Skip to content
This repository was archived by the owner on Jun 25, 2024. It is now read-only.

Commit e2689af

Browse files
longrunningprocesslongrunningprocess
authored
Merge pull request #72 from silinternational/develop
new nags and helpful links
2 parents f741640 + 0912db7 commit e2689af

File tree

11 files changed

+220
-70
lines changed

11 files changed

+220
-70
lines changed

README.md

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,13 @@ If provided, an alert will be shown to the user filled with the content of that
103103
1. Click **idp2** (second one)
104104
1. Forgot password link should be visible
105105

106+
### Helpful links functionality
107+
108+
1. Goto [SP 1](http://ssp-sp1.local:8082/module.php/core/authenticate.php?as=hub-discovery)
109+
1. Click **idp4** (third one)
110+
1. Help link should be visible under login form
111+
1. Profile link should be visible under login form
112+
106113
### Expiry functionality
107114

108115
#### About to expire page
@@ -129,6 +136,19 @@ _Note: This nag only works once since choosing later will simply set the nag da
129136
1. Click **idp4** (third one)
130137
1. Login as an "unprotected" user: `username=`**nag_for_mfa** `password=`**a**
131138
1. The "learn more" link should be visible
139+
1. Click **Enable**
140+
1. Click your browser's back button
141+
1. Click **Remind me later**
142+
1. Click **Logout**
143+
144+
#### Nag about missing password recovery methods
145+
146+
1. Goto [SP 1](http://ssp-sp1.local:8082/module.php/core/authenticate.php?as=hub-discovery)
147+
1. Click **idp4** (third one)
148+
1. Login as a user without any methods: `username=`**nag_for_method** `password=`**a**
149+
1. Enter one of the following codes to verify (`94923279, 82743523, 77802769, 01970541, 37771076`)
150+
1. Click **Add**
151+
1. Click your browser's back button
132152
1. Click **Remind me later**
133153
1. Click **Logout**
134154

@@ -137,7 +157,6 @@ _Note: This nag only works once since choosing later will simply set the nag da
137157
1. Goto [SP 1](http://ssp-sp1.local:8082/module.php/core/authenticate.php?as=hub-discovery)
138158
1. Click **idp4** (third one)
139159
1. Login as an "unsafe" user: `username=`**must_set_up_mfa** `password=`**a**
140-
1. The "learn more" link should be visible
141160

