PYIC-6243: Add routing and checkVcResponse permissions

deploy/template.yaml

@@ -1240,6 +1240,7 @@ Resources:
           CRI_RESPONSE_TABLE_NAME: !Ref CRIResponseTable
           CLIENT_OAUTH_SESSIONS_TABLE_NAME: !Ref ClientOAuthSessionsTable
           USER_ISSUED_CREDENTIALS_TABLE_NAME: !Ref UserIssuedCredentialsV2Table
+          SESSION_CREDENTIALS_TABLE_NAME: !Ref SessionCredentialsTable
       VpcConfig:
         SubnetIds:
           - Fn::ImportValue: !Sub ${VpcStackName}-ProtectedSubnetIdA
@@ -1258,8 +1259,12 @@ Resources:
             TableName: !Ref CRIResponseTable
         - DynamoDBReadPolicy:
             TableName: !Ref UserIssuedCredentialsV2Table
+        - DynamoDBReadPolicy:
+            TableName: !Ref SessionCredentialsTable
         - SSMParameterReadPolicy:
             ParameterName: !Sub ${Environment}/core/*
+        - AWSSecretsManagerGetSecretValuePolicy:
+            SecretArn: !Sub arn:aws:secretsmanager:eu-west-2:*:secret:/${Environment}/core/self/ciConfig-*
         - Statement:
             - Sid: EnforceStayinSpecificVpc
               Effect: Allow

lambdas/check-mobile-app-vc-receipt/src/main/java/uk/gov/di/ipv/core/checkmobileappvcreceipt/CheckMobileAppVcReceiptHandler.java

@@ -104,11 +104,11 @@ public APIGatewayProxyResponseEvent handleRequest(
             var journeyResponse = getJourneyResponse(request);
 
             if (journeyResponse != null) {
-                // Frontend will end polling
                 return ApiGatewayResponseGenerator.proxyJsonResponse(
                         HttpStatus.SC_OK, journeyResponse);
             }
 
+            // Frontend will continue polling
             return ApiGatewayResponseGenerator.proxyResponse(HttpStatus.SC_NOT_FOUND);
         } catch (HttpResponseExceptionWithErrorBody | VerifiableCredentialException e) {
             return buildErrorResponse(e, HttpStatus.SC_BAD_REQUEST, e.getErrorResponse());
@@ -140,10 +140,9 @@ private CheckMobileAppVcReceiptRequest parseRequest(APIGatewayProxyRequestEvent
     }
 
     private JourneyResponse getJourneyResponse(CheckMobileAppVcReceiptRequest request)
-            throws InvalidCheckMobileAppVcReceiptRequestException, IpvSessionNotFoundException,
-                    HttpResponseExceptionWithErrorBody, InvalidCriResponseException,
-                    CredentialParseException, VerifiableCredentialException, ConfigException,
-                    CiRetrievalException {
+            throws IpvSessionNotFoundException, HttpResponseExceptionWithErrorBody,
+                    InvalidCriResponseException, CredentialParseException,
+                    VerifiableCredentialException, ConfigException, CiRetrievalException {
         // Validate callback sessions
         validateSessionId(request);
 
@@ -164,13 +163,11 @@ private JourneyResponse getJourneyResponse(CheckMobileAppVcReceiptRequest reques
 
         // Retrieve and validate cri response and vc
         var criResponse = criResponseService.getCriResponseItem(userId, Cri.DCMAW_ASYNC);
-
         if (criResponse == null) {
             throw new InvalidCriResponseException(ErrorResponse.CRI_RESPONSE_ITEM_NOT_FOUND);
         }
 
         var vc = verifiableCredentialService.getVc(userId, Cri.DCMAW_ASYNC.getId());
-
         if (CriResponseService.STATUS_PENDING.equals(criResponse.getStatus()) && vc == null) {
             return null;
         }

lambdas/process-journey-event/src/main/resources/statemachine/journey-maps/nested-journeys/strategic-app-triage.yaml

@@ -231,3 +231,26 @@ nestedJourneyStates:
     response:
       type: page
       pageId: check-mobile-app-result
+    events:
+      next:
+        exitEventToEmit: next
+      abandon:
+        exitEventToEmit: anotherWay
+      error:
+        targetJourney: TECHNICAL_ERROR
+        targetState: ERROR
+      fail-with-no-ci:
+        targetJourney: FAILED
+        targetState: FAILED
+      fail-with-ci:
+        targetJourney: FAILED
+        targetState: FAILED
+      enhanced-verification:
+        targetJourney: FAILED
+        targetState: FAILED
+      vcs-not-correlated:
+        targetJourney: FAILED
+        targetState: FAILED
+      dl-auth-source-check:
+        targetJourney: TECHNICAL_ERROR
+        targetState: ERROR

lambdas/process-journey-event/src/main/resources/statemachine/journey-maps/new-p1-identity.yaml

@@ -140,6 +140,8 @@ states:
   STRATEGIC_APP_TRIAGE:
     nestedJourney: STRATEGIC_APP_TRIAGE
     exitEvents:
+      next:
+        targetState: POST_APP_DOC_CHECK_SUCCESS_PAGE
       sessionError:
         targetJourney: TECHNICAL_ERROR
         targetState: ERROR
@@ -533,6 +535,8 @@ states:
   MITIGATION_01_STRATEGIC_APP_TRIAGE:
     nestedJourney: STRATEGIC_APP_TRIAGE
     exitEvents:
+      next:
+        targetState: POST_APP_DOC_CHECK_SUCCESS_PAGE
       sessionError:
         targetJourney: TECHNICAL_ERROR
         targetState: ERROR
@@ -609,6 +613,9 @@ states:
   STRATEGIC_APP_TRIAGE_PYI_ESCAPE:
     nestedJourney: STRATEGIC_APP_TRIAGE
     exitEvents:
+      next:
+        targetJourney: EVALUATE_SCORES
+        targetState: START
       sessionError:
         targetJourney: TECHNICAL_ERROR
         targetState: ERROR

lambdas/process-journey-event/src/main/resources/statemachine/journey-maps/new-p2-identity.yaml

@@ -158,6 +158,8 @@ states:
   STRATEGIC_APP_TRIAGE:
     nestedJourney: STRATEGIC_APP_TRIAGE
     exitEvents:
+      next:
+        targetState: POST_APP_DOC_CHECK_SUCCESS_PAGE
       sessionError:
         targetJourney: TECHNICAL_ERROR
         targetState: ERROR
@@ -591,6 +593,8 @@ states:
   MITIGATION_01_STRATEGIC_APP_TRIAGE:
     nestedJourney: STRATEGIC_APP_TRIAGE
     exitEvents:
+      next:
+        targetState: POST_APP_DOC_CHECK_SUCCESS_PAGE
       sessionError:
         targetJourney: TECHNICAL_ERROR
         targetState: ERROR
@@ -667,6 +671,9 @@ states:
   STRATEGIC_APP_TRIAGE_PYI_ESCAPE:
     nestedJourney: STRATEGIC_APP_TRIAGE
     exitEvents:
+      next:
+        targetJourney: EVALUATE_SCORES
+        targetState: START
       sessionError:
         targetJourney: TECHNICAL_ERROR
         targetState: ERROR

lambdas/process-journey-event/src/main/resources/statemachine/journey-maps/reverification.yaml

@@ -99,6 +99,8 @@ states:
   STRATEGIC_APP_TRIAGE:
     nestedJourney: STRATEGIC_APP_TRIAGE
     exitEvents:
+      next:
+        targetState: POST_DCMAW_SUCCESS_PAGE
       sessionError:
         targetJourney: TECHNICAL_ERROR
         targetState: ERROR

lambdas/process-journey-event/src/main/resources/statemachine/journey-maps/update-name.yaml

@@ -179,9 +179,21 @@ states:
         targetState: APP_DOC_CHECK_GIVEN_ONLY
         checkFeatureFlag:
           strategicAppEnabled:
-            targetState: STRATEGIC_APP_TRIAGE
+            targetState: STRATEGIC_APP_TRIAGE_GIVEN_ONLY
             targetEntryEvent: appTriage
 
