diff --git a/api-tests/features/dl-auth-source-checks/dl-auth-source-checks.feature b/api-tests/features/dl-auth-source-checks/dl-auth-source-checks.feature index 3739941a9a..860bd9b4dc 100644 --- a/api-tests/features/dl-auth-source-checks/dl-auth-source-checks.feature +++ b/api-tests/features/dl-auth-source-checks/dl-auth-source-checks.feature @@ -202,8 +202,9 @@ Feature: Authoritative source checks with driving licence CRI | address | kenneth-current | | fraud | kenneth-score-2 | When I start a new 'reverification' journey + Then I get a 'you-can-change-security-code-method' page response + When I submit a 'next' event Then I get a 'page-ipv-identity-document-start' page response - Given I activate the 'drivingLicenceAuthCheck' feature set When I submit an 'appTriage' event Then I get a 'dcmaw' CRI response When I submit 'kenneth-driving-permit-valid' details to the CRI stub diff --git a/api-tests/features/mfa-reset-journey.feature b/api-tests/features/mfa-reset-journey.feature index 58a9f7c272..db97eaff82 100644 --- a/api-tests/features/mfa-reset-journey.feature +++ b/api-tests/features/mfa-reset-journey.feature @@ -10,19 +10,25 @@ Feature: MFA reset journey # Start MFA reset journey When I start a new 'reverification' journey - Then I get a 'page-ipv-identity-document-start' page response + Then I get a 'you-can-change-security-code-method' page response Scenario: Successful MFA reset journey + When I submit a 'next' event + Then I get a 'page-ipv-identity-document-start' page response When I submit an 'appTriage' event Then I get a 'dcmaw' CRI response - When I submit 'kenneth-driving-permit-valid' details to the CRI stub + When I submit 'kenneth-passport-valid' details to the CRI stub Then I get a 'page-dcmaw-success' page response When I submit a 'next' event + Then I get a 'we-matched-you-to-your-one-login' page response + When I submit a 'next' event Then I get an OAuth response When I use the OAuth response to get my MFA reset result Then I get a successful MFA reset result Scenario: Failed MFA reset journey with breaching CI - user can still reuse existing identity + When I submit a 'next' event + Then I get a 'page-ipv-identity-document-start' page response When I submit an 'appTriage' event Then I get a 'dcmaw' CRI response When I submit 'kenneth-passport-with-breaching-ci' details to the CRI stub @@ -37,23 +43,24 @@ Feature: MFA reset journey Then I get a 'page-ipv-reuse' page response Scenario: Failed MFA reset journey - DCMAW error + When I submit a 'next' event + Then I get a 'page-ipv-identity-document-start' page response When I submit an 'appTriage' event Then I get a 'dcmaw' CRI response - When I call the CRI stub and get an 'access-denied' OAuth error - When I submit a 'next' event + When I call the CRI stub and get an 'access_denied' OAuth error Then I get an OAuth response When I use the OAuth response to get my MFA reset result Then I get an unsuccessful MFA reset result with failure code 'identity_check_incomplete' - Scenario: Failed MFA reset journey - no photo id - When I submit an 'end' event - Then I get a 'pyi-another-way' page response - When I submit an 'next' event + Scenario: Failed MFA reset journey - find another way to access One Login + When I submit an 'cannot-change-security-codes' event Then I get an OAuth response When I use the OAuth response to get my MFA reset result Then I get an unsuccessful MFA reset result with failure code 'identity_check_incomplete' Scenario: Failed MFA reset journey - failed verification score + When I submit a 'next' event + Then I get a 'page-ipv-identity-document-start' page response When I submit an 'appTriage' event Then I get a 'dcmaw' CRI response When I submit 'kenneth-passport-verification-zero' details to the CRI stub @@ -64,6 +71,8 @@ Feature: MFA reset journey Then I get an unsuccessful MFA reset result with failure code 'identity_check_failed' Scenario: Failed MFA reset journey - non-matching identity + When I submit a 'next' event + Then I get a 'page-ipv-identity-document-start' page response When I submit an 'appTriage' event Then I get a 'dcmaw' CRI response When I submit 'alice-passport-valid' details to the CRI stub @@ -75,6 +84,23 @@ Feature: MFA reset journey When I use the OAuth response to get my MFA reset result Then I get an unsuccessful MFA reset result with failure code 'identity_did_not_match' + Scenario: Failed MFA reset journey - failed DL auth source check + Given I activate the 'drivingLicenceAuthCheck' feature set + When I submit a 'next' event + Then I get a 'page-ipv-identity-document-start' page response + When I submit an 'appTriage' event + Then I get a 'dcmaw' CRI response + When I submit 'kenneth-driving-permit-valid' details to the CRI stub + Then I get a 'drivingLicence' CRI response + When I submit 'kenneth-driving-permit-needs-alternate-doc' details with attributes to the CRI stub + | Attribute | Values | + | context | "check_details" | + Then I get a 'pyi-no-match' page response + When I submit a 'next' event + Then I get an OAuth response + When I use the OAuth response to get my MFA reset result + Then I get an unsuccessful MFA reset result with failure code 'identity_check_failed' + Rule: The user has no existing identity Scenario: Attempted MFA reset journey When I start a new 'reverification' journey diff --git a/lambdas/process-journey-event/src/main/resources/statemachine/journey-maps/reverification.yaml b/lambdas/process-journey-event/src/main/resources/statemachine/journey-maps/reverification.yaml index cf215f1f96..edfc8e05c2 100644 --- a/lambdas/process-journey-event/src/main/resources/statemachine/journey-maps/reverification.yaml +++ b/lambdas/process-journey-event/src/main/resources/statemachine/journey-maps/reverification.yaml @@ -85,13 +85,25 @@ states: lambda: check-reverification-identity events: found: - targetState: IDENTITY_START_PAGE + targetState: YOU_CAN_CHOOSE_HOW_YOU_GET_SECURITY_CODES_PAGE not-found: - targetState: CRI_TICF + targetJourney: INELIGIBLE + targetState: INELIGIBLE_SKIP_MESSAGE error: targetJourney: TECHNICAL_ERROR targetState: ERROR + YOU_CAN_CHOOSE_HOW_YOU_GET_SECURITY_CODES_PAGE: + response: + type: page + pageId: you-can-change-security-code-method + events: + next: + targetState: IDENTITY_START_PAGE + cannot-change-security-codes: + targetJourney: INELIGIBLE + targetState: INELIGIBLE_SKIP_MESSAGE + IDENTITY_START_PAGE: response: type: page @@ -108,7 +120,7 @@ states: targetState: ERROR end: targetJourney: INELIGIBLE - targetState: INELIGIBLE + targetState: INELIGIBLE_SKIP_MESSAGE STRATEGIC_APP_TRIAGE: nestedJourney: STRATEGIC_APP_TRIAGE @@ -120,7 +132,7 @@ states: targetState: ERROR anotherWay: targetJourney: INELIGIBLE - targetState: INELIGIBLE + targetState: INELIGIBLE_SKIP_MESSAGE returnToRp: targetState: RETURN_TO_RP @@ -134,13 +146,13 @@ states: targetState: POST_DCMAW_SUCCESS_PAGE not-found: targetJourney: INELIGIBLE - targetState: INELIGIBLE + targetState: INELIGIBLE_SKIP_MESSAGE access-denied: targetJourney: INELIGIBLE - targetState: INELIGIBLE + targetState: INELIGIBLE_SKIP_MESSAGE temporarily-unavailable: targetJourney: INELIGIBLE - targetState: INELIGIBLE + targetState: INELIGIBLE_SKIP_MESSAGE dl-auth-source-check: targetState: CRI_DRIVING_LICENCE_AUTH_SOURCE_CHECK @@ -183,6 +195,14 @@ states: type: process lambda: call-ticf-cri parent: CRI_TICF_STATE + events: + next: + targetState: WE_MATCHED_YOU_TO_YOUR_ONE_LOGIN_PAGE + + WE_MATCHED_YOU_TO_YOUR_ONE_LOGIN_PAGE: + response: + type: page + pageId: we-matched-you-to-your-one-login events: next: targetState: RETURN_TO_RP