From e84e47f2ab9183b0b214aca6aaa9867d38a37471 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Thu, 4 Jan 2024 13:57:10 +0100 Subject: [PATCH 1/4] Perform input validation on activation codes and document numbers --- .../Identity/Entity/VerifiedSecondFactor.php | 10 ++++++---- .../Stepup/Identity/Value/DocumentNumber.php | 16 ++++++++++------ 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/src/Surfnet/Stepup/Identity/Entity/VerifiedSecondFactor.php b/src/Surfnet/Stepup/Identity/Entity/VerifiedSecondFactor.php index 138b6c719..9a0a1ae8e 100644 --- a/src/Surfnet/Stepup/Identity/Entity/VerifiedSecondFactor.php +++ b/src/Surfnet/Stepup/Identity/Entity/VerifiedSecondFactor.php @@ -35,6 +35,8 @@ use Surfnet\StepupBundle\Value\SecondFactorType; use Surfnet\StepupBundle\Value\VettingType as StepupVettingType; +use function preg_match; + /** * A second factor whose possession has been proven by the registrant and the registrant's e-mail address has been * verified. The registrant must visit a registration authority next. @@ -89,10 +91,10 @@ public static function create( SecondFactorType $type, SecondFactorIdentifier $secondFactorIdentifier, DateTime $registrationRequestedAt, - $registrationCode + string $registrationCode ) { - if (!is_string($registrationCode)) { - throw InvalidArgumentException::invalidType('string', 'registrationCode', $registrationCode); + if (!preg_match('/^[A-Z0-9]{8}$/i', $registrationCode)) { + throw InvalidArgumentException::invalidType('valid characters', 'registrationCode', $registrationCode); } $secondFactor = new self; @@ -123,7 +125,7 @@ public function getId() * @param SecondFactorIdentifier $secondFactorIdentifier * @return bool */ - public function hasRegistrationCodeAndIdentifier($registrationCode, SecondFactorIdentifier $secondFactorIdentifier) + public function hasRegistrationCodeAndIdentifier(string $registrationCode, SecondFactorIdentifier $secondFactorIdentifier) { return strcasecmp($registrationCode, $this->registrationCode) === 0 && $secondFactorIdentifier->equals($this->secondFactorIdentifier); diff --git a/src/Surfnet/Stepup/Identity/Value/DocumentNumber.php b/src/Surfnet/Stepup/Identity/Value/DocumentNumber.php index 90d558143..e87ee2a69 100644 --- a/src/Surfnet/Stepup/Identity/Value/DocumentNumber.php +++ b/src/Surfnet/Stepup/Identity/Value/DocumentNumber.php @@ -21,6 +21,8 @@ use JsonSerializable; use Surfnet\Stepup\Exception\InvalidArgumentException; +use function preg_match; + final class DocumentNumber implements JsonSerializable { /** @@ -31,18 +33,20 @@ final class DocumentNumber implements JsonSerializable /** * @return self */ - public static function unknown() + public static function unknown(): self { - return new self('—'); + return new self('–'); } /** * @param string $documentNumber */ - public function __construct($documentNumber) + public function __construct(string $documentNumber) { - if (!is_string($documentNumber) || empty($documentNumber)) { + if (empty($documentNumber)) { throw InvalidArgumentException::invalidType('non-empty string', 'documentNumber', $documentNumber); + } elseif (!preg_match('/^([-]|[A-Z0-9-]{6})$/i', $documentNumber)) { + throw InvalidArgumentException::invalidType('valid characters', 'documentNumber', $documentNumber); } $this->documentNumber = $documentNumber; @@ -51,7 +55,7 @@ public function __construct($documentNumber) /** * @return string */ - public function getDocumentNumber() + public function getDocumentNumber(): string { return $this->documentNumber; } @@ -61,7 +65,7 @@ public function __toString() return $this->documentNumber; } - public function equals(DocumentNumber $other) + public function equals(DocumentNumber $other): bool { return $this->documentNumber === $other->documentNumber; } From aff9b0f5a38481240616f578e2a27cc8508437f6 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Thu, 4 Jan 2024 15:36:57 +0100 Subject: [PATCH 2/4] Test document number in a more meaningful way --- .../Identity/Value/DocumentNumberTest.php | 73 +++++++++++++++---- 1 file changed, 58 insertions(+), 15 deletions(-) diff --git a/src/Surfnet/Stepup/Tests/Identity/Value/DocumentNumberTest.php b/src/Surfnet/Stepup/Tests/Identity/Value/DocumentNumberTest.php index 71d79a299..ca1883aa1 100644 --- a/src/Surfnet/Stepup/Tests/Identity/Value/DocumentNumberTest.php +++ b/src/Surfnet/Stepup/Tests/Identity/Value/DocumentNumberTest.php @@ -19,6 +19,7 @@ namespace Surfnet\Stepup\Tests\Identity\Value; use PHPUnit\Framework\TestCase as UnitTest; +use Surfnet\Stepup\Exception\InvalidArgumentException; use Surfnet\Stepup\Identity\Value\DocumentNumber; class DocumentNumberTest extends UnitTest @@ -26,25 +27,51 @@ class DocumentNumberTest extends UnitTest /** * @test * @group domain - * @dataProvider invalidArgumentProvider + * @dataProvider validDocumentNumberProvider * - * @param mixed $invalidValue + * @param string $documentNumber */ - public function the_document_number_must_be_a_non_empty_string($invalidValue) + public function the_document_number_must_be_valid(string $documentNumber): void { - $this->expectException(\Surfnet\Stepup\Exception\InvalidArgumentException::class); + $document = new DocumentNumber($documentNumber); + $this->assertInstanceOf(DocumentNumber::class, $document); + } + + + /** + * @test + * @group domain + * @dataProvider invalidDocumentNumberProvider + * + * @param string $invalidValue + */ + public function the_document_number_must_not_contain_illegal_characters(string $invalidValue): void + { + $this->expectException(InvalidArgumentException::class); new DocumentNumber($invalidValue); } + + /** + * @test + * @group domain + */ + public function the_document_number_must_be_a_non_empty_string(): void + { + $this->expectException(InvalidArgumentException::class); + new DocumentNumber(''); + } + + /** * @test * @group domain */ - public function two_document_numbers_with_the_same_value_are_equal() + public function two_document_numbers_with_the_same_value_are_equal(): void { - $commonName = new DocumentNumber('John Doe'); - $theSame = new DocumentNumber('John Doe'); - $different = new DocumentNumber('Jane Doe'); + $commonName = new DocumentNumber('JHA1B4'); + $theSame = new DocumentNumber('JHA1B4'); + $different = new DocumentNumber('IGZ0A3'); $unknown = DocumentNumber::unknown(); $this->assertTrue($commonName->equals($theSame)); @@ -52,17 +79,33 @@ public function two_document_numbers_with_the_same_value_are_equal() $this->assertFalse($commonName->equals($unknown)); } + + /** + * provider for {@see the_document_number_address_must_not_contain_illegal_characters()} + */ + public function invalidDocumentNumberProvider(): array + { + return [ + 'Illegal character' => ['#12345'], + 'Too long' => ['TooLong'], + 'Too short' => ['Shor'], // Short + 'Contains space' => ['AB 123'], + ]; + } + + /** - * provider for {@see the_document_number_address_must_be_a_non_empty_string()} + * provider for {@see the_document_number_address_must_be_valid()} */ - public function invalidArgumentProvider() + public function validDocumentNumberProvider(): array { return [ - 'empty string' => [''], - 'array' => [[]], - 'integer' => [1], - 'float' => [1.2], - 'object' => [new \StdClass()], + 'Single hyphen' => ['-'], + 'Contains hyphen' => ['123-45'], + 'Unknown document' => ['–'], + 'Uppercase' => ['A1B2C3'], + 'Lowercase' => ['a2b2c3'], + 'Mixed case' => ['a2B2c3'], ]; } } From afe4604cad013c7599227537551e54d153fab850 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Thu, 4 Jan 2024 17:42:08 +0100 Subject: [PATCH 3/4] Replace non-standard character for unknown document with null-case --- .../Stepup/Identity/Value/DocumentNumber.php | 19 +++++++++++-------- .../Identity/Value/DocumentNumberTest.php | 6 +++--- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/Surfnet/Stepup/Identity/Value/DocumentNumber.php b/src/Surfnet/Stepup/Identity/Value/DocumentNumber.php index e87ee2a69..aef671a76 100644 --- a/src/Surfnet/Stepup/Identity/Value/DocumentNumber.php +++ b/src/Surfnet/Stepup/Identity/Value/DocumentNumber.php @@ -22,11 +22,12 @@ use Surfnet\Stepup\Exception\InvalidArgumentException; use function preg_match; +use function strval; final class DocumentNumber implements JsonSerializable { /** - * @var string + * @var string|null */ private $documentNumber; @@ -35,15 +36,17 @@ final class DocumentNumber implements JsonSerializable */ public static function unknown(): self { - return new self('–'); + return new self(null); } /** - * @param string $documentNumber + * @param string|null $documentNumber */ - public function __construct(string $documentNumber) + public function __construct(?string $documentNumber) { - if (empty($documentNumber)) { + if ($documentNumber === null) { + // Created using the static ::unknown method + } elseif (empty($documentNumber)) { throw InvalidArgumentException::invalidType('non-empty string', 'documentNumber', $documentNumber); } elseif (!preg_match('/^([-]|[A-Z0-9-]{6})$/i', $documentNumber)) { throw InvalidArgumentException::invalidType('valid characters', 'documentNumber', $documentNumber); @@ -53,16 +56,16 @@ public function __construct(string $documentNumber) } /** - * @return string + * @return string|null */ - public function getDocumentNumber(): string + public function getDocumentNumber(): ?string { return $this->documentNumber; } public function __toString() { - return $this->documentNumber; + return strval($this->documentNumber); } public function equals(DocumentNumber $other): bool diff --git a/src/Surfnet/Stepup/Tests/Identity/Value/DocumentNumberTest.php b/src/Surfnet/Stepup/Tests/Identity/Value/DocumentNumberTest.php index ca1883aa1..f48f26bdb 100644 --- a/src/Surfnet/Stepup/Tests/Identity/Value/DocumentNumberTest.php +++ b/src/Surfnet/Stepup/Tests/Identity/Value/DocumentNumberTest.php @@ -29,9 +29,9 @@ class DocumentNumberTest extends UnitTest * @group domain * @dataProvider validDocumentNumberProvider * - * @param string $documentNumber + * @param string|null $documentNumber */ - public function the_document_number_must_be_valid(string $documentNumber): void + public function the_document_number_must_be_valid(?string $documentNumber): void { $document = new DocumentNumber($documentNumber); $this->assertInstanceOf(DocumentNumber::class, $document); @@ -102,7 +102,7 @@ public function validDocumentNumberProvider(): array return [ 'Single hyphen' => ['-'], 'Contains hyphen' => ['123-45'], - 'Unknown document' => ['–'], + 'Unknown document' => [null], 'Uppercase' => ['A1B2C3'], 'Lowercase' => ['a2b2c3'], 'Mixed case' => ['a2B2c3'], From d470e6f96344232b94c80a1d48ab327cefa10620 Mon Sep 17 00:00:00 2001 From: Tim van Dijen Date: Thu, 4 Jan 2024 17:56:32 +0100 Subject: [PATCH 4/4] Fix secondary tests --- ...entSerializationAndDeserializationTest.php | 16 ++--- .../Doctrine/Type/DocumentNumberTypeTest.php | 6 +- .../IdentityCommandHandlerMoveTokenTest.php | 4 +- ...tyCommandHandlerSelfAssertedTokensTest.php | 18 +++--- .../IdentityCommandHandlerTest.php | 64 +++++++++---------- .../SecondFactorRevocationTest.php | 24 +++---- .../Tests/SensitiveData/SensitiveDataTest.php | 4 +- 7 files changed, 68 insertions(+), 68 deletions(-) diff --git a/src/Surfnet/Stepup/Tests/Identity/Event/EventSerializationAndDeserializationTest.php b/src/Surfnet/Stepup/Tests/Identity/Event/EventSerializationAndDeserializationTest.php index c1d4cca76..9fb049f4c 100644 --- a/src/Surfnet/Stepup/Tests/Identity/Event/EventSerializationAndDeserializationTest.php +++ b/src/Surfnet/Stepup/Tests/Identity/Event/EventSerializationAndDeserializationTest.php @@ -551,7 +551,7 @@ public function serializedDataProvider(){ // Tests for changes in BC support for adding the VettingType in the SecondFactorVettedEvents in favour of the 'DocumentNumber' 'SecondFactorVettedEvent:support-new-event-with-vetting-type' => [ '{"identity_id":"b260f10b-ce7c-4d09-b6a4-50a3923d637f","name_id":"urn:collab:person:Institution-D.EXAMPLE.COM:jane-d1","identity_institution":"institution-d.example.com","second_factor_id":"512de1ff-0ae0-41b7-bb21-b71d77e570b8","second_factor_type":"yubikey","preferred_locale":"nl_NL"}', - '{"common_name":"jane-d1 Institution-D.EXAMPLE.COM","email":"jane+jane-d1@stepup.example.com","second_factor_type":"yubikey","second_factor_identifier":"123465293846985","vetting_type":{"type":"on-premise","document_number":"012345678"}}', + '{"common_name":"jane-d1 Institution-D.EXAMPLE.COM","email":"jane+jane-d1@stepup.example.com","second_factor_type":"yubikey","second_factor_identifier":"123465293846985","vetting_type":{"type":"on-premise","document_number":"AB-123"}}', new SecondFactorVettedEvent( new IdentityId('b260f10b-ce7c-4d09-b6a4-50a3923d637f'), new NameId('urn:collab:person:Institution-D.EXAMPLE.COM:jane-d1'), @@ -562,12 +562,12 @@ public function serializedDataProvider(){ new CommonName('jane-d1 Institution-D.EXAMPLE.COM'), new Email('jane+jane-d1@stepup.example.com'), new Locale('nl_NL'), - new OnPremiseVettingType(new DocumentNumber('012345678')) + new OnPremiseVettingType(new DocumentNumber('AB-123')) ), ], 'SecondFactorVettedEvent:support-old-event-with-document-number' => [ '{"identity_id":"b260f10b-ce7c-4d09-b6a4-50a3923d637f","name_id":"urn:collab:person:Institution-D.EXAMPLE.COM:jane-d1","identity_institution":"institution-d.example.com","second_factor_id":"512de1ff-0ae0-41b7-bb21-b71d77e570b8","second_factor_type":"yubikey","preferred_locale":"nl_NL"}', - '{"common_name":"jane-d1 Institution-D.EXAMPLE.COM","email":"jane+jane-d1@stepup.example.com","second_factor_type":"yubikey","second_factor_identifier":"123465293846985","document_number":"012345678"}', + '{"common_name":"jane-d1 Institution-D.EXAMPLE.COM","email":"jane+jane-d1@stepup.example.com","second_factor_type":"yubikey","second_factor_identifier":"123465293846985","document_number":"AB-123"}', new SecondFactorVettedEvent( new IdentityId('b260f10b-ce7c-4d09-b6a4-50a3923d637f'), new NameId('urn:collab:person:Institution-D.EXAMPLE.COM:jane-d1'), @@ -578,12 +578,12 @@ public function serializedDataProvider(){ new CommonName('jane-d1 Institution-D.EXAMPLE.COM'), new Email('jane+jane-d1@stepup.example.com'), new Locale('nl_NL'), - new OnPremiseVettingType(new DocumentNumber('012345678')) + new OnPremiseVettingType(new DocumentNumber('AB-123')) ), ], 'SecondFactorVettedWithoutTokenProofOfPossession:support-new-event-with-vetting-type' => [ '{"identity_id":"b260f10b-ce7c-4d09-b6a4-50a3923d637f","name_id":"urn:collab:person:Institution-D.EXAMPLE.COM:jane-d1","identity_institution":"institution-d.example.com","second_factor_id":"512de1ff-0ae0-41b7-bb21-b71d77e570b8","second_factor_type":"yubikey","preferred_locale":"nl_NL"}', - '{"common_name":"jane-d1 Institution-D.EXAMPLE.COM","email":"jane+jane-d1@stepup.example.com","second_factor_type":"yubikey","second_factor_identifier":"123465293846985","vetting_type":{"type":"on-premise","document_number":"012345678"}}', + '{"common_name":"jane-d1 Institution-D.EXAMPLE.COM","email":"jane+jane-d1@stepup.example.com","second_factor_type":"yubikey","second_factor_identifier":"123465293846985","vetting_type":{"type":"on-premise","document_number":"AB-123"}}', new SecondFactorVettedWithoutTokenProofOfPossession( new IdentityId('b260f10b-ce7c-4d09-b6a4-50a3923d637f'), new NameId('urn:collab:person:Institution-D.EXAMPLE.COM:jane-d1'), @@ -594,12 +594,12 @@ public function serializedDataProvider(){ new CommonName('jane-d1 Institution-D.EXAMPLE.COM'), new Email('jane+jane-d1@stepup.example.com'), new Locale('nl_NL'), - new OnPremiseVettingType(new DocumentNumber('012345678')) + new OnPremiseVettingType(new DocumentNumber('AB-123')) ), ], 'SecondFactorVettedWithoutTokenProofOfPossession:support-old-event-with-document-number' => [ '{"identity_id":"b260f10b-ce7c-4d09-b6a4-50a3923d637f","name_id":"urn:collab:person:Institution-D.EXAMPLE.COM:jane-d1","identity_institution":"institution-d.example.com","second_factor_id":"512de1ff-0ae0-41b7-bb21-b71d77e570b8","second_factor_type":"yubikey","preferred_locale":"nl_NL"}', - '{"common_name":"jane-d1 Institution-D.EXAMPLE.COM","email":"jane+jane-d1@stepup.example.com","second_factor_type":"yubikey","second_factor_identifier":"123465293846985","document_number":"012345678"}', + '{"common_name":"jane-d1 Institution-D.EXAMPLE.COM","email":"jane+jane-d1@stepup.example.com","second_factor_type":"yubikey","second_factor_identifier":"123465293846985","document_number":"AB-123"}', new SecondFactorVettedWithoutTokenProofOfPossession( new IdentityId('b260f10b-ce7c-4d09-b6a4-50a3923d637f'), new NameId('urn:collab:person:Institution-D.EXAMPLE.COM:jane-d1'), @@ -610,7 +610,7 @@ public function serializedDataProvider(){ new CommonName('jane-d1 Institution-D.EXAMPLE.COM'), new Email('jane+jane-d1@stepup.example.com'), new Locale('nl_NL'), - new OnPremiseVettingType(new DocumentNumber('012345678')) + new OnPremiseVettingType(new DocumentNumber('AB-123')) ), ], ]; diff --git a/src/Surfnet/StepupMiddleware/ApiBundle/Tests/Doctrine/Type/DocumentNumberTypeTest.php b/src/Surfnet/StepupMiddleware/ApiBundle/Tests/Doctrine/Type/DocumentNumberTypeTest.php index c40641c97..2e1ac2fe3 100644 --- a/src/Surfnet/StepupMiddleware/ApiBundle/Tests/Doctrine/Type/DocumentNumberTypeTest.php +++ b/src/Surfnet/StepupMiddleware/ApiBundle/Tests/Doctrine/Type/DocumentNumberTypeTest.php @@ -65,11 +65,11 @@ public function a_normal_document_number_is_converted_to_a_database_value() { $type = Type::getType(DocumentNumberType::NAME); - $input = new DocumentNumber('a'); + $input = new DocumentNumber('A1B2C3'); $output = $type->convertToDatabaseValue($input, $this->platform); $this->assertTrue(is_string($output)); - $this->assertEquals('a', $output); + $this->assertEquals('A1B2C3', $output); } /** @@ -108,7 +108,7 @@ public function a_non_null_value_is_converted_to_the_stepup_document_number_obje { $type = Type::getType(DocumentNumberType::NAME); - $input = '12345'; + $input = 'A12345'; $output = $type->convertToPHPValue($input, $this->platform); $this->assertInstanceOf('Surfnet\Stepup\Identity\Value\DocumentNumber', $output); diff --git a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerMoveTokenTest.php b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerMoveTokenTest.php index fb5d83d82..26163d7d4 100644 --- a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerMoveTokenTest.php +++ b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerMoveTokenTest.php @@ -461,7 +461,7 @@ public function test_can_not_be_moved_if_already_present_as_vetted_token() new SecondFactorType('yubikey'), $targetYubikeySecFacId, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $targetRegistrantCommonName, $targetRegistrantEmail, new