PP-12395: Validation and success notification when revoking API key (#…

…4405) * PP-12395: Validation and success notification when revoking API key
alphagov · Jan 13, 2025 · c13de94 · c13de94
1 parent 3a5d2cd
commit c13de94
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 1 deletion.
diff --git a/app/controllers/simplified-account/settings/api-keys/api-keys.controller.js b/app/controllers/simplified-account/settings/api-keys/api-keys.controller.js
@@ -5,7 +5,9 @@ const paths = require('@root/paths')
 
 async function get (req, res) {
   const activeKeys = await apiKeysService.getActiveKeys(req.account.id)
+  const messages = res.locals?.flash?.messages ?? []
   return response(req, res, 'simplified-account/settings/api-keys/index', {
+    messages,
     accountType: req.account.type,
     activeKeys: activeKeys.map(activeKey => {
       return {

diff --git a/app/controllers/simplified-account/settings/api-keys/revoke/revoke.controller.js b/app/controllers/simplified-account/settings/api-keys/revoke/revoke.controller.js
@@ -13,7 +13,20 @@ async function get (req, res) {
 }
 
 async function post (req, res) {
+  const description = req.body.apiKeyName
+  if (req.body.revokeApiKey === undefined) {
+    return response(req, res, 'simplified-account/settings/api-keys/revoke', {
+      errors: {
+        summary: [{ text: `Confirm if you want to revoke ${description}`, href: '#revokeApiKey' }],
+        formErrors: { revokeApiKey: `Confirm if you want to revoke ${description}` } // pragma: allowlist secret
+      },
+      description,
+      backLink: formatSimplifiedAccountPathsFor(paths.simplifiedAccount.settings.apiKeys.index, req.service.externalId, req.account.type)
+    })
+  }
+
   if (req.body.revokeApiKey === 'Yes') { // pragma: allowlist secret
+    req.flash('messages', { state: 'success', icon: '&check;', heading: `${description} was successfully revoked` })
     await revokeKey(req.account.id, req.params.tokenLink)
   }
   res.redirect(formatSimplifiedAccountPathsFor(paths.simplifiedAccount.settings.apiKeys.index, req.service.externalId, req.account.type))

diff --git a/app/controllers/simplified-account/settings/api-keys/revoke/revoke.controller.test.js b/app/controllers/simplified-account/settings/api-keys/revoke/revoke.controller.test.js
@@ -68,6 +68,39 @@ describe('Controller: settings/api-keys/revoke', () => {
   })
 
   describe('post', () => {
+    describe('when nothing is selected', () => {
+      before(() => {
+        nextRequest({
+          body: {
+            apiKeyName: `${token.description}`
+          },
+          params: {
+            tokenLink: TOKEN_LINK
+          }
+        })
+        call('post')
+      })
+
+      it('should pass req, res, template path and context to the response method', () => {
+        expect(mockResponse).to.have.been.calledWith(
+          {
+            ...req,
+            body: { apiKeyName: 'token description' }, // pragma: allowlist secret
+            params: { tokenLink: TOKEN_LINK }
+          },
+          res,
+          'simplified-account/settings/api-keys/revoke',
+          {
+            errors: {
+              summary: [{ text: `Confirm if you want to revoke ${token.description}`, href: '#revokeApiKey' }],
+              formErrors: { revokeApiKey: `Confirm if you want to revoke ${token.description}` } // pragma: allowlist secret
+            },
+            description: token.description,
+            backLink: formatSimplifiedAccountPathsFor(paths.simplifiedAccount.settings.apiKeys.index, SERVICE_ID, ACCOUNT_TYPE)
+          })
+      })
+    })
+
     describe('when No is selected', () => {
       before(() => {
         nextRequest({

diff --git a/app/views/simplified-account/settings/api-keys/index.njk b/app/views/simplified-account/settings/api-keys/index.njk
@@ -20,7 +20,7 @@
     }
   ) }}
 
-  <p class="govuk-body">Use these to connect your digital service to Pay and to access the reporting API.</p>
+  <p class="govuk-body">Use these to connect your {% if accountType === 'test' %}test{% else %}live{% endif %} digital service to Pay and to access the reporting API.</p>
   <p class="govuk-body">
     You do not need API keys to use
     <a class="govuk-link" href="https://www.payments.service.gov.uk/govuk-payment-pages/">payment links</a>.

diff --git a/app/views/simplified-account/settings/api-keys/revoke.njk b/app/views/simplified-account/settings/api-keys/revoke.njk
@@ -7,9 +7,11 @@
 {% block settingsContent %}
   <form id="revoke-api-key" method="post" novalidate>
     <input id="csrf" name="csrfToken" type="hidden" value="{{ csrf }}"/>
+    <input id="apiKeyName" name="apiKeyName" type="hidden" value="{{ description }}"/>
 
     {{ govukRadios({
       name: 'revokeApiKey',
+      errorMessage: { text: errors.formErrors['revokeApiKey'] } if errors.formErrors['revokeApiKey'] else false,
       fieldset: {
         legend: {
           text: 'Are you sure you want to revoke ' + description,