BAU: Bump xstate from 4.38.3 to 5.13.0

Bumps [xstate](https://github.com/statelyai/xstate) from 4.38.3 to 5.13.0.
- [Release notes](https://github.com/statelyai/xstate/releases)
- [Commits](https://github.com/statelyai/xstate/compare/xstate@4.38.3...xstate@5.13.0)

---
updated-dependencies:
- dependency-name: xstate
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

@types/express/index.d.ts

@@ -3,6 +3,7 @@ import { User } from "../../src/types";
 import { QueryParameters } from "../../src/app.constants";
 
 import { MfaMethod } from "../../src/utils/mfa/types";
+import { logger } from "../../src/utils/logger";
 
 declare module "express-session" {
   interface Session {
@@ -29,6 +30,7 @@ declare module "express-serve-static-core" {
     csrfToken?: () => string;
     oidc?: Client;
     issuerJWKS?: any;
+    log: logger;
   }
 }
 interface Cookie {

docker-compose.yml

@@ -2,16 +2,15 @@ version: "3.8"
 services:
   localstack:
     container_name: localstack
-    image: localstack/localstack:1.3.1
+    image: localstack/localstack:3.0.0
     ports:
       - "4566:4566"
       - "4569:4569"
     environment:
-      - SERVICES=kms,sns,dynamodb,sqs
-      - HOSTNAME_EXTERNAL=localhost
+      - SERVICES=kms,sns,dynamodb,sqs,stepfunctions
+      - LOCALSTACK_HOST=localhost
       - DYNAMODB_SHARE_DB=1                                       # Removes regions and allows NoSQL Workbench to work.
       - DEBUG=${DEBUG:-0}
-      - KMS_PROVIDER=local-kms
       - AWS_ACCESS_KEY_ID=na
       - AWS_SECRET_ACCESS_KEY=na
       - MY_ONE_LOGIN_USER_ID=${MY_ONE_LOGIN_USER_ID}

package.json

@@ -87,7 +87,7 @@
     "qrcode": "^1.5.0",
     "uuid": "^9.0.1",
     "xss": "^1.0.15",
-    "xstate": "^4.38.2"
+    "xstate": "^5.13.0"
   },
   "devDependencies": {
     "@types/chai": "^4.3.6",

src/app.constants.ts

@@ -1,7 +1,7 @@
-import { AccountManagementEvent, UserJourney } from "./utils/state-machine";
+import { EventType, UserJourney } from "./utils/state-machine";
 
