From 0898c720c39d19314028fb7083aa52fe575ea094 Mon Sep 17 00:00:00 2001
From: Aidan Comer <alhcomer@hotmail.co.uk>
Date: Tue, 5 Mar 2024 12:00:30 +0000
Subject: [PATCH] AUT-2440: Fixed forgotten password journey while a user is
 suspended or blocked

---
 .../common/state-machine/state-machine.ts     |  6 +++
 .../verify-code/verify-code-controller.ts     |  3 +-
 .../tests/enter-mfa-controller.test.ts        |  1 +
 .../reset-password-2fa-sms-controller.test.ts | 43 +++++++++++++++++++
 ...et-password-check-email-controller.test.ts | 19 --------
 5 files changed, 52 insertions(+), 20 deletions(-)

diff --git a/src/components/common/state-machine/state-machine.ts b/src/components/common/state-machine/state-machine.ts
index d6af470fc..1f97640bc 100644
--- a/src/components/common/state-machine/state-machine.ts
+++ b/src/components/common/state-machine/state-machine.ts
@@ -535,6 +535,12 @@ const authStateMachine = createMachine(
       },
       [PATH_NAMES.RESET_PASSWORD_2FA_SMS]: {
         on: {
+          [USER_JOURNEY_EVENTS.PERMANENTLY_BLOCKED_INTERVENTION]: [
+            PATH_NAMES.UNAVAILABLE_PERMANENT,
+          ],
+          [USER_JOURNEY_EVENTS.TEMPORARILY_BLOCKED_INTERVENTION]: [
+            PATH_NAMES.UNAVAILABLE_TEMPORARY,
+          ],
           [USER_JOURNEY_EVENTS.MFA_CODE_VERIFIED]: [
             {
               target: [PATH_NAMES.RESET_PASSWORD_REQUIRED],
diff --git a/src/components/common/verify-code/verify-code-controller.ts b/src/components/common/verify-code/verify-code-controller.ts
index 3c9047b37..51c388d4e 100644
--- a/src/components/common/verify-code/verify-code-controller.ts
+++ b/src/components/common/verify-code/verify-code-controller.ts
@@ -92,7 +92,8 @@ export function verifyCodePost(
     ) {
       if (
         nextEvent === USER_JOURNEY_EVENTS.EMAIL_SECURITY_CODES_CODE_VERIFIED ||
-        nextEvent === USER_JOURNEY_EVENTS.RESET_PASSWORD_CODE_VERIFIED
+        (nextEvent === USER_JOURNEY_EVENTS.MFA_CODE_VERIFIED &&
+          JOURNEY_TYPE.PASSWORD_RESET_MFA)
       ) {
         accountInterventionsResponse =
           await accountInterventionsService.accountInterventionStatus(
diff --git a/src/components/enter-mfa/tests/enter-mfa-controller.test.ts b/src/components/enter-mfa/tests/enter-mfa-controller.test.ts
index 32e6449ea..6ad502edb 100644
--- a/src/components/enter-mfa/tests/enter-mfa-controller.test.ts
+++ b/src/components/enter-mfa/tests/enter-mfa-controller.test.ts
@@ -55,6 +55,7 @@ describe("enter mfa controller", () => {
     });
     res = mockResponse();
     process.env.SUPPORT_ACCOUNT_RECOVERY = "1";
+    process.env.SUPPORT_ACCOUNT_INTERVENTIONS = "0";
   });
 
   afterEach(() => {
diff --git a/src/components/reset-password-2fa-sms/tests/reset-password-2fa-sms-controller.test.ts b/src/components/reset-password-2fa-sms/tests/reset-password-2fa-sms-controller.test.ts
index bb620d172..430306826 100644
--- a/src/components/reset-password-2fa-sms/tests/reset-password-2fa-sms-controller.test.ts
+++ b/src/components/reset-password-2fa-sms/tests/reset-password-2fa-sms-controller.test.ts
@@ -16,6 +16,8 @@ import {
 } from "../reset-password-2fa-sms-controller";
 import { VerifyCodeInterface } from "../../common/verify-code/types";
 import { MfaServiceInterface } from "../../common/mfa/types";
+import { fakeVerifyCodeServiceHelper } from "../../../../test/helpers/verify-code-helpers";
+import { accountInterventionsFakeHelper } from "../../../../test/helpers/account-interventions-helpers";
 
