18F · stevegsa · Jun 28, 2019 · Jun 27, 2019 · Jun 27, 2019 · Jun 27, 2019
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -147,7 +147,7 @@ def two_2fa_setup
   end
 
   def after_multiple_2fa_sign_up
-    if session[:sp]
+    if user_needs_sign_up_completed_page?
       sign_up_completed_url
     elsif current_user.decorate.password_reset_profile.present?
       reactivate_account_url
@@ -240,6 +240,16 @@ def render_full_width(template, **opts)
     render template, **opts, layout: 'base'
   end
 
+  def user_needs_sign_up_completed_page?
+    issuer = sp_session[:issuer]
+    return false unless issuer
+    !user_has_ial1_identity_for_issuer?(issuer)
+  end
+
+  def user_has_ial1_identity_for_issuer?(issuer)
+    current_user.identities.where(service_provider: issuer, ial: 1).any?
+  end
+
   def analytics_exception_info(exception)
     {
       backtrace: Rails.backtrace_cleaner.send(:filter, exception.backtrace),

diff --git a/app/controllers/sign_up/completions_controller.rb b/app/controllers/sign_up/completions_controller.rb
@@ -20,7 +20,7 @@ def show
     end
 
     def update
-      track_completion_event('agency-page')
+      track_completion_event('agency-page') if user_needs_sign_up_completed_page?
       handle_verified_attributes
       if decider.go_back_to_mobile_app?
         sign_user_out_and_instruct_to_go_back_to_mobile_app
@@ -59,7 +59,7 @@ def loa3?
     end
 
     def return_to_account
-      track_completion_event('account-page')
+      track_completion_event('account-page') if user_needs_sign_up_completed_page?
       redirect_to account_url
     end
 

diff --git a/app/controllers/sign_up/personal_keys_controller.rb b/app/controllers/sign_up/personal_keys_controller.rb
@@ -29,7 +29,7 @@ def assign_initial_personal_key
     end
 
     def next_step
-      if session[:sp]
+      if user_needs_sign_up_completed_page?
         sign_up_completed_url
       elsif current_user.decorate.password_reset_profile.present?
         reactivate_account_url

diff --git a/spec/controllers/sign_up/completions_controller_spec.rb b/spec/controllers/sign_up/completions_controller_spec.rb
@@ -107,6 +107,7 @@
         stub_sign_in
         subject.session[:sp] = {
           loa3: false,
+          issuer: 'foo',
           request_url: 'http://example.com',
         }
 
@@ -137,6 +138,7 @@
         user = create(:user, profiles: [create(:profile, :verified, :active)])
         stub_sign_in(user)
         subject.session[:sp] = {
+          issuer: 'foo',
           loa3: true,
           request_url: 'http://example.com',
         }

diff --git a/spec/controllers/sign_up/personal_keys_controller_spec.rb b/spec/controllers/sign_up/personal_keys_controller_spec.rb
@@ -32,7 +32,8 @@
   describe '#update' do
     context 'sp present' do
       it 'redirects to the sign up completed url' do
-        subject.session[:sp] = 'true'
+        sp = ServiceProvider.from_issuer('http://localhost:3000')
+        subject.session[:sp] = { issuer: sp.issuer, request_id: '123' }
         stub_sign_in
 
         patch :update
@@ -52,7 +53,8 @@
     end
 
     it 'tracks CSRF errors' do
-      subject.session[:sp] = 'true'
+      sp = ServiceProvider.from_issuer('http://localhost:3000')
+      subject.session[:sp] = { issuer: sp.issuer, request_id: '123' }
       stub_sign_in
       stub_analytics
       analytics_hash = {