Merge pull request #589 from companieshouse/bug/IDVA5-915-401-error-o…

…auth-token-expiry Handling 401 http status code
companieshouse · Jan 21, 2025 · bde65ab · bde65ab
2 parents 97d5829 + 8d415a3
commit bde65ab
Show file tree

Hide file tree

Showing 58 changed files with 237 additions and 318 deletions.
diff --git a/src/app.ts b/src/app.ts
@@ -19,8 +19,6 @@ import {
 } from "./utils/properties";
 import { BASE_URL, SOLE_TRADER, HEALTHCHECK, ACCESSIBILITY_STATEMENT, UPDATE_ACSP_DETAILS_BASE_URL } from "./types/pageURL";
 import { commonTemplateVariablesMiddleware } from "./middleware/common_variables_middleware";
-import { getLocalesService, selectLang } from "./utils/localise";
-import { ErrorService } from "./services/errorService";
 import { updateAcspAuthMiddleware } from "./middleware/update-acsp/update_acsp_authentication_middleware";
 import { updateAcspBaseAuthenticationMiddleware } from "./middleware/update-acsp/update_acsp_base_authentication_middleware";
 import { updateAcspIsOwnerMiddleware } from "./middleware/update-acsp/update_acsp_is_owner_middleware";
@@ -30,7 +28,7 @@ import nocache from "nocache";
 import { prepareCSPConfig } from "./middleware/content_security_policy_middleware_config";
 
 import { csrfProtectionMiddleware } from "./middleware/csrf_protection_middleware";
-import errorHandler from "./controllers/csrfErrorController";
+import errorHandler from "./controllers/errorController";
 const app = express();
 
 const nonce: string = uuidv4();
@@ -95,13 +93,6 @@ routerDispatch(app);
 
 app.use(...errorHandler);
 
-// Unhandled errors
-app.use((err: Error, req: Request, res: Response, next: NextFunction) => {
-    logger.error(`${err.name} - appError: ${err.message} - ${err.stack}`);
-    const errorService = new ErrorService();
-    errorService.renderErrorPage(res, getLocalesService(), selectLang(req.query.lang), req.url);
-});
-
 // Unhandled exceptions
 process.on("uncaughtException", (err: any) => {
     logger.error(`${err.name} - uncaughtException: ${err.message} - ${err.stack}`);

diff --git a/src/controllers/csrfErrorController.ts b/src/controllers/csrfErrorController.ts
diff --git a/src/controllers/errorController.ts b/src/controllers/errorController.ts
@@ -0,0 +1,37 @@
+import type { ErrorRequestHandler, NextFunction, Request, Response } from "express";
+import { CsrfError } from "@companieshouse/web-security-node";
+import { ErrorService } from "../services/errorService";
+import { getLocalesService, selectLang } from "../utils/localise";
+import logger from "../utils/logger";
+import { CHS_URL } from "../utils/properties";
+import { BASE_URL, CHECK_SAVED_APPLICATION } from "../types/pageURL";
+
+export const httpErrorHandler: ErrorRequestHandler = (err: any, req: Request, res: Response, next: NextFunction) => {
+    if (err.httpStatusCode === 401) {
+        logger.errorRequest(
+            req,
+            `A ${err.httpStatusCode} error occurred when a ${req.method} request was made to ${req.originalUrl}. Re-directing to ${BASE_URL}${CHECK_SAVED_APPLICATION}`
+        );
+        res.redirect(`${CHS_URL}/signin?return_to=${BASE_URL}${CHECK_SAVED_APPLICATION}`);
+    } else {
+        next(err);
+    }
+};
+
+export const csrfErrorHandler: ErrorRequestHandler = (err: any, req: Request, res: Response, next:NextFunction) => {
+    if (err instanceof CsrfError) {
+        logger.error(`${err.name} - appError: ${err.message} - ${err.stack}`);
+        const errorService = new ErrorService();
+        errorService.render403Page(res, getLocalesService(), selectLang(req.query.lang), req.url);
+    } else {
+        next(err);
+    }
+};
+
+export const unhandledErrorHandler: ErrorRequestHandler = (err: Error, req: Request, res: Response, next: NextFunction) => {
+    logger.error(`${err.name} - appError: ${err.message} - ${err.stack}`);
+    const errorService = new ErrorService();
+    errorService.renderErrorPage(res, getLocalesService(), selectLang(req.query.lang), req.url);
+};
+
+export default [httpErrorHandler, csrfErrorHandler, unhandledErrorHandler];
diff --git a/src/controllers/features/common/amlBodyMembershipNumberController.ts b/src/controllers/features/common/amlBodyMembershipNumberController.ts
@@ -7,7 +7,6 @@ import { USER_DATA, SUBMISSION_ID, GET_ACSP_REGISTRATION_DETAILS_ERROR, POST_ACS
 import { formatValidationError, resolveErrorMessage, getPageProperties } from "../../../validation/validation";
 import { validationResult } from "express-validator";
 import logger from "../../../utils/logger";
-import { ErrorService } from "../../../services/errorService";
 import { AcspData, AmlSupervisoryBody } from "@companieshouse/api-sdk-node/dist/services/acsp";
 import { AmlSupervisoryBodyService } from "../../../services/amlSupervisoryBody/amlBodyService";
 import { getAcspRegistration } from "../../../services/acspRegistrationService";
@@ -46,8 +45,7 @@ export const get = async (req: Request, res: Response, next: NextFunction) => {
         });
     } catch (err) {
         logger.error(GET_ACSP_REGISTRATION_DETAILS_ERROR);
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        next(err);
     }
 };
 
