Fix: [AEA-5833] - Correct which pages shown on invalid session check (#1747)

## Summary

- Routine Change

### Details
Resolve the incorrect pages being shown during the redirection & logout
sequence of a user whose session is no longer valid.

Previously:
Session invalid -> Remove role state -> Caused select your role page to
render with 401 error -> Redirect to no roles available -> You've been
logged out

Now:
Session invalid -> No page drawn until awaited logout sequence completes
-> You've been logged out

---------

Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com>

Author: connoravo-nhs

packages/cpt-ui/__tests__/AccessProvider.updateTrackerUserInfo.test.tsx

@@ -0,0 +1,172 @@
+import React, {useContext} from "react"
+import {render, waitFor, act} from "@testing-library/react"
+import {MemoryRouter} from "react-router-dom"
+
+import {AuthContext, AuthProvider} from "@/context/AuthProvider"
+import {getTrackerUserInfo} from "@/helpers/userInfo"
+
+// Mock the external dependencies that AuthProvider needs
+jest.mock("aws-amplify", () => ({
+  Amplify: {
+    configure: jest.fn()
+  }
+}))
+
+jest.mock("aws-amplify/auth", () => ({
+  signInWithRedirect: jest.fn(),
+  signOut: jest.fn()
+}))
+
+jest.mock("aws-amplify/utils", () => ({
+  Hub: {
+    listen: jest.fn(() => () => {}) // Return unsubscribe function
+  }
+}))
+
+jest.mock("@/helpers/userInfo", () => ({
+  getTrackerUserInfo: jest.fn(),
+  updateRemoteSelectedRole: jest.fn()
+}))
+
+jest.mock("@/constants/environment", () => ({
+  PUBLIC_PATHS: ["/login"],
+  FRONTEND_PATHS: {
+    LOGIN: "/login"
+  },
+  API_ENDPOINTS: {
+    CIS2_SIGNOUT_ENDPOINT: "/api/cis2-signout"
+  },
+  AUTH_CONFIG: {
+    USER_POOL_ID: "mock-pool-id",
+    USER_POOL_CLIENT_ID: "mock-client-id",
+    HOSTED_LOGIN_DOMAIN: "mock-domain",
+    REDIRECT_SIGN_IN: "mock-signin",
+    REDIRECT_SIGN_OUT: "mock-signout"
+  },
+  APP_CONFIG: {
+    REACT_LOG_LEVEL: "info"
+  }
+}))
+
+jest.mock("@/helpers/logger", () => ({
+  logger: {
+    debug: jest.fn(),
+    info: jest.fn(),
+    error: jest.fn()
+  }
+}))
+
+describe("updateTrackerUserInfo", () => {
+  beforeEach(() => {
+    jest.clearAllMocks()
+    // Mock localStorage
+    Storage.prototype.getItem = jest.fn(() => null)
+    Storage.prototype.setItem = jest.fn()
+  })
+
+  it("does not update role/user state if there is an error", async () => {
+    const testObject = {
+      error: "Some error",
+      rolesWithAccess: [{name: "Role1"}],
+      rolesWithoutAccess: [{name: "Role2"}],
+      selectedRole: {name: "Role1"},
+      userDetails: {username: "testuser"},
+      isConcurrentSession: false,
+      sessionId: "session123",
+      invalidSessionCause: undefined
+    }
+
+    // Mock getTrackerUserInfo to return an error response
+    ;(getTrackerUserInfo as jest.Mock).mockResolvedValue(testObject)
+
+    // Create a test component that captures the context value
+    let contextValue: typeof AuthContext extends React.Context<infer T> ? T : never
+
+    const TestComponent = () => {
+      contextValue = useContext(AuthContext)
+      return null
+    }
+
+    // Act: Render the provider with our test component
+    await act(async () => {
+      render(
+        <MemoryRouter>
+          <AuthProvider>
+            <TestComponent />
+          </AuthProvider>
+        </MemoryRouter>
+      )
+    })
+
+    // Call the function we're testing
+    await act(async () => {
+      await contextValue!.updateTrackerUserInfo()
+    })
+
+    // Assert: Verify that role/user details were NOT set (because of error)
+    await waitFor(() => {
+      expect(contextValue!.rolesWithAccess).toEqual([])
+      expect(contextValue!.rolesWithoutAccess).toEqual([])
+      expect(contextValue!.selectedRole).toBeUndefined()
+      expect(contextValue!.userDetails).toBeUndefined()
+    })
+
+    // Assert: Verify that session info WAS set (even with error)
+    await waitFor(() => {
+      expect(contextValue!.isConcurrentSession).toBe(testObject.isConcurrentSession)
+      expect(contextValue!.sessionId).toBe(testObject.sessionId)
+      expect(contextValue!.error).toBe(testObject.error)
+      expect(contextValue!.invalidSessionCause).toBe(testObject.invalidSessionCause)
+    })
+  })
+
+  it("updates all state when there is no error", async () => {
+    // Arrange: Set up test data WITHOUT an error
+    const testObject = {
+      error: null,
+      rolesWithAccess: [{name: "Role1"}],
+      rolesWithoutAccess: [{name: "Role2"}],
+      selectedRole: {name: "Role1"},
+      userDetails: {username: "testuser"},
+      isConcurrentSession: true,
+      sessionId: "session456",
+      invalidSessionCause: undefined
+    }
+
+    ;(getTrackerUserInfo as jest.Mock).mockResolvedValue(testObject)
+
+    let contextValue: typeof AuthContext extends React.Context<infer T> ? T : never
+
+    const TestComponent = () => {
+      contextValue = useContext(AuthContext)
+      return null
+    }
+
+    // Act
+    await act(async () => {
+      render(
+        <MemoryRouter>
+          <AuthProvider>
+            <TestComponent />
+          </AuthProvider>
+        </MemoryRouter>
+      )
+    })
+
+    await act(async () => {
+      await contextValue!.updateTrackerUserInfo()
+    })
+
+    // Assert: ALL state should be set when there's no error
+    await waitFor(() => {
+      expect(contextValue!.rolesWithAccess).toEqual(testObject.rolesWithAccess)
+      expect(contextValue!.rolesWithoutAccess).toEqual(testObject.rolesWithoutAccess)
+      expect(contextValue!.selectedRole).toEqual(testObject.selectedRole)
+      expect(contextValue!.userDetails).toEqual(testObject.userDetails)
+      expect(contextValue!.isConcurrentSession).toBe(testObject.isConcurrentSession)
+      expect(contextValue!.sessionId).toBe(testObject.sessionId)
+      expect(contextValue!.error).toBe(testObject.error)
+      expect(contextValue!.invalidSessionCause).toBe(testObject.invalidSessionCause)
+    })
+  })
+})

