Allow certificate provider to continue when identity does not match

ministryofjustice · Nov 21, 2024 · fd92688 · fd92688
1 parent 043ce67
commit fd92688
Show file tree

Hide file tree

Showing 21 changed files with 137 additions and 409 deletions.
diff --git a/cypress/e2e/certificate-provider/confirm-your-identity.cy.js b/cypress/e2e/certificate-provider/confirm-your-identity.cy.js
@@ -8,75 +8,84 @@ describe('confirm your identity', () => {
             .click();
     })
 
-    it('can see details of a successful ID check', () => {
+    it('can see details when successful', () => {
         cy.contains('button', 'Continue').click()
         cy.get('[name="user"]').check('certificate-provider', { force: true })
 
         cy.contains('button', 'Continue').click()
 
-        cy.url().should('contain', '/one-login-identity-details');
+        cy.url().should('contain', '/identity-details');
         cy.checkA11yApp();
 
         cy.contains('Charlie')
         cy.contains('Cooper')
         cy.contains('2 January 1990')
 
-        cy.contains('button', 'Continue').click()
-
-        cy.url().should('contain', '/read-the-lpa');
-        cy.checkA11yApp();
-
         cy.contains('a', 'Return to task list').click()
 
         cy.url().should('contain', '/task-list');
-
         cy.contains('li', 'Confirm your identity').should('contain', 'Completed').click();
 
-        cy.url().should('contain', '/read-the-lpa');
+        cy.url().should('contain', '/identity-details');
+        cy.contains('You have successfully confirmed your identity');
     })
 
-    it('can see next steps when failing an ID check', () => {
+    it('can see details when not matched', () => {
         cy.contains('button', 'Continue').click()
-        cy.get('[name="return-code"]').check('T', { force: true })
+        cy.get('[name="user"]').check('donor', { force: true })
 
         cy.contains('button', 'Continue').click()
 
-        cy.url().should('contain', '/unable-to-confirm-identity');
+        cy.url().should('contain', '/identity-details');
         cy.checkA11yApp();
 
+        cy.contains('Charlie')
+        cy.contains('Cooper')
+        cy.contains('2 January 1990')
+
+        cy.contains('a', 'Return to task list').click()
+
+        cy.url().should('contain', '/task-list');
+        cy.contains('li', 'Confirm your identity').should('contain', 'Pending').click();
+
+        cy.url().should('contain', '/identity-details');
+        cy.contains('Some of the details on the LPA do not match');
+    })
+
+    it('can see next steps when failing', () => {
+        cy.contains('button', 'Continue').click()
+        cy.get('[name="return-code"]').check('T', { force: true })
+
         cy.contains('button', 'Continue').click()
 
-        cy.url().should('contain', '/read-the-lpa');
+        cy.url().should('contain', '/identity-details');
         cy.checkA11yApp();
 
         cy.contains('a', 'Return to task list').click()
 
         cy.url().should('contain', '/task-list');
         cy.contains('li', 'Confirm your identity').should('contain', 'Completed').click();
 
-        cy.url().should('contain', '/read-the-lpa');
+        cy.url().should('contain', '/identity-details');
+        cy.contains('You were not able to confirm your identity');
     })
 
-    it('can see next steps when has insufficient evidence for ID', () => {
+    it('can see next steps when has insufficient evidence', () => {
         cy.contains('button', 'Continue').click()
         cy.get('[name="return-code"]').check('X', { force: true })
 
         cy.contains('button', 'Continue').click()
 
-        cy.url().should('contain', '/unable-to-confirm-identity');
-        cy.checkA11yApp();
-
-        cy.contains('button', 'Continue').click()
-
-        cy.url().should('contain', '/read-the-lpa');
+        cy.url().should('contain', '/identity-details');
         cy.checkA11yApp();
 
         cy.contains('a', 'Return to task list').click()
 
         cy.url().should('contain', '/task-list');
         cy.contains('li', 'Confirm your identity').should('contain', 'Completed').click();
 
-        cy.url().should('contain', '/read-the-lpa');
+        cy.url().should('contain', '/identity-details');
+        cy.contains('You were not able to confirm your identity');
     })
 
     it('can go to the post office ', () => {
@@ -98,5 +107,7 @@ describe('confirm your identity', () => {
             .should('contain', 'Pending')
             .find('a')
             .click();
+
+        cy.url().should('contain', '/completing-your-identity-confirmation');
     });
 })
diff --git a/cypress/e2e/donor/you-cannot-sign-your-lpa-yet.cy.js b/cypress/e2e/donor/you-cannot-sign-your-lpa-yet.cy.js
@@ -18,14 +18,14 @@ describe('You cannot sign your LPA yet', () => {
         cy.contains('a', 'Check and send to your certificate provider').click()
         cy.url().should('contain', '/you-cannot-sign-your-lpa-yet')
 
-        cy.contains('dt', 'Jessie Jones’ date of birth').parent().contains('a', 'Change').click();
+        cy.contains('.govuk-summary-list__row', 'Jessie Jones’ date of birth').contains('a', 'Change').click();
 
         cy.url().should('contain', '/choose-attorneys')
         cy.get('#f-date-of-birth-year').clear().type("2000")
         cy.contains('button', 'Save and continue').click()
         cy.url().should('contain', '/you-cannot-sign-your-lpa-yet')
 
