diff --git a/service-front/app/features/context/UI/AccountContext.php b/service-front/app/features/context/UI/AccountContext.php index f092c85df0..49111f1a3d 100644 --- a/service-front/app/features/context/UI/AccountContext.php +++ b/service-front/app/features/context/UI/AccountContext.php @@ -49,6 +49,7 @@ class AccountContext implements Context private const USER_SERVICE_DELETE_ACCOUNT = 'UserService::deleteAccount'; private const ONE_LOGIN_SERVICE_AUTHENTICATE = 'OneLoginService::authenticate'; private const ONE_LOGIN_SERVICE_CALLBACK = 'OneLoginService::callback'; + private const VIEWER_CODE_SERVICE_GET_SHARE_CODES = 'ViewerCodeService::getShareCodes'; /** @@ -2133,9 +2134,10 @@ public function iAmRedirectedToTheLanguageErrorPage($errorType, $errorMessage): } /** - * @Then /^I successfully login to One Login$/ + * @Then /^I have an account whose sub matches a local account$/ + * @Then /^I have an email address that matches a local account$/ */ - public function iSuccessfullyLoginToOneLogin(): void + public function iHaveAMatchingLocalAccount(): void { $this->apiFixtures->append( ContextUtilities::newResponse( @@ -2152,13 +2154,70 @@ public function iSuccessfullyLoginToOneLogin(): void self::ONE_LOGIN_SERVICE_CALLBACK ) ); + + $lpa = json_decode(file_get_contents(__DIR__ . '../../../../test/fixtures/full_example.json')); + + $userLpaActorToken = '12345789'; + $lpaData = [ + 'user-lpa-actor-token' => $userLpaActorToken, + 'date' => 'today', + 'actor' => [ + 'type' => 'primary-attorney', + 'details' => [ + 'addresses' => [ + [ + 'addressLine1' => '', + 'addressLine2' => '', + 'addressLine3' => '', + 'country' => '', + 'county' => '', + 'id' => 0, + 'postcode' => '', + 'town' => '', + 'type' => 'Primary', + ], + ], + 'companyName' => null, + 'dob' => '1975-10-05', + 'email' => 'string', + 'firstname' => 'Ian', + 'id' => 0, + 'middlenames' => null, + 'salutation' => 'Mr', + 'surname' => 'Deputy', + 'systemStatus' => true, + 'uId' => '700000000054', + ], + ], + 'applicationHasRestrictions' => true, + 'applicationHasGuidance' => false, + 'lpa' => $lpa, + 'added' => '2021-10-5 12:00:00', + ]; + + $this->apiFixtures->append( + ContextUtilities::newResponse( + StatusCodeInterface::STATUS_OK, + json_encode([$userLpaActorToken => $lpaData]), + self::LPA_SERVICE_GET_LPAS + ) + ); + + $this->apiFixtures->append( + ContextUtilities::newResponse( + StatusCodeInterface::STATUS_OK, + json_encode([]), + self::VIEWER_CODE_SERVICE_GET_SHARE_CODES + ) + ); + $this->ui->visit('/home/login?code=FakeCode&state=FakeState'); } /** - * @Then /^I successfully login to One Login for the first time$/ + * @Then /^I have an email address that does not match a local account$/ */ - public function iSuccessfullyLoginToOneLoginForTheFirstTime(): void + public function iHaveAnEmailAddressThatDoesNotMatchALocalAccount(): void { $this->apiFixtures->append( ContextUtilities::newResponse( @@ -2174,6 +2233,32 @@ public function iSuccessfullyLoginToOneLoginForTheFirstTime(): void self::ONE_LOGIN_SERVICE_CALLBACK ) ); + + $this->apiFixtures->append( + ContextUtilities::newResponse( + StatusCodeInterface::STATUS_OK, + json_encode([]), + self::LPA_SERVICE_GET_LPAS + ) + ); $this->ui->visit('/home/login?code=FakeCode&state=FakeState'); } + + /** + * @Then /^I see the LPA dashboard with any LPAs that are in the account$/ + */ + public function iSeeTheLPADashboardWithAnyLPAsInAccount(): void + { + $this->ui->assertPageAddress('/lpa/dashboard'); + $this->ui->clickLink('Add another LPA'); + } + + /** + * @Then /I see an empty LPA dashboard$/ + */ + public function iSeeAnEmptyLPADashboard(): void + { + $this->ui->assertPageAddress('/lpa/dashboard'); + $this->ui->clickLink('Add your first LPA'); + } } diff --git a/service-front/app/features/one-login.feature b/service-front/app/features/one-login.feature index b3e6aeae39..490567e315 100644 --- a/service-front/app/features/one-login.feature +++ b/service-front/app/features/one-login.feature @@ -42,13 +42,19 @@ | server_error | @ui @actor @ff:allow_gov_one_login:true - Scenario: I am redirected to the dashboard when I have logged in + Scenario: I am redirected to the dashboard when local account does exist Given I have logged in to one login in English - When I successfully login to One Login - Then I am directed to my dashboard + When I have an email address that matches a local account + Then I see the LPA dashboard with any LPAs that are in the account @ui @actor @ff:allow_gov_one_login:true - Scenario: I am redirected to the add an lpa page on first login + Scenario: I am redirected to an empty dashboard when local account does not exist Given I have logged in to one login in English - When I successfully login to One Login for the first time - Then I am taken to the add an LPA triage page + When I have an email address that does not match a local account + Then I see an empty LPA dashboard + + @ui @actor @ff:allow_gov_one_login:true + Scenario: I am redirected to the dashboard when local account already flagged as one-login + Given I have logged in to one login in English + When I have an account whose sub matches a local account + Then I see the LPA dashboard with any LPAs that are in the account diff --git a/service-front/app/src/Actor/src/Handler/OneLoginCallbackHandler.php b/service-front/app/src/Actor/src/Handler/OneLoginCallbackHandler.php index dd79e6699a..b84b411f8d 100644 --- a/service-front/app/src/Actor/src/Handler/OneLoginCallbackHandler.php +++ b/service-front/app/src/Actor/src/Handler/OneLoginCallbackHandler.php @@ -78,11 +78,7 @@ public function handle(ServerRequestInterface $request): ResponseInterface 'details' => $user->getDetails(), ]); $session->regenerate(); - if (empty($user->getDetail('LastLogin'))) { - return $this->redirectToRoute('lpa.add', [], [], $ui_locale === 'cy' ? $ui_locale : null); - } else { - return $this->redirectToRoute('lpa.dashboard', [], [], $ui_locale === 'cy' ? $ui_locale : null); - } + return $this->redirectToRoute('lpa.dashboard', [], [], $ui_locale === 'cy' ? $ui_locale : null); } return new HtmlResponse('

User not found

'); diff --git a/service-front/app/src/Common/src/Service/OneLogin/OneLoginService.php b/service-front/app/src/Common/src/Service/OneLogin/OneLoginService.php index b9c770b30a..dbff8b637c 100644 --- a/service-front/app/src/Common/src/Service/OneLogin/OneLoginService.php +++ b/service-front/app/src/Common/src/Service/OneLogin/OneLoginService.php @@ -65,10 +65,6 @@ public function callback(string $code, string $state, AuthSession $authCredentia $filteredDetails['LastLogin'] = $userData['LastLogin']; } - if (!empty($userData['NeedsReset'])) { - $filteredDetails['NeedsReset'] = $userData['NeedsReset']; - } - return ($this->userModelFactory)( $userData['Id'], [], diff --git a/service-front/app/src/Common/src/Service/Session/EncryptedCookiePersistence.php b/service-front/app/src/Common/src/Service/Session/EncryptedCookiePersistence.php index 6d7c039230..103c05bccb 100644 --- a/service-front/app/src/Common/src/Service/Session/EncryptedCookiePersistence.php +++ b/service-front/app/src/Common/src/Service/Session/EncryptedCookiePersistence.php @@ -100,6 +100,8 @@ public function persistSession(SessionInterface $session, ResponseInterface $res // Encode to string $sessionData = $this->encrypter->encodeCookieValue($session->toArray()); + // Chromium based browsers do not work with a 'strict' SameSite values when redirecting from a + // third-party request. In this one situation it's ok to use a 'lax' value. $sameSite = $session->has(UserInterface::class) && $response->getStatusCode() !== StatusCodeInterface::STATUS_FOUND