removed the success screen for webauthn and cleand up duplicate messa…

app/controllers/accounts_controller.rb

@@ -11,6 +11,22 @@ def show
       decrypted_pii: cacher.fetch,
       personal_key: flash[:personal_key],
       decorated_user: current_user.decorate,
+      message: mfas_successfully_enabled_message,
     )
   end
+
+  def mfas_successfully_enabled_message
+    if session[:signed_up]
+      session.delete(:signed_up)
+      build_mfa_message(MfasEnabledForUser.call(current_user))
+    end
+  end
+
+  private
+
+  def build_mfa_message(methds)
+    translated = []
+    methds.each { |val| translated.push(t("two_factor_authentication.devices.#{val}")) }
+    t('two_factor_authentication.mfa_factors_enabled', devices: translated.join(' and '))
+  end
 end

app/controllers/users/piv_cac_authentication_setup_controller.rb

@@ -71,7 +71,6 @@ def user_piv_cac_form
     end
 
     def process_valid_submission
-      flash[:success] = t('notices.piv_cac_configured')
       save_piv_cac_information(
         subject: user_piv_cac_form.x509_dn,
         presented: true,

app/controllers/users/two_factor_authentication_setup_controller.rb

@@ -19,6 +19,7 @@ def create
       analytics.track_event(Analytics::USER_REGISTRATION_2FA_SETUP, result.to_h)
 
       if result.success?
+        session[:signed_up] = true
         backup_code_only_processing
         process_valid_form
       else
@@ -36,7 +37,7 @@ def two_factor_options_presenter
     def backup_code_only_processing
       if session[:signing_up] &&
          @two_factor_options_form.selection == 'backup_code_only'
-        session[:signing_up] = false
+        session.delete(:signing_up)
         redirect_to account_url
       end
     end

app/controllers/users/webauthn_setup_controller.rb

@@ -25,10 +25,6 @@ def confirm
       end
     end
 
-    def success
-      @next_url = url_after_successful_webauthn_setup
-    end
-
     def delete
       if MfaPolicy.new(current_user).multiple_factors_enabled?
         handle_successful_delete
@@ -89,16 +85,7 @@ def process_valid_webauthn
       create_user_event(:webauthn_key_added)
       mark_user_as_fully_authenticated
       save_remember_device_preference
-      redirect_to webauthn_setup_success_url
-    end
-
-    def url_after_successful_webauthn_setup
-      return two_2fa_setup if user_already_has_a_personal_key?
-
-      policy = PersonalKeyForNewUserPolicy.new(user: current_user, session: session)
-      return two_2fa_setup if policy.show_personal_key_after_initial_2fa_setup?
-
-      idv_jurisdiction_url
+      redirect_to two_2fa_setup
     end
 
     def process_invalid_webauthn(form)

app/services/mfas_enabled_for_user.rb

@@ -0,0 +1,25 @@
+class MfasEnabledForUser
+  # rubocop:disable Metrics/AbcSize
+  # rubocop:disable Metrics/MethodLength
+  def self.call(user)
+    methods_enabled = []
+    methods_enabled.push(:piv_cac) if
+      TwoFactorAuthentication::PivCacPolicy.new(user).enabled?
+
+    methods_enabled.push(:webauthn) if
+      TwoFactorAuthentication::WebauthnPolicy.new(user).enabled?
+
+    methods_enabled.push(:auth_app) if
+      TwoFactorAuthentication::AuthAppPolicy.new(user).enabled?
+
+    methods_enabled.push(:phone) if
+      TwoFactorAuthentication::PhonePolicy.new(user).enabled?
+
+    methods_enabled.push(:backup_code) if
+      TwoFactorAuthentication::BackupCodePolicy.new(user).enabled?
+
+    methods_enabled
+  end
+  # rubocop:enable Metrics/AbcSize
+  # rubocop:enable Metrics/MethodLength
+end

app/view_models/account_show.rb

@@ -1,12 +1,13 @@
 # :reek:TooManyMethods
 # :reek:RepeatedConditional
 class AccountShow # rubocop:disable Metrics/ClassLength
-  attr_reader :decorated_user, :decrypted_pii, :personal_key
+  attr_reader :decorated_user, :decrypted_pii, :personal_key, :message
 
-  def initialize(decrypted_pii:, personal_key:, decorated_user:)
+  def initialize(decrypted_pii:, personal_key:, decorated_user:, message:)
     @decrypted_pii = decrypted_pii
     @personal_key = personal_key
     @decorated_user = decorated_user
+    @message = message
   end
 
   def header_partial

app/views/accounts/show.html.erb

@@ -9,7 +9,9 @@
 <%= render @view_model.pending_profile_partial, view_model: @view_model %>
 
 <h1 class="hide"><%= t 'titles.account' %></h1>
-
+<% if !@view_model.message.nil? %>
+  <div class="alert alert-success" role="alert"><%= @view_model.message %></div>
+<% end %>
 <%= render @view_model.header_partial, view_model: @view_model %>
 
