Skip to content
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
cf15c61
interstitial
mdiarra3 Mar 20, 2024
b0b470a
add routes and migration
mdiarra3 Mar 21, 2024
49f9501
changelog: User-Facing Improvements, PIV/CAC, Add Piv interstitial pa…
mdiarra3 Mar 21, 2024
f3b53d7
possible piv user
mdiarra3 Mar 21, 2024
d0e660e
Merge remote-tracking branch 'origin' into LG-12609-piv-interstitial-…
mdiarra3 Mar 21, 2024
fc237df
possible piv user
mdiarra3 Mar 21, 2024
bdc91f4
possible piv user built
mdiarra3 Mar 22, 2024
f430663
rename controller to something more cohesive, add spec for controller
mdiarra3 Mar 22, 2024
3a9865d
rubocop fixes
mdiarra3 Mar 22, 2024
1af7c19
concern for pivcac
mdiarra3 Mar 22, 2024
47cd734
MFA setup redirect to piv for proper emails
mdiarra3 Mar 25, 2024
222921e
piv cac
mdiarra3 Mar 25, 2024
e94c8f5
Merge remote-tracking branch 'origin/main' into LG-12609-piv-intersti…
mdiarra3 Mar 25, 2024
8fe6af8
Add piv cac recommended presenter and data
mdiarra3 Mar 26, 2024
2c4bf1e
update translations
mdiarra3 Mar 26, 2024
c681547
add spec and stub piv cac
mdiarra3 Mar 26, 2024
1532046
piv cac recommended show
mdiarra3 Mar 26, 2024
0788dbf
refactor mfa selection concern
mdiarra3 Mar 26, 2024
4512e24
User-Facing Improvements, Piv/Cac, add Migration to add piv visited a…
mdiarra3 Mar 26, 2024
962a3b9
update schema
mdiarra3 Mar 26, 2024
13146a6
put back pgcrypto
mdiarra3 Mar 26, 2024
1fa72f9
rubocop and analytic events
mdiarra3 Mar 26, 2024
d234f0b
changelog: User-Facing Improvements, PIV/CAC, Piv Migration for added…
mdiarra3 Mar 27, 2024
9dd3665
update schema and change to dismissed at
mdiarra3 Mar 27, 2024
762d863
remove unneeded migration
mdiarra3 Mar 27, 2024
723e9ed
fix schema
mdiarra3 Mar 27, 2024
6bbce2c
Merge remote-tracking branch 'origin/LG-12609-piv-migration' into LG-…
mdiarra3 Mar 27, 2024
d1690ea
address comments, piv cac recommended controller fix and reorder anal…
mdiarra3 Mar 27, 2024
a985060
change method name to be clearer
mdiarra3 Mar 27, 2024
023ac7b
change back to confirmation check
mdiarra3 Mar 27, 2024
48276b1
rubocop fix
mdiarra3 Mar 27, 2024
2613260
rubocop and mfa concern
mdiarra3 Mar 27, 2024
68fe595
Merge remote-tracking branch 'origin/main' into LG-12609-piv-intersti…
mdiarra3 Apr 3, 2024
8d05c25
address comments, delete obsolete migration
mdiarra3 Apr 3, 2024
a137b30
make sure to check controller for proper redirecting
mdiarra3 Apr 3, 2024
42456ba
make unstyled
mdiarra3 Apr 3, 2024
2325057
rubocop and fix method
mdiarra3 Apr 3, 2024
11bc57e
Merge remote-tracking branch 'origin/main' into LG-12609-piv-intersti…
mdiarra3 Apr 5, 2024
dd40dc0
commit option
mdiarra3 Apr 5, 2024
7da27a5
remove unneeded schema change
mdiarra3 Apr 5, 2024
55ab8ac
address comments
mdiarra3 Apr 5, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion app/controllers/concerns/piv_cac_concern.rb
Original file line number Diff line number Diff line change
Expand Up @@ -44,4 +44,4 @@ def piv_cac_setup_csp_form_action_uris
end
[piv_cac_uri] + csp_uris
end
end
end
44 changes: 44 additions & 0 deletions app/controllers/users/possible_piv_user_controller.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
module Users
class PossiblePivUserController < ApplicationController
include TwoFactorAuthenticatableMethods
include MfaSetupConcern
include SecureHeadersConcern
include ReauthenticationRequiredConcern

before_action :authenticate_user!
before_action :confirm_user_authenticated_for_2fa_setup
before_action :apply_secure_headers_override
before_action :user_email_is_gov_or_mil?

