Merge pull request #467 from OpenConext/feature/bugfix-check-self-vetting-in-mw

pablothedude · web-flow · commit 97ff31090361 · 2025-05-27T13:27:50.000+02:00
Use SAT endpoint to validate if SAT is allowed
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+# 5.0.6
+- Fix: Vetting with a self asserted token is not allowed when adding a token, the user is always
+  directed to the RA vetting page #466
+
 # 5.0.5
 - Use a SAML (entitlement) attribute to decide what activation flows
   a user may use #336
diff --git a/composer.lock b/composer.lock
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Service/AuthorizationService.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Service/AuthorizationService.php
@@ -36,7 +36,7 @@ public function mayRegisterSelfAssertedTokens(Identity $identity): bool
 
     public function maySelfVetSelfAssertedTokens(Identity $identity): bool
     {
-        return $this->authorizationService->assertRegistrationOfSelfAssertedTokensIsAllowed($identity);
+        return $this->authorizationService->assertSelfVettingOfSelfAssertedTokensIsAllowed($identity);
     }
 
     public function mayRegisterRecoveryTokens(Identity $identity): bool

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ public function mayRegisterSelfAssertedTokens(Identity $identity): bool`
`36`	`36`
`37`	`37`	`public function maySelfVetSelfAssertedTokens(Identity $identity): bool`
`38`	`38`	`{`
`39`		`- return $this->authorizationService->assertRegistrationOfSelfAssertedTokensIsAllowed($identity);`
	`39`	`+ return $this->authorizationService->assertSelfVettingOfSelfAssertedTokensIsAllowed($identity);`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`public function mayRegisterRecoveryTokens(Identity $identity): bool`