From 2d496563c629158de1e8a511dc244638ecd21281 Mon Sep 17 00:00:00 2001
From: VladGavrilet <vlad-andrei.gavrilet@digital.cabinet-office.gov.uk>
Date: Wed, 10 Jul 2024 16:41:43 +0300
Subject: [PATCH] AUT-2790: Update logic

---
 src/components/common/constants.ts            |  2 +-
 .../enter-email/enter-email-controller.ts     | 15 +++---
 ...r-email-create-account-integration.test.ts | 25 ---------
 .../tests/enter-email-integration.test.ts     | 54 +++++++++++--------
 4 files changed, 43 insertions(+), 53 deletions(-)

diff --git a/src/components/common/constants.ts b/src/components/common/constants.ts
index 52ef725511..43774b7410 100644
--- a/src/components/common/constants.ts
+++ b/src/components/common/constants.ts
@@ -56,7 +56,7 @@ export const ERROR_CODES = {
 
 export const ERROR_CODE_MAPPING: { [p: string]: string } = {
   [ERROR_CODES.ACCOUNT_LOCKED]: pathWithQueryParam(
-    PATH_NAMES["ACCOUNT_LOCKED"]
+    PATH_NAMES.SIGNED_OUT.concat("?error=login_required")
   ),
   [ERROR_CODES.INVALID_PASSWORD_MAX_ATTEMPTS_REACHED]: pathWithQueryParam(
     PATH_NAMES["ACCOUNT_LOCKED"]
diff --git a/src/components/enter-email/enter-email-controller.ts b/src/components/enter-email/enter-email-controller.ts
index 5d79a94577..140eb5a8a1 100644
--- a/src/components/enter-email/enter-email-controller.ts
+++ b/src/components/enter-email/enter-email-controller.ts
@@ -69,13 +69,13 @@ export function enterEmailPost(
     const email = req.body.email;
     const { sessionId, clientSessionId, persistentSessionId } = res.locals;
     req.session.user.email = email.toLowerCase();
-    const sub = req.session.user.reauthenticate;
+    const reauthenticateJourney = req.session.user.reauthenticate;
 
-    if (supportReauthentication() && sub) {
+    if (supportReauthentication() && reauthenticateJourney) {
       const checkReauth = await checkReauthService.checkReauthUsers(
         sessionId,
         email,
-        sub,
+        reauthenticateJourney,
         clientSessionId,
         persistentSessionId,
         req
@@ -96,6 +96,11 @@ export function enterEmailPost(
           checkReauth.data.code ===
           ERROR_CODES.RE_AUTH_SIGN_IN_DETAILS_ENTERED_EXCEEDED
         ) {
+          if (reauthenticateJourney) {
+            return res.redirect(
+              PATH_NAMES["SIGNED_OUT"].concat("?error=login_required")
+            );
+          }
           return handleSessionBlocked(req, res);
         }
 
@@ -237,9 +242,7 @@ function handleSessionBlocked(req: Request, res: Response) {
   req.session.user.wrongEmailEnteredLock = timestampNMinutesFromNow(
     getEmailEnteredWrongBlockDurationInMinutes()
   );
-  return supportReauthentication()
-    ? res.redirect(PATH_NAMES["SIGNED_OUT"].concat("?error=login_required"))
-    : res.render(BLOCKED_TEMPLATE);
+  return res.render(BLOCKED_TEMPLATE);
 }
 
 function handleBadRequest(
diff --git a/src/components/enter-email/tests/enter-email-create-account-integration.test.ts b/src/components/enter-email/tests/enter-email-create-account-integration.test.ts
index 58a4063aa0..b3fbc452d6 100644
--- a/src/components/enter-email/tests/enter-email-create-account-integration.test.ts
+++ b/src/components/enter-email/tests/enter-email-create-account-integration.test.ts
@@ -184,31 +184,6 @@ describe("Integration::enter email (create account)", () => {
       .expect(302, done);
   });
 
