From 5b2a6bb97866ebcb2891b2cbb6055b7597a4893e Mon Sep 17 00:00:00 2001
From: MrKevJoy <60096576+MrKevJoy@users.noreply.github.com>
Date: Mon, 30 Oct 2023 14:45:15 +0000
Subject: [PATCH] Adding warning to user page when user has prohibition (#753)

---
 .../Pages/Admin/User.cshtml                   | 24 ++++--
 .../Pages/Admin/User.cshtml.cs                |  3 +
 .../Services/DqtApi/DqtApiClient.cs           | 14 +++-
 .../Services/DqtApi/TeacherInfo.cs            | 14 ++++
 .../Account.cs                                |  6 +-
 .../Elevate.cs                                |  6 +-
 .../TrnTokenSignInJourney.cs                  | 15 ++--
 .../Account/DateOfBirth/DateOfBirthTests.cs   |  5 +-
 .../EndpointTests/Account/IndexTests.cs       |  9 +-
 .../OfficialDateOfBirth/ConfirmTests.cs       |  3 +-
 .../OfficialDateOfBirth/DetailsTests.cs       |  4 +-
 .../OfficialDateOfBirth/EvidenceTests.cs      |  4 +-
 .../OfficialDateOfBirthTests.cs               |  4 +-
 .../Account/OfficialName/ConfirmTests.cs      |  3 +-
 .../Account/OfficialName/DetailsTests.cs      |  4 +-
 .../Account/OfficialName/EvidenceTests.cs     |  4 +-
 .../Account/OfficialName/OfficialNameTests.cs |  4 +-
 .../Admin/AssignTrn/ConfirmTests.cs           |  3 +-
 .../Admin/AssignTrn/IndexTests.cs             |  3 +-
 .../EndpointTests/Admin/UserTests.cs          | 84 ++++++++++++++++++-
 .../EndpointTests/Oidc/AuthorizeTests.cs      |  3 +-
 .../SignIn/EmailConfirmationTests.cs          |  4 +-
 .../Jobs/SyncNamesWithDqtJobTests.cs          |  6 +-
 .../UserImport/UserImportProcessorTests.cs    |  6 +-
 .../UserClaimHelperTests.cs                   | 18 ++--
 25 files changed, 208 insertions(+), 45 deletions(-)

diff --git a/dotnet-authserver/src/TeacherIdentity.AuthServer/Pages/Admin/User.cshtml b/dotnet-authserver/src/TeacherIdentity.AuthServer/Pages/Admin/User.cshtml
index 5852a1306..7db2feff5 100644
--- a/dotnet-authserver/src/TeacherIdentity.AuthServer/Pages/Admin/User.cshtml
+++ b/dotnet-authserver/src/TeacherIdentity.AuthServer/Pages/Admin/User.cshtml
@@ -6,13 +6,25 @@
 }
 
 @section BeforeContent {
-    <govuk-back-link asp-page="Users"/>
+    <govuk-back-link asp-page="Users" />
 }
 
