Merge pull request #1632 from govuk-one-login/AUT-1432/fix-secret-key…

…-display-in-error-state AUT-1432: Fix secret key display in error state and tests
govuk-one-login · May 22, 2024 · b2c75d6 · b2c75d6
2 parents f3273f8 + 71067bd
commit b2c75d6
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/src/components/setup-authenticator-app/setup-authenticator-app-controller.ts b/src/components/setup-authenticator-app/setup-authenticator-app-controller.ts
@@ -103,7 +103,9 @@ export function setupAuthenticatorAppPost(
         );
         return renderBadRequest(res, req, TEMPLATE, error, {
           qrCode: req.session.user.authAppQrCodeUrl,
-          secretKey: req.session.user.authAppSecret,
+          secretKeyFragmentArray: splitSecretKeyIntoFragments(
+            req.session.user.authAppSecret
+          ),
         });
       }
 

diff --git a/src/components/setup-authenticator-app/setup-authenticator-app-validation.ts b/src/components/setup-authenticator-app/setup-authenticator-app-validation.ts
@@ -2,7 +2,10 @@ import { body } from "express-validator";
 import { validateBodyMiddleware } from "../../middleware/form-validation-middleware";
 import { ValidationChainFunc } from "../../types";
 import { Request } from "express";
-import { containsNumbersOnly } from "../../utils/strings";
+import {
+  containsNumbersOnly,
+  splitSecretKeyIntoFragments,
+} from "../../utils/strings";
 
 export function validateSetupAuthAppRequest(): ValidationChainFunc {
   return [
@@ -47,6 +50,8 @@ const postValidationLocals = function locals(
 ): Record<string, unknown> {
   return {
     qrCode: req.session.user.authAppQrCodeUrl,
-    secretKey: req.session.user.authAppSecret,
+    secretKeyFragmentArray: splitSecretKeyIntoFragments(
+      req.session.user.authAppSecret
+    ),
   };
 };
diff --git a/src/components/setup-authenticator-app/tests/setup-authenticator-app-integration.test.ts b/src/components/setup-authenticator-app/tests/setup-authenticator-app-integration.test.ts
@@ -15,6 +15,7 @@ describe("Integration::setup-authenticator-app", () => {
   let cookies: string;
   let app: any;
   let baseApi: string;
+  const AUTH_APP_SECRET: string = "MJRGA2KMETI7BEVNT33MOITMEQQUJMAQ";
 
   before(async () => {
     decache("../../../app");
@@ -33,7 +34,7 @@ describe("Integration::setup-authenticator-app", () => {
           journey: {
             nextPath: PATH_NAMES.CREATE_ACCOUNT_SETUP_AUTHENTICATOR_APP,
           },
-          authAppSecret: "secret",
+          authAppSecret: AUTH_APP_SECRET,
         };
 
         next();
@@ -89,7 +90,7 @@ describe("Integration::setup-authenticator-app", () => {
         expect($("#code-error").text()).to.contains(
           "Enter the security code shown in your authenticator app"
         );
-        expect($("#secret-key").text()).to.not.be.empty;
+        expect($("#secret-key").text()).to.contain(AUTH_APP_SECRET);
       })
       .expect(400, done);
   });
@@ -108,7 +109,7 @@ describe("Integration::setup-authenticator-app", () => {
         expect($("#code-error").text()).to.contains(
           "Enter the security code using only 6 digits"
         );
-        expect($("#secret-key").text()).to.not.be.empty;
+        expect($("#secret-key").text()).to.contain(AUTH_APP_SECRET);
       })
       .expect(400, done);
   });
@@ -127,7 +128,7 @@ describe("Integration::setup-authenticator-app", () => {
         expect($("#code-error").text()).to.contains(
           "Enter the security code using only 6 digits"
         );
-        expect($("#secret-key").text()).to.not.be.empty;
+        expect($("#secret-key").text()).to.contain(AUTH_APP_SECRET);
       })
       .expect(400, done);
   });