OLH-1849 Call the new API when a user adds a phone number as a backup…

… MFA method
govuk-one-login · Jun 21, 2024 · b9a6e90 · b9a6e90
1 parent cb2812a
commit b9a6e90
Show file tree

Hide file tree

Showing 17 changed files with 205 additions and 90 deletions.
diff --git a/deploy/template.yaml b/deploy/template.yaml
@@ -166,7 +166,7 @@ Mappings:
       GOOGLEANALYTICS4GTMCONTAINERID: "GTM-KD86CMZ"
       GA4DISABLED: "false"
       UADISABLED: "false"
-      SUPPORTADDBACKUPMFA: "0"
+      SUPPORTADDBACKUPMFA: "1"
       SUPPORTCHANGEMFA: "1"
       ACCESSIBILITYSTATEMENTURL: "https://signin.account.gov.uk/accessibility-statement"
       LANGUAGETOGGLE: "1"

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,4 +1,3 @@
-version: "3.8"
 services:
   localstack:
     container_name: localstack
@@ -64,6 +63,7 @@ services:
       - ENVIRONMENT=${ENVIRONMENT}
       - VERIFY_ACCESS_VALUE=${VERIFY_ACCESS_VALUE}
       - METHOD_MANAGEMENT_BASE_URL=${METHOD_MANAGEMENT_BASE_URL}
+      - SUPPORT_ADD_BACKUP_MFA=${SUPPORT_ADD_BACKUP_MFA}
       - SUPPORT_METHOD_MANAGEMENT=${SUPPORT_METHOD_MANAGEMENT}
       - SUPPORT_CHANGE_MFA=${SUPPORT_CHANGE_MFA}
       - ACCESSIBILITY_STATEMENT_URL=${ACCESSIBILITY_STATEMENT_URL}

diff --git a/local.Dockerfile b/local.Dockerfile
@@ -8,4 +8,4 @@ WORKDIR /app
 
 EXPOSE $PORT
 
-CMD npm install && npm run copy-assets && npm run dev
+CMD npm install && npm run copy-assets && npm run build-js:analytics && npm run dev
diff --git a/src/components/add-mfa-method-app/add-mfa-method-app-controller.ts b/src/components/add-mfa-method-app/add-mfa-method-app-controller.ts
@@ -5,6 +5,7 @@ import assert from "node:assert";
 import { formatValidationError } from "../../utils/validation";
 import { EventType, getNextState } from "../../utils/state-machine";
 import { renderMfaMethodPage } from "../common/mfa";
+import { getTxmaHeader } from "../../utils/txma-header";
 
 const ADD_MFA_METHOD_AUTH_APP_TEMPLATE = "add-mfa-method-app/index.njk";
 
@@ -67,19 +68,26 @@ export async function addMfaAppMethodPost(
       );
     }
 
-    const { status } = await addMfaMethod({
-      email: req.session.user.email,
-      otp: code,
-      credential: authAppSecret,
-      mfaMethod: {
-        priorityIdentifier: "SECONDARY",
-        mfaMethodType: "AUTH_APP",
+    const { status } = await addMfaMethod(
+      {
+        email: req.session.user.email,
+        otp: code,
+        credential: authAppSecret,
+        mfaMethod: {
+          priorityIdentifier: "SECONDARY",
+          mfaMethodType: "AUTH_APP",
+        },
       },
-      accessToken: req.session.user.tokens.accessToken,
-      sourceIp: req.ip,
-      sessionId: req.session.id,
-      persistentSessionId: res.locals.persistentSessionId,
-    });
+      {
+        accessToken: req.session.user.tokens.accessToken,
+        sourceIp: req.ip,
+        sessionId: req.session.id,
+        persistentSessionId: res.locals.persistentSessionId,
+        userLanguage: req.cookies.lng as string,
+        clientSessionId: res.locals.clientSessionId,
+        txmaAuditEncoded: getTxmaHeader(req, res.locals.trace),
+      }
+    );
 
     if (status !== HTTP_STATUS_CODES.OK) {
       throw Error(`Failed to add MFA method, response status: ${status}`);

diff --git a/src/components/add-mfa-method-app/tests/add-mfa-methods-app-controller.test.ts b/src/components/add-mfa-method-app/tests/add-mfa-methods-app-controller.test.ts
@@ -83,6 +83,9 @@ describe("addMfaAppMethodPost", () => {
 
   it("should redirect to add mfa app confirmation page", async () => {
     const req = {
+      headers: {
+        "txma-audit-encoded": "txma-audit-encoded",
+      },
       body: {
         code: "123456",
         authAppSecret: "A".repeat(20),
@@ -98,10 +101,15 @@ describe("addMfaAppMethodPost", () => {
       log: { error: sinon.fake() },
       ip: "127.0.0.1",
       t: (t: string) => t,
+      cookies: {
+        lng: "en",
+      },
     };
     const res = {
       locals: {
         persistentSessionId: "persistentSessionId",
+        clientSessionId: "clientSessionId",
+        trace: "trace",
       },
       redirect: sandbox.fake(() => {}),
     };
@@ -132,16 +140,26 @@ describe("addMfaAppMethodPost", () => {
       next
     );
 
