Merge pull request #174 from silinternational/develop

Release 4.0.0
silinternational · Apr 11, 2019 · fd3392b · fd3392b
2 parents 1969af5 + d722599
commit fd3392b
Show file tree

Hide file tree

Showing 187 changed files with 11,105 additions and 4,950 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,2 +1 @@
 index-test.php
-local.php
diff --git a/.gitignore b/.gitignore
@@ -11,6 +11,7 @@ local.env
 *.local.env
 *.aes
 tracking.env
+codeship.env
 
 # other files
 /application/ocular.phar

diff --git a/.scrutinizer.yml b/.scrutinizer.yml
@@ -1,5 +1,15 @@
 ######## Set this as appropriate for the project. ########
 
+### The following runs the "new" Scrutinizer PHP Analysis which
+### adds a bunch of false errors. Some additional configuration
+### must be needed.
+#build:
+#  nodes:
+#    analysis:
+#      tests:
+#        override:
+#          - php-scrutinizer-run
+
 filter:
     paths:
         - application/*
@@ -134,7 +144,7 @@ coding_style:
 build_failure_conditions:
 
     # No classes/methods with a rating of D or worse.
-    - 'elements.rating(<= D).exists' 
+#    - 'elements.rating(<= D).exists' 
 
     # No more than two new classes/methods with a rating of C.
     - 'elements.rating(<= C).new.count > 2'
@@ -147,37 +157,3 @@ build_failure_conditions:
 
     # Don't let Code Quality Rating drop below 6.
     - 'project.metric("scrutinizer.quality", < 6)'
-
-build:
-    environment:
-        php:
-            version: 7.0.6
-            ini:
-                'variables_order': 'EGPCS'
-
-    dependencies:
-        before:
-            - cd application/ && composer install
-
-    project_setup:
-        before:
-            - mysql -e "CREATE DATABASE idpmgmt"
-
-    tests:
-        override:
-            -
-                command: cp ./common/config/local.test.php ./common/config/local.php
-            -
-                command: mkdir -p runtime/mail
-            -
-                command: ./yii migrate --interactive=0
-                environment: { MYSQL_HOST: '127.0.0.1', MYSQL_USER: 'root', MYSQL_DATABASE: 'idpmgmt', MAILER_USEFILES: true, ALERTS_EMAIL_ENABLED: false, ALERTS_EMAIL: [email protected] }
-            -
-                command: ./yii migrate --interactive=0 --migrationPath=console/migrations-test
-                environment: { MYSQL_HOST: '127.0.0.1', MYSQL_USER: 'root', MYSQL_DATABASE: 'idpmgmt', MAILER_USEFILES: true, ALERTS_EMAIL_ENABLED: false, ALERTS_EMAIL: [email protected] }
-            -
-                command: ./vendor/bin/codecept run unit --coverage --coverage-xml
-                environment: { MYSQL_HOST: '127.0.0.1', MYSQL_USER: 'root', MYSQL_DATABASE: 'idpmgmt', MAILER_USEFILES: true, ALERTS_EMAIL_ENABLED: false, ALERTS_EMAIL: [email protected] }
-                coverage:
-                    file: ./application/tests/_output/coverage.xml
-                    format: php-clover
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,95 @@
+# Change Log
+All notable changes to this project will (in theory) be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/)
+and this project adheres to [Semantic Versioning](http://semver.org/).
+
+## [Unreleased]
+### Added
+- Integrated Personnel\IdBroker component library code
+- Integrated PasswordStore components library code
+- Added "Hide" feature for users with increased privacy concerns
+- Added `PUT /mfa/{mfaId}` endpoint to update MFA labels.
+- Added `invite` option on `/auth/login` for new user invite authentication
+- Added `last_login` to `GET /user/me` response.
+- Added password validation to prohibit passwords disclosed in breaches
+  and those given in a password help video. 
+### Changed
+- Limit access based on whether auth level is reset or login
+- Updated Adldap2 to latest version
+- Moved password recovery method storage to [ID Broker][idp-id-broker]
+- Changed password reuse error response code from 400 to 409
+- Changed expired method verification response code from 400 to 410
+- /auth/login returns 400 for client_id missing, instead of 302
+- Added `uuid` property to `/user/me` response
+- /method/{uid}/verify no longer requires authentication
+- Validation attempt on expired reset now issues a new reset
+- Password change now clears out the auth token if `auth_type` is reset
+- Only provide manager password recovery method if the user
+  has not added and verified others.
+- /mfa/{id}/verify returns the verified mfa object
+### Removed
+- Removed support for phone password recovery methods
+- Removed option to use local emailer. External email service is now required.
+- Removed spouse_email from user model and from password recovery. 
+- Removed cron controller and container
+### Fixed
+- Password reset is now blocked for a locked account
+- The response to /user/me would have incorrect password metadata in a new user scenario.
+- Password expiration was reported incorrectly when setting a new password for a
+  user with mfa enabled.
+
+## [3.0.0] - 2018-07-31
+### Added
+- Added [ID Broker][idp-id-broker] support for manager and spouse email fields
+### Removed
+- Removed support for Insite and Multiple personnel adapters
+
+## [2.2.0] - 2018-05-07
+### Changed
+- Updated Yii2 and SAML2
+
+## [2.1.4] - 2018-01-09
+### Changed
+- Stop sending alerts for password validation errors
+
+## [2.1.3] - 2017-12-14
+### Changed
+- Don't unnecessarily change reset code
+
+## [2.1.2] - 2017-12-09
+### Changed
+- Updated LDAP password store
+
+## [2.1.1] - 2017-12-09
+### Changed
+- Updated LDAP password store
+
+## [2.1.0] - 2017-12-08
+### Added
+- Updated LDAP password store
+
+## [2.0.1] - 2017-12-07
+### Changed
+- Password reuse error fix
+
+## [2.0.0] - 2017-11-27
+### Added
+- Added support for 2-Step Verification (Multi-Factor Authentication or MFA)
+
+## [1.0.0] - 2017-08-30
+### Added
+- Initial version of Password Manager Backend.
+
+[Unreleased]: https://github.com/silinternational/idp-pw-api/compare/3.0.0...HEAD
+[3.0.0]: https://github.com/silinternational/idp-pw-api/compare/2.2.0...3.0.0
+[2.2.0]: https://github.com/silinternational/idp-pw-api/compare/2.1.4...2.2.0
+[2.1.4]: https://github.com/silinternational/idp-pw-api/compare/2.1.3...2.1.4
+[2.1.3]: https://github.com/silinternational/idp-pw-api/compare/2.1.2...2.1.3
+[2.1.2]: https://github.com/silinternational/idp-pw-api/compare/2.1.1...2.1.2
+[2.1.1]: https://github.com/silinternational/idp-pw-api/compare/2.1.0...2.1.1
+[2.1.0]: https://github.com/silinternational/idp-pw-api/compare/2.0.1...2.1.0
+[2.0.1]: https://github.com/silinternational/idp-pw-api/compare/2.0.0...2.0.1
+[2.0.0]: https://github.com/silinternational/idp-pw-api/compare/1.0.0...2.0.0
+[1.0.0]: https://github.com/silinternational/idp-pw-api/commit/1a833338e2995634934e9b9801f0456ec21ba9b2
+[idp-id-broker]: https://github.com/silinternational/idp-id-broker
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM silintl/php7:latest
+FROM silintl/php7:7.2
 MAINTAINER Phillip Shipley <[email protected]>
 
