Feature/civ 11894

audit.json

@@ -37,9 +37,9 @@
   "10055_CSP: style-src unsafe-inline_https://moneyclaims.aat.platform.hmcts.net/terms-and-conditions_GET": "ignore",
   "10055_CSP: style-src unsafe-inline_https://moneyclaims.aat.platform.hmcts.net/ruxitagentjs_ICA2QSVfqru_10193200616095656.js_GET": "ignore",
   "10055_CSP: style-src unsafe-inline_https://moneyclaims.aat.platform.hmcts.net/ruxitagentjs_ICA2QSVfjqru_10193200616095656.js_GET": "ignore",
-  "90011_Charset Mismatch (Header Versus Meta Content-Type Charset)_https://idam-web-public.aat.platform.hmcts.net/login?response_type=code&state=f869bd5d-d7bf-4e72-a652-657aa70cb30b&client_id=cmc_citizen&redirect_uri=https://moneyclaims.aat.platform.hmcts.net/receiver_GET": "ignore",
-  "90011_Charset Mismatch (Header Versus Meta Content-Type Charset)_https://idam-web-public.aat.platform.hmcts.net/login?response_type=code\\u0026state=ac635d10-d8cf-42ea-82bf-fe357defdc77\\u0026client_id=cmc_citizen\\u0026redirect_uri=https://moneyclaims.aat.platform.hmcts.net/receiver_GET": "ignore",
-  "10038_Content Security Policy (CSP) Header Not Set_https://idam-web-public.aat.platform.hmcts.net/login?response_type=code&state=f869bd5d-d7bf-4e72-a652-657aa70cb30b&client_id=cmc_citizen&redirect_uri=https://moneyclaims.aat.platform.hmcts.net/receiver_GET": "ignore",
+  "90011_Charset Mismatch (Header Versus Meta Content-Type Charset)_https://idam-web-public.aat.platform.hmcts.net/o/authorize?response_type=code&state=f869bd5d-d7bf-4e72-a652-657aa70cb30b&client_id=cmc_citizen&redirect_uri=https://moneyclaims.aat.platform.hmcts.net/receiver_GET&scope=openid%20profile%20roles": "ignore",
+  "90011_Charset Mismatch (Header Versus Meta Content-Type Charset)_https://idam-web-public.aat.platform.hmcts.net/o/authorize?response_type=code\\u0026state=ac635d10-d8cf-42ea-82bf-fe357defdc77\\u0026client_id=cmc_citizen\\u0026redirect_uri=https://moneyclaims.aat.platform.hmcts.net/receiver_GET&scope=openid%20profile%20roles": "ignore",
+  "10038_Content Security Policy (CSP) Header Not Set_https://idam-web-public.aat.platform.hmcts.net/o/authorize?response_type=code&state=f869bd5d-d7bf-4e72-a652-657aa70cb30b&client_id=cmc_citizen&redirect_uri=https://moneyclaims.aat.platform.hmcts.net/receiver_GET&scope=openid%20profile%20roles": "ignore",
   "10010_Cookie No HttpOnly Flag_https://moneyclaims.aat.platform.hmcts.net/_GET": "ignore",
   "10010_Cookie No HttpOnly Flag_https://moneyclaims.aat.platform.hmcts.net/accessibility-statement_GET": "ignore",
   "10010_Cookie No HttpOnly Flag_https://moneyclaims.aat.platform.hmcts.net/contact-us_GET": "ignore",
@@ -133,7 +133,7 @@
   "90027_Cookie Slack Detector_https://moneyclaims.aat.platform.hmcts.net/webchat/javascript/webchart-init.js_GET": "ignore",
   "90027_Cookie Slack Detector_https://moneyclaims.aat.platform.hmcts.net/webchat_GET": "ignore",
   "90027_Cookie Slack Detector_https://moneyclaims.aat.platform.hmcts.net_GET": "ignore",
-  "10054_Cookie Without SameSite Attribute_https://idam-web-public.aat.platform.hmcts.net/login?response_type=code&state=f869bd5d-d7bf-4e72-a652-657aa70cb30b&client_id=cmc_citizen&redirect_uri=https://moneyclaims.aat.platform.hmcts.net/receiver_GET": "ignore",
