diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8b365c53fe4..03495ee8485 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -147,7 +147,7 @@ def two_2fa_setup end def after_multiple_2fa_sign_up - if session[:sp] + if user_needs_sign_up_completed_page? sign_up_completed_url elsif current_user.decorate.password_reset_profile.present? reactivate_account_url @@ -240,6 +240,16 @@ def render_full_width(template, **opts) render template, **opts, layout: 'base' end + def user_needs_sign_up_completed_page? + issuer = sp_session[:issuer] + return false unless issuer + !user_has_ial1_identity_for_issuer?(issuer) + end + + def user_has_ial1_identity_for_issuer?(issuer) + current_user.identities.where(service_provider: issuer, ial: 1).any? + end + def analytics_exception_info(exception) { backtrace: Rails.backtrace_cleaner.send(:filter, exception.backtrace), diff --git a/app/controllers/sign_up/completions_controller.rb b/app/controllers/sign_up/completions_controller.rb index 98b41cd8146..41d7db7e916 100644 --- a/app/controllers/sign_up/completions_controller.rb +++ b/app/controllers/sign_up/completions_controller.rb @@ -20,7 +20,7 @@ def show end def update - track_completion_event('agency-page') + track_completion_event('agency-page') if user_needs_sign_up_completed_page? handle_verified_attributes if decider.go_back_to_mobile_app? sign_user_out_and_instruct_to_go_back_to_mobile_app @@ -59,7 +59,7 @@ def loa3? end def return_to_account - track_completion_event('account-page') + track_completion_event('account-page') if user_needs_sign_up_completed_page? redirect_to account_url end diff --git a/app/controllers/sign_up/personal_keys_controller.rb b/app/controllers/sign_up/personal_keys_controller.rb index 43349a675e2..185f6ae5046 100644 --- a/app/controllers/sign_up/personal_keys_controller.rb +++ b/app/controllers/sign_up/personal_keys_controller.rb @@ -29,7 +29,7 @@ def assign_initial_personal_key end def next_step - if session[:sp] + if user_needs_sign_up_completed_page? sign_up_completed_url elsif current_user.decorate.password_reset_profile.present? reactivate_account_url diff --git a/spec/controllers/sign_up/completions_controller_spec.rb b/spec/controllers/sign_up/completions_controller_spec.rb index a451ebcf533..d927c3752a2 100644 --- a/spec/controllers/sign_up/completions_controller_spec.rb +++ b/spec/controllers/sign_up/completions_controller_spec.rb @@ -107,6 +107,7 @@ stub_sign_in subject.session[:sp] = { loa3: false, + issuer: 'foo', request_url: 'http://example.com', } @@ -137,6 +138,7 @@ user = create(:user, profiles: [create(:profile, :verified, :active)]) stub_sign_in(user) subject.session[:sp] = { + issuer: 'foo', loa3: true, request_url: 'http://example.com', } diff --git a/spec/controllers/sign_up/personal_keys_controller_spec.rb b/spec/controllers/sign_up/personal_keys_controller_spec.rb index 53d81742684..5e229b2663b 100644 --- a/spec/controllers/sign_up/personal_keys_controller_spec.rb +++ b/spec/controllers/sign_up/personal_keys_controller_spec.rb @@ -32,7 +32,8 @@ describe '#update' do context 'sp present' do it 'redirects to the sign up completed url' do - subject.session[:sp] = 'true' + sp = ServiceProvider.from_issuer('http://localhost:3000') + subject.session[:sp] = { issuer: sp.issuer, request_id: '123' } stub_sign_in patch :update @@ -52,7 +53,8 @@ end it 'tracks CSRF errors' do - subject.session[:sp] = 'true' + sp = ServiceProvider.from_issuer('http://localhost:3000') + subject.session[:sp] = { issuer: sp.issuer, request_id: '123' } stub_sign_in stub_analytics analytics_hash = {