stellar · ziyliu · Dec 16, 2023 · Dec 4, 2023 · Dec 11, 2023 · Dec 12, 2023
diff --git a/internal/data/models.go b/internal/data/models.go
@@ -42,7 +42,7 @@ func NewModels(dbConnectionPool db.DBConnectionPool) (*Models, error) {
 		Payment:                  &PaymentModel{dbConnectionPool: dbConnectionPool},
 		Receiver:                 &ReceiverModel{},
 		DisbursementInstructions: NewDisbursementInstructionModel(dbConnectionPool),
-		ReceiverVerification:     &ReceiverVerificationModel{},
+		ReceiverVerification:     &ReceiverVerificationModel{dbConnectionPool: dbConnectionPool},
 		ReceiverWallet:           &ReceiverWalletModel{dbConnectionPool: dbConnectionPool},
 		DisbursementReceivers:    &DisbursementReceiverModel{dbConnectionPool: dbConnectionPool},
 		Message:                  &MessageModel{dbConnectionPool: dbConnectionPool},

diff --git a/internal/data/receiver_verification.go b/internal/data/receiver_verification.go
@@ -2,6 +2,8 @@ package data
 
 import (
 	"context"
+	"database/sql"
+	"errors"
 	"fmt"
 	"strings"
 	"time"
@@ -24,7 +26,9 @@ type ReceiverVerification struct {
 	FailedAt          *time.Time        `db:"failed_at"`
 }
 
-type ReceiverVerificationModel struct{}
+type ReceiverVerificationModel struct {
+	dbConnectionPool db.DBConnectionPool
+}
 
 type ReceiverVerificationInsert struct {
 	ReceiverID        string            `db:"receiver_id"`
@@ -48,7 +52,7 @@ func (rvi *ReceiverVerificationInsert) Validate() error {
 }
 
 // GetByReceiverIDsAndVerificationField returns receiver verifications by receiver IDs and verification type.
-func (m ReceiverVerificationModel) GetByReceiverIDsAndVerificationField(ctx context.Context, sqlExec db.SQLExecuter, receiverIds []string, verificationField VerificationField) ([]*ReceiverVerification, error) {
+func (m *ReceiverVerificationModel) GetByReceiverIDsAndVerificationField(ctx context.Context, sqlExec db.SQLExecuter, receiverIds []string, verificationField VerificationField) ([]*ReceiverVerification, error) {
 	receiverVerifications := []*ReceiverVerification{}
 	query := `
 		SELECT 
@@ -74,7 +78,7 @@ func (m ReceiverVerificationModel) GetByReceiverIDsAndVerificationField(ctx cont
 }
 
 // GetAllByReceiverId returns all receiver verifications by receiver id.
-func (m ReceiverVerificationModel) GetAllByReceiverId(ctx context.Context, sqlExec db.SQLExecuter, receiverId string) ([]ReceiverVerification, error) {
+func (m *ReceiverVerificationModel) GetAllByReceiverId(ctx context.Context, sqlExec db.SQLExecuter, receiverId string) ([]ReceiverVerification, error) {
 	receiverVerifications := []ReceiverVerification{}
 	query := `
 		SELECT 
@@ -91,8 +95,35 @@ func (m ReceiverVerificationModel) GetAllByReceiverId(ctx context.Context, sqlEx
 	return receiverVerifications, nil
 }
 
