From e2a6dd5ec2a818a3cf0482219dae5edc4b710afa Mon Sep 17 00:00:00 2001
From: GTVJ <gwyn.jones@digital.cabinet-office.gov.uk>
Date: Sat, 6 Jan 2024 07:03:56 +0000
Subject: [PATCH] AUT-1553: Change error screens for new journeys with block in
 place

---
 .../send-email-otp-middleware.ts                |  9 ++++++++-
 .../enter-authenticator-app-code-controller.ts  | 14 +++++++++++++-
 .../enter-email/enter-email-controller.ts       |  2 +-
 .../tests/enter-email-controller.test.ts        |  4 +++-
 .../enter-password/enter-password-controller.ts | 10 ++++++++++
 .../reset-password-check-email-controller.ts    | 17 ++++++++++++++---
 6 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/src/components/account-recovery/check-your-email-security-codes/send-email-otp-middleware.ts b/src/components/account-recovery/check-your-email-security-codes/send-email-otp-middleware.ts
index 703b5b80a..34accf5c2 100644
--- a/src/components/account-recovery/check-your-email-security-codes/send-email-otp-middleware.ts
+++ b/src/components/account-recovery/check-your-email-security-codes/send-email-otp-middleware.ts
@@ -1,7 +1,7 @@
 import { Request, Response, NextFunction } from "express";
 import { sendNotificationService } from "../../common/send-notification/send-notification-service";
 import { JOURNEY_TYPE, NOTIFICATION_TYPE } from "../../../app.constants";
-import { getErrorPathByCode } from "../../common/constants";
+import { ERROR_CODES, getErrorPathByCode } from "../../common/constants";
 import { BadRequestError } from "../../../utils/error";
 import xss from "xss";
 import { ExpressRouteFunc } from "../../../types";
@@ -33,6 +33,13 @@ export function sendEmailOtp(
       return next();
     }
 
+    if (
+      sendNotificationResponse.data?.code ===
+      ERROR_CODES.VERIFY_CHANGE_HOW_GET_SECURITY_CODES_CODE_REQUEST_BLOCKED
+    ) {
+      return res.render("security-code-error/index-wait.njk");
+    }
+
     const path = sendNotificationResponse.data?.code
       ? getErrorPathByCode(sendNotificationResponse.data.code)
       : undefined;
diff --git a/src/components/enter-authenticator-app-code/enter-authenticator-app-code-controller.ts b/src/components/enter-authenticator-app-code/enter-authenticator-app-code-controller.ts
index 736151b1b..ea1ca9fce 100644
--- a/src/components/enter-authenticator-app-code/enter-authenticator-app-code-controller.ts
+++ b/src/components/enter-authenticator-app-code/enter-authenticator-app-code-controller.ts
@@ -6,7 +6,10 @@ import {
   getNextPathAndUpdateJourney,
   pathWithQueryParam,
 } from "../common/constants";
-import { supportAccountRecovery } from "../../config";
+import {
+  getCodeEnteredWrongBlockDurationInMinutes,
+  supportAccountRecovery,
+} from "../../config";
 import { VerifyMfaCodeInterface } from "./types";
 import { AccountRecoveryInterface } from "../common/account-recovery/types";
 import { accountRecoveryService } from "../common/account-recovery/account-recovery-service";
@@ -131,6 +134,15 @@ export const enterAuthenticatorAppCodePost = (
         return renderBadRequest(res, req, template, error);
       }
 
+      if (
+        result.data.code ===
+        ERROR_CODES.AUTH_APP_INVALID_CODE_MAX_ATTEMPTS_REACHED
+      ) {
+        req.session.user.wrongCodeEnteredLock = new Date(
+          Date.now() + getCodeEnteredWrongBlockDurationInMinutes() * 60000
+        ).toUTCString();
+      }
+
       const path = getErrorPathByCode(result.data.code);
 
       if (path) {
diff --git a/src/components/enter-email/enter-email-controller.ts b/src/components/enter-email/enter-email-controller.ts
index f5d60212a..846e68610 100644
--- a/src/components/enter-email/enter-email-controller.ts
+++ b/src/components/enter-email/enter-email-controller.ts
@@ -40,7 +40,7 @@ export function enterEmailPost(
 
     if (!result.success) {
       if (result.data.code === ERROR_CODES.ACCOUNT_LOCKED) {
-        return res.redirect(getErrorPathByCode(result.data.code));
+        return res.render("enter-password/index-sign-in-retry-blocked.njk");
       }
       throw new BadRequestError(result.data.message, result.data.code);
     }
diff --git a/src/components/enter-email/tests/enter-email-controller.test.ts b/src/components/enter-email/tests/enter-email-controller.test.ts
index c049146bc..3e76f74b4 100644
--- a/src/components/enter-email/tests/enter-email-controller.test.ts
+++ b/src/components/enter-email/tests/enter-email-controller.test.ts
@@ -144,7 +144,9 @@ describe("enter email controller", () => {
 
       await enterEmailPost(fakeService)(req as Request, res as Response);
 
-      expect(res.redirect).to.have.calledWith(PATH_NAMES.ACCOUNT_LOCKED);
+      expect(res.render).to.have.calledWith(
+        "enter-password/index-sign-in-retry-blocked.njk"
+      );
       expect(fakeService.userExists).to.have.been.calledOnce;
     });
   });
diff --git a/src/components/enter-password/enter-password-controller.ts b/src/components/enter-password/enter-password-controller.ts
index 5011df176..4563b9e34 100644
--- a/src/components/enter-password/enter-password-controller.ts
+++ b/src/components/enter-password/enter-password-controller.ts
@@ -152,6 +152,16 @@ export function enterPasswordPost(
       );
 
       if (!result.success) {
+        if (result.data.code === ERROR_CODES.MFA_CODE_REQUESTS_BLOCKED) {
+          return res.render("security-code-error/index-wait.njk");
+        }
+
+        if (result.data.code === ERROR_CODES.ENTERED_INVALID_MFA_MAX_TIMES) {
+          return res.render(
+            "security-code-error/index-security-code-entered-exceeded.njk"
+          );
+        }
+
         const path = getErrorPathByCode(result.data.code);
 
         if (path) {
diff --git a/src/components/reset-password-check-email/reset-password-check-email-controller.ts b/src/components/reset-password-check-email/reset-password-check-email-controller.ts
index 69e6c7001..1c2a8f767 100644
--- a/src/components/reset-password-check-email/reset-password-check-email-controller.ts
+++ b/src/components/reset-password-check-email/reset-password-check-email-controller.ts
@@ -64,10 +64,21 @@ export function resetPasswordCheckEmailGet(
         ERROR_CODES.ENTERED_INVALID_PASSWORD_RESET_CODE_MAX_TIMES,
       ].includes(result.data.code)
     ) {
-      const errorTemplate =
+      let errorTemplate: string;
+
+      if (
         result.data.code === ERROR_CODES.RESET_PASSWORD_LINK_MAX_RETRIES_REACHED
-          ? "security-code-error/index-too-many-requests.njk"
-          : "security-code-error/index-wait.njk";
+      ) {
+        errorTemplate = "security-code-error/index-too-many-requests.njk";
+      } else if (
+        result.data.code ===
+        ERROR_CODES.ENTERED_INVALID_PASSWORD_RESET_CODE_MAX_TIMES
+      ) {
+        errorTemplate =
+          "security-code-error/index-security-code-entered-exceeded.njk";
+      } else {
+        errorTemplate = "security-code-error/index-wait.njk";
+      }
 
       return res.render(errorTemplate);
     } else {