Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .github/workflows/end-to-end.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@ jobs:
- signin_with_certification_dirigeant
- signin_with_email_verification
- signin_with_email_verification_renewal
- signin_with_legacy_acr
- signin_with_legacy_scope
- signin_with_magic_link
- signin_with_right_acr
Expand Down
Empty file.
153 changes: 0 additions & 153 deletions cypress/e2e/signin_with_legacy_acr/fixtures.sql

This file was deleted.

43 changes: 0 additions & 43 deletions cypress/e2e/signin_with_legacy_acr/index.cy.ts

This file was deleted.

16 changes: 1 addition & 15 deletions src/controllers/interaction.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ import { findByClientId } from "../repositories/oidc-client";
import {
certificationDirigeantRequested,
isAcrSatisfied,
isThereAnyRequestedAcr,
twoFactorsAuthRequested,
} from "../services/acr-checks";
import { oidcErrorSchema, siretSchema } from "../services/custom-zod-schemas";
Expand Down Expand Up @@ -115,20 +114,7 @@ export const interactionEndControllerFactory =
? epochTime(user.last_sign_in_at)
: undefined;

const { prompt, params } = await oidcProvider.interactionDetails(
req,
res,
);

// Previously, OIDC clients were required to include `acr_values=eidas1` as a query parameter in the /authorize request.
// Some clients may still expect the returned ACR to be "eidas1" for successful authentication.
// We maintain this legacy behavior until all OIDC clients have been properly migrated.
if (
params?.["acr_values"] === "eidas1" &&
!isThereAnyRequestedAcr(prompt)
) {
currentAcr = "eidas1";
}
const { prompt } = await oidcProvider.interactionDetails(req, res);

let result: OidcInteractionResults = {
login: {
Expand Down
14 changes: 0 additions & 14 deletions src/services/acr-checks.ts
Original file line number Diff line number Diff line change
Expand Up @@ -86,20 +86,6 @@ export const certificationDirigeantRequested = (prompt: PromptDetail) => {
);
};

export const isThereAnyRequestedAcr = (prompt: PromptDetail) => {
return areAcrsRequestedInPrompt({
prompt,
acrs: [
ACR_VALUE_FOR_IAL1_AAL1,
ACR_VALUE_FOR_IAL1_AAL2,
ACR_VALUE_FOR_IAL2_AAL1,
ACR_VALUE_FOR_IAL2_AAL2,
ACR_VALUE_FOR_CERTIFICATION_DIRIGEANT,
ACR_VALUE_FOR_IAL3_AAL2,
],
});
};

export const isAcrSatisfied = (prompt: PromptDetail, currentAcr: string) => {
// if no acr is required it is satisfied
if (!containsEssentialAcrs(prompt)) {
Expand Down
70 changes: 0 additions & 70 deletions test/acr-checks.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ import { describe, it } from "node:test";
import {
certificationDirigeantRequested,
isAcrSatisfied,
isThereAnyRequestedAcr,
twoFactorsAuthRequested,
} from "../src/services/acr-checks";

Expand Down Expand Up @@ -177,75 +176,6 @@ describe("isAcrSatisfied", () => {
});
});

describe("isThereAnyRequestedAcr", () => {
it("should return false for acr non-related prompt", () => {
const prompt = {
name: "random",
reasons: ["random"],
details: { random: "random" },
};

assert.equal(isThereAnyRequestedAcr(prompt), false);
});

it("should return true for prompt with no acr required", () => {
const prompt = { name: "login", reasons: ["no_session"], details: {} };

assert.equal(isThereAnyRequestedAcr(prompt), false);
});

it("should return false for legacy acr", () => {
const prompt = {
name: "login",
reasons: ["essential_acrs"],
details: {
acr: {
essential: true,
value: "eidas1",
},
},
};

assert.equal(isThereAnyRequestedAcr(prompt), false);
});

it("should return true for non legacy acr", () => {
const prompt = {
name: "login",
reasons: ["essential_acrs"],
details: {
acr: {
essential: true,
values: [
"eidas1",
"https://proconnect.gouv.fr/assurance/consistency-checked-2fa",
],
},
},
};

assert.equal(isThereAnyRequestedAcr(prompt), true);
});

it("should return true for mfa requested identity", () => {
const prompt = {
name: "login",
reasons: ["essential_acrs"],
details: {
acr: {
essential: true,
values: [
"https://proconnect.gouv.fr/assurance/self-asserted-2fa",
"https://proconnect.gouv.fr/assurance/consistency-checked-2fa",
],
},
},
};

assert.equal(isThereAnyRequestedAcr(prompt), true);
});
});

describe("certificationDirigeantRequested", () => {
it("should return true for certification dirigeant acr", () => {
const prompt = {
Expand Down
Loading