+// GetLatestByPhoneNumber returns the latest updated receiver verification for some receiver that is associated with a phone number.
+func (m *ReceiverVerificationModel) GetLatestByPhoneNumber(ctx context.Context, phoneNumber string) (*ReceiverVerification, error) {
+	receiverVerification := ReceiverVerification{}
+	query := `
+		SELECT 
+		    rv.*
+		FROM 
+		    receiver_verifications rv
+		JOIN receivers r ON rv.receiver_id = r.id
+		WHERE 
+		    r.phone_number = $1
+		ORDER BY
+		    rv.updated_at DESC
+		LIMIT 1
+	`
+
+	err := m.dbConnectionPool.GetContext(ctx, &receiverVerification, query, phoneNumber)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, ErrRecordNotFound
+		}
+		return nil, fmt.Errorf("fetching receiver verifications for phone number %s: %w", phoneNumber, err)
+	}
+
+	return &receiverVerification, nil
+}
+
 // Insert inserts a new receiver verification
-func (m ReceiverVerificationModel) Insert(ctx context.Context, sqlExec db.SQLExecuter, verificationInsert ReceiverVerificationInsert) (string, error) {
+func (m *ReceiverVerificationModel) Insert(ctx context.Context, sqlExec db.SQLExecuter, verificationInsert ReceiverVerificationInsert) (string, error) {
 	err := verificationInsert.Validate()
 	if err != nil {
 		return "", fmt.Errorf("error validating receiver verification insert: %w", err)
@@ -111,7 +142,6 @@ func (m ReceiverVerificationModel) Insert(ctx context.Context, sqlExec db.SQLExe
 	`
 
 	_, err = sqlExec.ExecContext(ctx, query, verificationInsert.ReceiverID, verificationInsert.VerificationField, hashedValue)
-
 	if err != nil {
 		return "", fmt.Errorf("error inserting receiver verification: %w", err)
 	}
@@ -120,7 +150,7 @@ func (m ReceiverVerificationModel) Insert(ctx context.Context, sqlExec db.SQLExe
 }
 
 // UpdateVerificationValue updates the hashed value of a receiver verification.
-func (m ReceiverVerificationModel) UpdateVerificationValue(ctx context.Context,
+func (m *ReceiverVerificationModel) UpdateVerificationValue(ctx context.Context,
 	sqlExec db.SQLExecuter,
 	receiverID string,
 	verificationField VerificationField,
@@ -148,7 +178,7 @@ func (m ReceiverVerificationModel) UpdateVerificationValue(ctx context.Context,
 }
 
 // UpdateVerificationValue updates the hashed value of a receiver verification.
-func (m ReceiverVerificationModel) UpdateReceiverVerification(ctx context.Context, receiverVerification ReceiverVerification, sqlExec db.SQLExecuter) error {
+func (m *ReceiverVerificationModel) UpdateReceiverVerification(ctx context.Context, receiverVerification ReceiverVerification, sqlExec db.SQLExecuter) error {
 	query := `
 		UPDATE 
 			receiver_verifications

diff --git a/internal/data/receiver_verification_test.go b/internal/data/receiver_verification_test.go
@@ -2,6 +2,7 @@ package data
 
 import (
 	"context"
+	"fmt"
 	"testing"
 	"time"
 
@@ -125,6 +126,63 @@ func Test_ReceiverVerificationModel_GetAllByReceiverId(t *testing.T) {
 	})
 }
 