 <h1 class="govuk-heading-l">
     @Model.Name
 </h1>
 
+
+@if (Model.HasProhibitions)
+{
+    <section class="govuk-!-margin-bottom-6">
+        <govuk-warning-text icon-fallback-text="Warning" data-testid="user-has-prohibitions">
+            <span>This user has prohibitions and cannot access every service</span>
+        </govuk-warning-text>
+    </section>
+}
+
+
+
 <section class="x-govuk-summary-card govuk-!-margin-bottom-6">
     <header class="x-govuk-summary-card__header">
         <h2 class="x-govuk-summary-card__title">
@@ -126,17 +138,17 @@
                     <govuk-summary-list-row-value>@Model.Trn</govuk-summary-list-row-value>
                 </govuk-summary-list-row>
                 @{
-                    if(Model.EffectiveVerificationLevel == TrnVerificationLevel.Low)
+                    if (Model.EffectiveVerificationLevel == TrnVerificationLevel.Low)
                     {
-                      <govuk-summary-list-row>
+                        <govuk-summary-list-row>
                             <govuk-summary-list-row-key>TRN verification level</govuk-summary-list-row-key>
                             <govuk-summary-list-row-value><govuk-tag class="govuk-tag--yellow">Low</govuk-tag></govuk-summary-list-row-value>
                             <govuk-summary-list-row-actions>
-                             <govuk-summary-list-row-action asp-page="ElevateUserTrnVerification" asp-route-userId="@Model.UserId" visually-hidden-text="TRN verification level">Elevate</govuk-summary-list-row-action>
+                                <govuk-summary-list-row-action asp-page="ElevateUserTrnVerification" asp-route-userId="@Model.UserId" visually-hidden-text="TRN verification level">Elevate</govuk-summary-list-row-action>
                             </govuk-summary-list-row-actions>
-                      </govuk-summary-list-row>
+                        </govuk-summary-list-row>
                     }
-                    else if(Model.EffectiveVerificationLevel == TrnVerificationLevel.Medium)
+                    else if (Model.EffectiveVerificationLevel == TrnVerificationLevel.Medium)
                     {
                         <govuk-summary-list-row>
                             <govuk-summary-list-row-key>TRN verification level</govuk-summary-list-row-key>
diff --git a/dotnet-authserver/src/TeacherIdentity.AuthServer/Pages/Admin/User.cshtml.cs b/dotnet-authserver/src/TeacherIdentity.AuthServer/Pages/Admin/User.cshtml.cs
index 9c0a3c5c7..2d56f50bf 100644
--- a/dotnet-authserver/src/TeacherIdentity.AuthServer/Pages/Admin/User.cshtml.cs
+++ b/dotnet-authserver/src/TeacherIdentity.AuthServer/Pages/Admin/User.cshtml.cs
@@ -49,6 +49,8 @@ public UserModel(TeacherIdentityServerDbContext dbContext, IDqtApiClient dqtApiC
 
     public TrnVerificationLevel? EffectiveVerificationLevel { get; set; }
 
+    public bool HasProhibitions { get; set; }
+
     [FromRoute]
     public Guid UserId { get; set; }
 
@@ -112,6 +114,7 @@ public async Task<IActionResult> OnGet()
             DqtName = $"{dqtUser.FirstName} {dqtUser.LastName}";
             DqtDateOfBirth = dqtUser.DateOfBirth;
             DqtNationalInsuranceNumber = dqtUser.NationalInsuranceNumber;
+            HasProhibitions = dqtUser.Alerts.Any(y => y.AlertType == AlertType.Prohibition);
         }
 
         return Page();
diff --git a/dotnet-authserver/src/TeacherIdentity.AuthServer/Services/DqtApi/DqtApiClient.cs b/dotnet-authserver/src/TeacherIdentity.AuthServer/Services/DqtApi/DqtApiClient.cs
index fc248b077..f7867bac1 100644
--- a/dotnet-authserver/src/TeacherIdentity.AuthServer/Services/DqtApi/DqtApiClient.cs
+++ b/dotnet-authserver/src/TeacherIdentity.AuthServer/Services/DqtApi/DqtApiClient.cs
@@ -1,3 +1,5 @@
+using System.Text.Json;
+using System.Text.Json.Serialization;
 using Flurl;
 using TeacherIdentity.AuthServer.Infrastructure.Http;
 
@@ -7,6 +9,14 @@ public class DqtApiClient : IDqtApiClient
 {
     private readonly HttpClient _client;
 
+    private static JsonSerializerOptions _serializerOptions { get; } = new JsonSerializerOptions(JsonSerializerDefaults.Web)
+    {
+        Converters =
+        {
+            new JsonStringEnumConverter(),
+        }
+    };
+
     public DqtApiClient(HttpClient httpClient)
     {
         _client = httpClient;
@@ -34,7 +44,7 @@ public async Task<FindTeachersResponse> FindTeachers(FindTeachersRequest request
 
     public async Task<TeacherInfo?> GetTeacherByTrn(string trn, CancellationToken cancellationToken)
     {
-        var response = await _client.GetAsync($"/v3/teachers/{trn}?include=PendingDetailChanges", cancellationToken);
+        var response = await _client.GetAsync($"/v3/teachers/{trn}?include=PendingDetailChanges,Alerts", cancellationToken);
 
         if ((int)response.StatusCode == StatusCodes.Status404NotFound)
         {
@@ -42,7 +52,7 @@ public async Task<FindTeachersResponse> FindTeachers(FindTeachersRequest request
         }
 
         response.HandleErrorResponse();
-        return await response.Content.ReadFromJsonAsync<TeacherInfo>(cancellationToken: cancellationToken);
+        return await response.Content.ReadFromJsonAsync<TeacherInfo>(options: _serializerOptions, cancellationToken: cancellationToken);
     }
 
     public async Task<GetIttProvidersResponse> GetIttProviders(CancellationToken cancellationToken)
diff --git a/dotnet-authserver/src/TeacherIdentity.AuthServer/Services/DqtApi/TeacherInfo.cs b/dotnet-authserver/src/TeacherIdentity.AuthServer/Services/DqtApi/TeacherInfo.cs
index 1f11f5654..65a38051a 100644
--- a/dotnet-authserver/src/TeacherIdentity.AuthServer/Services/DqtApi/TeacherInfo.cs
+++ b/dotnet-authserver/src/TeacherIdentity.AuthServer/Services/DqtApi/TeacherInfo.cs
@@ -1,3 +1,4 @@
+
 namespace TeacherIdentity.AuthServer.Services.DqtApi;
 
 public record TeacherInfo
@@ -11,4 +12,17 @@ public record TeacherInfo
     public required bool PendingNameChange { get; init; }
     public required bool PendingDateOfBirthChange { get; init; }
     public required string? Email { get; init; }
+    public required IReadOnlyCollection<AlertInfo> Alerts { get; init; }
+}
+
+public record AlertInfo
+{
+    public required AlertType AlertType { get; init; }
+    public required string DqtSanctionCode { get; init; }
 }
+
+public enum AlertType
+{
+    Prohibition
+}
+
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.EndToEndTests/Account.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.EndToEndTests/Account.cs
index 41585f460..344dc4f04 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.EndToEndTests/Account.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.EndToEndTests/Account.cs
@@ -68,7 +68,8 @@ public async Task ChangeOfficialDateOfBirth()
             PendingDateOfBirthChange = false,
             PendingNameChange = false,
             Trn = user.Trn!,
-            Email = null
+            Email = null,
+            Alerts = Array.Empty<AlertInfo>()
         };
 
         ConfigureDqtApiGetTeacherResponse(user.Trn!, dqtTeacherInfo);
@@ -157,7 +158,8 @@ public async Task ChangeOfficialName()
             PendingDateOfBirthChange = false,
             PendingNameChange = false,
             Trn = user.Trn!,
-            Email = null
+            Email = null,
+            Alerts = Array.Empty<AlertInfo>()
         };
 
         ConfigureDqtApiGetTeacherResponse(user.Trn!, dqtTeacherInfo);
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.EndToEndTests/Elevate.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.EndToEndTests/Elevate.cs
index be6e99dea..e8bab3a3f 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.EndToEndTests/Elevate.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.EndToEndTests/Elevate.cs
@@ -62,7 +62,8 @@ public async Task UserSignsInWithLowVerificationLevel_IsRedirectedToElevateJourn
             NationalInsuranceNumber = nino,
             PendingDateOfBirthChange = false,
             PendingNameChange = false,
-            Trn = user.Trn!
+            Trn = user.Trn!,
+            Alerts = Array.Empty<AlertInfo>()
         });
 
         await page.SubmitElevateCheckAnswersPage();
@@ -171,7 +172,8 @@ public async Task AlreadySignedInUserWithLowVerificationLevel_IsRedirectedToElev
             NationalInsuranceNumber = nino,
             PendingDateOfBirthChange = false,
             PendingNameChange = false,
-            Trn = user.Trn!
+            Trn = user.Trn!,
+            Alerts = Array.Empty<AlertInfo>()
         });
 
         await page.SubmitElevateCheckAnswersPage();
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.EndToEndTests/TrnTokenSignInJourney.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.EndToEndTests/TrnTokenSignInJourney.cs
index ba19e180b..17af47de1 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.EndToEndTests/TrnTokenSignInJourney.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.EndToEndTests/TrnTokenSignInJourney.cs
@@ -42,7 +42,8 @@ public async Task NewTeacherUser_WithTrnToken_CreatesUserAndCompletesFlow()
                 NationalInsuranceNumber = Faker.Identification.UkNationalInsuranceNumber(),
                 PendingDateOfBirthChange = false,
                 PendingNameChange = false,
-                Email = trnToken.Email
+                Email = trnToken.Email,
+                Alerts = Array.Empty<AlertInfo>()
             });
 