Locale('en_GB') @@ -569,7 +569,7 @@ public function test_can_not_be_moved_if_already_present_as_verified_token() new SecondFactorType('yubikey'), $targetYubikeySecFacId, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $targetRegistrantCommonName, $targetRegistrantEmail, new Locale('en_GB') diff --git a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerSelfAssertedTokensTest.php b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerSelfAssertedTokensTest.php index 396a7d3dc..f86cfa7ec 100644 --- a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerSelfAssertedTokensTest.php +++ b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerSelfAssertedTokensTest.php @@ -561,7 +561,7 @@ public function test_a_token_can_be_registered_self_asserted() new SecondFactorType('yubikey'), $yubikeyPublicId, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $this->commonName, $this->email, new Locale('en_GB') @@ -644,7 +644,7 @@ public function test_self_asserted_token_registration_requires_possession_of_rec new SecondFactorType('yubikey'), $yubikeyPublicId, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $this->commonName, $this->email, new Locale('en_GB') @@ -721,7 +721,7 @@ public function test_a_sat_token_can_be_used_to_self_vet_a_token() $command = new SelfVetSecondFactorCommand(); $command->secondFactorId = '+31 (0) 612345678'; - $command->registrationCode = 'REGCODE'; + $command->registrationCode = 'A1B2C3D4'; $command->identityId = $this->id->getIdentityId(); $command->authoringSecondFactorLoa = "loa-self-asserted"; $command->secondFactorType = 'sms'; @@ -754,7 +754,7 @@ public function test_a_sat_token_can_be_used_to_self_vet_a_token() new SecondFactorType('yubikey'), $yubikeyPublicId, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $this->commonName, $this->email, new Locale('en_GB') @@ -803,7 +803,7 @@ public function test_a_sat_token_can_be_used_to_self_vet_a_token() new SecondFactorType('sms'), $phoneIdentifier, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $this->commonName, $this->email, new Locale('en_GB') @@ -855,7 +855,7 @@ public function test_sat_not_allowed_when_one_vetted_token_is_identity_vetted() $command = new SelfVetSecondFactorCommand(); $command->secondFactorId = 'identifier-for-a-gssp'; - $command->registrationCode = 'REGCODE'; + $command->registrationCode = 'A1B2C3D4'; $command->identityId = $this->id->getIdentityId(); $command->authoringSecondFactorLoa = "loa-self-asserted"; $command->secondFactorType = 'tiqr'; @@ -905,7 +905,7 @@ public function test_sat_not_allowed_when_one_vetted_token_is_identity_vetted() new SecondFactorType('yubikey'), $yubikeyPublicId, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $this->commonName, $this->email, new Locale('en_GB') @@ -954,7 +954,7 @@ public function test_sat_not_allowed_when_one_vetted_token_is_identity_vetted() new SecondFactorType('sms'), $phoneIdentifier, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $this->commonName, $this->email, new Locale('en_GB') @@ -995,7 +995,7 @@ public function test_sat_not_allowed_when_one_vetted_token_is_identity_vetted() new SecondFactorType('tiqr'), $gsspIdentifier, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $this->commonName, $this->email, new Locale('en_GB') diff --git a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerTest.php b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerTest.php index c1c37db74..665423722 100644 --- a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerTest.php +++ b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/IdentityCommandHandlerTest.php @@ -262,7 +262,7 @@ public function a_yubikey_possession_can_be_proven() DateTimeHelper::setCurrentTime(new DateTime(new CoreDateTime('@12345'))); m::mock('alias:Surfnet\StepupBundle\Security\OtpGenerator') - ->shouldReceive('generate')->once()->andReturn('regcode'); + ->shouldReceive('generate')->once()->andReturn('A1B2C3D4'); m::mock('alias:Surfnet\Stepup\Token\TokenGenerator') ->shouldReceive('generateNonce')->once()->andReturn('nonce'); @@ -326,7 +326,7 @@ public function a_yubikey_possession_cannot_be_proven_if_the_second_factor_is_no DateTimeHelper::setCurrentTime(new DateTime(new CoreDateTime('@12345'))); m::mock('alias:Surfnet\StepupBundle\Security\OtpGenerator') - ->shouldReceive('generate')->once()->andReturn('regcode'); + ->shouldReceive('generate')->once()->andReturn('A1B2C3D4'); m::mock('alias:Surfnet\Stepup\Token\TokenGenerator') ->shouldReceive('generateNonce')->once()->andReturn('nonce'); @@ -435,7 +435,7 @@ public function a_phone_possession_can_be_proven() DateTimeHelper::setCurrentTime(new