Extract WAYF rendering logic from Corto into Symfony WayfRenderer service

johanib · johanib · commit a8115aa3e8ee · 2026-04-22T10:54:00.000+02:00
Prior to this change, much of the wayf rendering happened in Corto.

This change moves that logic to the Symfony workspaces.

Benefits:
- Business logic is now in a testable Symfony service with proper DI
- Production (SingleSignOn) and the functional test (WayfController)
  share the exact same rendering path, eliminating logic duplication
- DiContainerRuntime bridge is thinner
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -32,7 +32,6 @@ Changes:
 * A new parameter `wayf.preferred_idp_entity_ids` must be added to `parameters.yml`. To display a set of IdPs prominent at the top of the WAYF, add the entityId's of those IdPs to this parameter.
   * To keep the old behaviour, set the value to `[]`
 
-**Default behaviour (no change):** when the parameter is absent or empty, the WAYF behaves exactly as before.
 * Stabilized consent checks
   * In order to make the consent hashes more robust, a more consistent way of hashing the user attributes has been introduced
   * This feature automatically migrates from the old hashes to the new hashes upon login.
diff --git a/config/services/ci/controllers.yml b/config/services/ci/controllers.yml
@@ -19,7 +19,7 @@ services:
     engineblock.functional_test.controller.wayf:
         class: OpenConext\EngineBlockFunctionalTestingBundle\Controllers\WayfController
         arguments:
-            - '@twig'
+            - '@OpenConext\EngineBlockBundle\Service\WayfRenderer'
 
     engineblock.functional_test.controller.feedback:
         class: OpenConext\EngineBlockFunctionalTestingBundle\Controllers\FeedbackController
diff --git a/config/services/services.yml b/config/services/services.yml
@@ -8,6 +8,9 @@ services:
         arguments:
             $wayfExtension: '@OpenConext\EngineBlockBundle\Twig\Extensions\Extension\Wayf'
 
+    OpenConext\EngineBlockBundle\Service\WayfRenderer:
+        autowire: true
+
     OpenConext\EngineBlockBundle\Bridge\EngineBlockBootstrapper:
         autowire: true
         autoconfigure: true
diff --git a/library/EngineBlock/Corto/Module/Service/SingleSignOn.php b/library/EngineBlock/Corto/Module/Service/SingleSignOn.php
@@ -475,40 +475,21 @@ protected function _showWayf(EngineBlock_Saml2_AuthnRequestAnnotationDecorator $
             $container->getDefaultIdPEntityId()
         );
 
-        $defaultIdPInIdPList = $this->isDefaultIdPPresent($idpList);
-
         $diContainerRuntime = $application->getDiContainerRuntime();
-        $preferredIdpEntityIds = $diContainerRuntime->getPreferredIdpEntityIds();
-        $split = $diContainerRuntime->idpSplitter->split($idpList, $preferredIdpEntityIds);
-        $showPreferredIdps = !empty($split['preferred']);
-        $isDefaultIdpPreferred = in_array($container->getDefaultIdPEntityId(), $preferredIdpEntityIds, true);
-        $showDefaultIdpBanner = (bool) $container->shouldDisplayDefaultIdpBannerOnWayf()
-            && $defaultIdPInIdPList
-            && (!$showPreferredIdps || !$isDefaultIdpPreferred);
-
-        $rememberChoiceFeature = $container->getRememberChoice();
 