@@ -91,8 +89,7 @@ export const post = async (req: Request, res: Response, next: NextFunction) => {
         }
     } catch (err) {
         logger.error(POST_ACSP_REGISTRATION_DETAILS_ERROR + " " + JSON.stringify(err));
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        next(err);
     }
 };
 

diff --git a/src/controllers/features/common/applicationConfirmationController.ts b/src/controllers/features/common/applicationConfirmationController.ts
@@ -5,7 +5,6 @@ import { CONFIRMATION, BASE_URL } from "../../../types/pageURL";
 import { Session } from "@companieshouse/node-session-handler";
 import { GET_ACSP_REGISTRATION_DETAILS_ERROR, SUBMISSION_ID } from "../../../common/__utils/constants";
 import logger from "../../../utils/logger";
-import { ErrorService } from "../../../services/errorService";
 import { getAcspRegistration } from "../../../services/acspRegistrationService";
 import { deleteAllSessionData } from "../../../common/__utils/sessionHelper";
 
@@ -25,10 +24,8 @@ export const get = async (req: Request, res: Response, next: NextFunction) => {
             email: res.locals.userEmail,
             transactionId
         });
-
-    } catch {
+    } catch (err) {
         logger.error(GET_ACSP_REGISTRATION_DETAILS_ERROR);
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        next(err);
     }
 };
diff --git a/src/controllers/features/common/checkAmlDetailsController.ts b/src/controllers/features/common/checkAmlDetailsController.ts
@@ -6,7 +6,6 @@ import { Session } from "@companieshouse/node-session-handler";
 import { SUBMISSION_ID, GET_ACSP_REGISTRATION_DETAILS_ERROR } from "../../../common/__utils/constants";
 import { getAcspRegistration } from "../../../services/acspRegistrationService";
 import logger from "../../../utils/logger";
-import { ErrorService } from "../../../services/errorService";
 import { AMLSupervisoryBodies } from "../../../model/AMLSupervisoryBodies";
 
 export const get = async (req: Request, res: Response, next: NextFunction) => {
@@ -33,8 +32,7 @@ export const get = async (req: Request, res: Response, next: NextFunction) => {
         });
     } catch (err) {
         logger.error(GET_ACSP_REGISTRATION_DETAILS_ERROR);
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        next(err);
     }
 };
 

