Fixed controllers

config/packages/security.yaml

@@ -18,6 +18,8 @@ security:
         saml_based:
             custom_authenticators:
                 - Surfnet\SamlBundle\Security\Authentication\SamlAuthenticator
+            logout:
+                path: /logout
 
     access_control:
         - { path: ^/saml, roles: PUBLIC_ACCESS, requires_channel: https }

config/packages/twig.yaml

@@ -1,6 +1,6 @@
 twig:
     default_path: '%kernel.project_dir%/templates'
-    form_themes: [ 'bootstrap_4_layout.html.twig','@SurfnetStepupSelfServiceSelfService/form/fields.html.twig' ]
+    form_themes: [ 'bootstrap_4_layout.html.twig','form/fields.html.twig' ]
     debug: "%kernel.debug%"
     strict_variables: "%kernel.debug%"
     globals:

config/services.yaml

@@ -15,28 +15,12 @@ services:
     alias: 'monolog.logger'
     public: true
 
-#  twig.extension.text: # Required by JMSTranslationBundle
-#    class: Twig_Extensions_Extension_Text
-#    tags: [{ name: twig.extension }]
-#
-#  twig.extension.intl:
-#    class: Twig_Extensions_Extension_Intl
-#    tags: [{ name: twig.extension }]
-
-#    # Firewall
   surfnet_saml.saml_provider:
     class: Surfnet\StepupSelfService\SelfServiceBundle\Security\Authentication\Provider\SamlProvider
     arguments:
-      $identityService: '@self_service.service.identity'
+      $identityService: '@Surfnet\StepupSelfService\SelfServiceBundle\Service\IdentityService'
       $preferredLocaleProvider: '@self_service.locale.request_stack_locale_provider'
 
-
-#    arguments:
-#      - '@request_stack'
-#      - '@Surfnet\SamlBundle\Entity\HostedEntities'
-#      - '@Surfnet\SamlBundle\Entity\IdentityProvider'
-#      - '@logger'
-
   Surfnet\StepupSelfService\SelfServiceBundle\Security\Authentication\Provider\SamlProvider:
     alias: surfnet_saml.saml_provider
 

src/Surfnet/StepupSelfService/SamlStepupProviderBundle/DependencyInjection/Compiler/StateHandlerSessionPass.php

@@ -25,6 +25,10 @@
 
 class StateHandlerSessionPass implements CompilerPassInterface
 {
+    public function __construct(
+    ) {
+    }
+
     /**
      * {@inheritdoc} This is required to ensure that our NamespacedAttributeBag is registered in the session handler
      * before the session is started.
@@ -37,5 +41,8 @@ public function process(ContainerBuilder $container): void
 //        $container
 //            ->getDefinition('session')
 //            ->addMethodCall('registerBag', [new Reference('gssp.session.namespaced_attribute_bag')]);
+
+
     }
+
 }

src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/LocaleController.php

@@ -21,38 +21,50 @@
 use Psr\Log\LoggerInterface;
 use Surfnet\StepupBundle\Command\SwitchLocaleCommand;
 use Surfnet\StepupBundle\Form\Type\SwitchLocaleType;
+use Surfnet\StepupSelfService\SelfServiceBundle\Service\IdentityService;
+use Surfnet\StepupSelfService\SelfServiceBundle\Service\InstitutionConfigurationOptionsService;
+use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Contracts\Translation\TranslatorInterface;
 
 final class LocaleController extends Controller
 {
+
+    public function __construct(
+        private readonly LoggerInterface $logger,
+        InstitutionConfigurationOptionsService $configurationOptionsService,
+        private readonly TranslatorInterface $translator,
+        private readonly IdentityService $identityService,
+    ) {
+        parent::__construct($logger, $configurationOptionsService);
+    }
+
     #[Route(
         path: '/switch-locale',
         name: 'ss_switch_locale',
         requirements: ['return-url' => '.+'],
         methods: ['POST']
     )]
-    public function switchLocale(Request $request): \Symfony\Component\HttpFoundation\RedirectResponse
+    public function switchLocale(Request $request): RedirectResponse
     {
         $returnUrl = $request->query->get('return-url');
 
