silinternational · briskt · Jun 25, 2024 · Jun 19, 2024 · Jun 19, 2024 · Jun 19, 2024
diff --git a/actions-services.yml b/actions-services.yml
@@ -166,7 +166,7 @@ services:
       IDP_NAME: "IdP3"
 
   ssp-sp1.local:
-    build: .
+    image: silintl/ssp-base:9.3.0
     volumes:
       # Utilize custom certs
       - ./development/sp-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
@@ -180,15 +180,17 @@ services:
       # Enable checking our test metadata
       - ./dockerbuild/run-metadata-tests.sh:/data/run-metadata-tests.sh
     environment:
+      ADMIN_EMAIL: "[email protected]"
       ADMIN_PASS: "sp1"
       IDP_NAME: "NA"
       SECRET_SALT: "not-secret-h57fjemb&dn^nsJFGNjweJz1"
       SECURE_COOKIE: "false"
       SHOW_SAML_ERRORS: "true"
       SAML20_IDP_ENABLE: "false"
+      ADMIN_PROTECT_INDEX_PAGE: "false"
 
   ssp-sp2.local:
-    build: .
+    image: silintl/ssp-base:9.3.0
     volumes:
       # Utilize custom certs
       - ./development/sp2-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
@@ -200,15 +202,17 @@ services:
       - ./development/sp2-local/metadata/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
 
     environment:
+      ADMIN_EMAIL: "[email protected]"
       ADMIN_PASS: sp2
       IDP_NAME: "NA"
       SECRET_SALT: h57fjemb&dn^nsJFGNjweJz2
       SECURE_COOKIE: "false"
       SHOW_SAML_ERRORS: "true"
       SAML20_IDP_ENABLE: "false"
+      ADMIN_PROTECT_INDEX_PAGE: "false"
 
   ssp-sp3.local:
-    build: .
+    image: silintl/ssp-base:9.3.0
     volumes:
       # Utilize custom certs
       - ./development/sp3-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
@@ -220,16 +224,18 @@ services:
       - ./development/sp3-local/metadata/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
 
     environment:
+      ADMIN_EMAIL: "[email protected]"
       ADMIN_PASS: sp3
       IDP_NAME: "NA"
       SECRET_SALT: h57fjemb&dn^nsJFGNjweJz3
       SECURE_COOKIE: "false"
       SHOW_SAML_ERRORS: "true"
       SAML20_IDP_ENABLE: "false"
+      ADMIN_PROTECT_INDEX_PAGE: "false"
 
 
   pwmanager.local:
-    image: silintl/ssp-base:develop
+    image: silintl/ssp-base:9.3.0
     volumes:
       # Utilize custom certs
       - ./development/sp-local/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
@@ -240,12 +246,14 @@ services:
       # Utilize custom metadata
       - ./development/sp-local/metadata/saml20-idp-remote.php:/data/vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
     environment:
+      ADMIN_EMAIL: "[email protected]"
       ADMIN_PASS: sp1
       IDP_NAME: THIS VARIABLE IS REQUIRED BUT PROBABLY NOT USED
       SECRET_SALT: NOT-a-secret-k49fjfkw73hjf9t87wjiw
       SECURE_COOKIE: "false"
       SHOW_SAML_ERRORS: "true"
       SAML20_IDP_ENABLE: "false"
+      ADMIN_PROTECT_INDEX_PAGE: "false"
 
   # the broker and brokerDb containers are used by the silauth module
   broker:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -342,12 +342,14 @@ services:
     ports:
       - "8084:80"
     environment:
+      ADMIN_EMAIL: "[email protected]"
       ADMIN_PASS: sp1
       IDP_NAME: THIS VARIABLE IS REQUIRED BUT PROBABLY NOT USED
       SECRET_SALT: NOT-a-secret-k49fjfkw73hjf9t87wjiw
       SECURE_COOKIE: "false"
       SHOW_SAML_ERRORS: "true"
       SAML20_IDP_ENABLE: "false"
+      ADMIN_PROTECT_INDEX_PAGE: "false"
 