142161
#### Backup code
143162

development/idp4/m991231_235959_insert_mfa_test_users.php

Lines changed: 20 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -9,14 +9,15 @@ class m991231_235959_insert_mfa_test_users extends Migration
99
public function safeUp()
1010
{
1111
$this->batchInsert('{{user}}',
12-
['id','uuid' ,'employee_id','first_name','last_name','username' ,'email' ,'active','locked','last_changed_utc' ,'last_synced_utc' ,'require_mfa','review_profile_after' ,'manager_email' ],[
13-
[ 1 ,'2b2d424e-8cb0-49c7-8c0b-7f660340f5fa','11111' ,'Not' ,'Needed' ,'nag_for_mfa' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::today() ,'[email protected]'],
14-
[ 2 ,'ef960c92-09fc-44f4-aadf-2d3aea6e0dbd','22222' ,'Must' ,'Have' ,'must_set_up_mfa','[email protected]','yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'yes' , MySqlDateTime::today() ,'[email protected]'],
15-
[ 3 ,'a42317a0-9a43-4da0-9921-50f004e011c0','33333' ,'Has' ,'Backup' ,'has_backupcode' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::today() ,'[email protected]'],
16-
[ 4 ,'7bab90d3-9f54-4187-804d-7f6400021789','44444' ,'Has' ,'Totp' ,'has_totp' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::today() ,'[email protected]'],
17-
[ 5 ,'6b614606-bbe8-4793-b0db-ca862295c661','55555' ,'Has' ,'U2f' ,'has_u2f' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::today() ,'[email protected]'],
18-
[ 6 ,'7c695eac-dbca-45d0-b3dc-2df2e1d2294c','77777' ,'Has' ,'All' ,'has_all' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::today() ,'[email protected]'],
19-
[ 7 ,'7c695eac-dbca-45d0-b3dc-123jkhf23bql','88888' ,'Review' ,'Needed' ,'needs_review' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::relative('-3 days'),'[email protected]'],
12+
['id','uuid' ,'employee_id','first_name','last_name','username' ,'email' ,'active','locked','last_changed_utc' ,'last_synced_utc' ,'require_mfa','review_profile_after' ,'nag_for_mfa_after' ,'nag_for_method_after' ,'manager_email' ],[
13+
[ 1 ,'2b2d424e-8cb0-49c7-8c0b-7f660340f5fa','11111' ,'No' ,'Mfas' ,'nag_for_mfa' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::today() , MySqlDateTime::relative('-1 days'), MySqlDateTime::today() ,'[email protected]'],
14+
[ 2 ,'ef960c92-09fc-44f4-aadf-2d3aea6e0dbd','22222' ,'Must' ,'Have' ,'must_set_up_mfa','[email protected]','yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'yes' , MySqlDateTime::today() , MySqlDateTime::today() , MySqlDateTime::today() ,'[email protected]'],
15+
[ 3 ,'a42317a0-9a43-4da0-9921-50f004e011c0','33333' ,'Has' ,'Backup' ,'has_backupcode' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::today() , MySqlDateTime::today() , MySqlDateTime::today() ,'[email protected]'],
16+
[ 4 ,'7bab90d3-9f54-4187-804d-7f6400021789','44444' ,'Has' ,'Totp' ,'has_totp' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::today() , MySqlDateTime::today() , MySqlDateTime::today() ,'[email protected]'],
17+
[ 5 ,'6b614606-bbe8-4793-b0db-ca862295c661','55555' ,'Has' ,'U2f' ,'has_u2f' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::today() , MySqlDateTime::today() , MySqlDateTime::today() ,'[email protected]'],
18+
[ 6 ,'7c695eac-dbca-45d0-b3dc-2df2e1d2294c','77777' ,'Has' ,'All' ,'has_all' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::today() , MySqlDateTime::today() , MySqlDateTime::today() ,'[email protected]'],
19+
[ 7 ,'7c695eac-dbca-45d0-b3dc-123jkhf23bql','88888' ,'Review' ,'Needed' ,'needs_review' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::relative('-3 days'), MySqlDateTime::today() , MySqlDateTime::today() ,'[email protected]'],
20+
[ 8 ,'7c695eac-dbca-45d0-b3dc-123jkhf23bbq','99999' ,'No' ,'Methods' ,'nag_for_method' ,'[email protected]' ,'yes' ,'no' , MySqlDateTime::now(), MySqlDateTime::now(),'no' , MySqlDateTime::today() , MySqlDateTime::today() , MySqlDateTime::relative('-1 days'),'[email protected]'],
2021
]);
2122

2223
$this->batchInsert('{{password}}',
@@ -28,6 +29,7 @@ public function safeUp()
2829
[ 5 , 5 ,'$2y$10$rKbAp0M8gewGpQKhD.U6qOSGDlMqKFkxK9tQZ15SZoieqYHYNsD/y', MySqlDateTime::now(), MySqlDateTime::relative('+1 year'), MySqlDateTime::relative('+1 year')],
2930
[ 6 , 6 ,'$2y$10$rKbAp0M8gewGpQKhD.U6qOSGDlMqKFkxK9tQZ15SZoieqYHYNsD/y', MySqlDateTime::now(), MySqlDateTime::relative('+1 year'), MySqlDateTime::relative('+1 year')],
3031
[ 7 , 7 ,'$2y$10$rKbAp0M8gewGpQKhD.U6qOSGDlMqKFkxK9tQZ15SZoieqYHYNsD/y', MySqlDateTime::now(), MySqlDateTime::relative('+1 year'), MySqlDateTime::relative('+1 year')],
32+
[ 8 , 8 ,'$2y$10$rKbAp0M8gewGpQKhD.U6qOSGDlMqKFkxK9tQZ15SZoieqYHYNsD/y', MySqlDateTime::now(), MySqlDateTime::relative('+1 year'), MySqlDateTime::relative('+1 year')],
3133
]);
3234

