[LG-423] Redirect piv/cac errors to cleanup url

[jgsmith-usds]

Why:
We want to remove the token from the piv/cac service so
that it doesn't leak into logs or other services.

How:
When there's an error, we store the messaging in the flash
and redirect to the same page to show the error and provide
another attempt.

Hi! Before submitting your PR for review, and/or before merging it, please
go through the following checklist:

• For DB changes, check for missing indexes, check to see if the changes
  affect other apps (such as the dashboard), make sure the DB columns in the
  various environments are properly populated, coordinate with devops, plan
  migrations in separate steps.

• For route changes, make sure GET requests don't change state or result in
  destructive behavior. GET requests should only result in information being
  read, not written.

• For encryption changes, make sure it is compatible with data that was
  encrypted with the old code.

• For secrets changes, make sure to update the S3 secrets bucket with the
  new configs in all environments.

• Do not disable Rubocop or Reek offenses unless you are absolutely sure
  they are false positives. If you're not sure how to fix the offense, please
  ask a teammate.

• When reading data, write tests for nil values, empty strings,
  and invalid formats.

• When calling redirect_to in a controller, use _url, not _path.

• When adding user data to the session, use the user_session helper
  instead of the session helper so the data does not persist beyond the user's
  session.

• When adding a new controller that requires the user to be fully
  authenticated, make sure to add before_action :confirm_two_factor_authenticated.

[monfresh]

Code Climate says this is not tested.

[monfresh]

Can we move this to a feature spec, please? We learned from a recent production 500 error that controller specs that don't render views will not catch any issues with views that call objects such as presenters.

[jgsmith-usds]

I'll add a feature spec to check for this. That should catch the untested line above. In personal manual testing, this worked, but it would be nice to know it works down the road if we change things up.

[monfresh]

Is there a reason we can't use @presenter.description and @presenter.heading directly in the view?

[jgsmith-usds]

We redirect before showing the view, so we don't have a presenter with the information.

[monfresh]

I see. I would have suggested passing in the error as a params, and then defining the presenter before rendering the error view:

elsif flash[:error].present?
  @presenter = PivCacAuthenticationSetupErrorPresenter.new(params[:error])
  render :error
end

The problem is that the presenter class expects to be initialized with an entire form object, even though the only thing it needs from it is its error_type. The solution is to change the presenter to be initialized with the error, but that's a refactoring for later. The controller would look like this:

def process_invalid_submission
  form_error = user_piv_cac_form.error_type
  @presenter = PivCacAuthenticationSetupErrorPresenter.new(form_error)
  clear_piv_cac_information
  flash[:error] = @presenter.title
  redirect_to setup_piv_cac_url(error: form_error)
end

[jgsmith-usds]

Good point. I was trying to keep the error condition out of the URL, but I could have just put that in the flash and rebuilt the presenter from there after the redirect.

[monfresh]

LGTM

[monfresh]

LGTM