Merge branch 'release/1.4'

.gitignore

@@ -49,6 +49,7 @@ homestead/vendor
 /public/bundles/
 /var/
 /vendor/
+/drivers/
 ###< symfony/framework-bundle ###
 
 ###> symfony/webpack-encore-bundle ###

.travis.yml

@@ -6,11 +6,14 @@ addons:
   chrome: stable
 
   hosts:
-    - azure-mfa.stepup.example.com
+    - azuremfa.stepup.example.com
   apt:
+    sources:
+      - google-chrome
     packages:
       - cmake
       - apache2
+      - google-chrome-stable
 
 php:
   - 7.2
@@ -22,12 +25,15 @@ cache:
 before_script:
   # Update JS packages
   - curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash
-  - nvm install 10.22.0
+  - nvm install 14
   - curl --compressed -o- -L https://yarnpkg.com/install.sh | bash
   - export PATH="$HOME/.yarn/bin:$HOME/.config/yarn/global/node_modules/.bin:$PATH"
 
+  # Composer to latest 1.* version
+  - composer self-update --1
+
   # configure ssl
-  - sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/certs/azure-mfa.key -out /etc/ssl/certs/azure-mfa.crt -subj "/C=NL/ST=Netherlands/L=Amsterdam/O=TEST/CN=azure-mfa.stepup.example.com"
+  - sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/certs/azuremfa.key -out /etc/ssl/certs/azuremfa.crt -subj "/C=NL/ST=Netherlands/L=Amsterdam/O=TEST/CN=azuremfa.stepup.example.com"
   - sudo apt-get update
   - sudo apt-get install apache2 libapache2-mod-fastcgi
   - export PHP_VERSION=$(phpenv version-name)
@@ -57,20 +63,23 @@ before_script:
 
   # Install dependencies
   - composer install
-  - yarn install
+  - yarn install --frozen-lockfile
   - yarn encore dev
 
   # Install Chrome testing stack and update Symfony Panther Chrome drivers
   - CHROME_VERSION="$(google-chrome --version | grep -Eo '[0-9.]{10,20}' | grep -Eo '^[0-9]*')"
   - echo ${CHROME_VERSION}
-  - cd ./vendor/symfony/panther/chromedriver-bin && ./update.sh && cd ../../../../
+  # We use the chromedriver-bin from the apt repo now
+  #- cd ./vendor/symfony/panther/chromedriver-bin && ./update.sh && cd ../../../../
+  # Detect chrome drivers using dbrekelmans/bdi
+  - ./vendor/bin/bdi detect drivers
 
   # Check if everything runs properly
   - ps aux | grep php-fpm
   - netstat -an | grep :9000
   # Test if the website is actually running
-  - curl --insecure https://azure-mfa.stepup.example.com
-  - curl --insecure https://azure-mfa.stepup.example.com/fonts/FontAwesome.otf
+  - curl --insecure https://azuremfa.stepup.example.com
+  - curl --insecure https://azuremfa.stepup.example.com/fonts/FontAwesome.otf
 
 script:
   - composer test

CHANGELOG.md

@@ -1,3 +1,37 @@
+# 1.4.3
+**Features**
+- Secure the way the verifySignature method is used #73 
+- #73 includes a commit that replaces node-sass with vanilla js sass
+
+# 1.4.2
+- Add favicon
+- Update dependencies
+
+# 1.4.1
+- Disable unused fragments
+- Update dependencies
+- Add X-UA-Compatible header fix issues with embedded browsers
+
+# 1.4.0
+ - Use email address from GSSP saml extension, skip asking the user for his emailaddress
+
+# 1.3.3
+ - Fix client-side email validation
+ - Add monitoring endpoints /health and /info
+ - Update dependencies
+ - Update webpack-notifier and node-notifier
+
+# 1.3.2
+  - Case insensitive email check
+
+# 1.3.1
+ - Add placeholder to email registration
+ - Set focus on email-input in registration flow
+
+# 1.3.0
+ - Update dependencies
+ - Use bootstrap theme
+
 # 1.2.1
  - Add support for component_info in deploy
  - Security updates in dependencies

README.md

@@ -11,13 +11,13 @@ Locale user preference
 ----------------------
 
 The default locale is based on the user agent. When the user switches its locale the selected preference is stored inside a
-browser cookie (stepup_locale). The cookie is set on naked domain of the requested domain (for azure-mfa.stepup.example.com this is example.com).
+browser cookie (stepup_locale). The cookie is set on naked domain of the requested domain (for azuremfa.stepup.example.com this is example.com).
 
 Authentication and registration flows
 -------------------------------------
 
 The application provides internal (SpBundle) and a remote service provider. Instructions for this are given 
-on the homepage of this example project [Homepage](https://azure-mfa.stepup.example.com/app_dev.php/).
+on the homepage of this example project [Homepage](https://azuremfa.stepup.example.com/app_dev.php/).
 
