tweaks to improve UX

nijk · nijk · commit d4ad6e392459 · 2025-11-07T17:40:39.000Z
diff --git a/src/client/stylesheets/core/_header.scss b/src/client/stylesheets/core/_header.scss
@@ -5,3 +5,26 @@
 .app-header {
   border-bottom-color: $app-light-grey;
 }
+
+.app-width-container--wide {
+  background-color: #f3f2f1;
+}
+
+.manage-account-links {
+  display: block;
+  float: right;
+  list-style-type: none;
+  margin: 18px 0;
+
+  > li {
+    display: inline;
+    margin-bottom: 0;
+    padding: 0 5px;
+    text-align: right;
+    border-right: 1px solid #000;
+
+    &:last-child {
+      border-right: none;
+    }
+  }
+}
diff --git a/src/server/common/helpers/auth/defra-id.js b/src/server/common/helpers/auth/defra-id.js
@@ -51,12 +51,40 @@ const defraId = {
           token: oidcConf.token_endpoint,
           scope: ['openid', 'offline_access'],
           profile: async function (credentials, params) {
+            server.logger.info('auth: Defra ID profile received')
+
             // Decode JWT and extract user profile
             const payload = jwt.token.decode(credentials.token).decoded.payload
+            const userId = payload.sub
             const displayName = getDisplayName(payload)
+            const logoutUrl = oidcConf.end_session_endpoint
+            const relationships =
+              payload.relationships?.map((relationship) => {
+                const [relationshipId, organisationId, organisationName] =
+                  relationship.split(':')
+
+                return {
+                  id: relationshipId,
+                  orgId: organisationId,
+                  orgName: organisationName?.trim(),
+                  isCurrent: payload.currentRelationshipId === relationshipId
+                }
+              }) ?? []
+            const currentRelationship =
+              relationships?.find(({ isCurrent }) => isCurrent) ?? null
+
+            server.app.defraId = {
+              currentRelationship,
+              logoutUrl,
+              relationships,
+              user: {
+                id: userId,
+                name: displayName
+              }
+            }
 
             credentials.profile = {
-              id: payload.sub,
+              id: userId,
               correlationId: payload.correlationId,
               sessionId: payload.sessionId,
               contactId: payload.contactId,
@@ -75,7 +103,7 @@ const defraId = {
               roles: payload.roles,
               idToken: params.id_token,
               tokenUrl: oidcConf.token_endpoint,
-              logoutUrl: oidcConf.end_session_endpoint
+              logoutUrl
             }
           }
         },
diff --git a/src/server/common/helpers/auth/fetch.js b/src/server/common/helpers/auth/fetch.js
@@ -20,69 +20,81 @@ function getOrganisationLinkHref(id, redirectUrl) {
 }
 
 export async function fetchWithAuthInterception(url, request, h) {
-  const { data, response } = await fetchWithAuthHeader(url, request)
+  request.logger.info({ url }, 'auth: fetchWithAuthInterception')
 
-  if (!response.ok) {
-    throw Boom.unauthorized()
-  }
-
-  if (data.action === 'link-organisations') {
-    const { path: redirectUrl } = request
-    const { defraId, isCurrentOrganisationLinked, organisations } = data
-    const hasManyOrganisations = organisations.length > 1
-    const entityName = hasManyOrganisations ? 'organisations' : 'organisation'
-    const shouldShowTableOfUnlinkedOrganisations =
-      hasManyOrganisations && !isCurrentOrganisationLinked
-    const otherRelationships = defraId.otherRelationships.map(
-      ({ defraIdOrgName, defraIdRelationshipId }) => [
-        { text: defraIdOrgName },
-        {
-          html: `<a href="http://localhost:3200/cdp-defra-id-stub/register/${defraId.userId}/relationship/${defraIdRelationshipId}/current">Switch</a>`
-        }
-      ]
-    )
+  try {
+    const { data, response } = await fetchWithAuthHeader(url, request)
 