DateTime(new CoreDateTime('@12345'))); m::mock('alias:Surfnet\StepupBundle\Security\OtpGenerator') - ->shouldReceive('generate')->once()->andReturn('regcode'); + ->shouldReceive('generate')->once()->andReturn('A1B2C3D4'); m::mock('alias:Surfnet\Stepup\Token\TokenGenerator') ->shouldReceive('generateNonce')->once()->andReturn('nonce'); @@ -499,7 +499,7 @@ public function a_phone_possession_cannot_be_proven_if_the_second_factor_is_not_ DateTimeHelper::setCurrentTime(new DateTime(new CoreDateTime('@12345'))); m::mock('alias:Surfnet\StepupBundle\Security\OtpGenerator') - ->shouldReceive('generate')->once()->andReturn('regcode'); + ->shouldReceive('generate')->once()->andReturn('A1B2C3D4'); m::mock('alias:Surfnet\Stepup\Token\TokenGenerator') ->shouldReceive('generateNonce')->once()->andReturn('nonce'); @@ -548,7 +548,7 @@ public function a_gssf_possession_can_be_proven() DateTimeHelper::setCurrentTime(new DateTime(new CoreDateTime('@12345'))); m::mock('alias:Surfnet\StepupBundle\Security\OtpGenerator') - ->shouldReceive('generate')->once()->andReturn('regcode'); + ->shouldReceive('generate')->once()->andReturn('A1B2C3D4'); $nonce = 'nonce'; m::mock('alias:Surfnet\Stepup\Token\TokenGenerator') @@ -626,7 +626,7 @@ public function a_gssf_possession_can_not_be_proven_if_the_second_factor_is_not_ DateTimeHelper::setCurrentTime(new DateTime(new CoreDateTime('@12345'))); m::mock('alias:Surfnet\StepupBundle\Security\OtpGenerator') - ->shouldReceive('generate')->once()->andReturn('regcode'); + ->shouldReceive('generate')->once()->andReturn('A1B2C3D4'); $nonce = 'nonce'; m::mock('alias:Surfnet\Stepup\Token\TokenGenerator') @@ -679,7 +679,7 @@ public function a_u2f_device_possession_can_be_proven() DateTimeHelper::setCurrentTime(new DateTime(new CoreDateTime('@12345'))); m::mock('alias:Surfnet\StepupBundle\Security\OtpGenerator') - ->shouldReceive('generate')->once()->andReturn('regcode'); + ->shouldReceive('generate')->once()->andReturn('A1B2C3D4'); m::mock('alias:Surfnet\Stepup\Token\TokenGenerator') ->shouldReceive('generateNonce')->once()->andReturn('nonce'); @@ -743,7 +743,7 @@ public function a_u2f_device_possession_cannot_be_proven_if_the_second_factor_is DateTimeHelper::setCurrentTime(new DateTime(new CoreDateTime('@12345'))); m::mock('alias:Surfnet\StepupBundle\Security\OtpGenerator') - ->shouldReceive('generate')->once()->andReturn('regcode'); + ->shouldReceive('generate')->once()->andReturn('A1B2C3D4'); m::mock('alias:Surfnet\Stepup\Token\TokenGenerator') ->shouldReceive('generateNonce')->once()->andReturn('nonce'); @@ -911,7 +911,7 @@ public function an_unverified_second_factors_email_can_be_verified() DateTimeHelper::setCurrentTime(new DateTime(new CoreDateTime('@12345'))); m::mock('alias:Surfnet\StepupBundle\Security\OtpGenerator') - ->shouldReceive('generate')->once()->andReturn('regcode'); + ->shouldReceive('generate')->once()->andReturn('A1B2C3D4'); $id = new IdentityId(self::uuid()); $institution = new Institution('A Corp.'); @@ -962,7 +962,7 @@ public function an_unverified_second_factors_email_can_be_verified() new SecondFactorType('yubikey'), $secondFactorIdentifier, DateTime::now(), - 'regcode', + 'A1B2C3D4', $commonName, $email, $preferredLocale @@ -1025,7 +1025,7 @@ public function a_verified_second_factors_email_cannot_be_verified() new SecondFactorType('yubikey'), $secondFactorIdentifier, DateTime::now(), - 'regcode', + 'A1B2C3D4', $commonName, $email, $preferredLocale @@ -1206,10 +1206,10 @@ public function a_second_factor_can_be_vetted() $command->authorityId = 'AID'; $command->identityId = 'IID'; $command->secondFactorId = 'ISFID'; - $command->registrationCode = 'REGCODE'; + $command->registrationCode = 'A1B2C3D4'; $command->secondFactorType = 'yubikey'; $command->secondFactorIdentifier = '00028278'; - $command->documentNumber = 'NH9392'; + $command->documentNumber = 'ABC-12'; $command->identityVerified = true; $command->provePossessionSkipped = false; @@ -1288,7 +1288,7 @@ public function a_second_factor_can_be_vetted() new SecondFactorType('yubikey'), $registrantSecFacIdentifier, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $registrantCommonName, $registrantEmail, new Locale('en_GB') @@ -1306,7 +1306,7 @@ public function a_second_factor_can_be_vetted() $registrantCommonName, $registrantEmail, new Locale('en_GB'), - new OnPremiseVettingType(new DocumentNumber('NH9392')) + new OnPremiseVettingType(new DocumentNumber('ABC-12')) ), ]); } @@ -1324,10 +1324,10 @@ public function a_second_factor_cannot_be_vetted_without_a_secure_enough_vetted_ $command->authorityId = 'AID'; $command->identityId = 'IID'; $command->secondFactorId = 'ISFID'; - $command->registrationCode = 'REGCODE'; + $command->registrationCode = 'A1B2C3D4'; $command->secondFactorType = 'yubikey'; $command->secondFactorIdentifier = '00028278'; - $command->documentNumber = 'NH9392'; + $command->documentNumber = 'ABC-12'; $command->identityVerified = true; $authorityId = new IdentityId($command->authorityId); @@ -1381,7 +1381,7 @@ public function a_second_factor_cannot_be_vetted_without_a_secure_enough_vetted_ new SecondFactorType('sms'), $authorityPhoneNo, DateTime::now(), - 'regcode', + 'A1B2C3D4', $authorityCommonName, $authorityEmail, new Locale('en_GB') @@ -1396,7 +1396,7 @@ public function a_second_factor_cannot_be_vetted_without_a_secure_enough_vetted_ $authorityCommonName, $authorityEmail, new Locale('en_GB'), - new OnPremiseVettingType(new DocumentNumber('NG-RB-81')) + new OnPremiseVettingType(new DocumentNumber('ABC-12')) ) ]) ->withAggregateId($registrantId) @@ -1431,7 +1431,7 @@ public function a_second_factor_cannot_be_vetted_without_a_secure_enough_vetted_ new SecondFactorType('yubikey'), $registrantPubId, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $registrantCommonName, $registrantEmail, new Locale('en_GB') @@ -1449,7 +1449,7 @@ public function a_second_factor_cannot_be_vetted_without_a_secure_enough_vetted_ $registrantCommonName, $registrantEmail, new Locale('en_GB'), - new OnPremiseVettingType(new DocumentNumber('NH9392')) + new OnPremiseVettingType(new DocumentNumber('ABC-12')) ), ]); } @@ -1465,10 +1465,10 @@ public function a_second_factor_can_be_vetted_without_a_physical_proven_possessi $command->authorityId = 'AID'; $command->identityId = 'IID'; $command->secondFactorId = 'ISFID'; - $command->registrationCode = 'REGCODE'; + $command->registrationCode = 'A1B2C3D4'; $command->secondFactorType = 'yubikey'; $command->secondFactorIdentifier = '00028278'; - $command->documentNumber = 'NH9392'; + $command->documentNumber = 'ABC-12'; $command->identityVerified = true; $command->provePossessionSkipped = true; @@ -1547,7 +1547,7 @@ public function a_second_factor_can_be_vetted_without_a_physical_proven_possessi new SecondFactorType('yubikey'), $registrantSecFacIdentifier, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $registrantCommonName, $registrantEmail, new Locale('en_GB') @@ -1565,7 +1565,7 @@ public function a_second_factor_can_be_vetted_without_a_physical_proven_possessi $registrantCommonName, $registrantEmail, new Locale('en_GB'), - new OnPremiseVettingType(new DocumentNumber('NH9392')) + new OnPremiseVettingType(new DocumentNumber('ABC-12')) ), ]); } @@ -1583,10 +1583,10 @@ public function a_second_factor_cannot_be_vetted_without_physical_prove_of_posse $command->authorityId = 'AID'; $command->identityId = 'IID'; $command->secondFactorId = 'ISFID'; - $command->registrationCode = 'REGCODE'; + $command->registrationCode = 'A1B2C3D4'; $command->secondFactorType = 'yubikey'; $command->secondFactorIdentifier = '00028278'; - $command->documentNumber = 'NH9392'; + $command->documentNumber = 'ABC-12'; $command->identityVerified = true; $command->provePossessionSkipped = true; @@ -1646,7 +1646,7 @@ public function a_second_factor_cannot_be_vetted_without_physical_prove_of_posse new SecondFactorType('sms'), $authorityPhoneNo, DateTime::now(), - 'regcode', + 'A1B2C3D4', $authorityCommonName, $authorityEmail, new Locale('en_GB') @@ -1661,7 +1661,7 @@ public function a_second_factor_cannot_be_vetted_without_physical_prove_of_posse $authorityCommonName, $authorityEmail, new Locale('en_GB'), - new OnPremiseVettingType(new DocumentNumber('NG-RB-81')) + new OnPremiseVettingType(new DocumentNumber('ABC-12')) ) ]) ->withAggregateId($registrantId) @@ -1696,7 +1696,7 @@ public function a_second_factor_cannot_be_vetted_without_physical_prove_of_posse new SecondFactorType('yubikey'), $registrantPubId, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $registrantCommonName, $registrantEmail, new Locale('en_GB') @@ -1860,7 +1860,7 @@ public function a_second_factor_can_be_self_vetted() { $command = new SelfVetSecondFactorCommand(); $command->secondFactorId = '+31 (0) 612345678'; - $command->registrationCode = 'REGCODE'; + $command->registrationCode = 'A1B2C3D4'; $command->identityId = $this->uuid(); $command->authoringSecondFactorLoa = "loa-3"; $command->secondFactorType = 'sms'; @@ -1954,7 +1954,7 @@ public function a_second_factor_can_be_self_vetted() new SecondFactorType('sms'), $authorityPhoneNo, DateTime::now(), - 'REGCODE', + 'A1B2C3D4', $registrantCommonName, $registrantEmail, new Locale('en_GB') diff --git a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/SecondFactorRevocationTest.php