feat(idx): remove usePasscodesResetPassword flag and make passcodes…

… the default
guardian · Sep 30, 2024 · 071f47a · 071f47a
1 parent 80fa18e
commit 071f47a
Show file tree

Hide file tree

Showing 7 changed files with 5 additions and 31 deletions.
diff --git a/src/server/controllers/changePassword.ts b/src/server/controllers/changePassword.ts
@@ -139,11 +139,7 @@ export const setPasswordController = (
 		// If the user is using the passcode flow for registration/reset password,
 		// we need to handle the password change/creation.
 		// If there are specific failures, we fall back to the legacy Okta change password flow.
-		if (
-			passcodesEnabled &&
-			!useOktaClassic &&
-			(path === '/welcome' || res.locals.queryParams.usePasscodesResetPassword)
-		) {
+		if (passcodesEnabled && !useOktaClassic) {
 			await oktaIdxApiPasswordHandler({
 				req,
 				res,

diff --git a/src/server/controllers/checkPasswordToken.ts b/src/server/controllers/checkPasswordToken.ts
@@ -209,11 +209,7 @@ export const checkTokenInOkta = async (
 	// If the user is using the passcode flow for registration/reset password,
 	// we need to handle the password change/creation.
 	// If there are specific failures, we fall back to the legacy Okta change password flow.
-	if (
-		passcodesEnabled &&
-		!res.locals.queryParams.useOktaClassic &&
-		(path === '/welcome' || state.queryParams.usePasscodesResetPassword)
-	) {
+	if (passcodesEnabled && !res.locals.queryParams.useOktaClassic) {
 		await oktaIdxApiCheckHandler({
 			path,
 			pageTitle,

diff --git a/src/server/controllers/sendChangePasswordEmail.ts b/src/server/controllers/sendChangePasswordEmail.ts
@@ -93,15 +93,6 @@ const setEncryptedCookieOkta = (
  * @name changePasswordEmailIdx
  * @description Start the Okta IDX flow to change the user's password
  *
- * NB: This is currently in testing and is not fully implemented yet, it should be used behind the `usePasscodesResetPassword` query param flag
- * Current status:
- *   - [x] ACTIVE users
- * 	   - [x] With email + password authenticator
- *     - [x] With only password authenticator
- *     - [x] With only email authenticator
- *   - [x] Non-ACTIVE user states
- *   - [x] Non-Existent users - In `sendEmailInOkta` method
- *
  * @param {Request} req - Express request object
  * @param {ResponseWithRequestState} res - Express response object
  * @param {UserResponse} user - Okta user object
@@ -114,9 +105,6 @@ const changePasswordEmailIdx = async (
 	user: UserResponse,
 	loopDetectionFlag: boolean = false,
 ): Promise<void | ResponseWithRequestState> => {
-	// placeholder warning message
-	logger.warn('Passcode reset password flow is not fully implemented yet');
-
 	try {
 		// start the IDX flow by calling interact and introspect
 		const introspectResponse = await startIdxFlow({
@@ -516,14 +504,14 @@ export const sendEmailInOkta = async (
 	const { email = '' } = req.body;
 	const path = getPath(req);
 	const {
-		queryParams: { appClientId, ref, refViewId, usePasscodesResetPassword },
+		queryParams: { appClientId, ref, refViewId, useOktaClassic },
 	} = state;
 
 	try {
 		// get the user object to check user status
 		const user = await getUser(email, req.ip);
 
-		if (passcodesEnabled && usePasscodesResetPassword) {
+		if (passcodesEnabled && !useOktaClassic) {
 			// try to start the IDX flow to send the user a passcode for reset password
 			await changePasswordEmailIdx(req, res, user);
 			// if successful, the user will be redirected to the email sent page
@@ -822,7 +810,7 @@ export const sendEmailInOkta = async (
 		) {
 			// if we're using passcodes, then show the email sent page with OTP input
 			// even if the user doesn't exist
-			if (passcodesEnabled && usePasscodesResetPassword) {
+			if (passcodesEnabled && !useOktaClassic) {
 				// set the encrypted state cookie to persist the email and stateHandle
 				// which we need to persist during the passcode reset flow
 				setEncryptedStateCookie(res, {

diff --git a/src/server/lib/queryParams.ts b/src/server/lib/queryParams.ts
@@ -52,7 +52,6 @@ export const parseExpressQueryParams = (
 		appClientId,
 		maxAge,
 		useOktaClassic,
-		usePasscodesResetPassword,
 	}: Record<keyof QueryParams, string | undefined>, // parameters from req.query
 	// some parameters may be manually passed in req.body too,
 	// generally for tracking purposes
@@ -77,7 +76,6 @@ export const parseExpressQueryParams = (
 		appClientId,
 		maxAge: stringToNumber(maxAge),
 		useOktaClassic: isStringBoolean(useOktaClassic),
-		usePasscodesResetPassword: isStringBoolean(usePasscodesResetPassword),
 	};
 };
 

diff --git a/src/shared/__tests__/queryParams.test.ts b/src/shared/__tests__/queryParams.test.ts
@@ -37,7 +37,6 @@ describe('getPersistableQueryParams', () => {
 			appClientId: 'appClientId',
 			useOktaClassic: undefined,
 			listName: undefined,
-			usePasscodesResetPassword: undefined,
 		};
 
 		expect(output).toStrictEqual(expected);

diff --git a/src/shared/lib/queryParams.ts b/src/shared/lib/queryParams.ts
@@ -42,7 +42,6 @@ export const getPersistableQueryParams = (
 	fromURI: params.fromURI,
 	appClientId: params.appClientId,
 	useOktaClassic: params.useOktaClassic,
-	usePasscodesResetPassword: params.usePasscodesResetPassword,
 });
 
 /**

diff --git a/src/shared/model/QueryParams.ts b/src/shared/model/QueryParams.ts
@@ -47,8 +47,6 @@ export interface PersistableQueryParams
 	appClientId?: string;
 	// fallback to Okta Classic if needed
 	useOktaClassic?: boolean;
-	// temporary flag to enable the use of passcodes for reset password flow
-	usePasscodesResetPassword?: boolean;
 }
 
 /**