 export const PATH_DATA: {
-  [key: string]: { url: string; event?: string; type?: UserJourney };
+  [key: string]: { url: string; event?: EventType; type?: UserJourney };
 } = {
   CONTACT: { url: "/contact-gov-uk-one-login" },
   SIGN_IN_HISTORY: { url: "/activity-history" },
@@ -13,92 +13,92 @@ export const PATH_DATA: {
   ENTER_PASSWORD: { url: "/enter-password" },
   ADD_MFA_METHOD: {
     url: "/add-mfa-method",
-    event: "SELECTED_APP",
+    event: EventType.SelectedApp,
     type: UserJourney.AddMfaMethod,
   },
   ADD_MFA_METHOD_APP: {
     url: "/add-mfa-method-app",
-    event: "VALUE_UPDATED",
+    event: EventType.ValueUpdated,
     type: UserJourney.AddMfaMethod,
   },
   ADD_MFA_METHOD_APP_CONFIRMATION: {
     url: "/add-mfa-method-app-confirmation",
-    event: "CONFIRMATION",
+    event: EventType.Confirmation,
     type: UserJourney.AddMfaMethod,
   },
   ADD_MFA_METHOD_SMS: {
     url: "/add-mfa-method-sms",
-    event: "VALUE_UPDATED",
+    event: EventType.ValueUpdated,
     type: UserJourney.AddMfaMethod,
   },
   CHANGE_EMAIL: {
     url: "/change-email",
-    event: "VERIFY_CODE_SENT",
+    event: EventType.VerifyCodeSent,
     type: UserJourney.ChangeEmail,
   },
   CHECK_YOUR_EMAIL: {
     url: "/check-your-email",
-    event: "VALUE_UPDATED",
+    event: EventType.ValueUpdated,
     type: UserJourney.ChangeEmail,
   },
   REQUEST_NEW_CODE_EMAIL: {
     url: "/request-new-email-code",
-    event: "RESEND_CODE",
+    event: EventType.ResendCode,
     type: UserJourney.ChangeEmail,
   },
   EMAIL_UPDATED_CONFIRMATION: {
     url: "/email-updated-confirmation",
-    event: "CONFIRMATION",
+    event: EventType.Confirmation,
     type: UserJourney.ChangeEmail,
   },
   CHANGE_PASSWORD: {
     url: "/change-password",
-    event: "VALUE_UPDATED",
+    event: EventType.ValueUpdated,
     type: UserJourney.ChangePassword,
   },
   PASSWORD_UPDATED_CONFIRMATION: {
     url: "/password-updated-confirmation",
-    event: "CONFIRMATION",
+    event: EventType.Confirmation,
     type: UserJourney.ChangePassword,
   },
   CHANGE_PHONE_NUMBER: {
     url: "/change-phone-number",
-    event: "VERIFY_CODE_SENT",
+    event: EventType.VerifyCodeSent,
     type: UserJourney.ChangePhoneNumber,
   },
   CHANGE_AUTHENTICATOR_APP: {
     url: "/change-authenticator-app",
-    event: "VALUE_UPDATED",
+    event: EventType.ValueUpdated,
     type: UserJourney.ChangeAuthenticatorApp,
   },
   CHECK_YOUR_PHONE: {
     url: "/check-your-phone",
-    event: "VALUE_UPDATED",
+    event: EventType.ValueUpdated,
     type: UserJourney.ChangePhoneNumber,
   },
   REQUEST_NEW_CODE_OTP: {
     url: "/request-new-opt-code",
-    event: "RESEND_CODE",
+    event: EventType.ResendCode,
     type: UserJourney.ChangePhoneNumber,
   },
   PHONE_NUMBER_UPDATED_CONFIRMATION: {
     url: "/phone-number-updated-confirmation",
-    event: "CONFIRMATION",
+    event: EventType.Confirmation,
     type: UserJourney.ChangePhoneNumber,
   },
   AUTHENTICATOR_APP_UPDATED_CONFIRMATION: {
     url: "/authenticator-app-updated-confirmation",
-    event: "CONFIRMATION",
+    event: EventType.Confirmation,
     type: UserJourney.ChangeAuthenticatorApp,
   },
   DELETE_ACCOUNT: {
     url: "/delete-account",
-    event: "VALUE_UPDATED",
+    event: EventType.ValueUpdated,
     type: UserJourney.DeleteAccount,
   },
   ACCOUNT_DELETED_CONFIRMATION: {
     url: "/account-deleted-confirmation",
-    event: "CONFIRMATION",
+    event: EventType.Confirmation,
     type: UserJourney.DeleteAccount,
   },
   AUTH_CALLBACK: { url: "/auth/callback" },
@@ -125,12 +125,12 @@ export const MFA_METHODS = {
   SMS: {
     type: "sms",
     path: PATH_DATA.ADD_MFA_METHOD_SMS,
-    event: "SELECTED_SMS" as AccountManagementEvent,
+    event: EventType.SelectedSms,
   },
   APP: {
     type: "app",
     path: PATH_DATA.ADD_MFA_METHOD_APP,
-    event: "SELECTED_APP" as AccountManagementEvent,
+    event: EventType.SelectedApp,
   },
 };
 

src/components/add-mfa-method-app/add-mfa-method-app-controller.ts

@@ -1,9 +1,9 @@
-import { Request, Response, NextFunction } from "express";
+import { NextFunction, Request, Response } from "express";
 import { HTTP_STATUS_CODES, PATH_DATA } from "../../app.constants";
 import { addMfaMethod, verifyMfaCode } from "../../utils/mfa";
 import assert from "node:assert";
 import { formatValidationError } from "../../utils/validation";
-import { getNextState } from "../../utils/state-machine";
+import { EventType, getNextState } from "../../utils/state-machine";
 import { renderMfaMethodPage } from "../common/mfa";
 
