Merge pull request #20052 from mozilla/fix-recovery-phone-available

vbudhram · web-flow · commit 9172ae7165b0 · 2026-02-12T15:17:25.000-05:00
Use RecoveryPhoneService.available in /account endpoint
diff --git a/packages/fxa-auth-server/lib/routes/account.ts b/packages/fxa-auth-server/lib/routes/account.ts
@@ -2335,6 +2335,7 @@ export class AccountHandler {
       backupCodesResult,
       recoveryKeyResult,
       recoveryPhoneResult,
+      recoveryPhoneAvailableResult,
       securityEventsResult,
       devicesResult,
       authorizedClientsResult,
@@ -2346,13 +2347,17 @@ export class AccountHandler {
       Container.get(BackupCodeManager).getCountForUserId(uid),
       this.db.getRecoveryKeyRecordWithHint(uid),
       Container.get(RecoveryPhoneService).hasConfirmed(uid),
+      request.app.geo?.location?.countryCode
+        ? Container.get(RecoveryPhoneService).available(uid, request.app.geo.location.countryCode)
+        : Promise.resolve(false),
       this.db.securityEventsByUid({ uid }),
       this.db.devices(uid),
       listAuthorizedClients(uid),
     ]);
 
-    // Check if recovery phone feature is enabled globally (region check requires geo context)
-    const recoveryPhoneAvailable = this.config.recoveryPhone?.enabled ?? false;
+    const recoveryPhoneAvailable = recoveryPhoneAvailableResult.status === 'fulfilled'
+      ? recoveryPhoneAvailableResult.value
+      : false;
 
     // Account record is required
     if (accountRecord.status === 'rejected') {
diff --git a/packages/fxa-auth-server/test/local/routes/account.js b/packages/fxa-auth-server/test/local/routes/account.js
@@ -44,6 +44,7 @@ const {
 } = require('../../../lib/senders/oauth_client_info');
 
 const { FxaMailer } = require('../../../lib/senders/fxa-mailer');
+const { RecoveryPhoneService } = require('@fxa/accounts/recovery-phone');
 
 const glean = mocks.mockGlean();
 const profile = mocks.mockProfile();
@@ -5159,6 +5160,84 @@ describe('/account', () => {
       });
     });
   });
+
+  describe('recoveryPhone.available', () => {
+    function buildRouteWithRecoveryPhone(recoveryPhoneConfig) {
+      const accountRoutes = makeRoutes({
+        config: {
+          subscriptions: { enabled: false },
+          recoveryPhone: recoveryPhoneConfig,
+        },
+        log,
+        db: mocks.mockDB({ email, uid }),
+        stripeHelper: mockStripeHelper,
+      });
+      return getRoute(accountRoutes, '/account');
+    }
+
+    it('should pass geo countryCode to the service', () => {
+      const mockService = {
+        hasConfirmed: sinon.fake.resolves({ exists: false, phoneNumber: null }),
+        available: sinon.fake.resolves(true),
+      };
+      Container.set(RecoveryPhoneService, mockService);
+      const route = buildRouteWithRecoveryPhone({
+        enabled: true,
+        allowedRegions: ['US'],
+      });
+      return runTest(route, request, (result) => {
+        assert.equal(mockService.available.firstCall.args[1], 'US');
+        assert.equal(result.recoveryPhone.available, true);
+      });
+    });
+
+    it('should return available false when service returns false', () => {
+      Container.set(RecoveryPhoneService, {
+        hasConfirmed: sinon.fake.resolves({ exists: false, phoneNumber: null }),
+        available: sinon.fake.resolves(false),
+      });
+      const route = buildRouteWithRecoveryPhone({
+        enabled: true,
+        allowedRegions: ['US'],
+      });
+      return runTest(route, request, (result) => {
+        assert.equal(result.recoveryPhone.available, false);
+      });
+    });
+
+    it('should return available false when service call fails', () => {
+      Container.set(RecoveryPhoneService, {
+        hasConfirmed: sinon.fake.resolves({ exists: false, phoneNumber: null }),
+        available: sinon.fake.rejects(new Error('service error')),
+      });
+      const route = buildRouteWithRecoveryPhone({
+        enabled: true,
+        allowedRegions: ['US'],
+      });
+      return runTest(route, request, (result) => {
+        assert.equal(result.recoveryPhone.available, false);
+      });
+    });
+
+    it('should return available false when geo location cannot be parsed', () => {
+      Container.set(RecoveryPhoneService, {
+        hasConfirmed: sinon.fake.resolves({ exists: false, phoneNumber: null }),
+        available: sinon.fake.resolves(false),
+      });
+      const noGeoRequest = mocks.mockRequest({
+        credentials: { uid, email },
+        log,
+        geo: {},
+      });
+      const route = buildRouteWithRecoveryPhone({
+        enabled: true,
+        allowedRegions: ['US'],
+      });
+      return runTest(route, noGeoRequest, (result) => {
+        assert.equal(result.recoveryPhone.available, false);
+      });
+    });
+  });
 });
 
 describe('/account/email_bounce_status', () => {
