fix idx recoverpassword flow - OKTA-452787

[shuowu-okta]

• Fixes recoverPassword flow when org policy is set as identifier first by auto selecting password authenticator and triggering currentAuthenticatorEnrollment-recover action.
• Removes flow monitor classes: once values for each remediation can be properly handled/removed, the flowMonitor logic won't be needed any more.
• Adds unit tests for idx.recoverPassword to cover id first scenario.
• Updates cucumber tests to better protect recover password flow.
• Adds bacon task to run cucumber tests against id-first org.

[codecov-commenter]

Codecov Report

Merging #1032 (9d1c49e) into master (65a0ba0) will decrease coverage by 0.29%.
The diff coverage is 93.75%.

@@            Coverage Diff             @@
##           master    #1032      +/-   ##
==========================================
- Coverage   92.83%   92.54%   -0.30%     
==========================================
  Files         138      134       -4     
  Lines        3770     3675      -95     
  Branches      784      754      -30     
==========================================
- Hits         3500     3401      -99     
- Misses        270      274       +4     

Impacted Files	Coverage Δ
lib/idx/flow/index.ts	100.00% <ø> (ø)
lib/idx/remediators/Identify.ts	100.00% <ø> (+13.04%)	⬆️
lib/idx/run.ts	97.43% <ø> (-0.10%)	⬇️
lib/idx/cancel.ts	50.00% <33.33%> (-16.67%)	⬇️
lib/idx/remediate.ts	94.94% <88.88%> (+1.08%)	⬆️
lib/idx/remediators/Base/Remediator.ts	82.17% <95.65%> (-10.13%)	⬇️
lib/idx/remediators/Base/AuthenticatorData.ts	97.82% <96.29%> (+2.82%)	⬆️
lib/idx/flow/FlowSpecification.ts	100.00% <100.00%> (ø)
lib/idx/remediators/AuthenticatorEnrollmentData.ts	100.00% <100.00%> (ø)
...b/idx/remediators/AuthenticatorVerificationData.ts	88.23% <100.00%> (-11.77%)	⬇️
... and 8 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 65a0ba0...9d1c49e. Read the comment docs.

[jaredperreault-okta]

how would we filter out remediations that are valid within the idxResponse, but don't match the desired flow?

I had to do this for idx.unlockAccount, when remediations were:

0. identify
1. select-enroll-profile
2. unlock-account

If I called idx.unlockAccount({username: 'foo', authenticator: '...'}), auth-js would attempt to auto-remediate /identify, because username was present. To prevent this, I added:

  isRemediatorCandidate(remediator, remediations?, values?) {
    const prevRemediatorName = this.previousRemediator?.getName();
    const remediatorName = remediator.getName();

    // required to prevent /identify from auto-remediating when 'username' passed
    if (remediatorName === 'identify' && !prevRemediatorName) {
      return false;
    }
....

https://github.com/okta/okta-auth-js/pull/1030/files#diff-f90ddef32a0b8883f13e83cb687f25669055748ac81a9b5355319dbf5475ca9cR21

[oleksandrpravosudko-okta]

I was hoping to use isRemediatorCandidate() check for picking next remediation after polling:

- enroll-poll
- select-enrollment-channel <-

Is there a suggested way to pick non-first remediation from the list?

[jaredperreault-okta]

remove this?

[shuowu]

It's in test app for debugging purpose, I added it on purpose, but in the future we can add some logging logic for idx flow, and hide it behind the devMode flag.

[aarongranick-okta]

lgtm