-    expect(addMfaMethod).to.have.been.calledWith({
-      email: "test@test.com",
-      otp: "123456",
-      credential: "AAAAAAAAAAAAAAAAAAAA",
-      mfaMethod: { priorityIdentifier: "SECONDARY", mfaMethodType: "AUTH_APP" },
-      accessToken: "token",
-      sourceIp: "127.0.0.1",
-      sessionId: "session_id",
-      persistentSessionId: "persistentSessionId",
-    });
+    expect(addMfaMethod).to.have.been.calledWith(
+      {
+        email: "test@test.com",
+        otp: "123456",
+        credential: "AAAAAAAAAAAAAAAAAAAA",
+        mfaMethod: {
+          priorityIdentifier: "SECONDARY",
+          mfaMethodType: "AUTH_APP",
+        },
+      },
+      {
+        accessToken: "token",
+        sourceIp: "127.0.0.1",
+        sessionId: "session_id",
+        persistentSessionId: "persistentSessionId",
+        userLanguage: "en",
+        clientSessionId: "clientSessionId",
+        txmaAuditEncoded: "txma-audit-encoded",
+      }
+    );
 
     expect(res.redirect).to.have.been.calledWith(
       PATH_DATA.ADD_MFA_METHOD_APP_CONFIRMATION.url

diff --git a/src/components/add-mfa-method-sms/add-mfa-method-sms-controller.ts b/src/components/add-mfa-method-sms/add-mfa-method-sms-controller.ts
@@ -1,35 +1,87 @@
 import { Request, Response } from "express";
-import { PATH_DATA } from "../../app.constants";
+import { ERROR_CODES, PATH_DATA } from "../../app.constants";
 import {
   convertInternationalPhoneNumberToE164Format,
   getLastNDigits,
 } from "../../utils/phone-number";
 import { EventType, getNextState } from "../../utils/state-machine";
+import xss from "xss";
+import { getTxmaHeader } from "../../utils/txma-header";
+import { ChangePhoneNumberServiceInterface } from "../change-phone-number/types";
+import { changePhoneNumberService } from "../change-phone-number/change-phone-number-service";
+import {
+  formatValidationError,
+  renderBadRequest,
+} from "../../utils/validation";
+import { BadRequestError } from "../../utils/errors";
+
+const CHANGE_PHONE_NUMBER_TEMPLATE = "add-mfa-method-sms/index.njk";
 
 export async function addMfaSmsMethodGet(
   req: Request,
   res: Response
 ): Promise<void> {
   res.render("add-mfa-method-sms/index.njk");
 }
+export function addMfaSmsMethodPost(
+  service: ChangePhoneNumberServiceInterface = changePhoneNumberService()
+) {
+  return async function (req: Request, res: Response): Promise<void> {
+    const { email } = req.session.user;
+    const { accessToken } = req.session.user.tokens;
+    const hasInternationalPhoneNumber = req.body.hasInternationalPhoneNumber;
+    let newPhoneNumber;
 