         // Return URLs generated by us always include a path (ie. at least a forward slash)
         // @see https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/Request.php#L878
         $domain = $request->getSchemeAndHttpHost() . '/';
         if (!str_starts_with($returnUrl, $domain)) {
-            $this->get('logger')->error(sprintf(
+            $this->logger->error(sprintf(
                 'Identity "%s" used illegal return-url for redirection after changing locale, aborting request',
                 $this->getIdentity()->id
             ));
 
             throw new BadRequestHttpException('Invalid return-url given');
         }
 
-        /** @var LoggerInterface $logger */
-        $logger = $this->get('logger');
-        $logger->info('Switching locale...');
+        $this->logger->info('Switching locale...');
 
         $identity = $this->getIdentity();
         if (!$identity) {
@@ -70,19 +82,19 @@ public function switchLocale(Request $request): \Symfony\Component\HttpFoundatio
         $form->handleRequest($request);
 
         if (!$form->isSubmitted() || !$form->isValid()) {
-            $this->addFlash('error', $this->get('translator')->trans('ss.flash.invalid_switch_locale_form'));
-            $logger->error('The switch locale form unexpectedly contained invalid data');
+            $this->addFlash('error', $this->translator->trans('ss.flash.invalid_switch_locale_form'));
+            $this->logger->error('The switch locale form unexpectedly contained invalid data');
             return $this->redirect($returnUrl);
         }
 
-        $service = $this->get('self_service.service.identity');
-        if (!$service->switchLocale($command)) {
-            $this->addFlash('error', $this->get('translator')->trans('ss.flash.error_while_switching_locale'));
-            $logger->error('An error occurred while switching locales');
+
+        if (!$this->identityService->switchLocale($command)) {
+            $this->addFlash('error', $this->translator->trans('ss.flash.error_while_switching_locale'));
+            $this->logger->error('An error occurred while switching locales');
             return $this->redirect($returnUrl);
         }
 
-        $logger->info('Successfully switched locale');
+        $this->logger->info('Successfully switched locale');
 
         return $this->redirect($returnUrl);
     }

src/Surfnet/StepupSelfService/SelfServiceBundle/Controller/SecondFactorController.php

@@ -19,6 +19,7 @@
 namespace Surfnet\StepupSelfService\SelfServiceBundle\Controller;
 
 use Surfnet\StepupBundle\DateTime\RegistrationExpirationHelper;
+use Psr\Log\LoggerInterface;
 use Surfnet\StepupBundle\Service\SecondFactorTypeService;
 use Surfnet\StepupSelfService\SelfServiceBundle\Command\RevokeCommand;
 use Surfnet\StepupSelfService\SelfServiceBundle\Form\Type\RevokeSecondFactorType;
@@ -36,29 +37,29 @@
 class SecondFactorController extends Controller
 {
     public function __construct(
-        private readonly SecondFactorService    $secondFactorService,
+        LoggerInterface $logger,
+        private readonly InstitutionConfigurationOptionsService $configurationOptionsService,
         private readonly RecoveryTokenService    $recoveryTokenService,
         private readonly AuthorizationService    $authorizationService,
         private readonly SecondFactorTypeService $secondFactorTypeService,
-        private readonly InstitutionConfigurationOptionsService $institutionConfigurationOptionsService,
-        private readonly RegistrationExpirationHelper $expirationHelper
+        private readonly SecondFactorService $secondFactorService,
+        private readonly RegistrationExpirationHelper $registrationExpirationHelper,
     ) {
+        parent::__construct($logger, $configurationOptionsService);
     }
     #[Template('second_factor/list.html.twig')]
     #[Route(path: '/overview', name: 'ss_second_factor_list', methods:  ['GET'])]
     public function list(): array
     {
         $identity = $this->getIdentity();
         $institution = $this->getIdentity()->institution;
-        $options = $this->institutionConfigurationOptionsService
+        $options = $this->configurationOptionsService
             ->getInstitutionConfigurationOptionsFor($institution);
-        $service = $this->secondFactorService;
+
         // Get all available second factors from the config.
         $allSecondFactors = $this->getParameter('ss.enabled_second_factors');
 
