set magic_link in email

.env.development

@@ -1,3 +1,5 @@
+APP_BASE_URL=http://localhost:3000
+
 DFE_SIGN_IN_ISSUER=https://pp-oidc.signin.education.gov.uk:443
 DFE_SIGN_IN_REDIRECT_BASE_URL=https://localhost:3000
 DFE_SIGN_IN_IDENTIFIER=teacherpayments

.env.test

@@ -1,3 +1,5 @@
+APP_BASE_URL=http://www.example.com
+
 DFE_SIGN_IN_API_CLIENT_ID=teacherpayments
 DFE_SIGN_IN_API_SECRET=secret
 DFE_SIGN_IN_API_ENDPOINT=https://example.com

app/controllers/claims_controller.rb

@@ -85,7 +85,7 @@ def check_page_is_in_sequence
 
   def handle_magic_link
     otp = OneTimePassword::Validator.new(params[:code], answers.sent_one_time_password_at)
-    if otp.valid?
+    if otp.valid? # && EligibleEyProvider.eligible_email?(journey_session.answers.email_address) # TODO eligible check once model merged: https://github.com/DFE-Digital/claim-additional-payments-for-teaching/pull/3050
       journey_session.answers.assign_attributes(email_verified: true)
       journey_session.save!
       session[:slugs] << page_sequence.next_required_slug

app/mailers/claim_mailer.rb

@@ -75,10 +75,9 @@ def early_years_payment_provider_email(claim, one_time_password)
     unknown_policy_check(claim)
     set_common_instance_variables(claim)
     @subject = @claim_subject
-    @one_time_password = one_time_password
+    @magic_link = early_years_payment_provider_magic_link(one_time_password)
     personalisation = {
-      email_subject: @subject,
-      one_time_password: @one_time_password
+      magic_link: @magic_link
     }
 
     send_mail(template_ids(claim)[:CLAIM_PROVIDER_EMAIL_TEMPLATE_ID], personalisation)
@@ -120,4 +119,9 @@ def unknown_policy_check(claim)
     ].include?(claim.policy)
     raise ArgumentError, "Unknown claim policy: #{claim.policy}"
   end
+
+  def early_years_payment_provider_magic_link(one_time_password)
+    slug = Journeys::PageSequence::EARLY_YEARS_PAYMENT_PROVIDER_EMAIL_SLUG
+    "#{ENV["APP_BASE_URL"]}/#{Journeys::EarlyYearsPayment::Provider::ROUTING_NAME}/#{slug}?code=#{one_time_password}"
+  end
 end

app/models/journeys/page_sequence.rb

@@ -5,9 +5,10 @@ module Journeys
   class PageSequence
     attr_reader :current_slug
 
+    EARLY_YEARS_PAYMENT_PROVIDER_EMAIL_SLUG = "consent"
     DEAD_END_SLUGS = %w[complete existing-session eligible-later future-eligibility ineligible]
     OPTIONAL_SLUGS = %w[postcode-search select-home-address reset-claim]
-    MAGIC_LINK_SLUGS = %w[consent]
+    MAGIC_LINK_SLUGS = [EARLY_YEARS_PAYMENT_PROVIDER_EMAIL_SLUG]
 
     def initialize(slug_sequence, completed_slugs, current_slug, journey_session)
       @current_slug = current_slug

spec/features/early_years_payment/provider/happy_path_spec.rb

@@ -3,7 +3,7 @@
 RSpec.feature "Early years payment provider" do
   let(:journey_session) { Journeys::EarlyYearsPayment::Provider::Session.last }
   let(:mail) { ActionMailer::Base.deliveries.last }
-  let(:otp) { mail[:personalisation].unparsed_value[:one_time_password] }
+  let(:magic_link) { mail[:personalisation].unparsed_value[:magic_link] }
 
   scenario "happy path claim" do
     when_early_years_payment_provider_journey_configuration_exists
@@ -24,9 +24,9 @@
     expect(page).to have_content("We have sent an email to [email protected]")
 
     expect(mail.to).to eq ["[email protected]"]
-    expect(otp).to match(/\A\d{6}\Z/)
+    expect(magic_link).to match(/\?code=\d{6}\Z/)
 
-    visit claim_path(Journeys::EarlyYearsPayment::Provider::ROUTING_NAME, :consent, code: otp)
+    visit magic_link
     expect(journey_session.reload.answers.email_verified).to be true
     expect(page).to have_content("Declaration of Employee Consent")
     check "I confirm that I have obtained consent from my employee and have provided them with the relevant privacy notice."

spec/forms/journeys/early_years_payment/provider/email_address_form_spec.rb

@@ -47,8 +47,7 @@
 
       expect(email_address).to have_received_email(
         "e0b78a08-601b-40ba-a97f-61fb00a7c951",
-        email_subject: email_subject,
-        one_time_password: "111111"
+        magic_link: "http://www.example.com/early-years-payment-provider/consent?code=111111"
       )
     end
 

spec/mailers/claim_mailer_spec.rb

@@ -352,9 +352,8 @@ class SomePolicy; end
 
     before { create(:journey_configuration, :early_years_payment_provider) }
 
-    it "has personalisation keys for: one time password" do
-      # TODO find correct email subject. Is subject used? or overriden on notify template?
-      expect(mail[:personalisation].decoded).to eq("{:email_subject=>\"Early Years Payment\", :one_time_password=>123124}")
+    it "has personalisation keys for: magic link" do
+      expect(mail[:personalisation].decoded).to eq("{:magic_link=>\"#{ENV["APP_BASE_URL"]}/early-years-payment-provider/consent?code=123124\"}")
       expect(mail.body).to be_empty
     end
   end

terraform/application/application.tf

@@ -16,6 +16,7 @@ module "application_configuration" {
       ENVIRONMENT_NAME   = var.environment
       PGSSLMODE          = local.postgres_ssl_mode
       CANONICAL_HOSTNAME = local.canonical_hostname
+      APP_BASE_URL       = local.app_base_url
   })
   secret_variables = {
     DATABASE_URL = module.postgres.url

terraform/application/variables.tf

@@ -87,6 +87,7 @@ variable "enable_logit" {
 locals {
   postgres_ssl_mode       = var.enable_postgres_ssl ? "require" : "disable"
   canonical_hostname      = var.canonical_hostname != null ? var.canonical_hostname : "${var.service_name}-${var.environment}-web.test.teacherservices.cloud"
+  app_base_url            = "https://${local.canonical_hostname}"
   app_env_values_from_yml = yamldecode(file("${path.module}/config/${var.config}_app_env.yml"))
   app_env_values          = merge(local.app_env_values_from_yml)
 }