From acb42f2233999f43fbcfc0a142d7e9f3465c9ef9 Mon Sep 17 00:00:00 2001
From: Michiel Kodde <mkodde@ibuildings.nl>
Date: Thu, 18 Jan 2024 09:44:00 +0100
Subject: [PATCH] Use a Yubikey test double in test + smoketest envs

This now works around the actual yubikey api interaction. Passing every
input as a valid OTP. Be carefull! Use responsibile.

This feature is only enabled for test and smoketest.
---
 config/services_smoketest.yaml                | 34 +++++++++++++
 config/services_test.yaml                     |  8 +++-
 .../Authentication/Provider/SamlProvider.php  |  3 +-
 .../Service/YubikeySecondFactorService.php    |  8 +---
 .../YubikeySecondFactorServiceInterface.php   | 27 +++++++++++
 .../Service/YubikeySecondFactorService.php    | 48 +++++++++++++++++++
 6 files changed, 120 insertions(+), 8 deletions(-)
 create mode 100644 config/services_smoketest.yaml
 create mode 100644 src/Surfnet/StepupRa/RaBundle/Service/YubikeySecondFactorServiceInterface.php
 create mode 100644 src/Surfnet/StepupRa/RaBundle/Tests/TestDouble/Service/YubikeySecondFactorService.php

diff --git a/config/services_smoketest.yaml b/config/services_smoketest.yaml
new file mode 100644
index 00000000..c367af5c
--- /dev/null
+++ b/config/services_smoketest.yaml
@@ -0,0 +1,34 @@
+# Use this service definition file to override services and parameters in the test environment.
+# For example to mock certain services, or override a parameter for test.
+
+services:
+  surfnet_stepup.service.sms_second_factor:
+    class: Surfnet\StepupBundle\Tests\TestDouble\Service\SmsSecondFactorService
+    arguments:
+      - "@surfnet_stepup.service.challenge_handler"
+
+  ra.service.yubikey_second_factor:
+    public: true
+    class: Surfnet\StepupRa\RaBundle\Tests\TestDouble\Service\YubikeySecondFactorService
+    arguments:
+      - "@logger"
+
+
+  # The middleware client bundle guzzle client is overloaded to be able to pass the testcookie to the ensure MW is
+  # loaded in test mode. This way people setting the testcookie in prod will not switch their mw api into testmode
+  # resulting in 500 errors.
+  surfnet_stepup_middleware_client.guzzle.api:
+    public: false
+    class: GuzzleHttp\Client
+    factory: ['Surfnet\StepupRa\RaBundle\Tests\TestDouble\Factory\GuzzleApiFactory', createApiGuzzleClient]
+    arguments:
+    - "%middleware_url_api%"
+    - "%middleware_credentials_username%"
+    - "secret"
+
+  surfnet_stepup_middleware_client.guzzle.commands:
+    public: false
+    class: GuzzleHttp\Client
+    factory: ['Surfnet\StepupRa\RaBundle\Tests\TestDouble\Factory\GuzzleApiFactory', createCommandGuzzleClient]
+    arguments:
+    - "%middleware_url_command_api%"
diff --git a/config/services_test.yaml b/config/services_test.yaml
index 52d4225d..6443df8f 100644
--- a/config/services_test.yaml
+++ b/config/services_test.yaml
@@ -7,6 +7,12 @@ services:
     arguments:
       - "@surfnet_stepup.service.challenge_handler"
 
+  ra.service.yubikey_second_factor:
+    public: true
+    class: Surfnet\StepupRa\RaBundle\Tests\TestDouble\Service\YubikeySecondFactorService
+    arguments:
+      - "@logger"
+
   # The middleware client bundle guzzle client is overloaded to be able to pass the testcookie to the ensure MW is
   # loaded in test mode. This way people setting the testcookie in prod will not switch their mw api into testmode
   # resulting in 500 errors.
@@ -24,4 +30,4 @@ services:
     class: GuzzleHttp\Client
     factory: ['Surfnet\StepupRa\RaBundle\Tests\TestDouble\Factory\GuzzleApiFactory', createCommandGuzzleClient]
     arguments:
-    - "%middleware_url_command_api%"
\ No newline at end of file
+    - "%middleware_url_command_api%"
diff --git a/src/Surfnet/StepupRa/RaBundle/Security/Authentication/Provider/SamlProvider.php b/src/Surfnet/StepupRa/RaBundle/Security/Authentication/Provider/SamlProvider.php
index 37610a30..ceae7b65 100644
--- a/src/Surfnet/StepupRa/RaBundle/Security/Authentication/Provider/SamlProvider.php
+++ b/src/Surfnet/StepupRa/RaBundle/Security/Authentication/Provider/SamlProvider.php
@@ -127,6 +127,7 @@ private function getSingleStringValue($attribute, AssertionAdapter $translatedAs
         $values = $translatedAssertion->getAttributeValue($attribute);
 
         if (empty($values)) {
+            // Moved to Stepup-bundle (6.0)
             throw new MissingRequiredAttributeException(
                 sprintf(
                     'Missing a required SAML attribute. This application requires the "%s" attribute to function.',
@@ -154,7 +155,7 @@ private function getSingleStringValue($attribute, AssertionAdapter $translatedAs
             );
 
