Merge pull request #2513 from alphagov/PP-7583-stripe-setup-account-u…

…rl-structure PP-7583 Stripe setup account url structure
alphagov · Jan 19, 2021 · 00883ae · 00883ae
2 parents 6724273 + e67a355
commit 00883ae
Show file tree

Hide file tree

Showing 22 changed files with 113 additions and 95 deletions.
diff --git a/app/controllers/stripe-setup/add-psp-account-details/get.controller.js b/app/controllers/stripe-setup/add-psp-account-details/get.controller.js
@@ -1,6 +1,7 @@
 'use strict'
 
 const paths = require('../../../paths')
+const formatAccountPathsFor = require('../../../utils/format-account-paths-for')
 const { response, renderErrorView } = require('../../../utils/response')
 
 module.exports = async (req, res) => {
@@ -9,15 +10,16 @@ module.exports = async (req, res) => {
   }
 
   const stripeAccountSetup = req.account.connectorGatewayAccountStripeProgress
+  const accountExternalId = req.account.external_id
 
   if (!stripeAccountSetup.bankAccount) {
-    res.redirect(303, paths.stripeSetup.bankDetails)
+    res.redirect(303, formatAccountPathsFor(paths.account.stripeSetup.bankDetails, accountExternalId))
   } else if (!stripeAccountSetup.responsiblePerson) {
-    res.redirect(303, paths.stripeSetup.responsiblePerson)
+    res.redirect(303, formatAccountPathsFor(paths.account.stripeSetup.responsiblePerson, accountExternalId))
   } else if (!stripeAccountSetup.vatNumber) {
-    res.redirect(303, paths.stripeSetup.vatNumber)
+    res.redirect(303, formatAccountPathsFor(paths.account.stripeSetup.vatNumber, accountExternalId))
   } else if (!stripeAccountSetup.companyNumber) {
-    res.redirect(303, paths.stripeSetup.companyNumber)
+    res.redirect(303, formatAccountPathsFor(paths.account.stripeSetup.companyNumber, accountExternalId))
   } else {
     response(req, res, 'stripe-setup/go-live-complete')
   }

diff --git a/app/controllers/stripe-setup/add-psp-account-details/get.controller.test.js b/app/controllers/stripe-setup/add-psp-account-details/get.controller.test.js
@@ -19,6 +19,7 @@ describe('get controller', () => {
     req = {
       account: {
         gateway_account_id: 'gatewayId',
+        external_id: 'a-valid-external-id',
         connectorGatewayAccountStripeProgress: {}
       },
       correlationId: 'requestId'
@@ -34,13 +35,13 @@ describe('get controller', () => {
   it('should redirect to bank account setup page', async () => {
     req.account.connectorGatewayAccountStripeProgress.bankAccount = false
     getController(req, res)
-    sinon.assert.calledWith(res.redirect, 303, paths.stripeSetup.bankDetails)
+    sinon.assert.calledWith(res.redirect, 303, `/account/a-valid-external-id${paths.account.stripeSetup.bankDetails}`)
   })
 
   it('should redirect to responsible person page', async () => {
     req.account.connectorGatewayAccountStripeProgress.bankAccount = true
     getController(req, res)
-    sinon.assert.calledWith(res.redirect, 303, paths.stripeSetup.responsiblePerson)
+    sinon.assert.calledWith(res.redirect, 303, `/account/a-valid-external-id${paths.account.stripeSetup.responsiblePerson}`)
   })
 
   it('should redirect to VAT number page', async () => {
@@ -49,7 +50,7 @@ describe('get controller', () => {
       responsiblePerson: true
     }
     getController(req, res)
-    sinon.assert.calledWith(res.redirect, 303, paths.stripeSetup.vatNumber)
+    sinon.assert.calledWith(res.redirect, 303, `/account/a-valid-external-id${paths.account.stripeSetup.vatNumber}`)
   })
 
   it('should redirect to company registration number page', async () => {
@@ -59,7 +60,7 @@ describe('get controller', () => {
       vatNumber: true
     }
     getController(req, res)
-    sinon.assert.calledWith(res.redirect, 303, paths.stripeSetup.companyNumber)
+    sinon.assert.calledWith(res.redirect, 303, `/account/a-valid-external-id${paths.account.stripeSetup.companyNumber}`)
   })
 
   it('should render go live complete page when all steps are completed', async () => {

diff --git a/app/controllers/stripe-setup/bank-details/post.controller.js b/app/controllers/stripe-setup/bank-details/post.controller.js
@@ -9,6 +9,7 @@ const { updateBankAccount } = require('../../../services/clients/stripe/stripe.c
 const { ConnectorClient } = require('../../../services/clients/connector.client')
 const connector = new ConnectorClient(process.env.CONNECTOR_URL)
 const paths = require('../../../paths')
+const formatAccountPathsFor = require('../../../utils/format-account-paths-for')
 const fieldValidationChecks = require('../../../browsered/field-validation-checks')
 