-        $viewModel = $diContainerRuntime->wayfViewModelFactory->create(
+        $output = $diContainerRuntime->wayfRenderer->render(
             idpList: $idpList,
-            regularIdpList: $split['regular'],
-            preferredIdpList: $split['preferred'],
-            showPreferredIdps: $showPreferredIdps,
+            preferredIdpEntityIds: $diContainerRuntime->getPreferredIdpEntityIds(),
             action: $action,
-            greenHeader: $serviceProvider->getDisplayName($currentLocale),
-            helpLink: '/authentication/idp/help-discover?lang=' . $currentLocale,
+            currentLocale: $currentLocale,
+            defaultIdpEntityId: $container->getDefaultIdPEntityId(),
+            shouldDisplayBanner: (bool) $container->shouldDisplayDefaultIdpBannerOnWayf(),
             backLink: $container->isUiOptionReturnToSpActive(),
-            cutoffPointForShowingUnfilteredIdps: $container->getCutoffPointForShowingUnfilteredIdps(),
-            showIdPBanner: $showDefaultIdpBanner,
-            rememberChoiceFeature: $rememberChoiceFeature,
+            cutoffPoint: $container->getCutoffPointForShowingUnfilteredIdps(),
+            rememberChoice: $container->getRememberChoice(),
             showRequestAccess: $serviceProvider->getCoins()->displayUnconnectedIdpsWayf(),
             requestId: $request->getId(),
             serviceProvider: $serviceProvider,
-            showRequestAccessContainer: true,
-        );
-
-        $output = $this->twig->render(
-            '@theme/Authentication/View/Proxy/wayf.html.twig',
-            $viewModel->toArray()
         );
         $this->_server->sendOutput($output);
     }
@@ -685,14 +666,4 @@ protected function getEngineSpRole(EngineBlock_Corto_ProxyServer $proxyServer)
         $serviceProvider = $this->_serviceProviderFactory->createEngineBlockEntityFrom($keyId);
         return ServiceProvider::fromServiceProviderEntity($serviceProvider);
     }
-
-    private function isDefaultIdPPresent(array $idpList): bool
-    {
-        foreach ($idpList as $idp) {
-            if ($idp[self::IS_DEFAULT_IDP_KEY] === true) {
-                return true;
-            }
-        }
-        return false;
-    }
 }
diff --git a/src/OpenConext/EngineBlock/Service/Wayf/IdpSplitter.php b/src/OpenConext/EngineBlock/Service/Wayf/IdpSplitter.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright 2025 SURFnet B.V.
+ * Copyright 2026 SURFnet B.V.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
diff --git a/src/OpenConext/EngineBlockBundle/Bridge/DiContainerRuntime.php b/src/OpenConext/EngineBlockBundle/Bridge/DiContainerRuntime.php
@@ -18,8 +18,7 @@
 
 namespace OpenConext\EngineBlockBundle\Bridge;
 
-use OpenConext\EngineBlock\Service\Wayf\IdpSplitter;
-use OpenConext\EngineBlockBundle\Service\WayfViewModelFactory;
+use OpenConext\EngineBlockBundle\Service\WayfRenderer;
 use Twig\Environment;
 
 /**
@@ -33,8 +32,7 @@
 
     public function __construct(
         public Environment $twig,
-        public IdpSplitter $idpSplitter,
-        public WayfViewModelFactory $wayfViewModelFactory,
+        public WayfRenderer $wayfRenderer,
         private array $preferredIdpEntityIds = [],
     ) {
     }
diff --git a/src/OpenConext/EngineBlockBundle/Bridge/EngineBlockBootstrapper.php b/src/OpenConext/EngineBlockBundle/Bridge/EngineBlockBootstrapper.php
@@ -19,8 +19,7 @@
 namespace OpenConext\EngineBlockBundle\Bridge;
 
 use EngineBlock_ApplicationSingleton;
-use OpenConext\EngineBlock\Service\Wayf\IdpSplitter;
-use OpenConext\EngineBlockBundle\Service\WayfViewModelFactory;
+use OpenConext\EngineBlockBundle\Service\WayfRenderer;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\HttpKernel\KernelEvents;
 use Twig\Environment;
@@ -31,11 +30,10 @@ class EngineBlockBootstrapper implements EventSubscriberInterface
 
     public function __construct(
         Environment $twig,
-        IdpSplitter $idpSplitter,
-        WayfViewModelFactory $wayfViewModelFactory,
+        WayfRenderer $wayfRenderer,
         array $preferredIdpEntityIds = [],
     ) {
-        $this->diContainerRuntime = new DiContainerRuntime($twig, $idpSplitter, $wayfViewModelFactory, $preferredIdpEntityIds);
+        $this->diContainerRuntime = new DiContainerRuntime($twig, $wayfRenderer, $preferredIdpEntityIds);
     }
 
