Merge pull request #1534 from ministryofjustice/MLPAB-2314-failed-ide…

…ntity-event

MLPAB-2314 Send identity-check-mismatched for failed identity

internal/certificateprovider/certificateproviderpage/identity_with_one_login_callback.go

@@ -9,7 +9,6 @@ import (
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/certificateprovider"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/certificateprovider/certificateproviderdata"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/event"
-	"github.com/ministryofjustice/opg-modernising-lpa/internal/identity"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/notify"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/page"
 )
@@ -56,47 +55,49 @@ func IdentityWithOneLoginCallback(oneLoginClient OneLoginClient, sessionStore Se
 			return err
 		}
 
-		switch certificateProvider.IdentityUserData.Status {
-		case identity.StatusConfirmed:
-			if certificateProvider.CertificateProviderIdentityConfirmed(lpa.CertificateProvider.FirstNames, lpa.CertificateProvider.LastName) {
-				if err := lpaStoreClient.SendCertificateProviderConfirmIdentity(r.Context(), lpa.LpaUID, certificateProvider); err != nil {
-					return err
-				}
-			} else {
-				if err := eventClient.SendIdentityCheckMismatched(r.Context(), event.IdentityCheckMismatched{
-					LpaUID:   lpa.LpaUID,
-					ActorUID: actoruid.Prefixed(certificateProvider.UID),
-					Provided: event.IdentityCheckMismatchedDetails{
-						FirstNames:  lpa.CertificateProvider.FirstNames,
-						LastName:    lpa.CertificateProvider.LastName,
-						DateOfBirth: certificateProvider.DateOfBirth,
-					},
-					Verified: event.IdentityCheckMismatchedDetails{
-						FirstNames:  userData.FirstNames,
-						LastName:    userData.LastName,
-						DateOfBirth: userData.DateOfBirth,
-					},
-				}); err != nil {
-					return err
-				}
+		if certificateProvider.CertificateProviderIdentityConfirmed(lpa.CertificateProvider.FirstNames, lpa.CertificateProvider.LastName) {
+			if err := lpaStoreClient.SendCertificateProviderConfirmIdentity(r.Context(), lpa.LpaUID, certificateProvider); err != nil {
+				return err
 			}
 
 			return certificateprovider.PathOneLoginIdentityDetails.Redirect(w, r, appData, certificateProvider.LpaID)
-		default:
-			if !lpa.SignedAt.IsZero() {
-				if err = notifyClient.SendActorEmail(r.Context(), lpa.CorrespondentEmail(), lpa.LpaUID, notify.CertificateProviderFailedIDCheckEmail{
-					Greeting:                    notifyClient.EmailGreeting(lpa),
-					DonorFullName:               lpa.Donor.FullName(),
-					CertificateProviderFullName: lpa.CertificateProvider.FullName(),
-					LpaType:                     appData.Localizer.T(lpa.Type.String()),
-					DonorStartPageURL:           appPublicURL + page.PathStart.Format(),
-				}); err != nil {
-					return err
-				}
+		}
+
+		if certificateProvider.IdentityUserData.Status.IsConfirmed() || certificateProvider.IdentityUserData.Status.IsFailed() {
+			if err := eventClient.SendIdentityCheckMismatched(r.Context(), event.IdentityCheckMismatched{
+				LpaUID:   lpa.LpaUID,
+				ActorUID: actoruid.Prefixed(certificateProvider.UID),
+				Provided: event.IdentityCheckMismatchedDetails{
+					FirstNames:  lpa.CertificateProvider.FirstNames,
+					LastName:    lpa.CertificateProvider.LastName,
+					DateOfBirth: certificateProvider.DateOfBirth,
+				},
+				Verified: event.IdentityCheckMismatchedDetails{
+					FirstNames:  userData.FirstNames,
+					LastName:    userData.LastName,
+					DateOfBirth: userData.DateOfBirth,
+				},
+			}); err != nil {
+				return err
 			}
+		}
 
-			return certificateprovider.PathUnableToConfirmIdentity.Redirect(w, r, appData, certificateProvider.LpaID)
+		if certificateProvider.IdentityUserData.Status.IsConfirmed() {
+			return certificateprovider.PathOneLoginIdentityDetails.Redirect(w, r, appData, certificateProvider.LpaID)
+		}
 
