chore(admin-ui): redundant dependencies and unscanned dead test code

[faisalsiddique4400]

chore(admin-ui): redundant dependencies and unscanned dead test code (#2874)

Summary

Maintenance cleanup of the Admin UI dependency manifest and test-code analysis
coverage. Removes redundant direct dependencies, reimplements a few heavier
libraries in-house using native browser APIs or already-bundled components,
expands Knip to scan test files, and removes dead test code.

Behavior-equivalent: the reimplemented surfaces are interactive (file upload,
tooltips, session timeout, auth decode, Agama zip import), so they are covered by
unit tests and need a manual pass. This is not a no-op cleanup.

Fix Summary

Redundant dependencies removed:

• query-string -> native URLSearchParams
• react-responsive -> existing MUI useMediaQuery
• prop-types -> TypeScript compile-time checking (runtime PropTypes blocks removed)
• react-router -> react-router-dom (standardized router imports)
• redux -> transitive via @reduxjs/toolkit + react-redux

Dependencies reimplemented in-house (behavior-equivalent):

• jwt-decode -> app/utils/jwtDecode.ts (decode-only, base64url + TextDecoder)
• react-dropzone -> app/hooks/useFileDrop.ts (GluuUploadFile, UploadSSA, AgamaFlows)
• jszip -> app/utils/zip.ts readZip (DecompressionStream + central-directory parse)
• react-idle-timer -> app/hooks/useIdleTimer.ts (GluuSessionTimeout)
• react-tooltip -> MUI Popper (GluuTooltip) with a shared tooltipManager

Knip:

• Removed the blanket __tests__ ignore; registered jest.requireActual helpers
  so they aren't false-flagged; removed dead test fixtures, helpers, and exports
  surfaced by the expanded scan.

Bundle impact

Production JS (gzipped): 1.415 MB -> 1.351 MB (~64 KB smaller). Largest single
win: the Agama project route drops ~28 KB gzip (jszip -> native zip reader).

How to test (manual QA)

No code knowledge needed. Each area was reworked under the hood and should behave
exactly as before. Log in to the Admin UI first.

1. Session timeout

   • Home > Settings: set "Session timeout (mins)" to 1, save.
   • Stop touching mouse/keyboard. After ~1 min a countdown dialog appears.
   • Click "Continue Session" -> dialog closes, you stay logged in.
   • Go idle again, let the 10s countdown reach 0 -> you are logged out.
   • Log back in, raise the timeout, confirm the new value applies without a page
     refresh. While logged out, no timeout dialog should ever appear.

2. File uploads (drag-drop + click to browse)

   • Administration > Assets > Add: upload a file (.js/.png/etc). Drag onto the
     box and also click to browse. Remove it, then re-add the same file.
   • Administration > Security > Cedarling Config: upload a .cjar file.
   • SAML > Identity Providers / Service Providers (Add): turn on "import from
     file", upload an .xml then a .json; a .txt should be rejected.
   • SSA upload screen: only a .jwt file is accepted.
   • For each: dragging a file onto the page must not make the browser open it;
     the file name shows after selecting; wrong file types are not accepted.

3. Agama project import (zip)

   • Auth Server > Authentication > Agama Flows > New Project.
   • Upload a valid .gama project zip -> the Project Name field auto-fills from
     inside the zip. Upload a matching .sha256sum -> "SHA256 verified" shows.
   • A broken / non-zip file -> "Failed to read zip file" message, no crash.
   • View an existing project's configuration -> the JSON viewer renders.

4. Login and profile

   • Log in with a valid admin -> you land on the dashboard, sidebar loads.
   • Open the profile menu / My Profile -> your name and email show correctly,
     including any accented characters.
   • A user without an admin role is logged out with a "no valid role" message.

5. Field help tooltips

   • On forms with help icons (SMTP, Auth Server > Scopes > Add, User Claims >
     Add): hover a help icon -> bubble appears with its arrow; move away -> it
     hides. Tab to a field -> tooltip shows on focus. Recheck in dark mode
     (bubble stays readable).
   • On a form with many tooltips, all of them work; after navigating to another
     page no tooltip stays stuck on screen.

6. Tabbed pages (tab highlight + switching)

   • SAML: click Configuration / Identity Providers / Service Providers -> URL,
     tab highlight, and panel switch together; reload on a tab -> same tab stays
     selected.
   • Auth Server > Authentication, Agama Flows, FIDO > Configuration, FIDO >
     Metrics: click through their tabs -> they switch correctly, no crash.

