Run only failing sso-on-2fa test

Author: pablothedude

.github/workflows/test-integration.yml

@@ -26,8 +26,6 @@ jobs:
             - name: Run CI tests
               run: |
                   cd ci/docker && docker compose exec -T gateway bash -c '
-                      ls -lah /var/www/html/var/cache && \
-                      ls -lah /var/www/html/var/cache/smoketest && \
                       composer check
                   '
 

src/Surfnet/StepupGateway/GatewayBundle/Entity/InstitutionConfiguration.php

@@ -39,9 +39,17 @@ class InstitutionConfiguration
      */
     public $ssoOn2faEnabled;
 
-    private function __construct(string $institution, bool $ssoOn2faEnabled)
+    /**
+     * * @ORM\Column(type="boolean")
+     *
+     * @var bool is the SSO registration bypass feature enabled?
+     */
+    public bool $ssoRegistrationBypass;
+
+    private function __construct(string $institution, bool $ssoOn2faEnabled, bool $ssoRegistrationBypass)
     {
         $this->institution = $institution;
         $this->ssoOn2faEnabled = $ssoOn2faEnabled;
+        $this->ssoRegistrationBypass = $ssoRegistrationBypass;
     }
 }

src/Surfnet/StepupGateway/GatewayBundle/Sso2fa/ValueObject/CookieValue.php

@@ -19,6 +19,7 @@
 namespace Surfnet\StepupGateway\GatewayBundle\Sso2fa\ValueObject;
 
 use DateTime;
+use Surfnet\StepupGateway\GatewayBundle\Sso2fa\Exception\InvalidAuthenticationTimeException;
 use function strtolower;
 use function strtotime;
 
@@ -43,7 +44,7 @@ public static function from(string $identityId, string $secondFactorId, float $l
         $cookieValue->identityId = $identityId;
         $cookieValue->loa = $loa;
         $dateTime = new DateTime();
-        $cookieValue->authenticationTime = $dateTime->format(DATE_ATOM);
+        $cookieValue->authenticationTime = $dateTime->format(DATE_RFC3339_EXTENDED);
         return $cookieValue;
     }
 
@@ -96,6 +97,13 @@ public function issuedTo(string $identityNameId): bool
 
     public function authenticationTime(): int
     {
-        return strtotime($this->authenticationTime);
+        $dateTime = DateTime::createFromFormat(DATE_RFC3339_EXTENDED, $this->authenticationTime);
+        if (!$dateTime) {
+            $dateTime = DateTime::createFromFormat(DATE_RFC3339, $this->authenticationTime);
+        }
+        if (!$dateTime) {
+            throw new InvalidAuthenticationTimeException();
+        }
+        return $dateTime->getTimestamp();
     }
 }

src/Surfnet/StepupGateway/GatewayBundle/Tests/Sso2fa/DateTime/ExpirationHelperTest.php

@@ -106,7 +106,7 @@ private function makeCookieValue(int $authenticationTime) : CookieValueInterface
             'tokenId' => 'tokenId',
             'identityId' => 'identityId',
             'loa' => 2.0,
-            'authenticationTime' => $dateTime->format(DATE_ATOM),
+            'authenticationTime' => $dateTime->format(DATE_RFC3339_EXTENDED),
         ];
         return CookieValue::deserialize(json_encode($data));
     }

src/Surfnet/StepupGateway/GatewayBundle/Tests/Sso2fa/ValueObject/CookieValueTest.php

@@ -39,7 +39,7 @@ public function test_serialize(): void
         self::assertIsString($serialized);
     }
 
-    public function test_deserialization(): void
+    public function test_serialize_and_deserialization(): void
     {
         $secondFactor = Mockery::mock(SecondFactor::class);
         $secondFactor->secondFactorId = 'abcdef-1234';
@@ -51,6 +51,24 @@ public function test_deserialization(): void
         self::assertInstanceOf(CookieValue::class, $cookieValue);
     }
 
+
+    public function test_deserialization_authentication_time_without_millis(): void
+    {
+        $serialized = '{"tokenId":"abcdef-1234","identityId":"abcdef-1234","loa":3,"authenticationTime":"2025-05-07T11:01:38+02:00"}';
+        $cookieValue = CookieValue::deserialize($serialized);
+        self::assertInstanceOf(CookieValue::class, $cookieValue);
+        self::assertSame(1746608498, $cookieValue->authenticationTime());
+    }
+
+    public function test_deserialization_authentication_time_with_millis(): void
+    {
+        $serialized = '{"tokenId":"abcdef-1234","identityId":"abcdef-1234","loa":3,"authenticationTime":"2025-05-07T11:01:38.457+02:00"}';
+        $cookieValue = CookieValue::deserialize($serialized);
+        self::assertInstanceOf(CookieValue::class, $cookieValue);
+        self::assertSame(1746608498, $cookieValue->authenticationTime());
+    }
+
+
     /**
      * @dataProvider loaProvider
      */

tests/features/bootstrap/FeatureContext.php

@@ -376,7 +376,7 @@ public function theSSO2FACookieIsRewritten(): void
 
         if ($this->previousSsoOn2faCookieValue === $cookieValue) {
             throw new ExpectationException(
-                'The SSO on 2FA cookie did not change since the previous response',
+                sprintf('The SSO on 2FA cookie did not change since the previous response: "%s" !== "%s"', $this->previousSsoOn2faCookieValue, $cookieValue),
                 $this->minkContext->getSession()->getDriver()
             );
         }

tests/src/Repository/InstitutionConfigurationRepository.php

@@ -48,10 +48,11 @@ public function configure(string $institution, string $option, bool $value)
             $data = [
                 'institution' => $institution,
                 'sso_on2fa_enabled' => $value,
+                'sso_registration_bypass' => $value,
             ];
             $sql = <<<SQL
-                INSERT INTO institution_configuration (institution, sso_on2fa_enabled)
-                VALUES (:institution, :sso_on2fa_enabled);
+                INSERT INTO institution_configuration (institution, sso_on2fa_enabled, sso_registration_bypass)
+                VALUES (:institution, :sso_on2fa_enabled, :sso_registration_bypass);
 SQL;
             $stmt = $this->connection->prepare($sql);
             if ($stmt->execute($data)) {
@@ -70,8 +71,8 @@ public function configure(string $institution, string $option, bool $value)
                 'value' => $value,
             ];
             $sql = <<<SQL
-                update gateway.institution_configuration
-                set sso_on2fa_enabled = :value
+                update institution_configuration
+                set `$option` = :value
                 where institution = :institution
             ;
 SQL;