Merge branch 'release/2.3'

Vagrantfile

@@ -13,7 +13,10 @@ Vagrant.configure(2) do |config|
 
   config.vm.provision "ansible" do |ansible|
     ansible.playbook = "ansible/vagrant.yml"
-    ansible.groups = {"dev" => "default"}
+    ansible.groups = {
+                       "dev" => "default",
+                       "mongod_primary" => "default"
+                     }
     ansible.extra_vars = {
       develop_spd: true
     }

ansible/roles/spdashboard/defaults/main.yml

@@ -16,6 +16,8 @@ spdashboard_support_email: [email protected]
 spdashboard_manage_prod_host: "https://manage-prod.{{ base_domain }}"
 spdashboard_manage_test_publication_status: testaccepted
 spdashboard_manage_prod_publication_status: prodaccepted
+spdashboard_manage_test_oidcng_enabled: true
+spdashboard_manage_prod_oidcng_enabled: true
 spdashboard_nodejs_rpm_url: "https://rpm.nodesource.com/pub_11.x/el/7/x86_64/nodesource-release-el7-1.noarch.rpm"
 spdashboard_jira_host: https://jira-test.surfnet.nl
 spdashboard_jira_username: username
@@ -31,5 +33,7 @@ spdashboard_jira_manageid_field_label: "SURFconext Manage ID"
 spdashboard_jira_project_key: CXT
 spdashboard_test_mode_enabled: false
 spdashboard_test_mode_path: '../var/issues.json'
-playground_uri_test: https://authz-playground.dev.support.surfconext.nl
-playground_uri_prod: https://authz-playground.dev.support.surfconext.nl
+spdashboard_playground_uri_test: https://authz-playground.dev.support.surfconext.nl/redirect
+spdashboard_playground_uri_prod: https://authz-playground.dev.support.surfconext.nl/redirect
+spdashboard_oidcng_playground_uri_test: https://oidc-playground.dev.support.surfconext.nl/redirect
+spdashboard_oidcng_playground_uri_prod: https://oidc-playground.dev.support.surfconext.nl/redirect

ansible/roles/spdashboard/templates/parameters.yml.j2

@@ -33,10 +33,12 @@ parameters:
     manage_test_username: sp-dashboard
     manage_test_password: {{ manage_sp_dashboard_secret }}
     manage_test_publication_status: {{ spdashboard_manage_test_publication_status }}
+    manage_test_oidcng_enabled: {{ spdashboard_manage_test_oidcng_enabled }}
     manage_prod_host: {{ spdashboard_manage_prod_host }}
     manage_prod_username: sp-dashboard
     manage_prod_password: {{ manage_prod_sp_dashboard_secret }}
     manage_prod_publication_status: {{ spdashboard_manage_prod_publication_status }}
+    manage_prod_oidcng_enabled: {{ spdashboard_manage_prod_oidcng_enabled }}
     jira_host: {{ spdashboard_jira_host }}
     jira_username: {{ spdashboard_jira_username }}
     jira_password: {{ spdashboard_jira_password }}
@@ -53,3 +55,5 @@ parameters:
     jira_test_mode_storage_path: {{ spdashboard_test_mode_path }}
     playground_uri_test: {{ spdashboard_playground_uri_test }}
     playground_uri_prod: {{ spdashboard_playground_uri_prod }}
+    oidcng_playground_uri_test: {{ spdashboard_oidcng_playground_uri_test }}
+    oidcng_playground_uri_prod: {{ spdashboard_oidcng_playground_uri_prod }}

app/DoctrineMigrations/Version20190909100159.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace Application\Migrations;
+
+use Doctrine\DBAL\Migrations\AbstractMigration;
+use Doctrine\DBAL\Schema\Schema;
+
+/**
+ * Add the OIDC TNG resource servers column to the entities entity
+ *
+ * Used by OIDC TNG client entities to track which OIDC TNG resource servers are associated to them.
+ */
+class Version20190909100159 extends AbstractMigration
+{
+    /**
+     * @param Schema $schema
+     */
+    public function up(Schema $schema)
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('ALTER TABLE entity ADD oidcng_resource_servers LONGTEXT DEFAULT NULL COMMENT \'(DC2Type:object)\'');
+    }
+
+    /**
+     * @param Schema $schema
+     */
+    public function down(Schema $schema)
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('ALTER TABLE entity DROP oidcng_resource_servers');
+    }
+}

app/Resources/views/form/fields.html.twig

@@ -77,7 +77,14 @@
 
 {%- block checkbox_widget -%}
     {{ block('help_block') }}
+    {% set addInputContainer = (attr.class is defined and attr.class == "decorated") %}
+    {%  if addInputContainer %}
+    <div class="input-container">
+    {% endif %}
     <input type="checkbox" {{ block('widget_attributes') }}{% if value is defined %} value="{{ value }}"{% endif %}{% if checked %} checked="checked"{% endif %} />
+    {%  if addInputContainer  %}
+    </div>
+    {% endif %}
 {%- endblock checkbox_widget -%}
 
 {%- block radio_widget -%}

app/js/application.js

@@ -2,6 +2,7 @@
 
 import 'jquery';
 import './type_definitions.ts';
+import './components/form.ts';
 import './components/service_switcher.js';
 import './components/service_form.ts';
 import './components/service_status.ts';

app/js/components/collection_widget.test.ts

@@ -1,6 +1,7 @@
 import { loadEntityOidcForm } from "./collection_widget";
 
 import * as $ from "jquery";
+import * as jQuery from "jquery";
 
 jest
   .dontMock('fs')
@@ -9,7 +10,7 @@ jest
 describe('validate collection widget', function() {
 
   let stateHtml = `
-        <form>
+        <form action="/" method="POST">
         <div class="collection-widget" data-prototype="<input type=&quot;text&quot; id=&quot;dashboard_bundle_entity_type_metadata_redirectUris___name__&quot; name=&quot;dashboard_bundle_entity_type[metadata][redirectUris][__name__]&quot;  />">
         <ul class="collection-list"></ul>
         </div>
@@ -83,4 +84,21 @@ describe('validate collection widget', function() {
     expect(actual).toBe(expected);
   });
 
+
+  it('should not submit form on enter', function () {
+    document.body.innerHTML = stateHtml;
+    loadEntityOidcForm();
+
+    let actual = $('.collection-entry input[type="text"]').length;
+    expect(actual).toBe(1);
+
+    // press enter
+    let e = jQuery.Event('keydown', { key: 'Enter' });
+    $('.collection-entry input[type="text"]').last().trigger(e);
+
+    actual = $('.collection-entry input[type="text"]').length;
+    expect(actual).toBe(2);
+
+  });
+
 });

app/js/components/collection_widget.ts

@@ -53,6 +53,7 @@ class CollectionWidget {
 
     this.registerAddClickHandler($addEntryButton);
     this.registerBeforeSubmitHandler($addEntryButton);
+    this.registerPreventFormSubmitHandler($input);
   }
 
   /**
@@ -125,6 +126,20 @@ class CollectionWidget {
     $addEntryButton.on('click', handleAddClick);
   }
 
+  /**
+   * Add prevent submit handler to prevent form submission on enter and instead add entry
+   * @param $input
+   */
+  private registerPreventFormSubmitHandler($input: JQuery<HTMLElement>) {
+    const handleKeydownEnter = (event: JQuery.Event) => {
+      if (event.key === 'Enter') {
+        event.preventDefault();
+        this.addCollectionEntry();
+      }
+    };
+    $input.on('keydown', handleKeydownEnter);
+  }
+
   /**
    * Add submit handler to add data entered but ot already added to the collection
    * @param $addEntryButton
@@ -141,15 +156,15 @@ class CollectionWidget {
   }
 
   private isUnique(newElement: JQuery<HTMLElement>): boolean {
-    let isUniqe = true;
+    let isUnique = true;
     this.$collectionList.find('li').toArray().forEach((value) => {
       const existingValue = $(value).find('input').val();
       if (existingValue === newElement.val()) {
-        isUniqe = false;
+        isUnique = false;
       }
     });
 
-    return isUniqe;
+    return isUnique;
   }
 }
 

app/js/components/form.ts

@@ -0,0 +1,13 @@
+'use strict';
+
+import * as $ from 'jquery';
+
+/**
+ * Add prevent submission of forms by pressing enter in input fields
+ * @param $input
+ */
+$(document).on('keydown', ':input:not(textarea):not(:submit)', (event: JQuery.Event) => {
+  if (event.key === 'Enter') {
+    event.preventDefault();
+  }
+});

app/scss/components/flash.scss

@@ -48,7 +48,16 @@ div.flash {
       padding: 6px;
     }
   }
+}
 
-
-
+div.card.messages {
+  border-top-color: $green;
+  padding-bottom: 5px;
+  i {
+    font-size: larger;
+    font-style: normal;
+  }
+  .message {
+    margin-bottom: 5px;
+  }
 }

app/scss/pages/service_edit.scss

@@ -86,6 +86,7 @@ form {
   }
 
   .form-row {
+
     .radio-container {
       border: 1px solid $lighter-grey;
       border-radius: $br;
@@ -105,6 +106,10 @@ form {
       }
     }
 
