Merge pull request #1992 from OpenConext/feature/EB-1758_declutter-error-handler

Consolidate simple feedback routes into generic feedbackAction

Author: johanib

CHANGELOG.md

@@ -15,6 +15,46 @@ the EngineBlock wiki.
 Features:
 * Added `coin:azure_domain_hint` configuration option for IdPs. When set, EngineBlock appends a `whr=<domain>` query parameter to the HTTP-Redirect AuthnRequest sent to the IdP, allowing Microsoft Azure / EntraID to skip the account picker (#1864).
 
+### Translation key changes
+
+The following translation keys have been renamed. If you have overridden any of these in your theme translations (`theme/{name}/translations/messages.*.php`), update the key names accordingly.
+
+| Old key                                     | New key                                |
+|---------------------------------------------|----------------------------------------|
+| `error_no_message`                          | `error_unable_to_receive_message`      |
+| `error_no_message_desc`                     | `error_unable_to_receive_message_desc` |
+| `error_stepup_callout_unknown_title`        | `error_stepup_callout_unknown`         |
+| `error_stepup_callout_user_cancelled_title` | `error_stepup_callout_user_cancelled`  |
+
+#### `error_invalid_acs_location`
+
+The `error_invalid_acs_location` translation key has changed meaning. Previously it held the **error description** text. It now holds the **page title**.
+
+If you have overridden this key in your theme translations (`theme/{name}/translations/messages.*.php`), rename it to `error_invalid_acs_location_desc` and add a new `error_invalid_acs_location` entry for the page title.
+
+**Before:**
+```php
+'error_invalid_acs_location' => 'Your custom description text.',
+```
+
+**After:**
+```php
+'error_invalid_acs_location'      => 'Error - Invalid ACS location',
+'error_invalid_acs_location_desc' => 'Your custom description text.',
+```
+
+See https://github.com/OpenConext/OpenConext-engineblock/issues/1758
+
+### HTTP status code changes
+
+The following feedback pages previously returned HTTP **200 OK** and now return HTTP **400 Bad Request**.
+
+| URL                                                   | Before | After |
+|-------------------------------------------------------|--------|-------|
+| `/authentication/feedback/invalid-acs-binding`        | 200    | 400   |
+| `/authentication/feedback/received-error-status-code` | 200    | 400   |
+
+
 ## UNRELEASED 7.2.0
 Upgrade to Symfony 7.4
 Upgrade to `doctrine/dbal` 4

ci/qa/phpunit.sh

@@ -18,7 +18,7 @@ XDEBUG_MODE=coverage ./vendor/bin/phpunit --configuration=./tests/phpunit.xml --
 echo -e "\nPHPUnit unit tests\n"
 XDEBUG_MODE=coverage ./vendor/bin/phpunit --configuration=./tests/phpunit.xml --testsuite=unit --coverage-clover coverage.xml
 
-echo -e "\nPHPUnit API acceptance tests\n"
+echo -e "\nPHPUnit acceptance tests\n"
 ./bin/console cache:clear --env=test --no-warmup
 APP_ENV=test XDEBUG_MODE=coverage ./vendor/bin/phpunit --configuration=./tests/phpunit.xml --testsuite=functional --coverage-clover coverage.xml
 

config/services/ci/controllers.yml

@@ -26,6 +26,7 @@ services:
         arguments:
             - '@twig'
             - '@OpenConext\EngineBlock\Service\FeedbackStateHelper'
+            - '@OpenConext\EngineBlockBundle\Controller\FeedbackController'
 
     engineblock.functional_test.controller.consent:
         class: OpenConext\EngineBlockFunctionalTestingBundle\Controllers\ConsentController

languages/messages.en.php

@@ -176,9 +176,10 @@
     'error_authorization_policy_violation_desc_no_name' => 'You cannot use this service because your %organisationNoun% limits access to this service (the "Service Provider") with an authorization policy. Please contact the helpdesk of your %organisationNoun% if you think you should be allowed access to this service.',
     'error_authorization_policy_violation_info'       => 'Message from %idpName%: ',
     'error_authorization_policy_violation_info_no_idp_name'       => 'Message from your %organisationNoun%: ',
-    'error_no_message'              => 'Error - No message received',
-    'error_no_message_desc'         => 'We were expecting a SAML message, but did not get one. Something went wrong. Please try again.',
-    'error_invalid_acs_location'    => 'The given "Assertion Consumer Service" is unknown or invalid.',
+    'error_unable_to_receive_message'      => 'Error - No message received',
+    'error_unable_to_receive_message_desc' => 'We were expecting a SAML message, but did not get one. Something went wrong. Please try again.',
+    'error_invalid_acs_location'    => 'Error - Invalid ACS location',
+    'error_invalid_acs_location_desc' => 'The given "Assertion Consumer Service" is unknown or invalid.',
     'error_invalid_acs_binding'     => 'Error - Invalid ACS binding type',
     'error_invalid_acs_binding_desc'     => 'The provided or configured "Assertion Consumer Service" Binding Type is unknown or invalid.',
     'error_unsupported_signature_method' => 'Error - Signature method is not supported',
@@ -263,13 +264,13 @@
     'error_clock_issue_title' => 'Error - The Assertion is not yet valid or has expired',
     'error_clock_issue_desc' => 'This is likely because the difference in time between %idpName% and %suiteName% it too large. Please verify that the time on the %organisationNoun% is correct.',
     'error_clock_issue_desc_no_idp_name' => 'This is likely because the difference in time between %organisationNoun% and %suiteName% it too large. Please verify that the time on the IdP is correct.',
-    'error_stepup_callout_unknown_title' => 'Error - Unknown strong authentication failure',
-    'error_stepup_callout_unknown_desc' => 'Logging in with strong authentication has failed and we don\'t know exactly why . Please try again first by going back to the service and logging in again . If this doesn\'t work, please contact the service desk of your %organisationNoun%.',
+    'error_stepup_callout_unknown' => 'Error - Unknown strong authentication failure',
+    'error_stepup_callout_unknown_desc' => 'Logging in with strong authentication has failed and we don\'t know exactly why. Please try again first by going back to the service and logging in again. If this doesn\'t work, please contact the service desk of your %organisationNoun%.',
     'error_stepup_callout_unmet_loa_title' => 'Error - No suitable token found',
     'error_stepup_callout_unmet_loa_desc' => 'To continue to this service, a registered token with a certain level of assurance is required. Currently, you either haven\'t registered a token at all, or the level of assurance of the token you did register is too low. See the link below for more information about the registration process.',
     'error_stepup_callout_unmet_loa_link_text' => 'Read more about the registration process.',
     'error_stepup_callout_unmet_loa_link_target' => 'https://support.surfconext.nl/stepup-noauthncontext-en',
-    'error_stepup_callout_user_cancelled_title' => 'Error - Logging in cancelled',
+    'error_stepup_callout_user_cancelled' => 'Error - Logging in cancelled',
     'error_stepup_callout_user_cancelled_desc' => 'You have aborted the login process. Go back to the service if you want to try again.',
     'error_metadata_entity_id_not_found' => 'Metadata can not be generated',
     'error_metadata_entity_id_not_found_desc' => 'The following error occurred: %message%',

