TechnologyEnhancedLearning · rshrirohit · Mar 7, 2024 · Mar 6, 2024 · Mar 6, 2024 · Mar 6, 2024
diff --git a/DigitalLearningSolutions.Data/DataServices/CourseContentService.cs b/DigitalLearningSolutions.Data/DataServices/CourseContentService.cs
@@ -269,19 +269,19 @@ FROM Sessions AS S1 WITH (NOLOCK)
         {
             try
             {
-                return connection.QueryFirst<int>(
-                    @"SELECT ProgressId
-                    FROM Progress
+                return connection.QueryFirst<int?>(
+                    @"SELECT COALESCE((SELECT ProgressID 
+					FROM Progress
                     WHERE CandidateID = @candidateId
                       AND CustomisationID = @customisationId
                       AND SystemRefreshed = 0
-                      AND RemovedDate IS NULL",
+                      AND RemovedDate IS NULL), NULL) AS ProgressId",
                     new { candidateId, customisationId }
                 );
             }
             catch (InvalidOperationException)
             {
-                return null;
+                return 0;
             }
         }
     }

diff --git a/DigitalLearningSolutions.Web.Tests/Controllers/LearningMenu/IndexTests.cs b/DigitalLearningSolutions.Web.Tests/Controllers/LearningMenu/IndexTests.cs
@@ -241,49 +241,50 @@ public void Index_unable_to_enrol_should_not_StartOrUpdate_course_sessions()
             // Then
             A.CallTo(() => sessionService.StartOrUpdateDelegateSession(A<int>._, A<int>._, A<ISession>._)).MustNotHaveHappened();
         }
-
-        [Test]
-        public void Index_detects_id_manipulation_no_progress_id()
-        {
-            // Given
-            var expectedCourseContent = CourseContentHelper.CreateDefaultCourseContent(CustomisationId);
-            A.CallTo(() => courseContentService.GetCourseContent(CandidateId, CustomisationId))
-             .Returns(expectedCourseContent);
-            A.CallTo(() => courseContentService.GetOrCreateProgressId(CandidateId, CustomisationId, CentreId)).Returns(10);
-            A.CallTo(() => courseContentService.GetProgressId(CandidateId, CustomisationId)).Returns(null);
-
-            // When
-            var result = controller.Index(CustomisationId);
-
-            // Then
-            result.Should()
-                .BeRedirectToActionResult()
-                .WithControllerName("LearningSolutions")
-                .WithActionName("StatusCode")
-                .WithRouteValue("code", 404);
-        }
-
-        [Test]
-        public void Index_detects_id_manipulation_self_register_false()
-        {
-            // Given
-            var expectedCourseContent = CourseContentHelper.CreateDefaultCourseContent(CustomisationId);
-            A.CallTo(() => courseContentService.GetCourseContent(CandidateId, CustomisationId))
-             .Returns(expectedCourseContent);
-            A.CallTo(() => courseContentService.GetOrCreateProgressId(CandidateId, CustomisationId, CentreId)).Returns(10);
-            A.CallTo(() => courseContentService.GetProgressId(CandidateId, CustomisationId)).Returns(null);
-            A.CallTo(() => courseDataService.GetSelfRegister(CustomisationId)).Returns(false);
-
-            // When
-            var result = controller.Index(CustomisationId);
-
-            // Then
-            result.Should()
-                .BeRedirectToActionResult()
-                .WithControllerName("LearningSolutions")
-                .WithActionName("StatusCode")
-                .WithRouteValue("code", 404);
-        }
+        //Deprecated in response to TD-3838 - a bug caused by this id manipulation detection functionality
+
+        //[Test]
+        //public void Index_detects_id_manipulation_no_progress_id()
+        //{
+        //    // Given
+        //    var expectedCourseContent = CourseContentHelper.CreateDefaultCourseContent(CustomisationId);
+        //    A.CallTo(() => courseContentService.GetCourseContent(CandidateId, CustomisationId))
+        //     .Returns(expectedCourseContent);
+        //    A.CallTo(() => courseContentService.GetOrCreateProgressId(CandidateId, CustomisationId, CentreId)).Returns(10);
+        //    A.CallTo(() => courseContentService.GetProgressId(CandidateId, CustomisationId)).Returns(null);
+
+        //    // When
+        //    var result = controller.Index(CustomisationId);
+
+        //    // Then
+        //    result.Should()
+        //        .BeRedirectToActionResult()
+        //        .WithControllerName("LearningSolutions")
+        //        .WithActionName("StatusCode")
+        //        .WithRouteValue("code", 404);
+        //}
+
+        //[Test]
+        //public void Index_detects_id_manipulation_self_register_false()
+        //{
+        //    // Given
+        //    var expectedCourseContent = CourseContentHelper.CreateDefaultCourseContent(CustomisationId);
+        //    A.CallTo(() => courseContentService.GetCourseContent(CandidateId, CustomisationId))
+        //     .Returns(expectedCourseContent);
+        //    A.CallTo(() => courseContentService.GetOrCreateProgressId(CandidateId, CustomisationId, CentreId)).Returns(10);
+        //    A.CallTo(() => courseContentService.GetProgressId(CandidateId, CustomisationId)).Returns(null);
+        //    A.CallTo(() => courseDataService.GetSelfRegister(CustomisationId)).Returns(false);
+
+        //    // When
+        //    var result = controller.Index(CustomisationId);
+
+        //    // Then
+        //    result.Should()
+        //        .BeRedirectToActionResult()
+        //        .WithControllerName("LearningSolutions")
+        //        .WithActionName("StatusCode")
+        //        .WithRouteValue("code", 404);
+        //}
 
         [Test]
         public void Index_not_detects_id_manipulation_self_register_true()

diff --git a/DigitalLearningSolutions.Web/Controllers/LearningMenuController/LearningMenuController.cs b/DigitalLearningSolutions.Web/Controllers/LearningMenuController/LearningMenuController.cs
@@ -85,10 +85,11 @@ public IActionResult Index(int customisationId)
                 var sectionId = courseContent.Sections.First().Id;
                 return RedirectToAction("Section", "LearningMenu", new { customisationId, sectionId });
             }
-            if (UniqueIdManipulationDetected(candidateId, customisationId))
-            {
-                return RedirectToAction("StatusCode", "LearningSolutions", new { code = 404 });
-            }
+            // Unique Id Manipulation Detection is being disabled as part of work on TD-3838 - a bug created by its introduction
+            //if (UniqueIdManipulationDetected(candidateId, customisationId))
+            //{
+            //    return RedirectToAction("StatusCode", "LearningSolutions", new { code = 404 });
+            //}
             var progressId = courseContentService.GetOrCreateProgressId(candidateId, customisationId, centreId);
             if (progressId == null)
             {
@@ -97,6 +98,7 @@ public IActionResult Index(int customisationId)
                     $"Candidate id: {candidateId}, customisation id: {customisationId}, centre id: {centreId}");
                 return RedirectToAction("StatusCode", "LearningSolutions", new { code = 404 });
             }
+
             if (sessionService.StartOrUpdateDelegateSession(candidateId, customisationId, HttpContext.Session) > 0)
             {
                 courseContentService.UpdateProgress(progressId.Value);