Remove identity verification code and tests. (#2540)

ministryofjustice · Mar 12, 2024 · 6a51e04 · 6a51e04
1 parent d6e9489
commit 6a51e04
Show file tree

Hide file tree

Showing 15 changed files with 4 additions and 471 deletions.
diff --git a/service-api/app/features/context/Acceptance/OidcContext.php b/service-api/app/features/context/Acceptance/OidcContext.php
@@ -174,12 +174,8 @@ public function iAmRedirectedToTheOneLoginService(): void
         Assert::assertSame('http://sut', $query['redirect_uri']);
         Assert::assertSame($response['state'], $query['state']);
         Assert::assertSame($response['nonce'], $query['nonce']);
-        Assert::assertSame('["Cl.Cm.P2"]', $query['vtr']);
+        Assert::assertSame('["Cl.Cm"]', $query['vtr']);
         Assert::assertSame('en', $query['ui_locales']);
-        Assert::assertSame(
-            '{"userinfo":{"https://vocab.account.gov.uk/v1/coreIdentityJWT":null}}',
-            $query['claims']
-        );
     }
 
     /**
@@ -268,16 +264,6 @@ function (RequestInterface $request): ResponseInterface {
             },
         );
 
-        /** @link AbstractKeyPairManager::fetchKeyPairFromSecretsManager() */
-        $this->awsFixtures->append(
-            function (Command $command): ResultInterface {
-                Assert::assertSame('GetSecretValue', $command->getName());
-                Assert::assertSame('gov_uk_onelogin_userinfo_public_key', $command['SecretId']);
-
-                return new Result(['SecretString' => $this->oneLoginOutOfBandPublicKey]);
-            }
-        );
-
         /** @link ActorUsers::getByIdentity() */
         $this->awsFixtures->append(
             new Result(

diff --git a/service-api/app/src/App/src/ConfigProvider.php b/service-api/app/src/App/src/ConfigProvider.php
@@ -66,7 +66,6 @@ public function getDependencies(): array
                 // these two KeyPairManagers need explicitly autowiring so that they're recognised
                 // when setup in the delegators section. This is a PHP-DI specific configuration
                 Service\Authentication\KeyPairManager\OneLoginIdentityKeyPairManager::class,
-                Service\Authentication\KeyPairManager\OneLoginUserInfoKeyPairManager::class,
             ],
             'factories'  => [
                 // Services
@@ -98,8 +97,6 @@ public function getDependencies(): array
                 // One Login
                 Service\Authentication\AuthorisationClientManager::class
                     => Service\Authentication\AuthorisationClientManagerFactory::class,
-                Service\Authentication\Token\OutOfBandCoreIdentityVerifierBuilder::class
-                    => Service\Authentication\Token\OutOfBandCoreIdentityVerifierBuilderFactory::class,
                 Service\Authentication\UserInfoService::class
                     => Service\Authentication\UserInfoServiceFactory::class,
 
@@ -115,9 +112,6 @@ public function getDependencies(): array
                 Service\Authentication\KeyPairManager\OneLoginIdentityKeyPairManager::class => [
                     Service\Authentication\KeyPairManager\CachedKeyPairManagerDelegatorFactory::class,
                 ],
-                Service\Authentication\KeyPairManager\OneLoginUserInfoKeyPairManager::class => [
-                    Service\Authentication\KeyPairManager\CachedKeyPairManagerDelegatorFactory::class,
-                ],
             ],
         ];
     }

diff --git a/.../app/src/App/src/Service/Authentication/KeyPairManager/OneLoginUserInfoKeyPairManager.php b/.../app/src/App/src/Service/Authentication/KeyPairManager/OneLoginUserInfoKeyPairManager.php
diff --git a/service-api/app/src/App/src/Service/Authentication/OneLoginService.php b/service-api/app/src/App/src/Service/Authentication/OneLoginService.php
@@ -46,9 +46,8 @@ public function createAuthenticationRequest(string $uiLocale, string $redirectUR
                 'state'        => $state,
                 'redirect_uri' => $redirectURL,
                 'nonce'        => $nonce,
-                'vtr'          => '["Cl.Cm.P2"]',
+                'vtr'          => '["Cl.Cm"]',
                 'ui_locales'   => $uiLocale,
-                'claims'       => '{"userinfo":{"' . self::CORE_IDENTITY_JWT . '":null}}',
             ]
         );
 