 // Constants
@@ -38,7 +39,7 @@ module.exports = (req, res) => {
       return connector.setStripeAccountSetupFlag(req.account.gateway_account_id, 'bank_account', req.correlationId)
     })
     .then(() => {
-      return res.redirect(303, paths.stripe.addPspAccountDetails)
+      return res.redirect(303, formatAccountPathsFor(paths.account.stripe.addPspAccountDetails, req.account && req.account.external_id))
     })
     .catch(error => {
       // check if it is Stripe related error

diff --git a/app/controllers/stripe-setup/bank-details/post.controller.test.js b/app/controllers/stripe-setup/bank-details/post.controller.test.js
@@ -19,7 +19,8 @@ describe('Bank details post controller', () => {
     req = {
       correlationId: 'correlation-id',
       account: {
-        gateway_account_id: '1'
+        gateway_account_id: '1',
+        external_id: 'a-valid-external-id'
       },
       body: {
         'account-number': rawAccountNumber,
@@ -52,7 +53,7 @@ describe('Bank details post controller', () => {
       bank_account_number: sanitisedAccountNumber
     })
     sinon.assert.calledWith(setStripeAccountSetupFlagMock, req.account.gateway_account_id, 'bank_account', req.correlationId)
-    sinon.assert.calledWith(res.redirect, 303, paths.stripe.addPspAccountDetails)
+    sinon.assert.calledWith(res.redirect, 303, `/account/a-valid-external-id${paths.account.stripe.addPspAccountDetails}`)
   })
 
   it('should render error page when Stripe returns unknown error', async () => {

diff --git a/app/controllers/stripe-setup/company-number/post.controller.js b/app/controllers/stripe-setup/company-number/post.controller.js
@@ -9,6 +9,7 @@ const companyNumberValidations = require('./company-number-validations')
 const { ConnectorClient } = require('../../../services/clients/connector.client')
 const connector = new ConnectorClient(process.env.CONNECTOR_URL)
 const paths = require('../../../paths')
+const formatAccountPathsFor = require('../../../utils/format-account-paths-for')
 
 // Constants
 const COMPANY_NUMBER_DECLARATION_FIELD = 'company-number-declaration'
@@ -34,7 +35,7 @@ module.exports = async (req, res) => {
       await updateCompany(res.locals.stripeAccount.stripeAccountId, stripeCompanyBody)
       await connector.setStripeAccountSetupFlag(req.account.gateway_account_id, 'company_number', req.correlationId)
 
-      return res.redirect(303, paths.stripe.addPspAccountDetails)
+      return res.redirect(303, formatAccountPathsFor(paths.account.stripe.addPspAccountDetails, req.account && req.account.external_id))
     } catch (error) {
       logger.error(`[${req.correlationId}] Error submitting "Company registration number" details, error = `, error)
       return renderErrorView(req, res, 'Please try again or contact support team')

diff --git a/app/controllers/stripe-setup/responsible-person/post.controller.js b/app/controllers/stripe-setup/responsible-person/post.controller.js
@@ -4,6 +4,7 @@ const lodash = require('lodash')
 const ukPostcode = require('uk-postcode')
 
 const paths = require('../../../paths')
+const formatAccountPathsFor = require('../../../utils/format-account-paths-for')
 const logger = require('../../../utils/logger')(__filename)
 const { response, renderErrorView } = require('../../../utils/response')
 const {
@@ -110,7 +111,7 @@ module.exports = async function (req, res) {
       await updatePerson(stripeAccountId, person.id, buildStripePerson(formFields))
       await connector.setStripeAccountSetupFlag(req.account.gateway_account_id, 'responsible_person', req.correlationId)
 
