diff --git a/app/controllers/redirect/policy_controller.rb b/app/controllers/redirect/policy_controller.rb
index 6f7c47adfef..ee8113ef7e7 100644
--- a/app/controllers/redirect/policy_controller.rb
+++ b/app/controllers/redirect/policy_controller.rb
@@ -3,10 +3,18 @@
module Redirect
class PolicyController < RedirectController
def show
- redirect_to_and_log(
- MarketingSite.security_and_privacy_practices_url,
- tracker_method: analytics.method(:policy_redirect),
- )
+ redirect_to_and_log(policy_url, tracker_method: analytics.method(:policy_redirect))
+ end
+
+ private
+
+ def policy_url
+ case params[:policy]
+ when 'privacy_act_statement'
+ MarketingSite.privacy_act_statement_url
+ else
+ MarketingSite.security_and_privacy_practices_url
+ end
end
end
end
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb
index 0013f1d7ed5..931a5b88e35 100644
--- a/app/views/devise/sessions/new.html.erb
+++ b/app/views/devise/sessions/new.html.erb
@@ -77,7 +77,11 @@
<%= new_tab_link_to(
t('notices.privacy.security_and_privacy_practices'),
- MarketingSite.security_and_privacy_practices_url,
+ policy_redirect_url(
+ policy: :security_and_privacy_practices,
+ flow: :sign_in,
+ step: :sign_in,
+ ),
) %>
diff --git a/app/views/idv/agreement/show.html.erb b/app/views/idv/agreement/show.html.erb
index 0171f613809..3f418bb277e 100644
--- a/app/views/idv/agreement/show.html.erb
+++ b/app/views/idv/agreement/show.html.erb
@@ -35,7 +35,12 @@
<%= new_tab_link_to(
t('doc_auth.instructions.learn_more'),
- policy_redirect_url(flow: :idv, step: :agreement, location: :consent),
+ policy_redirect_url(
+ policy: :security_and_privacy_practices,
+ flow: :idv,
+ step: :agreement,
+ location: :consent,
+ ),
) %>
diff --git a/spec/controllers/redirect/policy_controller_spec.rb b/spec/controllers/redirect/policy_controller_spec.rb
index 3a6256b8025..818e5d07bed 100644
--- a/spec/controllers/redirect/policy_controller_spec.rb
+++ b/spec/controllers/redirect/policy_controller_spec.rb
@@ -7,7 +7,8 @@
describe '#show' do
let(:location_params) { { flow: 'flow', step: 'step', location: 'location', foo: 'bar' } }
- it 'redirects to policy page' do
+
+ it 'redirects to security and privacy practices policy page' do
redirect_url = MarketingSite.security_and_privacy_practices_url
get :show, params: location_params
@@ -21,5 +22,43 @@
step: 'step',
)
end
+
+ context 'with security_and_privacy_practices policy parameter' do
+ let(:params) { location_params.merge(policy: :security_and_privacy_practices) }
+
+ it 'redirects to security and privacy practices policy page' do
+ redirect_url = MarketingSite.security_and_privacy_practices_url
+
+ get :show, params: location_params
+
+ expect(response).to redirect_to redirect_url
+ expect(@analytics).to have_logged_event(
+ 'Policy Page Redirect',
+ flow: 'flow',
+ location: 'location',
+ redirect_url: redirect_url,
+ step: 'step',
+ )
+ end
+ end
+
+ context 'with privacy_act_statement policy parameter' do
+ let(:params) { location_params.merge(policy: :privacy_act_statement) }
+
+ it 'redirects to privacy act statement policy page' do
+ redirect_url = MarketingSite.privacy_act_statement_url
+
+ get :show, params: params
+
+ expect(response).to redirect_to redirect_url
+ expect(@analytics).to have_logged_event(
+ 'Policy Page Redirect',
+ flow: 'flow',
+ location: 'location',
+ redirect_url: redirect_url,
+ step: 'step',
+ )
+ end
+ end
end
end
diff --git a/spec/views/devise/sessions/new.html.erb_spec.rb b/spec/views/devise/sessions/new.html.erb_spec.rb
index 6bfa22d06a5..5e68ebcf6c5 100644
--- a/spec/views/devise/sessions/new.html.erb_spec.rb
+++ b/spec/views/devise/sessions/new.html.erb_spec.rb
@@ -52,26 +52,19 @@
it 'includes a link to security / privacy page and privacy statement act' do
render
- expect(rendered).
- to have_link(
- t('notices.privacy.security_and_privacy_practices'),
- href: MarketingSite.security_and_privacy_practices_url,
- )
- expect(rendered).
- to have_selector(
- "a[href='#{MarketingSite.security_and_privacy_practices_url}']\
-[target='_blank'][rel='noopener noreferrer']",
- )
-
- expect(rendered).
- to have_link(
- t('notices.privacy.privacy_act_statement'),
- href: MarketingSite.privacy_act_statement_url,
- )
- expect(rendered).to have_selector(
- "a[href='#{MarketingSite.privacy_act_statement_url}']\
-[target='_blank'][rel='noopener noreferrer']",
- )
+ expect(rendered).to have_link(
+ t('notices.privacy.security_and_privacy_practices'),
+ href: policy_redirect_url(
+ policy: :security_and_privacy_practices,
+ flow: :sign_in,
+ step: :sign_in,
+ ),
+ ) { |link| link[:target] == '_blank' && link[:rel] == 'noopener noreferrer' }
+
+ expect(rendered).to have_link(
+ t('notices.privacy.privacy_act_statement'),
+ href: MarketingSite.privacy_act_statement_url,
+ ) { |link| link[:target] == '_blank' && link[:rel] == 'noopener noreferrer' }
end
context 'when SP is present' do
diff --git a/spec/views/idv/agreement/show.html.erb_spec.rb b/spec/views/idv/agreement/show.html.erb_spec.rb
index 78a43dae781..9e25775d867 100644
--- a/spec/views/idv/agreement/show.html.erb_spec.rb
+++ b/spec/views/idv/agreement/show.html.erb_spec.rb
@@ -28,7 +28,12 @@
it 'renders a link to the privacy & security page' do
expect(rendered).to have_link(
t('doc_auth.instructions.learn_more'),
- href: policy_redirect_url(flow: :idv, step: :agreement, location: :consent),
+ href: policy_redirect_url(
+ policy: :security_and_privacy_practices,
+ flow: :idv,
+ step: :agreement,
+ location: :consent,
+ ),
)
end
end