diff --git a/dev-config.base.json b/dev-config.base.json index 60692467..4c2b80aa 100644 --- a/dev-config.base.json +++ b/dev-config.base.json @@ -29,7 +29,8 @@ "spIdpSsoBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", "idpSamlLoginsEnabled": true, "logStyleElementsEnabled": true, - "idpSamlLogins": + "fraudBlockEnabled": true, + "idpSamlLogins": [ { "category": "example2SamlIdp", diff --git a/src/MpiUserClient.ts b/src/MpiUserClient.ts index 3eff32b0..c96be8c6 100644 --- a/src/MpiUserClient.ts +++ b/src/MpiUserClient.ts @@ -4,20 +4,20 @@ import axios from "axios"; export class MpiUserClient { mpiUserEndpoint: string; headers: object; - fraudIdTheft: boolean; + fraudBlockEnabled: boolean; constructor( apiKey: string, mpiUserEndpoint: string, accessKey: string, - fraudIdTheft: boolean + fraudBlockEnabled: boolean ) { this.mpiUserEndpoint = mpiUserEndpoint; this.headers = { apiKey: apiKey, accesskey: accessKey, }; - this.fraudIdTheft = fraudIdTheft; + this.fraudBlockEnabled = fraudBlockEnabled; } public async getMpiTraitsForLoa3User( diff --git a/src/MpiUserClientConfig.js b/src/MpiUserClientConfig.js index 3d099293..50c57198 100644 --- a/src/MpiUserClientConfig.js +++ b/src/MpiUserClientConfig.js @@ -3,6 +3,6 @@ export default class MpiUserClientConfig { this.mpiUserEndpoint = argv.mpiUserEndpoint; this.accessKey = argv.accessKey; this.apiKey = argv.vetsAPIToken; - this.fraudIdTheft = argv.fraudBlockEnabled || false; + this.fraudBlockEnabled = argv.fraudBlockEnabled || false; } } diff --git a/src/app.js b/src/app.js index dfe022ca..fe0223f0 100644 --- a/src/app.js +++ b/src/app.js @@ -102,7 +102,7 @@ function runServer(argv) { mpiUserClientConfig.apiKey, mpiUserClientConfig.mpiUserEndpoint, mpiUserClientConfig.accessKey, - mpiUserClientConfig.fraudIdTheft + mpiUserClientConfig.fraudBlockEnabled ); const vsoClient = new VsoClient( vsoConfig.token, diff --git a/src/cli/index.js b/src/cli/index.js index 146076ac..a18ba0ca 100644 --- a/src/cli/index.js +++ b/src/cli/index.js @@ -46,7 +46,7 @@ export function processArgs() { "Enable or disable blocking logins based on the fraud identity indicator", required: false, boolean: true, - default: true, + default: false, }, idpKey: { description: "IdP Signature PrivateKey Certificate", diff --git a/src/routes/acsHandlers.test.ts b/src/routes/acsHandlers.test.ts index d3bcb122..097be238 100644 --- a/src/routes/acsHandlers.test.ts +++ b/src/routes/acsHandlers.test.ts @@ -212,8 +212,6 @@ describe("scrubUserClaims", () => { }); }); - - describe("loadICN", () => { beforeEach(() => { // @ts-ignore @@ -222,11 +220,11 @@ describe("loadICN", () => { vsoClient.getVSOSearch.mockReset(); }); - it("should block login when fraudIdTheft is true and idTheftIndicator is true", async () => { + it("should block login when fraudBlockEnabled is true and idTheftIndicator is true", async () => { const nextFn = jest.fn(); const renderMock = jest.fn(); const req: any = { - mpiUserClient: { ...mpiUserClient, fraudIdTheft: true }, + mpiUserClient: { ...mpiUserClient, fraudBlockEnabled: true }, vsoClient: vsoClient, user: { claims: { ...claimsWithICN }, @@ -250,11 +248,11 @@ describe("loadICN", () => { expect(nextFn).not.toHaveBeenCalled(); }); - it("should not block login when fraudIdTheft is true and idTheftIndicator is false", async () => { + it("should not block login when fraudBlockEnabled is true and idTheftIndicator is false", async () => { const nextFn = jest.fn(); const renderMock = jest.fn(); const req: any = { - mpiUserClient: { ...mpiUserClient, fraudIdTheft: true }, + mpiUserClient: { ...mpiUserClient, fraudBlockEnabled: true }, vsoClient: vsoClient, user: { claims: { ...claimsWithICN }, @@ -276,6 +274,32 @@ describe("loadICN", () => { expect(req.user.claims.icn).toEqual("anICN"); }); + it("should not block login when fraudBlockEnabled is false and idTheftIndicator is true", async () => { + const nextFn = jest.fn(); + const renderMock = jest.fn(); + const req: any = { + mpiUserClient: { ...mpiUserClient, fraudBlockEnabled: false }, + vsoClient: vsoClient, + user: { + claims: { ...claimsWithICN }, + }, + }; + + req.mpiUserClient.getMpiTraitsForLoa3User.mockResolvedValueOnce({ + icn: "anICN", + first_name: "Edward", + last_name: "Paget", + idTheftIndicator: true, + }); + + const response: any = { render: renderMock }; + await handlers.loadICN(req, response, nextFn); + + expect(renderMock).not.toHaveBeenCalled(); + expect(nextFn).toHaveBeenCalled(); + expect(req.user.claims.icn).toEqual("anICN"); + }); + it("should call getMVITraits... calls when ICN Exists", async () => { const nextFn = jest.fn(); const req: any = { diff --git a/src/routes/acsHandlers.ts b/src/routes/acsHandlers.ts index f0d70194..fd046a18 100644 --- a/src/routes/acsHandlers.ts +++ b/src/routes/acsHandlers.ts @@ -141,7 +141,7 @@ export const loadICN = async ( result: "success", }); - if (req.mpiUserClient.fraudIdTheft && idTheftIndicator) { + if (req.mpiUserClient.fraudBlockEnabled && idTheftIndicator) { logger.warn("Fradulent identity detected, blocking login."); return res.render("layout", { body: "sensitive_error", diff --git a/src/rsa.json b/src/rsa.json new file mode 100644 index 00000000..e69de29b