Update `/simplesamlphp/config/config.php`:
 
 ```
-'analytics.trackingId' => 'UA-some-unique-id-for-your-site'
+'analytics.trackingId' => 'G-some-unique-id-for-your-site'
 ```
 
 This project provides a convenience by loading this config with whatever is in the environment variable `ANALYTICS_ID`._

actions-services.yml

@@ -23,15 +23,15 @@ services:
       - pwmanager.local
       - test-browser
     environment:
-      - MYSQL_HOST=db
-      - MYSQL_DATABASE=silauth
-      - MYSQL_USER=silauth
-      - MYSQL_PASSWORD=silauth
-      - PROFILE_URL_FOR_TESTS=http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub
-      - ADMIN_EMAIL=[email protected]
-      - ADMIN_PASS=b
-      - SECRET_SALT=abc123
-      - IDP_NAME=x
+      MYSQL_HOST: db
+      MYSQL_DATABASE: silauth
+      MYSQL_USER: silauth
+      MYSQL_PASSWORD: silauth
+      PROFILE_URL_FOR_TESTS: http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub
+      ADMIN_EMAIL: [email protected]
+      ADMIN_PASS: b
+      SECRET_SALT: abc123
+      IDP_NAME: x
     volumes:
       - ./dockerbuild/run-integration-tests.sh:/data/run-integration-tests.sh
       - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh
@@ -210,13 +210,13 @@ services:
       - ./development/sp2-local/metadata/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
 
     environment:
-      - ADMIN_EMAIL=[email protected]
-      - ADMIN_PASS=sp2
-      - SECRET_SALT=h57fjemb&dn^nsJFGNjweJz2
-      - SECURE_COOKIE=false
-      - SHOW_SAML_ERRORS=true
-      - SAML20_IDP_ENABLE=false
-      - ADMIN_PROTECT_INDEX_PAGE=false
+      ADMIN_EMAIL: [email protected]
+      ADMIN_PASS: sp2
+      SECRET_SALT: h57fjemb&dn^nsJFGNjweJz2
+      SECURE_COOKIE: "false"
+      SHOW_SAML_ERRORS: "true"
+      SAML20_IDP_ENABLE: "false"
+      ADMIN_PROTECT_INDEX_PAGE: "false"
 
   ssp-sp3.local:
     build: .
@@ -232,13 +232,13 @@ services:
       - ./development/sp3-local/metadata/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
 
     environment:
-      - ADMIN_EMAIL=[email protected]
-      - ADMIN_PASS=sp3
-      - SECRET_SALT=h57fjemb&dn^nsJFGNjweJz3
-      - SECURE_COOKIE=false
-      - SHOW_SAML_ERRORS=true
-      - SAML20_IDP_ENABLE=false
-      - ADMIN_PROTECT_INDEX_PAGE=false
+      ADMIN_EMAIL: [email protected]
+      ADMIN_PASS: sp3
+      SECRET_SALT: h57fjemb&dn^nsJFGNjweJz3
+      SECURE_COOKIE: "false"
+      SHOW_SAML_ERRORS: "true"
+      SAML20_IDP_ENABLE: "false"
+      ADMIN_PROTECT_INDEX_PAGE: "false"
 
 
   pwmanager.local:
@@ -253,15 +253,15 @@ services:
       # Utilize custom metadata
       - ./development/sp-local/metadata/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
     environment:
-      - ADMIN_EMAIL=[email protected]
-      - ADMIN_PASS=sp1
-      - IDP_NAME=THIS VARIABLE IS REQUIRED BUT PROBABLY NOT USED
-      - SECRET_SALT=NOT-a-secret-k49fjfkw73hjf9t87wjiw
-      - SECURE_COOKIE=false
-      - SHOW_SAML_ERRORS=true
-      - SAML20_IDP_ENABLE=false
-      - ADMIN_PROTECT_INDEX_PAGE=false
-      - THEME_USE=default
+      ADMIN_EMAIL: [email protected]
+      ADMIN_PASS: sp1
+      IDP_NAME: THIS VARIABLE IS REQUIRED BUT PROBABLY NOT USED
+      SECRET_SALT: NOT-a-secret-k49fjfkw73hjf9t87wjiw
+      SECURE_COOKIE: "false"
+      SHOW_SAML_ERRORS: "true"
+      SAML20_IDP_ENABLE: "false"
+      ADMIN_PROTECT_INDEX_PAGE: "false"
+      THEME_USE: default
 
