Merge pull request #1428 from govuk-one-login/AUT-2440/fixed-password…

…-reset-blocked-and-suspended-journeys AUT-2440: Fixed forgotten password journey while a user is suspended or blocked
govuk-one-login · Mar 5, 2024 · ab3c3d6 · ab3c3d6
2 parents 9db2f04 + 0898c72
commit ab3c3d6
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 20 deletions.
diff --git a/src/components/common/state-machine/state-machine.ts b/src/components/common/state-machine/state-machine.ts
@@ -535,6 +535,12 @@ const authStateMachine = createMachine(
       },
       [PATH_NAMES.RESET_PASSWORD_2FA_SMS]: {
         on: {
+          [USER_JOURNEY_EVENTS.PERMANENTLY_BLOCKED_INTERVENTION]: [
+            PATH_NAMES.UNAVAILABLE_PERMANENT,
+          ],
+          [USER_JOURNEY_EVENTS.TEMPORARILY_BLOCKED_INTERVENTION]: [
+            PATH_NAMES.UNAVAILABLE_TEMPORARY,
+          ],
           [USER_JOURNEY_EVENTS.MFA_CODE_VERIFIED]: [
             {
               target: [PATH_NAMES.RESET_PASSWORD_REQUIRED],

diff --git a/src/components/common/verify-code/verify-code-controller.ts b/src/components/common/verify-code/verify-code-controller.ts
@@ -92,7 +92,8 @@ export function verifyCodePost(
     ) {
       if (
         nextEvent === USER_JOURNEY_EVENTS.EMAIL_SECURITY_CODES_CODE_VERIFIED ||
-        nextEvent === USER_JOURNEY_EVENTS.RESET_PASSWORD_CODE_VERIFIED
+        (nextEvent === USER_JOURNEY_EVENTS.MFA_CODE_VERIFIED &&
+          JOURNEY_TYPE.PASSWORD_RESET_MFA)
       ) {
         accountInterventionsResponse =
           await accountInterventionsService.accountInterventionStatus(

diff --git a/src/components/enter-mfa/tests/enter-mfa-controller.test.ts b/src/components/enter-mfa/tests/enter-mfa-controller.test.ts
@@ -55,6 +55,7 @@ describe("enter mfa controller", () => {
     });
     res = mockResponse();
     process.env.SUPPORT_ACCOUNT_RECOVERY = "1";
+    process.env.SUPPORT_ACCOUNT_INTERVENTIONS = "0";
   });
 
   afterEach(() => {

diff --git a/src/components/reset-password-2fa-sms/tests/reset-password-2fa-sms-controller.test.ts b/src/components/reset-password-2fa-sms/tests/reset-password-2fa-sms-controller.test.ts
@@ -16,6 +16,8 @@ import {
 } from "../reset-password-2fa-sms-controller";
 import { VerifyCodeInterface } from "../../common/verify-code/types";
 import { MfaServiceInterface } from "../../common/mfa/types";
+import { fakeVerifyCodeServiceHelper } from "../../../../test/helpers/verify-code-helpers";
+import { accountInterventionsFakeHelper } from "../../../../test/helpers/account-interventions-helpers";
 
 describe("reset password 2fa auth app controller", () => {
   let req: RequestOutput;
@@ -35,6 +37,7 @@ describe("reset password 2fa auth app controller", () => {
   });
 
   afterEach(() => {
+    delete process.env.SUPPORT_ACCOUNT_INTERVENTIONS;
     sinon.restore();
   });
 
@@ -105,6 +108,46 @@ describe("reset password 2fa auth app controller", () => {
       expect(res.render).to.have.calledWith("reset-password-2fa-sms/index.njk");
     });
 
+    it("should redirect to /unavailable-temporary when temporarilySuspended status applied to account and they try to reset their password", async () => {
+      process.env.SUPPORT_ACCOUNT_INTERVENTIONS = "1";
+      const fakeService = fakeVerifyCodeServiceHelper(true);
+      const fakeInterventionsService = accountInterventionsFakeHelper(
+        "[email protected]",
+        false,
+        false,
+        true
+      );
+      req.session.user = {
+        email: "[email protected]",
+      };
+      await resetPassword2FASmsPost(fakeService, fakeInterventionsService)(
+        req as Request,
+        res as Response
+      );
+
+      expect(res.redirect).to.have.calledWith(PATH_NAMES.UNAVAILABLE_TEMPORARY);
+    });
+
+    it("should redirect to /unavailable-temporary when temporarilySuspended status applied to account and they try to reset their password", async () => {
+      process.env.SUPPORT_ACCOUNT_INTERVENTIONS = "1";
+      const fakeService = fakeVerifyCodeServiceHelper(true);
+      const fakeInterventionsService = accountInterventionsFakeHelper(
+        "[email protected]",
+        false,
+        true,
+        false
+      );
+      req.session.user = {
+        email: "[email protected]",
+      };
+      await resetPassword2FASmsPost(fakeService, fakeInterventionsService)(
+        req as Request,
+        res as Response
+      );
+
+      expect(res.redirect).to.have.calledWith(PATH_NAMES.UNAVAILABLE_PERMANENT);
+    });
+
     it("should render security code entered too many times page view when user is account is locked from entering security codes", async () => {
       const fakeService: MfaServiceInterface = {
         sendMfaCode: sinon.fake.returns({

diff --git a/...components/reset-password-check-email/tests/reset-password-check-email-controller.test.ts b/...components/reset-password-check-email/tests/reset-password-check-email-controller.test.ts
@@ -141,25 +141,6 @@ describe("reset password check email controller", () => {
       );
     });
 
-    it("should redirect to /password-reset-required when temporarilySuspended and passwordResetRequired statuses applied to users account and they try to reset their password", async () => {
-      const fakeService = fakeVerifyCodeServiceHelper(true);
-      const fakeInterventionsService = accountInterventionsFakeHelper(
-        "[email protected]",
-        true,
-        false,
-        true
-      );
-
-      await resetPasswordCheckEmailPost(fakeService, fakeInterventionsService)(
-        req as Request,
-        res as Response
-      );
-
-      expect(res.redirect).to.have.calledWith(
-        PATH_NAMES.PASSWORD_RESET_REQUIRED
-      );
-    });
-
     it("should redirect to /reset-password without calling the account interventions service when session.user.withinForcedPasswordResetJourney === true", async () => {
       req.session.user.withinForcedPasswordResetJourney = true;
       const fakeService = fakeVerifyCodeServiceHelper(true);