 <div class="mb3 profile-info-box">

config/locales/forms/en.yml

@@ -128,7 +128,4 @@ en:
         keys as you want, and we recommend at least two for easier account recovery.
       login_text: Press the button on your security key to sign in with login.gov
       nickname: Security key nickname
-      success_text: Each time you sign in to login.gov, we will ask you to use your
-        security key.  If you do not have your security key, you can use any other
-        authentication methods you have enabled.
       success_title: You have added a security key as your authentication method

config/locales/forms/es.yml

@@ -134,7 +134,4 @@ es:
       login_text: Presione el botón en su clave de seguridad para iniciar sesión con
         login.gov
       nickname: Apodo clave de seguridad
-      success_text: Cada vez que inicie sesión en login.gov, le pediremos que utilice
-        su clave de seguridad. Si no tiene su clave de seguridad, puede usar cualquier
-        otro método de autenticación que haya habilitado.
       success_title: Has añadido una clave de seguridad como tu método de autenticación.

config/locales/forms/fr.yml

@@ -140,8 +140,4 @@ fr:
       login_text: Appuyez sur le bouton de votre clé de sécurité pour vous connecter
         avec login.gov
       nickname: Pseudo clé de sécurité
-      success_text: Chaque fois que vous vous connecterez à login.gov, nous vous demanderons
-        d'utiliser votre clé de sécurité. Si vous ne possédez pas votre clé de sécurité,
-        vous pouvez utiliser toute autre méthode d'authentification que vous avez
-        activée.
       success_title: Vous avez ajouté une clé de sécurité comme méthode d'authentification.

config/locales/notices/en.yml

@@ -14,7 +14,6 @@ en:
         link: create a new account
         text_html: Or, %{link} using a different email address.
     password_changed: You changed your password.
-    piv_cac_configured: PIV/CAC card linked successfully.
     piv_cac_disabled: PIV/CAC card unlinked successfully.
     resend_confirmation_email:
       success: We sent another confirmation email.

config/locales/notices/es.yml

@@ -14,7 +14,6 @@ es:
         link: crear una cuenta nueva
         text_html: O, %{link} utilizando un email diferente.
     password_changed: Ha cambiado su contraseña.
-    piv_cac_configured: Tarjeta PIV/CAC vinculada con éxito.
     piv_cac_disabled: Tarjeta PIV/CAC desvinculada con éxito.
     resend_confirmation_email:
       success: Enviamos otro email de confirmación.

config/locales/notices/fr.yml

@@ -15,7 +15,6 @@ fr:
         link: Créer un nouveau compte
         text_html: Ou, %{link} en utilisant une adresse courriel différente.
     password_changed: Vous avez changé votre mot de passe.
-    piv_cac_configured: Carte PIV/CAC liée avec succès.
     piv_cac_disabled: Carte PIV/CAC dissociée avec succès.
     resend_confirmation_email:
       success: Nous avons envoyé un autre courriel de confirmation.

config/locales/two_factor_authentication/en.yml

@@ -69,6 +69,8 @@ en:
     max_piv_cac_login_attempts_reached: For your security, your account is temporarily
       locked because you have presented your piv/cac credential incorrectly too many
       times.
+    mfa_factors_enabled: "%{devices} were successfully setup as your multi-factor
+      authentication methods."
     otp_delivery_preference:
       instruction: You can change this selection the next time you log in. If you
         entered a landline, please select "Phone call" below.

config/locales/two_factor_authentication/es.yml

@@ -76,6 +76,8 @@ es:
     max_piv_cac_login_attempts_reached: Por tu seguridad, tu cuenta está bloqueada
       temporalmente dado que has presentado las credenciales de tu piv/cac de forma
       incorrecta demasiadas veces.
+    mfa_factors_enabled: "%{devices} fueron configurados con éxito como su método
+      de autenticación de múltiples factores"
     otp_delivery_preference:
       instruction: Puede cambiar esta selección la próxima vez que inicie sesión.
       phone_unsupported: En este momento no podemos realizar llamadas a personas en

config/locales/two_factor_authentication/fr.yml

@@ -73,6 +73,8 @@ fr:
     max_piv_cac_login_attempts_reached: Pour votre sécurité, votre compte a été temporairement
       bloqué en raison de la saisie de mauvais identifiants PIV/CAC à de trop nombreuses
       reprises.
+    mfa_factors_enabled: "%{devices} ont été configurés avec succès comme méthode
+      d’authentification multi-facteurs."
     otp_delivery_preference:
       instruction: Vous pouvez changer cette sélection la prochaine fois que vous
         vous connectez.