 describe("reset password 2fa auth app controller", () => {
   let req: RequestOutput;
@@ -35,6 +37,7 @@ describe("reset password 2fa auth app controller", () => {
   });
 
   afterEach(() => {
+    delete process.env.SUPPORT_ACCOUNT_INTERVENTIONS;
     sinon.restore();
   });
 
@@ -105,6 +108,46 @@ describe("reset password 2fa auth app controller", () => {
       expect(res.render).to.have.calledWith("reset-password-2fa-sms/index.njk");
     });
 
+    it("should redirect to /unavailable-temporary when temporarilySuspended status applied to account and they try to reset their password", async () => {
+      process.env.SUPPORT_ACCOUNT_INTERVENTIONS = "1";
+      const fakeService = fakeVerifyCodeServiceHelper(true);
+      const fakeInterventionsService = accountInterventionsFakeHelper(
+        "test@test.com",
+        false,
+        false,
+        true
+      );
+      req.session.user = {
+        email: "joe.bloggs@test.com",
+      };
+      await resetPassword2FASmsPost(fakeService, fakeInterventionsService)(
+        req as Request,
+        res as Response
+      );
+
+      expect(res.redirect).to.have.calledWith(PATH_NAMES.UNAVAILABLE_TEMPORARY);
+    });
+
+    it("should redirect to /unavailable-temporary when temporarilySuspended status applied to account and they try to reset their password", async () => {
+      process.env.SUPPORT_ACCOUNT_INTERVENTIONS = "1";
+      const fakeService = fakeVerifyCodeServiceHelper(true);
+      const fakeInterventionsService = accountInterventionsFakeHelper(
+        "test@test.com",
+        false,
+        true,
+        false
+      );
+      req.session.user = {
+        email: "joe.bloggs@test.com",
+      };
+      await resetPassword2FASmsPost(fakeService, fakeInterventionsService)(
+        req as Request,
+        res as Response
+      );
+
+      expect(res.redirect).to.have.calledWith(PATH_NAMES.UNAVAILABLE_PERMANENT);
+    });
+
     it("should render security code entered too many times page view when user is account is locked from entering security codes", async () => {
       const fakeService: MfaServiceInterface = {
         sendMfaCode: sinon.fake.returns({
diff --git a/src/components/reset-password-check-email/tests/reset-password-check-email-controller.test.ts b/src/components/reset-password-check-email/tests/reset-password-check-email-controller.test.ts
index 015ebaead..461bcfd04 100644
--- a/src/components/reset-password-check-email/tests/reset-password-check-email-controller.test.ts
+++ b/src/components/reset-password-check-email/tests/reset-password-check-email-controller.test.ts
@@ -141,25 +141,6 @@ describe("reset password check email controller", () => {
       );
     });
 
-    it("should redirect to /password-reset-required when temporarilySuspended and passwordResetRequired statuses applied to users account and they try to reset their password", async () => {
-      const fakeService = fakeVerifyCodeServiceHelper(true);
-      const fakeInterventionsService = accountInterventionsFakeHelper(
-        "test@test.com",
-        true,
-        false,
-        true
-      );
-
-      await resetPasswordCheckEmailPost(fakeService, fakeInterventionsService)(
-        req as Request,
-        res as Response
-      );
-
-      expect(res.redirect).to.have.calledWith(
-        PATH_NAMES.PASSWORD_RESET_REQUIRED
-      );
-    });
-
     it("should redirect to /reset-password without calling the account interventions service when session.user.withinForcedPasswordResetJourney === true", async () => {
       req.session.user.withinForcedPasswordResetJourney = true;
       const fakeService = fakeVerifyCodeServiceHelper(true);