diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 854021593e7..c608bb129f6 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,6 +5,7 @@ class ApplicationController < ActionController::Base # rubocop:disable Metrics/C include UserSessionContext include VerifyProfileConcern include LocaleHelper + include VerifySPAttributesConcern FLASH_KEYS = %w[alert error notice success warning].freeze @@ -148,7 +149,7 @@ def two_2fa_setup end def after_multiple_2fa_sign_up - if user_needs_sign_up_completed_page? + if needs_completions_screen? sign_up_completed_url elsif current_user.decorate.password_reset_profile.present? reactivate_account_url @@ -249,12 +250,6 @@ def render_full_width(template, **opts) render template, **opts, layout: 'base' end - def user_needs_sign_up_completed_page? - issuer = sp_session[:issuer] - return false unless issuer - !user_has_ial1_identity_for_issuer?(issuer) - end - def user_has_ial1_identity_for_issuer?(issuer) current_user.identities.where(service_provider: issuer, ial: 1).any? end diff --git a/app/controllers/concerns/verify_sp_attributes_concern.rb b/app/controllers/concerns/verify_sp_attributes_concern.rb index 32e94148bb7..71803b6212f 100644 --- a/app/controllers/concerns/verify_sp_attributes_concern.rb +++ b/app/controllers/concerns/verify_sp_attributes_concern.rb @@ -1,6 +1,10 @@ module VerifySPAttributesConcern + def needs_completions_screen? + sp_session[:issuer].present? && (sp_session_identity.nil? || !requested_attributes_verified?) + end + def needs_sp_attribute_verification? - if sp_session_identity.nil? || !requested_attributes_verified? + if needs_completions_screen? set_verify_shared_attributes_session true else diff --git a/app/controllers/openid_connect/authorization_controller.rb b/app/controllers/openid_connect/authorization_controller.rb index a328389fb72..5d3eccb7f6d 100644 --- a/app/controllers/openid_connect/authorization_controller.rb +++ b/app/controllers/openid_connect/authorization_controller.rb @@ -3,7 +3,6 @@ class AuthorizationController < ApplicationController include FullyAuthenticatable include RememberDeviceConcern include VerifyProfileConcern - include VerifySPAttributesConcern before_action :build_authorize_form_from_params, only: [:index] before_action :validate_authorize_form, only: [:index] diff --git a/app/controllers/saml_idp_controller.rb b/app/controllers/saml_idp_controller.rb index 94bf2999b54..ca27bd4a021 100644 --- a/app/controllers/saml_idp_controller.rb +++ b/app/controllers/saml_idp_controller.rb @@ -9,7 +9,6 @@ class SamlIdpController < ApplicationController include FullyAuthenticatable include RememberDeviceConcern include VerifyProfileConcern - include VerifySPAttributesConcern skip_before_action :verify_authenticity_token before_action :confirm_user_is_authenticated_with_fresh_mfa, only: :auth diff --git a/app/controllers/sign_up/completions_controller.rb b/app/controllers/sign_up/completions_controller.rb index 0805ee716c9..352ccefb2f2 100644 --- a/app/controllers/sign_up/completions_controller.rb +++ b/app/controllers/sign_up/completions_controller.rb @@ -1,7 +1,6 @@ module SignUp class CompletionsController < ApplicationController include SecureHeadersConcern - include VerifySPAttributesConcern before_action :confirm_two_factor_authenticated before_action :verify_confirmed, if: :loa3? @@ -9,7 +8,7 @@ class CompletionsController < ApplicationController def show @view_model = view_model - if show_completions_page? + if needs_completions_screen? analytics.track_event( Analytics::USER_REGISTRATION_AGENCY_HANDOFF_PAGE_VISIT, analytics_attributes(''), @@ -20,7 +19,7 @@ def show end def update - track_completion_event('agency-page') if user_needs_sign_up_completed_page? + track_completion_event('agency-page') if needs_completions_screen? handle_verified_attributes if decider.go_back_to_mobile_app? sign_user_out_and_instruct_to_go_back_to_mobile_app @@ -36,11 +35,6 @@ def handle_verified_attributes clear_verify_attributes_sessions end - def show_completions_page? - service_providers = sp_session[:issuer].present? || @view_model.user_has_identities? - user_fully_authenticated? && service_providers - end - def view_model SignUpCompletionsShow.new( loa3_requested: loa3?, @@ -59,7 +53,7 @@ def loa3? end def return_to_account - track_completion_event('account-page') if user_needs_sign_up_completed_page? + track_completion_event('account-page') redirect_to account_url end diff --git a/app/controllers/sign_up/personal_keys_controller.rb b/app/controllers/sign_up/personal_keys_controller.rb index 185f6ae5046..ed431b25695 100644 --- a/app/controllers/sign_up/personal_keys_controller.rb +++ b/app/controllers/sign_up/personal_keys_controller.rb @@ -29,7 +29,7 @@ def assign_initial_personal_key end def next_step - if user_needs_sign_up_completed_page? + if needs_completions_screen? sign_up_completed_url elsif current_user.decorate.password_reset_profile.present? reactivate_account_url diff --git a/app/views/sign_up/completions/_show_identities.html.slim b/app/views/sign_up/completions/_show_identities.html.slim index 4ae9ea185d4..d4b0bd6201c 100644 --- a/app/views/sign_up/completions/_show_identities.html.slim +++ b/app/views/sign_up/completions/_show_identities.html.slim @@ -3,7 +3,7 @@ p.fs-20p - if identities.length > 1 = t('idv.messages.agencies_login') - - else + - elsif identities.length == 1 = t('idv.messages.agency_login_html', sp: identities.first.display_name) ul.list-reset - identities.each do |identity| diff --git a/spec/controllers/sign_up/completions_controller_spec.rb b/spec/controllers/sign_up/completions_controller_spec.rb index d927c3752a2..4772fcfa262 100644 --- a/spec/controllers/sign_up/completions_controller_spec.rb +++ b/spec/controllers/sign_up/completions_controller_spec.rb @@ -86,7 +86,7 @@ user = create(:user) create(:identity, user: user) stub_sign_in(user) - subject.session[:sp] = {} + subject.session[:sp] = { issuer: 'awesome sp', loa3: false } get :show expect(response).to render_template(:show)