PYIC-6245: Use clientOAuthSessionId returned from core-back.

govuk-one-login · Nov 14, 2024 · d515690 · d515690
1 parent 91f320f
commit d515690
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 3 deletions.
diff --git a/src/app/mobile-app/middleware.test.ts b/src/app/mobile-app/middleware.test.ts
@@ -58,7 +58,7 @@ describe("mobile app middleware", () => {
       } as any;
     });
 
-    it("callback returns next event", async () => {
+    it("should process the response from postMobileAppCallback", async () => {
       // Arrange
       axiosResponse.status = 200;
       axiosResponse.data = { journey: "journey/next" };
@@ -79,7 +79,26 @@ describe("mobile app middleware", () => {
       expect(res.status).to.be.calledWith(200);
     });
 
-    it("failed callback is propagated", async () => {
+    it("should add clientOAuthSessionId to the session if core-back provides a value", async () => {
+      // Arrange
+      axiosResponse.status = 200;
+      axiosResponse.data = {
+        journey: "journey/next",
+        clientOAuthSessionId: "testClientOAuthSessionId",
+      };
+      coreBackServiceStub.postMobileAppCallback =
+        sinon.fake.resolves(axiosResponse);
+
+      // Act
+      await middleware.checkMobileAppDetails(req, res, next);
+
+      // Assert
+      expect(req.session.clientOauthSessionId).to.equal(
+        "testClientOAuthSessionId",
+      );
+    });
+
+    it("should propagate and error from calling core-back", async () => {
       // Arrange
       const axiosError = new AxiosError("api error");
       axiosResponse.status = 404;
@@ -92,7 +111,7 @@ describe("mobile app middleware", () => {
       ).to.be.rejectedWith(AxiosError, "api error");
     });
 
-    it("missing state query parameter throws error", async () => {
+    it("should throw and error if the state query parameter is missing", async () => {
       // Arrange
       req.query = {};
 

diff --git a/src/app/mobile-app/middleware.ts b/src/app/mobile-app/middleware.ts
@@ -17,5 +17,13 @@ export const checkMobileAppDetails: RequestHandler = async (req, res) => {
     res.status(apiResponse.status);
   }
 
+  // If we don't have a clientOAuthSessionId in our session then we're dealing with a cross browser callback and core back will give us a clientOAuthSessionId to use instead.
+  if (
+    !req.session.clientOauthSessionId &&
+    apiResponse.data.clientOAuthSessionId
+  ) {
+    req.session.clientOauthSessionId = apiResponse.data.clientOAuthSessionId;
+  }
+
   return handleBackendResponse(req, res, apiResponse?.data);
 };