From aae799a5fbea18dabf31a046c4d53a4a93a763d8 Mon Sep 17 00:00:00 2001 From: Steve Boyd Date: Wed, 5 Jun 2024 17:26:01 +1200 Subject: [PATCH] ENH Use class name instead of self --- src/Authenticator/LoginForm.php | 14 +-- src/Authenticator/MiniLoginForm.php | 6 +- src/Model/FederatedIdentity.php | 28 +++-- src/RealMeService.php | 175 +++++++++++++++------------- src/Task/RealMeSetupTask.php | 44 +++---- tests/RealMeServiceTest.php | 13 ++- tests/RealMeSetupTaskTest.php | 18 +-- 7 files changed, 155 insertions(+), 143 deletions(-) diff --git a/src/Authenticator/LoginForm.php b/src/Authenticator/LoginForm.php index 2ac268f..5eba9c8 100644 --- a/src/Authenticator/LoginForm.php +++ b/src/Authenticator/LoginForm.php @@ -73,7 +73,7 @@ public function __construct($controller, $name) $integrationType = $service->config()->integration_type; if ($integrationType === RealMeService::TYPE_ASSERT) { - $this->template = self::class . '/RealMeAssertForm'; + $this->template = LoginForm::class . '/RealMeAssertForm'; } if ($this->config()->include_javascript) { @@ -163,7 +163,7 @@ public function HasRealMeLastError() */ public function getAuthenticatorName() { - return _t(self::class . '.AUTHENTICATOR_NAME', 'RealMe Account'); + return _t(LoginForm::class . '.AUTHENTICATOR_NAME', 'RealMe Account'); } /** @@ -192,22 +192,22 @@ protected function getFormActions() if ($integrationType === RealMeService::TYPE_ASSERT) { $loginButtonContent = ArrayData::create(array( 'Label' => _t( - self::class . '.ASSERTLOGINBUTTON', + LoginForm::class . '.ASSERTLOGINBUTTON', 'Share your details with {orgname}', ['orgname' => $service->config()->metadata_organisation_display_name] ), 'ShowNewWindowIcon' => false - ))->renderWith(self::class . '/RealMeLoginButton'); + ))->renderWith(LoginForm::class . '/RealMeLoginButton'); } else { // Login button $loginButtonContent = ArrayData::create(array( - 'Label' => _t(self::class . '.LOGINBUTTON2', 'Log in'), + 'Label' => _t(LoginForm::class . '.LOGINBUTTON2', 'Log in'), 'ShowNewWindowIcon' => true - ))->renderWith(self::class . '/RealMeLoginButton'); + ))->renderWith(LoginForm::class . '/RealMeLoginButton'); } return FieldList::create(array( - FormAction::create('doLogin', _t(self::class . '.LOGINBUTTON2', 'Log in')) + FormAction::create('doLogin', _t(LoginForm::class . '.LOGINBUTTON2', 'Log in')) ->setUseButtonTag(true) ->setButtonContent($loginButtonContent) ->setAttribute('class', 'realme_button') diff --git a/src/Authenticator/MiniLoginForm.php b/src/Authenticator/MiniLoginForm.php index a563e96..bb3fe75 100644 --- a/src/Authenticator/MiniLoginForm.php +++ b/src/Authenticator/MiniLoginForm.php @@ -9,7 +9,7 @@ class MiniLoginForm extends LoginForm { /** * @var string The position at which the 'What's RealMe?' popup appears on hover. Can be either 'left' or 'right'. - * @see self::setMiniLoginFormPopupPosition() + * @see MiniLoginForm::setMiniLoginFormPopupPosition() */ private $popupPosition = 'left'; @@ -18,14 +18,14 @@ public function __construct($controller, $name) parent::__construct($controller, $name); $this->setFormMethod('GET', true); - $buttonName = sprintf('action_%s', self::$action_button_name); + $buttonName = sprintf('action_%s', MiniLoginForm::$action_button_name); $this->Actions()->fieldByName($buttonName)->addExtraClass('mini'); } public function getRealMeMiniLoginLink() { $fields = $this->Fields(); - $buttonName = sprintf('action_%s', self::$action_button_name); + $buttonName = sprintf('action_%s', MiniLoginForm::$action_button_name); $action = $this->Actions()->fieldByName($buttonName); $authMethod = $fields->dataFieldByName('AuthenticationMethod')->Value(); diff --git a/src/Model/FederatedIdentity.php b/src/Model/FederatedIdentity.php index d9afbec..efe8c99 100644 --- a/src/Model/FederatedIdentity.php +++ b/src/Model/FederatedIdentity.php @@ -145,7 +145,7 @@ public function __construct($nameId) */ public static function createFromXML(DOMDocument $identityDocument, $nameId) { - $identity = new self($nameId); + $identity = new FederatedIdentity($nameId); $xpath = new DOMXPath($identityDocument); $xpath->registerNamespace('p', 'urn:oasis:names:tc:ciq:xpil:3'); @@ -155,50 +155,54 @@ public static function createFromXML(DOMDocument $identityDocument, $nameId) $xpath->registerNamespace('addr', 'urn:oasis:names:tc:ciq:xal:3'); // Name elements - $identity->FirstName = self::getNodeValue( + $identity->FirstName = FederatedIdentity::getNodeValue( $xpath, "/p:Party/p:PartyName/n:PersonName/n:NameElement[@n:ElementType='FirstName']" ); - $identity->MiddleName = self::getNodeValue( + $identity->MiddleName = FederatedIdentity::getNodeValue( $xpath, "/p:Party/p:PartyName/n:PersonName/n:NameElement[@n:ElementType='MiddleName']" ); - $identity->LastName = self::getNodeValue( + $identity->LastName = FederatedIdentity::getNodeValue( $xpath, "/p:Party/p:PartyName/n:PersonName/n:NameElement[@n:ElementType='LastName']" ); // Gender - $identity->Gender = self::getNamedItemNodeValue($xpath, '/p:Party/p:PersonInfo[@p:Gender]', 'Gender'); + $identity->Gender = FederatedIdentity::getNamedItemNodeValue( + $xpath, + '/p:Party/p:PersonInfo[@p:Gender]', + 'Gender' + ); // Birth info $identity->BirthInfoQuality = $xpath->query("/p:Party/p:BirthInfo[@dataQuality:DataQualityType]"); // Birth date - $identity->BirthYear = self::getNodeValue( + $identity->BirthYear = FederatedIdentity::getNodeValue( $xpath, "/p:Party/p:BirthInfo/p:BirthInfoElement[@p:Type='BirthYear']" ); - $identity->BirthMonth = self::getNodeValue( + $identity->BirthMonth = FederatedIdentity::getNodeValue( $xpath, "/p:Party/p:BirthInfo/p:BirthInfoElement[@p:Type='BirthMonth']" ); - $identity->BirthDay = self::getNodeValue( + $identity->BirthDay = FederatedIdentity::getNodeValue( $xpath, "/p:Party/p:BirthInfo/p:BirthInfoElement[@p:Type='BirthDay']" ); // Birth place - $identity->BirthPlaceQuality = self::getNamedItemNodeValue( + $identity->BirthPlaceQuality = FederatedIdentity::getNamedItemNodeValue( $xpath, '/p:Party/p:BirthInfo/p:BirthPlaceDetails[@dataQuality:DataQualityType]', 'DataQualityType' ); - $identity->BirthPlaceCountry = self::getNodeValue( + $identity->BirthPlaceCountry = FederatedIdentity::getNodeValue( $xpath, "/p:Party/p:BirthInfo/p:BirthPlaceDetails/addr:Country/addr:NameElement[@addr:NameType='Name']" ); - $identity->BirthPlaceLocality = self::getNodeValue( + $identity->BirthPlaceLocality = FederatedIdentity::getNodeValue( $xpath, "/p:Party/p:BirthInfo/p:BirthPlaceDetails/addr:Locality/addr:NameElement[@addr:NameType='Name']" ); @@ -268,7 +272,7 @@ private static function getNodeValue(DOMXPath $xpath, $query) */ public static function createFromJSON($identityHashMap, $nameId) { - $identity = new self($nameId); + $identity = new FederatedIdentity($nameId); $identityMap = json_decode($identityHashMap ?? '', true); diff --git a/src/RealMeService.php b/src/RealMeService.php index fb3d84e..54178d6 100644 --- a/src/RealMeService.php +++ b/src/RealMeService.php @@ -77,7 +77,7 @@ class RealMeService implements TemplateGlobalProvider private static $sync_with_local_member_database = false; /** - * @var User|null User data returned by RealMe. Provided by {@link self::ensureLogin()}. + * @var User|null User data returned by RealMe. Provided by {@link RealMeService::ensureLogin()}. * * Data within this ArrayData is as follows: * - NameID: ArrayData Includes the UserFlt and associated formatting information @@ -104,7 +104,11 @@ class RealMeService implements TemplateGlobalProvider /** * @var array The RealMe environments that can be configured for use with this module. */ - private static $allowed_realme_environments = array(self::ENV_MTS, self::ENV_ITE, self::ENV_PROD); + private static $allowed_realme_environments = array( + RealMeService::ENV_MTS, + RealMeService::ENV_ITE, + RealMeService::ENV_PROD + ); /** * @config @@ -114,7 +118,7 @@ class RealMeService implements TemplateGlobalProvider */ private static $integration_type = 'login'; - private static $allowed_realme_integration_types = array(self::TYPE_LOGIN, self::TYPE_ASSERT); + private static $allowed_realme_integration_types = array(RealMeService::TYPE_LOGIN, RealMeService::TYPE_ASSERT); /** * @config @@ -123,9 +127,9 @@ class RealMeService implements TemplateGlobalProvider * the form of a URL, e.g. https://www.agency.govt.nz/privacy-realm-name/application-name */ private static $sp_entity_ids = array( - self::ENV_MTS => null, - self::ENV_ITE => null, - self::ENV_PROD => null + RealMeService::ENV_MTS => null, + RealMeService::ENV_ITE => null, + RealMeService::ENV_PROD => null ); /** @@ -134,47 +138,47 @@ class RealMeService implements TemplateGlobalProvider * intermediary IdP instead of connecting to RealMe directly. */ private static $idp_entity_ids = array( - self::ENV_MTS => array( - self::TYPE_LOGIN => 'https://login.mts.realme.govt.nz/4af8e0e0-497b-4f52-805c-00fa09b50c16' . + RealMeService::ENV_MTS => array( + RealMeService::TYPE_LOGIN => 'https://login.mts.realme.govt.nz/4af8e0e0-497b-4f52-805c-00fa09b50c16' . '/B2C_1A_DIA_RealMe_MTSLoginService', - self::TYPE_ASSERT => 'https://login.mts.realme.govt.nz/4af8e0e0-497b-4f52-805c-00fa09b50c16' . + RealMeService::TYPE_ASSERT => 'https://login.mts.realme.govt.nz/4af8e0e0-497b-4f52-805c-00fa09b50c16' . '/B2C_1A_DIA_RealMe_MTSAssertionService' ), - self::ENV_ITE => array( - self::TYPE_LOGIN => 'https://login.ite.realme.govt.nz/12c36372-4b2d-4865-b1d1-9599b0d37348' . + RealMeService::ENV_ITE => array( + RealMeService::TYPE_LOGIN => 'https://login.ite.realme.govt.nz/12c36372-4b2d-4865-b1d1-9599b0d37348' . '/B2C_1A_DIA_RealMe_LoginService', - self::TYPE_ASSERT => 'https://login.ite.realme.govt.nz/12c36372-4b2d-4865-b1d1-9599b0d37348' . + RealMeService::TYPE_ASSERT => 'https://login.ite.realme.govt.nz/12c36372-4b2d-4865-b1d1-9599b0d37348' . '/B2C_1A_DIA_RealMe_AssertionService' ), - self::ENV_PROD => array( - self::TYPE_LOGIN => 'https://login.realme.govt.nz/32179062-92f6-4eb0-89bc-df400a9e0367' . + RealMeService::ENV_PROD => array( + RealMeService::TYPE_LOGIN => 'https://login.realme.govt.nz/32179062-92f6-4eb0-89bc-df400a9e0367' . '/B2C_1A_DIA_RealMe_LoginService', - self::TYPE_ASSERT => 'https://login.realme.govt.nz/32179062-92f6-4eb0-89bc-df400a9e0367' . + RealMeService::TYPE_ASSERT => 'https://login.realme.govt.nz/32179062-92f6-4eb0-89bc-df400a9e0367' . '/B2C_1A_DIA_RealMe_AssertionService', ) ); private static $idp_sso_service_urls = array( - self::ENV_MTS => array( - self::TYPE_LOGIN => 'https://login.mts.realme.govt.nz/b2cdiamts01rmpubdir.onmicrosoft.com' . + RealMeService::ENV_MTS => array( + RealMeService::TYPE_LOGIN => 'https://login.mts.realme.govt.nz/b2cdiamts01rmpubdir.onmicrosoft.com' . '/B2C_1A_DIA_RealMe_MTSLoginService/samlp/sso/login', - self::TYPE_ASSERT => 'https://login.mts.realme.govt.nz/b2cdiamts01rmpubdir.onmicrosoft.com' . + RealMeService::TYPE_ASSERT => 'https://login.mts.realme.govt.nz/b2cdiamts01rmpubdir.onmicrosoft.com' . '/B2C_1A_DIA_RealMe_MTSAssertionService/samlp/sso/login' ), - self::ENV_ITE => array( - self::TYPE_LOGIN => 'https://login.ite.realme.govt.nz/b2cdiaite01rmpubdir.onmicrosoft.com' . + RealMeService::ENV_ITE => array( + RealMeService::TYPE_LOGIN => 'https://login.ite.realme.govt.nz/b2cdiaite01rmpubdir.onmicrosoft.com' . '/B2C_1A_DIA_RealMe_LoginService/samlp/sso/login', - self::TYPE_ASSERT => 'https://login.ite.realme.govt.nz/b2cdiaite01rmpubdir.onmicrosoft.com' . + RealMeService::TYPE_ASSERT => 'https://login.ite.realme.govt.nz/b2cdiaite01rmpubdir.onmicrosoft.com' . '/B2C_1A_DIA_RealMe_AssertionService/samlp/sso/login' ), - self::ENV_PROD => array( - self::TYPE_LOGIN => 'https://login.realme.govt.nz/32179062-92f6-4eb0-89bc-df400a9e0367' . + RealMeService::ENV_PROD => array( + RealMeService::TYPE_LOGIN => 'https://login.realme.govt.nz/32179062-92f6-4eb0-89bc-df400a9e0367' . '/B2C_1A_DIA_RealMe_LoginService/samlp/sso/login', - self::TYPE_ASSERT => 'https://login.realme.govt.nz/32179062-92f6-4eb0-89bc-df400a9e0367' . + RealMeService::TYPE_ASSERT => 'https://login.realme.govt.nz/32179062-92f6-4eb0-89bc-df400a9e0367' . '/B2C_1A_DIA_RealMe_AssertionService/samlp/sso/login' ) ); @@ -187,21 +191,21 @@ class RealMeService implements TemplateGlobalProvider * is documentation in the README to ensure the filenames are configured correctly for the various environments. */ private static $idp_x509_cert_filenames = array( - self::ENV_MTS => array( - self::TYPE_LOGIN => 'mts_login_saml_idp.cer', - self::TYPE_ASSERT => 'mts_assert_saml_idp.cer' + RealMeService::ENV_MTS => array( + RealMeService::TYPE_LOGIN => 'mts_login_saml_idp.cer', + RealMeService::TYPE_ASSERT => 'mts_assert_saml_idp.cer' ), // As of the 2021 Azure re-platforming, ITE certificates are the same - a single cert for both logon & assert - self::ENV_ITE => array( - self::TYPE_LOGIN => 'ite.signing.logon.realme.govt.nz.cer', - self::TYPE_ASSERT => 'ite.signing.logon.realme.govt.nz.cer' + RealMeService::ENV_ITE => array( + RealMeService::TYPE_LOGIN => 'ite.signing.logon.realme.govt.nz.cer', + RealMeService::TYPE_ASSERT => 'ite.signing.logon.realme.govt.nz.cer' ), // As of the 2021 Azure re-platforming, prod certificates are the same - a single cert for both logon & assert - self::ENV_PROD => array( - self::TYPE_LOGIN => 'signing.realme.govt.nz.cer', - self::TYPE_ASSERT => 'signing.realme.govt.nz.cer' + RealMeService::ENV_PROD => array( + RealMeService::TYPE_LOGIN => 'signing.realme.govt.nz.cer', + RealMeService::TYPE_ASSERT => 'signing.realme.govt.nz.cer' ) ); @@ -226,9 +230,9 @@ class RealMeService implements TemplateGlobalProvider * - urn:nzl:govt:ict:stds:authn:deployment:GLS:SAML:2.0:ac:classes:ModStrength::OTP:Token:SID */ private static $authn_contexts = array( - self::ENV_MTS => null, - self::ENV_ITE => null, - self::ENV_PROD => null + RealMeService::ENV_MTS => null, + RealMeService::ENV_ITE => null, + RealMeService::ENV_PROD => null ); /** @@ -238,10 +242,10 @@ class RealMeService implements TemplateGlobalProvider * A list of the valid authn context values supported for realme. */ private static $allowed_authn_context_list = array( - self::AUTHN_LOW_STRENGTH, - self::AUTHN_MOD_STRENTH, - self::AUTHN_MOD_MOBILE_SMS, - self::AUTHN_MOD_TOKEN_SID + RealMeService::AUTHN_LOW_STRENGTH, + RealMeService::AUTHN_MOD_STRENTH, + RealMeService::AUTHN_MOD_MOBILE_SMS, + RealMeService::AUTHN_MOD_TOKEN_SID ); /** @@ -249,9 +253,9 @@ class RealMeService implements TemplateGlobalProvider * @var array Domain names for metadata files. Used in @link RealMeSetupTask when outputting metadata XML */ private static $metadata_assertion_service_domains = array( - self::ENV_MTS => null, - self::ENV_ITE => null, - self::ENV_PROD => null + RealMeService::ENV_MTS => null, + RealMeService::ENV_ITE => null, + RealMeService::ENV_PROD => null ); /** @@ -260,16 +264,16 @@ class RealMeService implements TemplateGlobalProvider * translations (found in realme/lang/en.yml for example). */ private static $realme_error_message_overrides = array( - self::ERR_AUTHN_FAILED => null, - self::ERR_TIMEOUT => null, - self::ERR_INTERNAL_ERROR => null, - self::ERR_NO_AVAILABLE_IDP => null, - self::ERR_REQUEST_UNSUPPORTED => null, - self::ERR_NO_PASSIVE => null, - self::ERR_REQUEST_DENIED => null, - self::ERR_UNSUPPORTED_BINDING => null, - self::ERR_UNKNOWN_PRINCIPAL => null, - self::ERR_NO_AUTHN_CONTEXT => null + RealMeService::ERR_AUTHN_FAILED => null, + RealMeService::ERR_TIMEOUT => null, + RealMeService::ERR_INTERNAL_ERROR => null, + RealMeService::ERR_NO_AVAILABLE_IDP => null, + RealMeService::ERR_REQUEST_UNSUPPORTED => null, + RealMeService::ERR_NO_PASSIVE => null, + RealMeService::ERR_REQUEST_DENIED => null, + RealMeService::ERR_UNSUPPORTED_BINDING => null, + RealMeService::ERR_UNKNOWN_PRINCIPAL => null, + RealMeService::ERR_NO_AUTHN_CONTEXT => null ); /** @@ -357,7 +361,7 @@ public static function user_data() return static::$user_data; } - $request = self::getRequest(); + $request = RealMeService::getRequest(); if (!$request) { return null; @@ -393,7 +397,7 @@ public function getUserData() */ public static function current_realme_user() { - $user = self::user_data(); + $user = RealMeService::user_data(); if ($user && !$user->isValid()) { return null; } @@ -408,7 +412,7 @@ public static function current_realme_user() */ public static function currentRealMeUser() { - return self::current_realme_user(); + return RealMeService::current_realme_user(); } /** @@ -586,7 +590,7 @@ public function getAuthData() $federatedIdentity = $this->retrieveFederatedIdentity($auth); // We will have either a FLT or FIT, depending on integration type - if ($this->config()->integration_type == self::TYPE_ASSERT) { + if ($this->config()->integration_type == RealMeService::TYPE_ASSERT) { $userTag = $this->retrieveFederatedIdentityTag($auth); } else { $userTag = $this->retrieveFederatedLogonTag($auth); @@ -699,8 +703,8 @@ public function getCertDir($subdir = null) /** * Returns the appropriate AuthN Context, given the environment passed in. The AuthNContext may be different per - * environment, and should be one of the strings as defined in the static {@link self::$authn_contexts} at the top - * of this class. + * environment, and should be one of the strings as defined in the static + * {@link RealMeService::$authn_contexts} at the top of this class. * * @param string $env The environment to return the AuthNContext for. Must be one of the RealMe environment names * @return string|null Returns the AuthNContext for the given $env, or null if no context exists @@ -907,7 +911,7 @@ public function getAuth(HTTPRequest $request = null) } if (!$request) { - $request = self::getRequest(); + $request = RealMeService::getRequest(); if (!$request) { throw new RealMeException('A request must be provided for session access'); } @@ -980,11 +984,11 @@ public function getAuth(HTTPRequest $request = null) public function getNameIdFormat() { switch ($this->config()->integration_type) { - case self::TYPE_ASSERT: + case RealMeService::TYPE_ASSERT: return 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'; break; - case self::TYPE_LOGIN: + case RealMeService::TYPE_LOGIN: default: return 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'; break; @@ -1036,7 +1040,7 @@ private function getConfigurationVarByEnv($cfgName, $env, $integrationType = nul /** * @param string $certName The certificate name, either 'SIGNING' or 'MUTUAL' * @return string|null Either the full path to the certificate file, or null if it doesn't exist - * @see self::getSigningCertPath() + * @see RealMeService::getSigningCertPath() */ private function getCertPath($certName) { @@ -1163,62 +1167,65 @@ private function findErrorMessageForCode($errorCode) $messageOverrides = $this->config()->realme_error_message_overrides; switch ($errorCode) { - case self::ERR_AUTHN_FAILED: - $message = _t(self::class . '.ERROR_AUTHNFAILED', 'You have chosen to leave RealMe.'); + case RealMeService::ERR_AUTHN_FAILED: + $message = _t(RealMeService::class . '.ERROR_AUTHNFAILED', 'You have chosen to leave RealMe.'); break; - case self::ERR_TIMEOUT: - $message = _t(self::class . '.ERROR_TIMEOUT', 'Your RealMe session has timed out – please try again.'); + case RealMeService::ERR_TIMEOUT: + $message = _t( + RealMeService::class . '.ERROR_TIMEOUT', + 'Your RealMe session has timed out – please try again.' + ); break; - case self::ERR_INTERNAL_ERROR: + case RealMeService::ERR_INTERNAL_ERROR: $message = _t( - self::class . '.ERROR_INTERNAL', + RealMeService::class . '.ERROR_INTERNAL', 'RealMe was unable to process your request due to a RealMe internal error. Please try again. ' . 