packages/cpt-ui/src/context/AccessProvider.tsx

@@ -61,6 +61,7 @@ export const AccessProvider = ({children}: { children: ReactNode }) => {
     }
 
     const loggedOut = !auth.isSignedIn && !auth.isSigningOut
+    const loggingOut = auth.isSignedIn && auth.isSigningOut
     const concurrent = auth.isSignedIn && auth.isConcurrentSession
     const noRole = auth.isSignedIn && !auth.isSigningIn && !auth.selectedRole
     const authedAtRoot = auth.isSignedIn && !!auth.selectedRole && atRoot
@@ -78,7 +79,7 @@ export const AccessProvider = ({children}: { children: ReactNode }) => {
       return redirect(FRONTEND_PATHS.SESSION_SELECTION, "Concurrent session found - redirecting to session selection")
     }
 
-    if (noRole && (!inNoRoleAllowed || atRoot)) {
+    if (!loggingOut && noRole && (!inNoRoleAllowed || atRoot)) {
       return redirect(FRONTEND_PATHS.SELECT_YOUR_ROLE, `No selected role - Redirecting from ${path}`)
     }
 

packages/cpt-ui/src/context/AuthProvider.tsx

@@ -91,14 +91,16 @@ export const AuthProvider = ({children}: { children: React.ReactNode }) => {
 
   const updateTrackerUserInfo = async () => {
     const trackerUserInfo = await getTrackerUserInfo()
-    setRolesWithAccess(trackerUserInfo.rolesWithAccess)
-    setRolesWithoutAccess(trackerUserInfo.rolesWithoutAccess)
-    setSelectedRole(trackerUserInfo.selectedRole)
-    setUserDetails(trackerUserInfo.userDetails)
-    setError(trackerUserInfo.error)
+    if (!trackerUserInfo.error) {
+      setRolesWithAccess(trackerUserInfo.rolesWithAccess)
+      setRolesWithoutAccess(trackerUserInfo.rolesWithoutAccess)
+      setSelectedRole(trackerUserInfo.selectedRole)
+      setUserDetails(trackerUserInfo.userDetails)
+    }
     setIsConcurrentSession(trackerUserInfo.isConcurrentSession)
-    setInvalidSessionCause(trackerUserInfo.invalidSessionCause)
     setSessionId(trackerUserInfo.sessionId)
+    setError(trackerUserInfo.error)
+    setInvalidSessionCause(trackerUserInfo.invalidSessionCause)
     return trackerUserInfo
   }