Align Teacher Auth journey with designs (#1267)

TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/AuthorizeAccessLinkGenerator.cs

@@ -11,14 +11,20 @@ public string DebugIdentity(JourneyInstanceId journeyInstanceId) =>
     public string NotVerified(JourneyInstanceId journeyInstanceId) =>
         GetRequiredPathByPage("/NotVerified", journeyInstanceId: journeyInstanceId);
 
-    public string NationalInsuranceNumber(JourneyInstanceId journeyInstanceId) =>
-        GetRequiredPathByPage("/NationalInsuranceNumber", journeyInstanceId: journeyInstanceId);
+    public string Connect(JourneyInstanceId journeyInstanceId) =>
+        GetRequiredPathByPage("/Connect", journeyInstanceId: journeyInstanceId);
 
-    public string NationalInsuranceNumberContinueWithout(JourneyInstanceId journeyInstanceId) =>
-        GetRequiredPathByPage("/NationalInsuranceNumber", handler: "ContinueWithout", journeyInstanceId: journeyInstanceId);
+    public string NationalInsuranceNumber(JourneyInstanceId journeyInstanceId, bool? fromCheckAnswers = null) =>
+        GetRequiredPathByPage("/NationalInsuranceNumber", routeValues: new { fromCheckAnswers }, journeyInstanceId: journeyInstanceId);
 
-    public string Trn(JourneyInstanceId journeyInstanceId) =>
-        GetRequiredPathByPage("/Trn", journeyInstanceId: journeyInstanceId);
+    public string Trn(JourneyInstanceId journeyInstanceId, bool? fromCheckAnswers = null) =>
+        GetRequiredPathByPage("/Trn", routeValues: new { fromCheckAnswers }, journeyInstanceId: journeyInstanceId);
+
+    public string CheckAnswers(JourneyInstanceId journeyInstanceId) =>
+        GetRequiredPathByPage("/CheckAnswers", journeyInstanceId: journeyInstanceId);
+
+    public string Found(JourneyInstanceId journeyInstanceId) =>
+        GetRequiredPathByPage("/Found", journeyInstanceId: journeyInstanceId);
 
     public string NotFound(JourneyInstanceId journeyInstanceId) =>
         GetRequiredPathByPage("/NotFound", journeyInstanceId: journeyInstanceId);

TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Controllers/OidcController.cs → TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Controllers/OAuth2Controller.cs

@@ -12,13 +12,13 @@
 
 namespace TeachingRecordSystem.AuthorizeAccess.Controllers;
 
-public class OidcController(
+public class OAuth2Controller(
     TrsDbContext dbContext,
     IOpenIddictAuthorizationManager authorizationManager,
     IOpenIddictScopeManager scopeManager) : Controller
 {
-    [HttpGet("~/connect/authorize")]
-    [HttpPost("~/connect/authorize")]
+    [HttpGet("~/oauth2/authorize")]
+    [HttpPost("~/oauth2/authorize")]
     [IgnoreAntiforgeryToken]
     public async Task<IActionResult> Authorize()
     {
@@ -82,7 +82,7 @@ public async Task<IActionResult> Authorize()
         return SignIn(new ClaimsPrincipal(identity), OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
     }
 
-    [HttpPost("~/connect/token")]
+    [HttpPost("~/oauth2/token")]
     [IgnoreAntiforgeryToken]
     [Produces("application/json")]
     public async Task<IActionResult> Token()
@@ -109,8 +109,8 @@ public async Task<IActionResult> Token()
     }
 
     [Authorize(AuthenticationSchemes = OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)]
-    [HttpGet("~/connect/userinfo")]
-    [HttpPost("~/connect/userinfo")]
+    [HttpGet("~/oauth2/userinfo")]
+    [HttpPost("~/oauth2/userinfo")]
     [Produces("application/json")]
     public IActionResult UserInfo()
     {

TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/CheckAnswers.cshtml

@@ -0,0 +1,48 @@
+@page "/check-answers"
+@model TeachingRecordSystem.AuthorizeAccess.Pages.CheckAnswersModel
+@{
+    ViewBag.Title = "Check your answers";
+}
+
+@section BeforeContent {
+    <govuk-back-link href="@LinkGenerator.Trn(Model.JourneyInstance!.InstanceId)" />
+}
+
+<div class="govuk-grid-row">
+    <div class="govuk-grid-column-two-thirds">
+        <form action="@LinkGenerator.CheckAnswers(Model.JourneyInstance!.InstanceId)" method="post">
+            <h1 class="govuk-heading-l">@ViewBag.Title</h1>
+
+            <p class="govuk-body">Your GOV.UK One Login could not be connected to your teaching record.</p>
+
+            <p class="govuk-body">Check your answers and try again.</p>
+
+            <govuk-summary-list>
+                <govuk-summary-list-row>
+                    <govuk-summary-list-row-key>
+                        National Insurance number
+                    </govuk-summary-list-row-key>
+                    <govuk-summary-list-row-value>
+                        @(Model.NationalInsuranceNumber ?? "None")
+                    </govuk-summary-list-row-value>
+                    <govuk-summary-list-row-actions>
+                        <govuk-summary-list-row-action href="@LinkGenerator.NationalInsuranceNumber(Model.JourneyInstance!.InstanceId, fromCheckAnswers: true)" visually-hidden-text="National Insurance number">Change</govuk-summary-list-row-action>
+                    </govuk-summary-list-row-actions>
+                </govuk-summary-list-row>
+                <govuk-summary-list-row>
+                    <govuk-summary-list-row-key>
+                        Teacher reference number
+                    </govuk-summary-list-row-key>
+                    <govuk-summary-list-row-value>
+                        @(Model.Trn ?? "None")
+                    </govuk-summary-list-row-value>
+                    <govuk-summary-list-row-actions>
+                        <govuk-summary-list-row-action href="@LinkGenerator.Trn(Model.JourneyInstance!.InstanceId, fromCheckAnswers: true)" visually-hidden-text="teacher reference number">Change</govuk-summary-list-row-action>
+                    </govuk-summary-list-row-actions>
+                </govuk-summary-list-row>
+            </govuk-summary-list>
+
+            <govuk-button type="submit">Continue</govuk-button>
+        </form>
+    </div>
+</div>

TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/CheckAnswers.cshtml.cs

@@ -0,0 +1,48 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using TeachingRecordSystem.FormFlow;
+
+namespace TeachingRecordSystem.AuthorizeAccess.Pages;
+
+[Journey(SignInJourneyState.JourneyName), RequireJourneyInstance]
+public class CheckAnswersModel(SignInJourneyHelper helper) : PageModel
+{
+    public JourneyInstance<SignInJourneyState>? JourneyInstance { get; set; }
+
+    public string? NationalInsuranceNumber => JourneyInstance!.State.NationalInsuranceNumber;
+
+    public string? Trn => JourneyInstance!.State.Trn;
+
+    public void OnGet()
+    {
+    }
+
+    public IActionResult OnPost() => Redirect(helper.LinkGenerator.NotFound(JourneyInstance!.InstanceId));
+
+    public override void OnPageHandlerExecuting(PageHandlerExecutingContext context)
+    {
+        var state = JourneyInstance!.State;
+
+        if (state.OneLoginAuthenticationTicket is null || !state.IdentityVerified)
+        {
+            // Not authenticated/verified with One Login
+            context.Result = BadRequest();
+        }
+        else if (state.AuthenticationTicket is not null)
+        {
+            // Already matched to a Teaching Record
+            context.Result = Redirect(helper.GetSafeRedirectUri(JourneyInstance));
+        }
+        else if (!state.HaveNationalInsuranceNumber.HasValue)
+        {
+            // Not answered the NINO question
+            context.Result = Redirect(helper.LinkGenerator.NationalInsuranceNumber(JourneyInstance.InstanceId));
+        }
+        else if (!state.HaveTrn.HasValue)
+        {
+            // Not answered the TRN question
+            context.Result = Redirect(helper.LinkGenerator.Trn(JourneyInstance.InstanceId));
+        }
+    }
+}

TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/Connect.cshtml

@@ -0,0 +1,31 @@
+@page "/connect"
+@model TeachingRecordSystem.AuthorizeAccess.Pages.ConnectModel
+@{
+    ViewBag.Title = "Connect your GOV.UK One Login to your teaching record";
+}
+
+<div class="govuk-grid-row">
+    <div class="govuk-grid-column-full">
+        <div class="govuk-panel govuk-panel--interruption">
+            <form action="@LinkGenerator.Connect(Model.JourneyInstance!.InstanceId)" method="post">
+                <h1 class="govuk-panel__title">@ViewBag.Title</h1>
+
+                <div class="govuk-panel__body">
+                    <p class="govuk-body-l">
+                        You’ve verified your identity for your GOV.UK One Login.
+                    </p>
+
+                    <p class="govuk-body-l">
+                        You now need to connect it to your teaching record. You’ll be asked for your:
+                        <ul class="govuk-list govuk-list--bullet govuk-body-l">
+                            <li>National Insurance number</li>
+                            <li>teacher reference number</li>
+                        </ul>
+                    </p>
+
+                    <govuk-button class="govuk-!-margin-bottom-0">Connect to your teaching record</govuk-button>
+                </form>
+            </div>
+        </div>
+    </div>
+</div>

TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/Connect.cshtml.cs

@@ -0,0 +1,34 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using TeachingRecordSystem.FormFlow;
+
+namespace TeachingRecordSystem.AuthorizeAccess.Pages;
+
+[Journey(SignInJourneyState.JourneyName), RequireJourneyInstance]
+public class ConnectModel(SignInJourneyHelper helper) : PageModel
+{
+    public JourneyInstance<SignInJourneyState>? JourneyInstance { get; set; }
+
+    public void OnGet()
+    {
+    }
+
+    public IActionResult OnPost() => Redirect(helper.LinkGenerator.NationalInsuranceNumber(JourneyInstance!.InstanceId));
+
+    public override void OnPageHandlerExecuting(PageHandlerExecutingContext context)
+    {
+        var state = JourneyInstance!.State;
+
+        if (state.AuthenticationTicket is not null)
+        {
+            // Already matched to a Teaching Record
+            context.Result = Redirect(helper.GetSafeRedirectUri(JourneyInstance));
+        }
+        else if (state.OneLoginAuthenticationTicket is null || !state.IdentityVerified)
+        {
+            // Not authenticated/verified with One Login
+            context.Result = BadRequest();
+        }
+    }
+}

TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/DebugIdentity.cshtml.cs

@@ -107,9 +107,14 @@ public async Task<IActionResult> OnPost()
 
         await JourneyInstance!.UpdateStateAsync(state =>
         {
-            state.IdentityVerified = IdentityVerified;
-            state.VerifiedNames = verifiedNames;
-            state.VerifiedDatesOfBirth = verifiedDatesOfBirth;
+            if (IdentityVerified)
+            {
+                state.SetVerified(verifiedNames!, verifiedDatesOfBirth!);
+            }
+            else
+            {
+                state.ClearVerified();
+            }
         });
 
         if (DetachPerson && _oneLoginUser?.PersonId is not null)

TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/Found.cshtml

@@ -0,0 +1,24 @@
+@page "/found"
+@model TeachingRecordSystem.AuthorizeAccess.Pages.FoundModel
+@{
+    ViewBag.Title = "We’ve found your teaching record";
+}
+
+<div class="govuk-grid-row">
+    <div class="govuk-grid-column-full">
+        <form action="@LinkGenerator.Found(Model.JourneyInstance!.InstanceId)" method="post">
+            <govuk-panel class="trs-panel--left">
+                <govuk-panel-title>
+                    Your GOV.UK One Login is connected to your teaching record
+                </govuk-panel-title>
+                <govuk-panel-body>
+                    <p class="govuk-body-l">
+                        You won’t need to do this again.
+                    </p>
+
+                    <govuk-button type="submit" class="govuk-!-margin-bottom-0">Access your teaching record</govuk-button>
+                </govuk-panel-body>
+            </govuk-panel>
+        </form>
+    </div>
+</div>

TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/Found.cshtml.cs

@@ -0,0 +1,29 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using TeachingRecordSystem.FormFlow;
+
+namespace TeachingRecordSystem.AuthorizeAccess.Pages;
+
+[Journey(SignInJourneyState.JourneyName), RequireJourneyInstance]
+public class FoundModel(SignInJourneyHelper helper) : PageModel
+{
+    public JourneyInstance<SignInJourneyState>? JourneyInstance { get; set; }
+
+    public void OnGet()
+    {
+    }
+
+    public IActionResult OnPost() => Redirect(helper.GetNextPage(JourneyInstance!));
+
+    public override void OnPageHandlerExecuting(PageHandlerExecutingContext context)
+    {
+        var state = JourneyInstance!.State;
+
+        if (state.AuthenticationTicket is null)
+        {
+            // Not matched
+            context.Result = Redirect(helper.GetNextPage(JourneyInstance));
+        }
+    }
+}

TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/NationalInsuranceNumber.cshtml

@@ -4,26 +4,25 @@
     ViewBag.Title = Html.DisplayNameFor(m => m.NationalInsuranceNumber);
 }
 
+@section BeforeContent {
+    <govuk-back-link href="@(Model.FromCheckAnswers == true ? LinkGenerator.CheckAnswers(Model.JourneyInstance!.InstanceId) : LinkGenerator.Connect(Model.JourneyInstance!.InstanceId))" />
+}
+
 <div class="govuk-grid-row">
     <div class="govuk-grid-column-two-thirds-from-desktop">
-        <form action="@LinkGenerator.NationalInsuranceNumber(Model.JourneyInstance!.InstanceId)" method="post">
-            <govuk-input asp-for="NationalInsuranceNumber" input-class="govuk-input--width-10 govuk-input--extra-letter-spacing">
-                <govuk-input-label is-page-heading="true" class="govuk-label--l" />
-            </govuk-input>
-
-            @* Pressing the Enter key will submit the first submit button - make sure it's the default action *@
-            <button type="submit" class="govuk-!-display-none" tabindex="-1"></button>
-
-            <govuk-details open="@Model.PreviouslyAnsweredCannotProvide">
-                <govuk-details-summary>I cannot provide my National Insurance number</govuk-details-summary>
-                <govuk-details-text>
-                    <p class="govuk-body">You can <a href="https://www.gov.uk/lost-national-insurance-number" rel="noreferrer noopener" target="_blank" class="govuk-link">find a lost National Insurance number (opens in new tab)</a>.</p>
-                    <p class="govuk-body">If you do not have a National Insurance number you can continue without it</p>
-                    <govuk-button type="submit" formaction="@LinkGenerator.NationalInsuranceNumberContinueWithout(Model.JourneyInstance!.InstanceId)" class="govuk-button--secondary">
-                        Continue without it
-                    </govuk-button>
-                </govuk-details-text>
-            </govuk-details>
+        <form action="@LinkGenerator.NationalInsuranceNumber(Model.JourneyInstance!.InstanceId, Model.FromCheckAnswers)" method="post">
+            <govuk-radios asp-for="HaveNationalInsuranceNumber">
+                <govuk-radios-fieldset>
+                    <govuk-radios-fieldset-legend class="govuk-fieldset__legend--l" />
+                    <govuk-radios-item value="@true">
+                        Yes
+                        <govuk-radios-item-conditional>
+                            <govuk-input asp-for="NationalInsuranceNumber" input-class="govuk-input--width-20 govuk-input--extra-letter-spacing" spellcheck="false" />
+                        </govuk-radios-item-conditional>
+                    </govuk-radios-item>
+                    <govuk-radios-item value="@false">No</govuk-radios-item>
+                </govuk-radios-fieldset>
+            </govuk-radios>
 
             <govuk-button type="submit">Continue</govuk-button>
         </form>