AUT-2789: Log user out when they enter their password incorrectly max…

… allowed times.
govuk-one-login · Jul 8, 2024 · 6cf0a9d · 6cf0a9d
1 parent e5783be
commit 6cf0a9d
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 7 deletions.
diff --git a/src/app.ts b/src/app.ts
@@ -169,7 +169,7 @@ async function createApp(): Promise<express.Application> {
   app.use(setLocalVarsMiddleware);
   app.use(setGTM);
 
-  i18next
+  await i18next
     .use(Backend)
     .use(i18nextMiddleware.LanguageDetector)
     .init(

diff --git a/src/components/common/constants.ts b/src/components/common/constants.ts
@@ -1,6 +1,6 @@
 import { PATH_NAMES } from "../../app.constants";
 import { getNextState } from "./state-machine/state-machine";
-import { support2hrLockout } from "../../config";
+import { support2hrLockout, supportReauthentication } from "../../config";
 import { Request } from "express";
 
 export const SECURITY_CODE_ERROR = "actionType";
@@ -58,9 +58,9 @@ export const ERROR_CODE_MAPPING: { [p: string]: string } = {
   [ERROR_CODES.ACCOUNT_LOCKED]: pathWithQueryParam(
     PATH_NAMES["ACCOUNT_LOCKED"]
   ),
-  [ERROR_CODES.INVALID_PASSWORD_MAX_ATTEMPTS_REACHED]: pathWithQueryParam(
-    PATH_NAMES["ACCOUNT_LOCKED"]
-  ),
+  [ERROR_CODES.INVALID_PASSWORD_MAX_ATTEMPTS_REACHED]: supportReauthentication()
+      ? pathWithQueryParam(PATH_NAMES["SIGNED_OUT"]).concat("?error=login_required")
+      : pathWithQueryParam(PATH_NAMES["ACCOUNT_LOCKED"]),
   [ERROR_CODES.MFA_SMS_MAX_CODES_SENT]: pathWithQueryParam(
     PATH_NAMES["SECURITY_CODE_REQUEST_EXCEEDED"],
     SECURITY_CODE_ERROR,

diff --git a/src/components/enter-password/tests/enter-password-integration.test.ts b/src/components/enter-password/tests/enter-password-integration.test.ts
@@ -41,9 +41,9 @@ describe("Integration::enter password", () => {
     app = await require("../../../app").createApp();
     baseApi = process.env.FRONTEND_API_BASE_URL;
 
-    request(app)
+    await request(app)
       .get(ENDPOINT)
-      .end((err, res) => {
+      .then((res) => {
         const $ = cheerio.load(res.text);
         token = $("[name=_csrf]").val();
         cookies = res.headers["set-cookie"];

diff --git a/startup.sh b/startup.sh
@@ -65,6 +65,10 @@ test -f .env || usage "Missing .env file"
 # shellcheck source=/dev/null
 set -o allexport && source .env && set +o allexport
 
+echo $SESSION_EXPIRY
+echo $SESSION_SECRET
+
+
 # shellcheck source=./scripts/export_aws_creds.sh
 source "${DIR}/scripts/export_aws_creds.sh"
 
@@ -78,6 +82,8 @@ if [ "${ACTION_LOCAL:-0}" == "1" ]; then
   echo "Redis listening on redis://localhost:${REDIS_PORT:-6379}"
   if [ "${ACTION_DEPS_ONLY:-0}" == "0" ]; then
     export PORT="${DOCKER_FRONTEND_PORT:-3000}"
+    export SESSION_SECRET="${SESSION_SECRET:-123456}"
+
     yarn install && yarn test:dev-evironment-variables && yarn copy-assets && yarn dev
   else
     docker compose -f docker-compose.yml logs -f