Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AUT-3823: Implement call to MFA reset authorize API to redirect to IPV Core #2245

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

AUT-3823: Implement call to MFA reset authorize API to redirect to IPV Core #2245

wants to merge 10 commits into from

Conversation

alhcomer
Copy link
Contributor

@alhcomer alhcomer commented Oct 25, 2024
edited
Loading

What

Created a service to call the MfaResetAuthorizeHandler API in the backend. If the request is successful, the API returns a URL to redirect the user to IPV Core's prove identity journey. This service is called when the user clicks the "change how you get security codes" link on the enter mfa pages.

How to review

  1. Code review
  2. Deploy this PR and relate auth API PR to dev environment
  3. See that the JWT does a thing

Checklist

  • Performance analyst has been notified of the change.
  • A UCD review has been performed.
  • Documentation has been updated to reflect these changes.

Related PRs

govuk-one-login/authentication-api#5535

@alhcomer alhcomer requested review from a team as code owners October 25, 2024 11:09
@alhcomer alhcomer marked this pull request as draft October 25, 2024 11:09
@alhcomer alhcomer force-pushed the AUT-3823/ipv-redirect branch 6 times, most recently from c0ebdb1 to af6a8de Compare October 28, 2024 14:08
@alhcomer alhcomer changed the title AUT-3823: Add MFA reset with IPV journey feature switch AUT-3823: Implement call to MFA reset authorize API to redirect to IPV Core Oct 28, 2024
@alhcomer alhcomer force-pushed the AUT-3823/ipv-redirect branch 7 times, most recently from 454be10 to e522eac Compare October 29, 2024 08:57
ethanmills
ethanmills reviewed Oct 29, 2024
View reviewed changes
ci/terraform/ecs.tf Show resolved Hide resolved
ci/terraform/authdev1.tfvars Outdated Show resolved Hide resolved
@alhcomer alhcomer force-pushed the AUT-3823/ipv-redirect branch 2 times, most recently from 551f3e5 to 308ce57 Compare November 15, 2024 11:10
@alhcomer
AUT-3823: Create service to call MfaResetAuthorizeHandler
10dc8fa 
- Created a service to call the MfaResetAuthorizeHandler, sending the email of the user who wants to change their MFA method in the body.
- This handler builds and signs a URL that contains a signed JWT and storage token in the query string.
- This URL will be used to redirect the user to IPV Core to go through the identity verification journey.
- Calling this service will be implemented in its own controller, which will be called when the user clicks 'change your security codes'.
@alhcomer
AUT-3823: Create router and redirect controller to handle redirecting…
d103942 
… to IPV when a user clicks 'change how you get security codes'

- This controller calls the mfa_reset_authorize endpoint through the associated service.
- If the request is successful, the controller returns a redirect to the returned IPV URL
@alhcomer
AUT-3823: Go to MFA_RESET_WITH_IPV path when clicking 'change how you…
25aa267 
… get security codes'

- Goes to the mfa-reset-with-ipv controller if supportMfaResetWithIpv is true
- Otherwise, goes to the check your email security codes screen (same journey as before this commit)
- mfa-reset-with-ipv controller returns returns url to redirect to IPV core if API call is successful
@alhcomer
BAU: delete unnecessary SUPPORT_ACCOUNT_INTERVENTIONS env var in ente…
9492a06 
…r mfa controller test
@alhcomer
BAU: fix typo
dc4fc02
@alhcomer
AUT-3823: Go to MFA_RESET_WITH_IPV path when clicking 'change how you…
0e1c829 
… get security codes'

- Goes to the mfa-reset-with-ipv controller if supportMfaResetWithIpv is true
- Otherwise, goes to the check your email security codes screen (same journey as before this commit)
- mfa-reset-with-ipv controller returns returns url to redirect to IPV core if API call is successful
@alhcomer
BAU: refactored account recovery service declarations into a single f…
63ffefa 
…actory function to be called
@alhcomer
BAU: refactored fake verify mfa code service declarations into a sing…
8180c2a 
…le factory function to be called
@alhcomer alhcomer mentioned this pull request Nov 15, 2024
Open
2 tasks
@alhcomer alhcomer marked this pull request as ready for review November 15, 2024 15:51
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 15, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
96.2% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ryan-Andrews99 Ryan-Andrews99 Ryan-Andrews99 left review comments

@ethanmills ethanmills ethanmills left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alhcomer @ethanmills @Ryan-Andrews99