3335
$this->update('{{user}}', ['current_password_id' => 1], 'id=1');
@@ -37,10 +39,11 @@ public function safeUp()
3739
$this->update('{{user}}', ['current_password_id' => 5], 'id=5');
3840
$this->update('{{user}}', ['current_password_id' => 6], 'id=6');
3941
$this->update('{{user}}', ['current_password_id' => 7], 'id=7');
42+
$this->update('{{user}}', ['current_password_id' => 8], 'id=8');
4043

4144
//TODO: unfortunately, a real uuid that's been verified is required for testing at this time ...will discuss decoupling 2-factor config with authentication.
4245
$this->batchInsert('{{mfa}}',
43-
['id','user_id','type' ,'external_uuid' ,'label','verified','created_utc' ],[
46+
['id','user_id','type' ,'external_uuid' ,'label' ,'verified','created_utc' ],[
4447
[ 1 , 3 ,'backupcode',NULL ,'Printable Codes' , 1 , MySqlDateTime::now()],
4548
[ 2 , 4 ,'totp' ,'38764a89-b904-404e-a195-1ad2bcfabf75','Smartphone App' , 1 , MySqlDateTime::now()], // JVRXKYTMPBEVKXLS
4649
[ 3 , 5 ,'u2f' ,'6092a08c-b271-4971-996a-6577333a7b6d','Security Key' , 1 , MySqlDateTime::now()],
@@ -50,6 +53,7 @@ public function safeUp()
5053
[ 7 , 7 ,'backupcode',NULL ,'Printable Codes' , 1 , MySqlDateTime::now()],
5154
[ 8 , 7 ,'totp' ,'38764a89-b904-404e-a195-1ad2bcfabf75','Smartphone App' , 1 , MySqlDateTime::now()], // JVRXKYTMPBEVKXLS
5255
[ 9 , 7 ,'u2f' ,'6092a08c-b271-4971-996a-6577333a7b6d','Security Key' , 1 , MySqlDateTime::now()],
56+
[ 10 , 8 ,'backupcode',NULL ,'Printable Codes' , 1 , MySqlDateTime::now()],
5357
]);
5458

5559
$this->batchInsert('{{mfa_backupcode}}',
@@ -69,6 +73,11 @@ public function safeUp()
6973
[ 13 , 7 ,'$2y$10$rA5MdrbEcmbCiqtAgPXnYeBCEKc.AnylPArnamyu.x4DS/A0/0/4i', MySqlDateTime::now()], // 77802769
7074
[ 14 , 7 ,'$2y$10$JsiRI/W/FLfZzJLPj8umKeXP.rvsOW4aYQO5mOEOwGkBPpKhKWT2K', MySqlDateTime::now()], // 01970541
7175
[ 15 , 7 ,'$2y$10$NWw0.DPBSm.bjQoSck8xbeqJgENUhE/WazmHmsEtWoxs/UKaIdkUq', MySqlDateTime::now()], // 37771076
76+
[ 16 , 10 ,'$2y$10$j/V6zcotFES8MkVmgRaiMe2E6DV1qjmO8UhUoJQD0/.p6LhZddGn2', MySqlDateTime::now()], // 94923279
77+
[ 17 , 10 ,'$2y$10$If6srqyKGBag/x.nPDBeau9bjNR1RZgxqRVKhdRhJk2PkbOn5rKNS', MySqlDateTime::now()], // 82743523
78+
[ 18 , 10 ,'$2y$10$rA5MdrbEcmbCiqtAgPXnYeBCEKc.AnylPArnamyu.x4DS/A0/0/4i', MySqlDateTime::now()], // 77802769
79+
[ 19 , 10 ,'$2y$10$JsiRI/W/FLfZzJLPj8umKeXP.rvsOW4aYQO5mOEOwGkBPpKhKWT2K', MySqlDateTime::now()], // 01970541
80+
[ 20 , 10 ,'$2y$10$NWw0.DPBSm.bjQoSck8xbeqJgENUhE/WazmHmsEtWoxs/UKaIdkUq', MySqlDateTime::now()], // 37771076
7281
]);
7382