   # the broker and brokerDb containers are used by the silauth module
   broker:

development/idp-local/config/authsources.php

@@ -43,6 +43,20 @@
             'mfa' => [
                 'prompt' => 'no',
             ],
+            'schacExpiryDate' => [
+                gmdate('YmdHis\Z', strtotime('+3 days')), // Soon but not tomorrow
+            ],
+        ],
+
+        // expirychecker test user whose password expires in one day
+        'next_day:a' => [
+            'eduPersonPrincipalName' => ['[email protected]'],
+            'eduPersonTargetID' => ['22888888-2222-2222-2222-222222222222'],
+            'sn' => ['Day'],
+            'givenName' => ['Next'],
+            'mail' => ['[email protected]'],
+            'employeeNumber' => ['22888'],
+            'cn' => ['NEXT_DAY'],
             'schacExpiryDate' => [
                 gmdate('YmdHis\Z', strtotime('+1 day')), // Very soon
             ],

development/idp3-local/metadata/saml20-sp-remote.php

@@ -14,13 +14,3 @@
 	'SingleLogoutService' => 'http://ssp-hub.local/module.php/sildisco/sp/saml2-logout.php/hub-discovery',
     'certData' => 'MIIDzzCCAregAwIBAgIJANuvVcQPANecMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE3MTIzMTEyWhcNMjYxMDE3MTIzMTEyWjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAimEkw4Teyf/gZelL7OuQYg/JbDIKHPXJhLPBm/HK6pM5ZZKydVXTdMgMqkl4xK+xZ2CnkozsUiMLhAuWBsX9Dcz1M4SkPRwk4puFhXzsp7fKIVP43zUhF7p2TmbernrrIQHjg6PuegKmCGyiKUpukcYvf2RXNwHwJx+Uq0zLP4PgBSrQ2t1eKZ1jQ+noBb1NqOuy969WRYmN4EmjXDuJB9d+b3GwtbZToWgiFxFjd/NN9BFJXZEaLzRj5LAq5bu2vPPDZDarHFMRUzVJ91eafoaz6zpR1iUGj9zR+y2sUPxD/fJMZ+4AHWA2LOrTBBIuuWbp96yvcJ4WjmlfhcFQIDAQABo1AwTjAdBgNVHQ4EFgQUkJFAMJdr2lXsuezS6pDXHnmJspMwHwYDVR0jBBgwFoAUkJFAMJdr2lXsuezS6pDXHnmJspMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOEPbchaUr45L5i+ueookevsABYnltwJZ4rYJbF9VURPcEhB6JxTMZqb4s113ftHvVYfoAfLYZ9swETaHL+esx41yAebf0kWpQ3f63S5F2FcrTj+HP0XsvW/EDrvaTKM9jnKPNmbXrpq06eaUZfkVL0TAUsxYTKkttTSTiESEzp5wzYyhp7l3kpHhEvGOlh5suYjnZ2HN0uxscCR6PS47H6TMMEZuG032DWDC016/JniWvERtpf4Yw26V+I9xevp2E2MPcZne31Pe3sCh4Wpe4cV/SCFqZHlpnH96ncz4F+KvmmhbEx5VPhQSJNFIWEvI86k+lTNQOqj6YVvGvq95LQ==',
 ];
-
-/*
- * IdP Hub for automated tests
- */
-$metadata['hub4tests'] = array(
-    'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
-	'AssertionConsumerService' => 'http://hub4tests/module.php/sildisco/sp/saml2-acs.php/hub-discovery',
-	'SingleLogoutService' => 'http://hub4tests/module.php/sildisco/sp/saml2-logout.php/hub-discovery',
-    'certData' => 'MIIDzzCCAregAwIBAgIJANuvVcQPANecMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGV2F4aGF3MQwwCgYDVQQKDANTSUwxDTALBgNVBAsMBEdUSVMxDjAMBgNVBAMMBVN0ZXZlMSQwIgYJKoZIhvcNAQkBFhVzdGV2ZV9iYWd3ZWxsQHNpbC5vcmcwHhcNMTYxMDE3MTIzMTEyWhcNMjYxMDE3MTIzMTEyWjB+MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBldheGhhdzEMMAoGA1UECgwDU0lMMQ0wCwYDVQQLDARHVElTMQ4wDAYDVQQDDAVTdGV2ZTEkMCIGCSqGSIb3DQEJARYVc3RldmVfYmFnd2VsbEBzaWwub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAimEkw4Teyf/gZelL7OuQYg/JbDIKHPXJhLPBm/HK6pM5ZZKydVXTdMgMqkl4xK+xZ2CnkozsUiMLhAuWBsX9Dcz1M4SkPRwk4puFhXzsp7fKIVP43zUhF7p2TmbernrrIQHjg6PuegKmCGyiKUpukcYvf2RXNwHwJx+Uq0zLP4PgBSrQ2t1eKZ1jQ+noBb1NqOuy969WRYmN4EmjXDuJB9d+b3GwtbZToWgiFxFjd/NN9BFJXZEaLzRj5LAq5bu2vPPDZDarHFMRUzVJ91eafoaz6zpR1iUGj9zR+y2sUPxD/fJMZ+4AHWA2LOrTBBIuuWbp96yvcJ4WjmlfhcFQIDAQABo1AwTjAdBgNVHQ4EFgQUkJFAMJdr2lXsuezS6pDXHnmJspMwHwYDVR0jBBgwFoAUkJFAMJdr2lXsuezS6pDXHnmJspMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOEPbchaUr45L5i+ueookevsABYnltwJZ4rYJbF9VURPcEhB6JxTMZqb4s113ftHvVYfoAfLYZ9swETaHL+esx41yAebf0kWpQ3f63S5F2FcrTj+HP0XsvW/EDrvaTKM9jnKPNmbXrpq06eaUZfkVL0TAUsxYTKkttTSTiESEzp5wzYyhp7l3kpHhEvGOlh5suYjnZ2HN0uxscCR6PS47H6TMMEZuG032DWDC016/JniWvERtpf4Yw26V+I9xevp2E2MPcZne31Pe3sCh4Wpe4cV/SCFqZHlpnH96ncz4F+KvmmhbEx5VPhQSJNFIWEvI86k+lTNQOqj6YVvGvq95LQ==',
-);

