Merge remote-tracking branch 'origin/release/2.9'

OpenConext · Jun 20, 2018 · bac7b38 · bac7b38
2 parents 48492cd + 8262f77
commit bac7b38
Show file tree

Hide file tree

Showing 6 changed files with 67 additions and 31 deletions.
diff --git a/app/config/samlstepupproviders_parameters.yml.dist b/app/config/samlstepupproviders_parameters.yml.dist
@@ -18,8 +18,8 @@ parameters:
     gssp_tiqr_description:
         en_GB: 'Log in with a smartphone app. For all smartphones with %%ios_link_start%%Apple iOS%%ios_link_end%% or %%android_link_start%%Android%%android_link_end%%.'
         nl_NL: 'Log in met een app op je smartphone. Geschikt voor smartphones met %%ios_link_start%%Apple iOS%%ios_link_end%% of %%android_link_start%%Android%%android_link_end%%.'
-    gssp_tiqr_app_android_url: https://itunes.apple.com/us/app/tiqr/id430838214?mt=8&ls=1
-    gssp_tiqr_app_ios_url: https://play.google.com/store/apps/details?id=org.tiqr.authenticator&hl=en
+    gssp_tiqr_app_android_url: https://play.google.com/store/apps/details?id=org.tiqr.authenticator&hl=en
+    gssp_tiqr_app_ios_url: https://itunes.apple.com/us/app/tiqr/id430838214?mt=8&ls=1
     gssp_tiqr_button_use:
         en_GB: 'Select'
         nl_NL: 'Selecteer'
@@ -74,4 +74,4 @@ parameters:
         nl_NL: 'Registratie biometrisch apparaat is mislukt. Probeer het nogmaals.'
     gssp_biometric_pop_failed:
         en_GB: 'Registration of your token failed. Please try again.'
-        nl_NL: 'De registratie van uw token is mislukt. Probeer het nogmaals.'
+        nl_NL: 'De registratie van uw token is mislukt. Probeer het nogmaals.'
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/Registration/GssfController.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/Registration/GssfController.php
@@ -22,6 +22,7 @@
 use Surfnet\SamlBundle\Http\XMLResponse;
 use Surfnet\SamlBundle\SAML2\AuthnRequestFactory;
 use Surfnet\SamlBundle\SAML2\Response\Assertion\InResponseTo;
+use Surfnet\StepupSelfService\SamlStepupProviderBundle\Provider\Provider;
 use Surfnet\StepupSelfService\SamlStepupProviderBundle\Provider\ViewConfig;
 use Surfnet\StepupSelfService\SelfServiceBundle\Controller\Controller;
 use Symfony\Component\HttpFoundation\Request;
@@ -34,14 +35,32 @@
 final class GssfController extends Controller
 {
     /**
+     * Render the initiation form.
+     *
+     * This action has two parameters:
+     *
+     * - authenticationFailed (default false), will trigger an error message
+     *   and is used when a SAML failure response was received, for example
+     *   when the users cancelled the registration
+     *
+     * - proofOfPossessionFailed (default false), will trigger an error message
+     *   when possession was not proven, but the SAML response was successful
+     *
+     * @param Request $request
      * @param string $provider
      * @return array|Response
      */
-    public function initiateAction($provider)
+    public function initiateAction(Request $request, $provider)
     {
         $this->assertSecondFactorEnabled($provider);
 
-        return $this->renderInitiateForm($provider, []);
+        return $this->renderInitiateForm(
+            $provider,
+            [
+                'authenticationFailed' => (bool) $request->get('authenticationFailed'),
+                'proofOfPossessionFailed' => (bool) $request->get('proofOfPossessionFailed'),
+            ]
+        );
     }
 
     /**
@@ -105,8 +124,8 @@ public function consumeAssertionAction(Request $httpRequest, $provider)
                 sprintf('Could not process received Response, error: "%s"', $exception->getMessage())
             );
 
-            return $this->renderInitiateForm(
-                $provider->getName(),
+            return $this->redirectToInitiationForm(
+                $provider,
                 ['authenticationFailed' => true]
             );
         }
@@ -120,8 +139,8 @@ public function consumeAssertionAction(Request $httpRequest, $provider)
                 ($expectedResponseTo ? 'expected "' . $expectedResponseTo . '"' : ' no response expected')
             ));
 
-            return $this->renderInitiateForm(
-                $provider->getName(),
+            return $this->redirectToInitiationForm(
+                $provider,
                 ['authenticationFailed' => true]
             );
         }
@@ -156,12 +175,26 @@ public function consumeAssertionAction(Request $httpRequest, $provider)
 
         $this->getLogger()->error('Unable to prove GSSF possession');
 
-        return $this->renderInitiateForm(
-            $provider->getName(),
+        return $this->redirectToInitiationForm(
+            $provider,
             ['proofOfPossessionFailed' => true]
         );
     }
 
+    /**
+     * @param Provider $provider
+     * @param array $options
+     */
+    private function redirectToInitiationForm(Provider $provider, array $options)
+    {
+        return $this->redirectToRoute(
+            'ss_registration_gssf_initiate',
+            $options + [
+                'provider' => $provider->getName(),
+            ]
+        );
+    }
+
     /**
      * @param string $provider
      * @return \Symfony\Component\HttpFoundation\Response

diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/config/routing.yml b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/config/routing.yml
@@ -63,7 +63,10 @@ ss_registration_sms_prove_possession:
 ss_registration_gssf_initiate:
     path:     /registration/gssf/{provider}/initiate
     methods:  [GET]
-    defaults: { _controller: SurfnetStepupSelfServiceSelfServiceBundle:Registration/Gssf:initiate }
+    defaults:
+        _controller: SurfnetStepupSelfServiceSelfServiceBundle:Registration/Gssf:initiate
+        authenticationFailed: false
+        proofOfPossessionFailed: false
 
 ss_registration_gssf_authenticate:
     path:     /registration/gssf/{provider}/authenticate

diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/public/less/style.less b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/public/less/style.less
@@ -110,10 +110,12 @@ select[name="stepup_switch_locale[locale]"] {
         margin-right: 5px;
     }
 }
-.m-t-2 {
-    margin-top: 2em;
+
+.token-button-group {
+    margin: -4px 8px 0 0;
 }
 
+
 .table-striped tbody td {
     vertical-align: middle !important;
 }

diff --git a/.../StepupSelfService/SelfServiceBundle/Resources/views/Registration/Gssf/initiate.html.twig b/.../StepupSelfService/SelfServiceBundle/Resources/views/Registration/Gssf/initiate.html.twig
@@ -19,10 +19,10 @@
 
     <hr>
 
-    {% if authenticationFailed is defined %}
+    {% if authenticationFailed == true %}
         <div class="alert alert-danger">{{ secondFactorConfig.getAuthnFailed() }}</div>
     {% endif %}
-    {% if proofOfPossessionFailed is defined %}
+    {% if proofOfPossessionFailed == true %}
         <div class="alert alert-danger">{{ secondFactorConfig.getPopFailed() }}</div>
     {% endif %}
     {{ form(form) }}

diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig b/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/SecondFactor/list.html.twig
@@ -10,18 +10,26 @@
     {{ macro.secondFactorTable(verifiedSecondFactors, 'ss.second_factor.list.text.verified', 'verified', email, expirationHelper) }}
     {{ macro.secondFactorTable(unverifiedSecondFactors, 'ss.second_factor.list.text.unverified', 'unverified', email, expirationHelper) }}
 
+    <div class="btn-toolbar token-button-group" role="toolbar">
+    {% if vettedSecondFactors.elements is not empty %}
+        <a class="btn btn-default pull-right" href="{{ path('ss_second_factor_test') }}">
+            {{ 'ss.second_factor.revoke.button.test'|trans }}
+        </a>
+    {% endif %}
+
     {% if registrationsLeft > 0
             and ((unverifiedSecondFactors.elements is empty and verifiedSecondFactors.elements is empty and vettedSecondFactors.elements is empty)
             or availableSecondFactors is not empty)
     %}
         {% if (unverifiedSecondFactors.elements is empty and verifiedSecondFactors.elements is empty and vettedSecondFactors.elements is empty) %}
             <p>{{ 'ss.second_factor.list.text.no_second_factors'|trans }}</p>
         {% endif %}
-            <a href="{{ path('ss_registration_display_types') }}"
-               class="btn btn-primary m-t-2">
-                {{ 'ss.second_factor.list.button.register_second_factor'|trans }}
-            </a>
+        <a href="{{ path('ss_registration_display_types') }}"
+           class="btn btn-primary pull-right">
+            {{ 'ss.second_factor.list.button.register_second_factor'|trans }}
+        </a>
     {% endif %}
+    </div>
 
 {% endblock %}
 
@@ -67,17 +75,7 @@
                         </tr>
                     {% endfor %}
                     </tbody>
-                    {% if state == 'vetted' %}
-                    <tfoot>
-                        <tr>
-                            <td colspan="4">
-                                <a class="btn btn-mini btn-default pull-right" href="{{ path('ss_second_factor_test') }}">
-                                    {{ 'ss.second_factor.revoke.button.test'|trans }}
-                                </a>
-                            </td>
-                        </tr>
-                    </tfoot>
-                    {% endif %}
+
                 </table>
 
                 {% if hasExpired %}