         await using var context = await _hostFixture.CreateBrowserContext();
@@ -92,7 +93,8 @@ public async Task NewTeacherUser_WithTrnTokenForDqtRecordWithMissingDateOfBirth_
                 NationalInsuranceNumber = Faker.Identification.UkNationalInsuranceNumber(),
                 PendingDateOfBirthChange = false,
                 PendingNameChange = false,
-                Email = trnToken.Email
+                Email = trnToken.Email,
+                Alerts = Array.Empty<AlertInfo>()
             });
 
         await using var context = await _hostFixture.CreateBrowserContext();
@@ -143,7 +145,8 @@ public async Task NewTeacherUser_WithTrnTokenChangesEmail_CreatesUserAndComplete
                 NationalInsuranceNumber = Faker.Identification.UkNationalInsuranceNumber(),
                 PendingDateOfBirthChange = false,
                 PendingNameChange = false,
-                Email = trnToken.Email
+                Email = trnToken.Email,
+                Alerts = Array.Empty<AlertInfo>()
             });
 
         await using var context = await _hostFixture.CreateBrowserContext();
@@ -769,7 +772,8 @@ public async Task NewTeacherUser_WithTrnTokenChangesToInstitutionEmail_CreatesUs
                 NationalInsuranceNumber = Faker.Identification.UkNationalInsuranceNumber(),
                 PendingDateOfBirthChange = false,
                 PendingNameChange = false,
-                Email = trnToken.Email
+                Email = trnToken.Email,
+                Alerts = Array.Empty<AlertInfo>()
             });
 
         var invalidEmailSuffix = "invalid.sch.uk";
@@ -929,7 +933,8 @@ private async Task<TrnTokenModel> CreateValidTrnToken(
                 NationalInsuranceNumber = Faker.Identification.UkNationalInsuranceNumber(),
                 PendingDateOfBirthChange = false,
                 PendingNameChange = false,
-                Email = email
+                Email = email,
+                Alerts = Array.Empty<AlertInfo>()
             });
 
         return await _hostFixture.TestData.GenerateTrnToken(trn, email: email);
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/DateOfBirth/DateOfBirthTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/DateOfBirth/DateOfBirthTests.cs
index ba9943b2c..1f1c92949 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/DateOfBirth/DateOfBirthTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/DateOfBirth/DateOfBirthTests.cs
@@ -1,4 +1,6 @@
 using TeacherIdentity.AuthServer.Models;
+using TeacherIdentity.AuthServer.Services.DqtApi;
+
 namespace TeacherIdentity.AuthServer.Tests.EndpointTests.Account.DateOfBirth;
 
 public class DateOfBirthTests : TestBase
@@ -189,7 +191,8 @@ private void MockDqtApiResponse(User user, bool hasDobConflict, bool hasPendingD
                 Trn = user.Trn!,
                 PendingNameChange = false,
                 PendingDateOfBirthChange = hasPendingDobChange,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
     }
 }
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/IndexTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/IndexTests.cs
index d5c727dad..be2f63cb9 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/IndexTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/IndexTests.cs
@@ -133,7 +133,8 @@ public async Task Get_ValidRequestForUserWithTrn_ShowsOfficialNames(bool hasPref
                 Trn = user.Trn!,
                 PendingNameChange = false,
                 PendingDateOfBirthChange = false,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
 
         var request = new HttpRequestMessage(HttpMethod.Get, "/account");
@@ -186,7 +187,8 @@ public async Task Get_ValidRequestForUser_ShowsCorrectDobSummaryRowElements(
                 Trn = user.Trn!,
                 PendingNameChange = false,
                 PendingDateOfBirthChange = hasPendingReview,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
 
         var request = new HttpRequestMessage(HttpMethod.Get, "/account");
@@ -218,7 +220,8 @@ public async Task Get_ValidRequestForUserWithPendingNameChange_DoesShowPendingTa
                 Trn = user.Trn!,
                 PendingNameChange = true,
                 PendingDateOfBirthChange = false,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
 
         var request = new HttpRequestMessage(HttpMethod.Get, "/account");
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/ConfirmTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/ConfirmTests.cs
index f10f11265..21d49b6a0 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/ConfirmTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/ConfirmTests.cs
@@ -119,7 +119,8 @@ private void MockDqtApiResponse(User user, bool hasDobConflict, bool hasPendingD
                 Trn = user.Trn!,
                 PendingDateOfBirthChange = hasPendingDateOfBirthChange,
                 PendingNameChange = false,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
     }
 
