feat: Implement MFA step-up system

2025-12-23 11:31:13 -05:00 · 2025-11-04 16:35:40 +00:00
parent 05acd49334
commit c904fe10a1
4 changed files with 318 additions and 15 deletions
--- a/src/components/admin/TestDataGenerator.tsx
+++ b/src/components/admin/TestDataGenerator.tsx
@@ -16,6 +16,8 @@ import { Beaker, CheckCircle, ChevronDown, Trash2, AlertTriangle } from 'lucide-
 import { clearTestData, getTestDataStats } from '@/lib/testDataGenerator';
 import { TestDataTracker } from '@/lib/integrationTests/TestDataTracker';
 import { logger } from '@/lib/logger';
+import { useMFAStepUp } from '@/contexts/MFAStepUpContext';
+import { isMFACancelledError } from '@/lib/aalErrorDetection';

 const PRESETS = {
  small: { label: 'Small', description: '~30 submissions - Quick test', counts: '5 parks, 10 rides, 3 companies, 2 models, 5 photo sets' },
@@ -44,6 +46,7 @@ interface TestDataResults {

 export function TestDataGenerator(): React.JSX.Element {
  const { toast } = useToast();
+  const { requireAAL2 } = useMFAStepUp();
  const [preset, setPreset] = useState<'small' | 'medium' | 'large' | 'stress'>('small');
  const [fieldDensity, setFieldDensity] = useState<'mixed' | 'minimal' | 'standard' | 'maximum'>('mixed');
  const [entityTypes, setEntityTypes] = useState({
@@ -168,7 +171,12 @@ export function TestDataGenerator(): React.JSX.Element {
    setLoading(true);

    try {
-      const { deleted } = await clearTestData();
+      // Wrap operation with AAL2 requirement
+      const { deleted } = await requireAAL2(
+        () => clearTestData(),
+        'Clearing test data requires additional verification'
+      );
+      
      await loadStats();

      toast({
@@ -177,11 +185,14 @@ export function TestDataGenerator(): React.JSX.Element {
      });
      setResults(null);
    } catch (error: unknown) {
-      toast({
-        title: 'Clear Failed',
-        description: getErrorMessage(error),
-        variant: 'destructive'
-      });
+      // Only show error if it's NOT an MFA cancellation
+      if (!isMFACancelledError(error)) {
+        toast({
+          title: 'Clear Failed',
+          description: getErrorMessage(error),
+          variant: 'destructive'
+        });
+      }
    } finally {
      setLoading(false);
    }
@@ -191,7 +202,12 @@ export function TestDataGenerator(): React.JSX.Element {
    setLoading(true);

    try {
-      const { deleted, errors } = await TestDataTracker.bulkCleanupAllTestData();
+      // Wrap operation with AAL2 requirement
+      const { deleted, errors } = await requireAAL2(
+        () => TestDataTracker.bulkCleanupAllTestData(),
+        'Emergency cleanup requires additional verification'
+      );
+      
      await loadStats();

      toast({
@@ -200,11 +216,14 @@ export function TestDataGenerator(): React.JSX.Element {
      });
      setResults(null);
    } catch (error: unknown) {
-      toast({
-        title: 'Emergency Cleanup Failed',
-        description: getErrorMessage(error),
-        variant: 'destructive'
-      });
+      // Only show error if it's NOT an MFA cancellation
+      if (!isMFACancelledError(error)) {
+        toast({
+          title: 'Emergency Cleanup Failed',
+          description: getErrorMessage(error),
+          variant: 'destructive'
+        });
+      }
    } finally {
      setLoading(false);
    }