 const ADD_MFA_METHOD_AUTH_APP_TEMPLATE = "add-mfa-method-app/index.njk";
@@ -93,9 +93,8 @@ export async function addMfaAppMethodPost(
 
     req.session.user.state.addMfaMethod = getNextState(
       req.session.user.state.addMfaMethod.value,
-      "VALUE_UPDATED"
+      EventType.ValueUpdated
     );
-
     return res.redirect(PATH_DATA.ADD_MFA_METHOD_APP_CONFIRMATION.url);
   } catch (e) {
     req.log.error(e);

src/components/add-mfa-method-app/tests/add-mfa-methods-app-controller.test.ts

@@ -91,7 +91,7 @@ describe("addMfaAppMethodPost", () => {
         user: {
           email: "test@test.com",
           tokens: { accessToken: "token" },
-          state: { addMfaMethod: ["VALUE_UPDATED"] },
+          state: { addMfaMethod: { value: "APP" } },
         },
       },
       log: { error: sinon.fake() },

src/components/add-mfa-method/tests/add-mfa-methods-controller.test.ts

@@ -9,6 +9,7 @@ import {
   addMfaMethodGet,
 } from "../add-mfa-methods-controller";
 import { PATH_DATA } from "../../../app.constants";
+import { EventType } from "../../../utils/state-machine";
 
 describe("addMfaMethodGet", () => {
   let sandbox: sinon.SinonSandbox;
@@ -20,10 +21,13 @@ describe("addMfaMethodGet", () => {
 
     req = {
       body: {},
-      session: { user: { state: { addMfaMethod: ["AUTHENTICATED"] } } } as any,
+      session: {
+        user: { state: { addMfaMethod: { value: EventType.Authenticated } } },
+      } as any,
       cookies: { lng: "en" },
       i18n: { language: "en" },
       t: sandbox.fake(),
+      log: { error: sandbox.fake() },
     };
     res = {
       render: sandbox.fake(),
@@ -70,7 +74,9 @@ describe("addMfaMethodPost", () => {
     req = {
       body: {},
       log: { error: sandbox.fake() } as any,
-      session: { user: { state: { addMfaMethod: ["SELECT_APP"] } } } as any,
+      session: {
+        user: { state: { addMfaMethod: { value: "SMS" } } },
+      } as any,
     };
     res = {
       status: sandbox.fake(),

src/components/change-authenticator-app/change-authenticator-app-controller.ts

@@ -3,7 +3,7 @@ import { PATH_DATA } from "../../app.constants";
 import { ExpressRouteFunc } from "../../types";
 import { ChangeAuthenticatorAppServiceInterface } from "./types";
 import { changeAuthenticatorAppService } from "./change-authenticator-app-service";
-import { getNextState } from "../../utils/state-machine";
+import { EventType, getNextState } from "../../utils/state-machine";
 import { formatValidationError } from "../../utils/validation";
 import { verifyMfaCode } from "../../utils/mfa";
 import assert from "node:assert";
@@ -89,7 +89,7 @@ export function changeAuthenticatorAppPost(
 
       req.session.user.state.changeAuthenticatorApp = getNextState(
         req.session.user.state.changeAuthenticatorApp.value,
-        "VALUE_UPDATED"
+        EventType.ValueUpdated
       );
 
       return res.redirect(PATH_DATA.AUTHENTICATOR_APP_UPDATED_CONFIRMATION.url);

src/components/change-authenticator-app/tests/change-authenticator-app-controller.test.ts