diff --git a/src/controllers/features/common/checkSavedApplicationController.ts b/src/controllers/features/common/checkSavedApplicationController.ts
@@ -1,9 +1,9 @@
 import { NextFunction, Request, Response } from "express";
 import { selectLang, addLangToUrl, getLocalesService } from "../../../utils/localise";
-import { BASE_URL, CHECK_SAVED_APPLICATION, TYPE_OF_BUSINESS } from "../../../types/pageURL";
+import { BASE_URL, TYPE_OF_BUSINESS } from "../../../types/pageURL";
 import { Session } from "@companieshouse/node-session-handler";
 import logger from "../../../utils/logger";
-import { ErrorService } from "../../../services/errorService";
+import { GET_ACSP_REGISTRATION_DETAILS_ERROR } from "../../../common/__utils/constants";
 import { getSavedApplication } from "../../../services/transactions/transaction_service";
 import { getRedirectionUrl } from "../../../services/checkSavedApplicationService";
 
@@ -24,9 +24,8 @@ export const get = async (req: Request, res: Response, next: NextFunction) => {
             logger.debug("its a new application");
             res.redirect(addLangToUrl(BASE_URL + TYPE_OF_BUSINESS, lang));
         }
-    } catch (error) {
-        logger.error(JSON.stringify(error));
-        const exception = new ErrorService();
-        exception.renderErrorPage(res, locales, lang, BASE_URL + CHECK_SAVED_APPLICATION);
+    } catch (err) {
+        logger.error(GET_ACSP_REGISTRATION_DETAILS_ERROR);
+        next(err);
     }
 };
diff --git a/src/controllers/features/common/checkYourAnswers.ts b/src/controllers/features/common/checkYourAnswers.ts
@@ -10,7 +10,6 @@ import { ApiResponse } from "@companieshouse/api-sdk-node/dist/services/resource
 import { Payment } from "@companieshouse/api-sdk-node/dist/services/payment";
 import { startPaymentsSession } from "../../../services/paymentService";
 import logger, { createAndLogError } from "../../../utils/logger";
-import { ErrorService } from "../../../services/errorService";
 import { getAcspRegistration } from "../../../services/acspRegistrationService";
 import { getAnswers } from "../../../services/checkYourAnswersService";
 import { AMLSupervisoryBodies } from "../../../model/AMLSupervisoryBodies";
@@ -37,10 +36,9 @@ export const get = async (req: Request, res: Response, next: NextFunction) => {
             AMLSupervisoryBodies,
             PIWIK_REGISTRATION_CHECK_YOUR_ANSWERS_ID
         });
-    } catch {
+    } catch (err) {
         logger.error(GET_ACSP_REGISTRATION_DETAILS_ERROR);
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        next(err);
     }
 };
 
@@ -66,10 +64,8 @@ export const post = async (req: Request, res: Response, next: NextFunction) => {
 
             res.redirect(paymentResponse.resource.links.journey);
         }
-
     } catch (err) {
         logger.error("Error starting payment session " + JSON.stringify(err));
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        next(err);
     }
 };
diff --git a/src/controllers/features/common/otherTypeOfBusinessController.ts b/src/controllers/features/common/otherTypeOfBusinessController.ts
@@ -7,7 +7,6 @@ import { saveDataInSession } from "../../../common/__utils/sessionHelper";
 import * as config from "../../../config";
 import { AcspDataService } from "../../../services/acspDataService";
 import { getAcspRegistration } from "../../../services/acspRegistrationService";
-import { ErrorService } from "../../../services/errorService";
 import { BASE_URL, LIMITED_WHAT_IS_THE_COMPANY_NUMBER, OTHER_TYPE_OF_BUSINESS, TYPE_OF_BUSINESS, UNINCORPORATED_NAME_REGISTERED_WITH_AML } from "../../../types/pageURL";
 import { addLangToUrl, getLocaleInfo, getLocalesService, selectLang } from "../../../utils/localise";
 import logger from "../../../utils/logger";
@@ -42,8 +41,7 @@ export const get = async (req: Request, res: Response, next: NextFunction) => {
 