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/DetailsTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/DetailsTests.cs
index 3507460f7..df9ed46a7 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/DetailsTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/DetailsTests.cs
@@ -1,3 +1,4 @@
+using TeacherIdentity.AuthServer.Services.DqtApi;
 using User = TeacherIdentity.AuthServer.Models.User;
 
 namespace TeacherIdentity.AuthServer.Tests.EndpointTests.Account.OfficialDateOfBirth;
@@ -180,7 +181,8 @@ private void MockDqtApiResponse(User user, bool hasDobConflict, bool hasPendingD
                 Trn = user.Trn!,
                 PendingDateOfBirthChange = hasPendingDateOfBirthChange,
                 PendingNameChange = false,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
     }
 
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/EvidenceTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/EvidenceTests.cs
index 1d5dcc533..80d47a8ee 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/EvidenceTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/EvidenceTests.cs
@@ -1,3 +1,4 @@
+using TeacherIdentity.AuthServer.Services.DqtApi;
 using User = TeacherIdentity.AuthServer.Models.User;
 
 namespace TeacherIdentity.AuthServer.Tests.EndpointTests.Account.OfficialDateOfBirth;
@@ -179,7 +180,8 @@ private void MockDqtApiResponse(User user, bool hasDobConflict, bool hasPendingD
                 Trn = user.Trn!,
                 PendingDateOfBirthChange = hasPendingDateOfBirthChange,
                 PendingNameChange = false,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
     }
 
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/OfficialDateOfBirthTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/OfficialDateOfBirthTests.cs
index eebb20c8f..cd0337809 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/OfficialDateOfBirthTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialDateOfBirth/OfficialDateOfBirthTests.cs
@@ -1,4 +1,5 @@
 using TeacherIdentity.AuthServer.Models;
+using TeacherIdentity.AuthServer.Services.DqtApi;
 
 namespace TeacherIdentity.AuthServer.Tests.EndpointTests.Account.OfficialDateOfBirth;
 
@@ -61,7 +62,8 @@ private void MockDqtApiResponse(User user, bool hasDobConflict, bool hasPendingD
                 Trn = user.Trn!,
                 PendingDateOfBirthChange = hasPendingDateOfBirthChange,
                 PendingNameChange = false,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
     }
 
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/ConfirmTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/ConfirmTests.cs
index 65aa3d0b2..96fc96227 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/ConfirmTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/ConfirmTests.cs
@@ -185,7 +185,8 @@ private void MockDqtApiResponse(User user, bool hasPendingNameChange)
                 Trn = user.Trn!,
                 PendingDateOfBirthChange = false,
                 PendingNameChange = hasPendingNameChange,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
     }
 }
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/DetailsTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/DetailsTests.cs
index 95886fe47..21818b140 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/DetailsTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/DetailsTests.cs
@@ -1,3 +1,4 @@
+using TeacherIdentity.AuthServer.Services.DqtApi;
 using User = TeacherIdentity.AuthServer.Models.User;
 
 namespace TeacherIdentity.AuthServer.Tests.EndpointTests.Account.OfficialName;
@@ -203,7 +204,8 @@ private void MockDqtApiResponse(User user, bool hasPendingNameChange, string mid
                 Trn = user.Trn!,
                 PendingDateOfBirthChange = false,
                 PendingNameChange = hasPendingNameChange,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
     }
 
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/EvidenceTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/EvidenceTests.cs
index 288eee935..3a57f793c 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/EvidenceTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/EvidenceTests.cs
@@ -1,5 +1,6 @@
 using System.Text.RegularExpressions;
 using TeacherIdentity.AuthServer.Models;
+using TeacherIdentity.AuthServer.Services.DqtApi;
 using User = TeacherIdentity.AuthServer.Models.User;
 
 namespace TeacherIdentity.AuthServer.Tests.EndpointTests.Account.OfficialName;
@@ -226,7 +227,8 @@ private void MockDqtApiResponse(User user, bool hasPendingNameChange)
                 Trn = user.Trn!,
                 PendingDateOfBirthChange = false,
                 PendingNameChange = hasPendingNameChange,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
     }
 
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/OfficialNameTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/OfficialNameTests.cs
index 77104896d..1072e4b91 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/OfficialNameTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Account/OfficialName/OfficialNameTests.cs
@@ -1,4 +1,5 @@
 using TeacherIdentity.AuthServer.Models;
+using TeacherIdentity.AuthServer.Services.DqtApi;
 
 namespace TeacherIdentity.AuthServer.Tests.EndpointTests.Account.OfficialName;
 
