diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 78ef2067f03..de3d8bb4a51 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -11,6 +11,22 @@ def show
decrypted_pii: cacher.fetch,
personal_key: flash[:personal_key],
decorated_user: current_user.decorate,
+ message: mfas_successfully_enabled_message,
)
end
+
+ def mfas_successfully_enabled_message
+ if session[:signed_up]
+ session.delete(:signed_up)
+ build_mfa_message(MfasEnabledForUser.call(current_user))
+ end
+ end
+
+ private
+
+ def build_mfa_message(methds)
+ translated = []
+ methds.each { |val| translated.push(t("two_factor_authentication.devices.#{val}")) }
+ t('two_factor_authentication.mfa_factors_enabled', devices: translated.join(' and '))
+ end
end
diff --git a/app/controllers/users/piv_cac_authentication_setup_controller.rb b/app/controllers/users/piv_cac_authentication_setup_controller.rb
index d1d0b2576bf..75d5e71f499 100644
--- a/app/controllers/users/piv_cac_authentication_setup_controller.rb
+++ b/app/controllers/users/piv_cac_authentication_setup_controller.rb
@@ -71,7 +71,6 @@ def user_piv_cac_form
end
def process_valid_submission
- flash[:success] = t('notices.piv_cac_configured')
save_piv_cac_information(
subject: user_piv_cac_form.x509_dn,
presented: true,
diff --git a/app/controllers/users/two_factor_authentication_setup_controller.rb b/app/controllers/users/two_factor_authentication_setup_controller.rb
index 1ee6ba94d2a..5ff48184041 100644
--- a/app/controllers/users/two_factor_authentication_setup_controller.rb
+++ b/app/controllers/users/two_factor_authentication_setup_controller.rb
@@ -19,6 +19,7 @@ def create
analytics.track_event(Analytics::USER_REGISTRATION_2FA_SETUP, result.to_h)
if result.success?
+ session[:signed_up] = true
backup_code_only_processing
process_valid_form
else
@@ -36,7 +37,7 @@ def two_factor_options_presenter
def backup_code_only_processing
if session[:signing_up] &&
@two_factor_options_form.selection == 'backup_code_only'
- session[:signing_up] = false
+ session.delete(:signing_up)
redirect_to account_url
end
end
diff --git a/app/controllers/users/webauthn_setup_controller.rb b/app/controllers/users/webauthn_setup_controller.rb
index 1ca7ae59e0a..a1bf6229c3e 100644
--- a/app/controllers/users/webauthn_setup_controller.rb
+++ b/app/controllers/users/webauthn_setup_controller.rb
@@ -25,10 +25,6 @@ def confirm
end
end
- def success
- @next_url = url_after_successful_webauthn_setup
- end
-
def delete
if MfaPolicy.new(current_user).multiple_factors_enabled?
handle_successful_delete
@@ -89,16 +85,7 @@ def process_valid_webauthn
create_user_event(:webauthn_key_added)
mark_user_as_fully_authenticated
save_remember_device_preference
- redirect_to webauthn_setup_success_url
- end
-
- def url_after_successful_webauthn_setup
- return two_2fa_setup if user_already_has_a_personal_key?
-
- policy = PersonalKeyForNewUserPolicy.new(user: current_user, session: session)
- return two_2fa_setup if policy.show_personal_key_after_initial_2fa_setup?
-
- idv_jurisdiction_url
+ redirect_to two_2fa_setup
end
def process_invalid_webauthn(form)
diff --git a/app/services/mfas_enabled_for_user.rb b/app/services/mfas_enabled_for_user.rb
new file mode 100644
index 00000000000..acff196657b
--- /dev/null
+++ b/app/services/mfas_enabled_for_user.rb
@@ -0,0 +1,25 @@
+class MfasEnabledForUser
+ # rubocop:disable Metrics/AbcSize
+ # rubocop:disable Metrics/MethodLength
+ def self.call(user)
+ methods_enabled = []
+ methods_enabled.push(:piv_cac) if
+ TwoFactorAuthentication::PivCacPolicy.new(user).enabled?