-    const commonTemplateData = {
-      defraIdOrgName: defraId.orgName,
-      entityName,
-      isCurrentOrganisationLinked,
-      otherRelationships,
-      shouldShowTableOfUnlinkedOrganisations
+    if (!response.ok) {
+      throw Boom.unauthorized()
     }
 
-    const templateData = shouldShowTableOfUnlinkedOrganisations
-      ? {
-          ...commonTemplateData,
-          organisations: organisations.map(({ name, orgId, id }) => [
-            { text: name ?? 'data missing' },
-            { text: orgId ?? 'data missing' },
-            { text: id ?? 'data missing' },
-            {
-              html: `<a href="${getOrganisationLinkHref(id, redirectUrl)}">Link</a>`
+    if (data.action === 'link-organisations') {
+      const { path: redirectUrl } = request
+      const { defraId, isCurrentOrganisationLinked, organisations } = data
+      const hasManyOrganisations = organisations.length > 1
+      const entityName = hasManyOrganisations ? 'organisations' : 'organisation'
+      const shouldShowTableOfUnlinkedOrganisations =
+        hasManyOrganisations && !isCurrentOrganisationLinked
+      const otherRelationships = defraId.otherRelationships.map(
+        ({ defraIdOrgName, defraIdRelationshipId }) => [
+          { text: defraIdOrgName },
+          {
+            html: `<a href="http://localhost:3200/cdp-defra-id-stub/register/${defraId.userId}/relationship/${defraIdRelationshipId}/current">Switch</a>`
+          }
+        ]
+      )
+
+      const commonTemplateData = {
+        defraIdOrgName: defraId.orgName,
+        entityName,
+        isCurrentOrganisationLinked,
+        otherRelationships,
+        shouldShowTableOfUnlinkedOrganisations
+      }
+
+      const templateData = shouldShowTableOfUnlinkedOrganisations
+        ? {
+            ...commonTemplateData,
+            organisations: organisations.map(({ name, orgId, id }) => [
+              { text: name ?? 'data missing' },
+              { text: orgId ?? 'data missing' },
+              { text: id ?? 'data missing' },
+              {
+                html: `<a href="${getOrganisationLinkHref(id, redirectUrl)}">Link</a>`
+              }
+            ])
+          }
+        : {
+            ...commonTemplateData,
+            organisation: {
+              name: organisations[0].name,
+              orgId: organisations[0].orgId,
+              id: organisations[0].id,
+              linkHref: getOrganisationLinkHref(
+                organisations[0].id,
+                redirectUrl
+              ),
+              addHref: `http://localhost:3200/cdp-defra-id-stub/register/${defraId.userId}/relationship`
             }
-          ])
-        }
-      : {
-          ...commonTemplateData,
-          organisation: {
-            name: organisations[0].name,
-            orgId: organisations[0].orgId,
-            id: organisations[0].id,
-            linkHref: getOrganisationLinkHref(organisations[0].id, redirectUrl),
-            addHref: `http://localhost:3200/cdp-defra-id-stub/register/${defraId.userId}/relationship`
           }
-        }
 
-    return {
-      data,
-      response,
-      view: h.view('organisation/link-options', {
-        pageTitle: 'Link Organisation',
-        heading: 'Link Organisation',
-        ...templateData
-      })
+      return {
+        data,
+        response,
+        view: h.view('organisation/link-options', {
+          pageTitle: 'Link Organisation',
+          heading: 'Link Organisation',
+          defraId: request.server.app.defraId,
+          ...templateData
+        })
+      }
     }
-  }
 
-  return { data, response }
+    return { data, response }
+  } catch (error) {
+    request.logger.error(error, 'auth: fetchWithAuthInterception')
+
+    throw error
+  }
 }
diff --git a/src/server/common/helpers/auth/user-session.js b/src/server/common/helpers/auth/user-session.js
@@ -12,6 +12,7 @@ import { getUserSession } from './get-user-session.js'
 async function removeUserSession(request) {
   await dropUserSession(request)
   request.cookieAuth.clear()
+  request.server.app.defraId = null
 }
 
