Merge pull request #2794 from govuk-one-login/AUT-4248/check-your-phone-sms-sms

Aut 4248/check your phone sms sms

Author: alhcomer

src/components/common/mfa/mfa-service.ts

@@ -19,6 +19,7 @@ export function mfaService(axios: Http = http): MfaServiceInterface {
     isResendCodeRequest: boolean,
     userLanguage: string,
     req: Request,
+    mfaMethodId: string,
     journeyType?: JOURNEY_TYPE
   ): Promise<ApiResponseResult<DefaultApiResponse>> {
     const response = await axios.client.post<DefaultApiResponse>(
@@ -27,6 +28,7 @@ export function mfaService(axios: Http = http): MfaServiceInterface {
         email: emailAddress,
         isResendCodeRequest,
         journeyType,
+        mfaMethodId,
       },
       getInternalRequestConfigWithSecurityHeaders(
         {

src/components/common/mfa/send-mfa-controller.ts

@@ -69,7 +69,7 @@ export function sendMfaGeneric(
   mfaCodeService: MfaServiceInterface
 ): ExpressRouteFunc {
   return async function (req: Request, res: Response) {
-    const { email } = req.session.user;
+    const { email, activeMfaMethodId } = req.session.user;
     const { sessionId, clientSessionId, persistentSessionId } = res.locals;
     const isResendCodeRequest: boolean = req.body.isResendCodeRequest;
 
@@ -81,6 +81,7 @@ export function sendMfaGeneric(
       isResendCodeRequest,
       xss(req.cookies.lng as string),
       req,
+      activeMfaMethodId,
       getJourneyTypeFromUserSession(req.session.user, {
         includeReauthentication: true,
       })

src/components/common/mfa/tests/mfa-service.test.ts

@@ -49,14 +49,15 @@ describe("mfa service", () => {
     const userLanguage = "cy";
     const journeyType = JOURNEY_TYPE.SIGN_IN;
     const isResendCodeRequest = true;
+    const mfaMethodId = "9b1deb4d-3b7d-4bad-9bdd-2b0d7a3a03d7";
 
     const expectedApiCallDetails = {
       expectedPath: API_ENDPOINTS.MFA,
       expectedHeaders: {
         ...expectedHeadersFromCommonVarsWithSecurityHeaders,
         "User-Language": userLanguage,
       },
-      expectedBody: { email, isResendCodeRequest, journeyType },
+      expectedBody: { email, isResendCodeRequest, journeyType, mfaMethodId },
     };
 
     const result = await service.sendMfaCode(
@@ -67,6 +68,7 @@ describe("mfa service", () => {
       isResendCodeRequest,
       userLanguage,
       req,
+      mfaMethodId,
       journeyType
     );
 

src/components/common/mfa/tests/send-mfa-controller.test.ts

@@ -12,7 +12,7 @@ import * as journey from "../../journey/journey.js";
 import { createMockRequest } from "../../../../../test/helpers/mock-request-helper.js";
 import esmock from "esmock";
 import type { SinonSpy } from "sinon";
-import type { ExpressRouteFunc } from "../../../../types";
+import type { ExpressRouteFunc } from "../../../../types.js";
 
 describe("send mfa controller", () => {
   let req: RequestOutput;
@@ -47,7 +47,7 @@ describe("send mfa controller", () => {
   });
 
   describe("sendMfaGeneric", () => {
-    it("can send the journeyType when requesting the code", async () => {
+    it("can send the journeyType and activeMfaMethodId when requesting the code", async () => {
       const fakeService: MfaServiceInterface = {
         sendMfaCode: sinon.fake.returns({
           success: true,
@@ -58,6 +58,7 @@ describe("send mfa controller", () => {
       req.session.user = {
         email: "test@test.com",
         reauthenticate: "test_data",
+        activeMfaMethodId: "active_mfa_method_id",
       };
       req.path = PATH_NAMES.RESEND_MFA_CODE;
 