-        cy.contains('dt', 'Blake Buckley’s date of birth').parent().contains('a', 'Change').click();
+        cy.contains('.govuk-summary-list__row', 'Blake Buckley’s date of birth').contains('a', 'Change').click();
 
         cy.url().should('contain', '/choose-replacement-attorneys')
         cy.get('#f-date-of-birth-year').clear().type("2000")

diff --git a/internal/certificateprovider/certificateproviderpage/identity_with_one_login_callback.go b/internal/certificateprovider/certificateproviderpage/identity_with_one_login_callback.go
@@ -11,12 +11,13 @@ import (
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/lpastore/lpadata"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/notify"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/page"
+	"github.com/ministryofjustice/opg-modernising-lpa/internal/task"
 )
 
 func IdentityWithOneLoginCallback(oneLoginClient OneLoginClient, sessionStore SessionStore, certificateProviderStore CertificateProviderStore, notifyClient NotifyClient, lpaStoreClient LpaStoreClient, eventClient EventClient, appPublicURL string) Handler {
 	return func(appData appcontext.Data, w http.ResponseWriter, r *http.Request, certificateProvider *certificateproviderdata.Provided, lpa *lpadata.Lpa) error {
 		if certificateProvider.CertificateProviderIdentityConfirmed(lpa.CertificateProvider.FirstNames, lpa.CertificateProvider.LastName) {
-			return certificateprovider.PathOneLoginIdentityDetails.Redirect(w, r, appData, certificateProvider.LpaID)
+			return certificateprovider.PathIdentityDetails.Redirect(w, r, appData, certificateProvider.LpaID)
 		}
 
 		if r.FormValue("error") == "access_denied" {
@@ -46,7 +47,13 @@ func IdentityWithOneLoginCallback(oneLoginClient OneLoginClient, sessionStore Se
 
 		certificateProvider.IdentityUserData = userData
 
-		if err = certificateProviderStore.Put(r.Context(), certificateProvider); err != nil {
+		if userData.Status.IsConfirmed() && !certificateProvider.CertificateProviderIdentityConfirmed(lpa.CertificateProvider.FirstNames, lpa.CertificateProvider.LastName) {
+			certificateProvider.Tasks.ConfirmYourIdentity = task.IdentityStatePending
+		} else {
+			certificateProvider.Tasks.ConfirmYourIdentity = task.IdentityStateCompleted
+		}
+
+		if err := certificateProviderStore.Put(r.Context(), certificateProvider); err != nil {
 			return err
 		}
 
@@ -55,7 +62,7 @@ func IdentityWithOneLoginCallback(oneLoginClient OneLoginClient, sessionStore Se
 				return err
 			}
 
-			return certificateprovider.PathOneLoginIdentityDetails.Redirect(w, r, appData, certificateProvider.LpaID)
+			return certificateprovider.PathIdentityDetails.Redirect(w, r, appData, certificateProvider.LpaID)
 		}
 
 		if certificateProvider.IdentityUserData.Status.IsConfirmed() || certificateProvider.IdentityUserData.Status.IsFailed() {
@@ -78,7 +85,7 @@ func IdentityWithOneLoginCallback(oneLoginClient OneLoginClient, sessionStore Se
 		}
 
 		if certificateProvider.IdentityUserData.Status.IsConfirmed() {
-			return certificateprovider.PathOneLoginIdentityDetails.Redirect(w, r, appData, certificateProvider.LpaID)
+			return certificateprovider.PathIdentityDetails.Redirect(w, r, appData, certificateProvider.LpaID)
 		}
 
 		if lpa.SignedForDonor() {
@@ -93,6 +100,6 @@ func IdentityWithOneLoginCallback(oneLoginClient OneLoginClient, sessionStore Se
 			}
 		}
 
-		return certificateprovider.PathUnableToConfirmIdentity.Redirect(w, r, appData, certificateProvider.LpaID)
+		return certificateprovider.PathIdentityDetails.Redirect(w, r, appData, certificateProvider.LpaID)
 	}
 }
diff --git a/...rnal/certificateprovider/certificateproviderpage/identity_with_one_login_callback_test.go b/...rnal/certificateprovider/certificateproviderpage/identity_with_one_login_callback_test.go
@@ -19,6 +19,7 @@ import (
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/onelogin"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/page"
 	"github.com/ministryofjustice/opg-modernising-lpa/internal/sesh"
+	"github.com/ministryofjustice/opg-modernising-lpa/internal/task"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )
@@ -34,6 +35,7 @@ func TestGetIdentityWithOneLoginCallback(t *testing.T) {
 	updatedCertificateProvider := &certificateproviderdata.Provided{
 		IdentityUserData: userData,
 		LpaID:            "lpa-id",
+		Tasks:            certificateproviderdata.Tasks{ConfirmYourIdentity: task.IdentityStateCompleted},
 	}
 