+func Test_ReceiverVerificationModel_GetReceiverVerificationByReceiverId(t *testing.T) {
+	dbt := dbtest.Open(t)
+	defer dbt.Close()
+
+	dbConnectionPool, err := db.OpenDBConnectionPool(dbt.DSN)
+	require.NoError(t, err)
+	defer dbConnectionPool.Close()
+
+	ctx := context.Background()
+
+	receiver := CreateReceiverFixture(t, ctx, dbConnectionPool, &Receiver{
+		PhoneNumber: "+13334445555",
+	})
+
+	t.Run("returns error when the receiver has no verifications registered", func(t *testing.T) {
+		receiverVerificationModel := ReceiverVerificationModel{dbConnectionPool: dbConnectionPool}
+		_, err := receiverVerificationModel.GetLatestByPhoneNumber(ctx, receiver.PhoneNumber)
+		require.Error(t, err, fmt.Errorf("cannot query any receiver verifications for phone number %s", receiver.PhoneNumber))
+	})
+
+	t.Run("returns the latest receiver verification for a list of receiver verifications", func(t *testing.T) {
+		earlierTime := time.Date(2023, 1, 1, 0, 0, 0, 0, time.UTC)
+		verification1 := CreateReceiverVerificationFixture(t, ctx, dbConnectionPool, ReceiverVerificationInsert{
+			ReceiverID:        receiver.ID,
+			VerificationField: VerificationFieldDateOfBirth,
+			VerificationValue: "1990-01-01",
+		})
+		verification1.UpdatedAt = earlierTime
+
+		verification2 := CreateReceiverVerificationFixture(t, ctx, dbConnectionPool, ReceiverVerificationInsert{
+			ReceiverID:        receiver.ID,
+			VerificationField: VerificationFieldPin,
+			VerificationValue: "1234",
+		})
+		verification2.UpdatedAt = earlierTime
+
+		verification3 := CreateReceiverVerificationFixture(t, ctx, dbConnectionPool, ReceiverVerificationInsert{
+			ReceiverID:        receiver.ID,
+			VerificationField: VerificationFieldNationalID,
+			VerificationValue: "5678",
+		})
+
+		receiverVerificationModel := ReceiverVerificationModel{dbConnectionPool: dbConnectionPool}
+		actualVerification, err := receiverVerificationModel.GetLatestByPhoneNumber(ctx, receiver.PhoneNumber)
+		require.NoError(t, err)
+
+		assert.Equal(t,
+			ReceiverVerification{
+				ReceiverID:        receiver.ID,
+				VerificationField: VerificationFieldNationalID,
+				HashedValue:       verification3.HashedValue,
+				CreatedAt:         verification3.CreatedAt,
+				UpdatedAt:         verification3.UpdatedAt,
+			}, *actualVerification)
+	})
+}
+
 func Test_ReceiverVerificationModel_Insert(t *testing.T) {
 	dbt := dbtest.Open(t)
 	defer dbt.Close()

diff --git a/internal/htmltemplate/tmpl/receiver_register.tmpl b/internal/htmltemplate/tmpl/receiver_register.tmpl
@@ -87,7 +87,7 @@
         </div>
       </section>
 
-      <!-- Enter passcode and DOB page -->
+      <!-- Enter passcode and verification field page -->
       <section data-section="passcode" style="display: none">
         <div class="WalletRegistration__MainContent">
           <h2>Enter passcode</h2>
@@ -119,14 +119,11 @@
               />
             </div>
             <div class="Form__item">
-              <label for="verification">Date of birth</label>
+              <label for="verification"></label>
               <input
-                type="date"
                 id="verification"
-                name="verification"
                 required
               />
-            </div>
 
             <div class="g-recaptcha" data-sitekey="{{.ReCAPTCHASiteKey}}"></div>
 

diff --git a/internal/serve/httphandler/receiver_send_otp_handler.go b/internal/serve/httphandler/receiver_send_otp_handler.go
@@ -35,7 +35,8 @@ type ReceiverSendOTPRequest struct {
 }
 
 type ReceiverSendOTPResponseBody struct {
-	Message string `json:"message"`
+	Message           string                 `json:"message"`
+	VerificationField data.VerificationField `json:"verification_field"`
 }
 
 func (h ReceiverSendOTPHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -90,6 +91,12 @@ func (h ReceiverSendOTPHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
 		return
 	}
 
+	receiverVerification, err := h.Models.ReceiverVerification.GetLatestByPhoneNumber(ctx, receiverSendOTPRequest.PhoneNumber)
+	if err != nil {
+		httperror.InternalError(ctx, "Cannot find latest receiver verification for receiver", err, nil).Render(w)
+		return
+	}
+
 	// Generate a new 6 digits OTP
 	newOTP, err := utils.RandomString(6, utils.NumberBytes)
 	if err != nil {
@@ -149,7 +156,8 @@ func (h ReceiverSendOTPHandler) ServeHTTP(w http.ResponseWriter, r *http.Request
 	}
 
 	response := ReceiverSendOTPResponseBody{
-		Message: "if your phone number is registered, you'll receive an OTP",
+		Message:           "if your phone number is registered, you'll receive an OTP",
+		VerificationField: receiverVerification.VerificationField,
 	}
 	httpjson.RenderStatus(w, http.StatusOK, response, httpjson.JSON)
 }
diff --git a/internal/serve/httphandler/receiver_send_otp_handler_test.go b/internal/serve/httphandler/receiver_send_otp_handler_test.go
@@ -53,9 +53,14 @@ func Test_ReceiverSendOTPHandler_ServeHTTP(t *testing.T) {
 
 	ctx := context.Background()
 