b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/SecondFactorRevocationTest.php index f7613f750..9b806be7e 100644 --- a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/SecondFactorRevocationTest.php +++ b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/Identity/CommandHandler/SecondFactorRevocationTest.php @@ -208,7 +208,7 @@ public function an_identity_can_revoke_its_own_verified_second_factor() new SecondFactorType('yubikey'), $secondFactorIdentifier, DateTime::now(), - 'SOMEREGISTRATIONCODE', + 'A1B2C3D4', $commonName, $email, new Locale('en_GB') @@ -278,7 +278,7 @@ public function an_identity_can_revoke_its_own_vetted_second_factor() $secondFactorType, $secondFactorIdentifier, DateTime::now(), - 'SOMEREGISTRATIONCODE', + 'A1B2C3D4', $commonName, $email, new Locale('en_GB') @@ -293,7 +293,7 @@ public function an_identity_can_revoke_its_own_vetted_second_factor() $commonName, $email, new Locale('en_GB'), - new OnPremiseVettingType(new DocumentNumber('DOCUMENT_42')) + new OnPremiseVettingType(new DocumentNumber('AB-123')) ) ]) ->when($command) @@ -478,7 +478,7 @@ public function a_registration_authority_can_revoke_a_verified_second_factor() $registrantSecondFactorType, $registrantSecondFactorIdentifier, DateTime::now(), - 'REGISTRATION_CODE', + 'A1B2C3D4', $registrantCommonName, $registrantEmail, new Locale('en_GB') @@ -577,7 +577,7 @@ public function a_registration_authority_can_revoke_a_vetted_second_factor() $registrantSecondFactorType, $registrantSecondFactorIdentifier, DateTime::now(), - 'REGISTRATION_CODE', + 'A1B2C3D4', $registrantCommonName, $registrantEmail, new Locale('en_GB') @@ -592,7 +592,7 @@ public function a_registration_authority_can_revoke_a_vetted_second_factor() $registrantCommonName, $registrantEmail, new Locale('en_GB'), - new OnPremiseVettingType(new DocumentNumber('DOCUMENT_NUMBER')) + new OnPremiseVettingType(new DocumentNumber('AB-123')) ) ]) ->when($command) @@ -694,7 +694,7 @@ public function a_registration_authority_can_revoke_a_possession_proved_skipped_ $registrantSecondFactorType, $registrantSecondFactorIdentifier, DateTime::now(), - 'REGISTRATION_CODE', + 'A1B2C3D4', $registrantCommonName, $registrantEmail, new Locale('en_GB') @@ -709,7 +709,7 @@ public function a_registration_authority_can_revoke_a_possession_proved_skipped_ $registrantCommonName, $registrantEmail, new Locale('en_GB'), - new OnPremiseVettingType(new DocumentNumber('DOCUMENT_NUMBER')) + new OnPremiseVettingType(new DocumentNumber('AB-123')) ) ]) ->when($command) @@ -816,7 +816,7 @@ public function a_registration_authority_can_revoke_one_of_multiple_vetted_secon $registrantSecondFactorType, $registrantSecondFactorIdentifier, DateTime::now(), - 'REGISTRATION_CODE', + 'A1B2C3D4', $registrantCommonName, $registrantEmail, new Locale('en_GB') @@ -831,7 +831,7 @@ public function a_registration_authority_can_revoke_one_of_multiple_vetted_secon $registrantCommonName, $registrantEmail, new Locale('en_GB'), - new OnPremiseVettingType(new DocumentNumber('DOCUMENT_NUMBER')) + new OnPremiseVettingType(new DocumentNumber('AB-123')) ), // Second second factor new U2fDevicePossessionProvenEvent( @@ -856,7 +856,7 @@ public function a_registration_authority_can_revoke_one_of_multiple_vetted_secon $registrantSecondFactorType2, $registrantSecondFactorIdentifier2, DateTime::now(), - 'REGISTRATION_CODE', + 'A1B2C3D4', $registrantCommonName, $registrantEmail, new Locale('en_GB') @@ -871,7 +871,7 @@ public function a_registration_authority_can_revoke_one_of_multiple_vetted_secon $registrantCommonName, $registrantEmail, new Locale('en_GB'), - new OnPremiseVettingType(new DocumentNumber('DOCUMENT_NUMBER')) + new OnPremiseVettingType(new DocumentNumber('AB-123')) ), ]) ->when($command) diff --git a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/SensitiveData/SensitiveDataTest.php b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/SensitiveData/SensitiveDataTest.php index 69da5eb85..a58e7230b 100644 --- a/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/SensitiveData/SensitiveDataTest.php +++ b/src/Surfnet/StepupMiddleware/CommandHandlingBundle/Tests/SensitiveData/SensitiveDataTest.php @@ -87,8 +87,8 @@ public function sensitiveDataToSerialise() ], 'VettingType' => [ (new SensitiveData()) - ->withVettingType(new OnPremiseVettingType(new DocumentNumber("012345678"))), - ['VettingType' => new OnPremiseVettingType(new DocumentNumber("012345678"))], + ->withVettingType(new OnPremiseVettingType(new DocumentNumber("AB-123"))), + ['VettingType' => new OnPremiseVettingType(new DocumentNumber("AB-123"))], ], 'VettingType, forgotten' => [ (new SensitiveData())