docker-compose.yml

@@ -31,16 +31,16 @@ services:
       - pwmanager.local
       - test-browser
     environment:
-      - MYSQL_HOST=db
-      - MYSQL_DATABASE=silauth
-      - MYSQL_USER=silauth
-      - MYSQL_PASSWORD=silauth
-      - COMPOSER_CACHE_DIR=/composer
-      - PROFILE_URL_FOR_TESTS=http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub
-      - ADMIN_EMAIL=[email protected]
-      - ADMIN_PASS=b
-      - SECRET_SALT=abc123
-      - IDP_NAME=x
+      MYSQL_HOST: db
+      MYSQL_DATABASE: silauth
+      MYSQL_USER: silauth
+      MYSQL_PASSWORD: silauth
+      COMPOSER_CACHE_DIR: /composer
+      PROFILE_URL_FOR_TESTS: http://pwmanager.local/module.php/core/authenticate.php?as=ssp-hub
+      ADMIN_EMAIL: [email protected]
+      ADMIN_PASS: b
+      SECRET_SALT: abc123
+      IDP_NAME: x
     volumes:
       - ./composer.json:/data/composer.json
       - ./composer.lock:/data/composer.lock
@@ -79,7 +79,7 @@ services:
     env_file:
       - ./local.env
     environment:
-      - COMPOSER_CACHE_DIR=/composer
+      COMPOSER_CACHE_DIR: /composer
 
   ssp-hub.local:
     build: .
@@ -342,13 +342,13 @@ services:
     env_file:
       - local.env
     environment:
-      - ADMIN_EMAIL=[email protected]
-      - ADMIN_PASS=sp3
-      - SECRET_SALT=h57fjemb&dn^nsJFGNjweJz3
-      - SECURE_COOKIE=false
-      - SHOW_SAML_ERRORS=true
-      - SAML20_IDP_ENABLE=false
-      - ADMIN_PROTECT_INDEX_PAGE=false
+      ADMIN_EMAIL: [email protected]
+      ADMIN_PASS: sp3
+      SECRET_SALT: h57fjemb&dn^nsJFGNjweJz3
+      SECURE_COOKIE: "false"
+      SHOW_SAML_ERRORS: "true"
+      SAML20_IDP_ENABLE: "false"
+      ADMIN_PROTECT_INDEX_PAGE: "false"
 
   pwmanager.local:
     image: silintl/ssp-base:develop
@@ -364,15 +364,15 @@ services:
     ports:
       - "8084:80"
     environment:
-      - ADMIN_EMAIL=[email protected]
-      - ADMIN_PASS=sp1
-      - IDP_NAME=THIS VARIABLE IS REQUIRED BUT PROBABLY NOT USED
-      - SECRET_SALT=NOT-a-secret-k49fjfkw73hjf9t87wjiw
-      - SECURE_COOKIE=false
-      - SHOW_SAML_ERRORS=true
-      - SAML20_IDP_ENABLE=false
-      - ADMIN_PROTECT_INDEX_PAGE=false
-      - THEME_USE=default
+      ADMIN_EMAIL: [email protected]
+      ADMIN_PASS: sp1
+      IDP_NAME: THIS VARIABLE IS REQUIRED BUT PROBABLY NOT USED
+      SECRET_SALT: NOT-a-secret-k49fjfkw73hjf9t87wjiw
+      SECURE_COOKIE: "false"
+      SHOW_SAML_ERRORS: "true"
+      SAML20_IDP_ENABLE: "false"
+      ADMIN_PROTECT_INDEX_PAGE: "false"
+      THEME_USE: material:material
 