config/routes.rb

@@ -130,7 +130,6 @@
     patch '/webauthn_setup' => 'users/webauthn_setup#confirm'
     delete '/webauthn_setup' => 'users/webauthn_setup#delete'
     get '/webauthn_setup_delete' => 'users/webauthn_setup#show_delete'
-    get '/webauthn_setup_success' => 'users/webauthn_setup#success'
 
     delete '/authenticator_setup' => 'users/totp_setup#disable', as: :disable_totp
     get '/authenticator_setup' => 'users/totp_setup#new'

spec/features/backup_mfa/sign_up_spec.rb

@@ -130,7 +130,6 @@ def choose_and_confirm_mfa
       select_2fa_option('webauthn')
       fill_in_nickname_and_click_continue
       mock_press_button_on_hardware_key_on_setup
-      click_button t('forms.buttons.continue')
       :webauthn
     end
 

spec/features/remember_device/webauthn_spec.rb

@@ -23,6 +23,7 @@
     def remember_device_and_sign_out_user
       mock_webauthn_verification_challenge
       sign_in_user(user)
+      print page.current_url
       mock_press_button_on_hardware_key_on_verification
       check :remember_device
       click_button t('forms.buttons.continue')
@@ -49,8 +50,8 @@ def remember_device_and_sign_out_user
       fill_in_nickname_and_click_continue
       check :remember_device
       mock_press_button_on_hardware_key_on_setup
-      click_button t('forms.buttons.continue')
 
+      print page.body
       first(:link, t('links.sign_out')).click
       user
     end
@@ -66,7 +67,6 @@ def remember_device_and_sign_out_user
       fill_in_nickname_and_click_continue
       check :remember_device
       mock_press_button_on_hardware_key_on_setup
-      click_button t('forms.buttons.continue')
       expect(page).to have_current_path(account_path)
       first(:link, t('links.sign_out')).click
       user

spec/features/webauthn/management_spec.rb

@@ -13,11 +13,6 @@ def visit_webauthn_setup
     click_link t('account.index.webauthn_add'), href: webauthn_setup_path
   end
 
-  def expect_webauthn_setup_success
-    expect(page).to have_content t('event_types.webauthn_key_added')
-    expect(page).to have_current_path(account_path)
-  end
-
   def expect_webauthn_setup_error
     expect(page).to have_content t('errors.webauthn_setup.general_error')
     expect(current_path).to eq account_path
@@ -48,11 +43,7 @@ def expect_webauthn_setup_error
       fill_in_nickname_and_click_continue
       mock_press_button_on_hardware_key_on_setup
 
-      expect(current_path).to eq webauthn_setup_success_path
-
-      click_button t('forms.buttons.continue')
-
-      expect_webauthn_setup_success
+      expect(current_path).to eq account_path
     end
 
     it 'allows user to delete security key when another 2FA option is set up' do

spec/features/webauthn/sign_up_spec.rb

@@ -10,18 +10,6 @@ def visit_webauthn_setup
       select_2fa_option('webauthn')
     end
 
-    def expect_webauthn_setup_success
-      expect(page).to have_current_path(two_factor_options_path)
-
-      select_2fa_option('phone')
-      fill_in :user_phone_form_phone, with: '2025551313'
-      click_send_security_code
-      fill_in_code_with_last_phone_otp
-      click_submit_default
-
-      expect(page).to have_current_path(account_path)
-    end
-
     it_behaves_like 'webauthn setup'
   end
 
@@ -36,10 +24,6 @@ def visit_webauthn_setup
       select_2fa_option('webauthn')
     end
 
-    def expect_webauthn_setup_success
-      expect(page).to have_current_path(account_path)
-    end
-
     it_behaves_like 'webauthn setup'
   end
 

spec/support/shared_examples/account_creation.rb

@@ -113,7 +113,7 @@
     select_2fa_option('webauthn')
     fill_in_nickname_and_click_continue
     mock_press_button_on_hardware_key_on_setup
-    expect(current_path).to eq webauthn_setup_success_path
+    expect(current_path).to eq two_factor_options_path
     click_button t('forms.buttons.continue')
     select_2fa_option('backup_code')
     click_continue

spec/support/shared_examples/webauthn_setup.rb

@@ -8,11 +8,8 @@
     fill_in_nickname_and_click_continue
     mock_press_button_on_hardware_key_on_setup
 
-    expect(current_path).to eq webauthn_setup_success_path
+    expect(current_path).to eq two_factor_options_path
 
-    click_button t('forms.buttons.continue')
-
-    expect_webauthn_setup_success
     expect(user.reload.webauthn_configurations.count).to eq(1)
 
     webauthn_configuration = user.webauthn_configurations.first

spec/views/accounts/show.html.erb_spec.rb

@@ -9,7 +9,7 @@
     allow(view).to receive(:current_user).and_return(user)
     assign(
       :view_model,
-      AccountShow.new(decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user),
+      AccountShow.new(decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user, message: nil),
     )
   end
 
@@ -42,7 +42,7 @@
     before do
       assign(
         :view_model,
-        AccountShow.new(decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user),
+        AccountShow.new(decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user, message: nil),
       )
     end