7. Upload box appearance

   • On any upload screen above, confirm the drag-and-drop box looks normal
     (border, text, spacing). A global dropzone stylesheet was dropped.

Also touched (confirm pages open with no console errors): Assets edit, Webhooks
edit, the main layout / sidebar, and removable input rows on SSA / user-claim
forms.

Verification

• npm run check:all (lint + type-check + markdown): pass
• npm run test:all (1236 tests / 155 suites): pass
• npm run knip (test files now in scope): clean
• production build: completes

Ticket

Closes: #2874

[coderabbitai]

Warning

Review limit reached

@faisalsiddique4400, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 40 minutes and 4 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 04e3d88d-41f8-4e8e-a536-762ea8a4e2d2

📥 Commits

Reviewing files that changed from the base of the PR and between 068ea85 and a8b58c7.

📒 Files selected for processing (1)

• admin-ui/app/routes/Apps/Gluu/GluuTooltip.tsx

📝 Walkthrough

Walkthrough

Removes runtime PropTypes and several unused dependencies; expands Knip to scan tests; adds local hooks/utilities (useFileDrop, useIdleTimer, readZip, decodeJwt) with tests; replaces react-dropzone/react-idle-timer/react-tooltip/jszip/jwt-decode usages with local implementations and updates styles/config.

Changes

Dependency cleanup and test export fixes

Layer / File(s)	Summary
Remove prop-types runtime validation from components admin-ui/app/components/Layout/LayoutContent.tsx, admin-ui/app/components/Layout/LayoutSidebar.tsx, admin-ui/app/routes/Apps/Gluu/GluuRemovableInputRow.tsx	Removed prop-types imports and propTypes static assignments from typed React components.
Migrate router hook imports to react-router-dom admin-ui/app/routes/Apps/Gluu/GluuTabs.tsx, admin-ui/plugins/admin/components/Assets/AssetForm.tsx, admin-ui/plugins/admin/components/Webhook/WebhookForm.tsx	Switched useLocation/useParams imports from react-router to react-router-dom.
Configure Knip and update testing docs admin-ui/knip.json, admin-ui/docs/testing.md	Expanded Knip entry list to include script/tests helpers and removed blanket **/__tests__/** ignore; docs updated to explain Knip interaction with Jest mocks and dynamic requireActual.
Remove redundant dependencies and update bundle grouping admin-ui/package.json, admin-ui/vite.config.ts	Removed unused deps (prop-types, query-string, react-dropzone, react-idle-timer, react-responsive, react-router, react-tooltip) and adjusted Vite vendor grouping to reflect removals.
Remove dead test setup and standardize fixtures admin-ui/plugins/auth-server/__tests__/api/setup.ts, admin-ui/plugins/auth-server/components/Authentication/AgamaFlows/__tests__/fixtures/mockAgamaProjects.ts, admin-ui/plugins/auth-server/components/Logging/__tests__/fixtures/loggingTestData.ts, admin-ui/plugins/auth-server/components/Scopes/__tests__/fixtures/mockScopes.ts, admin-ui/plugins/auth-server/components/Sessions/__tests__/fixtures/mockSessions.ts	Deleted unused test setup file and changed several fixtures to default/internal exports instead of named exports.