-        $expirationHelper = $this->expirationHelper;
-
-        $secondFactors = $service->getSecondFactorsForIdentity(
+        $secondFactors = $this->secondFactorService->getSecondFactorsForIdentity(
             $identity,
             $allSecondFactors,
             $options->allowedSecondFactors,
@@ -87,7 +88,7 @@ public function list(): array
             'verifiedSecondFactors' => $secondFactors->verified,
             'vettedSecondFactors' => $secondFactors->vetted,
             'availableSecondFactors' => $secondFactors->available,
-            'expirationHelper' => $expirationHelper,
+            'expirationHelper' => $this->registrationExpirationHelper,
             'selfAssertedTokenRegistration' => $selfAssertedTokenRegistration,
             'recoveryTokens' => $recoveryTokens,
             'hasRemainingRecoveryTokens' => $hasRemainingTokenTypes,
@@ -106,9 +107,9 @@ public function revoke(Request $request, string $state, string $secondFactorId):
         $identity = $this->getIdentity();
 
         /** @var SecondFactorService $service */
-        $service = $this->get('surfnet_stepup_self_service_self_service.service.second_factor');
+        $service = $this->container->get('surfnet_stepup_self_service_self_service.service.second_factor');
         if (!$service->identityHasSecondFactorOfStateWithId($identity->id, $state, $secondFactorId)) {
-            $this->get('logger')->error(sprintf(
+            $this->container->get('logger')->error(sprintf(
                 'Identity "%s" tried to revoke "%s" second factor "%s", but does not own that second factor',
                 $identity->id,
                 $state,
@@ -138,7 +139,7 @@ public function revoke(Request $request, string $state, string $secondFactorId):
 
         if ($form->isSubmitted() && $form->isValid()) {
             /** @var FlashBagInterface $flashBag */
-            $flashBag = $this->get('session')->getFlashBag();
+            $flashBag = $this->container->get('session')->getFlashBag();
 
             if ($service->revoke($command)) {
                 $flashBag->add('success', 'ss.second_factor.revoke.alert.revocation_successful');

src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/config/services.yaml

@@ -15,21 +15,21 @@ services:
         autowire: true
         tags: [ 'controller.service_arguments' ]
 
-    Surfnet\StepupSelfService\SelfServiceBundle\Controller\SelfVetController:
-        arguments:
-            - "@self_service.test_second_factor_authentication_request_factory"
-            - "@surfnet_stepup_self_service_self_service.service.second_factor"
-            - "@surfnet_stepup.service.second_factor_type"
-            - "@self_service.service.self_vet_marshaller"
-            - '@Surfnet\StepupSelfService\SelfServiceBundle\Service\AuthorizationService'
-            - "@surfnet_saml.hosted.service_provider"
-            - "@self_service.second_factor_test_idp"
-            - "@surfnet_saml.http.redirect_binding"
-            - "@surfnet_saml.http.post_binding"
-            - "@surfnet_stepup.service.loa_resolution"
-            - "@surfnet_saml.logger"
-            - "@request_stack"
-            - "@logger"
+#    Surfnet\StepupSelfService\SelfServiceBundle\Controller\SelfVetController:
+#        arguments:
+#            - "@self_service.test_second_factor_authentication_request_factory"
+#            - "@surfnet_stepup_self_service_self_service.service.second_factor"
+#            - "@surfnet_stepup.service.second_factor_type"
+#            - "@self_service.service.self_vet_marshaller"
+#            - '@Surfnet\StepupSelfService\SelfServiceBundle\Service\AuthorizationService'
+#            - "@surfnet_saml.hosted.service_provider"
+#            - "@self_service.second_factor_test_idp"
+#            - "@surfnet_saml.http.redirect_binding"
+#            - "@surfnet_saml.http.post_binding"
+#            - "@surfnet_stepup.service.loa_resolution"
+#            - "@surfnet_saml.logger"
+#            - "@request_stack"
+#            - "@logger"
 