+
+ methods_enabled.push(:webauthn) if
+ TwoFactorAuthentication::WebauthnPolicy.new(user).enabled?
+
+ methods_enabled.push(:auth_app) if
+ TwoFactorAuthentication::AuthAppPolicy.new(user).enabled?
+
+ methods_enabled.push(:phone) if
+ TwoFactorAuthentication::PhonePolicy.new(user).enabled?
+
+ methods_enabled.push(:backup_code) if
+ TwoFactorAuthentication::BackupCodePolicy.new(user).enabled?
+
+ methods_enabled
+ end
+ # rubocop:enable Metrics/AbcSize
+ # rubocop:enable Metrics/MethodLength
+end
diff --git a/app/view_models/account_show.rb b/app/view_models/account_show.rb
index f40e6649f4b..fa48cce9983 100644
--- a/app/view_models/account_show.rb
+++ b/app/view_models/account_show.rb
@@ -1,12 +1,13 @@
# :reek:TooManyMethods
# :reek:RepeatedConditional
class AccountShow # rubocop:disable Metrics/ClassLength
- attr_reader :decorated_user, :decrypted_pii, :personal_key
+ attr_reader :decorated_user, :decrypted_pii, :personal_key, :message
- def initialize(decrypted_pii:, personal_key:, decorated_user:)
+ def initialize(decrypted_pii:, personal_key:, decorated_user:, message:)
@decrypted_pii = decrypted_pii
@personal_key = personal_key
@decorated_user = decorated_user
+ @message = message
end
def header_partial
diff --git a/app/views/accounts/show.html.erb b/app/views/accounts/show.html.erb
index 52a05d470a4..9289bc87d39 100644
--- a/app/views/accounts/show.html.erb
+++ b/app/views/accounts/show.html.erb
@@ -9,7 +9,9 @@
<%= render @view_model.pending_profile_partial, view_model: @view_model %>
<%= t 'titles.account' %>
-
+<% if !@view_model.message.nil? %>
+ <%= @view_model.message %>
+<% end %>
<%= render @view_model.header_partial, view_model: @view_model %>
diff --git a/app/views/users/webauthn_setup/success.html.slim b/app/views/users/webauthn_setup/success.html.slim
deleted file mode 100644
index f5257d50369..00000000000
--- a/app/views/users/webauthn_setup/success.html.slim
+++ /dev/null
@@ -1,14 +0,0 @@
-- title t('forms.webauthn_setup.success_title')
-
-= image_tag(asset_url('alert/success.svg'),
- alt: t('forms.webauthn_setup.success_title'), width: 60)
-
-h1.h3.mb2.mt3.my0 = t('forms.webauthn_setup.success_title')
-
-.col-2
- hr.mt3.mb3.bw4.border-green.rounded
-
-p = t('forms.webauthn_setup.success_text')
-
-= button_to(t('forms.buttons.continue'), @next_url, method: :get,
- class: 'btn btn-primary btn-wide sm-col-6 col-12')
diff --git a/config/locales/forms/en.yml b/config/locales/forms/en.yml
index 4d7d20cc2d3..20857d6fa6f 100644
--- a/config/locales/forms/en.yml
+++ b/config/locales/forms/en.yml
@@ -128,7 +128,4 @@ en:
keys as you want, and we recommend at least two for easier account recovery.
login_text: Press the button on your security key to sign in with login.gov
nickname: Security key nickname
- success_text: Each time you sign in to login.gov, we will ask you to use your
- security key. If you do not have your security key, you can use any other
- authentication methods you have enabled.
success_title: You have added a security key as your authentication method
diff --git a/config/locales/forms/es.yml b/config/locales/forms/es.yml
index df612de589f..9c364d30177 100644
--- a/config/locales/forms/es.yml
+++ b/config/locales/forms/es.yml
@@ -134,7 +134,4 @@ es:
login_text: Presione el botón en su clave de seguridad para iniciar sesión con
login.gov
nickname: Apodo clave de seguridad
- success_text: Cada vez que inicie sesión en login.gov, le pediremos que utilice
- su clave de seguridad. Si no tiene su clave de seguridad, puede usar cualquier
- otro método de autenticación que haya habilitado.
