diff --git a/app/controllers/users/webauthn_platform_recommended_controller.rb b/app/controllers/users/webauthn_platform_recommended_controller.rb index 7c8395dfdcc..aa18b9b6eeb 100644 --- a/app/controllers/users/webauthn_platform_recommended_controller.rb +++ b/app/controllers/users/webauthn_platform_recommended_controller.rb @@ -39,7 +39,7 @@ def dismiss_redirect_path if opted_to_add? webauthn_setup_path(platform: true) elsif in_account_creation_flow? - next_setup_path + next_setup_path || after_mfa_setup_path else after_sign_in_path_for(current_user) end diff --git a/app/views/users/webauthn_platform_recommended/new.html.erb b/app/views/users/webauthn_platform_recommended/new.html.erb index a0e357ff886..534df7a338e 100644 --- a/app/views/users/webauthn_platform_recommended/new.html.erb +++ b/app/views/users/webauthn_platform_recommended/new.html.erb @@ -23,18 +23,19 @@
- <%= render ButtonComponent.new( + <%= render SubmitButtonComponent.new( url: webauthn_platform_recommended_url, method: :post, params: { add_method: true }, - big: true, full_width: true, class: 'margin-bottom-2', ).with_content(t('webauthn_platform_recommended.cta')) %> - <%= render ButtonComponent.new( + <%= render SubmitButtonComponent.new( url: webauthn_platform_recommended_url, method: :post, unstyled: true, + big: false, + wide: false, ).with_content(t('webauthn_platform_recommended.skip')) %>
diff --git a/spec/controllers/users/webauthn_platform_recommended_controller_spec.rb b/spec/controllers/users/webauthn_platform_recommended_controller_spec.rb index 853b2b9fe18..13d2c027caf 100644 --- a/spec/controllers/users/webauthn_platform_recommended_controller_spec.rb +++ b/spec/controllers/users/webauthn_platform_recommended_controller_spec.rb @@ -2,8 +2,14 @@ RSpec.describe Users::WebauthnPlatformRecommendedController do let(:user) { create(:user) } + let(:current_sp) { create(:service_provider) } before do + controller.session[:sp] = { + issuer: current_sp.issuer, + acr_values: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF, + request_url: 'http://example.com', + } stub_sign_in(user) if user end @@ -72,12 +78,25 @@ context 'user is creating account' do before do allow(controller).to receive(:in_account_creation_flow?).and_return(true) - allow(controller).to receive(:next_setup_path).and_return(sign_up_completed_path) + controller.user_session[:mfa_selections] = [] end - it 'redirects user to set up next authenticator' do + it 'redirects user to consent screen' do expect(response).to redirect_to(sign_up_completed_path) end + + context 'mfa selections already completed' do + # Regression: If duplicate submission occurs (e.g. pressing back button), selections is + # already cleared from session, but the user is still in the account creation flow. + + before do + controller.user_session[:mfa_selections] = nil + end + + it 'redirects user to consent screen' do + expect(response).to redirect_to(sign_up_completed_path) + end + end end context 'user opted to add' do diff --git a/spec/views/users/webauthn_platform_recommended/new.html.erb_spec.rb b/spec/views/users/webauthn_platform_recommended/new.html.erb_spec.rb index 951ef168c63..fb217054a22 100644 --- a/spec/views/users/webauthn_platform_recommended/new.html.erb_spec.rb +++ b/spec/views/users/webauthn_platform_recommended/new.html.erb_spec.rb @@ -3,6 +3,11 @@ RSpec.describe 'users/webauthn_platform_recommended/new.html.erb' do subject(:rendered) { render } + it 'renders separate forms with submission for options to add' do + expect(rendered).to have_css('form:has(input[name=add_method]):has([type=submit])') + expect(rendered).to have_css('form:not(:has(input[name=add_method])):has([type=submit])') + end + it 'renders a help link for phishing-resistant including flow path' do @sign_in_flow = :example