Skip to content

Fix PIV/CAC and Webauthn errors when disabled #2519

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stevegsa merged 4 commits into from
Sep 14, 2018
Merged

Fix PIV/CAC and Webauthn errors when disabled #2519

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
773f481
Fix PIV/CAC and Webauthn errors when disabled
stevegsa Sep 13, 2018
b388392
Added test coverage for piv cac and webauthn disabled
stevegsa Sep 14, 2018
bc1e439
Lint
stevegsa Sep 14, 2018
117cce4
Changed description
stevegsa Sep 14, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions app/controllers/two_factor_authentication/options_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,8 @@ def process_valid_form
'personal_key' => login_two_factor_personal_key_url,
'sms' => otp_send_url(otp_delivery_selection_form: { otp_delivery_preference: 'sms' }),
'auth_app' => login_two_factor_authenticator_url,
'piv_cac' => login_two_factor_piv_cac_url,
'webauthn' => login_two_factor_webauthn_url,
'piv_cac' => FeatureManagement.piv_cac_enabled? ? login_two_factor_piv_cac_url : nil,
Copy link
Copy Markdown
Contributor

@jmhooper jmhooper Sep 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if we did

factor_to_url['piv_cac'] = login_two_factor_piv_cac_url if FeatureManagement.piv_cac_enabled?`

That helps keep us from having to use a confusing ternary inside a hash

Copy link
Copy Markdown
Contributor Author

@stevegsa stevegsa Sep 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reek complains

Copy link
Copy Markdown
Contributor

@jgsmith-usds jgsmith-usds Sep 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be changed up when #2492 gets merged, so I'm not as worried about the ternary.

'webauthn' => FeatureManagement.webauthn_enabled? ? login_two_factor_webauthn_url : nil,
}
url = factor_to_url[@two_factor_options_form.selection]
redirect_to url if url
Expand Down
6 changes: 5 additions & 1 deletion app/presenters/two_factor_options_presenter.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,11 @@ def options
private

def available_2fa_types
%w[sms voice auth_app webauthn] + piv_cac_if_available
%w[sms voice auth_app] + webauthn_if_available + piv_cac_if_available
end

def webauthn_if_available
FeatureManagement.webauthn_enabled? ? %w[webauthn] : []
end

def piv_cac_if_available
Expand Down
18 changes: 18 additions & 0 deletions spec/controllers/two_factor_authentication/options_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,18 @@
describe '#create' do
before { sign_in_before_2fa }

it 'redirects to login_two_factor_url for sms with piv/cac and webauthn disabled' do
piv_cac_webauthn_enabled('false')

post :create, params: { two_factor_options_form: { selection: 'sms' } }

expect(response).to redirect_to otp_send_url( \
otp_delivery_selection_form: { otp_delivery_preference: 'sms' }
)

piv_cac_webauthn_enabled('true')
end

it 'redirects to login_two_factor_url if user selects sms' do
post :create, params: { two_factor_options_form: { selection: 'sms' } }

Expand Down Expand Up @@ -80,4 +92,10 @@
post :create, params: { two_factor_options_form: { selection: 'sms' } }
end
end

def piv_cac_webauthn_enabled(bool)
allow(Figaro.env).to receive(:piv_cac_enabled) { bool }
allow(Figaro.env).to receive(:webauthn_enabled) { bool }
Rails.application.reload_routes!
end
end