   # the broker and brokerDb containers are used by the silauth module
   broker:

diff --git a/features/bootstrap/ExpiryContext.php b/features/bootstrap/ExpiryContext.php
@@ -152,7 +152,7 @@ public function iProvideCredentialsThatHaveNoPasswordExpirationDate()
     public function iShouldSeeAnErrorMessage()
     {
         $page = $this->session->getPage();
-        Assert::assertContains('An error occurred', $page->getHtml());
+        Assert::assertContains('We could not understand the expiration date', $page->getHtml());
     }
 
     /**

diff --git a/features/bootstrap/FeatureContext.php b/features/bootstrap/FeatureContext.php
@@ -15,9 +15,9 @@
 
 class FeatureContext extends MinkContext
 {
-    private const HUB_BAD_AUTH_SOURCE_URL = 'http://ssp-hub.local/module.php/core/authenticate.php?as=wrong';
-    private const HUB_DISCO_URL = 'http://ssp-hub.local/module.php/core/authenticate.php?as=hub-discovery';
-    private const HUB_HOME_URL = 'http://ssp-hub.local';
+    private const HUB_BAD_AUTH_SOURCE_URL = 'http://ssp-hub.local/module.php/admin/test/wrong';
+    private const HUB_DISCO_URL = 'http://ssp-hub.local/module.php/admin/test/hub-discovery';
+    private const HUB_ADMIN_URL = 'http://ssp-hub.local/admin';
     protected const SP1_LOGIN_PAGE = 'http://ssp-sp1.local/module.php/core/authenticate.php?as=ssp-hub';
     protected const SP2_LOGIN_PAGE = 'http://ssp-sp2.local/module.php/core/authenticate.php?as=ssp-hub';
     protected const SP3_LOGIN_PAGE = 'http://ssp-sp3.local/module.php/core/authenticate.php?as=ssp-hub';
@@ -97,7 +97,7 @@ public function iShouldSeeOurMaterialTheme()
      */
     public function iGoToTheHubsHomePage()
     {
-        $this->visit(self::HUB_HOME_URL);
+        $this->visit(self::HUB_ADMIN_URL);
     }
 
     /**

diff --git a/features/material.feature b/features/material.feature
@@ -1,30 +1,30 @@
 Feature: Material theme
-  
+
   Scenario: Hub (disco) page
     When I go to the Hub's discovery page
+      And I log in as a hub administrator
     Then I should see our material theme
-  
+
   Scenario: Error page
     When I go to the Hub but specify an invalid authentication source
-    Then I should see an "Error" page
-      And I should see our material theme
-
-  Scenario: Logout page
-    When I go to the Hub's home page
-      And I click on "Authentication"
-      And I click on "Test configured authentication sources"
-      And I click on "admin"
       And I log in as a hub administrator
-      And I click on "Logout"
-    Then I should see a "Logged out" page
+    Then I should see an "Error" page
       And I should see our material theme
 
-  Scenario: Login page
-    When I go to the SP1 login page
-      And I click on the "IDP 2" tile
-    Then I should see a "Login with your IDP 2 identity" page
-      And I should see our material theme
+    # TODO: if this is really used, fix it. If not, delete the test, the template, and the translation file.
+#  Scenario: Logout page
+#    When I go to the Hub's home page
+#      And I click on "Authentication"
+#      And I click on "Test configured authentication sources"
+#      And I click on "admin"
+#      And I log in as a hub administrator
+#      And I click on "Logout"
+#    Then I should see a "Logged out" page
+#      And I should see our material theme
 
