Use a Yubikey test double in test + smoketest envs

This now works around the actual yubikey api interaction. Passing every input as a valid OTP. Be carefull! Use responsibile. This feature is only enabled for test and smoketest.
OpenConext · Jan 18, 2024 · 991dd95 · 991dd95
1 parent 9b3d31a
commit 991dd95
Show file tree

Hide file tree

Showing 7 changed files with 129 additions and 17 deletions.
diff --git a/config/services_smoketest.yaml b/config/services_smoketest.yaml
@@ -0,0 +1,34 @@
+# Use this service definition file to override services and parameters in the test environment.
+# For example to mock certain services, or override a parameter for test.
+
+services:
+  surfnet_stepup.service.sms_second_factor:
+    class: Surfnet\StepupBundle\Tests\TestDouble\Service\SmsSecondFactorService
+    arguments:
+      - "@surfnet_stepup.service.challenge_handler"
+
+  ra.service.yubikey_second_factor:
+    public: true
+    class: Surfnet\StepupRa\RaBundle\Tests\TestDouble\Service\YubikeySecondFactorService
+    arguments:
+      - "@logger"
+
+
+  # The middleware client bundle guzzle client is overloaded to be able to pass the testcookie to the ensure MW is
+  # loaded in test mode. This way people setting the testcookie in prod will not switch their mw api into testmode
+  # resulting in 500 errors.
+  surfnet_stepup_middleware_client.guzzle.api:
+    public: false
+    class: GuzzleHttp\Client
+    factory: ['Surfnet\StepupRa\RaBundle\Tests\TestDouble\Factory\GuzzleApiFactory', createApiGuzzleClient]
+    arguments:
+    - "%middleware_url_api%"
+    - "%middleware_credentials_username%"
+    - "secret"
+
+  surfnet_stepup_middleware_client.guzzle.commands:
+    public: false
+    class: GuzzleHttp\Client
+    factory: ['Surfnet\StepupRa\RaBundle\Tests\TestDouble\Factory\GuzzleApiFactory', createCommandGuzzleClient]
+    arguments:
+    - "%middleware_url_command_api%"
diff --git a/config/services_test.yaml b/config/services_test.yaml
@@ -7,6 +7,12 @@ services:
     arguments:
       - "@surfnet_stepup.service.challenge_handler"
 
+  ra.service.yubikey_second_factor:
+    public: true
+    class: Surfnet\StepupRa\RaBundle\Tests\TestDouble\Service\YubikeySecondFactorService
+    arguments:
+      - "@logger"
+
   # The middleware client bundle guzzle client is overloaded to be able to pass the testcookie to the ensure MW is
   # loaded in test mode. This way people setting the testcookie in prod will not switch their mw api into testmode
   # resulting in 500 errors.
@@ -24,4 +30,4 @@ services:
     class: GuzzleHttp\Client
     factory: ['Surfnet\StepupRa\RaBundle\Tests\TestDouble\Factory\GuzzleApiFactory', createCommandGuzzleClient]
     arguments:
-    - "%middleware_url_command_api%"
+    - "%middleware_url_command_api%"
diff --git a/src/Surfnet/StepupRa/RaBundle/Security/Authentication/Provider/SamlProvider.php b/src/Surfnet/StepupRa/RaBundle/Security/Authentication/Provider/SamlProvider.php
@@ -127,6 +127,7 @@ private function getSingleStringValue($attribute, AssertionAdapter $translatedAs
         $values = $translatedAssertion->getAttributeValue($attribute);
 
         if (empty($values)) {
+            // Moved to Stepup-bundle (6.0)
             throw new MissingRequiredAttributeException(
                 sprintf(
                     'Missing a required SAML attribute. This application requires the "%s" attribute to function.',
@@ -154,7 +155,7 @@ private function getSingleStringValue($attribute, AssertionAdapter $translatedAs
             );
 
             $this->logger->warning($message);
-
+            // Moved to Stepup-bundle (6.0)
             throw new MissingRequiredAttributeException($message);
         }
 

diff --git a/src/Surfnet/StepupRa/RaBundle/Service/VettingService.php b/src/Surfnet/StepupRa/RaBundle/Service/VettingService.php
@@ -53,42 +53,42 @@ class VettingService
         'Surfnet\Stepup\Exception\DomainException: Cannot vet second factor, the registration window is closed.';
 
     /**
-     * @var \Surfnet\StepupBundle\Service\SmsSecondFactorServiceInterface
+     * @var SmsSecondFactorServiceInterface
      */
     private $smsSecondFactorService;
 
     /**
-     * @var \Surfnet\StepupRa\RaBundle\Service\YubikeySecondFactorService
+     * @var YubikeySecondFactorServiceInterface
      */
     private $yubikeySecondFactorService;
 
     /**
-     * @var \Surfnet\StepupRa\RaBundle\Service\GssfService
+     * @var GssfService
      */
     private $gssfService;
 