   # the broker and brokerDb containers are used by the silauth module
   broker:
@@ -429,10 +429,10 @@ services:
     depends_on:
       - dynamo
     environment:
-      - AWS_ACCESS_KEY_ID=0
-      - AWS_SECRET_ACCESS_KEY=0
-      - AWS_DEFAULT_REGION=us-east-1
-      - AWS_DYNAMODB_ENDPOINT=http://dynamo:8000
+      AWS_ACCESS_KEY_ID: 0
+      AWS_SECRET_ACCESS_KEY: 0
+      AWS_DEFAULT_REGION: us-east-1
+      AWS_DYNAMODB_ENDPOINT: http://dynamo:8000
 
   node:
     image: node:lts-alpine

dockerbuild/run-idp.sh

@@ -1,17 +1,16 @@
 #!/usr/bin/env bash
 
-# Try to run database migrations
-cd /data/vendor/simplesamlphp/simplesamlphp/modules/silauth
-chmod a+x ./lib/Auth/Source/yii
+# echo script commands to stdout
+set -x
+
+# exit if any command fails
+set -e
 
-output=$(./lib/Auth/Source/yii migrate --interactive=0 2>&1)
+# Try to run database migrations
+cd /data/vendor/simplesamlphp/simplesamlphp/modules/silauth/lib/Auth/Source
+chmod a+x ./yii
 
-# If they failed, exit.
-rc=$?;
-if [[ $rc != 0 ]]; then
-    logger --priority user.err --stderr "Migrations failed with status ${rc} and output: ${output}"
-    exit $rc;
-fi
+./yii migrate --interactive=0
 
 cd /data
 ./run.sh

dockerbuild/run-integration-tests.sh

@@ -1,8 +1,11 @@
 #!/usr/bin/env bash
 
-set -e
+# echo script commands to stdout
 set -x
 
+# exit if any command fails
+set -e
+
 cd /data
 export COMPOSER_ALLOW_SUPERUSER=1; composer install
 

dockerbuild/run-metadata-tests.sh

@@ -1,8 +1,11 @@
 #!/usr/bin/env bash
 
-set -e
+# echo script commands to stdout
 set -x
 
+# exit if any command fails
+set -e
+
 cd /data
 export COMPOSER_ALLOW_SUPERUSER=1; composer install
 

dockerbuild/run-tests.sh

@@ -1,8 +1,11 @@
 #!/usr/bin/env bash
 
-set -e
+# echo script commands to stdout
 set -x
 
+# exit if any command fails
+set -e
+
 /data/run-metadata-tests.sh
 
 ./vendor/bin/phpunit -v tests/AnnouncementTest.php

dockerbuild/run.sh

@@ -1,5 +1,11 @@
 #!/usr/bin/env bash
 
+# echo script commands to stdout
+set -x
+
+# exit if any command fails
+set -e
+
 # This is a temporary fix (bug workaround) until ssp 2.0 is in use
 sed -i 's_\(\\SimpleSAML\\Error\\Assertion::installHandler()\)_// \1 _' /data/vendor/simplesamlphp/simplesamlphp/www/_include.php
 

docs/material_tests.md

@@ -54,9 +54,21 @@ See [Local Testing](../README.md#local-testing) for instructions to set up your
 
 ## Expiry functionality
 
-### About to expire page
+### About to expire page (expires in one day)
 
-_Note:  This nag only works once since choosing later will simply set the nag date into the future a little._
+_Note:  This nag only works once since choosing later will simply set the nag date into the future a little.
+If needed, use a new private/incognito browser window to retry.__
+
+1.  Goto [SP 1](http://ssp-sp1.local:8081/module.php/core/authenticate.php?as=ssp-hub-custom-port)
+1.  Click **idp2** (second one)
+1.  Login as an "about to expire" user: `username=`**next_day** `password=`**a**
+1.  Click **Later**
+1.  Click **Logout**
+
+### About to expire page (expires in three days)
+
+_Note:  This nag only works once since choosing later will simply set the nag date into the future a little.
+If needed, use a new private/incognito browser window to retry.__
 
 1.  Goto [SP 1](http://ssp-sp1.local:8081/module.php/core/authenticate.php?as=ssp-hub-custom-port)
 1.  Click **idp2** (second one)
@@ -115,6 +127,7 @@ _Note:  This nag only works once since choosing later will simply set the nag da
 1.  Goto [SP 1](http://ssp-sp1.local:8081/module.php/core/authenticate.php?as=ssp-hub-custom-port)
 1.  Click **idp4** (third one)
 1.  Login as a "totp" user: `username=`**has_totp** `password=`**a**
+1.  You should see the form to enter a totp code. 
 1.  Set up an app using this secret, `JVRXKYTMPBEVKXLS`
 1.  Enter code from app to verify
 1.  Click **Logout**