Feature/56368 csrf replacement (#2618)

* Switch to using our expressjs-csurf package * whitespace * Fix * add DEBUG * Remove debug * Update pupil_data_sync_steps.rb --------- Co-authored-by: Mohsen Qureshi <[email protected]> Co-authored-by: Mohsen Qureshi <[email protected]>
DFEAGILEDEVOPS · Oct 4, 2023 · 3467440 · 3467440
1 parent 74472b4
commit 3467440
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 22 deletions.
diff --git a/admin/app.js b/admin/app.js
@@ -26,7 +26,7 @@ appInsights.startInsightsIfConfigured()
 const breadcrumbs = require('express-breadcrumbs')
 const busboy = require('express-busboy')
 const config = require('./config')
-const csurf = require('csurf')
+const csurf = require('expressjs-csurf')
 const express = require('express')
 const featureToggles = require('feature-toggles')
 const flash = require('connect-flash')

diff --git a/admin/package.json b/admin/package.json
@@ -52,7 +52,7 @@
     "bluebird": "^3.5.1",
     "connect-flash": "^0.1.1",
     "connect-redis": "^6.1.3",
-    "csurf": "^1.9.0",
+    "expressjs-csurf": "https://github.com/DFEAGILEDEVOPS/expressjs-csurf#v2.0.1",
     "dompurify": "^2.4.2",
     "dotenv": "^16.0.3",
     "edit-json-file": "^1.4.0",

diff --git a/admin/yarn.lock b/admin/yarn.lock
@@ -3701,11 +3701,6 @@ [email protected]:
   resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c"
   integrity sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==
 
-[email protected]:
-  version "0.4.0"
-  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.0.tgz#beb437e7022b3b6d49019d088665303ebe9c14ba"
-  integrity sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==
-
 [email protected], cookie@~0.4.1:
   version "0.4.2"
   resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.2.tgz#0e41f24de5ecf317947c82fc789e06a884824432"
@@ -3828,16 +3823,6 @@ cssstyle@^2.3.0:
   dependencies:
     cssom "~0.3.6"
 
-csurf@^1.9.0:
-  version "1.11.0"
-  resolved "https://registry.yarnpkg.com/csurf/-/csurf-1.11.0.tgz#ab0c3c6634634192bd3d6f4b861be20800eeb61a"
-  integrity sha512-UCtehyEExKTxgiu8UHdGvHj4tnpE/Qctue03Giq5gPgMQ9cg/ciod5blZQ5a4uCEenNQjxyGuzygLdKUmee/bQ==
-  dependencies:
-    cookie "0.4.0"
-    cookie-signature "1.0.6"
-    csrf "3.1.0"
-    http-errors "~1.7.3"
-
 csv-string@^4.0.1:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/csv-string/-/csv-string-4.1.1.tgz#3ab81c702e15adb3396a9f98c3a703b77a0391cc"
@@ -4944,6 +4929,13 @@ express@^4.16.2:
     utils-merge "1.0.1"
     vary "~1.1.2"
 
+"expressjs-csurf@https://github.com/DFEAGILEDEVOPS/expressjs-csurf#v2.0.1":
+  version "2.0.1"
+  resolved "https://github.com/DFEAGILEDEVOPS/expressjs-csurf#3857c0d663b05c32597e869a812edcc195341e50"
+  dependencies:
+    csrf "3.1.0"
+    http-errors "~1.7.3"
+
 ext@^1.1.2:
   version "1.7.0"
   resolved "https://registry.yarnpkg.com/ext/-/ext-1.7.0.tgz#0ea4383c0103d60e70be99e9a7f11027a33c4f5f"

diff --git a/test/pupil-hpa/features/step_definitions/pupil_data_sync_steps.rb b/test/pupil-hpa/features/step_definitions/pupil_data_sync_steps.rb
@@ -107,7 +107,7 @@
   audit_entries = page.evaluate_script('(localStorage);').select {|k,v| k.include? 'audit'}
   values = audit_entries.values.map {|value| JSON.parse value}
   qr_events = values.map {|x| x['type']}
-  expect(qr_events.sort).to eql  ["LoginSuccess", "QrCodeArrival"]
+  expect(qr_events.sort -  ["UtteranceStarted", "UtteranceEnded"]).to eql  ["LoginSuccess", "QrCodeArrival"]
   confirmation_page.read_instructions.click
   start_page.start_warm_up.click
   warm_up_page.start_now.click
@@ -131,7 +131,7 @@
   values = audit_entries.values.map {|value| JSON.parse value}
   original_qr_code_arrival = values.select {|value| value['type'] == 'QrCodeArrival'}
   qr_events = values.map {|x| x['type']}
-  expect(qr_events.sort).to eql  ["LoginSuccess", "QrCodeArrival"]
+  expect(qr_events.sort -  ["UtteranceStarted", "UtteranceEnded"]).to eql  ["LoginSuccess", "QrCodeArrival"]
   confirmation_page.read_instructions.click
   start_page.start_warm_up.click
   warm_up_page.start_now.click
@@ -187,7 +187,7 @@
   values = audit_entries.values.map {|value| JSON.parse value}
   original_qr_code_arrival = values.select {|value| value['type'] == 'QrCodeArrival'}
   qr_events = values.map {|x| x['type']}
-  expect(qr_events.sort).to eql  ["LoginSuccess", "QrCodeArrival"]
+  expect(qr_events.sort -  ["UtteranceStarted", "UtteranceEnded"]).to eql  ["LoginSuccess", "QrCodeArrival"]
   confirmation_page.read_instructions.click
   start_page.start_warm_up.click
   warm_up_page.start_now.click
@@ -262,9 +262,8 @@
   sleep 2
   audit_entries = page.evaluate_script('(localStorage);').select {|k,v| k.include? 'audit'}
   values = audit_entries.values.map {|value| JSON.parse value}
-  original_qr_code_arrival = values.select {|value| value['type'] == 'QrCodeArrival'}
   qr_events = values.map {|x| x['type']}
-  expect(qr_events.sort).to eql  ["LoginSuccess", "QrCodeArrival"]
+  expect(qr_events.sort -  ["UtteranceStarted", "UtteranceEnded"]).to eql  ["LoginSuccess", "QrCodeArrival"]
   confirmation_page.read_instructions.click
   start_page.start_warm_up.click
   warm_up_page.start_now.click