search

OpenConext / Stepup-RA

Stepup Registration Authority
Apache License 2.0
2 stars 2 forks source link

PHP 7.4 & v4.1.2: vetting is broken #246

Closed tvdijen closed 3 years ago

tvdijen commented 3 years ago

As soon as the RA enters the activation code, the following error occurs:

Jan 31 23:34:40 webapp-10 STEPUP-RA[231503]: {"channel":"app","level":"NOTICE","message":"Vetting Procedure Search started","context":[],"extra":{"server":"ra.stepup.moo-archive.nl","application":"registration-authority","request_id":"83900e2122920702e3ac3a74aabac80d"}}
Jan 31 23:34:40 webapp-10 STEPUP-RA[231503]: {"channel":"request","level":"CRITICAL","message":"Uncaught PHP Exception TypeError: \"Argument 2 passed to Surfnet\\StepupBundle\\Service\\SecondFactorTypeService::isSatisfiedBy() must be an instance of Surfnet\\StepupBundle\\Value\\Loa, null given, called in /apps/installation/Stepup-ra/Stepup-RA-4.1.2/src/Surfnet/StepupRa/RaBundle/Service/VettingService.php on line 145\" at /apps/installation/Stepup-ra/Stepup-RA-4.1.2/vendor/surfnet/stepup-bundle/src/Service/SecondFactorTypeService.php line 85","context":{"exception":{"class":"Symfony\\Component\\Debug\\Exception\\FatalThrowableError","message":"Argument 2 passed to Surfnet\\StepupBundle\\Service\\SecondFactorTypeService::isSatisfiedBy() must be an instance of Surfnet\\StepupBundle\\Value\\Loa, null given, called in /apps/installation/Stepup-ra/Stepup-RA-4.1.2/src/Surfnet/StepupRa/RaBundle/Service/VettingService.php on line 145","code":0,"file":"/apps/installation/Stepup-ra/Stepup-RA-4.1.2/vendor/surfnet/stepup-bundle/src/Service/SecondFactorTypeService.php:85"}},"extra":{"art":"11451","server":"ra.stepup.moo-archive.nl","application":"registration-authority","request_id":"83900e2122920702e3ac3a74aabac80d"}}
phavekes commented 3 years ago

Thank you for reporting this. Could you test if this error also occurs when using PHP7.2?

tvdijen commented 3 years ago

I just did, and it doesn't...

phavekes commented 3 years ago

Since version 4.0.0 php 7.2 is the supported version. The other components are also only tested on php 7.2.

We'll keep this issue open

tvdijen commented 3 years ago

That's unfortunate, because it all used to work fine on the 3.x branch & PHP 7.4.. It would be a pitty if an upgrade of this module (all the others seem to be working just fine) would mean I have to downgrade PHP.

phavekes commented 3 years ago

@tvdijen Could you see if https://github.com/OpenConext/Stepup-RA/pull/249 fixes your issue?

tvdijen commented 3 years ago

Well, it prints a message instead of throwing an exception so that's better... Still doesn't allow me to start the vetting procedure though.

From config: loa_required_for_login: 'urn:rsa:names:tc:SAML:2.0:ac:classes:FIDO' stepup_loa_loa3: 'urn:rsa:names:tc:SAML:2.0:ac:classes:FIDO'

I've verified that the AuthnContextClassRef is present in the AuthnResponse and matches the above. I'm logged in as SRAA.

tvdijen commented 3 years ago

I've spent some more time trying to debug this, but my lack of experience with Symfony makes it difficult.. I was able to exclude the LOA's serialize/unserialize methods as possible causes.. What I can tell is that the Loa-property is simply not set on the container, but I'm not sure how/when/where it's supposed to be set, so I'm kinda stuck.. I've also tried a composer update to make sure it's not a bug that has already been fixed upstream.

tvdijen commented 3 years ago

Any follow-up after three months please? This is becoming a deal-breaker for me..