Tests for EB flow

client/src/api/index.js

@@ -100,7 +100,7 @@ export function authorizationUrl(state) {
 }
 
 export function me(config) {
-    if (config.local && 1 == 1) {
+    if (config.local && 1 != 1) {
         let sub = "urn:service_admin";
         sub = "urn:john";
         //sub = "urn:paul";

client/src/pages/Interrupt.jsx

@@ -17,8 +17,6 @@ export default function Interrupt({config, history}) {
         saveContinueURL(config, continueUrl);
         const errorStatus = parseInt( urlSearchParams.get("error_status"), 10);
         // The user is already logged in, so mfa and aup are taken care of
-        debugger; // eslint-disable-line no-debugger
-
         switch (errorStatus) {
             case 97:
                history.push(`/delay${window.location.search}`);

client/src/pages/SecondFactorAuthentication.jsx

@@ -14,7 +14,6 @@ import {Toaster, ToasterType} from "@surfnet/sds";
 import FeedbackDialog from "../components/Feedback";
 import {ReactComponent as ResetTokenIcon} from "../icons/reset-token.svg";
 import {redirectToProxyLocation} from "../utils/ProxyAuthz";
-import {getParameterByName} from "../utils/QueryParameters";
 
 const TOTP_ATTRIBUTE_NAME = "totp";
 const NEW_TOTP_ATTRIBUTE_NAME = "newTotp";
@@ -49,9 +48,6 @@ class SecondFactorAuthentication extends React.Component {
     }
 
     componentDidMount() {
-        const state = getParameterByName("state", window.location.search);
-        debugger; // eslint-disable-line no-debugger
-        console.log(state);
         const {user, update} = this.props;
         if (user.rate_limited) {
             this.setState({rate_limited: true, loading: false});
@@ -223,7 +219,6 @@ class SecondFactorAuthentication extends React.Component {
         } else {
             verify2fa(totp.join("")).then(r => {
                 this.props.refreshUser(user => { // eslint-disable-line no-unused-vars
-                    debugger; // eslint-disable-line no-debugger
                     redirectToProxyLocation(r.location, this.props.history, config);
                 });
             }).catch(e => {

server/api/mock_user.py

@@ -80,5 +80,5 @@ def eb_interrupt_data():
 def eb_stop_interrupt_flow():
     if not os.environ.get("ALLOW_MOCK_USER_API", None):
         raise Forbidden()
-    session["eb_interrupt_flow"] = None
-    return {}, 200
+    session.clear()
+    return {}, 204

server/requirements/base.txt

@@ -20,16 +20,16 @@ websockets==14.1
 redis==5.2.1
 pyotp==2.9.0
 qrcode==8.0
-Pillow==11.0.0
+Pillow==11.1.0
 PyJWT==2.10.1
 Authlib==1.4.0
 passlib==1.7.4
 werkzeug==3.1.3
 Flask-Executor==1.0.0
-Flask-SocketIO==5.5.0
+Flask-SocketIO==5.4.1
 Flask-Cors==5.0.0
 dnspython==2.7.0
-signxml==4.0.2
+signxml==4.0.3
 bcrypt==4.2.1
 
 git+https://github.com/SURFscz/flasgger@surf/main#egg=flasgger

server/test/api/test_mock_user.py

@@ -54,3 +54,14 @@ def test_eb_interrupt_data(self):
         verified_data = XMLVerifier().verify(doc, x509_cert=cert).signed_xml
         user_uid = verified_data.attrib.get("user_id")
         self.assertEqual("urn:sarah", user_uid)
+
+    @allow_for_mock_user_api
+    def test_eb_stop_interrupt_flow(self):
+        self.login()
+        self.delete("/api/mock/stop_interrupt_flow", with_basic_auth=False)
+        user = self.client.get("/api/users/me").json
+        self.assertEqual(user["guest"], True)
+
+    def test_eb_stop_interrupt_flow_forbidden(self):
+        self.login()
+        self.delete("/api/mock/stop_interrupt_flow", with_basic_auth=False, response_status_code=403)

server/test/api/test_user_saml.py

@@ -375,11 +375,6 @@ def test_interrupt_eb_cert_url(self):
             signed_root_str = etree.tostring(signed_root)
             b64encoded_signed_root = base64.b64encode(signed_root_str)
             url = self.app.app_config.engine_block.public_key_url
-            # responses.add(responses.GET,
-            #               url,
-            #               body=cert,
-            #               status=200,
-            #               content_type="application/x-pem-file")
             responses.add(responses.GET, url, body=public_key, status=200, content_type="application/x-pem-file")
             with requests.Session():
                 self.client.post(f"/api/users/interrupt?error_status={UserCode.SECOND_FA_REQUIRED.value}",