diff --git a/internal/certificateprovider/certificateproviderpage/identity_with_one_login_callback.go b/internal/certificateprovider/certificateproviderpage/identity_with_one_login_callback.go index c23f32c5a9..64fb043c3d 100644 --- a/internal/certificateprovider/certificateproviderpage/identity_with_one_login_callback.go +++ b/internal/certificateprovider/certificateproviderpage/identity_with_one_login_callback.go @@ -9,7 +9,6 @@ import ( "github.com/ministryofjustice/opg-modernising-lpa/internal/certificateprovider" "github.com/ministryofjustice/opg-modernising-lpa/internal/certificateprovider/certificateproviderdata" "github.com/ministryofjustice/opg-modernising-lpa/internal/event" - "github.com/ministryofjustice/opg-modernising-lpa/internal/identity" "github.com/ministryofjustice/opg-modernising-lpa/internal/notify" "github.com/ministryofjustice/opg-modernising-lpa/internal/page" ) @@ -56,47 +55,49 @@ func IdentityWithOneLoginCallback(oneLoginClient OneLoginClient, sessionStore Se return err } - switch certificateProvider.IdentityUserData.Status { - case identity.StatusConfirmed: - if certificateProvider.CertificateProviderIdentityConfirmed(lpa.CertificateProvider.FirstNames, lpa.CertificateProvider.LastName) { - if err := lpaStoreClient.SendCertificateProviderConfirmIdentity(r.Context(), lpa.LpaUID, certificateProvider); err != nil { - return err - } - } else { - if err := eventClient.SendIdentityCheckMismatched(r.Context(), event.IdentityCheckMismatched{ - LpaUID: lpa.LpaUID, - ActorUID: actoruid.Prefixed(certificateProvider.UID), - Provided: event.IdentityCheckMismatchedDetails{ - FirstNames: lpa.CertificateProvider.FirstNames, - LastName: lpa.CertificateProvider.LastName, - DateOfBirth: certificateProvider.DateOfBirth, - }, - Verified: event.IdentityCheckMismatchedDetails{ - FirstNames: userData.FirstNames, - LastName: userData.LastName, - DateOfBirth: userData.DateOfBirth, - }, - }); err != nil { - return err - } + if certificateProvider.CertificateProviderIdentityConfirmed(lpa.CertificateProvider.FirstNames, lpa.CertificateProvider.LastName) { + if err := lpaStoreClient.SendCertificateProviderConfirmIdentity(r.Context(), lpa.LpaUID, certificateProvider); err != nil { + return err } return certificateprovider.PathOneLoginIdentityDetails.Redirect(w, r, appData, certificateProvider.LpaID) - default: - if !lpa.SignedAt.IsZero() { - if err = notifyClient.SendActorEmail(r.Context(), lpa.CorrespondentEmail(), lpa.LpaUID, notify.CertificateProviderFailedIDCheckEmail{ - Greeting: notifyClient.EmailGreeting(lpa), - DonorFullName: lpa.Donor.FullName(), - CertificateProviderFullName: lpa.CertificateProvider.FullName(), - LpaType: appData.Localizer.T(lpa.Type.String()), - DonorStartPageURL: appPublicURL + page.PathStart.Format(), - }); err != nil { - return err - } + } + + if certificateProvider.IdentityUserData.Status.IsConfirmed() || certificateProvider.IdentityUserData.Status.IsFailed() { + if err := eventClient.SendIdentityCheckMismatched(r.Context(), event.IdentityCheckMismatched{ + LpaUID: lpa.LpaUID, + ActorUID: actoruid.Prefixed(certificateProvider.UID), + Provided: event.IdentityCheckMismatchedDetails{ + FirstNames: lpa.CertificateProvider.FirstNames, + LastName: lpa.CertificateProvider.LastName, + DateOfBirth: certificateProvider.DateOfBirth, + }, + Verified: event.IdentityCheckMismatchedDetails{ + FirstNames: userData.FirstNames, + LastName: userData.LastName, + DateOfBirth: userData.DateOfBirth, + }, + }); err != nil { + return err } + } - return certificateprovider.PathUnableToConfirmIdentity.Redirect(w, r, appData, certificateProvider.LpaID) + if certificateProvider.IdentityUserData.Status.IsConfirmed() { + return certificateprovider.PathOneLoginIdentityDetails.Redirect(w, r, appData, certificateProvider.LpaID) + } + if !lpa.SignedAt.IsZero() { + if err := notifyClient.SendActorEmail(r.Context(), lpa.CorrespondentEmail(), lpa.LpaUID, notify.CertificateProviderFailedIDCheckEmail{ + Greeting: notifyClient.EmailGreeting(lpa), + DonorFullName: lpa.Donor.FullName(), + CertificateProviderFullName: lpa.CertificateProvider.FullName(), + LpaType: appData.Localizer.T(lpa.Type.String()), + DonorStartPageURL: appPublicURL + page.PathStart.Format(), + }); err != nil { + return err + } } + + return certificateprovider.PathUnableToConfirmIdentity.Redirect(w, r, appData, certificateProvider.LpaID) } } diff --git a/internal/certificateprovider/certificateproviderpage/identity_with_one_login_callback_test.go b/internal/certificateprovider/certificateproviderpage/identity_with_one_login_callback_test.go index 5ff4e8e27a..78d77b73a4 100644 --- a/internal/certificateprovider/certificateproviderpage/identity_with_one_login_callback_test.go +++ b/internal/certificateprovider/certificateproviderpage/identity_with_one_login_callback_test.go @@ -247,7 +247,18 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityCheckFailed(t *testing.T) { }). Return(nil) - err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, certificateProviderStore, lpaStoreResolvingService, notifyClient, nil, nil, "www.example.com")(testAppData, w, r, &certificateproviderdata.Provided{LpaID: "lpa-id"}) + eventClient := newMockEventClient(t) + eventClient.EXPECT(). + SendIdentityCheckMismatched(r.Context(), event.IdentityCheckMismatched{ + LpaUID: "lpa-uid", + Provided: event.IdentityCheckMismatchedDetails{ + FirstNames: "a", + LastName: "b", + }, + }). + Return(nil) + + err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, certificateProviderStore, lpaStoreResolvingService, notifyClient, nil, eventClient, "www.example.com")(testAppData, w, r, &certificateproviderdata.Provided{LpaID: "lpa-id"}) resp := w.Result() assert.Nil(t, err) @@ -314,7 +325,12 @@ func TestGetIdentityWithOneLoginCallbackWhenSendingEmailError(t *testing.T) { SendActorEmail(mock.Anything, mock.Anything, mock.Anything, mock.Anything). Return(expectedError) - err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, certificateProviderStore, lpaStoreResolvingService, notifyClient, nil, nil, "www.example.com")(testAppData, w, r, &certificateproviderdata.Provided{LpaID: "lpa-id"}) + eventClient := newMockEventClient(t) + eventClient.EXPECT(). + SendIdentityCheckMismatched(mock.Anything, mock.Anything). + Return(nil) + + err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, certificateProviderStore, lpaStoreResolvingService, notifyClient, nil, eventClient, "www.example.com")(testAppData, w, r, &certificateproviderdata.Provided{LpaID: "lpa-id"}) resp := w.Result() assert.Equal(t, expectedError, err) diff --git a/internal/donor/donorpage/identity_with_one_login_callback.go b/internal/donor/donorpage/identity_with_one_login_callback.go index 944f91e989..da9cefe8b9 100644 --- a/internal/donor/donorpage/identity_with_one_login_callback.go +++ b/internal/donor/donorpage/identity_with_one_login_callback.go @@ -52,7 +52,7 @@ func IdentityWithOneLoginCallback(oneLoginClient OneLoginClient, sessionStore Se provided.Tasks.ConfirmYourIdentityAndSign = task.IdentityStateInProgress } - if !provided.WitnessedByCertificateProviderAt.IsZero() && !provided.DonorIdentityConfirmed() { + if (!provided.WitnessedByCertificateProviderAt.IsZero() && !provided.DonorIdentityConfirmed()) || provided.IdentityUserData.Status.IsFailed() { if err := eventClient.SendIdentityCheckMismatched(r.Context(), event.IdentityCheckMismatched{ LpaUID: provided.LpaUID, ActorUID: actoruid.Prefixed(provided.Donor.UID), diff --git a/internal/donor/donorpage/identity_with_one_login_callback_test.go b/internal/donor/donorpage/identity_with_one_login_callback_test.go index 3df3ba4de3..690e4189d4 100644 --- a/internal/donor/donorpage/identity_with_one_login_callback_test.go +++ b/internal/donor/donorpage/identity_with_one_login_callback_test.go @@ -258,18 +258,15 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) { return sessionStore } - sessionIgnored := func(t *testing.T) *mockSessionStore { - return nil - } - - donorStoreIgnored := func(t *testing.T) *mockDonorStore { - return nil - } + sessionIgnored := func(*testing.T) *mockSessionStore { return nil } + donorStoreIgnored := func(*testing.T) *mockDonorStore { return nil } + eventClientIgnored := func(*testing.T) *mockEventClient { return nil } testCases := map[string]struct { oneLoginClient func(t *testing.T) *mockOneLoginClient sessionStore func(*testing.T) *mockSessionStore donorStore func(*testing.T) *mockDonorStore + eventClient func(*testing.T) *mockEventClient url string error error }{ @@ -297,6 +294,14 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) { return donorStore }, + eventClient: func(t *testing.T) *mockEventClient { + eventClient := newMockEventClient(t) + eventClient.EXPECT(). + SendIdentityCheckMismatched(mock.Anything, mock.Anything). + Return(nil) + + return eventClient + }, error: expectedError, }, "errored on parse": { @@ -316,6 +321,7 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) { }, sessionStore: sessionRetrieved, error: expectedError, + eventClient: eventClientIgnored, donorStore: donorStoreIgnored, }, "errored on userinfo": { @@ -332,6 +338,7 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) { }, sessionStore: sessionRetrieved, error: expectedError, + eventClient: eventClientIgnored, donorStore: donorStoreIgnored, }, "errored on exchange": { @@ -345,6 +352,7 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) { }, sessionStore: sessionRetrieved, error: expectedError, + eventClient: eventClientIgnored, donorStore: donorStoreIgnored, }, "provider access denied": { @@ -353,6 +361,7 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) { return newMockOneLoginClient(t) }, sessionStore: sessionIgnored, + eventClient: eventClientIgnored, donorStore: donorStoreIgnored, error: errors.New("access denied"), }, @@ -365,8 +374,9 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) { sessionStore := tc.sessionStore(t) oneLoginClient := tc.oneLoginClient(t) + eventClient := tc.eventClient(t) - err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, tc.donorStore(t), nil, nil)(testAppData, w, r, &donordata.Provided{}) + err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, tc.donorStore(t), nil, eventClient)(testAppData, w, r, &donordata.Provided{}) resp := w.Result() assert.Equal(t, tc.error, err) @@ -421,12 +431,14 @@ func TestGetIdentityWithOneLoginCallbackWhenAnyOtherReturnCodeClaimPresent(t *te w := httptest.NewRecorder() r, _ := http.NewRequest(http.MethodGet, "/?code=a-code", nil) userInfo := onelogin.UserInfo{ReturnCodes: []onelogin.ReturnCodeInfo{{Code: "T"}}} + actorUID := actoruid.New() donorStore := newMockDonorStore(t) donorStore.EXPECT(). Put(r.Context(), &donordata.Provided{ - Donor: donordata.Donor{FirstNames: "John", LastName: "Doe"}, + Donor: donordata.Donor{UID: actorUID, FirstNames: "John", LastName: "Doe"}, LpaID: "lpa-id", + LpaUID: "lpa-uid", IdentityUserData: identity.UserData{Status: identity.StatusFailed}, Tasks: donordata.Tasks{ConfirmYourIdentityAndSign: task.IdentityStateProblem}, }). @@ -448,9 +460,22 @@ func TestGetIdentityWithOneLoginCallbackWhenAnyOtherReturnCodeClaimPresent(t *te ParseIdentityClaim(mock.Anything). Return(identity.UserData{Status: identity.StatusFailed}, nil) - err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, donorStore, nil, nil)(testAppData, w, r, &donordata.Provided{ - Donor: donordata.Donor{FirstNames: "John", LastName: "Doe"}, - LpaID: "lpa-id", + eventClient := newMockEventClient(t) + eventClient.EXPECT(). + SendIdentityCheckMismatched(r.Context(), event.IdentityCheckMismatched{ + LpaUID: "lpa-uid", + ActorUID: actoruid.Prefixed(actorUID), + Provided: event.IdentityCheckMismatchedDetails{ + FirstNames: "John", + LastName: "Doe", + }, + }). + Return(nil) + + err := IdentityWithOneLoginCallback(oneLoginClient, sessionStore, donorStore, nil, eventClient)(testAppData, w, r, &donordata.Provided{ + Donor: donordata.Donor{UID: actorUID, FirstNames: "John", LastName: "Doe"}, + LpaID: "lpa-id", + LpaUID: "lpa-uid", }) resp := w.Result()