-      return res.redirect(303, paths.stripe.addPspAccountDetails)
+      return res.redirect(303, formatAccountPathsFor(paths.account.stripe.addPspAccountDetails, req.account && req.account.external_id))
     } catch (error) {
       logger.error(`[requestId=${req.correlationId}] Error creating responsible person with Stripe - ${error.message}`)
       return renderErrorView(req, res, 'Please try again or contact support team')

diff --git a/app/controllers/stripe-setup/responsible-person/post.controller.test.js b/app/controllers/stripe-setup/responsible-person/post.controller.test.js
@@ -64,7 +64,8 @@ describe('Responsible person POST controller', () => {
     req = {
       correlationId: 'correlation-id',
       account: {
-        gateway_account_id: '1'
+        gateway_account_id: '1',
+        external_id: 'a-valid-external-id'
       }
     }
     res = {
@@ -108,7 +109,7 @@ describe('Responsible person POST controller', () => {
       dob_year: dobYearNormalised
     })
     sinon.assert.calledWith(setStripeAccountSetupFlagMock, req.account.gateway_account_id, 'responsible_person', req.correlationId)
-    sinon.assert.calledWith(res.redirect, 303, paths.stripe.addPspAccountDetails)
+    sinon.assert.calledWith(res.redirect, 303, `/account/a-valid-external-id${paths.account.stripe.addPspAccountDetails}`)
   })
 
   it('should call Stripe with normalised details (no second address line), then connector, then redirect to add details redirect route', async function () {
@@ -137,7 +138,7 @@ describe('Responsible person POST controller', () => {
       dob_year: dobYearNormalised
     })
     sinon.assert.calledWith(setStripeAccountSetupFlagMock, req.account.gateway_account_id, 'responsible_person', req.correlationId)
-    sinon.assert.calledWith(res.redirect, 303, paths.stripe.addPspAccountDetails)
+    sinon.assert.calledWith(res.redirect, 303, `/account/a-valid-external-id${paths.account.stripe.addPspAccountDetails}`)
   })
 
   it('should render error when Stripe returns error, not call connector, and not redirect', async function () {

diff --git a/app/controllers/stripe-setup/vat-number/post.controller.js b/app/controllers/stripe-setup/vat-number/post.controller.js
@@ -9,6 +9,7 @@ const vatNumberValidations = require('./vat-number-validations')
 const { ConnectorClient } = require('../../../services/clients/connector.client')
 const connector = new ConnectorClient(process.env.CONNECTOR_URL)
 const paths = require('../../../paths')
+const formatAccountPathsFor = require('../../../utils/format-account-paths-for')
 
 // Constants
 const VAT_NUMBER_FIELD = 'vat-number'
@@ -31,7 +32,7 @@ module.exports = async (req, res) => {
       await updateCompany(res.locals.stripeAccount.stripeAccountId, stripeCompanyBody)
       await connector.setStripeAccountSetupFlag(req.account.gateway_account_id, 'vat_number', req.correlationId)
 
-      return res.redirect(303, paths.stripe.addPspAccountDetails)
+      return res.redirect(303, formatAccountPathsFor(paths.account.stripe.addPspAccountDetails, req.account && req.account.external_id))
     } catch (error) {
       logger.error(`[${req.correlationId}] Error submitting "VAT number" details, error = `, error)
       return renderErrorView(req, res, 'Please try again or contact support team')

diff --git a/app/paths.js b/app/paths.js
@@ -94,8 +94,20 @@ module.exports = {
       index: '/your-psp',
       flex: '/your-psp/flex',
       worldpay3dsFlex: '/your-psp/worldpay-3ds-flex'
+    },
+    stripeSetup: {
+      bankDetails: '/bank-details',
+      responsiblePerson: '/responsible-person',
+      vatNumber: '/vat-number',
+      companyNumber: '/company-number'
+    },
+    stripe: {
+      addPspAccountDetails: '/stripe/add-psp-account-details'
     }
   },
+  redirects: {
+    stripeSetupLiveDashboardRedirect: '/service/:externalServiceId/dashboard/live'
+  },
   transactions: {
     index: '/transactions',
     download: '/transactions/download',
@@ -197,16 +209,6 @@ module.exports = {
   policyPages: {
     download: '/policy/download/:key'
   },
-  stripeSetup: {
-    bankDetails: '/bank-details',
-    responsiblePerson: '/responsible-person',
-    vatNumber: '/vat-number',
-    companyNumber: '/company-number',
-    stripeSetupLink: '/service/:externalServiceId/dashboard/live'
-  },
-  stripe: {
-    addPspAccountDetails: '/stripe/add-psp-account-details'
-  },
   payouts: {
     list: '/payments-to-your-bank-account'
   }

diff --git a/app/routes.js b/app/routes.js
@@ -89,8 +89,8 @@ const {
   healthcheck, registerUser, user, dashboard, selfCreateService, transactions, credentials,
   serviceSwitcher, teamMembers, staticPaths, inviteValidation, editServiceName, merchantDetails,
   notificationCredentials,
-  requestToGoLive, policyPages, stripeSetup, stripe,
-  allServiceTransactions, payouts
+  requestToGoLive, policyPages,
+  allServiceTransactions, payouts, redirects
 } = paths
 const {
   apiKeys,
@@ -103,7 +103,9 @@ const {
   toggle3ds,
   toggleBillingAddress,
   toggleMotoMaskCardNumberAndSecurityCode,
-  yourPsp
+  yourPsp,
+  stripeSetup,
+  stripe
 } = paths.account
 