-  it("should redirect to /signed-out with login_required error when user fails re-auth", (done) => {
-    process.env.SUPPORT_REAUTHENTICATION = "1";
-
-    nock(baseApi)
-      .post(API_ENDPOINTS.CHECK_REAUTH_USER)
-      .once()
-      .reply(HTTP_STATUS_CODES.BAD_REQUEST, {
-        code: ERROR_CODES.RE_AUTH_SIGN_IN_DETAILS_ENTERED_EXCEEDED,
-      });
-
-    request(app)
-      .post(PATH_NAMES.ENTER_EMAIL_SIGN_IN)
-      .type("form")
-      .set("Cookie", cookies)
-      .send({
-        _csrf: token,
-        email: "test@test.com",
-      })
-      .expect(
-        "Location",
-        PATH_NAMES["SIGNED_OUT"].concat("?error=login_required")
-      )
-      .expect(302, done);
-  });
-
   it("should return internal server error when /user-exists API call response is 500", (done) => {
     nock(baseApi).post(API_ENDPOINTS.USER_EXISTS).once().reply(500, {
       message: "Internal Server error",
diff --git a/src/components/enter-email/tests/enter-email-integration.test.ts b/src/components/enter-email/tests/enter-email-integration.test.ts
index b5f7631e50..a7ffe8cb3a 100644
--- a/src/components/enter-email/tests/enter-email-integration.test.ts
+++ b/src/components/enter-email/tests/enter-email-integration.test.ts
@@ -8,11 +8,8 @@ import {
   HTTP_STATUS_CODES,
   PATH_NAMES,
 } from "../../../app.constants";
-import { CheckReauthServiceInterface } from "../../check-reauth-users/types";
-import { AxiosResponse } from "axios";
-import { createApiResponse } from "../../../utils/http";
-import { DefaultApiResponse } from "../../../types";
 import nock = require("nock");
+import { ERROR_CODES } from "../../common/constants";
 
 describe("Integration::enter email", () => {
   let token: string | string[];
@@ -24,7 +21,6 @@ describe("Integration::enter email", () => {
     decache("../../../app");
     decache("../../../middleware/session-middleware");
     const sessionMiddleware = require("../../../middleware/session-middleware");
-    const checkReauthUsersService = require("../../check-reauth-users/check-reauth-users-service");
 
     sinon
       .stub(sessionMiddleware, "validateSessionMiddleware")
@@ -42,26 +38,12 @@ describe("Integration::enter email", () => {
         next();
       });
 
-    sinon
-      .stub(checkReauthUsersService, "checkReauthUsersService")
-      .callsFake((): CheckReauthServiceInterface => {
-        async function checkReauthUsers() {
-          const fakeAxiosResponse: AxiosResponse = {
-            status: HTTP_STATUS_CODES.OK,
-          } as AxiosResponse;
-
-          return createApiResponse<DefaultApiResponse>(fakeAxiosResponse);
-        }
-
-        return { checkReauthUsers };
-      });
-
     app = await require("../../../app").createApp();
     baseApi = process.env.FRONTEND_API_BASE_URL;
 
-    request(app)
+    await request(app)
       .get(PATH_NAMES.ENTER_EMAIL_SIGN_IN)
-      .end((err, res) => {
+      .then((res) => {
         const $ = cheerio.load(res.text);
         token = $("[name=_csrf]").val();
         cookies = res.headers["set-cookie"];
@@ -247,4 +229,34 @@ describe("Integration::enter email", () => {
       .expect("Location", PATH_NAMES.ENTER_PASSWORD)
       .expect(302, done);
   });
+
+  it("should redirect to /signed-out with login_required error when user fails re-auth", async () => {
+    process.env.SUPPORT_REAUTHENTICATION = "1";
+
+    nock(baseApi)
+      .post(API_ENDPOINTS.CHECK_REAUTH_USER)
+      .once()
+      .reply(HTTP_STATUS_CODES.BAD_REQUEST, {
+        code: ERROR_CODES.RE_AUTH_SIGN_IN_DETAILS_ENTERED_EXCEEDED,
+      });
+
+    nock(baseApi)
+      .post(API_ENDPOINTS.USER_EXISTS)
+      .once()
+      .reply(HTTP_STATUS_CODES.OK, {
+        email: "test@test.com",
+        doesUserExist: true,
+      });
+
+    await request(app)
+      .post(PATH_NAMES.ENTER_EMAIL_SIGN_IN)
+      .type("form")
+      .set("Cookie", cookies)
+      .send({
+        _csrf: token,
+        email: "test@test.com",
+      })
+      .expect("Location", PATH_NAMES.SIGNED_OUT.concat("?error=login_required"))
+      .expect(302);
+  });
 });