WIP coverage

Author: cicnavi

src/Controllers/Admin/ClientController.php

@@ -121,7 +121,7 @@ public function resetSecret(Request $request): Response
         $this->logger->info($message, $client->getState());
         $this->sessionMessagesService->addMessage($message);
 
-        return $this->routes->getRedirectResponseToModuleUrl(
+        return $this->routes->newRedirectResponseToModuleUrl(
             RoutesEnum::AdminClientsShow->value,
             [ParametersEnum::ClientId->value => $client->getIdentifier()],
         );
@@ -148,7 +148,7 @@ public function delete(Request $request): Response
         $this->logger->warning($message, $client->getState());
         $this->sessionMessagesService->addMessage($message);
 
-        return $this->routes->getRedirectResponseToModuleUrl(
+        return $this->routes->newRedirectResponseToModuleUrl(
             RoutesEnum::AdminClients->value,
         );
     }
@@ -202,7 +202,7 @@ public function add(): Response
                 $this->logger->info($message, $client->getState());
                 $this->sessionMessagesService->addMessage($message);
 
-                return $this->routes->getRedirectResponseToModuleUrl(
+                return $this->routes->newRedirectResponseToModuleUrl(
                     RoutesEnum::AdminClientsShow->value,
                     [ParametersEnum::ClientId->value => $client->getIdentifier()],
                 );
@@ -276,7 +276,7 @@ public function edit(Request $request): Response
 
                 $this->sessionMessagesService->addMessage(Translate::noop('Client has been updated.'));
 
-                return $this->routes->getRedirectResponseToModuleUrl(
+                return $this->routes->newRedirectResponseToModuleUrl(
                     RoutesEnum::AdminClientsShow->value,
                     [ParametersEnum::ClientId->value => $originalClient->getIdentifier()],
                 );

src/Controllers/Admin/ConfigController.php

@@ -45,14 +45,14 @@ public function runMigrations(): Response
         if ($this->databaseMigration->isMigrated()) {
             $message = Translate::noop('Database is already migrated.');
             $this->sessionMessagesService->addMessage($message);
-            return $this->routes->getRedirectResponseToModuleUrl(RoutesEnum::AdminMigrations->value);
+            return $this->routes->newRedirectResponseToModuleUrl(RoutesEnum::AdminMigrations->value);
         }
 
         $this->databaseMigration->migrate();
         $message = Translate::noop('Database migrated successfully.');
         $this->sessionMessagesService->addMessage($message);
 
-        return $this->routes->getRedirectResponseToModuleUrl(RoutesEnum::AdminMigrations->value);
+        return $this->routes->newRedirectResponseToModuleUrl(RoutesEnum::AdminMigrations->value);
     }
 
     public function protocolSettings(): Response

src/Controllers/Federation/EntityStatementController.php

@@ -13,6 +13,7 @@
 use SimpleSAML\Module\oidc\Services\JsonWebTokenBuilderService;
 use SimpleSAML\Module\oidc\Services\OpMetadataService;
 use SimpleSAML\Module\oidc\Utils\FederationCache;
+use SimpleSAML\Module\oidc\Utils\Routes;
 use SimpleSAML\OpenID\Codebooks\ClaimsEnum;
 use SimpleSAML\OpenID\Codebooks\ClientRegistrationTypesEnum;
 use SimpleSAML\OpenID\Codebooks\ContentTypesEnum;
@@ -21,7 +22,6 @@
 use SimpleSAML\OpenID\Codebooks\HttpHeadersEnum;
 use SimpleSAML\OpenID\Codebooks\JwtTypesEnum;
 use SimpleSAML\OpenID\Federation;
-use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
@@ -40,6 +40,7 @@ public function __construct(
         private readonly OpMetadataService $opMetadataService,
         private readonly ClientRepository $clientRepository,
         private readonly Helpers $helpers,
+        private readonly Routes $routes,
         private readonly Federation $federation,
         private readonly ?FederationCache $federationCache,
     ) {
@@ -171,7 +172,7 @@ public function fetch(Request $request): Response
         $subject = $request->query->get(ClaimsEnum::Sub->value);
 
         if (empty($subject)) {
-            return $this->prepareJsonErrorResponse(
+            return $this->routes->newJsonErrorResponse(
                 ErrorsEnum::InvalidRequest->value,
                 sprintf('Missing parameter %s', ClaimsEnum::Sub->value),
                 400,
@@ -193,7 +194,7 @@ public function fetch(Request $request): Response
 
         $client = $this->clientRepository->findByEntityIdentifier($subject);
         if (empty($client)) {
-            return $this->prepareJsonErrorResponse(
+            return $this->routes->newJsonErrorResponse(
                 ErrorsEnum::NotFound->value,
                 sprintf('Subject not found (%s)', $subject),
                 404,
@@ -202,7 +203,7 @@ public function fetch(Request $request): Response
 
