diff --git a/service-api/app/src/App/src/Handler/OneLoginAuthenticationRequestHandler.php b/service-api/app/src/App/src/Handler/OneLoginAuthenticationRequestHandler.php index ca43f38e67..dfd1e5deff 100644 --- a/service-api/app/src/App/src/Handler/OneLoginAuthenticationRequestHandler.php +++ b/service-api/app/src/App/src/Handler/OneLoginAuthenticationRequestHandler.php @@ -31,15 +31,22 @@ public function handle(ServerRequestInterface $request): ResponseInterface { $requestData = $request->getQueryParams(); + if (empty($requestData['redirect_url'])) { + throw new BadRequestException('Redirect URL must be provided'); + } + if (empty($requestData['ui_locale'])) { throw new BadRequestException('Ui locale must be provided'); } - $ui_locale = strtolower($requestData['ui_locale']); + $redirect_url = $requestData['redirect_url']; + $ui_locale = strtolower($requestData['ui_locale']); if ($ui_locale !== 'en' and $ui_locale !== 'cy') { throw new BadRequestException('ui_locale is not set to en or cy'); } - return new JsonResponse($this->authenticationRequestService->createAuthenticationRequest($ui_locale)); + $authRequest = $this->authenticationRequestService->createAuthenticationRequest($ui_locale, $redirect_url); + + return new JsonResponse($authRequest); } } diff --git a/service-api/app/src/App/src/Service/Authentication/OneLoginAuthenticationRequestService.php b/service-api/app/src/App/src/Service/Authentication/OneLoginAuthenticationRequestService.php index 9ee79f2a8c..e11c3a3c58 100644 --- a/service-api/app/src/App/src/Service/Authentication/OneLoginAuthenticationRequestService.php +++ b/service-api/app/src/App/src/Service/Authentication/OneLoginAuthenticationRequestService.php @@ -22,7 +22,7 @@ public function __construct( ) { } - public function createAuthenticationRequest(string $uiLocale): array + public function createAuthenticationRequest(string $uiLocale, string $redirectURL): array { $cachedBuilder = new MetadataProviderBuilder(); @@ -59,7 +59,7 @@ public function createAuthenticationRequest(string $uiLocale): array [ 'scope' => 'openid email', 'state' => $state, - 'redirect_uri' => 'http://localhost:9002/auth/redirect', //TODO: use dynamic domain UML-3121 + 'redirect_uri' => $redirectURL, 'nonce' => $nonce, 'vtr' => '["Cl.Cm.P2"]', 'ui_locales' => $uiLocale, diff --git a/service-api/app/test/AppTest/Service/Authentication/OneLoginAuthenticationRequestServiceTest.php b/service-api/app/test/AppTest/Service/Authentication/OneLoginAuthenticationRequestServiceTest.php index dfffef47d0..3966ce07ae 100644 --- a/service-api/app/test/AppTest/Service/Authentication/OneLoginAuthenticationRequestServiceTest.php +++ b/service-api/app/test/AppTest/Service/Authentication/OneLoginAuthenticationRequestServiceTest.php @@ -53,15 +53,13 @@ public function create_authentication_request(): void $this->issuerBuilder->reveal(), $this->cacheFactory->reveal(), ); - $authorisationRequest = $authorisationRequestService->createAuthenticationRequest('en'); + $fakeRedirect = 'http://fakehost/auth/redirect'; + $authorisationRequest = $authorisationRequestService->createAuthenticationRequest('en', $fakeRedirect); $authorisationRequestUrl = $authorisationRequest['url']; $this->assertStringContainsString('client_id=client-id', $authorisationRequestUrl); $this->assertStringContainsString('scope=openid+email', $authorisationRequestUrl); $this->assertStringContainsString('vtr=["Cl.Cm.P2"]', urldecode($authorisationRequestUrl)); $this->assertStringContainsString('ui_locales=en', $authorisationRequestUrl); - $this->assertStringContainsString( - 'redirect_uri=http://localhost:9002/auth/redirect', - urldecode($authorisationRequestUrl) - ); + $this->assertStringContainsString('redirect_uri=' . $fakeRedirect, urldecode($authorisationRequestUrl)); } } diff --git a/service-front/app/config/routes.php b/service-front/app/config/routes.php index 0b6ba0892b..d3b3aa4fc4 100644 --- a/service-front/app/config/routes.php +++ b/service-front/app/config/routes.php @@ -100,6 +100,7 @@ $app->get('/session-expired', Actor\Handler\ActorSessionExpiredHandler::class, 'session-expired'); $app->get('/session-check', Actor\Handler\ActorSessionCheckHandler::class, 'session-check'); $app->get('/session-refresh', Common\Handler\SessionRefreshHandler::class, 'session-refresh'); + $app->route('/auth/redirect', Actor\Handler\LoginPageHandler::class, ['GET', 'POST'], 'auth-redirect'); $app->get( '/logout', diff --git a/service-front/app/src/Actor/src/Handler/AuthenticateOneLoginHandler.php b/service-front/app/src/Actor/src/Handler/AuthenticateOneLoginHandler.php index e2c81e26fb..f80f6bbb0c 100644 --- a/service-front/app/src/Actor/src/Handler/AuthenticateOneLoginHandler.php +++ b/service-front/app/src/Actor/src/Handler/AuthenticateOneLoginHandler.php @@ -16,6 +16,7 @@ use Facile\OpenIDClient\Session\AuthSession; use Laminas\Diactoros\Response\HtmlResponse; use Laminas\Diactoros\Response\RedirectResponse; +use Mezzio\Helper\ServerUrlHelper; use Mezzio\Helper\UrlHelper; use Mezzio\Session\SessionMiddleware; use Mezzio\Template\TemplateRendererInterface; @@ -39,6 +40,7 @@ public function __construct( UrlHelper $urlHelper, LoggerInterface $logger, private OneLoginService $authenticateOneLoginService, + private ServerUrlHelper $serverUrlHelper, ) { parent::__construct($renderer, $urlHelper, $logger); } @@ -50,7 +52,9 @@ public function handle(ServerRequestInterface $request): ResponseInterface if ($request->getMethod() === 'POST') { $url = $this->urlHelper->generate(); $uiLocale = (str_contains($url, '/cy/') ? 'cy' : 'en'); - $result = $this->authenticateOneLoginService->authenticate($uiLocale); + $loginUrl = $this->urlHelper->generate('auth-redirect'); + $signInLink = $this->serverUrlHelper->generate($loginUrl); + $result = $this->authenticateOneLoginService->authenticate($uiLocale, $signInLink); $this ->getSession($request, SessionMiddleware::SESSION_ATTRIBUTE) ?->set(self::OIDC_AUTH_INTERFACE, AuthSession::fromArray($result)); diff --git a/service-front/app/src/Common/src/Service/OneLogin/OneLoginService.php b/service-front/app/src/Common/src/Service/OneLogin/OneLoginService.php index f9b643a40c..9af86873f6 100644 --- a/service-front/app/src/Common/src/Service/OneLogin/OneLoginService.php +++ b/service-front/app/src/Common/src/Service/OneLogin/OneLoginService.php @@ -12,10 +12,11 @@ public function __construct(private ApiClient $apiClient) { } - public function authenticate(string $uiLocale): ?array + public function authenticate(string $uiLocale, string $redirectUrl): ?array { return $this->apiClient->httpGet('/v1/auth-one-login', [ - 'ui_locale' => $uiLocale, + 'ui_locale' => $uiLocale, + 'redirect_url' => $redirectUrl, ]); } } diff --git a/service-front/app/test/CommonTest/Service/OneLogin/OneLoginServiceTest.php b/service-front/app/test/CommonTest/Service/OneLogin/OneLoginServiceTest.php index d7a8ab5625..61b86343f9 100644 --- a/service-front/app/test/CommonTest/Service/OneLogin/OneLoginServiceTest.php +++ b/service-front/app/test/CommonTest/Service/OneLogin/OneLoginServiceTest.php @@ -18,12 +18,13 @@ public function can_get_authentication_request_uri(): void { $state = 'STATE'; $nonce = 'aEwkamaos5B'; + $redirect = 'FAKE_REDIRECT'; $uri = '/authorize?response_type=code &scope=YOUR_SCOPES &client_id=YOUR_CLIENT_ID &state=' . $state . - '&redirect_uri=YOUR_REDIRECT_URI - &nonce=' . $nonce . + '&redirect_uri=' . $redirect . + '&nonce=' . $nonce . '&vtr=["Cl.Cm"] &ui_locales=en'; @@ -34,11 +35,12 @@ public function can_get_authentication_request_uri(): void '/v1/auth-one-login', [ 'ui_locale' => 'en', + 'redirect_url' => $redirect, ] )->willReturn(['state' => $state, 'nonce' => $nonce, 'url' => $uri]); $oneLoginService = new OneLoginService($apiClientProphecy->reveal()); - $response = $oneLoginService->authenticate('en'); + $response = $oneLoginService->authenticate('en', $redirect); $this->assertEquals(['state' => $state, 'nonce' => $nonce, 'url' => $uri], $response); } }