+  STRATEGIC_APP_TRIAGE_GIVEN_ONLY:
+    nestedJourney: STRATEGIC_APP_TRIAGE
+    exitEvents:
+      next:
+        targetState: POST_APP_DOC_CHECK_GIVEN_ONLY
+      sessionError:
+        targetJourney: TECHNICAL_ERROR
+        targetState: ERROR
+      anotherWay:
+        targetJourney: FAILED
+        targetState: FAILED_UPDATE_DETAILS
+
   RESET_IDENTITY_FAMILY_ONLY:
     response:
       type: process
@@ -193,9 +205,21 @@ states:
         targetState: APP_DOC_CHECK_FAMILY_ONLY
         checkFeatureFlag:
           strategicAppEnabled:
-            targetState: STRATEGIC_APP_TRIAGE
+            targetState: STRATEGIC_APP_TRIAGE_FAMILY_ONLY
             targetEntryEvent: appTriage
 
+  STRATEGIC_APP_TRIAGE_FAMILY_ONLY:
+    nestedJourney: STRATEGIC_APP_TRIAGE
+    exitEvents:
+      next:
+        targetState: POST_APP_DOC_CHECK_FAMILY_ONLY
+      sessionError:
+        targetJourney: TECHNICAL_ERROR
+        targetState: ERROR
+      anotherWay:
+        targetJourney: FAILED
+        targetState: FAILED_UPDATE_DETAILS
+
   APP_DOC_CHECK_GIVEN_ONLY:
     nestedJourney: APP_DOC_CHECK
     exitEvents:
@@ -341,9 +365,21 @@ states:
         targetState: APP_DOC_CHECK_GIVEN_WITH_ADDRESS
         checkFeatureFlag:
           strategicAppEnabled:
-            targetState: STRATEGIC_APP_TRIAGE
+            targetState: STRATEGIC_APP_TRIAGE_GIVEN_WITH_ADDRESS
             targetEntryEvent: appTriage
 
+  STRATEGIC_APP_TRIAGE_GIVEN_WITH_ADDRESS:
+    nestedJourney: STRATEGIC_APP_TRIAGE
+    exitEvents:
+      next:
+        targetState: POST_APP_DOC_CHECK_GIVEN_WITH_ADDRESS
+      sessionError:
+        targetJourney: TECHNICAL_ERROR
+        targetState: ERROR
+      anotherWay:
+        targetJourney: FAILED
+        targetState: FAILED_UPDATE_DETAILS
+
   RESET_IDENTITY_FAMILY_WITH_ADDRESS:
     response:
       type: process
@@ -355,9 +391,21 @@ states:
         targetState: APP_DOC_CHECK_FAMILY_WITH_ADDRESS
         checkFeatureFlag:
           strategicAppEnabled:
-            targetState: STRATEGIC_APP_TRIAGE
+            targetState: STRATEGIC_APP_TRIAGE_FAMILY_WITH_ADDRESS
             targetEntryEvent: appTriage
 
+  STRATEGIC_APP_TRIAGE_FAMILY_WITH_ADDRESS:
+    nestedJourney: STRATEGIC_APP_TRIAGE
+    exitEvents:
+      next:
+        targetState: POST_APP_DOC_CHECK_FAMILY_WITH_ADDRESS
+      sessionError:
+        targetJourney: TECHNICAL_ERROR
+        targetState: ERROR
+      anotherWay:
+        targetJourney: FAILED
+        targetState: FAILED_UPDATE_DETAILS
+
   APP_DOC_CHECK_GIVEN_WITH_ADDRESS:
     nestedJourney: APP_DOC_CHECK
     exitEvents:
@@ -424,18 +472,6 @@ states:
         targetJourney: FAILED
         targetState: FAILED_CONFIRM_DETAILS
 
-  # Once the `next` event here is developed it's likely that we'll need to split this into four separate sub-journey
-  # instantiations.
-  STRATEGIC_APP_TRIAGE:
-    nestedJourney: STRATEGIC_APP_TRIAGE
-    exitEvents:
-      sessionError:
-        targetJourney: TECHNICAL_ERROR
-        targetState: ERROR
-      anotherWay:
-        targetJourney: FAILED
-        targetState: FAILED_UPDATE_DETAILS
-
   # SHARED STATES
 
   CHECK_COI_GIVEN: