Merge pull request #189 from hmrc/lajw/DLS-10231/Confidence-Level

LAJW · web-flow · commit 050a663c7729 · 2024-04-04T17:13:53.000+01:00
DLS-10231 Check for Confidence Level when obtaining user details
diff --git a/app/uk/gov/hmrc/helptosaveapi/controllers/HelpToSaveController.scala b/app/uk/gov/hmrc/helptosaveapi/controllers/HelpToSaveController.scala
@@ -23,9 +23,9 @@ import play.api.Configuration
 import play.api.libs.json.Json
 import play.api.libs.json.Json._
 import play.api.mvc._
-import uk.gov.hmrc.auth.core.AuthConnector
+import uk.gov.hmrc.auth.core.retrieve._
 import uk.gov.hmrc.auth.core.retrieve.v2.Retrievals.{authProviderId => v2AuthProviderId, nino => v2Nino}
-import uk.gov.hmrc.auth.core.retrieve.{v2, Name => RetrievedName, _}
+import uk.gov.hmrc.auth.core.{AuthConnector, ConfidenceLevel}
 import uk.gov.hmrc.helptosaveapi.auth.Auth
 import uk.gov.hmrc.helptosaveapi.models.AccessType.{PrivilegedAccess, UserRestricted}
 import uk.gov.hmrc.helptosaveapi.models._
@@ -36,7 +36,6 @@ import uk.gov.hmrc.helptosaveapi.util.{LogMessageTransformer, Logging, toFuture}
 import uk.gov.hmrc.http.HeaderCarrier
 import uk.gov.hmrc.play.bootstrap.backend.controller.BackendController
 
-import java.time.LocalDate
 import java.util.UUID
 import scala.concurrent.{ExecutionContext, Future}
 
@@ -49,15 +48,15 @@ class HelpToSaveController @Inject() (
 
   val correlationIdHeaderName: String = config.underlying.getString("microservice.correlationIdHeaderName")
 
-  val userInfoRetrievals: Retrieval[Option[RetrievedName] ~ Option[LocalDate] ~ Option[ItmpName] ~ Option[
-    LocalDate
-  ] ~ Option[ItmpAddress] ~ Option[String]] =
+  private val userInfoRetrievals = {
     v2.Retrievals.name and
       v2.Retrievals.dateOfBirth and
       v2.Retrievals.itmpName and
       v2.Retrievals.itmpDateOfBirth and
       v2.Retrievals.itmpAddress and
-      v2.Retrievals.email
+      v2.Retrievals.email and
+      v2.Retrievals.confidenceLevel
+  }
 
   def apiErrorToResult(e: ApiError): Result = e match {
     case _: ApiAccessError     => Forbidden(Json.toJson(e))
@@ -87,16 +86,20 @@ class HelpToSaveController @Inject() (
         // will definitely fail with a 500 response from auth for privileged access
         authorised(userInfoRetrievals and v2Nino) { _ =>
           {
-            case ggName ~ dob ~ itmpName ~ itmpDob ~ itmpAddress ~ email ~ authNino =>
-              val retrievedDetails = RetrievedUserDetails(
-                authNino,
-                itmpName.flatMap(_.givenName).orElse(ggName.flatMap(_.name)),
-                itmpName.flatMap(_.familyName).orElse(ggName.flatMap(_.lastName)),
-                itmpDob.orElse(dob),
-                itmpAddress,
-                email
-              )
-              helpToSaveApiService.createAccountUserRestricted(request, retrievedDetails).map(handleResult)
+            case ggName ~ dob ~ itmpName ~ itmpDob ~ itmpAddress ~ email ~ confidenceLevel ~ authNino =>
+              if (confidenceLevel == ConfidenceLevel.L200) {
+                val retrievedDetails = RetrievedUserDetails(
+                  authNino,
+                  itmpName.flatMap(_.givenName).orElse(ggName.flatMap(_.name)),
+                  itmpName.flatMap(_.familyName).orElse(ggName.flatMap(_.lastName)),
+                  itmpDob.orElse(dob),
+                  itmpAddress,
+                  email
+                )
+                helpToSaveApiService.createAccountUserRestricted(request, retrievedDetails).map(handleResult)
+              } else {
+                Future.successful(Unauthorized("Insufficient confidence level"))
+              }
           }
         }(ec)(request)
 
@@ -198,7 +201,6 @@ class HelpToSaveController @Inject() (
       case None =>
         logger.warn("There was no nino retrieved from auth")
         Forbidden
-
     }
   }
 
diff --git a/test/uk/gov/hmrc/helptosaveapi/controllers/HelpToSaveControllerSpec.scala b/test/uk/gov/hmrc/helptosaveapi/controllers/HelpToSaveControllerSpec.scala
@@ -21,6 +21,7 @@ import play.api.libs.json.Json
 import play.api.mvc._
 import play.api.test.FakeRequest
 import play.api.test.Helpers._
+import uk.gov.hmrc.auth.core.ConfidenceLevel
 import uk.gov.hmrc.auth.core.retrieve._
 import uk.gov.hmrc.auth.core.retrieve.v2.Retrievals.{authProviderId, nino => v2Nino}
 import uk.gov.hmrc.helptosaveapi.models._
@@ -133,27 +134,30 @@ class HelpToSaveControllerSpec extends AuthSupport {
 
       "the request is made with user-restricted access" must {
         val userInfoRetrievals: Retrieval[
-          Option[Name] ~ Option[LocalDate] ~ Option[ItmpName] ~ Option[LocalDate] ~ Option[ItmpAddress] ~ Option[String]
+          Option[Name] ~ Option[LocalDate] ~ Option[ItmpName] ~ Option[LocalDate] ~ Option[ItmpAddress] ~ Option[
+            String
+          ] ~ ConfidenceLevel
         ] =
           v2.Retrievals.name and
             v2.Retrievals.dateOfBirth and
             v2.Retrievals.itmpName and
             v2.Retrievals.itmpDateOfBirth and
             v2.Retrievals.itmpAddress and
-            v2.Retrievals.email
+            v2.Retrievals.email and
+            v2.Retrievals.confidenceLevel
 
         val createAccountUserDetailsRetrievals = userInfoRetrievals and v2Nino
 
         def createAccountRetrievalResult(
           u: RetrievedUserDetails
         ): Option[Name] ~ Option[LocalDate] ~ Option[ItmpName] ~ Option[LocalDate] ~ Option[ItmpAddress] ~ Option[
           String
-        ] ~ Option[String] = {
+        ] ~ ConfidenceLevel ~ Option[String] = {
           val dob = u.dateOfBirth
 
           new ~(Some(Name(u.forename, u.surname)), dob) and
             Some(ItmpName(u.forename, None, u.surname)) and dob and
-            u.address and u.email and u.nino
+            u.address and u.email and ConfidenceLevel.L200 and u.nino
         }
 
         val ggCredentials = GGCredId("id")
@@ -192,7 +196,7 @@ class HelpToSaveControllerSpec extends AuthSupport {
 
             val retrieval = new ~(Some(Name(Some("a"), Some("b"))), Some(LocalDate.of(1, 2, 3))) and
               Some(ItmpName(Some("c"), None, Some("d"))) and Some(LocalDate.of(3, 2, 1)) and
-              u.address and u.email and u.nino
+              u.address and u.email and ConfidenceLevel.L200 and u.nino
 
             val expectedRetrievedUserDetails =
               u.copy(forename = Some("c"), surname = Some("d"), dateOfBirth = Some(LocalDate.of(3, 2, 1)))
