next release

.coveragerc

@@ -0,0 +1,7 @@
+[run]
+branch = true
+omit = */tests/*,*/wsgi.py, fabfile.py, /usr/local/*, ./setup.py
+source = .
+
+[report]
+show_missing = true

.github/workflows/python-app.yml

@@ -48,7 +48,7 @@ jobs:
         if [ -f requirements-customizations.txt ]; then pip install -r requirements-customizations.txt; fi
         python -m pip install -U setuptools
         python -m pip install -e .
-        python -m pip install "Pillow>=10.0.0,<10.1" "device_detector>=5.0,<6" "satosa>=8.4,<8.6" "jinja2>=3.0,<4" "pymongo>=4.4.1,<4.5"
+        python -m pip install "Pillow>=10.0.0,<10.1" "device_detector>=5.0,<6" "satosa>=8.4,<8.6" "jinja2>=3.0,<4" "pymongo>=4.4.1,<4.5" aiohttp
         python -m pip install git+https://github.com/danielfett/sd-jwt.git
 
     - name: Lint with flake8
@@ -59,7 +59,27 @@ jobs:
         flake8 pyeudiw --count --exit-zero --statistics  --max-line-length 160
     - name: Tests
       run: |
-        pytest --cov=pyeudiw -v --cov-report term --cov-fail-under=80 pyeudiw/tests/
+        pytest --cov=pyeudiw --cov-fail-under=80
+        coverage report -m --skip-covered
     - name: Bandit Security Scan
       run: |
         bandit -r -x pyeudiw/tests* pyeudiw/*
+    - name: Lint with html linter
+      run: |
+        echo -e '\nHTML:'
+        readarray -d '' array < <(find $SRC example -name "*.html" -print0)
+        echo "Running linter on (${#array[@]}): "
+        printf '\t- %s\n' "${array[@]}"
+        echo "Linter output:"
+
+        for file in "${array[@]}"
+        do
+          echo -e "\n$file:"
+          html_lint.py "$file" | awk -v path="file://$PWD/$file:" '$0=path$0' | sed -e 's/: /:\n\t/';
+        done
+
+        for file in "${array[@]}"
+        do
+          errors=$(html_lint.py "$file" | grep -c 'Error')
+          if [ "$errors" -gt 0 ]; then exit 1; fi;
+        done

.gitignore

@@ -161,6 +161,7 @@ cython_debug/
 .idea/
 
 env
+**/.DS_Store
 
 */wordpress-plugin
 */wordpress-theme

README.md

@@ -21,8 +21,8 @@ The toolchain contains the following components:
 | __jwt__ | Signed and encrypted JSON Web Token (JWT) according to [RFC7519](https://datatracker.ietf.org/doc/html/rfc7519), [RFC7515](https://datatracker.ietf.org/doc/html/rfc7515) and [RFC7516](https://datatracker.ietf.org/doc/html/rfc7516) | 
 | __tools.qrcode__ | QRCodes creation | 
 | __oauth2.dpop__ | Tools for issuing and parsing DPoP artifacts, according to [OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop) |
-| __openid4vp.federation__ | OpenID Connect Federation Wallet Relying Party Entities and Trust Mechanisms |
-| __satosa.openid4vp.backend__ | SATOSA OpenID4VP Relying Party backend |
+| __openid4vp.federation__ | Trust evaluation mechanisms, according to [OpenID Connect Federation 1.0](https://openid.net/specs/openid-connect-federation-1_0.html) |
+| __satosa.openid4vp.backend__ | SATOSA Relying Party backend, according to [OpenID for Verifiable Presentations](https://openid.bitbucket.io/connect/openid-4-verifiable-presentations-1_0.html) |
 
 
 ## Setup

example/README.md

@@ -43,4 +43,28 @@ After following these steps, your WordPress instance should be up and running wi
 2. Under [plugins](http://localhost:8080/wp-admin/plugins.php), activate the plugin OneLogin SAML SSO.
 3. Configure the plugin OneLogin SAML SSO in the [settings tab](http://localhost:8080/wp-admin/options-general.php?page=onelogin_saml_configuration).
 
