Gracefully handle the case that the proxy_authz endpoint doesn't rece…

…ive ssid attributes

server/api/user_saml.py

@@ -204,8 +204,10 @@ def proxy_authz():
     uid = json_dict["user_id"]
     service_entity_id = json_dict["service_id"]
     issuer_id = json_dict["issuer_id"]
-    home_organisation_uid = json_dict["uid"]
-    schac_home_organisation = json_dict["homeorganization"]
+    # These are optional; they are only used to check for logins that should do SSID-SFO
+    # If the proxy doesn't send these, we can safely assume the user shouldn't be sent to SSID
+    home_organisation_uid = json_dict.get("uid", "[[UNKNOWN]]")
+    schac_home_organisation = json_dict.get("homeorganization", "[[UNKNOWN]]")
 
     logger = ctx_logger("user_api")
     logger.debug(f"proxy_authz called with {str(json_dict)}")

server/test/api/test_user_saml.py

@@ -286,3 +286,18 @@ def test_proxy_authz_mfa_faulty_config(self):
                               "uid": "sarah",
                               "homeorganization": "erroridp.example.edu"})
         self.assertTrue(res["error"])
+
+    def test_proxy_authz_mfa_no_ssid_attr(self):
+        res = self.post("/api/users/proxy_authz", response_status_code=200,
+                        body={"user_id": "urn:sarah",
+                              "service_id": service_mail_entity_id,
+                              "issuer_id": "nope"})
+        sarah = self.find_entity_by_name(User, sarah_name)
+        self.assertEqual(res["status"]["result"], "interrupt")
+        self.assertEqual(res["status"]["redirect_url"], f"http://localhost:3000/2fa/{sarah.second_fa_uuid}")
+
+    def test_proxy_authz_mfa_no_attr(self):
+        res = self.post("/api/users/proxy_authz", response_status_code=500,
+                        body={"user_id": "urn:sarah",
+                              "service_id": service_mail_entity_id})
+        self.assertTrue(res["error"])