Local hooks, utilities, UI replacements, and tests

Layer / File(s)	Summary
useFileDrop hook and tests admin-ui/app/hooks/useFileDrop.ts, admin-ui/app/hooks/__tests__/useFileDrop.test.tsx	Adds useFileDrop with accept/maxSize validation, getRootProps/getInputProps/open API, global drag prevention, drag-depth tracking, and associated unit tests for acceptance, rejection, input props, click bubbling, and drag lifecycle.
useIdleTimer hook and tests admin-ui/app/hooks/useIdleTimer.ts, admin-ui/app/hooks/__tests__/useIdleTimer.test.ts	Adds useIdleTimer with configurable timeout, debounce, events, reset/isIdle API, and tests covering idle/active transitions and disabled behavior.
ZIP reader and tests admin-ui/app/utils/zip.ts, admin-ui/app/utils/__tests__/zip.test.ts	Adds readZip that parses central directory entries, supports stored and deflated-raw entries via DecompressionStream, enforces size limits, and includes in-memory ZIP tests.
JWT decode helper and regex tests admin-ui/app/utils/jwtDecode.ts, admin-ui/app/utils/__tests__/jwtDecode.test.ts, admin-ui/app/utils/regex.ts	Adds decodeJwt with base64url normalization/padding and specific error messages; exports regex helpers and tests for decoding and error cases.
Component integrations and tooltip rework admin-ui/app/routes/Apps/Gluu/GluuUploadFile.tsx, admin-ui/plugins/auth-server/components/Authentication/AgamaFlows/AgamaFlows.tsx, admin-ui/app/utils/UploadSSA.tsx, admin-ui/app/routes/Apps/Gluu/GluuSessionTimeout.tsx, admin-ui/app/routes/Apps/Gluu/GluuTooltip.tsx, admin-ui/app/routes/Apps/Gluu/styles/GluuTooltip.style.ts, related tests/types/styles	Replaces useDropzone/react-dropzone, react-idle-timer, react-tooltip, and jszip with local useFileDrop, useIdleTimer, readZip, and MUI Popper + tooltipManager; updates types, styles, and tests accordingly.
Jest setup and transform changes admin-ui/jest.config.ts, admin-ui/jest/setup.ts	Narrowed transformWhitelist in Jest (uuid only), and added guards in jest/setup to avoid errors when DOM globals are absent.

Sequence Diagram (file-drop → ZIP parsing flow):

sequenceDiagram
  participant User
  participant AgamaFlows
  participant useFileDrop
  participant readZip
  participant ZipEntry

  User->>AgamaFlows: drop ZIP file
  AgamaFlows->>useFileDrop: onDrop(file)
  useFileDrop-->>AgamaFlows: accepted File[]
  AgamaFlows->>readZip: readZip(file)
  readZip->>ZipEntry: enumerate entries
  AgamaFlows->>ZipEntry: zipEntry.text() (JSON)
  ZipEntry-->>AgamaFlows: entry text
  AgamaFlows->>AgamaFlows: parse JSON, extract project

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• GluuFederation/flex#2658: Overlaps session-timeout UI changes.
• GluuFederation/flex#2763: Related GluuTooltip/tooltipOnly integration changes.
• GluuFederation/flex#2851: Router migration and dependency adjustments.

Suggested reviewers

• duttarnab

"I'm a rabbit with a tiny key,
Dropping props and dusting debris,
Hooks catch zips and timers keep watch,
Tooltips now perch with a styled notch,
Tests hop tidy — admin UI hums free."

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately summarizes the main focus: removing redundant dependencies and cleaning up unscanned dead test code.
Linked Issues check	✅ Passed	The PR comprehensively addresses all coding requirements from issue #2874: removing redundant dependencies, replacing APIs with native/existing alternatives, expanding Knip scope, and removing dead test code.
Out of Scope Changes check	✅ Passed	All changes directly support the stated objectives of cleaning up redundant dependencies and dead test code; no unrelated modifications were introduced.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch admin-ui-issue-2874

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@admin-ui/app/routes/Apps/Gluu/GluuSessionTimeout.tsx`:
- Around line 110-119: The idle timer is left running even when the user is
logged out; update the code so the timer and its listeners are disabled when
isAuthenticated is false. Either pass an "enabled"/"active" flag to useIdleTimer
(if supported) or only initialize/use the hook when isAuthenticated is true;
alternatively, call the hook's stop/pause API (or cleanup) in a useEffect
cleanup when isAuthenticated becomes false. Ensure you still call reset() when
sessionTimeout or isAuthenticated changes (keep the existing useEffect) but add
logic to stop the timer/listeners in the not-authenticated branch and re-enable
them when isAuthenticated becomes true; reference useIdleTimer, reset,
useEffect, onIdle, isAuthenticated, and sessionTimeout when making the change.