-export async function addMfaSmsMethodPost(
-  req: Request,
-  res: Response
-): Promise<void> {
-  //TODO do something with this
-  req.session.user.state.changePhoneNumber = getNextState(
-    req.session.user.state.addMfaMethod.value,
-    EventType.VerifyCodeSent
-  );
-
-  req.session.user.newPhoneNumber = req.body.hasInternationalPhoneNumber
-    ? convertInternationalPhoneNumberToE164Format(
+    if (hasInternationalPhoneNumber === "true") {
+      newPhoneNumber = convertInternationalPhoneNumberToE164Format(
         req.body.internationalPhoneNumber
-      )
-    : req.body.ukPhoneNumber;
+      );
+    } else {
+      newPhoneNumber = req.body.ukPhoneNumber;
+    }
+
+    const response = await service.sendPhoneVerificationNotification(
+      accessToken,
+      email,
+      newPhoneNumber,
+      req.ip,
+      res.locals.sessionId,
+      res.locals.persistentSessionId,
+      xss(req.cookies.lng as string),
+      res.locals.clientSessionId,
+      getTxmaHeader(req, res.locals.trace)
+    );
+
+    if (response.success) {
+      req.session.user.newPhoneNumber = newPhoneNumber;
+
+      req.session.user.state.changePhoneNumber = getNextState(
+        req.session.user.state.addMfaMethod.value,
+        EventType.VerifyCodeSent
+      );
+
+      return res.redirect(
+        `${PATH_DATA.CHECK_YOUR_PHONE.url}?intent=addMfaMethod`
+      );
+    }
+
+    if (response.code === ERROR_CODES.NEW_PHONE_NUMBER_SAME_AS_EXISTING) {
+      const href: string =
+        hasInternationalPhoneNumber && hasInternationalPhoneNumber === "true"
+          ? "internationalPhoneNumber"
+          : "phoneNumber";
 
-  res.redirect(`${PATH_DATA.CHECK_YOUR_PHONE.url}?intent=addMfaMethod`);
+      const error = formatValidationError(
+        href,
+        req.t(
+          "pages.changePhoneNumber.ukPhoneNumber.validationError.samePhoneNumber"
+        )
+      );
+      return renderBadRequest(res, req, CHANGE_PHONE_NUMBER_TEMPLATE, error);
+    } else {
+      throw new BadRequestError(response.message, response.code);
+    }
+  };
 }
 
 export async function addMfaAppMethodConfirmationGet(

diff --git a/src/components/add-mfa-method-sms/add-mfa-method-sms-routes.ts b/src/components/add-mfa-method-sms/add-mfa-method-sms-routes.ts
@@ -7,6 +7,7 @@ import {
   addMfaSmsMethodGet,
   addMfaSmsMethodPost,
 } from "./add-mfa-method-sms-controller";
+import { asyncHandler } from "../../utils/async";
 
 const router = express.Router();
 
@@ -21,7 +22,7 @@ router.post(
   PATH_DATA.ADD_MFA_METHOD_SMS.url,
   requiresAuthMiddleware,
   validateStateMiddleware,
-  addMfaSmsMethodPost
+  asyncHandler(addMfaSmsMethodPost())
 );
 
 router.get(

diff --git a/src/components/add-mfa-method-sms/tests/add-mfa-method-sms-controller.test.ts b/src/components/add-mfa-method-sms/tests/add-mfa-method-sms-controller.test.ts
@@ -9,6 +9,7 @@ import {
 } from "../../../../test/utils/builders";
 import { addMfaSmsMethodPost } from "../add-mfa-method-sms-controller";
 import { PATH_DATA } from "../../../app.constants";
+import { ChangePhoneNumberServiceInterface } from "../../change-phone-number/types";
 
 describe("add sms mfa method controller", () => {
   let sandbox: sinon.SinonSandbox;
@@ -37,9 +38,14 @@ describe("add sms mfa method controller", () => {
     sandbox.restore();
   });
 
-  it("should redirect the user to the check phone page", () => {
+  it("should redirect the user to the check phone page", async () => {
+    const fakeService: ChangePhoneNumberServiceInterface = {
+      sendPhoneVerificationNotification: sandbox.fake.resolves({
+        success: true,
+      }),
+    };
     req.body.ukPhoneNumber = "1234";
-    addMfaSmsMethodPost(req as Request, res as Response);
+    await addMfaSmsMethodPost(fakeService)(req as Request, res as Response);
     expect(redirect).to.be.calledWith(
       `${PATH_DATA.CHECK_YOUR_PHONE.url}?intent=addMfaMethod`
     );

diff --git a/src/components/check-your-phone/check-your-phone-controller.ts b/src/components/check-your-phone/check-your-phone-controller.ts
@@ -56,8 +56,26 @@ export function checkYourPhonePost(
           throw Error(`No existing MFA method for: ${email}`);
         }
       } else if (intent === "addMfaMethod") {
-        // TODO add MFA method here
-        isPhoneNumberUpdated = true;
+        const smsMFAMethod: MfaMethod = req.session.mfaMethods.find(
+          (mfa) => mfa.priorityIdentifier === "PRIMARY"
+        );
+        if (smsMFAMethod) {
+          smsMFAMethod.endPoint = newPhoneNumber;
+          updateInput.credential = "";
+          updateInput.mfaMethod = {
+            ...smsMFAMethod,
+            mfaIdentifier: smsMFAMethod.mfaIdentifier + 1,
+            priorityIdentifier: "SECONDARY",
+            mfaMethodType:
+              smsMFAMethod.mfaMethodType === "SMS" ? "AUTH_APP" : "SMS",
+            endPoint: newPhoneNumber,
+            methodVerified: true,
+          };
+          isPhoneNumberUpdated = await service.addMfaMethodService(
+            updateInput,
+            sessionDetails
+          );
+        }
       } else {
         throw Error(`Unknown phone verification intent ${intent}`);
       }