7483
$this->batchInsert('{{method}}',
@@ -89,15 +98,15 @@ public function safeDown()
8998
]);
9099

91100
$this->delete('{{password}}', [
92-
'user_id' => [1, 2, 3, 4, 5, 6, 7]
101+
'user_id' => [1, 2, 3, 4, 5, 6, 7, 8]
93102
]);
94103

95104
$this->delete('{{method}}', [
96105
'user_id' => [7]
97106
]);
98107

99108
$this->delete('{{user}}', [
100-
'id' => [1, 2, 3, 4, 5, 6, 7]
109+
'id' => [1, 2, 3, 4, 5, 6, 7, 8]
101110
]);
102111
}
103112
}

dictionaries/login.definition.json

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,5 +46,17 @@
4646
"es": "Logotipo de {idpName}",
4747
"fr": "Logo {idpName}",
4848
"ko": "{idpName} 로고"
49+
},
50+
"help": {
51+
"en": "I need help",
52+
"es": "necesito ayuda",
53+
"fr": "j'ai besoin d'aide",
54+
"ko": "도움이 필요해."
55+
},
56+
"profile": {
57+
"en": "Manage my profile",
58+
"es": "Administrar mi perfil",
59+
"fr": "Gérer mon profil",
60+
"ko": "내 프로필 관리"
4961
}
5062
}

dictionaries/mfa.definition.json

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -138,18 +138,6 @@
138138
"fr": "Icône de bouclier",
139139
"ko": "방패 아이콘"
140140
},
141-
"nag_header": {
142-
"en": "Protect yourself",
143-
"es": "Protéjase",
144-
"fr": "Protégez-vous",
145-
"ko": "자기 보호"
146-
},
147-
"nag_info": {
148-
"en": "Did you know you could easily increase the security of your identity account by enabling 2-Step Verification?",
149-
"es": "¿Sabía que podría aumentar fácilmente la seguridad de su cuenta de identidad al habilitar la verificación en dos pasos?",
150-
"fr": "Savez-vous que vous pouvez facilement augmenter la sécurité de votre compte d'identité en activant la vérification en deux étapes?",
151-
"ko": "2 단계 인증을 사용하여 신원 계정의 보안을 쉽게 높일 수 있다는 사실을 알고 계셨습니까?"
152-
},
153141
"required_header": {
154142
"en": "Protect this account",
155143
"es": "Protege esta cuenta",
@@ -282,12 +270,6 @@
282270
"fr": "Rappelez-moi plus tard",
283271
"ko": "추후 알림"
284272
},
285-
"button_learn_more": {
286-
"en": "Learn more",
287-
"es": "Aprende más",
288-
"fr": "Apprendre encore plus",
289-
"ko": "더 알아보기"
290-
},
291273
"button_enable": {
292274
"en": "Enable now",
293275
"es": "Habilite ahora",