@@ -142,6 +142,7 @@ describe("change authenticator app controller", () => {
         updateAuthenticatorApp: sandbox.fake.resolves(true),
       };
       req.session.user.tokens = { accessToken: "token" } as any;
+      req.session.user.state.changeAuthenticatorApp.value = "CHANGE_VALUE";
       req.session.mfaMethods = [
         {
           mfaIdentifier: 111111,

src/components/change-email/change-email-controller.ts

@@ -1,7 +1,7 @@
 import { Request, Response } from "express";
 import { PATH_DATA } from "../../app.constants";
 import { ExpressRouteFunc } from "../../types";
-import { getNextState } from "../../utils/state-machine";
+import { EventType, getNextState } from "../../utils/state-machine";
 import {
   formatValidationError,
   renderBadRequest,
@@ -54,7 +54,7 @@ export function changeEmailPost(
 
       req.session.user.state.changeEmail = getNextState(
         req.session.user.state.changeEmail.value,
-        "VERIFY_CODE_SENT"
+        EventType.VerifyCodeSent
       );
 
       return res.redirect(PATH_DATA.CHECK_YOUR_EMAIL.url);

src/components/change-email/tests/change-email-service.test.ts

@@ -19,7 +19,7 @@ describe("changeEmailService", () => {
   });
   afterEach(() => {
     sandbox.restore();
-    nock.cleanAll;
+    nock.cleanAll();
   });
 
   it("send Code verification Notification", async () => {

src/components/change-password/change-password-controller.ts

@@ -3,7 +3,7 @@ import { ExpressRouteFunc } from "../../types";
 import { PATH_DATA, ERROR_CODES } from "../../app.constants";
 import { ChangePasswordServiceInterface } from "./types";
 import { changePasswordService } from "./change-password-service";
-import { getNextState } from "../../utils/state-machine";
+import { EventType, getNextState } from "../../utils/state-machine";
 import {
   renderBadRequest,
   formatValidationError,
@@ -41,7 +41,7 @@ export function changePasswordPost(
     if (response.success) {
       req.session.user.state.changePassword = getNextState(
         req.session.user.state.changePassword.value,
-        "VALUE_UPDATED"
+        EventType.ValueUpdated
       );
 
       return res.redirect(PATH_DATA.PASSWORD_UPDATED_CONFIRMATION.url);

src/components/change-password/tests/change-password-controller.test.ts

@@ -76,6 +76,7 @@ describe("change password controller", () => {
     it("should redirect to /password-updated-confirmation page", async () => {
       // Arrange
       req.session.user.tokens = { accessToken: "token" } as any;
+      req.session.user.state.changePassword.value = "CHANGE_VALUE";
       req.body.password = "Password1";
 
       // Act

src/components/change-phone-number/change-phone-number-controller.ts

@@ -3,7 +3,7 @@ import { ERROR_CODES, PATH_DATA } from "../../app.constants";
 import { ExpressRouteFunc } from "../../types";
 import { ChangePhoneNumberServiceInterface } from "./types";
 import { changePhoneNumberService } from "./change-phone-number-service";
-import { getNextState } from "../../utils/state-machine";
+import { EventType, getNextState } from "../../utils/state-machine";
 import {
   formatValidationError,
   renderBadRequest,
@@ -53,7 +53,7 @@ export function changePhoneNumberPost(
 
       req.session.user.state.changePhoneNumber = getNextState(
         req.session.user.state.changePhoneNumber.value,
-        "VERIFY_CODE_SENT"
+        EventType.VerifyCodeSent
       );
 
       return res.redirect(PATH_DATA.CHECK_YOUR_PHONE.url);

src/components/change-phone-number/tests/change-phone-number-controller.test.ts

@@ -68,6 +68,7 @@ describe("change phone number controller", () => {
         }),
       };
       req.body.phoneNumber = "12345678991";
+      req.session.user.state.changePhoneNumber.value = "CHANGE_VALUE";
 
       // Act
       await changePhoneNumberPost(fakeService)(req as Request, res as Response);
@@ -163,7 +164,7 @@ describe("change phone number controller", () => {
         }),
       };
       req.body.phoneNumber = "+33645453322";
-
+      req.session.user.state.changePhoneNumber.value = "CHANGE_VALUE";
       // Act
       await changePhoneNumberPost(fakeService)(req as Request, res as Response);