V5.1 into master (#544)

package.json

@@ -27,5 +27,8 @@
   "scripts": {
     "test-crossbrowser-e2e": "NODE_PATH=. codeceptjs run-multiple --all -c saucelabs.conf.js --steps --grep '@crossbrowser' --reporter mochawesome",
     "test:crossbrowser": "runSauceLabsTests.sh"
+  },
+  "dependencies": {
+    "jwt-decode": "^3.0.0"
   }
 }

src/main/java/uk/gov/hmcts/reform/idam/web/AppController.java

@@ -616,15 +616,7 @@ public ModelAndView verification(@ModelAttribute("authorizeCommand") @Validated
                     return new ModelAndView(VERIFICATION_VIEW, model.asMap());
                 }
 
-                // if 3x failed
-                if (ErrorResponse.CodeEnum.TOO_MANY_ATTEMPTS_OTP.equals(error.getCode())) {
-                    return redirectToLoginOnFailedOtpVerification(request, bindingResult, model);
-                }
-
-                // if expired
-                bindingResult.reject("Expired OTP");
-                model.addAttribute(HAS_OTP_SESSION_EXPIRED, true);
-                return new ModelAndView(VERIFICATION_VIEW, model.asMap());
+               return redirectToExpiredCode(model);
             }
 
             return redirectToLoginOnFailedOtpVerification(request, bindingResult, model);
@@ -641,6 +633,10 @@ private ModelAndView redirectToLoginOnFailedOtpVerification(VerificationRequest
         return new ModelAndView("redirect:/" + LOGIN_VIEW, model.asMap());
     }
 
+    private ModelAndView redirectToExpiredCode(Model model) {
+        return new ModelAndView("redirect:/" + EXPIRED_CODE_VIEW, model.asMap());
+    }
+
 
 
     /**
@@ -938,4 +934,17 @@ public String authorizeError(final Map<String, Object> model) {
         model.put(ERROR_SUB_MSG, GENERIC_SUB_ERROR_KEY);
         return ERRORPAGE_VIEW;
     }
+
+    @GetMapping(path = "/expiredcode")
+    public String expiredCodeError(@RequestParam("client_id") String clientId,
+                                   @RequestParam("redirect_uri") String redirectUri,
+                                   @RequestParam(required = false) String state,
+                                   @RequestParam(required = false) String scope,
+                                   Model model) {
+        model.addAttribute(CLIENTID, clientId);
+        model.addAttribute(REDIRECTURI, redirectUri);
+        model.addAttribute(STATE, state);
+        model.addAttribute(SCOPE, scope);
+        return EXPIRED_CODE_VIEW;
+    }
 }

src/main/java/uk/gov/hmcts/reform/idam/web/UserController.java

@@ -251,6 +251,7 @@ public String selfRegisterUser(@ModelAttribute("selfRegisterCommand") @Validated
      * @should return useractivation view and invalid passowrd error in model if HttpClientErrorException occurs and http status is 400 and password is not blacklisted
      * @should return expiredtoken view if HttpClientErrorException occurs and http status is 400 and token is invalid
      * @should return redirect expiredtoken page if selfRegisterUser service throws HttpClientErrorException and Http code is 404
+     * @should return redirect to error page with already activated error if validate password returns conflict
      */
     @PostMapping("/activate")
     public ModelAndView activateUser(@RequestParam("token") String token, @RequestParam("code") String code,
@@ -278,6 +279,11 @@ public ModelAndView activateUser(@RequestParam("token") String token, @RequestPa
             if (e.getStatusCode() == HttpStatus.NOT_FOUND) {
                 // don't expose the token in the error page
                 return new ModelAndView("redirect:expiredtoken", (Map<String, ?>) null);
+            } else if (e.getStatusCode() == HttpStatus.CONFLICT) {
+                log.error("An error occurred validating user activation token in activate: {}", token);
+                log.error("Response body: {}", e.getResponseBodyAsString(), e);
+                model.put(ERROR_MSG, ALREADY_ACTIVATED_KEY);
+                return new ModelAndView(ERRORPAGE_VIEW, model);
             }
 
