Merge pull request #2067 from govuk-one-login/AUT-3601/send-reauth-in…

…fo-to-auth-code

AUT-3601: Add is reauth journey to auth code request

src/components/auth-code/auth-code-service.ts

@@ -7,7 +7,11 @@ import {
   Http,
 } from "../../utils/http";
 import { AuthCodeResponse, AuthCodeServiceInterface } from "./types";
-import { getApiBaseUrl, getFrontendApiBaseUrl } from "../../config";
+import {
+  getApiBaseUrl,
+  getFrontendApiBaseUrl,
+  supportReauthentication,
+} from "../../config";
 import { AxiosResponse } from "axios";
 import { Request } from "express";
 export function authCodeService(axios: Http = http): AuthCodeServiceInterface {
@@ -39,14 +43,17 @@ export function authCodeService(axios: Http = http): AuthCodeServiceInterface {
     let response: AxiosResponse;
 
     if (useOrchAuthCode) {
-      const body = {
+      let body: any = {
         claims: clientSession.claim,
         state: clientSession.state,
         "redirect-uri": clientSession.redirectUri,
         "rp-sector-uri": clientSession.rpSectorHost,
         "is-new-account": userSession?.isAccountCreationJourney ?? false,
         "password-reset-time": userSession?.passwordResetTime,
       };
+      if (supportReauthentication() && userSession.reauthenticate) {
+        body = { ...body, "is-reauth-journey": true };
+      }
       response = await axios.client.post(path, body, config);
     } else {
       response = await axios.client.get(path, config);

src/components/auth-code/tests/auth-code-service.test.ts

@@ -67,6 +67,7 @@ describe("authentication auth code service", () => {
   afterEach(() => {
     getStub.reset();
     postStub.reset();
+    delete process.env.SUPPORT_REAUTHENTICATION;
   });
 
   describe("with auth orch split feature flag on", () => {
@@ -124,6 +125,64 @@ describe("authentication auth code service", () => {
       expect(result.data.location).to.deep.eq(redirectUriReturnedFromResponse);
     });
 
+    it("it should make a post request to the orch auth endpoint with is reauthenticate journey true for a reauthentication journey", async () => {
+      process.env.SUPPORT_REAUTHENTICATION = "1";
+
+      const req = createMockRequest(PATH_NAMES.AUTH_CODE);
+      req.ip = sourceIp;
+      req.headers = {
+        "txma-audit-encoded": auditEncodedString,
+        "x-forwarded-for": sourceIp,
+      };
+      const claim = ["phone_number", "phone_number_verified"];
+      const state = "state";
+      const sessionClient = {
+        claim: claim,
+        state: state,
+        redirectUri: redirectUriSentToAuth,
+        rpSectorHost: rpSectorHostSentToAuth,
+      };
+
+      const userSessionClient = {
+        isAccountCreationJourney: isAccountCreationJourneyUserSession,
+        passwordResetTime: passwordResetTime,
+        reauthenticate: "123456",
+      };
+
+      const result = await service.getAuthCode(
+        sessionId,
+        clientSessionId,
+        persistentSessionId,
+        sessionClient,
+        userSessionClient,
+        req
+      );
+
+      const expectedBody = {
+        claims: claim,
+        state: state,
+        "redirect-uri": redirectUriSentToAuth,
+        "rp-sector-uri": rpSectorHostSentToAuth,
+        "is-new-account": isAccountCreationJourneyUserSession,
+        "password-reset-time": passwordResetTime,
+        "is-reauth-journey": true,
+      };
+
+      expect(
+        postStub.calledOnceWithExactly(
+          API_ENDPOINTS.ORCH_AUTH_CODE,
+          expectedBody,
+          {
+            headers: expectedHeaders,
+            proxy: sinon.match.bool,
+            baseURL: frontendBaseUrl,
+          }
+        )
+      ).to.be.true;
+      expect(getStub.notCalled).to.be.true;
+      expect(result.data.location).to.deep.eq(redirectUriReturnedFromResponse);
+    });
+
     it("should make a request for an RP auth code following the prove identity callback page", async () => {
       const req = createMockRequest(PATH_NAMES.AUTH_CODE);
       req.ip = sourceIp;