Release/2022.12 - 2FA enabled + info banner

composer.json

@@ -9,7 +9,7 @@
         "ext-json": "*",
         "composer/installers": "^1.9",
         "cpliakas/git-wrapper": "~1.7",
-        "cweagans/composer-patches": "^1.6",
+        "cweagans/composer-patches": "1.7.2",
         "dkarv/mdl-chip-input": "dev-master",
         "drupal/allowed_formats": "^1.2",
         "drupal/antibot": "^1.3",
@@ -91,6 +91,7 @@
         "jacklmoore/autosize": "dev-master",
         "masterminds/html5": "^2.7",
         "ml/json-ld": "^1.1",
+        "openeuropa/oe_authentication": "1.5.1",
         "openeuropa/oe_webtools": "1.7.0",
         "openeuropa/webtools-geocoding-provider": "~0.1",
         "pear/console_table": "~1.3",
@@ -158,7 +159,7 @@
     "config": {
         "sort-packages": true,
         "platform": {
-            "php": "7.1.9"
+            "php": "7.3.28"
         }
     },
     "autoload": {
@@ -349,6 +350,9 @@
             "openeuropa/task-runner": {
                 "Allow to pass array options to 'run' & 'exec' tasks @see https://github.com/openeuropa/task-runner/pull/137": "https://patch-diff.githubusercontent.com/raw/openeuropa/task-runner/pull/137.diff",
                 "Tokens containing digits are not supported @see https://github.com/openeuropa/task-runner/pull/145": "https://patch-diff.githubusercontent.com/raw/openeuropa/task-runner/pull/145.diff"
+            },
+            "openeuropa/oe_authentication": {
+                "Add 2FA to version 1.5": "resources/patch/oe_authentication_2fa_hf_for_1.5.patch"
             }
         }
     },
@@ -361,11 +365,11 @@
             "type": "package",
             "package": {
                 "name": "spdx/license-list-data",
-                "version": "main",
+                "version": "3.12",
                 "source": {
                     "url": "https://github.com/spdx/license-list-data.git",
                     "type": "git",
-                    "reference": "main"
+                    "reference": "3.12"
                 }
             }
         },

config/sync/block.block.eulogin2fabannerinformationblock.yml

@@ -0,0 +1,20 @@
+uuid: 7cf24a72-4db1-4242-8380-1f6abdc7e638
+langcode: en
+status: true
+dependencies:
+  module:
+    - easme_helper
+  theme:
+    - joinup_theme
+id: eulogin2fabannerinformationblock
+theme: joinup_theme
+region: header_profile_menu
+weight: -31
+provider: null
+plugin: eulogin_2fa_banner_block
+settings:
+  id: eulogin_2fa_banner_block
+  label: 'EULogin 2FA banner information block'
+  provider: easme_helper
+  label_display: visible
+visibility: {  }

config/sync/block.block.joinup_theme_account_menu.yml

@@ -13,7 +13,7 @@ _core:
 id: joinup_theme_account_menu
 theme: joinup_theme
 region: header_profile_menu
-weight: -9
+weight: -30
 provider: null
 plugin: 'system_menu_block:account'
 settings:

config/sync/core.extension.yml

@@ -114,6 +114,7 @@ module:
   metatag_open_graph: 0
   moderation: 0
   node: 0
+  oe_authentication: 0
   oe_newsroom_newsletter: 0
   oe_webtools: 0
   oe_webtools_cookie_consent: 0

config/sync/oe_authentication.settings.yml

@@ -0,0 +1,8 @@
+protocol: eulogin
+register_path: eim/external/register.cgi
+validation_path: TicketValidationService
+assurance_level: TOP
+ticket_types: 'SERVICE,PROXY'
+_core:
+  default_config_hash: QqXrdnYD_oVmsY_aKMaDLRwxQfZ8eveMW5HTuTrXY7o
+force_2fa: true