     Surfnet\StepupSelfService\SelfServiceBundle\Controller\RecoveryTokenController:
         arguments:
@@ -186,14 +186,15 @@ services:
             - '' # See extension
             - [] # See extension
 
-    self_service.service.identity:
-        class: Surfnet\StepupSelfService\SelfServiceBundle\Service\IdentityService
+
+    Surfnet\StepupSelfService\SelfServiceBundle\Service\IdentityService:
         arguments:
             - "@surfnet_stepup_middleware_client.identity.service.identity"
             - "@surfnet_stepup_self_service_self_service.service.command"
             - "@security.token_storage"
             - "@logger"
 
+
     Surfnet\StepupSelfService\SelfServiceBundle\Service\SecondFactorAvailabilityHelper:
         arguments:
             $providerRepository: '@gssp.provider_repository'

src/Surfnet/StepupSelfService/SelfServiceBundle/Security/Authentication/Handler/AuthenticationSuccessHandler.php

@@ -22,6 +22,6 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token)
         $this->authenticatedSessionStateHandler->setCurrentRequestUri($request->getUri());
 
         // @TODO Paul, denk dat je hier naar de /overview of / route moet gaan
-        return new RedirectResponse('/');
+        return new RedirectResponse('/overview');
     }
 }

src/Surfnet/StepupSelfService/SelfServiceBundle/Service/CommandService.php

@@ -18,27 +18,32 @@
 
 namespace Surfnet\StepupSelfService\SelfServiceBundle\Service;
 
+use Surfnet\StepupMiddlewareClient\Service\ExecutionResult;
 use Surfnet\StepupMiddlewareClientBundle\Command\Command;
 use Surfnet\StepupMiddlewareClientBundle\Command\Metadata;
+use Surfnet\StepupMiddlewareClientBundle\Identity\Dto\Identity;
 use Surfnet\StepupMiddlewareClientBundle\Service\CommandService as MiddlewareCommandService;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
 class CommandService
 {
-    public function __construct(private readonly MiddlewareCommandService $commandService, private readonly TokenStorageInterface $tokenStorage)
-    {
+    public function __construct(
+        private readonly MiddlewareCommandService $commandService,
+        private readonly TokenStorageInterface $tokenStorage,
+    ) {
     }
 
-    public function execute(Command $command)
+    public function execute(Command $command): ExecutionResult
     {
         $token = $this->tokenStorage->getToken();
 
-        if (!$token instanceof \Symfony\Component\Security\Core\Authentication\Token\TokenInterface) {
+        if (!$token instanceof TokenInterface) {
             return $this->commandService->execute($command, new Metadata(null, null));
         }
 
-        /** @var \Surfnet\StepupMiddlewareClientBundle\Identity\Dto\Identity $identity */
-        $identity = $token->getUser();
+        /** @var Identity $identity */
+        $identity = $token->getUser()->getIdentity();
 
         return $this->commandService->execute($command, new Metadata($identity->id, $identity->institution));
     }

src/Surfnet/StepupSelfService/SelfServiceBundle/Service/IdentityService.php

@@ -140,7 +140,7 @@ public function switchLocale(SwitchLocaleCommand $command): bool
         }
 
         /** @var Identity $identity */
-        $identity = $token->getUser();
+        $identity = $token->getUser()->getIdentity();
 
         $expressLocalePreferenceCommand = new ExpressLocalePreferenceCommand();
         $expressLocalePreferenceCommand->identityId = $command->identityId;