+		if !lpa.SignedAt.IsZero() {
+			if err := notifyClient.SendActorEmail(r.Context(), lpa.CorrespondentEmail(), lpa.LpaUID, notify.CertificateProviderFailedIDCheckEmail{
+				Greeting:                    notifyClient.EmailGreeting(lpa),
+				DonorFullName:               lpa.Donor.FullName(),
+				CertificateProviderFullName: lpa.CertificateProvider.FullName(),
+				LpaType:                     appData.Localizer.T(lpa.Type.String()),
+				DonorStartPageURL:           appPublicURL + page.PathStart.Format(),
+			}); err != nil {
+				return err
+			}
 		}
+
+		return certificateprovider.PathUnableToConfirmIdentity.Redirect(w, r, appData, certificateProvider.LpaID)
 	}
 }

internal/certificateprovider/certificateproviderpage/identity_with_one_login_callback_test.go

@@ -247,7 +247,18 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityCheckFailed(t *testing.T) {
 		}).
 		Return(nil)
 
-	err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, certificateProviderStore, lpaStoreResolvingService, notifyClient, nil, nil, "www.example.com")(testAppData, w, r, &certificateproviderdata.Provided{LpaID: "lpa-id"})
+	eventClient := newMockEventClient(t)
+	eventClient.EXPECT().
+		SendIdentityCheckMismatched(r.Context(), event.IdentityCheckMismatched{
+			LpaUID: "lpa-uid",
+			Provided: event.IdentityCheckMismatchedDetails{
+				FirstNames: "a",
+				LastName:   "b",
+			},
+		}).
+		Return(nil)
+
+	err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, certificateProviderStore, lpaStoreResolvingService, notifyClient, nil, eventClient, "www.example.com")(testAppData, w, r, &certificateproviderdata.Provided{LpaID: "lpa-id"})
 	resp := w.Result()
 
 	assert.Nil(t, err)
@@ -314,7 +325,12 @@ func TestGetIdentityWithOneLoginCallbackWhenSendingEmailError(t *testing.T) {
 		SendActorEmail(mock.Anything, mock.Anything, mock.Anything, mock.Anything).
 		Return(expectedError)
 
-	err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, certificateProviderStore, lpaStoreResolvingService, notifyClient, nil, nil, "www.example.com")(testAppData, w, r, &certificateproviderdata.Provided{LpaID: "lpa-id"})
+	eventClient := newMockEventClient(t)
+	eventClient.EXPECT().
+		SendIdentityCheckMismatched(mock.Anything, mock.Anything).
+		Return(nil)
+
+	err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, certificateProviderStore, lpaStoreResolvingService, notifyClient, nil, eventClient, "www.example.com")(testAppData, w, r, &certificateproviderdata.Provided{LpaID: "lpa-id"})
 	resp := w.Result()
 
 	assert.Equal(t, expectedError, err)

internal/donor/donorpage/identity_with_one_login_callback.go

@@ -52,7 +52,7 @@ func IdentityWithOneLoginCallback(oneLoginClient OneLoginClient, sessionStore Se
 			provided.Tasks.ConfirmYourIdentityAndSign = task.IdentityStateInProgress
 		}
 
-		if !provided.WitnessedByCertificateProviderAt.IsZero() && !provided.DonorIdentityConfirmed() {
+		if (!provided.WitnessedByCertificateProviderAt.IsZero() && !provided.DonorIdentityConfirmed()) || provided.IdentityUserData.Status.IsFailed() {
 			if err := eventClient.SendIdentityCheckMismatched(r.Context(), event.IdentityCheckMismatched{
 				LpaUID:   provided.LpaUID,
 				ActorUID: actoruid.Prefixed(provided.Donor.UID),

internal/donor/donorpage/identity_with_one_login_callback_test.go

@@ -258,18 +258,15 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) {
 		return sessionStore
 	}
 
-	sessionIgnored := func(t *testing.T) *mockSessionStore {
-		return nil
-	}
-
-	donorStoreIgnored := func(t *testing.T) *mockDonorStore {
-		return nil
-	}
+	sessionIgnored := func(*testing.T) *mockSessionStore { return nil }
+	donorStoreIgnored := func(*testing.T) *mockDonorStore { return nil }
+	eventClientIgnored := func(*testing.T) *mockEventClient { return nil }
 
 	testCases := map[string]struct {
 		oneLoginClient func(t *testing.T) *mockOneLoginClient
 		sessionStore   func(*testing.T) *mockSessionStore
 		donorStore     func(*testing.T) *mockDonorStore
+		eventClient    func(*testing.T) *mockEventClient
 		url            string
 		error          error
 	}{
@@ -297,6 +294,14 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) {
 