         $jwks = $client->getFederationJwks();
         if (empty($jwks)) {
-            return $this->prepareJsonErrorResponse(
+            return $this->routes->newJsonErrorResponse(
                 ErrorsEnum::InvalidClient->value,
                 sprintf('Subject does not contain JWKS claim (%s)', $subject),
                 401,
@@ -263,21 +264,10 @@ public function fetch(Request $request): Response
 
     protected function prepareEntityStatementResponse(string $entityStatementToken): Response
     {
-        return new Response(
+        return $this->routes->newResponse(
             $entityStatementToken,
             200,
             [HttpHeadersEnum::ContentType->value => ContentTypesEnum::ApplicationEntityStatementJwt->value,],
         );
     }
-
-    protected function prepareJsonErrorResponse(string $error, string $description, int $httpCode = 500): JsonResponse
-    {
-        return new JsonResponse(
-            [
-                'error' => $error,
-                'error_description' => $description,
-            ],
-            $httpCode,
-        );
-    }
 }

src/Utils/Routes.php

@@ -8,7 +8,9 @@
 use SimpleSAML\Module\oidc\Codebooks\ParametersEnum;
 use SimpleSAML\Module\oidc\Codebooks\RoutesEnum;
 use SimpleSAML\Module\oidc\ModuleConfig;
+use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Response;
 
 class Routes
 {
@@ -25,7 +27,11 @@ public function getModuleUrl(string $resource = '', array $parameters = []): str
         return $this->sspBridge->module()->getModuleUrl($resource, $parameters);
     }
 
-    public function getRedirectResponseToModuleUrl(
+    /*****************************************************************************************************************
+     * Response factory methods.
+     ****************************************************************************************************************/
+
+    public function newRedirectResponseToModuleUrl(
         string $resource = '',
         array $parameters = [],
         int $status = 302,
@@ -38,8 +44,38 @@ public function getRedirectResponseToModuleUrl(
         );
     }
 
+    public function newResponse(
+        ?string $content = '',
+        int $status = 200,
+        array $headers = [],
+    ): Response {
+        return new Response($content, $status, $headers);
+    }
+
+    public function newJsonResponse(
+        mixed $data = null,
+        int $status = 200,
+        array $headers = [],
+        bool $json = false,
+    ): JsonResponse {
+        return new JsonResponse($data, $status, $headers, $json);
+    }
+
+    public function newJsonErrorResponse(
+        string $error,
+        string $description,
+        int $httpCode = 500,
+        array $headers = [],
+    ): JsonResponse {
+        return $this->newJsonResponse(
+            ['error' => $error, 'error_description' => $description],
+            $httpCode,
+            $headers,
+        );
+    }
+
     /*****************************************************************************************************************
-     * Admin area
+     * Admin area URLs.
      ****************************************************************************************************************/
 
     public function urlAdminConfigProtocol(array $parameters = []): string
@@ -99,7 +135,7 @@ public function urlAdminClientsDelete(string $clientId, array $parameters = []):
     }
 
     /*****************************************************************************************************************
-     * OpenID Connect
+     * OpenID Connect URLs.
      ****************************************************************************************************************/
 
     public function urlConfiguration(array $parameters = []): string
@@ -133,7 +169,7 @@ public function urlEndSession(array $parameters = []): string
     }
 
     /*****************************************************************************************************************
-     * OpenID Federation
+     * OpenID Federation URLs.
      ****************************************************************************************************************/
 
     public function urlFederationConfiguration(array $parameters = []): string

tests/config/config.php

@@ -87,7 +87,7 @@
      * qualified path to a file containing the certificate or key in PEM
      * format, such as 'cert.pem' or '/path/to/cert.pem'. If the path is
      * relative, it will be searched for in the directory defined by the
-     * '' parameter below. When 'certdir' is specified as a relative
+     * 'certdir' parameter below. When 'certdir' is specified as a relative
      * path, it will be interpreted as relative to the SimpleSAMLphp root
      * directory. Note that locations with no prefix included will be treated
      * as file locations.
@@ -564,6 +564,7 @@
         'core' => true,
         'admin' => true,
         'saml' => true,
+        'oidc' => true,
     ],
 
 
@@ -630,6 +631,8 @@
      * Set this to TRUE if the user only accesses your service
      * through https. If the user can access the service through
      * both http and https, this must be set to FALSE.
+     *
+     * If unset, SimpleSAMLphp will try to automatically determine the right value
      */
     'session.cookie.secure' => true,
 
@@ -994,12 +997,6 @@
         // Adopts language from attribute to use in UI
         30 => 'core:LanguageAdaptor',
 