@@ -62,7 +63,8 @@ private void MockDqtApiResponse(User user, bool hasPendingNameChange)
                 Trn = user.Trn!,
                 PendingDateOfBirthChange = false,
                 PendingNameChange = hasPendingNameChange,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
     }
 }
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Admin/AssignTrn/ConfirmTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Admin/AssignTrn/ConfirmTests.cs
index b8b867f89..dcedfa4d2 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Admin/AssignTrn/ConfirmTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Admin/AssignTrn/ConfirmTests.cs
@@ -553,7 +553,8 @@ private void ConfigureDqtApiMock(
                 Trn = trn,
                 PendingNameChange = false,
                 PendingDateOfBirthChange = false,
-                Email = email ?? Faker.Internet.Email()
+                Email = email ?? Faker.Internet.Email(),
+                Alerts = Array.Empty<AlertInfo>()
             });
     }
 }
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Admin/AssignTrn/IndexTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Admin/AssignTrn/IndexTests.cs
index b61e25fce..069bd563e 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Admin/AssignTrn/IndexTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Admin/AssignTrn/IndexTests.cs
@@ -299,7 +299,8 @@ private void ConfigureDqtApiMock(
                 Trn = trn,
                 PendingNameChange = false,
                 PendingDateOfBirthChange = false,
-                Email = email ?? Faker.Internet.Email()
+                Email = email ?? Faker.Internet.Email(),
+                Alerts = Array.Empty<AlertInfo>()
             });
     }
 }
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Admin/UserTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Admin/UserTests.cs
index 843e00c46..e1f9d3fe9 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Admin/UserTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Admin/UserTests.cs
@@ -1,4 +1,6 @@
 
+using TeacherIdentity.AuthServer.Services.DqtApi;
+
 namespace TeacherIdentity.AuthServer.Tests.EndpointTests.Admin;
 
 public class UserTests : TestBase
@@ -100,7 +102,8 @@ public async Task Get_ValidRequestForUserWithTrn_RendersExpectedContent()
                 Trn = user.Trn!,
                 PendingNameChange = false,
                 PendingDateOfBirthChange = false,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
 
         var request = new HttpRequestMessage(HttpMethod.Get, $"/admin/users/{user.UserId}");
@@ -163,7 +166,8 @@ public async Task Get_ValidRequestForTrnVerificationLevel_RendersExpectedContent
                 Trn = user.Trn!,
                 PendingNameChange = false,
                 PendingDateOfBirthChange = false,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
 