     public function onKernelRequest(): void
diff --git a/src/OpenConext/EngineBlockBundle/Service/WayfRenderer.php b/src/OpenConext/EngineBlockBundle/Service/WayfRenderer.php
@@ -0,0 +1,86 @@
+<?php
+
+/**
+ * Copyright 2026 SURFnet B.V.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+declare(strict_types=1);
+
+namespace OpenConext\EngineBlockBundle\Service;
+
+use OpenConext\EngineBlock\Metadata\Entity\ServiceProvider;
+use OpenConext\EngineBlock\Service\Wayf\IdpSplitter;
+use Twig\Environment;
+
+class WayfRenderer
+{
+    public function __construct(
+        private readonly WayfViewModelFactory $factory,
+        private readonly IdpSplitter $splitter,
+        private readonly Environment $twig,
+    ) {
+    }
+
+    /**
+     * @SuppressWarnings(PHPMD.ExcessiveParameterList)
+     */
+    public function render(
+        array $idpList,
+        array $preferredIdpEntityIds,
+        string $action,
+        string $currentLocale,
+        string $defaultIdpEntityId,
+        bool $shouldDisplayBanner,
+        bool $backLink,
+        int $cutoffPoint,
+        bool $rememberChoice,
+        bool $showRequestAccess,
+        string $requestId,
+        ServiceProvider $serviceProvider,
+    ): string {
+        $split = $this->splitter->split($idpList, $preferredIdpEntityIds);
+        $showPreferredIdps = !empty($split['preferred']);
+        $isDefaultIdpPreferred = in_array($defaultIdpEntityId, $preferredIdpEntityIds, true);
+
+        $showIdPBanner = $shouldDisplayBanner
+            && $this->isDefaultIdpPresent($idpList)
+            && (!$showPreferredIdps || !$isDefaultIdpPreferred);
+
+        $viewModel = $this->factory->create(
+            idpList: $idpList,
+            regularIdpList: $split['regular'],
+            preferredIdpList: $split['preferred'],
+            showPreferredIdps: $showPreferredIdps,
+            action: $action,
+            greenHeader: $serviceProvider->getDisplayName($currentLocale),
+            helpLink: '/authentication/idp/help-discover?lang=' . $currentLocale,
+            backLink: $backLink,
+            cutoffPointForShowingUnfilteredIdps: $cutoffPoint,
+            showIdPBanner: $showIdPBanner,
+            rememberChoiceFeature: $rememberChoice,
+            showRequestAccess: $showRequestAccess,
+            requestId: $requestId,
+            serviceProvider: $serviceProvider,
+            showRequestAccessContainer: true,
+        );
+
+        return $this->twig->render('@theme/Authentication/View/Proxy/wayf.html.twig', $viewModel->toArray());
+    }
+
+    private function isDefaultIdpPresent(array $idpList): bool
+    {
+        return array_any($idpList, fn($idp) => ($idp['isDefaultIdp'] ?? false) === true);
+    }
+}
diff --git a/src/OpenConext/EngineBlockBundle/Service/WayfViewModelFactory.php b/src/OpenConext/EngineBlockBundle/Service/WayfViewModelFactory.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright 2025 SURFnet B.V.
+ * Copyright 2026 SURFnet B.V.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
diff --git a/src/OpenConext/EngineBlockBundle/ViewModel/WayfViewModel.php b/src/OpenConext/EngineBlockBundle/ViewModel/WayfViewModel.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright 2025 SURFnet B.V.
+ * Copyright 2026 SURFnet B.V.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
diff --git a/src/OpenConext/EngineBlockFunctionalTestingBundle/Controllers/WayfController.php b/src/OpenConext/EngineBlockFunctionalTestingBundle/Controllers/WayfController.php
@@ -18,14 +18,12 @@
 
 namespace OpenConext\EngineBlockFunctionalTestingBundle\Controllers;
 
-use OpenConext\EngineBlock\Service\Wayf\IdpSplitter;
-use OpenConext\EngineBlockBundle\Service\WayfViewModelFactory;
+use OpenConext\EngineBlockBundle\Service\WayfRenderer;
 use OpenConext\EngineBlockFunctionalTestingBundle\Helper\TestEntitySeeder;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
-use Twig\Environment;
 
 /**
  * @package OpenConext\EngineBlockFunctionalTestingBundle\Controllers
@@ -34,9 +32,7 @@
 class WayfController extends AbstractController
 {
     public function __construct(
-        private readonly Environment $twig,
-        private readonly IdpSplitter $idpSplitter,
-        private readonly WayfViewModelFactory $wayfViewModelFactory,
+        private readonly WayfRenderer $wayfRenderer,
     ) {
     }
 
@@ -50,7 +46,7 @@ public function wayfAction(Request $request)
         $rememberChoiceFeature = $request->query->getBoolean('rememberChoiceFeature');
         $cutoffPointForShowingUnfilteredIdps = $request->query->getInt('cutoffPointForShowingUnfilteredIdps', 100);
         $showIdPBanner = $request->query->getBoolean('showIdPBanner', true);
-        $defaultIdpEntityId = $request->query->get('defaultIdpEntityId');
+        $defaultIdpEntityId = $request->query->get('defaultIdpEntityId', '');
         $preferredIdpEntityIds = $request->query->all('preferredIdpEntityIds');
 