resources/patch/oe_authentication_2fa_hf_for_1.5.patch

@@ -0,0 +1,44 @@
+diff --git a/src/Event/EuLoginEventSubscriber.php b/src/Event/EuLoginEventSubscriber.php
+index f17b018..115139d 100644
+--- a/src/Event/EuLoginEventSubscriber.php
++++ b/src/Event/EuLoginEventSubscriber.php
+@@ -5,6 +5,7 @@ declare(strict_types = 1);
+ namespace Drupal\oe_authentication\Event;
+
+ use Drupal\cas\Event\CasPostValidateEvent;
++use Drupal\cas\Event\CasPreRedirectEvent;
+ use Drupal\cas\Event\CasPreRegisterEvent;
+ use Drupal\cas\Event\CasPreValidateEvent;
+ use Drupal\cas\Service\CasHelper;
+@@ -71,11 +72,23 @@ class EuLoginEventSubscriber implements EventSubscriberInterface {
+       ['checkUserMailExists', 1000],
+       ['processUserProperties'],
+     ];
++    $events[CasHelper::EVENT_PRE_REDIRECT] = 'forceTwoFactorAuthentication';
+     $events[CasHelper::EVENT_POST_VALIDATE] = 'processCasAttributes';
+     $events[CasHelper::EVENT_PRE_VALIDATE] = 'alterValidationPath';
+     return $events;
+   }
+
++  /**
++   * Ensures that 2-factor authentication is forced if it is configured.
++   *
++   * @param \Drupal\cas\Event\CasPreRedirectEvent $event
++   *   The triggered event.
++   */
++  public function forceTwoFactorAuthentication(CasPreRedirectEvent $event): void {
++    $data = $event->getCasRedirectData();
++    $data->setParameter('acceptStrengths', 'PASSWORD_MOBILE_APP,PASSWORD_SOFTWARE_TOKEN,PASSWORD_SMS');
++  }
++
+   /**
+    * Checks user email exists previously.
+    *
+@@ -141,6 +154,7 @@ class EuLoginEventSubscriber implements EventSubscriberInterface {
+       'userDetails' => 'true',
+       'groups' => '*',
+     ];
++    $params['acceptStrengths'] = 'PASSWORD_MOBILE_APP,PASSWORD_SOFTWARE_TOKEN,PASSWORD_SMS';
+     $event->addParameters($params);
+   }
+

web/modules/custom/easme_helper/src/Plugin/Block/Eulogin2FABannerBlock.php

@@ -0,0 +1,58 @@
+<?php
+
+namespace Drupal\easme_helper\Plugin\Block;
+
+use Drupal\Core\Block\BlockBase;
+use Drupal\Core\Form\FormStateInterface;
+use Drupal\Core\Render\Markup;
+
+/**
+ * Provides an 2FA banner information block.
+ *
+ * @Block(
+ *   id = "eulogin_2fa_banner_block",
+ *   admin_label = @Translation("EULogin 2FA banner information block"),
+ *   category = @Translation("EULogin 2FA banner information block")
+ * )
+ */
+class Eulogin2FABannerBlock extends BlockBase {
+  /**
+   * {@inheritdoc}
+   */
+  public function build() {
+    $template = '
+ <div style="position: fixed;z-index: 1001;background-color: #004494;width: 100%;left: 0;right: 0;padding: 10px 15px 4px 31px;color: #FFD90E;box-sizing: border-box;line-height: 140%;box-shadow: 0 0 20px black;font-size: 0.8rem;" id="banner2FA" onclick="document.getElementById(\'block-eulogin2fabannerinformationblock\').style.visibility=\'hidden\';setCookie(\'banner2FA\');">
+<script>
+  function linkHandler(event) {
+    event.stopPropagation();
+  }
+function setCookie(cname) {
+    var d = new Date(); var days = 1; var cvalue = "1";
+    d.setTime(d.getTime() + (days*12*60*60*1000));
+    var expires = "expires="+d.toUTCString();
+    document.cookie = cname + "=" + cvalue + "; " + expires + "; path=/challenges";
+}
+  function getCookie(name) {
+    const value = `; ${document.cookie}`;
+    const parts = value.split(`; ${name}=`);
+    if (parts.length === 2) return parts.pop().split(";").shift();
+  }
+  if (getCookie("banner2FA")) {
+    document.getElementById("block-eulogin2fabannerinformationblock").style.visibility="hidden";
+  }
+</script>
+    <div>
+      <div>
+        <p><strong>Important upcoming Change.<br/> The EU login</strong> will require a <strong>2 factor authentication</strong> to access this platform from the 20th of December onward. Get ready and activate <b>now</b> the multi-factor authentication for your EU login account. For more details on how to proceed go to the <a onclick="linkHandler(event)" style="color:#FFF" href="https://webgate.ec.europa.eu/cas/manuals/EU_Login_Tutorial.pdf" target="_blank">User Guide</a> or the <a onclick="linkHandler(event)" style="color:#FFF" href="https://webgate.ec.europa.eu/cas/help.html" target="_blank">EU Login help page</a>. Should you require additional assistance you can contact the EU login team directly via the contact form. (Click here to close this message)</p>
+      </div>
+    </div>
+</div>';
+
+    return[
+      '#title' => '',
+      '#type' => 'inline_template',
+      '#template' => $template
+    ];
+  }
+
+}