 ![flow](docs/flow.png)
 <!---
@@ -106,7 +106,7 @@ for production
 
 If everything goes as planned you can go to:
 
-[https://azure-mfa.stepup.example.com](https://azure-mfa.stepup.example.com/app_dev.php)
+[https://azuremfa.stepup.example.com](https://azuremfa.stepup.example.com/app_dev.php)
 
 
 Configuring institutions using Azure MFA 

behat.yml

@@ -8,7 +8,7 @@ default:
                 bootstrap: tests/Functional/Features/bootstrap/bootstrap.php
                 class: Surfnet\AzureMfa\Infrastructure\Kernel
         Behat\MinkExtension:
-            base_url: https://azure-mfa.stepup.example.com
+            base_url: https://azuremfa.stepup.example.com
             default_session: 'symfony2'
             goutte:
                guzzle_parameters:

bin/console

@@ -3,29 +3,39 @@
 use Surfnet\AzureMfa\Infrastructure\Kernel;
 use Symfony\Bundle\FrameworkBundle\Console\Application;
 use Symfony\Component\Console\Input\ArgvInput;
-use Symfony\Component\Debug\Debug;
-if (false === in_array(\PHP_SAPI, ['cli', 'phpdbg', 'embed'], true)) {
-    echo 'Warning: The console should be invoked via the CLI version of PHP, not the '.\PHP_SAPI.' SAPI'.\PHP_EOL;
+use Symfony\Component\ErrorHandler\Debug;
+
+if (!in_array(PHP_SAPI, ['cli', 'phpdbg', 'embed'], true)) {
+    echo 'Warning: The console should be invoked via the CLI version of PHP, not the '.PHP_SAPI.' SAPI'.PHP_EOL;
 }
+
 set_time_limit(0);
+
 require dirname(__DIR__).'/vendor/autoload.php';
+
 if (!class_exists(Application::class)) {
-    throw new RuntimeException('You need to add "symfony/framework-bundle" as a Composer dependency.');
+    throw new LogicException('You need to add "symfony/framework-bundle" as a Composer dependency.');
 }
+
 $input = new ArgvInput();
 if (null !== $env = $input->getParameterOption(['--env', '-e'], null, true)) {
     putenv('APP_ENV='.$_SERVER['APP_ENV'] = $_ENV['APP_ENV'] = $env);
 }
+
 if ($input->hasParameterOption('--no-debug', true)) {
     putenv('APP_DEBUG='.$_SERVER['APP_DEBUG'] = $_ENV['APP_DEBUG'] = '0');
 }
+
 require dirname(__DIR__).'/config/bootstrap.php';
+
 if ($_SERVER['APP_DEBUG']) {
     umask(0000);
+
     if (class_exists(Debug::class)) {
         Debug::enable();
     }
 }
+
 $kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
 $application = new Application($kernel);
 $application->run($input);

component_info

@@ -2,4 +2,4 @@ PHP_VERSION=72
 SYMFONY_VERSION=4
 ENCORE=yes
 ASSETIC=no
-NODE_VERSION=12
+NODE_VERSION=14

composer.json

@@ -24,8 +24,8 @@
     "ext-zlib": "*",
     "sensio/framework-extra-bundle": "^5.4",
     "surfnet/stepup-bundle": "^4.1",
-    "surfnet/stepup-gssp-bundle": "^3.0",
-    "surfnet/stepup-saml-bundle": "^4.1.7",
+    "surfnet/stepup-gssp-bundle": "^4.0.1",
+    "surfnet/stepup-saml-bundle": "^4.2.1",
     "symfony/asset": "^4.3",
     "symfony/config": "4.4.*",
     "symfony/console": "4.4.*",
@@ -40,26 +40,27 @@
     "symfony/twig-bundle": "^4.3",
     "symfony/validator": "^4.3",
     "symfony/webpack-encore-bundle": "^1.6",
-    "symfony/yaml": "^4.3"
+    "symfony/yaml": "^4.3",
+    "openconext/monitor-bundle": "^2.1"
   },
   "require-dev": {
     "behat/mink": "^1.7",
     "behat/mink-browserkit-driver": "^1.3",
     "behat/mink-goutte-driver": "^1.2",
     "behat/symfony2-extension": "^2.1",
     "behatch/contexts": "^3.2",
+    "dbrekelmans/bdi": "^0.3.0",
     "jakub-onderka/php-parallel-lint": "~1",
     "malukenho/docheader": "^0",
     "mockery/mockery": "^1",
     "phpmd/phpmd": "~2",
     "phpunit/phpcov": "~6",
     "sebastian/phpcpd": "~4",
-    "sensiolabs/security-checker": "~6",
     "squizlabs/php_codesniffer": "~3",
     "symfony/browser-kit": "^4.3",
-    "symfony/css-selector": "^3",
+    "symfony/css-selector": "4.4.*",
     "symfony/maker-bundle": "~1",
-    "symfony/panther": "^0.7",
+    "symfony/panther": "^0.9",
     "symfony/profiler-pack": "~1",
     "symfony/test-pack": "^1.0"
   },
@@ -97,7 +98,7 @@
     "phpunit": "vendor/bin/phpunit",
     "behat": "vendor/bin/behat  --config behat.yml --tags '~@remote'",
     "security-tests": [
-      "vendor/bin/security-checker security:check",
+      "wget -q https://github.com/fabpot/local-php-security-checker/releases/download/v1.0.0/local-php-security-checker_1.0.0_linux_amd64 -O local-php-security-checker && chmod +x ./local-php-security-checker && ./local-php-security-checker",
       "yarn audit"
     ],
     "coverage": [