success_title: Has añadido una clave de seguridad como tu método de autenticación.
diff --git a/config/locales/forms/fr.yml b/config/locales/forms/fr.yml
index eb10976415c..4b014629d90 100644
--- a/config/locales/forms/fr.yml
+++ b/config/locales/forms/fr.yml
@@ -140,8 +140,4 @@ fr:
login_text: Appuyez sur le bouton de votre clé de sécurité pour vous connecter
avec login.gov
nickname: Pseudo clé de sécurité
- success_text: Chaque fois que vous vous connecterez à login.gov, nous vous demanderons
- d'utiliser votre clé de sécurité. Si vous ne possédez pas votre clé de sécurité,
- vous pouvez utiliser toute autre méthode d'authentification que vous avez
- activée.
success_title: Vous avez ajouté une clé de sécurité comme méthode d'authentification.
diff --git a/config/locales/notices/en.yml b/config/locales/notices/en.yml
index 112da767685..b64b4004bb9 100644
--- a/config/locales/notices/en.yml
+++ b/config/locales/notices/en.yml
@@ -14,7 +14,6 @@ en:
link: create a new account
text_html: Or, %{link} using a different email address.
password_changed: You changed your password.
- piv_cac_configured: PIV/CAC card linked successfully.
piv_cac_disabled: PIV/CAC card unlinked successfully.
resend_confirmation_email:
success: We sent another confirmation email.
diff --git a/config/locales/notices/es.yml b/config/locales/notices/es.yml
index 52aacde0d93..5206c1a123e 100644
--- a/config/locales/notices/es.yml
+++ b/config/locales/notices/es.yml
@@ -14,7 +14,6 @@ es:
link: crear una cuenta nueva
text_html: O, %{link} utilizando un email diferente.
password_changed: Ha cambiado su contraseña.
- piv_cac_configured: Tarjeta PIV/CAC vinculada con éxito.
piv_cac_disabled: Tarjeta PIV/CAC desvinculada con éxito.
resend_confirmation_email:
success: Enviamos otro email de confirmación.
diff --git a/config/locales/notices/fr.yml b/config/locales/notices/fr.yml
index d1ba122d950..bf358e9a1d1 100644
--- a/config/locales/notices/fr.yml
+++ b/config/locales/notices/fr.yml
@@ -15,7 +15,6 @@ fr:
link: Créer un nouveau compte
text_html: Ou, %{link} en utilisant une adresse courriel différente.
password_changed: Vous avez changé votre mot de passe.
- piv_cac_configured: Carte PIV/CAC liée avec succès.
piv_cac_disabled: Carte PIV/CAC dissociée avec succès.
resend_confirmation_email:
success: Nous avons envoyé un autre courriel de confirmation.
diff --git a/config/locales/two_factor_authentication/en.yml b/config/locales/two_factor_authentication/en.yml
index fc70d5310ef..b974457e48c 100644
--- a/config/locales/two_factor_authentication/en.yml
+++ b/config/locales/two_factor_authentication/en.yml
@@ -69,6 +69,8 @@ en:
max_piv_cac_login_attempts_reached: For your security, your account is temporarily
locked because you have presented your piv/cac credential incorrectly too many
times.
+ mfa_factors_enabled: "%{devices} were successfully setup as your multi-factor
+ authentication methods."
otp_delivery_preference:
instruction: You can change this selection the next time you log in. If you
entered a landline, please select "Phone call" below.
diff --git a/config/locales/two_factor_authentication/es.yml b/config/locales/two_factor_authentication/es.yml
index 14cfb273f3f..58ffa052ca8 100644
--- a/config/locales/two_factor_authentication/es.yml
+++ b/config/locales/two_factor_authentication/es.yml
@@ -76,6 +76,8 @@ es:
max_piv_cac_login_attempts_reached: Por tu seguridad, tu cuenta está bloqueada
temporalmente dado que has presentado las credenciales de tu piv/cac de forma
incorrecta demasiadas veces.