     /**
-     * @var \Surfnet\StepupRa\RaBundle\Service\CommandService
+     * @var CommandService
      */
     private $commandService;
 
     /**
-     * @var \Surfnet\StepupRa\RaBundle\Repository\VettingProcedureRepository
+     * @var VettingProcedureRepository
      */
     private $vettingProcedureRepository;
 
     /**
-     * @var \Symfony\Component\Translation\TranslatorInterface
+     * @var TranslatorInterface
      */
     private $translator;
 
     /**
-     * @var \Surfnet\StepupRa\RaBundle\Service\IdentityService
+     * @var IdentityService
      */
     private $identityService;
 
     /**
-     * @var \Surfnet\StepupBundle\Service\SecondFactorTypeService
+     * @var SecondFactorTypeService
      */
     private $secondFactorTypeService;
 
@@ -102,7 +102,7 @@ class VettingService
      */
     public function __construct(
         SmsSecondFactorServiceInterface $smsSecondFactorService,
-        YubikeySecondFactorService $yubikeySecondFactorService,
+        YubikeySecondFactorServiceInterface $yubikeySecondFactorService,
         GssfService $gssfService,
         CommandService $commandService,
         VettingProcedureRepository $vettingProcedureRepository,

diff --git a/src/Surfnet/StepupRa/RaBundle/Service/YubikeySecondFactorService.php b/src/Surfnet/StepupRa/RaBundle/Service/YubikeySecondFactorService.php
@@ -25,7 +25,7 @@
 use Surfnet\StepupRa\RaBundle\Command\VerifyYubikeyPublicIdCommand;
 use Surfnet\StepupRa\RaBundle\Service\YubikeySecondFactor\VerificationResult;
 
-class YubikeySecondFactorService
+class YubikeySecondFactorService implements YubikeySecondFactorServiceInterface
 {
     /**
      * @var YubikeyService
@@ -47,11 +47,7 @@ public function __construct(YubikeyService $yubikeyService, LoggerInterface $log
         $this->logger = $logger;
     }
 
-    /**
-     * @param VerifyYubikeyPublicIdCommand $command
-     * @return VerificationResult
-     */
-    public function verifyYubikeyPublicId(VerifyYubikeyPublicIdCommand $command)
+    public function verifyYubikeyPublicId(VerifyYubikeyPublicIdCommand $command): VerificationResult
     {
         $verifyOtpCommand = new VerifyYubikeyOtpCommand();
         $verifyOtpCommand->otp = $command->otp;

diff --git a/src/Surfnet/StepupRa/RaBundle/Service/YubikeySecondFactorServiceInterface.php b/src/Surfnet/StepupRa/RaBundle/Service/YubikeySecondFactorServiceInterface.php
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * Copyright 2024 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupRa\RaBundle\Service;
+
+use Surfnet\StepupRa\RaBundle\Command\VerifyYubikeyPublicIdCommand;
+use Surfnet\StepupRa\RaBundle\Service\YubikeySecondFactor\VerificationResult;
+
+interface YubikeySecondFactorServiceInterface
+{
+    public function verifyYubikeyPublicId(VerifyYubikeyPublicIdCommand $command): VerificationResult;
+}
diff --git a/src/Surfnet/StepupRa/RaBundle/Tests/TestDouble/Service/YubikeySecondFactorService.php b/src/Surfnet/StepupRa/RaBundle/Tests/TestDouble/Service/YubikeySecondFactorService.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * Copyright 2024 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupRa\RaBundle\Tests\TestDouble\Service;
+
+use GuzzleHttp\Client;
+use GuzzleHttp\Cookie\CookieJar;
+use Psr\Log\LoggerInterface;
+use Surfnet\StepupBundle\Value\YubikeyOtp;
+use Surfnet\StepupBundle\Value\YubikeyPublicId;
+use Surfnet\StepupRa\RaBundle\Command\VerifyYubikeyOtpCommand;
+use Surfnet\StepupRa\RaBundle\Command\VerifyYubikeyPublicIdCommand;
+use Surfnet\StepupRa\RaBundle\Service\YubikeySecondFactor\VerificationResult;
+use Surfnet\StepupRa\RaBundle\Service\YubikeySecondFactorServiceInterface;
+
+class YubikeySecondFactorService implements YubikeySecondFactorServiceInterface
+{
+    private $logger;
+    public function __construct(LoggerInterface $logger)
+    {
+        $this->logger = $logger;
+    }
+
+    public function verifyYubikeyPublicId(VerifyYubikeyPublicIdCommand $command): VerificationResult
+    {
+        $this->logger->critical(
+            'Using the TestDouble yubikey YubikeySecondFactorService::verifyYubikeyPublicId method. '.
+            'Always returns a positive result. Be careful, only to use this during test or development!'
+        );
+        $publicId = new YubikeyPublicId('09999999');
+        return new VerificationResult(VerificationResult::RESULT_PUBLIC_ID_MATCHED, $publicId);
+    }
+}