helper_method :in_multi_mfa_selection_flow?

def show
@email_type = email_type
analytics.gov_or_mil_email_detected_visited
end

def confirm
UpdateUser.new(user: current_user, attributes: { piv_cac_recommended_dismissed: true }).call
user_session[:mfa_selections] = ['piv_cac']
redirect_to confirmation_path(user_session[:mfa_selections].first)
end


private

def user_email_is_gov_or_mil?
redirect_to after_sign_in_path_for(current_user) unless current_user.has_gov_or_mil_email?
end

def email_type
address = current_user.confirmed_email_addresses.select {|address| address.gov_or_mil? }
case address.first.email.end_with?('.gov')
when true
'.gov'
else
'.mil'
end
end
end
end

Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,11 @@ module Users
class TwoFactorAuthenticationSetupController < ApplicationController
include UserAuthenticator
include MfaSetupConcern
include PivCacConcern
Comment thread
mdiarra3 marked this conversation as resolved.
Outdated

before_action :authenticate_user
before_action :confirm_user_authenticated_for_2fa_setup
before_action :check_if_possible_piv_user

delegate :enabled_mfa_methods_count, to: :mfa_context

Expand Down Expand Up @@ -84,5 +86,11 @@ def two_factor_options_form_params
rescue ActionController::ParameterMissing
ActionController::Parameters.new(selection: [])
end

def check_if_possible_piv_user
if current_user.has_gov_or_mil_email? && !current_user.piv_cac_recommended_dismissed
redirect_to login_possible_piv_user_path
end
end
end
end
4 changes: 4 additions & 0 deletions app/models/email_address.rb
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ def email=(email)
self.email_fingerprint = email.present? ? encrypted_attributes[:email].fingerprint : ''
end

def gov_or_mil?
self.email.end_with?('.gov', '.mil')
end

def confirmed?
confirmed_at.present?
end
Expand Down
4 changes: 4 additions & 0 deletions app/models/user.rb
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,10 @@ def confirmed?
email_addresses.where.not(confirmed_at: nil).any?
end

def has_gov_or_mil_email?
confirmed_email_addresses.any?(&:gov_or_mil?)
end

def accepted_rules_of_use_still_valid?
if self.accepted_terms_at.present?
self.accepted_terms_at > IdentityConfig.store.rules_of_use_updated_at &&
Expand Down
4 changes: 4 additions & 0 deletions app/presenters/two_factor_options_presenter.rb
Original file line number Diff line number Diff line change
Expand Up @@ -118,4 +118,8 @@ def mfa_policy
def user_has_dismissed_second_mfa_reminder?
user.second_mfa_reminder_dismissed_at.present?
end

def user_has_gov_or_mil_email?
user.confirmed_email_addresses.any?(&:gov_or_mil?)
Comment thread
aduth marked this conversation as resolved.
Outdated
end
end
4 changes: 4 additions & 0 deletions app/services/analytics_events.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3986,6 +3986,10 @@ def personal_key_reactivation_visited
track_event('Personal key reactivation: Personal key form visited')
end

def gov_or_mil_email_detected_visited
track_event('gov_or_mil_email_detected_visited')
end

# @param [Boolean] personal_key_present if personal key is present
# Personal key viewed
def personal_key_viewed(personal_key_present:, **extra)
Expand Down
28 changes: 28 additions & 0 deletions app/views/users/possible_piv_user/show.html.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
<% self.title = t('titles.piv_cac_setup.upsell') %>

<%= render AlertIconComponent.new(icon_name: :info_question) %>

<%= render PageHeadingComponent.new.with_content(t('titles.piv_cac_setup.upsell')) %>