             if (e.getStatusCode() == HttpStatus.BAD_REQUEST) {

src/main/java/uk/gov/hmcts/reform/idam/web/helper/MvcKeys.java

@@ -58,6 +58,7 @@ public class MvcKeys {
     public static final String TERMS_AND_CONDITIONS_VIEW = "tandc";
     public static final String CONTACT_US_VIEW = "contactus";
     public static final String STALE_USER_RESET_PASSWORD_VIEW = "staleUserResetPassword";
+    public static final String EXPIRED_CODE_VIEW = "expiredcode";
 
 
 }

src/main/resources/messages.properties

@@ -142,7 +142,6 @@ public.login.error.linked.title=You need to log in with a different account
 public.login.error.linked.please=Please
 public.login.error.linked.contact.us=Contact us
 public.login.error.linked.trouble=if you’re having problems logging in.
-#TODO update once we get the proper message back from hmcts ux
 public.login.error.retired.title=There is a problem with your account login details
 public.login.error.retired.instruction=Your account has been deactivated due to inactivity. Please reset your password using the link sent to your email to reactivate it.
 public.login.error.policycheck.title=Policies check failed
@@ -153,19 +152,22 @@ public.login.error.other.title=Information is missing or invalid
 public.login.error.failed.title=Incorrect email or password
 public.login.error.failed.username=Check your email address
 public.login.error.failed.password=Check your password
+public.login.error.verification.problem.title=There is a problem
+public.login.error.verification.code.incorrect.instruction=You have entered an incorrect verification code. Try again
 public.login.error.verification.failed.title=Incorrect verification code
 public.login.error.verification.expired.title=There is a problem with the code you entered
 public.login.error.verification.field.code.failed=Verification code incorrect, try again
 public.login.error.verification.field.code.expired=This verification code has expired, go back and <a href="{0}">login</a> again
-public.login.error.verification.field.code.empty=Enter a verification code
-public.login.error.verification.field.code.pattern=Enter numbers only
-public.login.error.verification.field.code.length=Enter a valid verification code
+public.login.error.verification.field.code.incorrect=Enter a correct verification code
+public.login.error.verification.expired.code.instruction.1=We’ve been unable to sign you in because your verification code has expired.
+public.login.error.verification.expired.code.instruction.2=You’ll need to start again.
 
 #One Time Password Verification
 public.verification.subheading.verification.required=Verification required
-public.verification.p=To complete login, a one-time verification code has been sent to your email address.
-public.verification.code.label=Enter verification code
-public.verification.form.submit=Submit
+public.verification.p=We've emailed you an 8 digit code.
+public.verification.check.inbox.instruction=In some cases, the email can take up to 30 minutes to arrive. Keep checking your inbox, including your spam folder.
+public.verification.code.label=Enter code
+public.verification.form.submit=Continue
 
