AUT-4248: call sendMfaCode with retrieved activeMfaMethod

- Retrieve and set activeMfaMethodId to that of default mfa method

wip to squash

Author: alhcomer

src/components/reset-password-2fa-sms/reset-password-2fa-sms-controller.ts

@@ -63,6 +63,7 @@ export function resetPassword2FASmsGet(
       false,
       xss(req.cookies.lng as string),
       req,
+      req.session.user.activeMfaMethodId,
       JOURNEY_TYPE.PASSWORD_RESET_MFA
     );
 

src/components/reset-password-2fa-sms/tests/reset-password-2fa-sms-controller.test.ts

@@ -18,8 +18,9 @@ import { createMockRequest } from "../../../../test/helpers/mock-request-helper.
 import { buildMfaMethods } from "../../../../test/helpers/mfa-helper.js";
 
 const TEST_REDACTED_PHONE_NUMBER = "777";
+const TEST_ACTIVE_MFA_METHOD_ID = "active-mfa-method-id";
 
-describe("reset password 2fa auth app controller", () => {
+describe("reset password 2fa SMS controller", () => {
   let req: RequestOutput;
   let res: ResponseOutput;
 
@@ -34,21 +35,34 @@ describe("reset password 2fa auth app controller", () => {
   });
 
   describe("resetPassword2FASmsGet", () => {
-    it("should render reset password auth app view", async () => {
+    it("should render reset password SMS view", async () => {
       const fakeService: MfaServiceInterface = {
         sendMfaCode: sinon.fake.returns({
           success: true,
         }),
       } as unknown as MfaServiceInterface;
       req.session.user = {
         email: "joe.bloggs@test.com",
+        activeMfaMethodId: "active-mfa-method-id",
       };
 
       await resetPassword2FASmsGet(fakeService)(
         req as Request,
         res as Response
       );
 
+      expect(fakeService.sendMfaCode).to.have.been.calledOnceWithExactly(
+        sinon.match.any,
+        sinon.match.any,
+        sinon.match.any,
+        sinon.match.any,
+        sinon.match.any,
+        sinon.match.any,
+        sinon.match.any,
+        TEST_ACTIVE_MFA_METHOD_ID,
+        sinon.match.any
+      );
+
       expect(res.render).to.have.calledWith("reset-password-2fa-sms/index.njk");
     });
 

src/components/reset-password-check-email/reset-password-check-email-controller.ts

@@ -1,5 +1,6 @@
 import type { Request, Response } from "express";
-import type { ExpressRouteFunc } from "../../types.js";
+import type { ExpressRouteFunc, MfaMethod } from "../../types.js";
+import { MfaMethodPriority } from "../../types.js";
 import type { ResetPasswordCheckEmailServiceInterface } from "./types.js";
 import { resetPasswordCheckEmailService } from "./reset-password-check-email-service.js";
 import { BadRequestError } from "../../utils/error.js";
@@ -51,6 +52,9 @@ export function resetPasswordCheckEmailGet(
     }
 
     if (result.success) {
+      req.session.user.activeMfaMethodId = result.data.mfaMethods.find(
+        (method: MfaMethod) => method.priority === MfaMethodPriority.DEFAULT
+      )?.id;
       req.session.user.mfaMethods = result.data.mfaMethods;
 
       req.session.user.enterEmailMfaType = result.data.mfaMethodType;

src/components/reset-password-check-email/tests/reset-password-check-email-controller.test.ts

@@ -26,6 +26,8 @@ import type { PartialMfaMethod } from "../../../../test/helpers/mfa-helper.js";
 import { buildMfaMethods } from "../../../../test/helpers/mfa-helper.js";
 import type { MfaMethod } from "../../../types.js";
 
+const TEST_DEFAULT_MFA_METHOD_ID = "TEST_DEFAULT_MFA_METHOD_ID";
+
 describe("reset password check email controller", () => {
   let req: RequestOutput;
   let res: ResponseOutput;
@@ -47,7 +49,7 @@ describe("reset password check email controller", () => {
   describe("resetPasswordCheckEmailGet", () => {
     it("should render reset password check email view", async () => {
       const expectedMfaMethods: MfaMethod[] = buildMfaMethods([
-        { redactedPhoneNumber: "123" },
+        { redactedPhoneNumber: "123", id: TEST_DEFAULT_MFA_METHOD_ID },
       ]);
       const fakeService: ResetPasswordCheckEmailServiceInterface = {
         resetPasswordRequest: sinon.fake.returns({
@@ -67,6 +69,9 @@ describe("reset password check email controller", () => {
 
       expect(req.session.user.enterEmailMfaType).to.eq("SMS");
       expect(req.session.user.mfaMethods).to.deep.eq(expectedMfaMethods);
+      expect(req.session.user.activeMfaMethodId).to.equal(
+        TEST_DEFAULT_MFA_METHOD_ID
+      );
       expect(
         getDefaultSmsMfaMethod(req.session.user.mfaMethods).redactedPhoneNumber
       ).to.eq("123");

src/components/reset-password-check-email/tests/reset-password-check-email-integration.test.ts

@@ -11,6 +11,7 @@ import { ERROR_CODES } from "../../common/constants.js";
 import type { NextFunction, Request, Response } from "express";
 import { getPermittedJourneyForPath } from "../../../../test/helpers/session-helper.js";
 import esmock from "esmock";
+import { buildMfaMethods } from "../../../../test/helpers/mfa-helper.js";
 
 describe("Integration::reset password check email ", () => {
   let app: any;
@@ -50,7 +51,10 @@ describe("Integration::reset password check email ", () => {
     app = await createApp();
     baseApi = process.env.FRONTEND_API_BASE_URL;
 
-    nock(baseApi).post(API_ENDPOINTS.RESET_PASSWORD_REQUEST).once().reply(204);
+    nock(baseApi)
+      .post(API_ENDPOINTS.RESET_PASSWORD_REQUEST)
+      .once()
+      .reply(200, { mfaMethods: [] });
 
     await request(
       app,
@@ -73,7 +77,15 @@ describe("Integration::reset password check email ", () => {
   });
 
   it("should return reset password check email page", async () => {
-    nock(baseApi).post(API_ENDPOINTS.RESET_PASSWORD_REQUEST).once().reply(200);
+    nock(baseApi)
+      .post(API_ENDPOINTS.RESET_PASSWORD_REQUEST)
+      .once()
+      .reply(200, {
+        mfaMethods: buildMfaMethods({
+          redactedPhoneNumber: "123",
+          id: "test-id",
+        }),
+      });
     await request(app, (test) =>
       test.get(PATH_NAMES.RESET_PASSWORD_CHECK_EMAIL).expect(200)
     );