+  "10054_Cookie Without SameSite Attribute_https://idam-web-public.aat.platform.hmcts.net/o/authorize?response_type=code&state=f869bd5d-d7bf-4e72-a652-657aa70cb30b&client_id=cmc_citizen&redirect_uri=https://moneyclaims.aat.platform.hmcts.net/receiver_GET&scope=openid%20profile%20roles": "ignore",
   "10054_Cookie Without SameSite Attribute_https://moneyclaims.aat.platform.hmcts.net/_GET": "ignore",
   "10054_Cookie Without SameSite Attribute_https://moneyclaims.aat.platform.hmcts.net/accessibility-statement_GET": "ignore",
   "10054_Cookie Without SameSite Attribute_https://moneyclaims.aat.platform.hmcts.net/contact-us_GET": "ignore",
@@ -180,7 +180,7 @@
   "10011_Cookie Without Secure Flag_https://moneyclaims.aat.platform.hmcts.net/receiver_GET": "ignore",
   "10098_Cross-Domain Misconfiguration_https://moneyclaims.aat.platform.hmcts.net/ruxitagentjs_ICA2QSVfqru_10193200616095656.js_GET": "ignore",
   "10098_Cross-Domain Misconfiguration_https://moneyclaims.aat.platform.hmcts.net/ruxitagentjs_ICA2QSVfjqru_10193200616095656.js_GET": "ignore",
-  "10015_Incomplete or No Cache-control and Pragma HTTP Header Set_https://idam-web-public.aat.platform.hmcts.net/login?response_type=code&state=f869bd5d-d7bf-4e72-a652-657aa70cb30b&client_id=cmc_citizen&redirect_uri=https://moneyclaims.aat.platform.hmcts.net/receiver_GET": "ignore",
+  "10015_Incomplete or No Cache-control and Pragma HTTP Header Set_https://idam-web-public.aat.platform.hmcts.net/o/authorize?response_type=code&state=f869bd5d-d7bf-4e72-a652-657aa70cb30b&client_id=cmc_citizen&redirect_uri=https://moneyclaims.aat.platform.hmcts.net/receiver_GET&scope=openid%20profile%20roles": "ignore",
   "10015_Incomplete or No Cache-control and Pragma HTTP Header Set_https://moneyclaims.aat.platform.hmcts.net/img/lib/gov.uk_logotype_crown.svg?0.26.0_GET": "ignore",
   "10015_Incomplete or No Cache-control and Pragma HTTP Header Set_https://moneyclaims.aat.platform.hmcts.net/stylesheets/application.css_GET": "ignore",
   "10015_Incomplete or No Cache-control and Pragma HTTP Header Set_https://moneyclaims.aat.platform.hmcts.net/stylesheets/lib/fonts.css?0.26.0_GET": "ignore",
@@ -262,7 +262,7 @@
   "40025_Proxy Disclosure_https://moneyclaims.aat.platform.hmcts.net/webchat/javascript_GET": "ignore",
   "40025_Proxy Disclosure_https://moneyclaims.aat.platform.hmcts.net/webchat_GET": "ignore",
   "40025_Proxy Disclosure_https://moneyclaims.aat.platform.hmcts.net_GET": "ignore",
-  "10108_Reverse Tabnabbing_https://idam-web-public.aat.platform.hmcts.net/login?response_type=code&state=f869bd5d-d7bf-4e72-a652-657aa70cb30b&client_id=cmc_citizen&redirect_uri=https://moneyclaims.aat.platform.hmcts.net/receiver_GET": "ignore",
+  "10108_Reverse Tabnabbing_https://idam-web-public.aat.platform.hmcts.net/o/authorize?response_type=code&state=f869bd5d-d7bf-4e72-a652-657aa70cb30b&client_id=cmc_citizen&redirect_uri=https://moneyclaims.aat.platform.hmcts.net/receiver_GET&scope=openid%20profile%20roles": "ignore",
   "10035_Strict-Transport-Security Header Not Set_https://moneyclaims.aat.platform.hmcts.net/ruxitagentjs_ICA2QSVfqru_10193200616095656.js_GET": "ignore",
   "10035_Strict-Transport-Security Header Not Set_https://moneyclaims.aat.platform.hmcts.net/ruxitagentjs_ICA2QSVfjqru_10193200616095656.js_GET": "ignore",
   "10096_Timestamp Disclosure - Unix_https://moneyclaims.aat.platform.hmcts.net/accessibility-statement_GET": "ignore",