+ mfa_factors_enabled: "%{devices} fueron configurados con éxito como su método
+ de autenticación de múltiples factores"
otp_delivery_preference:
instruction: Puede cambiar esta selección la próxima vez que inicie sesión.
phone_unsupported: En este momento no podemos realizar llamadas a personas en
diff --git a/config/locales/two_factor_authentication/fr.yml b/config/locales/two_factor_authentication/fr.yml
index 8a3ea64343a..ebae8e87a20 100644
--- a/config/locales/two_factor_authentication/fr.yml
+++ b/config/locales/two_factor_authentication/fr.yml
@@ -73,6 +73,8 @@ fr:
max_piv_cac_login_attempts_reached: Pour votre sécurité, votre compte a été temporairement
bloqué en raison de la saisie de mauvais identifiants PIV/CAC à de trop nombreuses
reprises.
+ mfa_factors_enabled: "%{devices} ont été configurés avec succès comme méthode
+ d’authentification multi-facteurs."
otp_delivery_preference:
instruction: Vous pouvez changer cette sélection la prochaine fois que vous
vous connectez.
diff --git a/config/routes.rb b/config/routes.rb
index 649e448351a..2951581be41 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -130,7 +130,6 @@
patch '/webauthn_setup' => 'users/webauthn_setup#confirm'
delete '/webauthn_setup' => 'users/webauthn_setup#delete'
get '/webauthn_setup_delete' => 'users/webauthn_setup#show_delete'
- get '/webauthn_setup_success' => 'users/webauthn_setup#success'
delete '/authenticator_setup' => 'users/totp_setup#disable', as: :disable_totp
get '/authenticator_setup' => 'users/totp_setup#new'
diff --git a/spec/features/backup_mfa/sign_up_spec.rb b/spec/features/backup_mfa/sign_up_spec.rb
index 2410066b204..417fda8e2ba 100644
--- a/spec/features/backup_mfa/sign_up_spec.rb
+++ b/spec/features/backup_mfa/sign_up_spec.rb
@@ -130,7 +130,6 @@ def choose_and_confirm_mfa
select_2fa_option('webauthn')
fill_in_nickname_and_click_continue
mock_press_button_on_hardware_key_on_setup
- click_button t('forms.buttons.continue')
:webauthn
end
diff --git a/spec/features/remember_device/webauthn_spec.rb b/spec/features/remember_device/webauthn_spec.rb
index c82360c377c..c6cbc413d0c 100644
--- a/spec/features/remember_device/webauthn_spec.rb
+++ b/spec/features/remember_device/webauthn_spec.rb
@@ -23,6 +23,7 @@
def remember_device_and_sign_out_user
mock_webauthn_verification_challenge
sign_in_user(user)
+ print page.current_url
mock_press_button_on_hardware_key_on_verification
check :remember_device
click_button t('forms.buttons.continue')
@@ -49,8 +50,8 @@ def remember_device_and_sign_out_user
fill_in_nickname_and_click_continue
check :remember_device
mock_press_button_on_hardware_key_on_setup
- click_button t('forms.buttons.continue')
+ print page.body
first(:link, t('links.sign_out')).click
user
end
@@ -66,7 +67,6 @@ def remember_device_and_sign_out_user
fill_in_nickname_and_click_continue
check :remember_device
mock_press_button_on_hardware_key_on_setup
- click_button t('forms.buttons.continue')
expect(page).to have_current_path(account_path)
first(:link, t('links.sign_out')).click
user
diff --git a/spec/features/webauthn/management_spec.rb b/spec/features/webauthn/management_spec.rb
index 7c8835aab51..b26fa6e78c9 100644
--- a/spec/features/webauthn/management_spec.rb
+++ b/spec/features/webauthn/management_spec.rb
@@ -13,11 +13,6 @@ def visit_webauthn_setup
click_link t('account.index.webauthn_add'), href: webauthn_setup_path
end
- def expect_webauthn_setup_success
- expect(page).to have_content t('event_types.webauthn_key_added')
