feat(mon-pix): prevent OIDC authentication replay errors when doing history back and reload

i.e. 400 BadRequestError 'Required "state" is missing in session'

This is when the user is already authenticated with the same OIDC Provider and
performs a reload of the /connexion/:identity_provider_slug URL.

Author: lego-technix

Diff for: mon-pix/app/routes/authentication/login-oidc.js

@@ -28,10 +28,20 @@ export default class LoginOidcRoute extends Route {
       throw error;
     }
 
+    const identityProviderSlug = transition.to.params.identity_provider_slug.toString();
+
+    // Preventing OIDC authentication replay errors when doing history back and reload
+    // when the user is already authenticated with the same OIDC Provider.
+    if (this.session.isAuthenticated) {
+      const identityProvider = this.oidcIdentityProviders[identityProviderSlug];
+      if (identityProvider.code == this.session.data.identityProviderCode) {
+        return this.router.replaceWith('authenticated');
+      }
+    }
+
     if (!queryParams.code) {
       this._cleanSession();
 
-      const identityProviderSlug = transition.to.params.identity_provider_slug.toString();
       if (this.oidcIdentityProviders.isProviderEnabled(identityProviderSlug)) {
         return this._handleRedirectRequest(identityProviderSlug);
       }

Diff for: mon-pix/tests/unit/routes/authentication/login-oidc-test.js

@@ -6,6 +6,7 @@ import { ApplicationError } from 'mon-pix/errors/application-error';
 import { module, test } from 'qunit';
 import sinon from 'sinon';
 
+import { stubSessionService } from '../../../helpers/service-stubs';
 import setupIntl from '../../../helpers/setup-intl';
 
 module('Unit | Route | login-oidc', function (hooks) {
@@ -36,6 +37,37 @@ module('Unit | Route | login-oidc', function (hooks) {
       });
     });
 
+    module('when the user is already authenticated', function () {
+      test('redirects the user to the authenticated route', async function (assert) {
+        // given
+        const someOidcPartner = {
+          id: 'some-oidc-provider',
+          code: 'SOME_OIDC_PARTNER',
+        };
+        class OidcIdentityProvidersStub extends Service {
+          'some-oidc-provider' = someOidcPartner;
+          list = [someOidcPartner];
+          isProviderEnabled = (identityProviderSlug) => {
+            return Boolean(identityProviderSlug == 'some-oidc-provider');
+          };
+        }
+        this.owner.register('service:oidcIdentityProviders', OidcIdentityProvidersStub);
+
+        const route = this.owner.lookup('route:authentication/login-oidc');
+        const replaceWithStub = sinon.stub();
+        route.router = {
+          replaceWith: replaceWithStub,
+        };
+        stubSessionService(this.owner, { isAuthenticated: true, identityProviderCode: 'SOME_OIDC_PARTNER' });
+
+        // when
+        await route.beforeModel({ to: { queryParams: {}, params: { identity_provider_slug: 'some-oidc-provider' } } });
+
+        // then
+        assert.ok(replaceWithStub.calledWith('authenticated'));
+      });
+    });
+
     module('when no code exists in queryParams', function (hooks) {
       hooks.beforeEach(function () {
         sinon.stub(fetch, 'default').resolves({