dictionaries/nag.definition.json

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
2+
{
3+
"mfa_title": {
4+
"en": "2-Step Verification",
5+
"es": "Verificación en 2 pasos",
6+
"fr": "Vérification en deux étapes",
7+
"ko": "2 단계 인증"
8+
},
9+
"mfa_header": {
10+
"en": "2-Step Verification",
11+
"es": "Verificación en 2 pasos",
12+
"fr": "Vérification en deux étapes",
13+
"ko": "2 단계 인증"
14+
},
15+
"method_title": {
16+
"en": "Password recovery methods",
17+
"es": "Métodos de recuperación de contraseña",
18+
"fr": "Méthodes de récupération de mot de passe",
19+
"ko": "비밀번호 복구 방법"
20+
},
21+
"method_header": {
22+
"en": "Password recovery methods",
23+
"es": "Métodos de recuperación de contraseña",
24+
"fr": "Méthodes de récupération de mot de passe",
25+
"ko": "비밀번호 복구 방법"
26+
},
27+
"shield_icon": {
28+
"en": "Shield icon",
29+
"es": "Icono de escudo",
30+
"fr": "Icône de bouclier",
31+
"ko": "방패 아이콘"
32+
},
33+
"header": {
34+
"en": "Protect yourself",
35+
"es": "Protéjase",
36+
"fr": "Protégez-vous",
37+
"ko": "자기 보호"
38+
},
39+
"mfa_info": {
40+
"en": "Did you know you could easily increase the security of your identity account by enabling 2-Step Verification?",
41+
"es": "¿Sabía que podría aumentar fácilmente la seguridad de su cuenta de identidad al habilitar la verificación en dos pasos?",
42+
"fr": "Savez-vous que vous pouvez facilement augmenter la sécurité de votre compte d'identité en activant la vérification en deux étapes?",
43+
"ko": "2 단계 인증을 사용하여 신원 계정의 보안을 쉽게 높일 수 있다는 사실을 알고 계셨습니까?"
44+
},
45+
"method_info": {
46+
"en": "Do you forget your password sometimes? Did you know it is very easy to add an alternate email address for password recovery just in case?",
47+
"es": "¿Olvidas tu contraseña a veces? ¿Sabía que es muy fácil agregar una dirección de correo electrónico alternativa para recuperar la contraseña por si acaso?",
48+
"fr": "Avez-vous oublié votre mot de passe parfois? Saviez-vous qu'il est très facile d'ajouter une adresse électronique de remplacement pour la récupération du mot de passe au cas où?",
49+
"ko": "가끔 암호를 잊어 버리십니까? 혹시라도 비밀번호 복구를 위해 보조 이메일 주소를 추가하는 것이 매우 쉽다는 것을 알고 계셨습니까?"
50+
},
51+
"button_later": {
52+
"en": "Remind me later",
53+
"es": "Recuérdame más tarde",
54+
"fr": "Rappelez-moi plus tard",
55+
"ko": "추후 알림"
56+
},
57+
"button_learn_more": {
58+
"en": "Learn more",
59+
"es": "Aprende más",
60+
"fr": "Apprendre encore plus",
61+
"ko": "더 알아보기"
62+
},
63+
"button_enable": {
64+
"en": "Enable now",
65+
"es": "Habilite ahora",
66+
"fr": "Activer maintenant",
67+
"ko": "지금 사용"
68+
},
69+
"button_add": {
70+
"en": "Add one now",
71+
"es": "Agrega uno ahora",
72+
"fr": "Ajouter un maintenant",
73+
"ko": "지금 하나 추가"
74+
}
75+
}

docker-compose.yml

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -83,11 +83,11 @@ services:
8383
IDP_NAME: "idp-2"
8484
IDP_DISPLAY_NAME: "IdP 2"
8585
ANALYTICS_ID: "UA-XXXX-Y"
86-
PASSWORD_CHANGE_URL: "http://example.org"
87-
PASSWORD_FORGOT_URL: "http://example.org"
86+
PASSWORD_CHANGE_URL: "https://example.org/change"
87+
PASSWORD_FORGOT_URL: "https://example.org/forgot"
8888

89-
idp4: # used for mfa testing
90-
image: silintl/ssp-base:develop
89+
idp4: # used for mfa testing (as well as some helpful links)
90+
image: silintl/ssp-base:local-testing-with-develop-deps
9191
volumes:
9292
- ./development/cert:/data/vendor/simplesamlphp/simplesamlphp/cert
9393
- ./development/idp4/authsources.php:/data/vendor/simplesamlphp/simplesamlphp/config/authsources.php
@@ -126,6 +126,7 @@ services:
126126
ID_BROKER_BASE_URI: "http://broker"
127127
REMEMBER_ME_SECRET: "dummy"
128128
PROFILE_URL: "https://example.org/profile"
129+
HELP_CENTER_URL: "https://example.org/help"
129130
command: ["bash", "-c", "whenavail silAuthDb 3306 60 ./run-idp.sh"]
130131

131132
silAuthDb:

0 commit comments

Comments
 (0)