- expect(page).to have_current_path(account_path)
- end
-
def expect_webauthn_setup_error
expect(page).to have_content t('errors.webauthn_setup.general_error')
expect(current_path).to eq account_path
@@ -48,11 +43,7 @@ def expect_webauthn_setup_error
fill_in_nickname_and_click_continue
mock_press_button_on_hardware_key_on_setup
- expect(current_path).to eq webauthn_setup_success_path
-
- click_button t('forms.buttons.continue')
-
- expect_webauthn_setup_success
+ expect(current_path).to eq account_path
end
it 'allows user to delete security key when another 2FA option is set up' do
diff --git a/spec/features/webauthn/sign_up_spec.rb b/spec/features/webauthn/sign_up_spec.rb
index ca6b572122a..df13e8695fb 100644
--- a/spec/features/webauthn/sign_up_spec.rb
+++ b/spec/features/webauthn/sign_up_spec.rb
@@ -10,18 +10,6 @@ def visit_webauthn_setup
select_2fa_option('webauthn')
end
- def expect_webauthn_setup_success
- expect(page).to have_current_path(two_factor_options_path)
-
- select_2fa_option('phone')
- fill_in :user_phone_form_phone, with: '2025551313'
- click_send_security_code
- fill_in_code_with_last_phone_otp
- click_submit_default
-
- expect(page).to have_current_path(account_path)
- end
-
it_behaves_like 'webauthn setup'
end
@@ -36,10 +24,6 @@ def visit_webauthn_setup
select_2fa_option('webauthn')
end
- def expect_webauthn_setup_success
- expect(page).to have_current_path(account_path)
- end
-
it_behaves_like 'webauthn setup'
end
diff --git a/spec/support/shared_examples/account_creation.rb b/spec/support/shared_examples/account_creation.rb
index 0c1f234dadd..f0ede81d651 100644
--- a/spec/support/shared_examples/account_creation.rb
+++ b/spec/support/shared_examples/account_creation.rb
@@ -113,7 +113,7 @@
select_2fa_option('webauthn')
fill_in_nickname_and_click_continue
mock_press_button_on_hardware_key_on_setup
- expect(current_path).to eq webauthn_setup_success_path
+ expect(current_path).to eq two_factor_options_path
click_button t('forms.buttons.continue')
select_2fa_option('backup_code')
click_continue
diff --git a/spec/support/shared_examples/webauthn_setup.rb b/spec/support/shared_examples/webauthn_setup.rb
index 44776fb6f13..9a9b1433788 100644
--- a/spec/support/shared_examples/webauthn_setup.rb
+++ b/spec/support/shared_examples/webauthn_setup.rb
@@ -8,11 +8,8 @@
fill_in_nickname_and_click_continue
mock_press_button_on_hardware_key_on_setup
- expect(current_path).to eq webauthn_setup_success_path
+ expect(current_path).to eq two_factor_options_path
- click_button t('forms.buttons.continue')
-
- expect_webauthn_setup_success
expect(user.reload.webauthn_configurations.count).to eq(1)
webauthn_configuration = user.webauthn_configurations.first
diff --git a/spec/views/accounts/show.html.erb_spec.rb b/spec/views/accounts/show.html.erb_spec.rb
index 9b76aa3728e..cf27d8d8303 100644
--- a/spec/views/accounts/show.html.erb_spec.rb
+++ b/spec/views/accounts/show.html.erb_spec.rb
@@ -9,7 +9,7 @@
allow(view).to receive(:current_user).and_return(user)
assign(
:view_model,
- AccountShow.new(decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user),
+ AccountShow.new(decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user, message: nil),
)
end
@@ -42,7 +42,7 @@
before do
assign(
:view_model,
- AccountShow.new(decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user),
+ AccountShow.new(decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user, message: nil),
)
end