From ba52864fce5672028af5c7be558aa2ff65e175ef Mon Sep 17 00:00:00 2001
From: Mahesh Makani <mahesh@makani.dev>
Date: Wed, 5 Feb 2025 14:26:50 +0000
Subject: [PATCH] fix(passcodes): show corrent error page on password incorrect

---
 .../integration/ete/sign_in_passcode.8.cy.ts  | 20 +++++++++++++++++++
 src/server/controllers/signInControllers.ts   |  2 +-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/cypress/integration/ete/sign_in_passcode.8.cy.ts b/cypress/integration/ete/sign_in_passcode.8.cy.ts
index 9d6e441b0..3a8835278 100644
--- a/cypress/integration/ete/sign_in_passcode.8.cy.ts
+++ b/cypress/integration/ete/sign_in_passcode.8.cy.ts
@@ -186,6 +186,7 @@ describe('Sign In flow, with passcode', () => {
 					cy.contains('Enter your one-time code');
 					cy.contains('Sign in with password instead').click();
 
+					// password page
 					cy.url().should('include', '/signin/password');
 					cy.get('input[name=email]').should('have.value', emailAddress);
 					cy.get('input[name=password]').type(finalPassword);
@@ -194,6 +195,25 @@ describe('Sign In flow, with passcode', () => {
 				});
 		});
 
+		it('selects password option to sign in and show correct error page on incorrect password', () => {
+			const emailAddress = randomMailosaurEmail();
+			cy.visit(`/signin?usePasscodeSignIn=true`);
+			cy.get('input[name=email]').type(emailAddress);
+			cy.get('[data-cy="main-form-submit-button"]').click();
+			// passcode page
+			cy.url().should('include', '/signin/code');
+			cy.contains('Enter your one-time code');
+			cy.contains('Sign in with password instead').click();
+
+			// password page
+			cy.url().should('include', '/signin/password');
+			cy.get('input[name=email]').should('have.value', emailAddress);
+			cy.get('input[name=password]').type(randomPassword());
+			cy.get('[data-cy="main-form-submit-button"]').click();
+			cy.url().should('include', '/signin/password');
+			cy.contains('Email and password don’t match');
+		});
+
 		it('should sign in with passcode - resend email', () => {
 			cy
 				.createTestUser({
diff --git a/src/server/controllers/signInControllers.ts b/src/server/controllers/signInControllers.ts
index 547472385..c41d3e030 100644
--- a/src/server/controllers/signInControllers.ts
+++ b/src/server/controllers/signInControllers.ts
@@ -618,7 +618,7 @@ export const oktaIdxApiSignInController = async ({
 
 		// if we're using passcodes, and the user is attempting to sign in with a password
 		// on error show the password sign in page
-		const errorPage: RoutePaths = usePasscode ? '/signin/password' : '/signin';
+		const errorPage: RoutePaths = usePasscode ? '/signin' : '/signin/password';
 
 		const html = renderer(errorPage, {
 			requestState: mergeRequestState(res.locals, {