     } catch (err) {
         logger.error(GET_ACSP_REGISTRATION_DETAILS_ERROR);
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        next(err);
     }
 
 };
@@ -88,7 +86,6 @@ export const post = async (req: Request, res: Response, next: NextFunction) => {
         }
     } catch (err) {
         logger.error(POST_ACSP_REGISTRATION_DETAILS_ERROR + " " + JSON.stringify(err));
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        next(err);
     }
 };
diff --git a/src/controllers/features/common/resumeJourneyController.ts b/src/controllers/features/common/resumeJourneyController.ts
@@ -2,18 +2,18 @@ import { ApiResponse } from "@companieshouse/api-sdk-node/dist/services/resource
 import { Transaction } from "@companieshouse/api-sdk-node/dist/services/transaction/types";
 import { Payment } from "@companieshouse/api-sdk-node/dist/services/payment";
 import { Session } from "@companieshouse/node-session-handler";
-import { Request, Response } from "express";
+import { NextFunction, Request, Response } from "express";
 import { BASE_URL, RESUME_JOURNEY, TYPE_OF_BUSINESS } from "../../../types/pageURL";
+import { NO_PAYMENT_RESOURCE_ERROR, SUBMISSION_ID } from "../../../common/__utils/constants";
 import { selectLang, addLangToUrl, getLocalesService } from "../../../utils/localise";
 import logger from "../../../utils/logger";
-import { NO_PAYMENT_RESOURCE_ERROR, SUBMISSION_ID } from "../../../common/__utils/constants";
+
 import { getTransactionById } from "../../../services/transactions/transaction_service";
-import { ErrorService } from "../../../services/errorService";
 import { startPaymentsSession } from "../../../services/paymentService";
 import { PAYMENTS_API_URL } from "../../../utils/properties";
 import { PAYMENTS, transactionStatuses } from "../../../config";
 
-export const get = async (req: Request, res: Response) => {
+export const get = async (req: Request, res: Response, next: NextFunction) => {
     const lang = selectLang(req.query.lang);
     const transactionId = req.query.transactionId as string;
     const acspId = req.query.acspId;
@@ -45,7 +45,6 @@ export const get = async (req: Request, res: Response) => {
 
     } catch (err) {
         logger.error("Error resuming journey " + JSON.stringify(err));
-        const error = new ErrorService();
-        error.renderErrorPage(res, getLocalesService(), lang, BASE_URL + RESUME_JOURNEY);
+        next(err);
     }
 };
diff --git a/src/controllers/features/common/savedApplicationController.ts b/src/controllers/features/common/savedApplicationController.ts
@@ -7,7 +7,6 @@ import { BASE_URL, SAVED_APPLICATION, TYPE_OF_BUSINESS, YOUR_FILINGS } from "../
 import { saveDataInSession } from "../../../common/__utils/sessionHelper";
 import { deleteAcspApplication } from "../../../services/acspRegistrationService";
 import logger from "../../../utils/logger";
-import { ErrorService } from "../../../services/errorService";
 import { Session } from "@companieshouse/node-session-handler";
 import { APPLICATION_ID, RESUME_APPLICATION_ID, SUBMISSION_ID, USER_DATA } from "../../../common/__utils/constants";
 
@@ -52,9 +51,8 @@ export const post = async (req: Request, res: Response, next: NextFunction) => {
                 res.redirect((BASE_URL + TYPE_OF_BUSINESS));
             }
         }
-    } catch (error) {
-        logger.error("Error deleting ACSP application " + JSON.stringify(error));
-        const errorService = new ErrorService();
-        errorService.renderErrorPage(res, locales, lang, currentUrl);
+    } catch (err) {
+        logger.error("Error deleting ACSP application " + JSON.stringify(err));
+        next(err);
     }
 };
diff --git a/src/controllers/features/common/typeOfBusinessController.ts b/src/controllers/features/common/typeOfBusinessController.ts
@@ -12,7 +12,6 @@ import { FEATURE_FLAG_DISABLE_LIMITED_JOURNEY, FEATURE_FLAG_DISABLE_PARTNERSHIP_
 import { isActiveFeature } from "../../../utils/feature.flag";
 import { getAcspRegistration } from "../../../services/acspRegistrationService";
 import { AcspData } from "@companieshouse/api-sdk-node/dist/services/acsp";
-import { ErrorService } from "../../../services/errorService";
 import { AcspDataService } from "../../../services/acspDataService";
 import { getPreviousPageUrl } from "../../../services/url";
 