@@ -79,6 +80,7 @@ describe("send mfa controller", () => {
         sinon.match.any,
         sinon.match.any,
         sinon.match.any,
+        "active_mfa_method_id",
         JOURNEY_TYPE.REAUTHENTICATION
       );
     });
@@ -122,6 +124,7 @@ describe("send mfa controller", () => {
         sinon.match.any,
         sinon.match.any,
         sinon.match.any,
+        sinon.match.any,
         undefined
       );
     });
@@ -165,6 +168,7 @@ describe("send mfa controller", () => {
         sinon.match.any,
         sinon.match.any,
         sinon.match.any,
+        sinon.match.any,
         JOURNEY_TYPE.REAUTHENTICATION
       );
     });

src/components/common/mfa/types.ts

@@ -11,6 +11,7 @@ export interface MfaServiceInterface {
     isResendCodeRequest: boolean,
     userLanguage: string,
     req: Request,
+    mfaMethodId: string,
     journeyType?: JOURNEY_TYPE
   ) => Promise<ApiResponseResult<DefaultApiResponse>>;
 }

src/components/common/state-machine/state-machine.ts

@@ -59,6 +59,7 @@ const USER_JOURNEY_EVENTS = {
   IPV_REVERIFICATION_FAILED_OR_DID_NOT_MATCH:
     "IPV_REVERIFICATION_FAILED_OR_DID_NOT_MATCH",
   MFA_RESET_ATTEMPTED_VIA_AUTH_APP: "MFA_RESET_ATTEMPTED_VIA_AUTH_APP",
+  SELECT_SMS_MFA_METHOD: "CHANGE_MFA",
   SELECT_AUTH_APP_MFA_METHOD: "SELECT_AUTH_APP_MFA_METHOD",
 };
 
@@ -737,6 +738,7 @@ const authStateMachine = createMachine(
           [USER_JOURNEY_EVENTS.SELECT_AUTH_APP_MFA_METHOD]: [
             PATH_NAMES.ENTER_AUTHENTICATOR_APP_CODE,
           ],
+          [USER_JOURNEY_EVENTS.SELECT_SMS_MFA_METHOD]: [PATH_NAMES.ENTER_MFA],
         },
       },
     },

src/components/common/verify-code/tests/verify-code-service.test.ts

@@ -50,6 +50,7 @@ describe("verify code service", () => {
     const code = "1234";
     const notificationType = NOTIFICATION_TYPE.VERIFY_EMAIL;
     const journeyType = JOURNEY_TYPE.SIGN_IN;
+    const mfaMethodId = "9b1deb4d-3b7d-4bad-9bdd-2b0d7a3a03d7";
 
     const result = await service.verifyCode(
       sessionId,
@@ -58,13 +59,14 @@ describe("verify code service", () => {
       clientSessionId,
       diPersistentSessionId,
       req,
+      mfaMethodId,
       journeyType
     );
 
     const expectedApiCallDetails = {
       expectedPath: API_ENDPOINTS.VERIFY_CODE,
       expectedHeaders: expectedHeadersFromCommonVarsWithSecurityHeaders,
-      expectedBody: { code, notificationType, journeyType },
+      expectedBody: { code, notificationType, journeyType, mfaMethodId },
     };
 
     checkApiCallMadeWithExpectedBodyAndHeaders(

src/components/common/verify-code/types.ts

@@ -10,6 +10,7 @@ export interface VerifyCodeInterface {
     clientSessionId: string,
     persistentSessionId: string,
     req: Request,
+    mfaMethodId: string,
     journeyType: JOURNEY_TYPE
   ) => Promise<ApiResponseResult<DefaultApiResponse>>;
 }

src/components/common/verify-code/verify-code-controller.ts

@@ -49,6 +49,7 @@ export function verifyCodePost(
       clientSessionId,
       persistentSessionId,
       req,
+      req.session.user.activeMfaMethodId,
       options.journeyType
     );
 

src/components/common/verify-code/verify-code-service.ts

@@ -17,6 +17,7 @@ export function codeService(axios: Http = http): VerifyCodeInterface {
     clientSessionId: string,
     persistentSessionId: string,
     req: Request,
+    mfaMethodId: string,
     journeyType?: string
   ): Promise<ApiResponseResult<DefaultApiResponse>> {
     const response = await axios.client.post<DefaultApiResponse>(
@@ -25,6 +26,7 @@ export function codeService(axios: Http = http): VerifyCodeInterface {
         code,
         notificationType,
         journeyType,
+        mfaMethodId,
       },
       getInternalRequestConfigWithSecurityHeaders(
         {