Een werkende integratie flow

Author: johanib

app/config/parameters.yml.dist

@@ -316,8 +316,10 @@ parameters:
     ##########################################################################################
     ## SRAM Settings
     ##########################################################################################
-    ## Currently this is used for the outgoing requests with the PDP and AA client
+    ## Config for connecting with SBS server
+    ## base_url must end with /. Locations must not start with /.
     sram.api_token: "xxx"
-    sram.authz_location: "http://127.0.0.1:12345/api"
-    sram.interrupt_location: "/interrupt"
-    sram.entitlements_location: "/entitlements"
+    sram.base_url: "http://127.0.0.1:12345/api/"
+    sram.authz_location: "authz"
+    sram.interrupt_location: "interrupt"
+    sram.entitlements_location: "entitlements"

ci/qa/behat.sh

@@ -16,8 +16,8 @@ echo -e "\nInstalling database fixtures...\n"
 ./app/console doctrine:schema:drop --force --env=ci
 ./app/console doctrine:schema:create --env=ci
 
-echo -e "\nPreparing frontend assets\n"
-EB_THEME=skeune ./theme/scripts/prepare-test.js > /dev/null
+#echo -e "\nPreparing frontend assets\n"
+#EB_THEME=skeune ./theme/scripts/prepare-test.js > /dev/null
 
 chown -R www-data app/cache/
 chmod -R 0777 /tmp/eb-fixtures

library/EngineBlock/Corto/Filter/Command/SRAMTestFilter.php

@@ -1,7 +1,8 @@
 <?php
 
 use OpenConext\EngineBlockBundle\Configuration\FeatureConfigurationInterface;
-use OpenConext\EngineBlockBundle\Sbs\Dto\InterruptRequest;
+use OpenConext\EngineBlockBundle\Exception\InvalidSbsResponseException;
+use OpenConext\EngineBlockBundle\Sbs\Dto\AuthzRequest;
 
 /**
  * Copyright 2021 Stichting Kennisnet
@@ -37,8 +38,6 @@ public function getResponse()
 
     public function execute(): void
     {
-        $this->_response->setSRAMInterruptNonce('hoeuoeu');
-        return;
         if (!$this->getFeatureConfiguration()->isEnabled('eb.feature_enable_sram_interrupt')) {
             return;
         }
@@ -49,20 +48,29 @@ public function execute(): void
 
         try {
             $request = $this->buildRequest();
-            $interruptResponse = $this->getSbsClient()->interruptCheck($request);
+            $interruptResponse = $this->getSbsClient()->authz($request);
 
             if ($interruptResponse->msg === 'interrupt') {
                 // @TODO Consider if this should be an attribute?
                 $this->_response->setSRAMInterruptNonce($interruptResponse->nonce);
             } elseif ($interruptResponse->msg === 'authorized' && !empty($interruptResponse->attributes)) {
                 // @TODO make sure this has test coverage
                 // @TODO Discussed with Bas/Peter: Add list of allowed parameter names via parameters.yml
+                /**
+                 * "eduPersonEntitlement": ["[email protected]", "[email protected]"],
+                 * "eduPersonPrincipalName": ["[email protected]"],
+                 * "uid": ["test_user"],
+                 * "sshkey": ["ssh_key1", "ssh_key2"]
+                 */
                 $this->_responseAttributes = array_merge_recursive(
                     $this->_responseAttributes,
                     $interruptResponse->attributes
                 );
+            } else {
+                throw new InvalidSbsResponseException(sprintf('Invalid SBS response received: %s', $interruptResponse->msg));
             }
         }catch (Throwable $e){
+            die($e->getMessage());
             throw new EngineBlock_Exception_SbsCheckFailed('The SBS server could not be queried: ' . $e->getMessage());
         }
     }
@@ -78,10 +86,10 @@ private function getFeatureConfiguration(): FeatureConfigurationInterface
     }
 
     /**
-     * @return InterruptRequest
+     * @return AuthzRequest
      * @throws EngineBlock_Corto_ProxyServer_Exception
      */
-    private function buildRequest(): InterruptRequest
+    private function buildRequest(): AuthzRequest
     {
         $attributes = $this->getResponseAttributes();
         $id = $this->_request->getId();
@@ -92,7 +100,7 @@ private function buildRequest(): InterruptRequest
         $service_id = $this->_serviceProvider->entityId;
         $issuer_id = $this->_identityProvider->entityId;
 
-        return InterruptRequest::create(
+        return AuthzRequest::create(
             $user_id,
             $continue_url,
             $service_id,

src/OpenConext/EngineBlock/Http/HttpClient.php

@@ -35,6 +35,7 @@ final class HttpClient
      */
     public function __construct(ClientInterface $httpClient)
     {
+//        var_dump($httpClient);
         $this->httpClient = $httpClient;
     }
 

src/OpenConext/EngineBlockBundle/Resources/config/services.yml

@@ -208,6 +208,7 @@ services:
         class: OpenConext\EngineBlockBundle\Sbs\SbsClient
         arguments:
             - "@engineblock.sbs.http_client"
+            - "%sram.base_url%"
             - "%sram.authz_location%"
             - "%sram.interrupt_location%"
             - "%sram.entitlements_location%"
@@ -221,7 +222,7 @@ services:
     engineblock.sbs.guzzle_http_client:
         class: GuzzleHttp\Client
         arguments:
-            - base_uri: "%sram.authz_location%"
+            - base_uri: "%sram.base_url%"
               options:
                   headers:
                         Authentication: "%sram.api_token%"

src/OpenConext/EngineBlockBundle/Sbs/InterruptResponse.php renamed to src/OpenConext/EngineBlockBundle/Sbs/AuthzResponse.php