 ENV REFRESHED_AT 2016-04-22
@@ -11,10 +11,6 @@ RUN mkdir -p /data
 RUN rm -f /etc/rsyslog.d/*
 COPY dockerbuild/rsyslog.conf /etc/rsyslog.conf
 
-# Copy in cron configuration
-COPY dockerbuild/idp-cron /etc/cron.d/
-RUN chmod 0644 /etc/cron.d/idp-cron
-
 # get s3-expand
 RUN curl https://raw.githubusercontent.com/silinternational/s3-expand/1.5/s3-expand -o /usr/local/bin/s3-expand
 RUN chmod a+x /usr/local/bin/s3-expand

diff --git a/Makefile b/Makefile
@@ -1,32 +1,26 @@
 start: api
 
-test:
-	make testunit && make testapi
+test: testunit testapi
 
-testunit: composer emailcron rmTestDb upTestDb yiimigratetestDb yiimigratetestDblocal
-	docker-compose run emailcron whenavail emaildb 3306 100 ./yii migrate --interactive=0
-	docker-compose run --rm cli bash -c 'MYSQL_HOST=testDb MYSQL_DATABASE=test ./vendor/bin/codecept run unit'
+testunit: codeship.env composer rmTestDb upTestDb broker ldapload yiimigratetestDb
+	# create folder as user before test creates it as root
+	mkdir -p application/tests/_output
+	docker-compose run --rm unittest
+	sed -i "s|/data/|`pwd`/application/|" application/tests/_output/coverage.xml
 
-# Run testunit first at least once. Otherwise, this will have 5 test failures.
-testapi: upTestDb yiimigratetestDb yiimigratetestDblocal
-	docker-compose up -d zxcvbn
+testapi: upTestDb yiimigratetestDb
+	docker-compose kill broker
+	docker-compose up -d broker
 	docker-compose run --rm apitest
 
-api: upDb composer yiimigrate yiimigratelocal
-	docker-compose up -d api zxcvbn cron phpmyadmin
+api: upDb broker composer yiimigrate api.html
+	docker-compose up -d api zxcvbn phpmyadmin brokerpma emailpma
 
 composer:
-	docker-compose run --rm --user="0:0" cli composer install
+	docker-compose run --rm cli composer install
 
 composerupdate:
-	docker-compose run --rm --user="0:0" cli composer update
-
-dockerpullall:
-	docker pull phpmyadmin/phpmyadmin:latest
-	docker pull silintl/data-volume:latest
-	docker pull silintl/mariadb:latest
-	docker pull silintl/php7:latest
-	docker pull wcjr/zxcvbn-api:1.1.0
+	docker-compose run --rm cli composer update
 
 email:
 	docker-compose up -d email
@@ -63,9 +57,28 @@ rmTestDb:
 upTestDb:
 	docker-compose up -d testDb
 
+broker:
+	docker-compose up -d broker
+
+ldap:
+	docker-compose up -d ldap
+
+ldapload:
+	docker-compose kill ldap
+	docker-compose rm -f ldap
+	docker-compose run --rm ldapload
+
 bounce:
 	docker-compose up -d api
 
 clean:
 	docker-compose kill
-	docker system prune -f
+	docker-compose rm -f
+
+raml2html: api.html
+
+api.html: api.raml
+	docker-compose run --rm raml2html
+
+codeship.env: codeship.aes codeship.env.encrypted
+	jet decrypt codeship.env.encrypted codeship.env