 /**
diff --git a/src/server/common/helpers/errors.js b/src/server/common/helpers/errors.js
@@ -40,7 +40,8 @@ export function catchAll(request, h) {
     .view('error/index', {
       pageTitle: errorMessage,
       heading: statusCode,
-      message: errorMessage
+      message: errorMessage,
+      defraId: request.server.app.defraId
     })
     .code(statusCode)
 }
diff --git a/src/server/common/templates/layouts/page.njk b/src/server/common/templates/layouts/page.njk
@@ -32,6 +32,40 @@
     serviceUrl: "/",
     navigation: navigation
   }) }}
+  {% if isDefraIdEnabled %}
+    <div class="menu">
+      <div class="govuk-grid-row govuk-width-container app-width-container--wide">
+        <div class="govuk-grid-column-full">
+          <ul class="manage-account-links govuk-!-padding-0">
+            {% if defraId.currentRelationship %}
+              <li class="govuk-body-s">
+                <a href="http://localhost:3200/cdp-defra-id-stub/register/{{ defraId.user.id }}" class="govuk-link">{{ defraId.user.name }}</a>
+              </li>
+              <li class="govuk-body-s">
+                {% if defraId.relationships.length > 1 %}
+                  <a
+                    class="govuk-link"
+                    href="http://localhost:3200/cdp-defra-id-stub/register/{{ defraId.user.id }}/relationship/{{ defraId.currentRelationship.id }}/current"
+                  >
+                    {{ defraId.currentRelationship.orgName }}
+                  </a>
+                {% else %}
+                  {{ defraId.currentRelationship.orgName }}
+                {% endif %}
+              </li>
+              <li class="govuk-body-s">
+                <a href="/logout" class="govuk-link">Sign out</a>
+              </li>
+            {% else %}
+              <li class="govuk-body-s">
+                <a href="/login" class="govuk-link">Sign in</a>
+              </li>
+            {% endif %}
+          </ul>
+        </div>
+      </div>
+    </div>
+  {% endif %}
 {% endblock %}
 
 {% block pageTitle %}
diff --git a/src/server/home/controller.js b/src/server/home/controller.js
@@ -1,13 +1,34 @@
+import { config } from '#config/config.js'
+import { fetchWithAuthInterception } from '#server/common/helpers/auth/fetch.js'
+
 /**
  * A GDS styled example home page controller.
  * Provided as an example, remove or modify as required.
  * @satisfies {Partial<ServerRoute>}
  */
 export const homeController = {
-  handler(_request, h) {
+  async handler(request, h) {
+    if (request.auth.isAuthenticated) {
+      const { currentRelationship } = request.server.app.defraId
+      const baseUrl = config.get('eprBackendUrl')
+      const url = `${baseUrl}/v1/organisations/${currentRelationship.orgId}/defra-id-org-id`
+      const { data, view } = await fetchWithAuthInterception(url, request, h)
+
+      if (view) {
+        return view
+      }
+
+      if (data.length === 1) {
+        return h.redirect(`/organisations/${data[0].id}`)
+      }
+
+      // @todo: handle multiple matches by DefraIdOrgId
+    }
+
     return h.view('home/index', {
       pageTitle: 'Home',
-      heading: 'Home'
+      heading: 'Home',
+      defraId: request.server.app.defraId
     })
   }
 }
diff --git a/src/server/home/index.njk b/src/server/home/index.njk
@@ -6,41 +6,29 @@
       <div class="govuk-body" data-testid="app-page-body">
         <h1 class="govuk-heading-l">Sites</h1>
 
