SS4 Compatibility #23
Conversation
_config.php
Outdated
|
|
||
| if (Director::isDev()) { | ||
| error_reporting(E_ALL ^ E_DEPRECATED); | ||
| } |
There was a problem hiding this comment.
What's the reasoning for adding this?
There was a problem hiding this comment.
Ah, I was going to remove that and document it. In development environments deprecation warnings are emitted. Unfortunately the php-saml library still uses mcrypt - deprecated in 7.1. So if you want to use this in 7.1, you'll probably want to add that for development.
There was a problem hiding this comment.
I'll have to add <7.2 to composer.json too for the time being.
There was a problem hiding this comment.
Right, or add ext-mcrypt as a Composer requirement and let devs make up their own mind about it on 7.2
There was a problem hiding this comment.
Awesome work! I've left a few comments that identify some patterns I've seen here and also some specific examples of things. Things like using deprecated config APIs can be updated in bulk (note tests like testConfigurationTemplateDir split the line up so may not be obvious when searching).
I haven't commented on the translations yet, but we'll need to do one last sync down from Transifex in the SilverStripe 3 branch, then remove the Transifex configuration from it (freezing it for SS3) and finally run the text collector on the SilverStripe 4 branch once this is merged and push the source file up to Transifex.
Can you please also add a PSR-4 autoloader to composer?
There'll be a few other things that you'll need to add:
- phpcs config
- phpunit config
- updated Travis config
- updated Scrutinizer config
- new codecov.io config
Noted in your description that the docs need updating too, that's cool.
_config/extensions.yml
Outdated
| @@ -1,6 +1,3 @@ | |||
| SiteTree: | |||
| SilverStripe\CMS\Model\SiteTree: | |||
There was a problem hiding this comment.
Can you please add a name block to this? E.g.
---
Name: realmeextensions
---
composer.json
Outdated
| @@ -17,13 +17,23 @@ | |||
| ], | |||
| "require": { | |||
| "composer/installers": "*", | |||
There was a problem hiding this comment.
We can probably remove this as an explicit dependency now - it's required already by framework and vendor-plugin
composer.json
Outdated
| @@ -17,13 +17,23 @@ | |||
| ], | |||
| "require": { | |||
| "composer/installers": "*", | |||
| "silverstripe/framework": "~3.1", | |||
| "silverstripe/framework": "^4.0", | |||
| "onelogin/php-saml": "~2.10" | |||
| }, | |||
| "require-dev": { | |||
| "phpunit/phpunit": "~3.7" | |||
There was a problem hiding this comment.
We'll be using ^5.7 for SS4 modules
| * | ||
| */ | ||
| class Authenticator implements AuthenticatorInterface | ||
| { |
There was a problem hiding this comment.
It's worth adding the Injectable trait to this class, since you're defining dependencies that require the injector to bootstrap
src/Authenticator/LoginForm.php
Outdated
| */ | ||
| public function getAuthenticatorName() | ||
| { | ||
| return 'RealMe Login'; |
There was a problem hiding this comment.
Does this need to be made translatable?
| @@ -25,7 +34,7 @@ public function testGetCertificateContents() | |||
| file_put_contents($path, $contents); | |||
There was a problem hiding this comment.
There's a couple of parts in this test that won't work in SS4:
- Assets aren't always stored in the assets folder any more. You can use
TestAssetStoreto let you use a path in the assets folder though. file_get_contents(BASE_PATH . '/realme/testswon't work any more because the module is now a vendor module, and when Travis runs these tests it's installed as the project, not a module. Instead you could use something likedirname(__FILE__) . '/certs/...so it's relative. Note that this would likely tie into how you implement the TestAssetStore as well.
tests/RealMeServiceTest.php
Outdated
| @@ -75,21 +84,21 @@ public function testGetAuth() | |||
|
|
|||
| public function testGetAuthCustomSPEntityId() | |||
| { | |||
| Config::inst()->update('RealMeService', 'sp_entity_ids', ['mts' => 'https://example.com/custom-realm/custom-service']); | |||
| Config::inst()->update(RealMeService::class, 'sp_entity_ids', ['mts' => 'https://example.com/custom-realm/custom-service']); | |||
There was a problem hiding this comment.
- Config::inst()->update(
+ Config::modify()->set(
tests/RealMeServiceTest.php
Outdated
|
|
||
| define('REALME_CERT_DIR', BASE_PATH . '/realme/tests/certs'); | ||
| define('REALME_SIGNING_CERT_FILENAME', 'standard_cert.pem'); | ||
| Environment::putEnv('REALME_CERT_DIR', BASE_PATH . '/realme/tests/certs'); |
There was a problem hiding this comment.
Will need to be updated to use a different file path
tests/RealMeServiceTest.php
Outdated
| define('REALME_CERT_DIR', BASE_PATH . '/realme/tests/certs'); | ||
| define('REALME_SIGNING_CERT_FILENAME', 'standard_cert.pem'); | ||
| Environment::putEnv('REALME_CERT_DIR', BASE_PATH . '/realme/tests/certs'); | ||
| Environment::putEnv('REALME_SIGNING_CERT_FILENAME', 'standard_cert.pem'); | ||
| } | ||
|
|
||
| public function setUp() |
There was a problem hiding this comment.
setUp() is protected in PHPUnit 5.x/SilverStripe 4.x SapphireTest
tests/RealMeServiceTest.php
Outdated
| Config::inst()->update('RealMeService', 'authn_contexts', ['mts' => 'urn:nzl:govt:ict:stds:authn:deployment:GLS:SAML:2.0:ac:classes:LowStrength']); | ||
| Config::inst()->update(RealMeService::class, 'sp_entity_ids', ['mts' => 'https://example.com/realm/service']); | ||
| Config::inst()->update(RealMeService::class, 'metadata_assertion_service_domains', ['mts' => 'https://example.com']); | ||
| Config::inst()->update(RealMeService::class, 'authn_contexts', ['mts' => 'urn:nzl:govt:ict:stds:authn:deployment:GLS:SAML:2.0:ac:classes:LowStrength']); |
There was a problem hiding this comment.
