diff --git a/src/Surfnet/StepupMiddlewareClient/Identity/Service/AuthorizationService.php b/src/Surfnet/StepupMiddlewareClient/Identity/Service/AuthorizationService.php index acb26ca..ce3d48e 100644 --- a/src/Surfnet/StepupMiddlewareClient/Identity/Service/AuthorizationService.php +++ b/src/Surfnet/StepupMiddlewareClient/Identity/Service/AuthorizationService.php @@ -61,6 +61,25 @@ public function assertRegistrationOfSelfAssertedTokensIsAllowed(Identity $identi return $response && array_key_exists('code', $response) && $response['code'] === 200; } + /** + * Is an identity allowed to self vet using a self-asserted token? + * + * One is allowed to do so when: + * - SAT is allowed for the institution of the identity + * - All the tokens of the identity are vetted using the SAT vetting type + * + * @throws AccessDeniedToResourceException When the consumer isn't authorised to access given resource. + * @throws ResourceReadException When the server doesn't respond with the resource. + * @throws MalformedResponseException When the server doesn't respond with (well-formed) JSON. + */ + public function assertSelfVettingOfSelfAssertedTokensIsAllowed(Identity $identity): bool + { + $response = $this->apiService->read( + sprintf('/authorization/may-self-vet-using-self-asserted-token/%s', $identity->id) + ); + return $response && array_key_exists('code', $response) && $response['code'] === 200; + } + /** * Is the Identity allowed to register a Recovery Token? * diff --git a/src/Surfnet/StepupMiddlewareClientBundle/Identity/Service/AuthorizationService.php b/src/Surfnet/StepupMiddlewareClientBundle/Identity/Service/AuthorizationService.php index 5c294fa..0372e5d 100644 --- a/src/Surfnet/StepupMiddlewareClientBundle/Identity/Service/AuthorizationService.php +++ b/src/Surfnet/StepupMiddlewareClientBundle/Identity/Service/AuthorizationService.php @@ -34,6 +34,11 @@ public function assertRegistrationOfSelfAssertedTokensIsAllowed(Identity $identi return $this->authorizationService->assertRegistrationOfSelfAssertedTokensIsAllowed($identity); } + public function assertSelfVettingOfSelfAssertedTokensIsAllowed(Identity $identity): bool + { + return $this->authorizationService->assertSelfVettingOfSelfAssertedTokensIsAllowed($identity); + } + public function assertRegistrationOfRecoveryTokensIsAllowed(Identity $identity): bool { return $this->authorizationService->assertRegistrationOfRecoveryTokensAreAllowed($identity); diff --git a/src/Surfnet/StepupMiddlewareClientBundle/Tests/Identity/Service/AuthorizationServiceTest.php b/src/Surfnet/StepupMiddlewareClientBundle/Tests/Identity/Service/AuthorizationServiceTest.php index a4f9950..f782c14 100644 --- a/src/Surfnet/StepupMiddlewareClientBundle/Tests/Identity/Service/AuthorizationServiceTest.php +++ b/src/Surfnet/StepupMiddlewareClientBundle/Tests/Identity/Service/AuthorizationServiceTest.php @@ -67,6 +67,30 @@ public function test_self_asserted_tokens_authorization_can_be_performed_negativ $this->assertFalse($this->service->assertRegistrationOfRecoveryTokensIsAllowed($identity)); } + public function test_self_vetting_of_tokens_authorization_can_be_performed_positive_outcome(): void + { + $identity = new Identity(); + $identity->id = 'ff17c086-ebae-11ec-8ea0-0242ac120002'; + $identity->commonName = 'Evangelos Odysseas Papathanassiou'; + $this->apiService + ->shouldReceive('assertSelfVettingOfSelfAssertedTokensIsAllowed') + ->with($identity) + ->andReturnTrue(); + $this->assertTrue($this->service->assertSelfVettingOfSelfAssertedTokensIsAllowed($identity)); + } + + public function test_self_vetting_of_token_authorization_can_be_performed_negative_outcome(): void + { + $identity = new Identity(); + $identity->id = 'ff17c086-ebae-11ec-8ea0-0242ac120002'; + $identity->commonName = 'Evangelos Odysseas Papathanassiou'; + $this->apiService + ->shouldReceive('assertSelfVettingOfSelfAssertedTokensIsAllowed') + ->with($identity) + ->andReturnFalse(); + $this->assertFalse($this->service->assertSelfVettingOfSelfAssertedTokensIsAllowed($identity)); + } + public function test_recovery_token_authorization_can_be_performed_positive_outcome(): void { $identity = new Identity();