PP-12828 Return 404 on /secure/{tokenId} when token is not found in C…

…onnector
alphagov · Oct 15, 2024 · 076781e · 076781e
1 parent b2ef822
commit 076781e
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/app/controllers/secure.controller.js b/app/controllers/secure.controller.js
@@ -55,6 +55,10 @@ exports.new = async function (req, res) {
       res.redirect(303, generateRoute(resolveActionName(chargeStatus, 'get'), { chargeId }))
     }
   } catch (err) {
+    if (err.message === 'NOT_FOUND') {
+      logger.info(`Call to /secure/{tokenId} is invalid. Token not found for tokenId [${chargeTokenId}].`, getLoggingFields(req))
+      return responseRouter.response(req, res, 'NOT_FOUND')
+    }
     if (err.message === 'UNAUTHORISED') {
       logger.info('Call to /secure/{tokenId} is Unauthorised. This could be due to the token not existing, ' +
         'the frontend state cookie not existing, or the frontend state cookie containing an invalid value.',

diff --git a/app/models/charge.js b/app/models/charge.js
@@ -80,6 +80,9 @@ module.exports = correlationId => {
     } catch (err) {
       throw new Error('CLIENT_UNAVAILABLE', err)
     }
+    if (response.status === 404) {
+      throw new Error('NOT_FOUND')
+    }
     if (response.status !== 200) {
       throw new Error('UNAUTHORISED')
     }