package.json

@@ -34,6 +34,7 @@
   },
   "dependencies": {
     "@analytics/google-tag-manager": "^0.5.3",
+    "@codeceptjs/configure": "^0.10.0",
     "@hmcts/class-validator": "^0.9.1-e",
     "@hmcts/cmc-draft-store-middleware": "^2.0.1",
     "@hmcts/cmc-validators": "^0.2.6",

src/integration-test/tests/citizen/home/pages/login.ts

@@ -1,6 +1,7 @@
 import I = CodeceptJS.I
+import * as codeceptjs from 'codeceptjs'
 
-const I: I = actor()
+const I = codeceptjs.actor()
 
 const fields = {
   username: { css: '#username' },
@@ -17,6 +18,8 @@ export class LoginPage {
   }
 
   login (email: string, password: string): void {
+    I.waitForText('Email address', 60)
+    I.waitForVisible(fields.username)
     I.fillField(fields.username, email)
     I.fillField(fields.password, password)
     I.click(buttons.submit)

src/main/app/idam/oAuthHelper.ts

@@ -10,6 +10,7 @@ import { User } from 'idam/user'
 const clientId = config.get<string>('oauth.clientId')
 
 const loginPath = `${config.get('idam.authentication-web.url')}/login`
+const authorizePath = `${config.get('idam.authentication-web.url')}/o/authorize`
 
 export class OAuthHelper {
 
@@ -20,7 +21,7 @@ export class OAuthHelper {
     const state = uuid()
     OAuthHelper.storeStateCookie(req, res, state)
 
-    return `${loginPath}?response_type=code&state=${state}&client_id=${clientId}&redirect_uri=${redirectUri}`
+    return `${authorizePath}?response_type=code&state=${state}&client_id=${clientId}&redirect_uri=${redirectUri}&scope=openid profile roles`
   }
 
   static forPin (req: express.Request, res: express.Response, claimReference: string): string {

src/test/routes/authorization-check.ts

@@ -8,7 +8,7 @@ import 'test/routes/expectations'
 import * as idamServiceMock from 'test/http-mocks/idam'
 
 const cookieName: string = config.get<string>('session.cookieName')
-export const defaultAccessDeniedPagePattern = new RegExp(`${config.get('idam.authentication-web.url')}/login\\?response_type=code&state=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}&client_id=cmc_citizen&redirect_uri=https://127.0.0.1:[0-9]{1,5}/receiver`)
+export const defaultAccessDeniedPagePattern = new RegExp(`${config.get('idam.authentication-web.url')}/o/authorize\\?response_type=code&state=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}&client_id=cmc_citizen&redirect_uri=https://127.0.0.1:[0-9]{1,5}/receiver&scope=openid%20profile%20roles`)
 
 export function checkAuthorizationGuards (app: any,
                                           method: string,

src/test/routes/receiver.ts

@@ -148,7 +148,7 @@ describe('Login receiver', async () => {
         await request(app)
           .get(`${AppPaths.receiver.uri}?code=ABC&state=123`)
           .set('Cookie', 'state=123')
-          .expect(res => expect(res).to.be.redirect.toLocation(/.*\/login.*/))
+          .expect(res => expect(res).to.be.redirect.toLocation(/.*\/o\/authorize.*/))
       })
 
       it('For expired user credentials should return error otherwise', async () => {
@@ -242,7 +242,7 @@ describe('Defendant link receiver', () => {
 
         await request(app)
           .get(`${pagePath}?code=123`)
-          .expect(res => expect(res).to.be.redirect.toLocation(/.*\/login.*/))
+          .expect(res => expect(res).to.be.redirect.toLocation(/.*\/o\/authorize.*/))
       })
     })
   })