         $connectedIdps = $request->query->getInt('connectedIdps', 5);
@@ -61,36 +57,22 @@ public function wayfAction(Request $request)
             ? TestEntitySeeder::buildIdps($connectedIdps, $unconnectedIdps, $currentLocale, $defaultIdpEntityId, $addDiscoveries)
             : TestEntitySeeder::buildRandomIdps($randomIdps, $currentLocale, $defaultIdpEntityId);
 
-        $split = $this->idpSplitter->split($idpList, $preferredIdpEntityIds);
-        $preferredIdpList = $split['preferred'];
-        $regularIdpList = $split['regular'];
-        $showPreferredIdps = !empty($preferredIdpList);
-
-        $isDefaultIdpPreferred = in_array($defaultIdpEntityId, $preferredIdpEntityIds, true);
-        $showIdPBanner = $showIdPBanner && (!$showPreferredIdps || !$isDefaultIdpPreferred);
-
-        $viewModel = $this->wayfViewModelFactory->create(
+        $output = $this->wayfRenderer->render(
             idpList: $idpList,
-            regularIdpList: $regularIdpList,
-            preferredIdpList: $preferredIdpList,
-            showPreferredIdps: $showPreferredIdps,
+            preferredIdpEntityIds: $preferredIdpEntityIds,
             action: $this->generateUrl('functional_testing_handle_wayf'),
-            greenHeader: $currentLocale,
-            helpLink: '/authentication/idp/help-discover?lang=' . $currentLocale,
+            currentLocale: $currentLocale,
+            defaultIdpEntityId: $defaultIdpEntityId,
+            shouldDisplayBanner: $showIdPBanner,
             backLink: $backLink,
-            cutoffPointForShowingUnfilteredIdps: $cutoffPointForShowingUnfilteredIdps,
-            showIdPBanner: $showIdPBanner,
-            rememberChoiceFeature: $rememberChoiceFeature,
+            cutoffPoint: $cutoffPointForShowingUnfilteredIdps,
+            rememberChoice: $rememberChoiceFeature,
             showRequestAccess: $displayUnconnectedIdpsWayf,
             requestId: 'bogus-request-id',
             serviceProvider: TestEntitySeeder::buildSp(),
-            showRequestAccessContainer: true,
         );
 
-        return new Response($this->twig->render(
-            '@theme/Authentication/View/Proxy/wayf.html.twig',
-            $viewModel->toArray()
-        ));
+        return new Response($output);
     }
 
     public function handleWayfAction(Request $request)
diff --git a/tests/e2e/cypress/integration/skeune/wayf/wayf.keyboard.spec.js b/tests/e2e/cypress/integration/skeune/wayf/wayf.keyboard.spec.js
@@ -63,7 +63,7 @@ context('WAYF when using the keyboard', () => {
   // todo if html spec is changed, or cypress fixes bug 6207, get rid of the manual focus on search.  See https://github.com/cypress-io/cypress/issues/6207
   describe('Should be able to traverse the remaining idp section with arrow keys', () => {
     it('check if pressing down works as expected', () => {
-      cy.visit('https://engine.dev.openconext.local/functional-testing/wayf?showIdpBanner=1');
+      cy.visit('https://engine.dev.openconext.local/functional-testing/wayf?showIdpBanner=1&defaultIdpEntityId=https://example.com/entityId/1');
       cy.get(searchFieldSelector).focus();
       cy.pressArrowOnIdpList('down', searchFieldClass);
       cy.pressArrowOnIdpList('down', defaultIdpClass);
@@ -78,7 +78,7 @@ context('WAYF when using the keyboard', () => {
     });
 
     it('check if pressing up works as expected', () => {
-      cy.visit('https://engine.dev.openconext.local/functional-testing/wayf?showIdpBanner=1');
+      cy.visit('https://engine.dev.openconext.local/functional-testing/wayf?showIdpBanner=1&defaultIdpEntityId=https://example.com/entityId/1');
       cy.get(searchFieldSelector).focus();
       cy.pressArrowOnIdpList('up', searchFieldClass);
       cy.pressArrowOnIdpList('up', idpClass, '7');
@@ -183,7 +183,7 @@ context('WAYF when using the keyboard', () => {
 