-        {% if isDefraIdEnabled %}
-          {% if authedUser and authedUser.displayName %}
-            <div class="govuk-panel govuk-panel--confirmation" style="background-color: #f3f2f1; border: 2px solid #1d70b8;">
-              <div class="govuk-panel__body" style="color: #0b0c0c;">
-                Welcome, <strong>{{ authedUser.displayName }}</strong>
-              </div>
+        {% if isDefraIdEnabled and authedUser and authedUser.displayName %}
+          <div class="govuk-panel govuk-panel--confirmation" style="background-color: #f3f2f1; border: 2px solid #1d70b8;">
+            <div class="govuk-panel__body" style="color: #0b0c0c;">
+              Welcome, <strong>{{ authedUser.displayName }}</strong>
             </div>
-            <p class="govuk-body">
-              <a href="/logout" class="govuk-link">Sign out</a>
-            </p>
-            <details class="govuk-details">
-              <summary class="govuk-details__summary">
-                <span class="govuk-details__summary-text">
-                  View your account details
-                </span>
-              </summary>
-              <div class="govuk-details__text">
-                <dl class="govuk-summary-list">
-                  {% for key, value in authedUser %}
-                    <div class="govuk-summary-list__row">
-                      <dt class="govuk-summary-list__key">{{ key }}</dt>
-                      <dd class="govuk-summary-list__value"><code>{{ value }}</code></dd>
-                    </div>
-                  {% endfor %}
-                </dl>
-              </div>
-            </details>
-          {% else %}
-            <p class="govuk-body">
-              Welcome, guest!
-            </p>
-            <p class="govuk-body">
-              You can <a id="login-link" href="/login" class="govuk-link">sign in</a> to access your account.
-            </p>
-          {% endif %}
+          </div>
+          <details class="govuk-details">
+            <summary class="govuk-details__summary">
+              <span class="govuk-details__summary-text">
+                View your account details
+              </span>
+            </summary>
+            <div class="govuk-details__text">
+              <dl class="govuk-summary-list">
+                {% for key, value in authedUser %}
+                  <div class="govuk-summary-list__row">
+                    <dt class="govuk-summary-list__key">{{ key }}</dt>
+                    <dd class="govuk-summary-list__value"><code>{{ value }}</code></dd>
+                  </div>
+                {% endfor %}
+              </dl>
+            </div>
+          </details>
         {% endif %}
 
         <h2 class="govuk-heading-m">Test</h2>
@@ -50,12 +38,18 @@
         <p>
           <a href="/organisations/6507f1f77bcf86cd79943921" class="govuk-link">Plastic Exporters</a>
         </p>
+        <p>
+          <a href="/organisations/6507f1f77bcf86cd79943931" class="govuk-link">Future Green Trust</a>
+        </p>
         <p>
           <a href="/organisations/6507f1f77bcf86cd79943901/registrations/6507f1f77bcf86cd79943902" class="govuk-link">ACME ltd: Glass</a>
         </p>
         <p>
           <a href="/organisations/6507f1f77bcf86cd79943921/registrations/6507f1f77bcf86cd79943922" class="govuk-link">Plastic Exporters: Plastic</a>
         </p>
+        <p>
+          <a href="/organisations/6507f1f77bcf86cd79943931/registrations/6507f1f77bcf86cd79943932" class="govuk-link">Future Green Trust: Steel</a>
+        </p>
       </div>
     </div>
   </div>
diff --git a/src/server/logout/controller.js b/src/server/logout/controller.js
diff --git a/src/server/organisation/controller.js b/src/server/organisation/controller.js
diff --git a/src/server/organisation/link-options.njk b/src/server/organisation/link-options.njk
diff --git a/src/server/registration/controller.js b/src/server/registration/controller.js

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@ import { getUserSession } from './get-user-session.js'`
`12`	`12`	`async function removeUserSession(request) {`
`13`	`13`	`await dropUserSession(request)`
`14`	`14`	`request.cookieAuth.clear()`
	`15`	`+ request.server.app.defraId = null`
`15`	`16`	`}`
`16`	`17`
`17`	`18`	`/**`