-	receiver1 := data.CreateReceiverFixture(t, ctx, dbConnectionPool, &data.Receiver{PhoneNumber: "+380443973607"})
+	phoneNumber := "+380443973607"
+	receiver1 := data.CreateReceiverFixture(t, ctx, dbConnectionPool, &data.Receiver{PhoneNumber: phoneNumber})
 	receiver2 := data.CreateReceiverFixture(t, ctx, dbConnectionPool, &data.Receiver{})
 	wallet1 := data.CreateWalletFixture(t, ctx, dbConnectionPool, "testWallet", "https://home.page", "home.page", "wallet123://")
+	data.CreateReceiverVerificationFixture(t, ctx, dbConnectionPool, data.ReceiverVerificationInsert{
+		ReceiverID:        receiver1.ID,
+		VerificationField: data.VerificationFieldDateOfBirth,
+	})
 
 	_ = data.CreateReceiverWalletFixture(t, ctx, dbConnectionPool, receiver1.ID, wallet1.ID, data.RegisteredReceiversWalletStatus)
 	_ = data.CreateReceiverWalletFixture(t, ctx, dbConnectionPool, receiver2.ID, wallet1.ID, data.RegisteredReceiversWalletStatus)
@@ -157,7 +162,7 @@ func Test_ReceiverSendOTPHandler_ServeHTTP(t *testing.T) {
 		assert.JSONEq(t, `{"error": "request invalid", "extras": {"phone_number": "invalid phone number provided"}}`, string(respBody))
 	})
 
-	t.Run("returns 200 - Ok if the token is in the request context and body it's valid", func(t *testing.T) {
+	t.Run("returns 200 - Ok if the token is in the request context and body is valid", func(t *testing.T) {
 		reCAPTCHAValidator.
 			On("IsTokenValid", mock.Anything, "XyZ").
 			Return(true, nil).
@@ -193,7 +198,7 @@ func Test_ReceiverSendOTPHandler_ServeHTTP(t *testing.T) {
 
 		assert.Equal(t, http.StatusOK, resp.StatusCode)
 		assert.Contains(t, resp.Header.Get("Content-Type"), "/json; charset=utf-8")
-		assert.JSONEq(t, string(respBody), `{"message":"if your phone number is registered, you'll receive an OTP"}`)
+		assert.JSONEq(t, string(respBody), `{"message":"if your phone number is registered, you'll receive an OTP", "verification_field":"DATE_OF_BIRTH"}`)
 	})
 
 	t.Run("returns 200 - parses a custom OTP message template successfully", func(t *testing.T) {
@@ -237,7 +242,7 @@ func Test_ReceiverSendOTPHandler_ServeHTTP(t *testing.T) {
 
 		assert.Equal(t, http.StatusOK, resp.StatusCode)
 		assert.Contains(t, resp.Header.Get("Content-Type"), "/json; charset=utf-8")
-		assert.JSONEq(t, string(respBody), `{"message":"if your phone number is registered, you'll receive an OTP"}`)
+		assert.JSONEq(t, string(respBody), `{"message":"if your phone number is registered, you'll receive an OTP", "verification_field":"DATE_OF_BIRTH"}`)
 	})
 
 	t.Run("returns 500 - InternalServerError when something goes wrong when sending the SMS", func(t *testing.T) {
@@ -309,6 +314,46 @@ func Test_ReceiverSendOTPHandler_ServeHTTP(t *testing.T) {
 		assert.JSONEq(t, wantsBody, string(respBody))
 	})
 