@@ -88,13 +87,6 @@ public function handleCallback(
         }
 
         $info = $this->userInfoService->getUserInfo($tokens);
-        if (! array_key_exists(self::CORE_IDENTITY_JWT, $info)) {
-            throw new AuthorisationServiceException(
-                'Identity information not returned from authorisation service'
-            );
-        }
-
-        $this->userInfoService->processCoreIdentity($info[self::CORE_IDENTITY_JWT]);
 
         return ($this->resolveOAuthUser)($info['sub'], $info['email']);
     }

diff --git a/service-api/app/src/App/src/Service/Authentication/Token/OutOfBandCoreIdentityVerifier.php b/service-api/app/src/App/src/Service/Authentication/Token/OutOfBandCoreIdentityVerifier.php
diff --git a/...api/app/src/App/src/Service/Authentication/Token/OutOfBandCoreIdentityVerifierBuilder.php b/...api/app/src/App/src/Service/Authentication/Token/OutOfBandCoreIdentityVerifierBuilder.php
diff --git a/.../src/App/src/Service/Authentication/Token/OutOfBandCoreIdentityVerifierBuilderFactory.php b/.../src/App/src/Service/Authentication/Token/OutOfBandCoreIdentityVerifierBuilderFactory.php
diff --git a/service-api/app/src/App/src/Service/Authentication/UserInfoService.php b/service-api/app/src/App/src/Service/Authentication/UserInfoService.php
@@ -25,9 +25,6 @@ class UserInfoService
     public function __construct(
         private FacileUserInfoServiceBuilder $userInfoServiceBuilder,
         private AuthorisationClientManager $authorisationClientManager,
-        private KeyPairManagerInterface $outOfBandKeyManager,
-        private JWKFactory $jwkFactory,
-        private OutOfBandCoreIdentityVerifierBuilder $identityVerifierFactory,
     ) {
     }
 
@@ -52,26 +49,4 @@ public function getUserInfo(TokenSetInterface $tokenSet): array
             );
         }
     }
-
-    /**
-     * @param string $jwt A signed and encoded JWT to be verified
-     * @return array
-     * @throws AuthorisationServiceException
-     */
-    public function processCoreIdentity(string $jwt): array
-    {
-        try {
-            return $this->identityVerifierFactory
-                ->build(
-                    $this->authorisationClientManager->get(),
-                    ($this->jwkFactory)($this->outOfBandKeyManager),
-                )->verify($jwt);
-        } catch (Throwable $e) {
-            throw new AuthorisationServiceException(
-                'Error encountered whilst verifying userinfo from OIDC service',
-                500,
-                $e
-            );
-        }
-    }
 }
diff --git a/service-api/app/src/App/src/Service/Authentication/UserInfoServiceFactory.php b/service-api/app/src/App/src/Service/Authentication/UserInfoServiceFactory.php
@@ -17,9 +17,6 @@ public function __invoke(ContainerInterface $container, $requestedName, ?array $
         return new UserInfoService(
             $container->get(UserInfoServiceBuilder::class),
             $container->get(AuthorisationClientManager::class),
-            $container->get(OneLoginUserInfoKeyPairManager::class), // defined as KeyPairManagerInterface in class
-            $container->get(JWKFactory::class),
-            $container->get(OutOfBandCoreIdentityVerifierBuilder::class),
         );
     }
 }
diff --git a/service-api/app/src/App/src/Service/User/ResolveOAuthUser.php b/service-api/app/src/App/src/Service/User/ResolveOAuthUser.php
@@ -33,6 +33,7 @@ public function __construct(
      * @param string $identity
      * @param string $email
      * @return array
+     * @psalm-return ActorUser
      * @throws CreationException|ConflictException|NotFoundException
      */
     public function __invoke(string $identity, string $email): array

diff --git a/service-api/app/test/AppTest/Service/Authentication/KeyPairManager/KeyPairManagerTest.php b/service-api/app/test/AppTest/Service/Authentication/KeyPairManager/KeyPairManagerTest.php
@@ -24,9 +24,6 @@ class KeyPairManagerTest extends TestCase
     private ObjectProphecy|SecretsManagerClient $secretsManagerClient;
     private ObjectProphecy|LoggerInterface $logger;
 
-    public const PUBLIC_KEY  = 'gov_uk_onelogin_identity_public_key';
-    public const PRIVATE_KEY = 'gov_uk_onelogin_identity_private_key';
-
     public function setUp(): void
     {
         $this->secretsManagerClient = $this->prophesize(SecretsManagerClient::class);
@@ -45,11 +42,6 @@ public function setUp(): void
     public function keyPairManagerTypes(): array
     {
         return [
-            'OneLoginUserInfoKeyPairManager' => [
-                'type'      => OneLoginUserInfoKeyPairManager::class,
-                'algorithm' => 'ES256',
-                'public'    => 'gov_uk_onelogin_userinfo_public_key',
-            ],
             'OneLoginIdentityKeyPairManager' => [
                 'type'      => OneLoginIdentityKeyPairManager::class,
                 'algorithm' => 'RS256',