@@ -58,8 +57,7 @@ export const get = async (req: Request, res: Response, next: NextFunction) => {
 
     } catch (err) {
         logger.error(GET_ACSP_REGISTRATION_DETAILS_ERROR);
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        next(err);
     }
 };
 
@@ -112,10 +110,8 @@ export const post = async (req: Request, res: Response, next: NextFunction) => {
         } else {
             res.redirect(addLangToUrl(BASE_URL + OTHER_TYPE_OF_BUSINESS, lang));
         }
-
     } catch (err) {
         logger.error(POST_ACSP_REGISTRATION_DETAILS_ERROR + " " + JSON.stringify(err));
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        next(err);
     }
 };
diff --git a/src/controllers/features/limited/addressCorrespondanceSelectorController.ts b/src/controllers/features/limited/addressCorrespondanceSelectorController.ts
@@ -8,7 +8,6 @@ import { addLangToUrl, getLocaleInfo, getLocalesService, selectLang } from "../.
 import { validationResult } from "express-validator";
 import { saveDataInSession } from "../../../common/__utils/sessionHelper";
 import logger from "../../../utils/logger";
-import { ErrorService } from "../../../services/errorService";
 import { AcspData } from "@companieshouse/api-sdk-node/dist/services/acsp";
 import { getAcspRegistration } from "../../../services/acspRegistrationService";
 import { AcspDataService } from "../../../services/acspDataService";
@@ -47,8 +46,7 @@ export const get = async (req: Request, res: Response, next: NextFunction) => {
         });
     } catch (err) {
         logger.error(GET_ACSP_REGISTRATION_DETAILS_ERROR);
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        next(err);
     }
 };
 
@@ -101,7 +99,6 @@ export const post = async (req: Request, res: Response, next: NextFunction) => {
         }
     } catch (err) {
         logger.error(POST_ACSP_REGISTRATION_DETAILS_ERROR + " " + JSON.stringify(err));
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        next(err);
     }
 };
diff --git a/src/controllers/features/limited/businessMustbeAmlRegisteredController.ts b/src/controllers/features/limited/businessMustbeAmlRegisteredController.ts
@@ -1,11 +1,11 @@
 import { NextFunction, Request, Response } from "express";
 import * as config from "../../../config";
+import logger from "../../../utils/logger";
 import { selectLang, addLangToUrl, getLocalesService, getLocaleInfo } from "../../../utils/localise";
 import { BASE_URL, LIMITED_BUSINESS_MUSTBE_AML_REGISTERED_KICKOUT, LIMITED_NAME_REGISTERED_WITH_AML, TYPE_OF_BUSINESS, AML_REGISTRATION } from "../../../types/pageURL";
 import { Session } from "@companieshouse/node-session-handler";
 import { getAcspRegistration } from "../../../services/acspRegistrationService";
-import { SUBMISSION_ID } from "../../../common/__utils/constants";
-import { ErrorService } from "../../../services/errorService";
+import { GET_ACSP_REGISTRATION_DETAILS_ERROR, SUBMISSION_ID } from "../../../common/__utils/constants";
 import { AcspDataService } from "../../../services/acspDataService";
 
 export const get = async (req: Request, res: Response, next: NextFunction) => {
@@ -29,7 +29,7 @@ export const get = async (req: Request, res: Response, next: NextFunction) => {
         });
 
     } catch (err) {
-        const error = new ErrorService();
-        error.renderErrorPage(res, locales, lang, currentUrl);
+        logger.error(GET_ACSP_REGISTRATION_DETAILS_ERROR);
+        next(err);
     }
 };