From 6db54e6ee725a0e87f2d05283608e4aac3eaa5b2 Mon Sep 17 00:00:00 2001 From: BeckaL Date: Tue, 17 Sep 2024 14:50:06 +0100 Subject: [PATCH] AUT-3601: Add is reauth journey to auth code request This will control whether or not the auth code handler emits the "reauth success" event --- src/components/auth-code/auth-code-service.ts | 11 +++- .../auth-code/tests/auth-code-service.test.ts | 59 +++++++++++++++++++ 2 files changed, 68 insertions(+), 2 deletions(-) diff --git a/src/components/auth-code/auth-code-service.ts b/src/components/auth-code/auth-code-service.ts index 6d9b87e36..96cfc6f7a 100644 --- a/src/components/auth-code/auth-code-service.ts +++ b/src/components/auth-code/auth-code-service.ts @@ -7,7 +7,11 @@ import { Http, } from "../../utils/http"; import { AuthCodeResponse, AuthCodeServiceInterface } from "./types"; -import { getApiBaseUrl, getFrontendApiBaseUrl } from "../../config"; +import { + getApiBaseUrl, + getFrontendApiBaseUrl, + supportReauthentication, +} from "../../config"; import { AxiosResponse } from "axios"; import { Request } from "express"; export function authCodeService(axios: Http = http): AuthCodeServiceInterface { @@ -39,7 +43,7 @@ export function authCodeService(axios: Http = http): AuthCodeServiceInterface { let response: AxiosResponse; if (useOrchAuthCode) { - const body = { + let body: any = { claims: clientSession.claim, state: clientSession.state, "redirect-uri": clientSession.redirectUri, @@ -47,6 +51,9 @@ export function authCodeService(axios: Http = http): AuthCodeServiceInterface { "is-new-account": userSession?.isAccountCreationJourney ?? false, "password-reset-time": userSession?.passwordResetTime, }; + if (supportReauthentication() && userSession.reauthenticate) { + body = { ...body, "is-reauth-journey": true }; + } response = await axios.client.post(path, body, config); } else { response = await axios.client.get(path, config); diff --git a/src/components/auth-code/tests/auth-code-service.test.ts b/src/components/auth-code/tests/auth-code-service.test.ts index 7e77f8790..12be938b5 100644 --- a/src/components/auth-code/tests/auth-code-service.test.ts +++ b/src/components/auth-code/tests/auth-code-service.test.ts @@ -67,6 +67,7 @@ describe("authentication auth code service", () => { afterEach(() => { getStub.reset(); postStub.reset(); + delete process.env.SUPPORT_REAUTHENTICATION; }); describe("with auth orch split feature flag on", () => { @@ -124,6 +125,64 @@ describe("authentication auth code service", () => { expect(result.data.location).to.deep.eq(redirectUriReturnedFromResponse); }); + it("it should make a post request to the orch auth endpoint with is reauthenticate journey true for a reauthentication journey", async () => { + process.env.SUPPORT_REAUTHENTICATION = "1"; + + const req = createMockRequest(PATH_NAMES.AUTH_CODE); + req.ip = sourceIp; + req.headers = { + "txma-audit-encoded": auditEncodedString, + "x-forwarded-for": sourceIp, + }; + const claim = ["phone_number", "phone_number_verified"]; + const state = "state"; + const sessionClient = { + claim: claim, + state: state, + redirectUri: redirectUriSentToAuth, + rpSectorHost: rpSectorHostSentToAuth, + }; + + const userSessionClient = { + isAccountCreationJourney: isAccountCreationJourneyUserSession, + passwordResetTime: passwordResetTime, + reauthenticate: "123456", + }; + + const result = await service.getAuthCode( + sessionId, + clientSessionId, + persistentSessionId, + sessionClient, + userSessionClient, + req + ); + + const expectedBody = { + claims: claim, + state: state, + "redirect-uri": redirectUriSentToAuth, + "rp-sector-uri": rpSectorHostSentToAuth, + "is-new-account": isAccountCreationJourneyUserSession, + "password-reset-time": passwordResetTime, + "is-reauth-journey": true, + }; + + expect( + postStub.calledOnceWithExactly( + API_ENDPOINTS.ORCH_AUTH_CODE, + expectedBody, + { + headers: expectedHeaders, + proxy: sinon.match.bool, + baseURL: frontendBaseUrl, + } + ) + ).to.be.true; + expect(getStub.notCalled).to.be.true; + expect(result.data.location).to.deep.eq(redirectUriReturnedFromResponse); + }); + it("should make a request for an RP auth code following the prove identity callback page", async () => { const req = createMockRequest(PATH_NAMES.AUTH_CODE); req.ip = sourceIp;