'If the problem persists, please contact the RealMe Help Desk. From New Zealand dial ' . '0800 664 774 (toll free), from overseas dial +64 4 462 0674 (overseas call charges apply).' ); break; - case self::ERR_NO_AVAILABLE_IDP: + case RealMeService::ERR_NO_AVAILABLE_IDP: $message = _t( - self::class . '.ERROR_NOAVAILABLEIDP', + RealMeService::class . '.ERROR_NOAVAILABLEIDP', 'RealMe reported that the TXT service or the token service is not available. You may try again ' . 'later. If the problem persists, please contact the RealMe Help Desk. From New Zealand dial ' . '0800 664 774 (toll free), from overseas dial +64 4 462 0674 (overseas call charges apply).' ); break; - case self::ERR_REQUEST_UNSUPPORTED: + case RealMeService::ERR_REQUEST_UNSUPPORTED: $message = _t( - self::class . '.ERROR_REQUESTUNSUPPORTED', + RealMeService::class . '.ERROR_REQUESTUNSUPPORTED', 'RealMe reported a serious application error with the message \'Request Unsupported\'. Please try' . ' again later. If the problem persists, please contact the RealMe Help Desk. From New Zealand' . ': 0800 664 774 (toll free), from overseas dial +64 4 462 0674 (overseas call charges apply).' ); break; - case self::ERR_NO_PASSIVE: + case RealMeService::ERR_NO_PASSIVE: $message = _t( - self::class . '.ERROR_NOPASSIVE', + RealMeService::class . '.ERROR_NOPASSIVE', 'RealMe reported a serious application error with the message \'No Passive\'. Please try again ' . 'later. If the problem persists, please contact the RealMe Help Desk. From New Zealand: 0800 ' . '664 774 (toll free), from overseas dial +64 4 462 0674 (overseas call charges apply).' ); break; - case self::ERR_REQUEST_DENIED: + case RealMeService::ERR_REQUEST_DENIED: $message = _t( - self::class . '.ERROR_REQUESTDENIED', + RealMeService::class . '.ERROR_REQUESTDENIED', 'RealMe reported a serious application error with the message \'Request Denied\'. Please try ' . 'again later. If the problem persists, please contact the RealMe Help Desk. From New Zealand:' . ' 0800 664 774 (toll free), from overseas dial +64 4 462 0674 (overseas call charges apply).' ); break; - case self::ERR_UNSUPPORTED_BINDING: + case RealMeService::ERR_UNSUPPORTED_BINDING: $message = _t( - self::class . '.ERROR_UNSUPPORTEDBINDING', + RealMeService::class . '.ERROR_UNSUPPORTEDBINDING', 'RealMe reported a serious application error with the message \'Unsupported Binding\'. Please ' . 'try again later. If the problem persists, please contact the RealMe Help Desk. From New ' . 'Zealand: 0800 664 774 (toll free), from overseas dial +64 4 462 0674 (overseas call charges ' . @@ -1226,17 +1233,17 @@ private function findErrorMessageForCode($errorCode) ); break; - case self::ERR_UNKNOWN_PRINCIPAL: + case RealMeService::ERR_UNKNOWN_PRINCIPAL: $message = _t( - self::class . '.ERROR_UNKNOWNPRINCIPAL', + RealMeService::class . '.ERROR_UNKNOWNPRINCIPAL', 'You are unable to use RealMe to verify your identity if you do not have a RealMe account. ' . 'Visit the RealMe home page for more information and to create an account.' ); break; - case self::ERR_NO_AUTHN_CONTEXT: + case RealMeService::ERR_NO_AUTHN_CONTEXT: $message = _t( - self::class . '.ERROR_NOAUTHNCONTEXT', + RealMeService::class . '.ERROR_NOAUTHNCONTEXT', 'RealMe reported a serious application error with the message \'No AuthN Context\'. Please try ' . 'again later. If the problem persists, please contact the RealMe Help Desk. From New Zealand:' . ' 0800 664 774 (toll free), from overseas dial +64 4 462 0674 (overseas call charges apply).' @@ -1245,7 +1252,7 @@ private function findErrorMessageForCode($errorCode) default: $message = _t( - self::class . '.ERROR_GENERAL', + RealMeService::class . '.ERROR_GENERAL', 'RealMe reported a serious application error. Please try again later. If the problem persists, ' . 'please contact the RealMe Help Desk. From New Zealand: 0800 664 774 (toll free), from ' . 'overseas dial +64 4 462 0674 (overseas call charges apply).' diff --git a/src/Task/RealMeSetupTask.php b/src/Task/RealMeSetupTask.php index 355f9d3..7897da5 100644 --- a/src/Task/RealMeSetupTask.php +++ b/src/Task/RealMeSetupTask.php @@ -58,7 +58,7 @@ public function run($request) // Ensure we are running on the command-line, and not running in a browser if (false === Director::is_cli()) { throw new Exception(_t( - self::class . '.ERR_NOT_CLI', + RealMeSetupTask::class . '.ERR_NOT_CLI', 'This task can only be run from the command-line, not in your browser.' )); } @@ -72,7 +72,7 @@ public function run($request) $this->outputMetadataXmlContent($forEnv); $this->message(PHP_EOL . _t( - self::class . '.BUILD_FINISH', + RealMeSetupTask::class . '.BUILD_FINISH', 'RealMe setup complete. Please copy the XML into a file for upload to the {env} environment or DIA ' . 