- Config::inst()->update(
+ Config::modify()->set(
ScopeyNZ
force-pushed
the
pulls/3.0/upgrade-to-ss4
branch
4 times, most recently
from
3876fc5 to
fec8c10
Compare
|
It's green! Yay! 🎉 |
composer.json
Outdated
| "autoload-dev": { | ||
| "psr-4": { | ||
| "SilverStripe\\RealMe\\Tests\\": "tests/" | ||
| } |
There was a problem hiding this comment.
You need to include the tests autoloader under the autoload definition
src/RealMeService.php
Outdated
| { | ||
| return self::current_realme_user(); | ||
| } | ||
|
|
There was a problem hiding this comment.
What's the justification for removing this? I assume this is one of the template helper methods
There was a problem hiding this comment.
I considered refactoring out storing the current real me user in the service at one point, probably forgot to revert this method.
| @@ -359,88 +389,93 @@ public static function currentRealMeUser() | |||
| * other unexpected authentication error. You can use {@link getLastError()} to see if a human-readable error | |||
| * message exists for display to the user. | |||
| * | |||
| * @param HTTPRequest $request | |||
src/Task/RealMeSetupTask.php
Outdated
| $this->message(PHP_EOL . _t('RealMeSetupTask.BUILD_FINISH', '', '', array('env' => $forEnv))); | ||
| $this->message(PHP_EOL . _t( | ||
| self::class . '.BUILD_FINISH', | ||
| 'RealMe setup complete. Please copy the XML into a file for upload to the %s environment or DIA ' . |
There was a problem hiding this comment.
You could do this instead - following standard SS4 practice:
_t(self::class . '.BUILD_FINISH', 'RealMe setup complete. Please copy the XML into a file for upload to the {type} environment or DIA to complete the integration', ['type' => $forEnv]);We're replacing the use of sprintf style translations wherever we find them: ref silverstripe/silverstripe-framework#6582
| } catch (Exception $e) { | ||
| $this->message($e->getMessage() . PHP_EOL); | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * @param RealMeService $service |
src/Task/RealMeSetupTask.php
Outdated
| 'RealMeSetupTask.ERR_VALIDATION', | ||
| '', | ||
| self::class . '.ERR_VALIDATION', | ||
| 'There were {numissues} issue(s) found during validation that must be fixed prior to setup: {issues}', |
There was a problem hiding this comment.
I think you need to remove the empty string argument here. Should be _t('ClassName.KEY', 'Default value {placeholder}', ['placeholder' => $dynamicValue])
There was a problem hiding this comment.
Yep. So many of those I was bound to miss one 😖
src/Task/RealMeSetupTask.php
Outdated
| . "can pass it on to RealMe Operations staff" . PHP_EOL . PHP_EOL, | ||
| $this->message(_t( | ||
| self::class . '.OUPUT_PREFIX', | ||
| 'Metadata XML is listed below for the \'%s\' RealMe environment, this should be sent to the agency so they ' |
There was a problem hiding this comment.
Please use a {type} placeholder or similar and pass it in the third argument as a keyed array
src/Task/RealMeSetupTask.php
Outdated
| self::class . '.ERR_CONFIG_ENTITYID', | ||
| 'The Entity ID (\'{entityId}\') must be https, not be \'localhost\', and must contain a valid ' . | ||
| 'service name and privacy realm e.g. https://my-realme-integration.govt.nz/p-realm/s-name', | ||
| '', |
There was a problem hiding this comment.
This empty arg isn't needed. There are a few other occurrences of this but I won't keep listing them =)
src/Task/RealMeSetupTask.php
Outdated
| '', | ||
| self::class . '.ERR_ENV_NOT_SPECIFIED', | ||
| 'The RealMe environment was not specified on the cli It must be one of: {allowedEnvs} ' . | ||
| 'e.g. sake dev/tasks/RealMeSetupTask forEnv=mts', |
There was a problem hiding this comment.
- e.g. sake dev/tasks
+ e.g. vendor/bin/sake dev/tasks
src/Task/RealMeSetupTask.php
Outdated
| } elseif (!$this->isReadable($this->service->getCertDir())) { | ||
| $this->errors[] = _t( | ||
| 'RealMeSetupTask.ERR_CERT_DIR_NOT_READABLE', | ||
| self::class . '.ERR_CERT_DIR_NOT_READABLE', | ||
| '', |
There was a problem hiding this comment.
This has an empty default value - probably needs to be defined as something
ScopeyNZ
force-pushed
the
pulls/3.0/upgrade-to-ss4
branch
from
fec8c10 to
2b88762
Compare
ScopeyNZ
force-pushed
the
pulls/3.0/upgrade-to-ss4
branch
from
2b88762 to
8f0ac9c
Compare
|
Ok feedback addressed. @madmatt I was talking to you about the removal of |
|
The login endpoint has been playing up (on MTSs end) a little but I'm happy with the assertion endpoint. |
|
I have raised an issue at silverstripe/silverstripe-framework#8252 regarding the logic I've added to resolve the forwarded port in |
This PR converts the RealMe module to work with SS4.
Currently it all works, there's some cleanup to do. It has been converted to work with the Authentication changes - removing the
SecurityExtensionclass and adding in anAuthenticatorandLoginHandler.Todo:
_t(KEY, 'default')- SS4 warns if you omit'default')resolves #21