Alex / Umar notes
Closed this issue · 1 comments
Some things we've been discussing, dumping here so it's all in one place:
Branch: https://github.com/ministryofjustice/fb-runner-node/tree/feature/save-return
return.setup.email.token
When a user clicks on the validate link, they visit a page that validates their token.
If it’s invalid, we redirect to the appropriate invalid page (eg token already used)
(NB. this is done - though we could check that the page we’re redirecting to actually exists)
If the token is valid, we need to create the savereturn record that we use to sign them in with.
(NB. for mandatory 2fa, we’ll need a little bit more code here, but now let’s assume that there is no mandatory 2fa)
- create fb-savereturn-client createRecord method that calls ../create endpoint
-
call createRecord method from return.setup.email.token’s controller
-
on error
throw error
Edit: (UH) - on error, we already get a Sorry, we’re currently experiencing technical difficulties
page
(it should work, anything else is a straight up totes failure, so for now at least a “System went boom” message is ok)… actually
-
on success
redirect to return.setup.email.verified
return.start
User visits sign in page
- Enters their email address
- Clicks continue
We need to
- Send user a magiclink
- Redirect to magiclink sent page
Tasks
- Add createMagiclink method on fb-savereturn-client that calls ../signin/email method
-
Call createMagiclink from return.start controller
-
on error
throw error
- on success
redirect to return.authentication.email.sent (should happen automatically)
(You can add the email sending to the create route in the mocks too ) (edited)
NB. we should probably redirect even if the email doesn’t exist - NB. no leakage that a user has used the site
(mentioning it so that we remember)
-
Can add the email sending to the create route in the mocks too (just added that) so you can see it working
-
the magiclink landing page doesn’t exist as yet, so you’ll need to create it
@solidgoldpig feel free to add/edit to this