             $this->logger->warning($message);
-
+            // Moved to Stepup-bundle (6.0)
             throw new MissingRequiredAttributeException($message);
         }
 
diff --git a/src/Surfnet/StepupRa/RaBundle/Service/YubikeySecondFactorService.php b/src/Surfnet/StepupRa/RaBundle/Service/YubikeySecondFactorService.php
index 63620e27..8bd60467 100644
--- a/src/Surfnet/StepupRa/RaBundle/Service/YubikeySecondFactorService.php
+++ b/src/Surfnet/StepupRa/RaBundle/Service/YubikeySecondFactorService.php
@@ -25,7 +25,7 @@
 use Surfnet\StepupRa\RaBundle\Command\VerifyYubikeyPublicIdCommand;
 use Surfnet\StepupRa\RaBundle\Service\YubikeySecondFactor\VerificationResult;
 
-class YubikeySecondFactorService
+class YubikeySecondFactorService implements YubikeySecondFactorServiceInterface
 {
     /**
      * @var YubikeyService
@@ -47,11 +47,7 @@ public function __construct(YubikeyService $yubikeyService, LoggerInterface $log
         $this->logger = $logger;
     }
 
-    /**
-     * @param VerifyYubikeyPublicIdCommand $command
-     * @return VerificationResult
-     */
-    public function verifyYubikeyPublicId(VerifyYubikeyPublicIdCommand $command)
+    public function verifyYubikeyPublicId(VerifyYubikeyPublicIdCommand $command): VerificationResult
     {
         $verifyOtpCommand = new VerifyYubikeyOtpCommand();
         $verifyOtpCommand->otp = $command->otp;
diff --git a/src/Surfnet/StepupRa/RaBundle/Service/YubikeySecondFactorServiceInterface.php b/src/Surfnet/StepupRa/RaBundle/Service/YubikeySecondFactorServiceInterface.php
new file mode 100644
index 00000000..7bf0ca9a
--- /dev/null
+++ b/src/Surfnet/StepupRa/RaBundle/Service/YubikeySecondFactorServiceInterface.php
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * Copyright 2024 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupRa\RaBundle\Service;
+
+use Surfnet\StepupRa\RaBundle\Command\VerifyYubikeyPublicIdCommand;
+use Surfnet\StepupRa\RaBundle\Service\YubikeySecondFactor\VerificationResult;
+
+interface YubikeySecondFactorServiceInterface
+{
+    public function verifyYubikeyPublicId(VerifyYubikeyPublicIdCommand $command): VerificationResult;
+}
diff --git a/src/Surfnet/StepupRa/RaBundle/Tests/TestDouble/Service/YubikeySecondFactorService.php b/src/Surfnet/StepupRa/RaBundle/Tests/TestDouble/Service/YubikeySecondFactorService.php
new file mode 100644
index 00000000..c1ee6c29
--- /dev/null
+++ b/src/Surfnet/StepupRa/RaBundle/Tests/TestDouble/Service/YubikeySecondFactorService.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * Copyright 2024 SURFnet bv
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Surfnet\StepupRa\RaBundle\Tests\TestDouble\Service;
+
+use GuzzleHttp\Client;
+use GuzzleHttp\Cookie\CookieJar;
+use Psr\Log\LoggerInterface;
+use Surfnet\StepupBundle\Value\YubikeyOtp;
+use Surfnet\StepupBundle\Value\YubikeyPublicId;
+use Surfnet\StepupRa\RaBundle\Command\VerifyYubikeyOtpCommand;
+use Surfnet\StepupRa\RaBundle\Command\VerifyYubikeyPublicIdCommand;
+use Surfnet\StepupRa\RaBundle\Service\YubikeySecondFactor\VerificationResult;
+use Surfnet\StepupRa\RaBundle\Service\YubikeySecondFactorServiceInterface;
+
+class YubikeySecondFactorService implements YubikeySecondFactorServiceInterface
+{
+    private $logger;
+    public function __construct(LoggerInterface $logger)
+    {
+        $this->logger = $logger;
+    }
+
+    public function verifyYubikeyPublicId(VerifyYubikeyPublicIdCommand $command): VerificationResult
+    {
+        $this->logger->critical(
+            'Using the TestDouble yubikey YubikeySecondFactorService::verifyYubikeyPublicId method. '.
+            'Always returns a positive result. Be careful, only to use this during test or development!'
+        );
+        $publicId = new YubikeyPublicId('09999999');
+        return new VerificationResult(VerificationResult::RESULT_PUBLIC_ID_MATCHED, $publicId);
+    }
+}