         // Act
@@ -192,4 +196,80 @@ public async Task Get_ValidRequestForUserWithoutTRN_DoesNotRenderTrnVerification
         var doc = await response.GetDocument();
         Assert.Null(doc.GetSummaryListRowForKey("TRN verification level"));
     }
+
+    [Fact]
+    public async Task Get_ValidRequestForUserWithTrnAndProhibitions_RendersWarning()
+    {
+        // Arrange
+        var user = await TestData.CreateUser(hasTrn: true, userType: Models.UserType.Default);
+
+        var dqtFirstName = Faker.Name.First();
+        var dqtLastName = Faker.Name.Last();
+        var dqtDateOfBirth = DateOnly.FromDateTime(Faker.Identification.DateOfBirth());
+        var dqtNino = Faker.Identification.UkNationalInsuranceNumber();
+
+        HostFixture.DqtApiClient.Setup(mock => mock.GetTeacherByTrn(user.Trn!, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(new AuthServer.Services.DqtApi.TeacherInfo()
+            {
+                DateOfBirth = dqtDateOfBirth,
+                FirstName = dqtFirstName,
+                MiddleName = "",
+                LastName = dqtLastName,
+                NationalInsuranceNumber = dqtNino,
+                Trn = user.Trn!,
+                PendingNameChange = false,
+                PendingDateOfBirthChange = false,
+                Email = null,
+                Alerts = new[] { new AlertInfo() { AlertType = AlertType.Prohibition, DqtSanctionCode = "" } }
+            });
+
+        var request = new HttpRequestMessage(HttpMethod.Get, $"/admin/users/{user.UserId}");
+
+        // Act
+        var response = await HttpClient.SendAsync(request);
+
+        // Assert
+        Assert.Equal(StatusCodes.Status200OK, (int)response.StatusCode);
+
+        var doc = await response.GetDocument();
+        Assert.NotNull(doc.GetElementByTestId("user-has-prohibitions"));
+    }
+
+    [Fact]
+    public async Task Get_ValidRequestForUserWithTrnAndNoProhibition_DoesNotRenderWarning()
+    {
+        // Arrange
+        var user = await TestData.CreateUser(hasTrn: true, userType: Models.UserType.Default);
+
+        var dqtFirstName = Faker.Name.First();
+        var dqtLastName = Faker.Name.Last();
+        var dqtDateOfBirth = DateOnly.FromDateTime(Faker.Identification.DateOfBirth());
+        var dqtNino = Faker.Identification.UkNationalInsuranceNumber();
+
+        HostFixture.DqtApiClient.Setup(mock => mock.GetTeacherByTrn(user.Trn!, It.IsAny<CancellationToken>()))
+            .ReturnsAsync(new AuthServer.Services.DqtApi.TeacherInfo()
+            {
+                DateOfBirth = dqtDateOfBirth,
+                FirstName = dqtFirstName,
+                MiddleName = "",
+                LastName = dqtLastName,
+                NationalInsuranceNumber = dqtNino,
+                Trn = user.Trn!,
+                PendingNameChange = false,
+                PendingDateOfBirthChange = false,
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
+            });
+
+        var request = new HttpRequestMessage(HttpMethod.Get, $"/admin/users/{user.UserId}");
+
+        // Act
+        var response = await HttpClient.SendAsync(request);
+
+        // Assert
+        Assert.Equal(StatusCodes.Status200OK, (int)response.StatusCode);
+
+        var doc = await response.GetDocument();
+        Assert.Null(doc.GetElementByTestId("user-has-prohibitions"));
+    }
 }
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Oidc/AuthorizeTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Oidc/AuthorizeTests.cs
index f5d07a37e..b64ec702c 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Oidc/AuthorizeTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/Oidc/AuthorizeTests.cs
@@ -524,7 +524,8 @@ private void MockDqtApiResponse(string? trn = null, string? firstName = null, st
                 Trn = trn,
                 PendingDateOfBirthChange = false,
                 PendingNameChange = false,
-                Email = null
+                Email = null,
+                Alerts = Array.Empty<AlertInfo>()
             });
     }
 }
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/SignIn/EmailConfirmationTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/SignIn/EmailConfirmationTests.cs
index fc28c3a63..0fd311bf6 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/SignIn/EmailConfirmationTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/EndpointTests/SignIn/EmailConfirmationTests.cs
@@ -2,6 +2,7 @@
 using TeacherIdentity.AuthServer.Events;
 using TeacherIdentity.AuthServer.Models;
 using TeacherIdentity.AuthServer.Oidc;
+using TeacherIdentity.AuthServer.Services.DqtApi;
 using TeacherIdentity.AuthServer.Services.UserVerification;
 using TeacherIdentity.AuthServer.Tests.Infrastructure;
 
@@ -484,7 +485,8 @@ public async Task Post_ValidPinForKnownUserWithTrnAndDifferentDqtName_UpdatesUse
                 NationalInsuranceNumber = Faker.Identification.UkNationalInsuranceNumber(),
                 Trn = user.Trn!,
                 PendingDateOfBirthChange = false,
-                PendingNameChange = false
+                PendingNameChange = false,
+                Alerts = Array.Empty<AlertInfo>()
             });
 
         var authStateHelper = await CreateAuthenticationStateHelper(c => c.EmailSet(user.EmailAddress), additionalScopes: null);
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/Jobs/SyncNamesWithDqtJobTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/Jobs/SyncNamesWithDqtJobTests.cs
index a2d0aab8a..00bcfed6b 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/Jobs/SyncNamesWithDqtJobTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/Jobs/SyncNamesWithDqtJobTests.cs
@@ -68,7 +68,8 @@ await _dbFixture.TestData.WithDbContext(async dbContext =>
             NationalInsuranceNumber = null,
             PendingNameChange = false,
             PendingDateOfBirthChange = false,
-            Email = Faker.Internet.Email()
+            Email = Faker.Internet.Email(),
+            Alerts = Array.Empty<AlertInfo>()
         };
 
         var dqtApiClient = Mock.Of<IDqtApiClient>();
@@ -151,7 +152,8 @@ await _dbFixture.TestData.WithDbContext(async dbContext =>
             NationalInsuranceNumber = null,
             PendingNameChange = false,
             PendingDateOfBirthChange = false,
-            Email = Faker.Internet.Email()
+            Email = Faker.Internet.Email(),
+            Alerts = Array.Empty<AlertInfo>()
         };
 
