From dd36113d80371170604f9e24a25b74812b0c984d Mon Sep 17 00:00:00 2001
From: LazarAlexandruConstantin <alex.lazar@digital.cabinet-office.gov.uk>
Date: Mon, 20 May 2024 11:41:09 +0300
Subject: [PATCH] AUT-2164: Add feature switch

---
 ci/terraform/authdev1.tfvars                         |  1 +
 ci/terraform/authdev2.tfvars                         |  1 +
 ci/terraform/build.tfvars                            |  1 +
 ci/terraform/ecs.tf                                  |  4 ++++
 ci/terraform/staging.tfvars                          |  1 +
 ci/terraform/variables.tf                            |  7 ++++++-
 scripts/_create_env_file.py                          |  1 +
 src/components/enter-email/enter-email-controller.ts | 12 ++++++++++++
 src/config.ts                                        |  4 ++++
 9 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/ci/terraform/authdev1.tfvars b/ci/terraform/authdev1.tfvars
index 7e1af7201c..35437a1f69 100644
--- a/ci/terraform/authdev1.tfvars
+++ b/ci/terraform/authdev1.tfvars
@@ -12,6 +12,7 @@ gtm_id                        = ""
 support_account_recovery      = "1"
 support_authorize_controller  = "1"
 support_2fa_b4_password_reset = "1"
+support_check_email_fraud     = "1"
 language_toggle_enabled       = "1"
 
 frontend_task_definition_cpu     = 512
diff --git a/ci/terraform/authdev2.tfvars b/ci/terraform/authdev2.tfvars
index a959d11a53..ee36372215 100644
--- a/ci/terraform/authdev2.tfvars
+++ b/ci/terraform/authdev2.tfvars
@@ -12,6 +12,7 @@ gtm_id                        = ""
 support_account_recovery      = "1"
 support_authorize_controller  = "1"
 support_2fa_b4_password_reset = "1"
+support_check_email_fraud     = "1"
 language_toggle_enabled       = "1"
 
 frontend_task_definition_cpu     = 512
diff --git a/ci/terraform/build.tfvars b/ci/terraform/build.tfvars
index 1dd6539ddd..a1e5d4bf02 100644
--- a/ci/terraform/build.tfvars
+++ b/ci/terraform/build.tfvars
@@ -17,6 +17,7 @@ support_account_interventions                       = "1"
 support_reauthentication                            = "1"
 support_2fa_b4_password_reset                       = "1"
 support_2hr_lockout                                 = "1"
+support_check_email_fraud                           = "1"
 password_reset_code_entered_wrong_blocked_minutes   = "1"
 account_recovery_code_entered_wrong_blocked_minutes = "1"
 code_request_blocked_minutes                        = "1"
diff --git a/ci/terraform/ecs.tf b/ci/terraform/ecs.tf
index 2cb53ac836..ed32a88284 100644
--- a/ci/terraform/ecs.tf
+++ b/ci/terraform/ecs.tf
@@ -160,6 +160,10 @@ locals {
         name  = "SUPPORT_2HR_LOCKOUT"
         value = var.support_2hr_lockout
       },
+      {
+        name  = "SUPPORT_CHECK_EMAIL_FRAUD"
+        value = var.support_check_email_fraud
+      },
       {
         name  = "LANGUAGE_TOGGLE_ENABLED"
         value = var.language_toggle_enabled
diff --git a/ci/terraform/staging.tfvars b/ci/terraform/staging.tfvars
index 31da6eb9d8..212249c7ec 100644
--- a/ci/terraform/staging.tfvars
+++ b/ci/terraform/staging.tfvars
@@ -18,6 +18,7 @@ support_account_interventions                       = "1"
 support_authorize_controller                        = "1"
 support_2fa_b4_password_reset                       = "1"
 support_2hr_lockout                                 = "1"
+support_check_email_fraud                           = "1"
 code_request_blocked_minutes                        = "120"
 account_recovery_code_entered_wrong_blocked_minutes = "120"
 code_entered_wrong_blocked_minutes                  = "120"
diff --git a/ci/terraform/variables.tf b/ci/terraform/variables.tf
index 5fb77c9bd4..d322b2c83a 100644
--- a/ci/terraform/variables.tf
+++ b/ci/terraform/variables.tf
@@ -247,6 +247,12 @@ variable "support_reauthentication" {
   default     = "0"
 }
 
+variable "support_check_email_fraud" {
+  description = "When true enables Fraudulent email checking via Experian lockout"
+  type        = string
+  default     = "0"
+}
+
 variable "email_entered_wrong_blocked_minutes" {
   description = "The duration, in minutes, for which a user is blocked after entering the wrong email multiple times during reauthentication"
   default     = "15"
@@ -342,4 +348,3 @@ variable "language_toggle_enabled" {
   description = "Enables English / Welsh language toggle in the user interface"
 }
 
-
diff --git a/scripts/_create_env_file.py b/scripts/_create_env_file.py
index 126ce4beba..198a72ad52 100644
--- a/scripts/_create_env_file.py
+++ b/scripts/_create_env_file.py
@@ -91,6 +91,7 @@ class EnvFileSection(TypedDict):
             "SUPPORT_2FA_B4_PASSWORD_RESET": 1,
             "SUPPORT_REAUTHENTICATION": 1,
             "SUPPORT_2HR_LOCKOUT": 1,
+            "SUPPORT_CHECK_EMAIL_FRAUD": 1,
         },
     },
     {
diff --git a/src/components/enter-email/enter-email-controller.ts b/src/components/enter-email/enter-email-controller.ts
index a24e831deb..3d60483d73 100644
--- a/src/components/enter-email/enter-email-controller.ts
+++ b/src/components/enter-email/enter-email-controller.ts
@@ -19,6 +19,7 @@ import { checkReauthUsersService } from "../check-reauth-users/check-reauth-user
 import {
   getEmailEnteredWrongBlockDurationInMinutes,
   support2hrLockout,
+  supportCheckEmailFraud,
   supportReauthentication,
 } from "../../config";
 import {
@@ -126,6 +127,17 @@ export function enterEmailPost(
       result.data.lockoutInformation.length > 0
     )
       setUpAuthAppLocks(req, result.data.lockoutInformation);
+    if (supportCheckEmailFraud()) {
+      const checkEmailFraudResponse =
+        await checkEmailFraudService.checkEmailFraudBlock(
+          email,
+          sessionId,
+          req.ip,
+          clientSessionId,
+          persistentSessionId
+        );
+      logger.info(`checkEmailFraudResponse: ${checkEmailFraudResponse.data}`);
+    }
     req.session.user.enterEmailMfaType = result.data.mfaMethodType;
     req.session.user.redactedPhoneNumber = result.data.phoneNumberLastThree;
     const nextState = result.data.doesUserExist
diff --git a/src/config.ts b/src/config.ts
index f8dc4e9f8d..dcb4868ab4 100644
--- a/src/config.ts
+++ b/src/config.ts
@@ -179,6 +179,10 @@ export function supportReauthentication(): boolean {
   return process.env.SUPPORT_REAUTHENTICATION === "1";
 }
 
+export function supportCheckEmailFraud(): boolean {
+  return process.env.SUPPORT_CHECK_EMAIL_FRAUD === "1";
+}
+
 export function getLanguageToggleEnabled(): boolean {
   return process.env.LANGUAGE_TOGGLE_ENABLED === "1";
 }