In `@admin-ui/app/routes/Apps/Gluu/GluuTooltip.tsx`:
- Around line 48-71: The current GluuTooltip component installs four global
document listeners inside its useEffect causing O(N) listeners; replace this
with a shared tooltip manager: create a module-level TooltipManager that keeps a
registry keyed by doc_entry and exposes addListener(doc_entry, callback) and
removeListener(doc_entry, callback); move the resolveAnchor/show/hide logic into
the manager so it registers the four document events once and delegates to the
matching registry entries, and update GluuTooltip's useEffect to call
TooltipManager.addListener(doc_entry, setAnchorEl) on mount and
TooltipManager.removeListener(doc_entry, setAnchorEl) on unmount (keeping
resolveAnchor and doc_entry matching logic in the manager).
- Line 89: The tooltip container div rendered in GluuTooltip (the element with
data-testid={doc_entry}, className={classes.tooltip}, style={tooltipStyle})
lacks an accessibility role; update that div to include role="tooltip" so
role-based queries (e.g., screen.getByRole('tooltip') used in
GluuTooltip.test.tsx) can find it and improve accessibility.

In `@admin-ui/app/utils/zip.ts`:
- Around line 64-80: The text() reader currently decompresses data without
checking the uncompressed size; read the uncompressed size from the central
directory entry (4 bytes little-endian at cursor + 24) and validate it against a
safe limit (e.g., const MAX_UNCOMPRESSED_SIZE = 100 * 1024 * 1024) before
returning or calling inflateRaw/decoder.decode; if the uncompressed size exceeds
the limit, throw an error mentioning the entry name. Apply this check for both
COMPRESSION_STORED and COMPRESSION_DEFLATE paths (use view.getUint32(...) to
obtain the uncompressed size) so inflateRaw/decoder.decode and any stored reads
never expand beyond the allowed size.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7dea9b4e-f0ec-4500-be84-4957330d090d

📥 Commits

Reviewing files that changed from the base of the PR and between 1d05d9c and 858c0f3.

📒 Files selected for processing (24)

• admin-ui/app/constants/ui.ts
• admin-ui/app/hooks/__tests__/useFileDrop.test.tsx
• admin-ui/app/hooks/__tests__/useIdleTimer.test.ts
• admin-ui/app/hooks/useFileDrop.ts
• admin-ui/app/hooks/useIdleTimer.ts
• admin-ui/app/routes/Apps/Gluu/GluuSessionTimeout.tsx
• admin-ui/app/routes/Apps/Gluu/GluuTooltip.tsx
• admin-ui/app/routes/Apps/Gluu/GluuUploadFile.tsx
• admin-ui/app/routes/Apps/Gluu/Tests/GluuTooltip.test.tsx
• admin-ui/app/routes/Apps/Gluu/styles/GluuTooltip.style.ts
• admin-ui/app/routes/Apps/Gluu/types/GluuComponentPropsTypes.ts
• admin-ui/app/styles/plugins/plugins.scss
• admin-ui/app/utils/AppAuthProvider.tsx
• admin-ui/app/utils/UploadSSA.tsx
• admin-ui/app/utils/__tests__/jwtDecode.test.ts
• admin-ui/app/utils/__tests__/zip.test.ts
• admin-ui/app/utils/jwtDecode.ts
• admin-ui/app/utils/regex.ts
• admin-ui/app/utils/zip.ts
• admin-ui/jest.config.ts
• admin-ui/jest/setup.ts
• admin-ui/package.json
• admin-ui/plugins/auth-server/components/Authentication/AgamaFlows/AgamaFlows.tsx
• admin-ui/vite.config.ts

💤 Files with no reviewable changes (2)

• admin-ui/app/styles/plugins/plugins.scss
• admin-ui/package.json

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@admin-ui/app/routes/Apps/Gluu/GluuTooltip.tsx`:
- Around line 49-52: The effect registering tooltipManager.addListener for
doc_entry doesn't clear the current anchorEl when doc_entry changes, so update
the cleanup callback inside the useEffect (the function that currently calls
tooltipManager.removeListener(doc_entry, setAnchorEl)) to also reset the anchor
element by calling setAnchorEl(null); keep the existing removeListener call and
ensure this change occurs inside the same cleanup function returned from the
useEffect that depends on doc_entry.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 659b8a1c-27a7-4323-b3f1-d9d769a7faa6

📥 Commits

Reviewing files that changed from the base of the PR and between 858c0f3 and 068ea85.

📒 Files selected for processing (4)

• admin-ui/app/routes/Apps/Gluu/GluuSessionTimeout.tsx
• admin-ui/app/routes/Apps/Gluu/GluuTooltip.tsx
• admin-ui/app/utils/tooltipManager.ts
• admin-ui/app/utils/zip.ts

[sonarqubecloud]

Quality Gate passed for 'Gluu Admin UI'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud