diff --git a/config/reference.php b/config/reference.php index b1bc682d0..c7a371fb9 100644 --- a/config/reference.php +++ b/config/reference.php @@ -128,7 +128,7 @@ * @psalm-type FrameworkConfig = array{ * secret?: scalar|Param|null, * http_method_override?: bool|Param, // Set true to enable support for the '_method' request parameter to determine the intended HTTP method on POST requests. // Default: false - * allowed_http_method_override?: null|list, + * allowed_http_method_override?: list|null, * trust_x_sendfile_type_header?: scalar|Param|null, // Set true to enable support for xsendfile in binary file responses. // Default: "%env(bool:default::SYMFONY_TRUST_X_SENDFILE_TYPE_HEADER)%" * ide?: scalar|Param|null, // Default: "%env(default::SYMFONY_IDE)%" * test?: bool|Param, @@ -136,9 +136,9 @@ * set_locale_from_accept_language?: bool|Param, // Whether to use the Accept-Language HTTP header to set the Request locale (only when the "_locale" request attribute is not passed). // Default: false * set_content_language_from_locale?: bool|Param, // Whether to set the Content-Language HTTP header on the Response using the Request locale. // Default: false * enabled_locales?: list, - * trusted_hosts?: string|list, + * trusted_hosts?: list, * trusted_proxies?: mixed, // Default: ["%env(default::SYMFONY_TRUSTED_PROXIES)%"] - * trusted_headers?: string|list, + * trusted_headers?: list, * error_controller?: scalar|Param|null, // Default: "error_controller" * handle_all_throwables?: bool|Param, // HttpKernel will handle all kinds of \Throwable. // Default: true * csrf_protection?: bool|array{ @@ -202,23 +202,23 @@ * property?: scalar|Param|null, * service?: scalar|Param|null, * }, - * supports?: string|list, + * supports?: list, * definition_validators?: list, * support_strategy?: scalar|Param|null, - * initial_marking?: \BackedEnum|string|list, - * events_to_dispatch?: null|list, - * places?: string|list, + * events_to_dispatch?: list|null, + * places?: list, * }>, * transitions?: list, - * to?: \BackedEnum|string|list, @@ -271,7 +271,7 @@ * version_format?: scalar|Param|null, // Default: "%%s?%%s" * json_manifest_path?: scalar|Param|null, // Default: null * base_path?: scalar|Param|null, // Default: "" - * base_urls?: string|list, + * base_urls?: list, * packages?: array, + * base_urls?: list, * }>, * }, * asset_mapper?: bool|array{ // Asset Mapper configuration * enabled?: bool|Param, // Default: false - * paths?: string|array, + * paths?: array, * excluded_patterns?: list, * exclude_dotfiles?: bool|Param, // If true, any files starting with "." will be excluded from the asset mapper. // Default: true * server?: bool|Param, // If true, a "dev server" will return the assets from the public directory (true in "debug" mode only by default). // Default: true @@ -303,7 +303,7 @@ * }, * translator?: bool|array{ // Translator configuration * enabled?: bool|Param, // Default: true - * fallbacks?: string|list, + * fallbacks?: list, * logging?: bool|Param, // Default: false * formatter?: scalar|Param|null, // Default: "translator.formatter.default" * cache_dir?: scalar|Param|null, // Default: "%kernel.cache_dir%/translations" @@ -333,7 +333,7 @@ * enabled?: bool|Param, // Default: true * cache?: scalar|Param|null, // Deprecated: Setting the "framework.validation.cache.cache" configuration option is deprecated. It will be removed in version 8.0. * enable_attributes?: bool|Param, // Default: true - * static_method?: string|list, + * static_method?: list, * translation_domain?: scalar|Param|null, // Default: "validators" * email_validation_mode?: "html5"|"html5-allow-no-tld"|"strict"|"loose"|Param, // Default: "html5" * mapping?: array{ @@ -396,7 +396,7 @@ * default_doctrine_dbal_provider?: scalar|Param|null, // Default: "database_connection" * default_pdo_provider?: scalar|Param|null, // Default: null * pools?: array, + * adapters?: list, * tags?: scalar|Param|null, // Default: null * public?: bool|Param, // Default: false * default_lifetime?: scalar|Param|null, // Default lifetime of the pool. @@ -419,11 +419,11 @@ * }, * lock?: bool|string|array{ // Lock configuration * enabled?: bool|Param, // Default: false - * resources?: string|array>, + * resources?: array>, * }, * semaphore?: bool|string|array{ // Semaphore configuration * enabled?: bool|Param, // Default: false - * resources?: string|array, + * resources?: array, * }, * messenger?: bool|array{ // Messenger configuration * enabled?: bool|Param, // Default: false @@ -453,7 +453,7 @@ * rate_limiter?: scalar|Param|null, // Rate limiter name to use when processing messages. // Default: null * }>, * failure_transport?: scalar|Param|null, // Transport name to send failed messages to (after all retries have failed). // Default: null - * stop_worker_on_signals?: int|string|list, + * stop_worker_on_signals?: list, * default_bus?: scalar|Param|null, // Default: null * buses?: array, * }>, @@ -510,9 +510,9 @@ * retry_failed?: bool|array{ * enabled?: bool|Param, // Default: false * retry_strategy?: scalar|Param|null, // service id to override the retry strategy. // Default: null - * http_codes?: int|string|array, + * methods?: list, * }>, * max_retries?: int|Param, // Default: 3 * delay?: int|Param, // Time in ms to delay (or the initial value when multiplier is used). // Default: 1000 @@ -563,9 +563,9 @@ * retry_failed?: bool|array{ * enabled?: bool|Param, // Default: false * retry_strategy?: scalar|Param|null, // service id to override the retry strategy. // Default: null - * http_codes?: int|string|array, + * methods?: list, * }>, * max_retries?: int|Param, // Default: 3 * delay?: int|Param, // Time in ms to delay (or the initial value when multiplier is used). // Default: 1000 @@ -582,8 +582,8 @@ * transports?: array, * envelope?: array{ // Mailer Envelope configuration * sender?: scalar|Param|null, - * recipients?: string|list, - * allowed_recipients?: string|list, + * recipients?: list, + * allowed_recipients?: list, * }, * headers?: array, + * limiters?: list, * limit?: int|Param, // The maximum allowed hits in a fixed interval or burst. * interval?: scalar|Param|null, // Configures the fixed interval if "policy" is set to "fixed_window" or "sliding_window". The value must be a number followed by "second", "minute", "hour", "day", "week" or "month" (or their plural equivalent). * rate?: array{ // Configures the fill rate if "policy" is set to "token_bucket". @@ -658,20 +658,20 @@ * allow_safe_elements?: bool|Param, // Allows "safe" elements and attributes. // Default: false * allow_static_elements?: bool|Param, // Allows all static elements and attributes from the W3C Sanitizer API standard. // Default: false * allow_elements?: array, - * block_elements?: string|list, - * drop_elements?: string|list, + * block_elements?: list, + * drop_elements?: list, * allow_attributes?: array, * drop_attributes?: array, * force_attributes?: array>, * force_https_urls?: bool|Param, // Transforms URLs using the HTTP scheme to use the HTTPS scheme instead. // Default: false - * allowed_link_schemes?: string|list, - * allowed_link_hosts?: null|string|list, + * allowed_link_schemes?: list, + * allowed_link_hosts?: list|null, * allow_relative_links?: bool|Param, // Allows relative URLs to be used in links href attributes. // Default: false - * allowed_media_schemes?: string|list, - * allowed_media_hosts?: null|string|list, + * allowed_media_schemes?: list, + * allowed_media_hosts?: list|null, * allow_relative_medias?: bool|Param, // Allows relative URLs to be used in media source attributes (img, audio, video, ...). // Default: false - * with_attribute_sanitizers?: string|list, - * without_attribute_sanitizers?: string|list, + * with_attribute_sanitizers?: list, + * without_attribute_sanitizers?: list, * max_input_length?: int|Param, // The maximum length allowed for the sanitized input. // Default: 0 * }>, * }, @@ -705,7 +705,7 @@ * }, * password_hashers?: array, + * migrate_from?: list, * hash_algorithm?: scalar|Param|null, // Name of hashing algorithm for PBKDF2 (i.e. sha256, sha512, etc..) See hash_algos() for a list of supported algorithms. // Default: "sha512" * key_length?: scalar|Param|null, // Default: 40 * ignore_case?: bool|Param, // Default: false @@ -719,12 +719,12 @@ * providers?: array, + * providers?: list, * }, * memory?: array{ * users?: array, + * roles?: list, * }>, * }, * ldap?: array{ @@ -733,7 +733,7 @@ * search_dn?: scalar|Param|null, // Default: null * search_password?: scalar|Param|null, // Default: null * extra_fields?: list, - * default_roles?: string|list, + * default_roles?: list, * role_fetcher?: scalar|Param|null, // Default: null * uid_key?: scalar|Param|null, // Default: "sAMAccountName" * filter?: scalar|Param|null, // Default: "({uid_key}={user_identifier})" @@ -748,7 +748,7 @@ * firewalls?: array, + * methods?: list, * security?: bool|Param, // Default: true * user_checker?: scalar|Param|null, // The UserChecker to use when authenticating users in this firewall. // Default: "security.user_checker" * request_matcher?: scalar|Param|null, @@ -767,8 +767,8 @@ * path?: scalar|Param|null, // Default: "/logout" * target?: scalar|Param|null, // Default: "/" * invalidate_session?: bool|Param, // Default: true - * clear_site_data?: string|list<"*"|"cache"|"cookies"|"storage"|"executionContexts"|Param>, - * delete_cookies?: string|array, + * delete_cookies?: array, + * token_extractors?: list, * token_handler?: string|array{ * id?: scalar|Param|null, * oidc_user_info?: string|array{ @@ -921,7 +921,7 @@ * }, * oidc?: array{ * discovery?: array{ // Enable the OIDC discovery. - * base_uri?: string|list, + * base_uri?: list, * cache?: array{ * id?: scalar|Param|null, // Cache service id to use to cache the OIDC discovery configuration. * }, @@ -964,7 +964,7 @@ * remember_me?: array{ * secret?: scalar|Param|null, // Default: "%kernel.secret%" * service?: scalar|Param|null, - * user_providers?: string|list, + * user_providers?: list, * catch_exceptions?: bool|Param, // Default: true * signature_properties?: list, * token_provider?: string|array{ @@ -992,12 +992,12 @@ * path?: scalar|Param|null, // Use the urldecoded format. // Default: null * host?: scalar|Param|null, // Default: null * port?: int|Param, // Default: null - * ips?: string|list, + * ips?: list, * attributes?: array, * route?: scalar|Param|null, // Default: null - * methods?: string|list, + * methods?: list, * allow_if?: scalar|Param|null, // Default: null - * roles?: string|list, + * roles?: list, * }>, * role_hierarchy?: array>, * } @@ -1018,7 +1018,7 @@ * auto_reload?: scalar|Param|null, * optimizations?: int|Param, * default_path?: scalar|Param|null, // The default path used to load templates. // Default: "%kernel.project_dir%/templates" - * file_name_pattern?: string|list, + * file_name_pattern?: list, * paths?: array, * date?: array{ // The default format options used by the date filter. * format?: scalar|Param|null, // Default: "F j, Y H:i" @@ -1111,7 +1111,7 @@ * delay_between_messages?: bool|Param, // Default: false * topic?: int|Param, // Default: null * factor?: int|Param, // Default: 1 - * tags?: string|list, + * tags?: list, * console_formatter_options?: mixed, // Default: [] * formatter?: scalar|Param|null, * nested?: bool|Param, // Default: false @@ -1155,7 +1155,7 @@ * host?: scalar|Param|null, * }, * from_email?: scalar|Param|null, - * to_email?: string|list, + * to_email?: list, * subject?: scalar|Param|null, * content_type?: scalar|Param|null, // Default: null * headers?: list, diff --git a/config/services/ci/controllers.yml b/config/services/ci/controllers.yml index ce71b961f..bf4ec4ee9 100644 --- a/config/services/ci/controllers.yml +++ b/config/services/ci/controllers.yml @@ -50,6 +50,7 @@ services: - '@OpenConext\EngineBlock\Validator\UnsolicitedSsoRequestValidator' - '@OpenConext\EngineBlock\Service\AuthenticationStateHelper' - '@engineblock.functional_testing.fixture.features' + - '@router' engineblock.functional_test.controller.sbs: class: OpenConext\EngineBlockFunctionalTestingBundle\Controllers\SbsController diff --git a/config/services/ci/services.yml b/config/services/ci/services.yml index bcc5086f9..0d4419e9d 100644 --- a/config/services/ci/services.yml +++ b/config/services/ci/services.yml @@ -149,6 +149,13 @@ services: - '@engineblock.functional_testing.fixture.features' - '%stepup.sfo.override_engine_entityid%' + OpenConext\EngineBlockBundle\Twig\Extensions\Extension\Wayf: + autoconfigure: true + arguments: + - '@request_stack' + - '@translator' + - '@engineblock.functional_testing.fixture.features' + OpenConext\EngineBlockBundle\Twig\Extensions\Extension\FunctionalTestingGlobalSiteNotice: autoconfigure: true arguments: diff --git a/config/services/controllers/authentication.yml b/config/services/controllers/authentication.yml index b08612904..21b07e7cc 100644 --- a/config/services/controllers/authentication.yml +++ b/config/services/controllers/authentication.yml @@ -22,6 +22,7 @@ services: - '@OpenConext\EngineBlock\Validator\UnsolicitedSsoRequestValidator' - '@OpenConext\EngineBlock\Service\AuthenticationStateHelper' - '@OpenConext\EngineBlockBundle\Configuration\FeatureConfiguration' + - '@router' OpenConext\EngineBlockBundle\Controller\IndexController: arguments: diff --git a/languages/messages.en.php b/languages/messages.en.php index 89e37678f..3d5a44008 100644 --- a/languages/messages.en.php +++ b/languages/messages.en.php @@ -234,6 +234,8 @@ 'error_authentication_limit_exceeded' => 'Error - too many authentications in progress', 'error_authentication_limit_exceeded_desc' => 'Too many authentications in progress', 'error_no_authentication_request_received' => 'Error - No authentication request received.', + 'error_bookmarked_page' => 'Error - This page no longer exists', + 'error_bookmarked_page_desc' => 'The page you are trying to visit no longer exists. You probably saved a bookmark, but unfortunately that doesn\'t work. Search for the correct link to the application you want to log in to in order to gain access.', 'error_authn_context_class_ref_blacklisted' => 'Error - AuthnContextClassRef value is not allowed', 'error_authn_context_class_ref_blacklisted_desc' => 'You cannot login because %idpName% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of %idpName% to solve this.', 'error_authn_context_class_ref_blacklisted_desc_no_idp_name' => 'You cannot login because your %organisationNoun% sent a value for AuthnContextClassRef that is not allowed. Please contact the service desk of your %organisationNoun% to solve this.', diff --git a/languages/messages.nl.php b/languages/messages.nl.php index fead1e584..de5461a43 100644 --- a/languages/messages.nl.php +++ b/languages/messages.nl.php @@ -231,6 +231,8 @@ 'error_authentication_limit_exceeded' => 'Fout - teveel onafgeronde authenticaties tegelijkertijd.', 'error_authentication_limit_exceeded_desc' => 'Teveel onafgeronde authenticaties tegelijkertijd.', 'error_no_authentication_request_received' => 'Fout - Geen authenticatie-aanvraag ontvangen.', + 'error_bookmarked_page' => 'Fout - Deze pagina bestaat niet meer', + 'error_bookmarked_page_desc' => 'De pagina die je probeert te bezoeken bestaat niet meer. Waarschijnlijk heb je de pagina als bladwijzer opgeslagen, maar dat werkt helaas niet. Zoek de juiste link naar de applicatie waarop je wilt inloggen om toegang te krijgen.', 'error_authn_context_class_ref_blacklisted' => 'Fout - Waarde van AuthnContextClassRef is niet toegestaan', 'error_authn_context_class_ref_blacklisted_desc' => 'Je kunt niet inloggen omdat %idpName% een waarde stuurde voor AuthnContextClassRef die niet is toegestaan. Neem contact op met de helpdesk van %idpName% om dit op te lossen.', 'error_authn_context_class_ref_blacklisted_desc_no_idp_name' => 'Je kunt niet inloggen omdat je %organisationNoun% een waarde stuurde voor AuthnContextClassRef die niet is toegestaan. Neem contact op met de helpdesk van je %organisationNoun% om dit op te lossen.', diff --git a/languages/messages.pt.php b/languages/messages.pt.php index 94527836c..ab37c212c 100644 --- a/languages/messages.pt.php +++ b/languages/messages.pt.php @@ -231,6 +231,8 @@ 'error_invalid_mfa_authn_context_class_ref_desc' => '

A %idpName% requer segurança adicional para este serviço, por meio de um segundo fator de autenticação (2FA). No entanto, o seu segundo fator de autenticação não pôde ser verificado. Entre em contato com o suporte da %idpName% para validar esta situação.

', 'error_invalid_mfa_authn_context_class_ref_desc_no_idp_name' => '

A sua %organisationNoun% requer segurança adicional para este serviço, por meio de um segundo fator de autenticação (2FA). No entanto, o seu segundo fator de autenticação não pôde ser verificado. Entre em contato com o suporte da sua %organisationNoun% para validar esta situação.