 	certificateProviderStore := newMockCertificateProviderStore(t)
@@ -67,7 +69,7 @@ func TestGetIdentityWithOneLoginCallback(t *testing.T) {
 
 	assert.Nil(t, err)
 	assert.Equal(t, http.StatusFound, resp.StatusCode)
-	assert.Equal(t, certificateprovider.PathOneLoginIdentityDetails.Format("lpa-id"), resp.Header.Get("Location"))
+	assert.Equal(t, certificateprovider.PathIdentityDetails.Format("lpa-id"), resp.Header.Get("Location"))
 }
 
 func TestGetIdentityWithOneLoginCallbackWhenIdentityMismatched(t *testing.T) {
@@ -85,6 +87,7 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityMismatched(t *testing.T) {
 			LpaID:            "lpa-id",
 			UID:              actorUID,
 			IdentityUserData: userData,
+			Tasks:            certificateproviderdata.Tasks{ConfirmYourIdentity: task.IdentityStatePending},
 		}).
 		Return(nil)
 
@@ -125,7 +128,7 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityMismatched(t *testing.T) {
 
 	assert.Nil(t, err)
 	assert.Equal(t, http.StatusFound, resp.StatusCode)
-	assert.Equal(t, certificateprovider.PathOneLoginIdentityDetails.Format("lpa-id"), resp.Header.Get("Location"))
+	assert.Equal(t, certificateprovider.PathIdentityDetails.Format("lpa-id"), resp.Header.Get("Location"))
 }
 
 func TestGetIdentityWithOneLoginCallbackWhenIdentityMismatchedEventErrors(t *testing.T) {
@@ -178,6 +181,7 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityCheckFailed(t *testing.T) {
 	updatedCertificateProvider := &certificateproviderdata.Provided{
 		IdentityUserData: userData,
 		LpaID:            "lpa-id",
+		Tasks:            certificateproviderdata.Tasks{ConfirmYourIdentity: task.IdentityStateCompleted},
 	}
 
 	certificateProviderStore := newMockCertificateProviderStore(t)
@@ -245,7 +249,7 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityCheckFailed(t *testing.T) {
 
 	assert.Nil(t, err)
 	assert.Equal(t, http.StatusFound, resp.StatusCode)
-	assert.Equal(t, certificateprovider.PathUnableToConfirmIdentity.Format("lpa-id"), resp.Header.Get("Location"))
+	assert.Equal(t, certificateprovider.PathIdentityDetails.Format("lpa-id"), resp.Header.Get("Location"))
 }
 
 func TestGetIdentityWithOneLoginCallbackWhenSendingEmailError(t *testing.T) {
@@ -255,14 +259,9 @@ func TestGetIdentityWithOneLoginCallbackWhenSendingEmailError(t *testing.T) {
 	userInfo := onelogin.UserInfo{CoreIdentityJWT: "an-identity-jwt"}
 	userData := identity.UserData{Status: identity.StatusFailed}
 
-	updatedCertificateProvider := &certificateproviderdata.Provided{
-		IdentityUserData: userData,
-		LpaID:            "lpa-id",
-	}
-
 	certificateProviderStore := newMockCertificateProviderStore(t)
 	certificateProviderStore.EXPECT().
-		Put(mock.Anything, updatedCertificateProvider).
+		Put(mock.Anything, mock.Anything).
 		Return(nil)
 
 	sessionStore := newMockSessionStore(t)
@@ -361,12 +360,15 @@ func TestGetIdentityWithOneLoginCallbackWhenIdentityNotConfirmed(t *testing.T) {
 			certificateProviderStore: func(t *testing.T) *mockCertificateProviderStore {
 				certificateProviderStore := newMockCertificateProviderStore(t)
 				certificateProviderStore.EXPECT().
-					Put(context.Background(), &certificateproviderdata.Provided{LpaID: "lpa-id"}).
+					Put(context.Background(), &certificateproviderdata.Provided{
+						LpaID: "lpa-id",
+						Tasks: certificateproviderdata.Tasks{ConfirmYourIdentity: task.IdentityStateCompleted},
+					}).
 					Return(nil)
 
 				return certificateProviderStore
 			},
-			expectedRedirectURL: certificateprovider.PathUnableToConfirmIdentity.Format("lpa-id"),
+			expectedRedirectURL: certificateprovider.PathIdentityDetails.Format("lpa-id"),
 			expectedStatus:      http.StatusFound,
 		},
 		"errored on parse": {
@@ -531,5 +533,5 @@ func TestGetIdentityWithOneLoginCallbackWhenReturning(t *testing.T) {
 
 	assert.Nil(t, err)
 	assert.Equal(t, http.StatusFound, resp.StatusCode)
-	assert.Equal(t, certificateprovider.PathOneLoginIdentityDetails.Format("lpa-id"), resp.Header.Get("Location"))
+	assert.Equal(t, certificateprovider.PathIdentityDetails.Format("lpa-id"), resp.Header.Get("Location"))
 }
diff --git a/internal/certificateprovider/certificateproviderpage/one_login_identity_details.go b/internal/certificateprovider/certificateproviderpage/one_login_identity_details.go