   describe('Should have a working default Idp Banner', () => {
     it('Should have a default Idp banner visible', () => {
-      cy.visit('https://engine.dev.openconext.local/functional-testing/wayf?showIdpBanner=1');
+      cy.visit('https://engine.dev.openconext.local/functional-testing/wayf?showIdpBanner=1&defaultIdpEntityId=https://example.com/entityId/1');
       cy.beVisible(defaultIdpSelector);
     });
 
diff --git a/tests/e2e/cypress/integration/skeune/wayf/wayf.mouse.spec.js b/tests/e2e/cypress/integration/skeune/wayf/wayf.mouse.spec.js
@@ -85,7 +85,7 @@ context('WAYF when using the mouse', () => {
 
   describe('Should have a working default Idp Banner', () => {
     it('Should have a default Idp banner visible', () => {
-      cy.visit('https://engine.dev.openconext.local/functional-testing/wayf?showIdpBanner=1');
+      cy.visit('https://engine.dev.openconext.local/functional-testing/wayf?showIdpBanner=1&defaultIdpEntityId=https://example.com/entityId/1');
       cy.get(defaultIdpSelector).should('be.visible');
     });
 
diff --git a/tests/e2e/cypress/integration/skeune/wayf/wayf.preferred.spec.js b/tests/e2e/cypress/integration/skeune/wayf/wayf.preferred.spec.js
@@ -79,7 +79,7 @@ describe('Preferred IdPs with previous selection', () => {
 
 describe('Three display scenarios', () => {
     it('scenario 1: no preferred IdPs: banner visible, preferred section absent', () => {
-        cy.visit(`${WAYF}?showIdPBanner=1`);
+        cy.visit(`${WAYF}?showIdPBanner=1&defaultIdpEntityId=${encodeURIComponent(ENTITY_1)}`);
         cy.get(defaultIdpInformational).should('be.visible');
         cy.get(preferredIdpsSectionSelector).should('not.exist');
     });
diff --git a/tests/library/EngineBlock/Test/Corto/Module/BindingsTest.php b/tests/library/EngineBlock/Test/Corto/Module/BindingsTest.php
@@ -19,9 +19,8 @@
 use Mockery as m;
 use Mockery\Adapter\Phpunit\MockeryPHPUnitIntegration;
 use OpenConext\EngineBlock\Metadata\Entity\ServiceProvider;
-use OpenConext\EngineBlock\Service\Wayf\IdpSplitter;
 use OpenConext\EngineBlockBundle\Bridge\DiContainerRuntime;
-use OpenConext\EngineBlockBundle\Service\WayfViewModelFactory;
+use OpenConext\EngineBlockBundle\Service\WayfRenderer;
 use PHPUnit\Framework\TestCase;
 use SAML2\Assertion;
 use SAML2\Assertion\Validation\ConstraintValidator\NotBefore;
@@ -53,7 +52,7 @@ public function setUp(): void
         );
 
         $engineBlock = \EngineBlock_ApplicationSingleton::getInstance();
-        $engineBlock->setDiContainerRuntime(new DiContainerRuntime(Phake::mock(Twig\Environment::class), new IdpSplitter(), Phake::mock(WayfViewModelFactory::class)));
+        $engineBlock->setDiContainerRuntime(new DiContainerRuntime(Phake::mock(Twig\Environment::class), Phake::mock(WayfRenderer::class)));
 
         $this->bindings = new EngineBlock_Corto_Module_Bindings($proxyServer);
     }
diff --git a/tests/unit/OpenConext/EngineBlock/Service/Wayf/IdpSplitterTest.php b/tests/unit/OpenConext/EngineBlock/Service/Wayf/IdpSplitterTest.php
diff --git a/tests/unit/OpenConext/EngineBlockBundle/DiContainerRuntimeTest.php b/tests/unit/OpenConext/EngineBlockBundle/DiContainerRuntimeTest.php
diff --git a/tests/unit/OpenConext/EngineBlockBundle/Service/WayfRendererTest.php b/tests/unit/OpenConext/EngineBlockBundle/Service/WayfRendererTest.php

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`<?php`
`2`	`2`
`3`	`3`	`/**`
`4`		`- * Copyright 2025 SURFnet B.V.`
	`4`	`+ * Copyright 2026 SURFnet B.V.`
`5`	`5`	`*`
`6`	`6`	`* Licensed under the Apache License, Version 2.0 (the "License");`
`7`	`7`	`* you may not use this file except in compliance with the License.`