PYIC-7904: routing for reverification journey

api-tests/features/dl-auth-source-checks/dl-auth-source-checks.feature

@@ -202,8 +202,9 @@ Feature: Authoritative source checks with driving licence CRI
       | address | kenneth-current              |
       | fraud   | kenneth-score-2              |
     When I start a new 'reverification' journey
+    Then I get a 'you-can-change-security-code-method' page response
+    When I submit a 'next' event
     Then I get a 'page-ipv-identity-document-start' page response
-    Given I activate the 'drivingLicenceAuthCheck' feature set
     When I submit an 'appTriage' event
     Then I get a 'dcmaw' CRI response
     When I submit 'kenneth-driving-permit-valid' details to the CRI stub

api-tests/features/mfa-reset-journey.feature

@@ -10,19 +10,25 @@ Feature: MFA reset journey
 
       # Start MFA reset journey
       When I start a new 'reverification' journey
-      Then I get a 'page-ipv-identity-document-start' page response
+      Then I get a 'you-can-change-security-code-method' page response
 
     Scenario: Successful MFA reset journey
+      When I submit a 'next' event
+      Then I get a 'page-ipv-identity-document-start' page response
       When I submit an 'appTriage' event
       Then I get a 'dcmaw' CRI response
-      When I submit 'kenneth-driving-permit-valid' details to the CRI stub
+      When I submit 'kenneth-passport-valid' details to the CRI stub
       Then I get a 'page-dcmaw-success' page response
       When I submit a 'next' event
+      Then I get a 'we-matched-you-to-your-one-login' page response
+      When I submit a 'next' event
       Then I get an OAuth response
       When I use the OAuth response to get my MFA reset result
       Then I get a successful MFA reset result
 
     Scenario: Failed MFA reset journey with breaching CI - user can still reuse existing identity
+      When I submit a 'next' event
+      Then I get a 'page-ipv-identity-document-start' page response
       When I submit an 'appTriage' event
       Then I get a 'dcmaw' CRI response
       When I submit 'kenneth-passport-with-breaching-ci' details to the CRI stub
@@ -37,23 +43,24 @@ Feature: MFA reset journey
       Then I get a 'page-ipv-reuse' page response
 
     Scenario: Failed MFA reset journey - DCMAW error
+      When I submit a 'next' event
+      Then I get a 'page-ipv-identity-document-start' page response
       When I submit an 'appTriage' event
       Then I get a 'dcmaw' CRI response
-      When I call the CRI stub and get an 'access-denied' OAuth error
-      When I submit a 'next' event
+      When I call the CRI stub and get an 'access_denied' OAuth error
       Then I get an OAuth response
       When I use the OAuth response to get my MFA reset result
       Then I get an unsuccessful MFA reset result with failure code 'identity_check_incomplete'
 
-    Scenario: Failed MFA reset journey - no photo id
-      When I submit an 'end' event
-      Then I get a 'pyi-another-way' page response
-      When I submit an 'next' event
+    Scenario: Failed MFA reset journey - find another way to access One Login
+      When I submit an 'cannot-change-security-codes' event
       Then I get an OAuth response
       When I use the OAuth response to get my MFA reset result
       Then I get an unsuccessful MFA reset result with failure code 'identity_check_incomplete'
 
     Scenario: Failed MFA reset journey - failed verification score
+      When I submit a 'next' event
+      Then I get a 'page-ipv-identity-document-start' page response
       When I submit an 'appTriage' event
       Then I get a 'dcmaw' CRI response
       When I submit 'kenneth-passport-verification-zero' details to the CRI stub
@@ -64,6 +71,8 @@ Feature: MFA reset journey
       Then I get an unsuccessful MFA reset result with failure code 'identity_check_failed'
 
     Scenario: Failed MFA reset journey - non-matching identity
+      When I submit a 'next' event
+      Then I get a 'page-ipv-identity-document-start' page response
       When I submit an 'appTriage' event
       Then I get a 'dcmaw' CRI response
       When I submit 'alice-passport-valid' details to the CRI stub
@@ -75,6 +84,23 @@ Feature: MFA reset journey
       When I use the OAuth response to get my MFA reset result
       Then I get an unsuccessful MFA reset result with failure code 'identity_did_not_match'
 
