From 4835e37c2cdcef74c50da17397b12b33bc5c6836 Mon Sep 17 00:00:00 2001
From: Okke Harsta <oharsta@zilverline.com>
Date: Fri, 3 Jan 2025 11:03:20 +0100
Subject: [PATCH] Tests for EB flow

---
 client/src/api/index.js                         |  2 +-
 client/src/pages/Interrupt.jsx                  |  2 --
 client/src/pages/SecondFactorAuthentication.jsx |  5 -----
 server/api/mock_user.py                         |  4 ++--
 server/requirements/base.txt                    |  6 +++---
 server/test/api/test_mock_user.py               | 11 +++++++++++
 server/test/api/test_user_saml.py               |  5 -----
 7 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/client/src/api/index.js b/client/src/api/index.js
index 01caa553c..344d7fcd5 100644
--- a/client/src/api/index.js
+++ b/client/src/api/index.js
@@ -100,7 +100,7 @@ export function authorizationUrl(state) {
 }
 
 export function me(config) {
-    if (config.local && 1 == 1) {
+    if (config.local && 1 != 1) {
         let sub = "urn:service_admin";
         sub = "urn:john";
         //sub = "urn:paul";
diff --git a/client/src/pages/Interrupt.jsx b/client/src/pages/Interrupt.jsx
index 519275f44..e240b8616 100644
--- a/client/src/pages/Interrupt.jsx
+++ b/client/src/pages/Interrupt.jsx
@@ -17,8 +17,6 @@ export default function Interrupt({config, history}) {
         saveContinueURL(config, continueUrl);
         const errorStatus = parseInt( urlSearchParams.get("error_status"), 10);
         // The user is already logged in, so mfa and aup are taken care of
-        debugger; // eslint-disable-line no-debugger
-
         switch (errorStatus) {
             case 97:
                history.push(`/delay${window.location.search}`);
diff --git a/client/src/pages/SecondFactorAuthentication.jsx b/client/src/pages/SecondFactorAuthentication.jsx
index 6d5a1d8ec..24cc8707b 100644
--- a/client/src/pages/SecondFactorAuthentication.jsx
+++ b/client/src/pages/SecondFactorAuthentication.jsx
@@ -14,7 +14,6 @@ import {Toaster, ToasterType} from "@surfnet/sds";
 import FeedbackDialog from "../components/Feedback";
 import {ReactComponent as ResetTokenIcon} from "../icons/reset-token.svg";
 import {redirectToProxyLocation} from "../utils/ProxyAuthz";
-import {getParameterByName} from "../utils/QueryParameters";
 
 const TOTP_ATTRIBUTE_NAME = "totp";
 const NEW_TOTP_ATTRIBUTE_NAME = "newTotp";
@@ -49,9 +48,6 @@ class SecondFactorAuthentication extends React.Component {
     }
 
     componentDidMount() {
-        const state = getParameterByName("state", window.location.search);
-        debugger; // eslint-disable-line no-debugger
-        console.log(state);
         const {user, update} = this.props;
         if (user.rate_limited) {
             this.setState({rate_limited: true, loading: false});
@@ -223,7 +219,6 @@ class SecondFactorAuthentication extends React.Component {
         } else {
             verify2fa(totp.join("")).then(r => {
                 this.props.refreshUser(user => { // eslint-disable-line no-unused-vars
-                    debugger; // eslint-disable-line no-debugger
                     redirectToProxyLocation(r.location, this.props.history, config);
                 });
             }).catch(e => {
diff --git a/server/api/mock_user.py b/server/api/mock_user.py
index 7c047103e..47903ced4 100644
--- a/server/api/mock_user.py
+++ b/server/api/mock_user.py
@@ -80,5 +80,5 @@ def eb_interrupt_data():
 def eb_stop_interrupt_flow():
     if not os.environ.get("ALLOW_MOCK_USER_API", None):
         raise Forbidden()
-    session["eb_interrupt_flow"] = None
-    return {}, 200
+    session.clear()
+    return {}, 204
diff --git a/server/requirements/base.txt b/server/requirements/base.txt
index 410e3759e..20de7aefb 100644
--- a/server/requirements/base.txt
+++ b/server/requirements/base.txt
@@ -20,16 +20,16 @@ websockets==14.1
 redis==5.2.1
 pyotp==2.9.0
 qrcode==8.0
-Pillow==11.0.0
+Pillow==11.1.0
 PyJWT==2.10.1
 Authlib==1.4.0
 passlib==1.7.4
 werkzeug==3.1.3
 Flask-Executor==1.0.0
-Flask-SocketIO==5.5.0
+Flask-SocketIO==5.4.1
 Flask-Cors==5.0.0
 dnspython==2.7.0
-signxml==4.0.2
+signxml==4.0.3
 bcrypt==4.2.1
 
 git+https://github.com/SURFscz/flasgger@surf/main#egg=flasgger
diff --git a/server/test/api/test_mock_user.py b/server/test/api/test_mock_user.py
index 5e32874df..5bec5fa75 100644
--- a/server/test/api/test_mock_user.py
+++ b/server/test/api/test_mock_user.py
@@ -54,3 +54,14 @@ def test_eb_interrupt_data(self):
         verified_data = XMLVerifier().verify(doc, x509_cert=cert).signed_xml
         user_uid = verified_data.attrib.get("user_id")
         self.assertEqual("urn:sarah", user_uid)
+
+    @allow_for_mock_user_api
+    def test_eb_stop_interrupt_flow(self):
+        self.login()
+        self.delete("/api/mock/stop_interrupt_flow", with_basic_auth=False)
+        user = self.client.get("/api/users/me").json
+        self.assertEqual(user["guest"], True)
+
+    def test_eb_stop_interrupt_flow_forbidden(self):
+        self.login()
+        self.delete("/api/mock/stop_interrupt_flow", with_basic_auth=False, response_status_code=403)
diff --git a/server/test/api/test_user_saml.py b/server/test/api/test_user_saml.py
index 4520f9551..8c9d2f2ec 100644
--- a/server/test/api/test_user_saml.py
+++ b/server/test/api/test_user_saml.py
@@ -375,11 +375,6 @@ def test_interrupt_eb_cert_url(self):
             signed_root_str = etree.tostring(signed_root)
             b64encoded_signed_root = base64.b64encode(signed_root_str)
             url = self.app.app_config.engine_block.public_key_url
-            # responses.add(responses.GET,
-            #               url,
-            #               body=cert,
-            #               status=200,
-            #               content_type="application/x-pem-file")
             responses.add(responses.GET, url, body=public_key, status=200, content_type="application/x-pem-file")
             with requests.Session():
                 self.client.post(f"/api/users/interrupt?error_status={UserCode.SECOND_FA_REQUIRED.value}",