'to complete the integration', array('env' => $forEnv) @@ -126,7 +126,7 @@ private function validateInputs($forEnv) $errorList = PHP_EOL . ' - ' . join(PHP_EOL . ' - ', $this->errors); throw new Exception(_t( - self::class . '.ERR_VALIDATION', + RealMeSetupTask::class . '.ERR_VALIDATION', 'There were {numissues} issue(s) found during validation that must be fixed prior to setup: {issues}', array( 'numissues' => sizeof($this->errors ?? []), @@ -136,7 +136,7 @@ private function validateInputs($forEnv) } $this->message(_t( - self::class . '.VALIDATION_SUCCESS', + RealMeSetupTask::class . '.VALIDATION_SUCCESS', 'Validation succeeded, continuing with setup...' )); } @@ -150,7 +150,7 @@ private function outputMetadataXmlContent($forEnv) { // Output metadata XML so that it can be sent to RealMe via the agency $this->message(_t( - self::class . '.OUPUT_PREFIX', + RealMeSetupTask::class . '.OUPUT_PREFIX', 'Metadata XML is listed below for the \'{env}\' RealMe environment, this should be sent to the agency so ' . 'they can pass it on to RealMe Operations staff', ['env' => $forEnv] @@ -259,7 +259,7 @@ private function validateEntityID($forEnv) if (is_null($entityId)) { $this->errors[] = _t( - self::class . '.ERR_CONFIG_NO_ENTITYID', + RealMeSetupTask::class . '.ERR_CONFIG_NO_ENTITYID', 'No entityID specified for environment \'{env}\'. Specify this in your YML configuration, see the ' . 'module documentation for more details', array('env' => $forEnv) @@ -270,7 +270,7 @@ private function validateEntityID($forEnv) $entityId = filter_var($entityId, FILTER_VALIDATE_URL); if ($entityId === false) { $this->errors[] = _t( - self::class . '.ERR_CONFIG_ENTITYID', + RealMeSetupTask::class . '.ERR_CONFIG_ENTITYID', 'The Entity ID (\'{entityId}\') must be https, not be \'localhost\', and must contain a valid ' . 'service name and privacy realm e.g. https://my-realme-integration.govt.nz/p-realm/s-name', array( @@ -286,7 +286,7 @@ private function validateEntityID($forEnv) $urlParts = parse_url($entityId ?? ''); if ($urlParts['host'] === 'localhost' || $urlParts['scheme'] === 'http') { $this->errors[] = _t( - self::class . '.ERR_CONFIG_ENTITYID', + RealMeSetupTask::class . '.ERR_CONFIG_ENTITYID', 'The Entity ID (\'{entityId}\') must be https, not be \'localhost\', and must contain a valid ' . 'service name and privacy realm e.g. https://my-realme-integration.govt.nz/p-realm/s-name', array( @@ -307,7 +307,7 @@ private function validateEntityID($forEnv) $serviceName = array_pop($urlParts); if (mb_strlen($serviceName ?? '') > 20 || 0 === mb_strlen($serviceName ?? '')) { $this->errors[] = _t( - self::class . '.ERR_CONFIG_ENTITYID_SERVICE_NAME', + RealMeSetupTask::class . '.ERR_CONFIG_ENTITYID_SERVICE_NAME', 'The service name \'{serviceName}\' must be a maximum of 20 characters and not blank for entityID ' . '\'{entityId}\'', array( @@ -321,7 +321,7 @@ private function validateEntityID($forEnv) $privacyRealm = array_pop($urlParts); if (null === $privacyRealm || 0 === mb_strlen($privacyRealm ?? '')) { $this->errors[] = _t( - self::class . '.ERR_CONFIG_ENTITYID_PRIVACY_REALM', + RealMeSetupTask::class . '.ERR_CONFIG_ENTITYID_PRIVACY_REALM', 'The privacy realm \'{privacyRealm}\' must not be blank for entityID \'{entityId}\'', array( 'privacyRealm' => $privacyRealm, @@ -342,7 +342,7 @@ private function validateAuthNContext() $context = $this->service->getAuthnContextForEnvironment($env); if (is_null($context)) { $this->errors[] = _t( - self::class . '.ERR_CONFIG_NO_AUTHNCONTEXT', + RealMeSetupTask::class . '.ERR_CONFIG_NO_AUTHNCONTEXT', 'No AuthnContext specified for environment \'{env}\'. Specify this in your YML configuration, ' . 'see the module documentation for more details', array('env' => $env) @@ -351,7 +351,7 @@ private function validateAuthNContext() if (!in_array($context, $this->service->getAllowedAuthNContextList() ?? [])) { $this->errors[] = _t( - self::class . '.ERR_CONFIG_INVALID_AUTHNCONTEXT', + RealMeSetupTask::class . '.ERR_CONFIG_INVALID_AUTHNCONTEXT', 'The AuthnContext specified for environment \'{env}\' is invalid, please check your configuration', array('env' => $env) ); @@ -369,7 +369,7 @@ private function validateRealMeEnvironments($forEnv) $allowedEnvs = $this->service->getAllowedRealMeEnvironments(); if (0 === mb_strlen($forEnv ?? '')) { $this->errors[] = _t( - self::class . '.ERR_ENV_NOT_SPECIFIED', + RealMeSetupTask::class . '.ERR_ENV_NOT_SPECIFIED', 'The RealMe environment was not specified on the cli It must be one of: {allowedEnvs} ' . 'e.g. vendor/bin/sake dev/tasks/RealMeSetupTask forEnv=mts', array( @@ -381,7 +381,7 @@ private function validateRealMeEnvironments($forEnv) if (false === in_array($forEnv, $allowedEnvs ?? [])) { $this->errors[] = _t( - self::class . '.ERR_ENV_NOT_ALLOWED', + RealMeSetupTask::class . '.ERR_ENV_NOT_ALLOWED', 'The RealMe environment specified on the cli (\'{env}\') is not allowed. ' . 