+    Scenario: Failed MFA reset journey - failed DL auth source check
+      Given I activate the 'drivingLicenceAuthCheck' feature set
+      When I submit a 'next' event
+      Then I get a 'page-ipv-identity-document-start' page response
+      When I submit an 'appTriage' event
+      Then I get a 'dcmaw' CRI response
+      When I submit 'kenneth-driving-permit-valid' details to the CRI stub
+      Then I get a 'drivingLicence' CRI response
+      When I submit 'kenneth-driving-permit-needs-alternate-doc' details with attributes to the CRI stub
+        | Attribute | Values          |
+        | context   | "check_details" |
+      Then I get a 'pyi-no-match' page response
+      When I submit a 'next' event
+      Then I get an OAuth response
+      When I use the OAuth response to get my MFA reset result
+      Then I get an unsuccessful MFA reset result with failure code 'identity_check_failed'
+
   Rule: The user has no existing identity
     Scenario: Attempted MFA reset journey
       When I start a new 'reverification' journey

lambdas/process-journey-event/src/main/resources/statemachine/journey-maps/reverification.yaml

@@ -85,13 +85,25 @@ states:
       lambda: check-reverification-identity
     events:
       found:
-        targetState: IDENTITY_START_PAGE
+        targetState: YOU_CAN_CHOOSE_HOW_YOU_GET_SECURITY_CODES_PAGE
       not-found:
-        targetState: CRI_TICF
+        targetJourney: INELIGIBLE
+        targetState: INELIGIBLE_SKIP_MESSAGE
       error:
         targetJourney: TECHNICAL_ERROR
         targetState: ERROR
 
+  YOU_CAN_CHOOSE_HOW_YOU_GET_SECURITY_CODES_PAGE:
+    response:
+      type: page
+      pageId: you-can-change-security-code-method
+    events:
+      next:
+        targetState: IDENTITY_START_PAGE
+      cannot-change-security-codes:
+        targetJourney: INELIGIBLE
+        targetState: INELIGIBLE_SKIP_MESSAGE
+
   IDENTITY_START_PAGE:
     response:
       type: page
@@ -108,7 +120,7 @@ states:
             targetState: ERROR
       end:
         targetJourney: INELIGIBLE
-        targetState: INELIGIBLE
+        targetState: INELIGIBLE_SKIP_MESSAGE
 
   STRATEGIC_APP_TRIAGE:
     nestedJourney: STRATEGIC_APP_TRIAGE
@@ -120,7 +132,7 @@ states:
         targetState: ERROR
       anotherWay:
         targetJourney: INELIGIBLE
-        targetState: INELIGIBLE
+        targetState: INELIGIBLE_SKIP_MESSAGE
       returnToRp:
         targetState: RETURN_TO_RP
 
@@ -134,13 +146,13 @@ states:
         targetState: POST_DCMAW_SUCCESS_PAGE
       not-found:
         targetJourney: INELIGIBLE
-        targetState: INELIGIBLE
+        targetState: INELIGIBLE_SKIP_MESSAGE
       access-denied:
         targetJourney: INELIGIBLE
-        targetState: INELIGIBLE
+        targetState: INELIGIBLE_SKIP_MESSAGE
       temporarily-unavailable:
         targetJourney: INELIGIBLE
-        targetState: INELIGIBLE
+        targetState: INELIGIBLE_SKIP_MESSAGE
       dl-auth-source-check:
         targetState: CRI_DRIVING_LICENCE_AUTH_SOURCE_CHECK
 
@@ -183,6 +195,14 @@ states:
       type: process
       lambda: call-ticf-cri
     parent: CRI_TICF_STATE
+    events:
+      next:
+        targetState: WE_MATCHED_YOU_TO_YOUR_ONE_LOGIN_PAGE
+
+  WE_MATCHED_YOU_TO_YOUR_ONE_LOGIN_PAGE:
+    response:
+      type: page
+      pageId: we-matched-you-to-your-one-login
     events:
       next:
         targetState: RETURN_TO_RP