ATO-925: Adds session.save() to showGetEmailForm

The next controller in the user flow, showCheckEmailForm relies on the session containing the email address. However we redirect when submitting the email address, which may happen faster than our session updating, leading to the user being redirected back to the enter-email page. The docs for express-session say "There are some cases where it is useful to call this method (`session.save()`), for example, redirects..."[1] so adding this session.save call in to ensure the session is updated before the redirect occurs. [1]- https://expressjs.com/en/resources/middleware/session.html
govuk-one-login · Jul 23, 2024 · a12d816 · a12d816
1 parent c3d870f
commit a12d816
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/express/src/controllers/register.ts b/express/src/controllers/register.ts
@@ -19,6 +19,7 @@ export const processGetEmailForm: RequestHandler = async (req, res) => {
     console.info("In ProcessGetEmailForm");
 
     req.session.emailAddress = emailAddress;
+    req.session.save();
 
     try {
         await s4.createUser(emailAddress);

diff --git a/express/tests/controllers/register.test.ts b/express/tests/controllers/register.test.ts
@@ -82,6 +82,7 @@ describe("processGetEmailForm controller tests", () => {
 
         await processGetEmailForm(mockReq, mockRes, mockNext);
         expect(s4CreateUserSpy).toHaveBeenCalledWith(TEST_EMAIL);
+        expect(mockReq.session.save).toHaveBeenCalled();
         expect(mockRes.redirect).toHaveBeenCalledWith("/register/enter-email-code");
     });
 
@@ -106,6 +107,7 @@ describe("processGetEmailForm controller tests", () => {
         await processGetEmailForm(mockReq, mockRes, mockNext);
         expect(s4CreateUserSpy).toHaveBeenCalledWith(TEST_EMAIL);
         expect(s4SignUpStatusSpy).toHaveBeenCalledWith(TEST_EMAIL);
+        expect(mockReq.session.save).toHaveBeenCalled();
         expect(console.info).toHaveBeenCalledWith("Processing No HasEMail");
         expect(mockRes.redirect).toHaveBeenCalledWith("resume-before-password");
     });
@@ -134,6 +136,7 @@ describe("processGetEmailForm controller tests", () => {
         expect(s4CreateUserSpy).toHaveBeenCalledWith(TEST_EMAIL);
         expect(s4SignUpStatusSpy).toHaveBeenCalledWith(TEST_EMAIL);
         expect(console.info).toHaveBeenCalledWith("Processing No HasPassword");
+        expect(mockReq.session.save).toHaveBeenCalled();
         expect(mockRes.redirect).toHaveBeenCalledWith("resume-before-password");
     });
 
@@ -162,6 +165,7 @@ describe("processGetEmailForm controller tests", () => {
         expect(s4CreateUserSpy).toHaveBeenCalledWith(TEST_EMAIL);
         expect(s4SignUpStatusSpy).toHaveBeenCalledWith(TEST_EMAIL);
         expect(console.info).toHaveBeenCalledWith("Processing No HasPhoneNumber");
+        expect(mockReq.session.save).toHaveBeenCalled();
         expect(mockRes.redirect).toHaveBeenCalledWith("resume-after-password");
     });
 
@@ -190,6 +194,7 @@ describe("processGetEmailForm controller tests", () => {
         await processGetEmailForm(mockReq, mockRes, mockNext);
         expect(s4CreateUserSpy).toHaveBeenCalledWith(TEST_EMAIL);
         expect(s4SignUpStatusSpy).toHaveBeenCalledWith(TEST_EMAIL);
+        expect(mockReq.session.save).toHaveBeenCalled();
         expect(console.info).toHaveBeenCalledWith("Processing No HasTextCode");
         expect(mockRes.redirect).toHaveBeenCalledWith("resume-after-password");
     });
@@ -207,6 +212,7 @@ describe("processGetEmailForm controller tests", () => {
 
         await expect(processGetEmailForm(mockReq, mockRes, mockNext)).rejects.toThrow();
         expect(s4CreateUserSpy).toHaveBeenCalledWith(TEST_EMAIL);
+        expect(mockReq.session.save).toHaveBeenCalled();
         expect(s4SignUpStatusSpy).not.toHaveBeenCalled();
     });
 });