-        45 => [
-            'class'         => 'core:StatisticsWithAttribute',
-            'attributename' => 'realm',
-            'type'          => 'saml20-idp-SSO',
-        ],
-
         /* When called without parameters, it will fallback to filter attributes 'the old way'
          * by checking the 'attributes' parameter in metadata on IdP hosted and SP remote.
          */

tests/unit/src/Controllers/Admin/ConfigControllerTest.php

@@ -0,0 +1,132 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\Module\oidc\unit\Controllers\Admin;
+
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\MockObject\MockObject;
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\Module\oidc\Admin\Authorization;
+use SimpleSAML\Module\oidc\Controllers\Admin\ConfigController;
+use SimpleSAML\Module\oidc\Factories\TemplateFactory;
+use SimpleSAML\Module\oidc\ModuleConfig;
+use SimpleSAML\Module\oidc\Services\DatabaseMigration;
+use SimpleSAML\Module\oidc\Services\SessionMessagesService;
+use SimpleSAML\Module\oidc\Utils\Routes;
+use SimpleSAML\OpenID\Federation;
+use SimpleSAML\OpenID\Federation\Factories\TrustMarkFactory;
+
+#[CoversClass(ConfigController::class)]
+class ConfigControllerTest extends TestCase
+{
+    protected MockObject $moduleConfigMock;
+    protected MockObject $templateFactoryMock;
+    protected MockObject $authorizationMock;
+    protected MockObject $databaseMigrationMock;
+    protected MockObject $sessionMessagesServiceMock;
+    protected MockObject $federationMock;
+    protected MockObject $routesMock;
+    protected MockObject $trustMarkFactoryMock;
+
+    protected function setUp(): void
+    {
+        $this->moduleConfigMock = $this->createMock(ModuleConfig::class);
+        $this->templateFactoryMock = $this->createMock(TemplateFactory::class);
+        $this->authorizationMock = $this->createMock(Authorization::class);
+        $this->databaseMigrationMock = $this->createMock(DatabaseMigration::class);
+        $this->sessionMessagesServiceMock = $this->createMock(SessionMessagesService::class);
+        $this->federationMock = $this->createMock(Federation::class);
+        $this->routesMock = $this->createMock(Routes::class);
+
+        $this->trustMarkFactoryMock = $this->createMock(TrustMarkFactory::class);
+        $this->federationMock->method('trustMarkFactory')->willReturn($this->trustMarkFactoryMock);
+    }
+
+    public function sut(
+        ?ModuleConfig $moduleConfig = null,
+        ?TemplateFactory $templateFactory = null,
+        ?Authorization $authorization = null,
+        ?DatabaseMigration $databaseMigration = null,
+        ?SessionMessagesService $sessionMessagesService = null,
+        ?Federation $federation = null,
+        ?Routes $routes = null,
+    ): ConfigController {
+        $moduleConfig ??= $this->moduleConfigMock;
+        $templateFactory ??= $this->templateFactoryMock;
+        $authorization ??= $this->authorizationMock;
+        $databaseMigration ??= $this->databaseMigrationMock;
+        $sessionMessagesService ??= $this->sessionMessagesServiceMock;
+        $federation ??= $this->federationMock;
+        $routes ??= $this->routesMock;
+
+        return new ConfigController(
+            $moduleConfig,
+            $templateFactory,
+            $authorization,
+            $databaseMigration,
+            $sessionMessagesService,
+            $federation,
+            $routes,
+        );
+    }
+
+    public function testCanCreateInstance(): void
+    {
+        $this->authorizationMock->expects($this->once())->method('requireAdmin');
+        $this->assertInstanceOf(ConfigController::class, $this->sut());
+    }
+
+    public function testCanShowMigrationsScreen(): void
+    {
+        $this->templateFactoryMock->expects($this->once())->method('build')
+            ->with('oidc:config/migrations.twig');
+
+        $this->sut()->migrations();
+    }
+
+    public function testCanRunMigrations(): void
+    {
+        $this->databaseMigrationMock->expects($this->once())->method('migrate');
+        $this->sessionMessagesServiceMock->expects($this->once())->method('addMessage')
+            ->with($this->stringContains('migrated'));
+
+        $this->sut()->runMigrations();
+    }
+
+    public function testWontRunMigrationsIfAlreadyMigrated(): void
+    {
+        $this->databaseMigrationMock->expects($this->once())->method('isMigrated')->willReturn(true);
+        $this->databaseMigrationMock->expects($this->never())->method('migrate');
+
+        $this->sut()->runMigrations();
+    }
+
+    public function testCanShowProtocolSettingsScreen(): void
+    {
+        $this->templateFactoryMock->expects($this->once())->method('build')
+            ->with('oidc:config/protocol.twig');
+
+        $this->sut()->protocolSettings();
+    }
+
+    public function testCanShowFederationSettingsScreen(): void
+    {
+        $this->templateFactoryMock->expects($this->once())->method('build')
+            ->with('oidc:config/federation.twig');
+
+        $this->sut()->federationSettings();
+    }
+
+    public function testCanIncludeTrustMarksInFederationSettings(): void
+    {
+        $this->moduleConfigMock->method('getFederationTrustMarkTokens')->willReturn(['token']);
+        $this->trustMarkFactoryMock->expects($this->once())->method('fromToken')
+            ->with($this->stringContains('token'));
+
+        $this->templateFactoryMock->expects($this->once())->method('build')
+            ->with('oidc:config/federation.twig');
+
+        $this->sut()->federationSettings();
+    }
+}