AUT-2164: Add feature switch

ci/terraform/authdev1.tfvars

@@ -12,6 +12,7 @@ gtm_id                        = ""
 support_account_recovery      = "1"
 support_authorize_controller  = "1"
 support_2fa_b4_password_reset = "1"
+support_check_email_fraud     = "1"
 language_toggle_enabled       = "1"
 
 frontend_task_definition_cpu     = 512

ci/terraform/authdev2.tfvars

@@ -12,6 +12,7 @@ gtm_id                        = ""
 support_account_recovery      = "1"
 support_authorize_controller  = "1"
 support_2fa_b4_password_reset = "1"
+support_check_email_fraud     = "1"
 language_toggle_enabled       = "1"
 
 frontend_task_definition_cpu     = 512

ci/terraform/build.tfvars

@@ -17,6 +17,7 @@ support_account_interventions                       = "1"
 support_reauthentication                            = "1"
 support_2fa_b4_password_reset                       = "1"
 support_2hr_lockout                                 = "1"
+support_check_email_fraud                           = "1"
 password_reset_code_entered_wrong_blocked_minutes   = "1"
 account_recovery_code_entered_wrong_blocked_minutes = "1"
 code_request_blocked_minutes                        = "1"

ci/terraform/dev.tfvars

@@ -17,6 +17,7 @@ support_account_interventions                       = "1"
 support_reauthentication                            = "1"
 support_2fa_b4_password_reset                       = "1"
 support_2hr_lockout                                 = "1"
+support_check_email_fraud                           = "1"
 password_reset_code_entered_wrong_blocked_minutes   = "1"
 account_recovery_code_entered_wrong_blocked_minutes = "1"
 code_request_blocked_minutes                        = "1"

ci/terraform/ecs.tf

@@ -160,6 +160,10 @@ locals {
         name  = "SUPPORT_2HR_LOCKOUT"
         value = var.support_2hr_lockout
       },
+      {
+        name  = "SUPPORT_CHECK_EMAIL_FRAUD"
+        value = var.support_check_email_fraud
+      },
       {
         name  = "LANGUAGE_TOGGLE_ENABLED"
         value = var.language_toggle_enabled

ci/terraform/integration.tfvars

@@ -10,6 +10,7 @@ support_account_interventions                       = "1"
 support_authorize_controller                        = "1"
 support_2fa_b4_password_reset                       = "1"
 support_2hr_lockout                                 = "1"
+support_check_email_fraud                           = "0"
 code_request_blocked_minutes                        = "120"
 account_recovery_code_entered_wrong_blocked_minutes = "120"
 code_entered_wrong_blocked_minutes                  = "120"

ci/terraform/production.tfvars

@@ -13,6 +13,7 @@ support_account_interventions                       = "1"
 support_authorize_controller                        = "1"
 support_2fa_b4_password_reset                       = "1"
 support_2hr_lockout                                 = "1"
+support_check_email_fraud                           = "0"
 code_request_blocked_minutes                        = "120"
 account_recovery_code_entered_wrong_blocked_minutes = "120"
 code_entered_wrong_blocked_minutes                  = "120"

ci/terraform/staging.tfvars

@@ -18,6 +18,7 @@ support_account_interventions                       = "1"
 support_authorize_controller                        = "1"
 support_2fa_b4_password_reset                       = "1"
 support_2hr_lockout                                 = "1"
+support_check_email_fraud                           = "1"
 code_request_blocked_minutes                        = "120"
 account_recovery_code_entered_wrong_blocked_minutes = "120"
 code_entered_wrong_blocked_minutes                  = "120"

ci/terraform/variables.tf

@@ -247,6 +247,12 @@ variable "support_reauthentication" {
   default     = "0"
 }
 
+variable "support_check_email_fraud" {
+  description = "When true enables Fraudulent email checking via Experian lockout"
+  type        = string
+  default     = "0"
+}
+
 variable "email_entered_wrong_blocked_minutes" {
   description = "The duration, in minutes, for which a user is blocked after entering the wrong email multiple times during reauthentication"
   default     = "15"
@@ -342,4 +348,3 @@ variable "language_toggle_enabled" {
   description = "Enables English / Welsh language toggle in the user interface"
 }
 
-

scripts/_create_env_file.py

@@ -91,6 +91,7 @@ class EnvFileSection(TypedDict):
             "SUPPORT_2FA_B4_PASSWORD_RESET": 1,
             "SUPPORT_REAUTHENTICATION": 1,
             "SUPPORT_2HR_LOCKOUT": 1,
+            "SUPPORT_CHECK_EMAIL_FRAUD": 1,
         },
     },
     {

src/components/enter-email/enter-email-controller.ts

@@ -19,6 +19,7 @@ import { checkReauthUsersService } from "../check-reauth-users/check-reauth-user
 import {
   getEmailEnteredWrongBlockDurationInMinutes,
   support2hrLockout,
+  supportCheckEmailFraud,
   supportReauthentication,
 } from "../../config";
 import {
@@ -126,6 +127,17 @@ export function enterEmailPost(
       result.data.lockoutInformation.length > 0
     )
       setUpAuthAppLocks(req, result.data.lockoutInformation);
+    if (supportCheckEmailFraud()) {
+      const checkEmailFraudResponse =
+        await checkEmailFraudService.checkEmailFraudBlock(
+          email,
+          sessionId,
+          req.ip,
+          clientSessionId,
+          persistentSessionId
+        );
+      logger.info(`checkEmailFraudResponse: ${checkEmailFraudResponse.data}`);
+    }
     req.session.user.enterEmailMfaType = result.data.mfaMethodType;
     req.session.user.redactedPhoneNumber = result.data.phoneNumberLastThree;
     const nextState = result.data.doesUserExist

src/config.ts

@@ -179,6 +179,10 @@ export function supportReauthentication(): boolean {
   return process.env.SUPPORT_REAUTHENTICATION === "1";
 }
 
+export function supportCheckEmailFraud(): boolean {
+  return process.env.SUPPORT_CHECK_EMAIL_FRAUD === "1";
+}
+
 export function getLanguageToggleEnabled(): boolean {
   return process.env.LANGUAGE_TOGGLE_ENABLED === "1";
 }