+	t.Run("returns 500 - InternalServerError if phone number is not associated with receiver verification", func(t *testing.T) {
+		requestSendOTP := ReceiverSendOTPRequest{
+			PhoneNumber:    "+14152223333",
+			ReCAPTCHAToken: "XyZ",
+		}
+		reqBody, _ = json.Marshal(requestSendOTP)
+
+		reCAPTCHAValidator.
+			On("IsTokenValid", mock.Anything, "XyZ").
+			Return(true, nil).
+			Once()
+		req, err := http.NewRequest(http.MethodPost, "/wallet-registration/otp", strings.NewReader(string(reqBody)))
+		require.NoError(t, err)
+
+		validClaims := &anchorplatform.SEP24JWTClaims{
+			ClientDomainClaim: wallet1.SEP10ClientDomain,
+			RegisteredClaims: jwt.RegisteredClaims{
+				ID:        "test-transaction-id",
+				Subject:   "GBLTXF46JTCGMWFJASQLVXMMA36IPYTDCN4EN73HRXCGDCGYBZM3A444",
+				ExpiresAt: jwt.NewNumericDate(time.Now().Add(5 * time.Minute)),
+			},
+		}
+		req = req.WithContext(context.WithValue(req.Context(), anchorplatform.SEP24ClaimsContextKey, validClaims))
+
+		rr := httptest.NewRecorder()
+		r.ServeHTTP(rr, req)
+
+		resp := rr.Result()
+		respBody, err := io.ReadAll(resp.Body)
+		require.NoError(t, err)
+
+		wantsBody := `
+			{
+				"error": "Cannot find latest receiver verification for receiver"
+			}
+		`
+		assert.Equal(t, http.StatusInternalServerError, resp.StatusCode)
+		assert.JSONEq(t, wantsBody, string(respBody))
+	})
+
 	t.Run("returns 400 - BadRequest when recaptcha token is invalid", func(t *testing.T) {
 		reCAPTCHAValidator.
 			On("IsTokenValid", mock.Anything, "XyZ").

diff --git a/internal/serve/publicfiles/js/receiver_registration.js b/internal/serve/publicfiles/js/receiver_registration.js
@@ -51,9 +51,9 @@ async function sendSms(phoneNumber, reCAPTCHAToken, onSuccess, onError) {
           recaptcha_token: reCAPTCHAToken,
         }),
       });
-      await request.json();
+      const resp = await request.json();
 
-      onSuccess();
+      onSuccess(resp.verification_field);
     } catch (error) {
       onError(error);
     }
@@ -96,6 +96,8 @@ async function submitPhoneNumber(event) {
     "#g-recaptcha-response"
   );
   const buttonEls = phoneNumberSectionEl.querySelectorAll("[data-button]");
+  const verificationFieldTitle = document.querySelector("label[for='verification']");
+  const verificationFieldInput = document.querySelector("#verification");
 
   if (!reCAPTCHATokenEl || !reCAPTCHATokenEl.value) {
     toggleErrorNotification(
@@ -133,7 +135,22 @@ async function submitPhoneNumber(event) {
       return;
     }
 
-    function showNextPage() {
+    function showNextPage(verificationField) {
+      verificationFieldInput.type = "text";
+      if(verificationField === "DATE_OF_BIRTH") {
+        verificationFieldTitle.textContent = "Date of birth";
+        verificationFieldInput.name = "date_of_birth";
+        verificationFieldInput.type = "date";
+      }
+      else if(verificationField === "NATIONAL_ID_NUMBER") {
+        verificationFieldTitle.textContent = "National ID number";
+        verificationFieldInput.name = "national_id_number";
+      }
+      else if(verificationField === "PIN") {
+        verificationFieldTitle.textContent = "Pin";
+        verificationFieldInput.name = "pin";
+      }
+
       phoneNumberSectionEl.style.display = "none";
       reCAPTCHATokenEl.style.display = "none";
       passcodeSectionEl.style.display = "flex";
@@ -169,6 +186,7 @@ async function submitOtp(event) {
   );
   const otpEl = document.getElementById("otp");
   const verificationEl = document.getElementById("verification");
+  const verificationField = verificationEl.getAttribute("name");
 
   const buttonEls = passcodeSectionEl.querySelectorAll("[data-button]");
 
@@ -213,7 +231,7 @@ async function submitOtp(event) {
             phone_number: phoneNumber,
             otp: otp,
             verification: verification,
-            verification_type: "date_of_birth",
+            verification_type: verificationField,
             recaptcha_token: reCAPTCHATokenEl.value,
           }),
         });