languages/messages.nl.php

@@ -176,9 +176,10 @@
     'error_authorization_policy_violation_desc_no_name'       => 'Neem contact op met de helpdesk van je eigen %organisationNoun% als je toegang tot deze dienst wilt. Vermeld daarbij op welke dienst je probeerde in te loggen en dat je werd tegengehouden door een autorisatieregel van %suiteName%, geconfigureerd door jouw eigen %organisationNoun%.',
     'error_authorization_policy_violation_info'       => 'Bericht van %idpName%: ',
     'error_authorization_policy_violation_info_no_idp_name'       => 'Bericht van je %organisationNoun%: ',
-    'error_no_message'                  => 'Fout - Geen bericht ontvangen',
-    'error_no_message_desc'             => 'We verwachtten een SAML bericht, maar we hebben er geen ontvangen. Er is iets fout gegaan. Probeer het alstublieft opnieuw.',
-    'error_invalid_acs_location'        => 'De opgegeven "Assertion Consumer Service" is onjuist of bestaat niet.',
+    'error_unable_to_receive_message'      => 'Fout - Geen bericht ontvangen',
+    'error_unable_to_receive_message_desc' => 'We verwachtten een SAML bericht, maar we hebben er geen ontvangen. Er is iets fout gegaan. Probeer het alstublieft opnieuw.',
+    'error_invalid_acs_location'        => 'Fout - Ongeldige ACS locatie',
+    'error_invalid_acs_location_desc'   => 'De opgegeven "Assertion Consumer Service" is onjuist of bestaat niet.',
     'error_invalid_acs_binding'        => 'Fout - Onjuist ACS binding type',
     'error_invalid_acs_binding_desc'        => 'Het opgegeven of geconfigureerde "Assertion Consumer Service" Binding Type is onjuist of bestaat niet.',
     'error_unsupported_signature_method' => 'Fout - Ondertekeningsmethode wordt niet ondersteund',
@@ -261,13 +262,13 @@
     'error_clock_issue_title' => 'Fout - De Assertion is nog niet geldig of is verlopen',
     'error_clock_issue_desc' => 'Dit komt waarschijnlijk doordat de tijd tussen %idpName% en %suiteName% te ver uiteen loopt. Controleer de tijd op de %organisationNoun%.',
     'error_clock_issue_desc_no_idp_name' => 'Dit komt waarschijnlijk doordat de tijd tussen de %organisationNoun% en %suiteName% te ver uiteen loopt. Controleer de tijd op de IdP.',
-    'error_stepup_callout_unknown_title' => 'Fout - Onbekend sterke authenticatie probleem',
+    'error_stepup_callout_unknown' => 'Fout - Onbekend sterke authenticatie probleem',
     'error_stepup_callout_unknown_desc' => 'Inloggen met sterke authenticatie is niet gelukt en we weten niet precies waarom. Probeer het eerst eens opnieuw door terug te gaan naar de dienst en opnieuw in te loggen. Lukt dit niet, neem dan contact op met de helpdesk van je %organisationNoun%.',
     'error_stepup_callout_unmet_loa_title' => 'Fout - Geen geschikt token gevonden',
     'error_stepup_callout_unmet_loa_desc' => 'Om toegang te krijgen tot deze dienst heb je een geregistreerd token nodig met een bepaald zekerheidsniveau. Je hebt nu ofwel geen token geregistreerd, of het zekerheidsniveau van het token dat je hebt geregistreerd is te laag. Volg de link hieronder voor meer informatie over het registratieproces.',
     'error_stepup_callout_unmet_loa_link_text' => 'Lees meer over het registratieproces.',
     'error_stepup_callout_unmet_loa_link_target' => 'https://support.surfconext.nl/stepup-noauthncontext-nl',
-    'error_stepup_callout_user_cancelled_title' => 'Fout - Inloggen afgebroken',
+    'error_stepup_callout_user_cancelled' => 'Fout - Inloggen afgebroken',
     'error_stepup_callout_user_cancelled_desc' => 'Je hebt het inloggen afgebroken. Ga terug naar de dienst als je het opnieuw wilt proberen.',
     'error_metadata_entity_id_not_found' => 'Metadata kan niet gegenereerd worden',
     'error_metadata_entity_id_not_found_desc' => 'De volgende fout is opgetreden: %message%',