<p>
<%= t('two_factor_authentication.piv_cac_upsell.info', email_type: @email_type) %>
</p>

<%= render ButtonComponent.new(
action: ->(**tag_options, &block) do
button_to(
login_add_piv_for_user_path,
**tag_options,
&block
)
end,
big: true,
class: 'margin-bottom-2',
).with_content(t('two_factor_authentication.piv_cac_upsell.add_piv')) %>

<% if MfaPolicy.new(current_user).two_factor_enabled? %>
<%= link_to t('links.cancel'), account_path %>
<% else %>
<%= link_to t('two_factor_authentication.piv_cac_upsell.choose_other_method'), authentication_methods_setup_path %>
<% end %>

1 change: 1 addition & 0 deletions config/locales/titles/en.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ en:
new: Use your PIV/CAC to sign in to your account
piv_cac_setup:
new: Use your PIV/CAC card to secure your account
upsell: Enhance your account security with a government employee ID
present_piv_cac: Present your PIV/CAC
present_webauthn: Connect your hardware security key
reactivate_account: Reactivate your account
Expand Down
6 changes: 6 additions & 0 deletions config/locales/two_factor_authentication/en.yml
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,12 @@ en:
nickname: Nickname
renamed: Successfully renamed your PIV/CAC method
piv_cac_header_text: Present your PIV/CAC
piv_cac_upsell:
add_piv: Add PIV/CAC card
choose_other_method: Choose other methods instead
info: Because you are using a %{email_type} email, we recommend you add your government
employee ID as one of your authentication methods. This adds another
layer of security to your account.
please_try_again_html: Please try again in <strong>%{countdown}</strong>.
read_about_two_factor_authentication: Read about two-factor authentication
recaptcha:
Expand Down
2 changes: 2 additions & 0 deletions config/routes.rb
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,8 @@
post 'login/add_piv_cac/prompt' => 'users/piv_cac_setup_from_sign_in#decline'
get 'login/add_piv_cac/success' => 'users/piv_cac_setup_from_sign_in#success'
post 'login/add_piv_cac/success' => 'users/piv_cac_setup_from_sign_in#next'
get 'login/possible_piv_user' => 'users/possible_piv_user#show'
post 'login/add_piv_for_user' => 'users/possible_piv_user#confirm'
end

if IdentityConfig.store.enable_test_routes
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
class AddPivcacNoticeOnUser < ActiveRecord::Migration[7.1]
def change
add_column :users, :piv_cac_recommended_dismissed, :boolean, default: false
end
end
5 changes: 3 additions & 2 deletions db/schema.rb
Comment thread
mdiarra3 marked this conversation as resolved.
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.

ActiveRecord::Schema[7.1].define(version: 2024_02_16_184124) do
ActiveRecord::Schema[7.1].define(version: 2024_03_21_121322) do
# These are extensions that must be enabled in order to support this database
enable_extension "citext"
enable_extension "pg_stat_statements"
Expand Down Expand Up @@ -612,6 +612,7 @@
t.string "encrypted_password_digest_multi_region"
t.string "encrypted_recovery_code_digest_multi_region"
t.datetime "second_mfa_reminder_dismissed_at"
t.boolean "piv_cac_recommended_dismissed", default: false
Comment thread
mdiarra3 marked this conversation as resolved.
Outdated
t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
t.index ["uuid"], name: "index_users_on_uuid", unique: true
end
Expand Down Expand Up @@ -653,7 +654,7 @@
add_foreign_key "iaa_gtcs", "partner_accounts"
add_foreign_key "iaa_orders", "iaa_gtcs"
add_foreign_key "in_person_enrollments", "profiles"
add_foreign_key "in_person_enrollments", "service_providers", column: "issuer", primary_key: "issuer"
add_foreign_key "in_person_enrollments", "service_providers", column: "issuer", primary_key: "issuer", validate: false
add_foreign_key "in_person_enrollments", "users"
add_foreign_key "integration_usages", "iaa_orders"
add_foreign_key "integration_usages", "integrations"
Expand Down