 // Exports
@@ -191,9 +193,8 @@ module.exports.bind = function (app) {
     ...lodash.values(user.profile),
     ...lodash.values(requestToGoLive),
     ...lodash.values(policyPages),
-    ...lodash.values(stripeSetup),
-    ...lodash.values(stripe),
     ...lodash.values(payouts),
+    ...lodash.values(redirects),
     paths.feedback
   ] // Extract all the authenticated paths as a single array
 
@@ -261,7 +262,7 @@ module.exports.bind = function (app) {
   app.post(merchantDetails.edit, permission('merchant-details:update'), merchantDetailsController.postEdit)
 
   // Service live account dashboard link
-  app.get(stripeSetup.stripeSetupLink, stripeSetupDashboardRedirectController.get)
+  app.get(redirects.stripeSetupLiveDashboardRedirect, stripeSetupDashboardRedirectController.get)
 
   // ----------------------------
   // GATEWAY ACCOUNT LEVEL ROUTES
@@ -423,16 +424,6 @@ module.exports.bind = function (app) {
   account.post(requestToGoLive.agreement, permission('go-live-stage:update'), requestToGoLiveAgreementController.post)
 
   // Stripe setup
-  app.get(stripeSetup.bankDetails, permission('stripe-bank-details:update'), getAccount, paymentMethodIsCard, restrictToLiveStripeAccount, checkBankDetailsNotSubmitted, getStripeAccount, stripeSetupBankDetailsController.get)
-  app.post(stripeSetup.bankDetails, permission('stripe-bank-details:update'), getAccount, paymentMethodIsCard, restrictToLiveStripeAccount, checkBankDetailsNotSubmitted, getStripeAccount, stripeSetupBankDetailsController.post)
-  app.get(stripeSetup.responsiblePerson, permission('stripe-responsible-person:update'), getAccount, paymentMethodIsCard, restrictToLiveStripeAccount, getStripeAccount, checkResponsiblePersonNotSubmitted, stripeSetupResponsiblePersonController.get)
-  app.post(stripeSetup.responsiblePerson, permission('stripe-responsible-person:update'), getAccount, paymentMethodIsCard, restrictToLiveStripeAccount, getStripeAccount, checkResponsiblePersonNotSubmitted, stripeSetupResponsiblePersonController.post)
-  app.get(stripeSetup.vatNumber, permission('stripe-vat-number-company-number:update'), getAccount, paymentMethodIsCard, restrictToLiveStripeAccount, checkVatNumberNotSubmitted, stripeSetupVatNumberController.get)
-  app.post(stripeSetup.vatNumber, permission('stripe-vat-number-company-number:update'), getAccount, paymentMethodIsCard, restrictToLiveStripeAccount, getStripeAccount, checkVatNumberNotSubmitted, stripeSetupVatNumberController.post)
-  app.get(stripeSetup.companyNumber, permission('stripe-vat-number-company-number:update'), getAccount, paymentMethodIsCard, restrictToLiveStripeAccount, checkCompanyNumberNotSubmitted, stripeSetupCompanyNumberController.get)
-  app.post(stripeSetup.companyNumber, permission('stripe-vat-number-company-number:update'), getAccount, paymentMethodIsCard, restrictToLiveStripeAccount, getStripeAccount, checkCompanyNumberNotSubmitted, stripeSetupCompanyNumberController.post)
-  app.get(stripe.addPspAccountDetails, permission('stripe-account-details:update'), getAccount, paymentMethodIsCard, restrictToLiveStripeAccount, stripeSetupAddPspAccountDetailsController.get)
-
   account.get(stripeSetup.bankDetails, permission('stripe-bank-details:update'), paymentMethodIsCard, restrictToLiveStripeAccount, checkBankDetailsNotSubmitted, getStripeAccount, stripeSetupBankDetailsController.get)
   account.post(stripeSetup.bankDetails, permission('stripe-bank-details:update'), paymentMethodIsCard, restrictToLiveStripeAccount, checkBankDetailsNotSubmitted, getStripeAccount, stripeSetupBankDetailsController.post)
   account.get(stripeSetup.responsiblePerson, permission('stripe-responsible-person:update'), paymentMethodIsCard, restrictToLiveStripeAccount, getStripeAccount, checkResponsiblePersonNotSubmitted, stripeSetupResponsiblePersonController.get)

