Skip to content

Commit

Permalink
addressing comments
Browse files Browse the repository at this point in the history
  • Loading branch information
dmekala-va committed Oct 11, 2024
1 parent aae852d commit d4a0e03
Show file tree
Hide file tree
Showing 8 changed files with 39 additions and 14 deletions.
3 changes: 2 additions & 1 deletion dev-config.base.json
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@
"spIdpSsoBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
"idpSamlLoginsEnabled": true,
"logStyleElementsEnabled": true,
"idpSamlLogins":
"fraudBlockEnabled": true,
"idpSamlLogins":
[
{
"category": "example2SamlIdp",
Expand Down
6 changes: 3 additions & 3 deletions src/MpiUserClient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,20 @@ import axios from "axios";
export class MpiUserClient {
mpiUserEndpoint: string;
headers: object;
fraudIdTheft: boolean;
fraudBlockEnabled: boolean;

constructor(
apiKey: string,
mpiUserEndpoint: string,
accessKey: string,
fraudIdTheft: boolean
fraudBlockEnabled: boolean
) {
this.mpiUserEndpoint = mpiUserEndpoint;
this.headers = {
apiKey: apiKey,
accesskey: accessKey,
};
this.fraudIdTheft = fraudIdTheft;
this.fraudBlockEnabled = fraudBlockEnabled;
}

public async getMpiTraitsForLoa3User(
Expand Down
2 changes: 1 addition & 1 deletion src/MpiUserClientConfig.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@ export default class MpiUserClientConfig {
this.mpiUserEndpoint = argv.mpiUserEndpoint;
this.accessKey = argv.accessKey;
this.apiKey = argv.vetsAPIToken;
this.fraudIdTheft = argv.fraudBlockEnabled || false;
this.fraudBlockEnabled = argv.fraudBlockEnabled || false;
}
}
2 changes: 1 addition & 1 deletion src/app.js
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ function runServer(argv) {
mpiUserClientConfig.apiKey,
mpiUserClientConfig.mpiUserEndpoint,
mpiUserClientConfig.accessKey,
mpiUserClientConfig.fraudIdTheft
mpiUserClientConfig.fraudBlockEnabled
);
const vsoClient = new VsoClient(
vsoConfig.token,
Expand Down
2 changes: 1 addition & 1 deletion src/cli/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ export function processArgs() {
"Enable or disable blocking logins based on the fraud identity indicator",
required: false,
boolean: true,
default: true,
default: false,
},
idpKey: {
description: "IdP Signature PrivateKey Certificate",
Expand Down
36 changes: 30 additions & 6 deletions src/routes/acsHandlers.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -212,8 +212,6 @@ describe("scrubUserClaims", () => {
});
});



describe("loadICN", () => {
beforeEach(() => {
// @ts-ignore
Expand All @@ -222,11 +220,11 @@ describe("loadICN", () => {
vsoClient.getVSOSearch.mockReset();
});

it("should block login when fraudIdTheft is true and idTheftIndicator is true", async () => {
it("should block login when fraudBlockEnabled is true and idTheftIndicator is true", async () => {
const nextFn = jest.fn();
const renderMock = jest.fn();
const req: any = {
mpiUserClient: { ...mpiUserClient, fraudIdTheft: true },
mpiUserClient: { ...mpiUserClient, fraudBlockEnabled: true },
vsoClient: vsoClient,
user: {
claims: { ...claimsWithICN },
Expand All @@ -250,11 +248,11 @@ describe("loadICN", () => {
expect(nextFn).not.toHaveBeenCalled();
});

it("should not block login when fraudIdTheft is true and idTheftIndicator is false", async () => {
it("should not block login when fraudBlockEnabled is true and idTheftIndicator is false", async () => {
const nextFn = jest.fn();
const renderMock = jest.fn();
const req: any = {
mpiUserClient: { ...mpiUserClient, fraudIdTheft: true },
mpiUserClient: { ...mpiUserClient, fraudBlockEnabled: true },
vsoClient: vsoClient,
user: {
claims: { ...claimsWithICN },
Expand All @@ -276,6 +274,32 @@ describe("loadICN", () => {
expect(req.user.claims.icn).toEqual("anICN");
});

it("should not block login when fraudBlockEnabled is false and idTheftIndicator is true", async () => {
const nextFn = jest.fn();
const renderMock = jest.fn();
const req: any = {
mpiUserClient: { ...mpiUserClient, fraudBlockEnabled: false },
vsoClient: vsoClient,
user: {
claims: { ...claimsWithICN },
},
};

req.mpiUserClient.getMpiTraitsForLoa3User.mockResolvedValueOnce({
icn: "anICN",
first_name: "Edward",
last_name: "Paget",
idTheftIndicator: true,
});

const response: any = { render: renderMock };
await handlers.loadICN(req, response, nextFn);

expect(renderMock).not.toHaveBeenCalled();
expect(nextFn).toHaveBeenCalled();
expect(req.user.claims.icn).toEqual("anICN");
});

it("should call getMVITraits... calls when ICN Exists", async () => {
const nextFn = jest.fn();
const req: any = {
Expand Down
2 changes: 1 addition & 1 deletion src/routes/acsHandlers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ export const loadICN = async (
result: "success",
});

if (req.mpiUserClient.fraudIdTheft && idTheftIndicator) {
if (req.mpiUserClient.fraudBlockEnabled && idTheftIndicator) {
logger.warn("Fradulent identity detected, blocking login.");
return res.render("layout", {
body: "sensitive_error",
Expand Down
Empty file added src/rsa.json
Empty file.

0 comments on commit d4a0e03

Please sign in to comment.