'It must be one of: {allowedEnvs}', array( @@ -399,12 +399,12 @@ private function validateDirectoryStructure() { if (is_null($this->service->getCertDir())) { $this->errors[] = _t( - self::class . '.ERR_CERT_DIR_MISSING', + RealMeSetupTask::class . '.ERR_CERT_DIR_MISSING', 'No certificate dir is specified. Define the REALME_CERT_DIR environment variable in your .env file' ); } elseif (!$this->isReadable($this->service->getCertDir())) { $this->errors[] = _t( - self::class . '.ERR_CERT_DIR_NOT_READABLE', + RealMeSetupTask::class . '.ERR_CERT_DIR_NOT_READABLE', 'Certificate dir specified (\'{dir}\') must be created and be readable. Ensure permissions are set ' . 'correctly and the directory is absolute', array('dir' => $this->service->getCertDir()) @@ -419,7 +419,7 @@ private function validateMetadata() { if (is_null($this->service->getMetadataOrganisationName())) { $this->errors[] = _t( - self::class . '.ERR_CONFIG_NO_ORGANISATION_NAME', + RealMeSetupTask::class . '.ERR_CONFIG_NO_ORGANISATION_NAME', 'No organisation name is specified in YML configuration. Ensure the \'metadata_organisation_name\' ' . 'value is defined in your YML configuration' ); @@ -427,7 +427,7 @@ private function validateMetadata() if (is_null($this->service->getMetadataOrganisationDisplayName())) { $this->errors[] = _t( - self::class . '.ERR_CONFIG_NO_ORGANISATION_DISPLAY_NAME', + RealMeSetupTask::class . '.ERR_CONFIG_NO_ORGANISATION_DISPLAY_NAME', 'No organisation display name is specified in YML configuration. Ensure the ' . '\'metadata_organisation_display_name\' value is defined in your YML configuration' ); @@ -435,7 +435,7 @@ private function validateMetadata() if (is_null($this->service->getMetadataOrganisationUrl())) { $this->errors[] = _t( - self::class . '.ERR_CONFIG_NO_ORGANISATION_URL', + RealMeSetupTask::class . '.ERR_CONFIG_NO_ORGANISATION_URL', 'No organisation URL is specified in YML configuration. Ensure the \'metadata_organisation_url\' ' . 'value is defined in your YML configuration' ); @@ -444,7 +444,7 @@ private function validateMetadata() $contact = $this->service->getMetadataContactSupport(); if (is_null($contact['company']) || is_null($contact['firstNames']) || is_null($contact['surname'])) { $this->errors[] = _t( - self::class . '.ERR_CONFIG_NO_SUPPORT_CONTACT', + RealMeSetupTask::class . '.ERR_CONFIG_NO_SUPPORT_CONTACT', 'Support contact detail is missing from YML configuration. Ensure the following values are defined ' . 'in the YML configuration: metadata_contact_support_company, metadata_contact_support_firstnames,' . ' metadata_contact_support_surname' @@ -460,7 +460,7 @@ private function validateCertificates() $signingCertFile = $this->service->getSigningCertPath(); if (is_null($signingCertFile) || !$this->isReadable($signingCertFile)) { $this->errors[] = _t( - self::class . '.ERR_CERT_NO_SIGNING_CERT', + RealMeSetupTask::class . '.ERR_CERT_NO_SIGNING_CERT', 'No SAML signing PEM certificate defined, or the file can\'t be read. Define the {const} environment ' . 'variable in your .env file, and ensure the file exists in the certificate directory', array( @@ -470,7 +470,7 @@ private function validateCertificates() } elseif (is_null($this->service->getSPCertContent())) { // Signing cert exists, but doesn't include BEGIN/END CERTIFICATE lines, or doesn't contain the cert $this->errors[] = _t( - self::class . '.ERR_CERT_SIGNING_CERT_CONTENT', + RealMeSetupTask::class . '.ERR_CERT_SIGNING_CERT_CONTENT', 'The file specified for the signing certificate ({file}) does not contain a valid certificate ' . '(beginning with -----BEGIN CERTIFICATE-----). Check this file to ensure it contains the ' . 'certificate and private key', diff --git a/tests/RealMeServiceTest.php b/tests/RealMeServiceTest.php index ed8232b..f2212cf 100644 --- a/tests/RealMeServiceTest.php +++ b/tests/RealMeServiceTest.php @@ -22,7 +22,7 @@ class RealMeServiceTest extends SapphireTest public function testGetCertificateContents() { - self::$pathForTempCertificate = TempFolder::getTempFolder(BASE_PATH) . '/tmpcert.pem'; + RealMeServiceTest::$pathForTempCertificate = TempFolder::getTempFolder(BASE_PATH) . '/tmpcert.pem'; /** * Test standard certificate @@ -33,7 +33,7 @@ public function testGetCertificateContents() // Strip carriage returns $contents = str_replace("\r", '', $contents ?? ''); - $path = self::$pathForTempCertificate; + $path = RealMeServiceTest::$pathForTempCertificate; file_put_contents($path ?? '', $contents); /** @var RealMeService $service */ @@ -53,7 +53,7 @@ public function testGetCertificateContents() // Strip carriage returns $contents = str_replace("\r", '', $contents ?? ''); - $path = self::$pathForTempCertificate; + $path = RealMeServiceTest::$pathForTempCertificate; file_put_contents($path ?? '', $contents); /** @var RealMeService $service */ @@ -160,9 +160,10 @@ public static function tearDownAfterClass(): void { parent::tearDownAfterClass(); - // Ensure self::$pathForTempCertificate is unlink'd (otherwise it won't get unlinked if the test fails) - if (file_exists(self::$pathForTempCertificate)) { - unlink(self::$pathForTempCertificate); + // Ensure RealMeServiceTest::$pathForTempCertificate is unlink'd + // (otherwise it won't get unlinked if the test fails) + if (file_exists(RealMeServiceTest::$pathForTempCertificate)) { + unlink(RealMeServiceTest::$pathForTempCertificate); } } } diff --git a/tests/RealMeSetupTaskTest.php b/tests/RealMeSetupTaskTest.php index 9cfd39c..6c1819c 100644 --- a/tests/RealMeSetupTaskTest.php +++ b/tests/RealMeSetupTaskTest.php @@ -121,7 +121,7 @@ public function testValidateEntityID() // Test valid entityIds just in case they're different in this configuration. $config = Config::inst(); - $config->merge(RealMeService::class, 'sp_entity_ids', self::$validEntityIDs); + $config->merge(RealMeService::class, 'sp_entity_ids', RealMeSetupTaskTest::$validEntityIDs); // validate our list of valid entity IDs; $validateEntityId = new ReflectionMethod($realMeSetupTask, 'validateEntityID'); @@ -132,7 +132,7 @@ public function testValidateEntityID() $this->assertCount(0, $errors->getValue($realMeSetupTask)); // TEST entityId missing. - $entityIdList = self::$validEntityIDs; + $entityIdList = RealMeSetupTaskTest::$validEntityIDs; $entityIdList[RealMeService::ENV_MTS] = 'destroy-humans-with-incorrect-entity-ids'; $config->merge(RealMeService::class, 'sp_entity_ids', $entityIdList); $validateEntityId->invoke($realMeSetupTask, 'mts'); @@ -143,7 +143,7 @@ public function testValidateEntityID() $this->assertCount(0, $errors->getValue($realMeSetupTask)); // TEST entityId localhost. - $entityIdList = self::$validEntityIDs; + $entityIdList = RealMeSetupTaskTest::$validEntityIDs; $entityIdList[RealMeService::ENV_MTS] = 'https://localhost/'; $config->merge(RealMeService::class, 'sp_entity_ids', $entityIdList); $validateEntityId->invoke($realMeSetupTask, 'mts'); @@ -153,7 +153,7 @@ public function testValidateEntityID() $this->assertCount(0, $errors->getValue($realMeSetupTask)); // TEST entityId not http - $entityIdList = self::$validEntityIDs; + $entityIdList = RealMeSetupTaskTest::$validEntityIDs; $entityIdList[RealMeService::ENV_MTS] = 'http://dev.realme-integration.govt.nz/p-realm/s-name'; $config->merge(RealMeService::class, 'sp_entity_ids', $entityIdList); $validateEntityId->invoke($realMeSetupTask, 'mts'); @@ -163,7 +163,7 @@ public function testValidateEntityID() $this->assertCount(0, $errors->getValue($realMeSetupTask)); // TEST privacy realm /service name missing - $entityIdList = self::$validEntityIDs; + $entityIdList = RealMeSetupTaskTest::$validEntityIDs; $entityIdList[RealMeService::ENV_MTS] = 'https://dev.realme-integration.govt.nz/'; $config->merge(RealMeService::class, 'sp_entity_ids', $entityIdList); $validateEntityId->invoke($realMeSetupTask, 'mts'); @@ -178,7 +178,7 @@ public function testValidateEntityID() // TEST privacy realm // "https://www.domain.govt.nz//" - $entityIdList = self::$validEntityIDs; + $entityIdList = RealMeSetupTaskTest::$validEntityIDs; $entityIdList[RealMeService::ENV_MTS] = 'https://dev.realme-integration.govt.nz/s-name/privacy-realm-is-too-big'; $config->merge(RealMeService::class, 'sp_entity_ids', $entityIdList); @@ -193,7 +193,7 @@ public function testValidateEntityID() $this->assertCount(0, $errors->getValue($realMeSetupTask)); // "https://www.domain.govt.nz//" - $entityIdList = self::$validEntityIDs; + $entityIdList = RealMeSetupTaskTest::$validEntityIDs; $entityIdList[RealMeService::ENV_MTS] = 'https://dev.realme-integration.govt.nz/s-name'; $config->merge(RealMeService::class, 'sp_entity_ids', $entityIdList); $validateEntityId->invoke($realMeSetupTask, 'mts'); @@ -229,7 +229,7 @@ public function testValidateAuthNContext() // Test valid authnContexts just in case they're different in this configuration. $config = Config::inst(); - $config->merge(RealMeService::class, 'authn_contexts', self::$authnEnvContexts); + $config->merge(RealMeService::class, 'authn_contexts', RealMeSetupTaskTest::$authnEnvContexts); // validate our list of valid entity IDs; $validateAuthNContext = new ReflectionMethod($realMeSetupTask, 'validateAuthNContext'); @@ -237,7 +237,7 @@ public function testValidateAuthNContext() $validateAuthNContext->invoke($realMeSetupTask); $this->assertCount(0, $errors->getValue($realMeSetupTask)); - $invalidAuthNContextList = self::$authnEnvContexts; + $invalidAuthNContextList = RealMeSetupTaskTest::$authnEnvContexts; $invalidAuthNContextList[RealMeService::ENV_MTS] = 'im-an-invalid-context'; $config->merge(RealMeService::class, 'authn_contexts', $invalidAuthNContextList);