 #Login With Pin
 public.login.with.pin.heading=Enter security code

src/main/resources/messages_cy.properties

@@ -154,18 +154,21 @@ public.login.error.other.title=Mae gwybodaeth ar goll neu nid yw’n ddilys
 public.login.error.failed.title=Cyfeiriad e-bost neu gyfrinair anghywir
 public.login.error.failed.username=Gwiriwch eich cyfeiriad e-bost
 public.login.error.failed.password=Gwiriwch eich cyfrinair
+public.login.error.verification.problem.title=Mae problem wedi codi
+public.login.error.verification.code.incorrect.instruction=Rydych wedi nodi cod dilysu anghywir. Rhowch gynnig arall arni
 public.login.error.verification.failed.title=Cod dilysu anghywir
 public.login.error.verification.expired.title=Mae problem gyda'r cod y bu ichi deipio
 public.login.error.verification.field.code.failed=Mae’r cod dilysu’n anghywir, rhowch gynnig arall arni
 public.login.error.verification.field.code.expired=Mae’r cod dilysu hwn wedi dod i ben, ewch yn ôl a  <a href="{0}">mewngofnodwch</a> eto
-public.login.error.verification.field.code.empty=Rhowch god dilysu
-public.login.error.verification.field.code.pattern=Defnyddiwch rifau’n unig
-public.login.error.verification.field.code.length=Rhowch god dilysu dilys
+public.login.error.verification.field.code.incorrect=Nodwch god dilysu cywir
+public.login.error.verification.expired.code.instruction.1=Nid oedd modd i chi mewngofnodi oherwydd bod eich cod dilysu wedi dod i ben.
+public.login.error.verification.expired.code.instruction.2=Bydd rhaid i chi gychwyn eto.
 
 #One Time Password Verification
 public.verification.subheading.verification.required=Mae angen dilysu eich cyfrif
-public.verification.p=I gwblhau'r broses fewngofnodi, mae cod dilysu y bydd rhaid ichi ei ddefnyddio unwaith wedi’i anfon i'ch cyfeiriad e-bost.
-public.verification.code.label=Rhowch god dilysu
+public.verification.p=Rydym wedi anfon cod 8 digid atoch trwy e-bost.
+public.verification.check.inbox.instruction=Mewn rhai achosion, gall gymryd hyd at 30 munud i’r neges e-bost gyrraedd. Gwiriwch eich mewnflwch yn rheolaidd, gan gynnwys eich ffolder spam.
+public.verification.code.label=Nodwch y cod
 public.verification.form.submit=Cyflwyno
 
 #Login With Pin

src/main/webapp/WEB-INF/jsp/expiredcode.jsp

@@ -0,0 +1,38 @@
+<%@ page contentType="text/html" pageEncoding="UTF-8" %>
+<%@ page session="false" %>
+<%@ taglib prefix="t" tagdir="/WEB-INF/tags" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
+
+<t:wrapper titleKey="public.login.error.verification.problem.title">
+    <article class="content__body">
+        <header class="page-header group">
+            <h1 class="heading-large">
+                <spring:message code="public.login.error.verification.problem.title" />
+            </h1>
+        </header>
+        <div>
+            <p>
+                <spring:message code="public.login.error.verification.expired.code.instruction.1" />
+            </p>
+            <p>
+                <spring:message code="public.login.error.verification.expired.code.instruction.2" />
+            </p>
+        </div>
+        <div>
+            <p>
+                <c:url value="/login" var="loginUrl">
+                    <c:param name="redirect_uri" value="${redirectUri}" />
+                    <c:param name="client_id" value="${clientId}" />
+                    <c:param name="state" value="${state}" />
+                    <c:param name="scope" value="${scope}" />
+                </c:url>
+                <a href="${loginUrl}" class="button">
+                    <spring:message code="public.common.button.continue.text" />
+                </a>
+            </p>
+        </div>
+    </article>
+</t:wrapper>

src/main/webapp/WEB-INF/jsp/useractivation.jsp

@@ -56,8 +56,8 @@
                 <input class="form-control ${hasPassword2Error ? "form-control-error" : ""}" type="password" id="password2" name="password2" value="${fn:escapeXml(password2)}" autocomplete="off">
             </div>
 
-            <input class="button" type="submit" value="<spring:message code="public.common.button.continue.text"/>" id="activate">
-
+            <input class="button" type="submit" value="<spring:message code="public.common.button.continue.text"/>" id="activate"
+                onclick="setTimeout(function () {document.getElementById('activate').disabled = true;document.getElementById('activate').style.opacity='0.5';}, 0);">
             <input type="hidden" id="token" name="token" value="${fn:escapeXml(token)}">
             <input type="hidden" id="code" name="code" value="${fn:escapeXml(code)}">
         </form:form>