diff --git a/src/components/check-your-phone/check-your-phone-service.ts b/src/components/check-your-phone/check-your-phone-service.ts
@@ -5,7 +5,7 @@ import {
   UpdateInformationInput,
   UpdateInformationSessionValues,
 } from "../../utils/types";
-import { updateMfaMethod } from "../../utils/mfa";
+import { createOrUpdateMfaMethod, updateMfaMethod } from "../../utils/mfa";
 
 export function checkYourPhoneService(
   axios: Http = http
@@ -41,8 +41,16 @@ export function checkYourPhoneService(
     return updateMfaMethod(updateInput, sessionDetails);
   };
 
+  const addMfaMethodService = async function (
+    updateInput: UpdateInformationInput,
+    sessionDetails: UpdateInformationSessionValues
+  ): Promise<boolean> {
+    return createOrUpdateMfaMethod(updateInput, sessionDetails);
+  };
+
   return {
     updatePhoneNumber,
     updatePhoneNumberWithMfaApi,
+    addMfaMethodService,
   };
 }
diff --git a/src/components/check-your-phone/tests/check-your-phone-controller.test.ts b/src/components/check-your-phone/tests/check-your-phone-controller.test.ts
@@ -64,6 +64,7 @@ describe("check your phone controller", () => {
       const fakeService: CheckYourPhoneServiceInterface = {
         updatePhoneNumber: sandbox.fake.resolves(true),
         updatePhoneNumberWithMfaApi: sandbox.fake.resolves(true),
+        addMfaMethodService: sandbox.fake.resolves(true),
       };
 
       req.session.user.tokens = { accessToken: "token" } as any;
@@ -82,6 +83,7 @@ describe("check your phone controller", () => {
       const fakeService: CheckYourPhoneServiceInterface = {
         updatePhoneNumber: sandbox.fake.resolves(false),
         updatePhoneNumberWithMfaApi: sandbox.fake.resolves(false),
+        addMfaMethodService: sandbox.fake.resolves(false),
       };
 
       req.session.user.tokens = { accessToken: "token" } as any;
@@ -102,6 +104,7 @@ describe("check your phone controller", () => {
       const fakeService: CheckYourPhoneServiceInterface = {
         updatePhoneNumber: sandbox.fake.resolves(true),
         updatePhoneNumberWithMfaApi: sandbox.fake.resolves(true),
+        addMfaMethodService: sandbox.fake.resolves(true),
       };
 
       req.session.user.tokens = { accessToken: "token" } as any;

diff --git a/src/components/check-your-phone/types.ts b/src/components/check-your-phone/types.ts
@@ -13,4 +13,9 @@ export interface CheckYourPhoneServiceInterface {
     updateInput: UpdateInformationInput,
     sessionDetails: UpdateInformationSessionValues
   ) => Promise<boolean>;
+
+  addMfaMethodService: (
+    updateInput: UpdateInformationInput,
+    sessionDetails: UpdateInformationSessionValues
+  ) => Promise<boolean>;
 }
diff --git a/src/components/common/layout/base.njk b/src/components/common/layout/base.njk
@@ -55,7 +55,7 @@
             url: currentUrl,
             activeLanguage: htmlLang,
             languages: [
-            { 
+            {
               code: 'en',
               text: 'English',
               visuallyHidden: 'Change to English'
@@ -67,7 +67,7 @@
             }]
           })
           }}
-        {% endif %}       
+        {% endif %}
         {% if backLink %}
           <a href="{{backLink}}" class="govuk-back-link js-back-link">
             {{ backLinkText }}

diff --git a/src/locales/en/translation.json b/src/locales/en/translation.json
@@ -259,7 +259,7 @@
       "step1": {
         "title": "Enter your new mobile phone number",
         "message": "We will send a 6 digit security code to the number you give us",
-        "uk_mobile": "UK moble phone number",
+        "uk_mobile": "UK mobile phone number",
         "no_uk_mobile": "I do not have a UK mobile number",
         "intl_mobile_phone_number": "Mobile phone number",
         "intl_mobile_phone_number_hint": "Include the country code, for example +33 for France"