         var dqtApiClient = Mock.Of<IDqtApiClient>();
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/Services/UserImport/UserImportProcessorTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/Services/UserImport/UserImportProcessorTests.cs
index f3d201dad..edf1d1f7e 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/Services/UserImport/UserImportProcessorTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/Services/UserImport/UserImportProcessorTests.cs
@@ -50,7 +50,8 @@ public static TheoryData<UserImportTestScenarioData> GetProcessImportData()
             NationalInsuranceNumber = null,
             PendingNameChange = false,
             PendingDateOfBirthChange = false,
-            Email = null
+            Email = null,
+            Alerts = Array.Empty<AlertInfo>()
         };
 
         var getTeacherByTrnResultTest23 = new TeacherInfo()
@@ -63,7 +64,8 @@ public static TheoryData<UserImportTestScenarioData> GetProcessImportData()
             NationalInsuranceNumber = null,
             PendingNameChange = false,
             PendingDateOfBirthChange = false,
-            Email = null
+            Email = null,
+            Alerts = Array.Empty<AlertInfo>()
         };
 
         return new TheoryData<UserImportTestScenarioData>()
diff --git a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/UserClaimHelperTests.cs b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/UserClaimHelperTests.cs
index ce411afb2..85b88844e 100644
--- a/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/UserClaimHelperTests.cs
+++ b/dotnet-authserver/tests/TeacherIdentity.AuthServer.Tests/UserClaimHelperTests.cs
@@ -191,7 +191,8 @@ public async Task GetPublicClaims_TrnMatchPolicyStrictAndUserTrnAssociationSourc
             NationalInsuranceNumber = nino,
             PendingDateOfBirthChange = false,
             PendingNameChange = false,
-            Trn = user.Trn!
+            Trn = user.Trn!,
+            Alerts = Array.Empty<AlertInfo>()
         });
 
         using var dbContext = _dbFixture.GetDbContext();
@@ -232,7 +233,8 @@ public async Task GetPublicClaims_TrnMatchPolicyStrictAndUserTrnAssociationSourc
             NationalInsuranceNumber = nino,
             PendingDateOfBirthChange = false,
             PendingNameChange = false,
-            Trn = user.Trn!
+            Trn = user.Trn!,
+            Alerts = Array.Empty<AlertInfo>()
         });
 
         using var dbContext = _dbFixture.GetDbContext();
@@ -273,7 +275,8 @@ public async Task GetPublicClaims_TrnMatchPolicyStrictAndUserTrnAssociationSourc
             NationalInsuranceNumber = nino,
             PendingDateOfBirthChange = false,
             PendingNameChange = false,
-            Trn = user.Trn!
+            Trn = user.Trn!,
+            Alerts = Array.Empty<AlertInfo>()
         });
 
         using var dbContext = _dbFixture.GetDbContext();
@@ -316,7 +319,8 @@ public async Task GetPublicClaims_TrnMatchPolicyStrictAndUserTrnAssociationSourc
             NationalInsuranceNumber = nino,
             PendingDateOfBirthChange = false,
             PendingNameChange = false,
-            Trn = user.Trn!
+            Trn = user.Trn!,
+            Alerts = Array.Empty<AlertInfo>()
         });
 
         using var dbContext = _dbFixture.GetDbContext();
@@ -359,7 +363,8 @@ public async Task GetPublicClaims_TrnMatchPolicyStrictAndUserTrnAssociationSourc
             NationalInsuranceNumber = nino,
             PendingDateOfBirthChange = false,
             PendingNameChange = false,
-            Trn = user.Trn!
+            Trn = user.Trn!,
+            Alerts = Array.Empty<AlertInfo>()
         });
 
         using var dbContext = _dbFixture.GetDbContext();
@@ -402,7 +407,8 @@ public async Task GetPublicClaims_TrnMatchPolicyStrictAndUserTrnAssociationSourc
             NationalInsuranceNumber = nino,
             PendingDateOfBirthChange = false,
             PendingNameChange = false,
-            Trn = user.Trn!
+            Trn = user.Trn!,
+            Alerts = Array.Empty<AlertInfo>()
         });
 
         using var dbContext = _dbFixture.GetDbContext();