diff --git a/app/views/dashboard/_stripe-account-setup-banner.njk b/app/views/dashboard/_stripe-account-setup-banner.njk
@@ -51,7 +51,7 @@
         govukButton({
           text: 'Add details',
           classes: 'govuk-!-margin-bottom-0',
-          href: routes.stripe.addPspAccountDetails,
+          href: formatAccountPathsFor(routes.account.stripe.addPspAccountDetails, currentGatewayAccount.external_id),
           attributes: {
             id: "add-account-details"
           }

diff --git a/app/views/stripe-setup/bank-details/index.njk b/app/views/stripe-setup/bank-details/index.njk
@@ -29,7 +29,7 @@
     <p class="govuk-body govuk-!-margin-bottom-6">This is the bank account payments will go into.</p>
 
     <form id="bank-details-form" method="post"
-          action="/bank-details" data-validate="true">
+          data-validate="true">
       <input id="csrf" name="csrfToken" type="hidden" value="{{ csrf }}"/>
 
       {% set sortCodeError = false %}

diff --git a/app/views/stripe-setup/company-number/index.njk b/app/views/stripe-setup/company-number/index.njk
@@ -27,7 +27,7 @@
     {% endif %}
 
     <form id="company-number-form" method="post"
-          action="/company-number">
+          >
       <input id="csrf" name="csrfToken" type="hidden" value="{{ csrf }}"/>
 
       {% set companyNumberError = false %}

diff --git a/app/views/stripe-setup/responsible-person/index.njk b/app/views/stripe-setup/responsible-person/index.njk
@@ -73,7 +73,7 @@
 
     <p class="govuk-body">Stripe will store the responsible person’s details, not GOV.UK Pay.</p>
 
-    <form id="responsible-person-form" method="post" action="/responsible-person" class="govuk-!-margin-top-4" novalidate>
+    <form id="responsible-person-form" method="post" class="govuk-!-margin-top-4" novalidate>
       <input id="csrf" name="csrfToken" type="hidden" value="{{ csrf }}"/>
 
       {% call govukFieldset({

diff --git a/app/views/stripe-setup/vat-number/index.njk b/app/views/stripe-setup/vat-number/index.njk
@@ -22,7 +22,7 @@
     <h1 class="govuk-heading-l govuk-!-margin-bottom-6"><label for="vat-number">What is your organisation’s VAT number?</label></h1>
 
     <form id="vat-number-form" method="post"
-          action="/vat-number" novalidate>
+          novalidate>
       <input id="csrf" name="csrfToken" type="hidden" value="{{ csrf }}"/>
 
       {% set vatNumberError = false %}

diff --git a/test/cypress/integration/dashboard/dashboard-stripe-add-details.cy.test.js b/test/cypress/integration/dashboard/dashboard-stripe-add-details.cy.test.js
@@ -7,13 +7,15 @@ const stripeAccountSetupStubs = require('../../stubs/stripe-account-setup-stub')
 const stripeAccountStubs = require('../../stubs/stripe-account-stubs')
 
 describe('The Stripe psp details banner', () => {
-  const gatewayAccountId = 22
+  const gatewayAccountId = '22'
+  const gatewayAccountExternalId = 'a-valid-external-id'
   const userExternalId = 'cd0fa54cf3b7408a80ae2f1b93e7c16e'
   beforeEach(() => {
     cy.setEncryptedCookies(userExternalId, gatewayAccountId)
     cy.task('setupStubs', [
-      userStubs.getUserSuccess({ userExternalId, gatewayAccountId }),
+      userStubs.getUserSuccess({ userExternalId, gatewayAccountId, gatewayAccountExternalId }),
       gatewayAccountStubs.getGatewayAccountSuccess({ gatewayAccountId, type: 'live', paymentProvider: 'stripe' }),
+      gatewayAccountStubs.getGatewayAccountByExternalIdSuccess({ gatewayAccountId, gatewayAccountExternalId, type: 'live', paymentProvider: 'stripe' }),
       transactionsSummaryStubs.getDashboardStatistics(),
       stripeAccountSetupStubs.getGatewayAccountStripeSetupSuccess({
         gatewayAccountId,