From d043608bb8bad8dac094e9659ef049d912edd5a0 Mon Sep 17 00:00:00 2001 From: Andrew Duthie Date: Wed, 13 Mar 2024 09:31:31 -0400 Subject: [PATCH] Clean PIV session detail after deletion changelog: Bug Fixes, PIV/CAC, Consistently clear PIV session detail after deletion --- app/controllers/users/piv_cac_controller.rb | 2 ++ spec/controllers/users/piv_cac_controller_spec.rb | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/app/controllers/users/piv_cac_controller.rb b/app/controllers/users/piv_cac_controller.rb index a675022ee94..e5905967232 100644 --- a/app/controllers/users/piv_cac_controller.rb +++ b/app/controllers/users/piv_cac_controller.rb @@ -1,6 +1,7 @@ module Users class PivCacController < ApplicationController include ReauthenticationRequiredConcern + include PivCacConcern before_action :confirm_two_factor_authenticated before_action :confirm_recently_authenticated_2fa @@ -33,6 +34,7 @@ def destroy create_user_event(:piv_cac_disabled) revoke_remember_device(current_user) deliver_push_notification + clear_piv_cac_information flash[:success] = presenter.delete_success_alert_text redirect_to account_path diff --git a/spec/controllers/users/piv_cac_controller_spec.rb b/spec/controllers/users/piv_cac_controller_spec.rb index f407d211e1f..3b929b2e852 100644 --- a/spec/controllers/users/piv_cac_controller_spec.rb +++ b/spec/controllers/users/piv_cac_controller_spec.rb @@ -139,6 +139,12 @@ expect(flash[:success]).to eq(presenter.delete_success_alert_text) end + it 'removes the piv/cac information from the user session' do + controller.user_session[:decrypted_x509] = {} + response + expect(controller.user_session[:decrypted_x509]).to be_nil + end + it 'logs the submission attempt' do response