 				return donorStore
 			},
+			eventClient: func(t *testing.T) *mockEventClient {
+				eventClient := newMockEventClient(t)
+				eventClient.EXPECT().
+					SendIdentityCheckMismatched(mock.Anything, mock.Anything).
+					Return(nil)
+
+				return eventClient
+			},
 			error: expectedError,
 		},
 		"errored on parse": {
@@ -316,6 +321,7 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) {
 			},
 			sessionStore: sessionRetrieved,
 			error:        expectedError,
+			eventClient:  eventClientIgnored,
 			donorStore:   donorStoreIgnored,
 		},
 		"errored on userinfo": {
@@ -332,6 +338,7 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) {
 			},
 			sessionStore: sessionRetrieved,
 			error:        expectedError,
+			eventClient:  eventClientIgnored,
 			donorStore:   donorStoreIgnored,
 		},
 		"errored on exchange": {
@@ -345,6 +352,7 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) {
 			},
 			sessionStore: sessionRetrieved,
 			error:        expectedError,
+			eventClient:  eventClientIgnored,
 			donorStore:   donorStoreIgnored,
 		},
 		"provider access denied": {
@@ -353,6 +361,7 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) {
 				return newMockOneLoginClient(t)
 			},
 			sessionStore: sessionIgnored,
+			eventClient:  eventClientIgnored,
 			donorStore:   donorStoreIgnored,
 			error:        errors.New("access denied"),
 		},
@@ -365,8 +374,9 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) {
 
 			sessionStore := tc.sessionStore(t)
 			oneLoginClient := tc.oneLoginClient(t)
+			eventClient := tc.eventClient(t)
 
-			err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, tc.donorStore(t), nil, nil)(testAppData, w, r, &donordata.Provided{})
+			err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, tc.donorStore(t), nil, eventClient)(testAppData, w, r, &donordata.Provided{})
 			resp := w.Result()
 
 			assert.Equal(t, tc.error, err)
@@ -421,12 +431,14 @@ func TestGetIdentityWithOneLoginCallbackWhenAnyOtherReturnCodeClaimPresent(t *te
 	w := httptest.NewRecorder()
 	r, _ := http.NewRequest(http.MethodGet, "/?code=a-code", nil)
 	userInfo := onelogin.UserInfo{ReturnCodes: []onelogin.ReturnCodeInfo{{Code: "T"}}}
+	actorUID := actoruid.New()
 
 	donorStore := newMockDonorStore(t)
 	donorStore.EXPECT().
 		Put(r.Context(), &donordata.Provided{
-			Donor:            donordata.Donor{FirstNames: "John", LastName: "Doe"},
+			Donor:            donordata.Donor{UID: actorUID, FirstNames: "John", LastName: "Doe"},
 			LpaID:            "lpa-id",
+			LpaUID:           "lpa-uid",
 			IdentityUserData: identity.UserData{Status: identity.StatusFailed},
 			Tasks:            donordata.Tasks{ConfirmYourIdentityAndSign: task.IdentityStateProblem},
 		}).
@@ -448,9 +460,22 @@ func TestGetIdentityWithOneLoginCallbackWhenAnyOtherReturnCodeClaimPresent(t *te
 		ParseIdentityClaim(mock.Anything).
 		Return(identity.UserData{Status: identity.StatusFailed}, nil)
 
-	err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, donorStore, nil, nil)(testAppData, w, r, &donordata.Provided{
-		Donor: donordata.Donor{FirstNames: "John", LastName: "Doe"},
-		LpaID: "lpa-id",
+	eventClient := newMockEventClient(t)
+	eventClient.EXPECT().
+		SendIdentityCheckMismatched(r.Context(), event.IdentityCheckMismatched{
+			LpaUID:   "lpa-uid",
+			ActorUID: actoruid.Prefixed(actorUID),
+			Provided: event.IdentityCheckMismatchedDetails{
+				FirstNames: "John",
+				LastName:   "Doe",
+			},
+		}).
+		Return(nil)
+
+	err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, donorStore, nil, eventClient)(testAppData, w, r, &donordata.Provided{
+		Donor:  donordata.Donor{UID: actorUID, FirstNames: "John", LastName: "Doe"},
+		LpaID:  "lpa-id",
+		LpaUID: "lpa-uid",
 	})
 	resp := w.Result()