@@ -20,7 +20,7 @@
 
 use OpenConext\EngineBlockBundle\Exception\InvalidSbsResponseException;
 
-final class InterruptResponse
+final class AuthzResponse
 {
     /**
      * @var string
@@ -37,7 +37,7 @@ final class InterruptResponse
      */
     public $attributes;
 
-    public static function fromData(array $jsonData) : InterruptResponse
+    public static function fromData(array $jsonData) : AuthzResponse
     {
         if (!isset($jsonData['msg'])) {
             throw new InvalidSbsResponseException('Key: "msg" was not found in the SBS response');

src/OpenConext/EngineBlockBundle/Sbs/Dto/InterruptRequest.php renamed to src/OpenConext/EngineBlockBundle/Sbs/Dto/AuthzRequest.php

@@ -21,7 +21,7 @@
 use JsonSerializable;
 use OpenConext\EngineBlock\Assert\Assertion;
 
-final class InterruptRequest implements JsonSerializable
+final class AuthzRequest implements JsonSerializable
 {
     /**
      * @var string
@@ -48,7 +48,7 @@ public static function create(
         string $continueUrl,
         string $serviceId,
         string $issuerId
-    ) : InterruptRequest {
+    ) : AuthzRequest {
         Assertion::string($userId, 'The userId must be a string.');
         Assertion::string($continueUrl, 'The continueUrl must be a string.');
         Assertion::string($serviceId, 'The serviceId must be a string.');

src/OpenConext/EngineBlockBundle/Sbs/Dto/EntitlementsRequest.php

@@ -29,7 +29,7 @@ final class EntitlementsRequest implements JsonSerializable
     public $nonce;
 
     public static function create(
-        string $nonce,
+        string $nonce
     ) : EntitlementsRequest {
         Assertion::string($nonce, 'The nonce must be a string.');
 

src/OpenConext/EngineBlockBundle/Sbs/SbsClient.php

@@ -20,7 +20,7 @@
 
 use OpenConext\EngineBlock\Http\HttpClient;
 use OpenConext\EngineBlockBundle\Sbs\Dto\EntitlementsRequest;
-use OpenConext\EngineBlockBundle\Sbs\Dto\InterruptRequest;
+use OpenConext\EngineBlockBundle\Sbs\Dto\AuthzRequest;
 
 /***
  * @TODO Make sure it has tests
@@ -51,31 +51,38 @@ final class SbsClient implements SbsClientInterface
      */
     private $sbsBaseUrl;
 
+    /**
+     * @var string
+     */
+    private $authzLocation;
+
 
     public function __construct(
         HttpClient $httpClient,
         string $sbsBaseUrl,
+        string $authzLocation,
         string $interruptLocation,
         string $entitlementsLocation,
         string $apiToken
     ) {
         $this->httpClient = $httpClient;
         $this->sbsBaseUrl = $sbsBaseUrl;
+        $this->authzLocation = $authzLocation;
         $this->interruptLocation = $interruptLocation;
         $this->entitlementsLocation = $entitlementsLocation;
         $this->apiToken = $apiToken;
     }
 
-    public function interruptCheck(InterruptRequest $request): InterruptResponse
+    public function authz(AuthzRequest $request): AuthzResponse
     {
         $jsonData = $this->httpClient->post(
             json_encode($request),
-            $this->interruptLocation,
+            $this->authzLocation,
             [],
             $this->requestHeaders()
         );
 
-        return InterruptResponse::fromData($jsonData);
+        return AuthzResponse::fromData($jsonData);
     }
 
     public function requestEntitlementsFor(EntitlementsRequest $request): EntitlementsResponse

src/OpenConext/EngineBlockBundle/Sbs/SbsClientInterface.php

@@ -19,12 +19,13 @@
 namespace OpenConext\EngineBlockBundle\Sbs;
 
 use OpenConext\EngineBlockBundle\Sbs\Dto\EntitlementsRequest;
-use OpenConext\EngineBlockBundle\Sbs\Dto\InterruptRequest;
+use OpenConext\EngineBlockBundle\Sbs\Dto\AuthzRequest;
 
 interface SbsClientInterface
 {
     public function getInterruptLocationLink(string $nonce);
 
     public function requestEntitlementsFor(EntitlementsRequest $request) : EntitlementsResponse;
-    public function interruptCheck(InterruptRequest $request) : InterruptResponse;
+
+    public function authz(AuthzRequest $request) : AuthzResponse;
 }