+    .wide .radio-container {
+      width: 100%;
+    }
+
     .input-container {
       background-color: $light-blue;
       display: inline-block;

src/Surfnet/ServiceProviderDashboard/Application/Command/Entity/SaveOidcEntityCommand.php

@@ -27,7 +27,6 @@
 use Surfnet\ServiceProviderDashboard\Domain\ValueObject\OidcGrantType;
 use Surfnet\ServiceProviderDashboard\Infrastructure\DashboardBundle\Validator\Constraints as SpDashboardAssert;
 use Symfony\Component\Validator\Constraints as Assert;
-use Symfony\Component\Validator\Context\ExecutionContextInterface;
 
 /**
  * @SuppressWarnings(PHPMD.TooManyFields)

src/Surfnet/ServiceProviderDashboard/Application/Command/Entity/SaveOidcngEntityCommand.php

@@ -26,7 +26,6 @@
 use Surfnet\ServiceProviderDashboard\Domain\ValueObject\OidcGrantType;
 use Surfnet\ServiceProviderDashboard\Infrastructure\DashboardBundle\Validator\Constraints as SpDashboardAssert;
 use Symfony\Component\Validator\Constraints as Assert;
-use Symfony\Component\Validator\Context\ExecutionContextInterface;
 
 /**
  * @SuppressWarnings(PHPMD.TooManyFields)
@@ -107,11 +106,11 @@ class SaveOidcngEntityCommand implements SaveEntityCommandInterface
     private $isPublicClient;
 
     /**
-     * @var OidcGrantType
+     * @var string $grantType defaults to OidcGrantType::GRANT_TYPE_AUTHORIZATION_CODE
      *
      * @Assert\NotBlank()
      */
-    private $grantType;
+    private $grantType = OidcGrantType::GRANT_TYPE_AUTHORIZATION_CODE;
 
     /**
      * @var int
@@ -381,6 +380,11 @@ class SaveOidcngEntityCommand implements SaveEntityCommandInterface
      */
     private $protocol = Entity::TYPE_OPENID_CONNECT_TNG;
 
+    /**
+     * @var string[]
+     */
+    private $resourceServers = [];
+
     private function __construct()
     {
     }
@@ -393,7 +397,6 @@ public static function forCreateAction(Service $service)
     {
         $command = new self();
         $command->service = $service;
-
         return $command;
     }
 
@@ -419,7 +422,7 @@ public static function fromEntity(Entity $entity)
         $command->nameNl = $entity->getNameNl();
         $command->nameEn = $entity->getNameEn();
         // The SAML nameidformat is used as the OIDC subject type https://www.pivotaltracker.com/story/show/167511146
-        $command->subjectType = $entity->getNameIdFormat();
+        $command->setSubjectType($entity->getNameIdFormat());
         $command->descriptionNl = $entity->getDescriptionNl();
         $command->descriptionEn = $entity->getDescriptionEn();
         $command->applicationUrl = $entity->getApplicationUrl();
@@ -452,6 +455,7 @@ public static function fromEntity(Entity $entity)
         $command->isPublicClient = $entity->isPublicClient();
         $command->accessTokenValidity = (int) $entity->getAccessTokenValidity();
         $command->enablePlayground = $entity->isEnablePlayground();
+        $command->resourceServers = $entity->getOidcngResourceServers()->getResourceServers();
 
         return $command;
     }
@@ -1221,5 +1225,26 @@ public function getSubjectType()
     public function setSubjectType($subjectType)
     {
         $this->subjectType = $subjectType;
+        // If the SubjectType is not set in the draft, we set the default value (transient) as requested in:
+        // https://www.pivotaltracker.com/story/show/167511146
+        if (is_null($subjectType)) {
+            $this->subjectType = Entity::NAME_ID_FORMAT_TRANSIENT;
+        }
+    }
+
+    /**
+     * @return string[]
+     */
+    public function getOidcngResourceServers()
+    {
+        return $this->resourceServers;
+    }
+
+    /**
+     * @param string[] $resourceServers
+     */
+    public function setOidcngResourceServers($resourceServers)
+    {
+        $this->resourceServers = $resourceServers;
     }
 }