-  Scenario: Forgot password link
-
-  Scenario: Help and profile links
+  # FIXME: this feature is especially difficult to fix because the core controller doesn't provide the IdP name.
+#  Scenario: Login page
+#    When I go to the SP1 login page
+#      And I click on the "IDP 2" tile
+#    Then I should see a "Login with your IDP 2 identity" page
+#      And I should see our material theme
diff --git a/modules/expirychecker/public/expired.php b/modules/expirychecker/public/expired.php
@@ -18,21 +18,21 @@
 $state = State::loadState($stateId, 'expirychecker:expired');
 
 if (array_key_exists('changepwd', $_REQUEST)) {
-    
+
     /* Now that they've clicked change-password, skip the splash pages very
      * briefly, to let the user get to the change-password website.  */
     ExpiryDate::skipSplashPagesFor(60); // 60 seconds = 1 minute
-    
+
     // The user has pressed the change-password button.
     $passwordChangeUrl = $state['passwordChangeUrl'];
-    
+
     // Add the original url as a parameter
     if (array_key_exists('saml:RelayState', $state)) {
         $stateId = State::saveState(
             $state,
             'expirychecker:about2expire'
         );
-      
+
         $returnTo = Utilities::getUrlFromRelayState(
             $state['saml:RelayState']
         );
@@ -47,11 +47,11 @@
 
 $globalConfig = Configuration::getInstance();
 
-$t = new Template($globalConfig, 'expirychecker:expired.php');
+$t = new Template($globalConfig, 'expirychecker:expired');
 $t->data['formTarget'] = Module::getModuleURL('expirychecker/expired.php');
 $t->data['formData'] = ['StateId' => $stateId];
 $t->data['expiresAtTimestamp'] = $state['expiresAtTimestamp'];
 $t->data['accountName'] = $state['accountName'];
-$t->show();
+$t->send();
 
 Logger::info('expirychecker - User has been told that their password has expired.');
diff --git a/modules/material/dictionaries/error.definition.json b/modules/material/dictionaries/error.definition.json
diff --git a/modules/material/themes/material/default/error.php b/modules/material/themes/material/default/error.php
diff --git a/modules/material/themes/material/default/error.twig b/modules/material/themes/material/default/error.twig
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html lang="{{ currentLanguage }}">
+  <head>
+    <title>{{ '{error:title}'|trans }}</title>
+
+    {% include 'header.twig' %}
+  </head>
+  <body>
+    <div class="mdl-layout mdl-layout--fixed-header fill-viewport">
+      <header class="mdl-layout__header mdl-color--red">
+        <div class="mdl-layout__header-row">
+          <span class="mdl-layout-title">
+            {{ '{error:header}'|trans }}
+          </span>
+        </div>
+      </header>
+
+      <main class="mdl-layout__content margin" layout-children="column">
+        <p>
+          {{ '{error:message}'|trans }}
+        </p>
+
+        {% if showerrors ?? false %}
+          <p class="mdl-typography--body-2">
+            {{ error.exceptionMsg|e }}
+          </p>
+
+          <pre class="mdl-typography--caption">
+            {{ error.exceptionTrace|e }}
+          </pre>
+        {% endif %}
+      </main>
+
+      {% include 'footer.twig' %}
+    </div>
+  </body>
+</html>
diff --git a/modules/material/themes/material/expirychecker/expired.php b/modules/material/themes/material/expirychecker/expired.php
diff --git a/modules/material/themes/material/expirychecker/expired.twig b/modules/material/themes/material/expirychecker/expired.twig
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html lang="{{ currentLanguage }}">
+<head>
+  <title>{{ '{expired:title}'|trans }}</title>
+
+  {% include 'header.twig' %}
+</head>
+<body>
+<div class="mdl-layout mdl-layout--fixed-header fill-viewport">
+  <header class="mdl-layout__header mdl-color--red">
+    <div class="mdl-layout__header-row">
+        <span class="mdl-layout-title">
+            {{ '{expired:header}'|trans }}
+        </span>
+    </div>
+  </header>
+  <main class="mdl-layout__content" layout-children="column">
+    <form layout-children="column">
+      {% for name, value in formData %}
+        <input type="hidden" name="{{ name|e }}" value="{{ value|e }}">
+      {% endfor %}
+
+      <p class="mdl-typography--title margin">
+        {{ '{expired:expired}'|trans }}
+      </p>
+
+      <button name="changepwd" type="submit" class="mdl-button mdl-button--raised mdl-button--primary">
+        {{ '{expired:button_change}'|trans }}
+      </button>
+    </form>
+  </main>
+
+  {% include 'footer.twig' %}
+</div>
+</body>
+</html>