languages/messages.pt.php

@@ -174,9 +174,10 @@
     'error_authorization_policy_violation_desc_no_name'       => 'Você autenticu-se com sucesso na sua %organisationNoun%, mas infelizmente você não pode utilizar este serviço (o "Fornecedor de Serviço") porque não tem acesso. A sua %organisationNoun% limita o acesso a este serviço com uma política de autorização. Entre em contacto com o suporte da sua %organisationNoun% se acha que deve ser-lhe concedido acesso ao serviço.',
     'error_authorization_policy_violation_info'       => 'Mensagem da %idpName%: ',
     'error_authorization_policy_violation_info_no_idp_name'       => 'Mensagem da sua %organisationNoun%: ',
-    'error_no_message'              => 'Erro - Não foi recebido nenhuma mensagem',
-    'error_no_message_desc'         => 'Estávamos a aguardar uma mensagem, mas não chegou nenhuma? Alguma coisa correu mal. Tente de novo por favor.',
-    'error_invalid_acs_location'    => 'O "Serviço de Consumidor de Asserção" fornecido é desconhecido ou inválido.',
+    'error_unable_to_receive_message'      => 'Erro - Não foi recebido nenhuma mensagem',
+    'error_unable_to_receive_message_desc' => 'Estávamos a aguardar uma mensagem, mas não chegou nenhuma? Alguma coisa correu mal. Tente de novo por favor.',
+    'error_invalid_acs_location'    => 'Erro - Localização ACS inválida',
+    'error_invalid_acs_location_desc' => 'O "Serviço de Consumidor de Asserção" fornecido é desconhecido ou inválido.',
     'error_invalid_acs_binding'     => 'O ACS "Binding Type" é inválido',
     'error_invalid_acs_binding_desc'     => 'O "Binding Type" do "Serviço de Consumidor de Asserção" fornecido ou configurado é desconhecido ou inválido.',
     'error_unsupported_signature_method' => 'O método de assinatura não é suportado',
@@ -255,13 +256,13 @@
     'error_clock_issue_title' => 'Erro - A asserção ainda não é válida ou pode ter expirado',
     'error_clock_issue_desc' => '<p>Por favor, verifique se a hora no IdP está correta.</p>',
     'error_clock_issue_desc_no_idp_name' => '<p>Por favor, verifique se a hora no IdP está correta.</p>',
-    'error_stepup_callout_unknown_title' => 'Erro - falha por autenticação forte desconhecida',
+    'error_stepup_callout_unknown' => 'Erro - falha por autenticação forte desconhecida',
     'error_stepup_callout_unknown_desc' => 'O login com autenticação forte falhou e não sabemos exatamente qual o motivo. Tente aceder de novo ao serviço e efetuar uma nova autenticação. Se voltar a não funcionar, entre em contato com o suporte técnico da sua %organisationNoun%.',
     'error_stepup_callout_unmet_loa_title' => 'Erro - não foi encontrado nenhum token adequado',
     'error_stepup_callout_unmet_loa_desc' => 'Para continuar neste serviço, é necessário que o token registado tenho um determinado nível de confiança. Atualmente, você não tem um token registado, ou o nível de confiança do seu token é muito baixo. Veja o endereço abaixo para mais informações sobre o processo de registo.',
     'error_stepup_callout_unmet_loa_link_text' => 'Leia mais sobre o processo de registro.',
     'error_stepup_callout_unmet_loa_link_target' => 'https://support.surfconext.nl/stepup-noauthncontext',
-    'error_stepup_callout_user_cancelled_title' => 'Erro - Carregamento cancelado',
+    'error_stepup_callout_user_cancelled' => 'Erro - Carregamento cancelado',
     'error_stepup_callout_user_cancelled_desc' => 'Você cancelou o processo de autenticação. Volte ao serviço se você pretender tentar de novo.',
     'error_metadata_entity_id_not_found' => 'Metadata can not be generated',
     'error_metadata_entity_id_not_found_desc' => 'The following error occurred: %message%',