-To configure a generic SAML connection, you will need to enter appropriate values in OneLogin SAML SSO plugin settings. These include Identity Provider URL, Assertion Consumer Service URL, Single Logout Service URL, and other parameters specific to your SAML configuration.
+To configure your test environment with the IAM Proxy instance, you'll need to undertake a configuration phase on the OneLogin plugin settings page. The required proxy service configuration metadata is obtainable from https://demo-it-wallet.westeurope.cloudapp.azure.com/Saml2IDP/metadata. 
+
+Specifically, you should modify the following fields:
+
+- **IdP Entity Id**: Enter the entityID of the IAMProxy, which can be located within the metadata.
+- **Single Sign-On Service Url**: Input the Location of the SingleSignOnService you desire to connect with, as specified in the metadata file.
+- **X.509 Certificate**: Include the X.509 Certificate associated with the IAMProxy, found within the metadata.
+- **Create user if not exists**: Set this to `true`.
+- **Update user data**: Set this to `true`.
+- **Attribute Mapping - Username**: Set this to `fiscalNumber`.
+- **Attribute Mapping - E-mail**: Set this to `urn:oid:1.2.840.113549.1.9.1.1`.
+- **Attribute Mapping - First Name**: Set this to `Name`.
+- **Attribute Mapping - Last Name**: Set this to `familyName`.
+- **Service Provider Entity Id**: Enter the URL of your SP metadata as the entityID. For example: http://\<wordpress-domain\>/wp-login.php?saml_metadata
+- **Encrypt nameID**: Set this to `true`.
+- **Sign AuthnRequest**: Set this to `true`.
+- **Reject Unsigned Assertions**: Set this to `true`.
+- **NameIDFormat**: Set this to `urn:oasis:names:tc:SAML:2.0:attrname-format:uri`.
+- **requestedAuthnContext**: Set this to `urn:oasis:names:tc:SAML:2.0:ac:classes:X509`.
+- **Service Provider X.509 Certificate**: Insert your SP's X.509 certificate here.
+- **Service Provider Private Key**: Input the private key of your SP.
+- **Signature Algorithm**: Set this to `rsa-sha256`.
+- **Digest Algorithm**: Set this to `sha256`.
+
+After you've filled all the fields, save your settings and download the SP metadata for configuration on the IAM Proxy.

example/docker-compose.yml

@@ -49,6 +49,10 @@ services:
     volumes:
       - ./wordpress-plugin/onelogin-saml-sso/:/var/www/html/wp-content/plugins/onelogin-saml-sso/
       - ./wordpress-theme/italiawp2/:/var/www/html/wp-content/themes/italiawp2/
+      - ./onelogin_custom_settings/functions.php:/var/www/html/wp-content/plugins/onelogin-saml-sso/php/functions.php
+      - ./onelogin_custom_settings/configuration.php:/var/www/html/wp-content/plugins/onelogin-saml-sso/php/configuration.php
+      - ./onelogin_custom_settings/settings.php:/var/www/html/wp-content/plugins/onelogin-saml-sso/php/settings.php
+      - ./italiaWP2_custom_settings/header.php:/var/www/html/wp-content/themes/italiawp2/header.php
     networks:
       - wordpress-network
 

example/italiaWP2_custom_settings/header.php

@@ -0,0 +1,60 @@
+<!doctype html>
+<html <?php language_attributes(); ?>>
+<head>
+    <meta http-equiv="X-UA-Compatible" content="IE=edge; <?php bloginfo('html_type') ?>; charset=<?php bloginfo('charset') ?>" />
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    <?php if(get_option('custom-meta-keywords')!=""): ?>
+    <meta name="keywords" content="<?php echo get_option('custom-meta-keywords'); ?>">
+    <?php endif; ?>
+
+    <?php if(get_option('custom-meta-description')!=""): ?>
+    <meta name="description" content="<?php echo get_option('custom-meta-description'); ?>">
+    <?php else: ?>
+    <meta name="description" content="<?php echo get_bloginfo('description'); ?>">
+    <?php endif; ?>
+
+    <?php wp_head(); ?>
+</head>
+
+<body class="t-Pac">
+
+<?php get_template_part('template-parts/section-cookies'); ?>
+
+<div class="body_wrapper push_container clearfix" id="page_top">
+    <div class="skiplink sr-only">
+        <ul>
+            <li>
+                <a accesskey="2" href="#main_container"><?php echo __('Go to content','italiawp2'); ?></a>
+            </li>
+            <li>
+                <a accesskey="3" href="#menup"><?php echo __('Go to the navigation menu','italiawp2'); ?></a>
+            </li>
+            <li><a accesskey="4" href="#footer"><?php echo __('Go to the footer','italiawp2'); ?></a></li>
+        </ul>
+    </div>
+
+    <header id="mainheader" class="u-background-50">
+    <?php get_template_part('menu'); ?>
+    </header>
+
+    <main id="main_container">
+
+    <?php if (is_user_logged_in()):
+        $user = wp_get_current_user();
+        $spidRole_value = get_user_meta($user->ID, 'spidRole', true);
+    ?>
+    <div class="site-content" style="border: 1px solid black; padding: 1em;">
+            <h2>Benvenuto <span style="color: blue;"><?php echo $user->first_name.' '.$user->last_name; ?></span></h2>
+            <p>Di seguito potrai trovare le tue informazioni principali:</p>
+            <ul>
+                <li><strong>Nome:</strong> <?php echo $user->first_name; ?></li>
+                <li><strong>Cognome:</strong> <?php echo $user->last_name; ?></li>
+                <li><strong>Codice fiscale:</strong> <?php echo $user->nickname; ?></li>
+                <li><strong>Email:</strong> <?php echo $user->user_email; ?></li>
+                <li><strong>Spid level:</strong> <?php echo $spidRole_value; ?></li>
+            </ul>
+        </div>
+    <?php endif; ?>
+
+    <?php if(!is_attachment()) italiawp2_create_breadcrumbs(); ?>