', 'error_no_authentication_request_received' => 'Não foi recebida nenhuma solicitação de autenticação.', + 'error_bookmarked_page' => 'Erro - Esta página já não existe', + 'error_bookmarked_page_desc' => 'A página que está a tentar visitar já não existe. Provavelmente guardou um marcador, mas infelizmente isso não funciona. Procure o link correto para a aplicação em que pretende iniciar sessão para obter acesso.', /** * %1 AttributeName * %2 Options diff --git a/src/OpenConext/EngineBlockBundle/Configuration/TestFeatureConfiguration.php b/src/OpenConext/EngineBlockBundle/Configuration/TestFeatureConfiguration.php index 15512f7e6..f6fa8285c 100644 --- a/src/OpenConext/EngineBlockBundle/Configuration/TestFeatureConfiguration.php +++ b/src/OpenConext/EngineBlockBundle/Configuration/TestFeatureConfiguration.php @@ -48,7 +48,7 @@ public function __construct() $this->setFeature(new Feature('eb.feature_enable_idp_initiated_flow', true)); $this->setFeature(new Feature('eb.stepup.send_user_attributes', true)); $this->setFeature(new Feature('eb.feature_enable_sram_interrupt', true)); - $this->setFeature(new Feature('eb.hide_bookmarkable_url', false)); + $this->setFeature(new Feature('eb.hide_bookmarkable_url', true)); } public function setFeature(Feature $feature): void diff --git a/src/OpenConext/EngineBlockBundle/Controller/FeedbackController.php b/src/OpenConext/EngineBlockBundle/Controller/FeedbackController.php index a5b8d6ec7..3259aeeef 100644 --- a/src/OpenConext/EngineBlockBundle/Controller/FeedbackController.php +++ b/src/OpenConext/EngineBlockBundle/Controller/FeedbackController.php @@ -153,6 +153,15 @@ public function __construct( ], methods: ['GET'] )] + #[Route( + path: '/authentication/feedback/bookmarked-page', + name: 'authentication_feedback_bookmarked_page', + defaults: [ + 'pageIdentifier' => 'bookmarked-page', + 'statusCode' => 400 + ], + methods: ['GET'] + )] public function feedbackAction(string $pageIdentifier, int $statusCode): Response { return new Response( diff --git a/src/OpenConext/EngineBlockBundle/Controller/IdentityProviderController.php b/src/OpenConext/EngineBlockBundle/Controller/IdentityProviderController.php index 57e10014f..40e371a0a 100644 --- a/src/OpenConext/EngineBlockBundle/Controller/IdentityProviderController.php +++ b/src/OpenConext/EngineBlockBundle/Controller/IdentityProviderController.php @@ -26,17 +26,22 @@ use OpenConext\EngineBlockBridge\ResponseFactory; use OpenConext\EngineBlockBundle\Configuration\FeatureConfigurationInterface; use Psr\Log\LoggerInterface; +use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; use Symfony\Component\Routing\Attribute\Route; +use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Twig\Environment; /** * @SuppressWarnings(PHPMD.CouplingBetweenObjects) Due to the compatibility requirements + * @SuppressWarnings(PHPMD.ExcessiveParameterList) Due to the compatibility requirements */ class IdentityProviderController implements AuthenticationLoopThrottlingController { + private const FEEDBACK_BOOKMARK = 'bookmark'; + /** * @var EngineBlock_ApplicationSingleton */ @@ -82,6 +87,11 @@ class IdentityProviderController implements AuthenticationLoopThrottlingControll */ private $featureConfiguration; + /** + * @var UrlGeneratorInterface + */ + private $urlGenerator; + public function __construct( EngineBlock_ApplicationSingleton $engineBlockApplicationSingleton, Environment $twig, @@ -91,7 +101,8 @@ public function __construct( RequestValidator $bindingValidator, RequestValidator $unsolicitedRequestValidator, AuthenticationStateHelperInterface $authenticationStateHelper, - FeatureConfigurationInterface $featureConfiguration + FeatureConfigurationInterface $featureConfiguration, + UrlGeneratorInterface $urlGenerator ) { $this->engineBlockApplicationSingleton = $engineBlockApplicationSingleton; $this->twig = $twig; @@ -102,6 +113,7 @@ public function __construct( $this->unsolicitedRequestValidator = $unsolicitedRequestValidator; $this->authenticationStateHelper = $authenticationStateHelper; $this->featureConfiguration = $featureConfiguration; + $this->urlGenerator = $urlGenerator; } /** @@ -122,6 +134,12 @@ public function __construct( #[Route(path: '/authentication/idp/single-sign-on/{idpHash}', name: 'authentication_idp_sso_idphash', methods: ['GET', 'POST'])] public function singleSignOnAction(Request $request, ?string $keyId = null, ?string $idpHash = null) { + if ($request->query->get('feedback') === self::FEEDBACK_BOOKMARK) { + return new RedirectResponse( + $this->urlGenerator->generate('authentication_feedback_bookmarked_page', [], UrlGeneratorInterface::ABSOLUTE_PATH) + ); + } + $this->requestValidator->isValid($request); $this->bindingValidator->isValid($request); diff --git a/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php b/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php index a1b8a7192..4e2d9d914 100644 --- a/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php +++ b/src/OpenConext/EngineBlockBundle/EventListener/RedirectToFeedbackPageExceptionListener.php @@ -207,7 +207,7 @@ public function onKernelException(ExceptionEvent $event) $redirectToRoute = 'authentication_feedback_authentication_limit_exceeded'; } elseif ($exception instanceof InvalidRequestMethodException || $exception instanceof InvalidBindingException || - $exception instanceof MissingParameterException + $exception instanceof MissingParameterException ) { $message = $exception->getMessage(); $event->getRequest()->getSession()->set('feedback_custom', $exception->getMessage()); diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/HideBookmarkableUrl.feature b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/HideBookmarkableUrl.feature index f44dfe3af..4a381ba68 100644 --- a/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/HideBookmarkableUrl.feature +++ b/src/OpenConext/EngineBlockFunctionalTestingBundle/Features/HideBookmarkableUrl.feature @@ -14,3 +14,20 @@ Feature: When I log in at "Dummy SP" And I go to Engineblock URL "/authentication/idp/single-sign-on" Then I should see "The parameter \"SAMLRequest\" is missing on the SAML SSO request" + + Scenario: Visiting a bookmarked WAYF URL shows the bookmark error page + When I log in at "Dummy SP" + And I go to Engineblock URL "/authentication/idp/single-sign-on?feedback=bookmark" + Then I should see "This page no longer exists" + + Scenario: WAYF page includes hideBookmarkableUrl true in config when feature flag is enabled + Given feature "eb.hide_bookmarkable_url" is enabled + And an Identity Provider named "Second Idp" + When I log in at "Dummy SP" + Then the response should contain '"hideBookmarkableUrl": true' + + Scenario: WAYF page includes hideBookmarkableUrl false in config when feature flag is disabled + Given feature "eb.hide_bookmarkable_url" is disabled + And an Identity Provider named "Second Idp" + When I log in at "Dummy SP" + Then the response should contain '"hideBookmarkableUrl": false' diff --git a/tests/unit/OpenConext/EngineBlockBundle/Controller/IdentityProviderControllerTest.php b/tests/unit/OpenConext/EngineBlockBundle/Controller/IdentityProviderControllerTest.php index 982d1d53f..c14b51bac 100644 --- a/tests/unit/OpenConext/EngineBlockBundle/Controller/IdentityProviderControllerTest.php +++ b/tests/unit/OpenConext/EngineBlockBundle/Controller/IdentityProviderControllerTest.php @@ -33,6 +33,7 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Session\Session; use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage; +use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Twig\Environment; class IdentityProviderControllerTest extends TestCase @@ -50,7 +51,8 @@ private function buildController(?RequestValidator $requestValidator = null): Id Mockery::mock(RequestValidator::class), Mockery::mock(RequestValidator::class), Mockery::mock(AuthenticationStateHelperInterface::class), - Mockery::mock(FeatureConfigurationInterface::class) + Mockery::mock(FeatureConfigurationInterface::class), + Mockery::mock(UrlGeneratorInterface::class) ); } diff --git a/theme/base/javascripts/wayf/hideBookmarkableUrl.js b/theme/base/javascripts/wayf/hideBookmarkableUrl.js index 2a622125d..70a99e636 100644 --- a/theme/base/javascripts/wayf/hideBookmarkableUrl.js +++ b/theme/base/javascripts/wayf/hideBookmarkableUrl.js @@ -1,10 +1,18 @@ +import {configurationId} from '../selectors'; + export const hideBookmarkableUrl = () => { - const configEl = document.getElementById('wayf-configuration'); + const configEl = document.getElementById(configurationId); if (!configEl) { return; } - const config = JSON.parse(configEl.innerHTML); + let config; + try { + config = JSON.parse(configEl.innerHTML); + } catch (e) { + return; + } + if (!config.hideBookmarkableUrl) { return; }