diff --git a/app/controllers/concerns/idv_session.rb b/app/controllers/concerns/idv_session.rb index 4d2d4fa19b7..34062d74733 100644 --- a/app/controllers/concerns/idv_session.rb +++ b/app/controllers/concerns/idv_session.rb @@ -1,6 +1,10 @@ module IdvSession extend ActiveSupport::Concern + included do + before_action :redirect_if_sp_context_needed + end + def confirm_idv_session_started redirect_to idv_doc_auth_url if idv_session.applicant.blank? end @@ -41,10 +45,11 @@ def idv_attempter_throttled? Throttler::IsThrottled.call(current_user.id, :idv_resolution) end - def sp_context_needed? + def redirect_if_sp_context_needed return if sp_from_sp_session.present? return unless LoginGov::Hostdata.in_datacenter? return if LoginGov::Hostdata.env != AppConfig.env.sp_context_needed_environment + return if current_user.profiles.any? redirect_to account_url end diff --git a/app/controllers/idv_controller.rb b/app/controllers/idv_controller.rb index 2c5d62f5386..421e3f325f6 100644 --- a/app/controllers/idv_controller.rb +++ b/app/controllers/idv_controller.rb @@ -5,7 +5,6 @@ class IdvController < ApplicationController before_action :confirm_two_factor_authenticated before_action :confirm_idv_needed, only: [:fail] before_action :profile_needs_reactivation?, only: [:index] - before_action :sp_context_needed?, only: [:index] def index if decorated_session.requested_more_recent_verification? diff --git a/spec/controllers/idv/cancellations_controller_spec.rb b/spec/controllers/idv/cancellations_controller_spec.rb index 63b46b4693e..3a2980024ae 100644 --- a/spec/controllers/idv/cancellations_controller_spec.rb +++ b/spec/controllers/idv/cancellations_controller_spec.rb @@ -1,6 +1,12 @@ require 'rails_helper' describe Idv::CancellationsController do + describe 'before_actions' do + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end + end + describe '#new' do it 'tracks the event in analytics when referer is nil' do stub_sign_in diff --git a/spec/controllers/idv/confirmations_controller_spec.rb b/spec/controllers/idv/confirmations_controller_spec.rb index b6294c855d1..f39687835e4 100644 --- a/spec/controllers/idv/confirmations_controller_spec.rb +++ b/spec/controllers/idv/confirmations_controller_spec.rb @@ -48,6 +48,10 @@ def stub_idv_session ) end + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end + describe '#confirm_profile_has_been_created' do before do stub_idv_session diff --git a/spec/controllers/idv/doc_auth_controller_spec.rb b/spec/controllers/idv/doc_auth_controller_spec.rb index ec2fc59b0dd..7af08475583 100644 --- a/spec/controllers/idv/doc_auth_controller_spec.rb +++ b/spec/controllers/idv/doc_auth_controller_spec.rb @@ -10,6 +10,10 @@ :fsm_initialize, :ensure_correct_step) end + + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end end before do |example| diff --git a/spec/controllers/idv/forgot_password_controller_spec.rb b/spec/controllers/idv/forgot_password_controller_spec.rb index df843f18b85..c6df48e5e31 100644 --- a/spec/controllers/idv/forgot_password_controller_spec.rb +++ b/spec/controllers/idv/forgot_password_controller_spec.rb @@ -1,6 +1,12 @@ require 'rails_helper' describe Idv::ForgotPasswordController do + describe 'before_actions' do + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end + end + describe '#new' do it 'tracks the event in analytics when referer is nil' do stub_sign_in diff --git a/spec/controllers/idv/otp_delivery_method_controller_spec.rb b/spec/controllers/idv/otp_delivery_method_controller_spec.rb index 10e09abebe4..7b30964008f 100644 --- a/spec/controllers/idv/otp_delivery_method_controller_spec.rb +++ b/spec/controllers/idv/otp_delivery_method_controller_spec.rb @@ -15,6 +15,12 @@ subject.idv_session.user_phone_confirmation_session = user_phone_confirmation_session end + describe 'before_actions' do + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end + end + describe '#new' do context 'user has not selected phone verification method' do before do diff --git a/spec/controllers/idv/otp_verification_controller_spec.rb b/spec/controllers/idv/otp_verification_controller_spec.rb index c26a665eae4..423a7a5344a 100644 --- a/spec/controllers/idv/otp_verification_controller_spec.rb +++ b/spec/controllers/idv/otp_verification_controller_spec.rb @@ -29,6 +29,12 @@ subject.idv_session.user_phone_confirmation_session = user_phone_confirmation_session end + describe 'before_actions' do + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end + end + describe '#show' do context 'the user has not been sent an otp' do let(:user_phone_confirmation_session) { nil } diff --git a/spec/controllers/idv/phone_controller_spec.rb b/spec/controllers/idv/phone_controller_spec.rb index c24efa05a4d..db03ed50641 100644 --- a/spec/controllers/idv/phone_controller_spec.rb +++ b/spec/controllers/idv/phone_controller_spec.rb @@ -21,6 +21,12 @@ end end + describe 'before_actions' do + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end + end + describe '#new' do let(:user) do build(:user, :with_phone, diff --git a/spec/controllers/idv/phone_errors_controller_spec.rb b/spec/controllers/idv/phone_errors_controller_spec.rb index c1ad80d3459..d95dd2c3a8f 100644 --- a/spec/controllers/idv/phone_errors_controller_spec.rb +++ b/spec/controllers/idv/phone_errors_controller_spec.rb @@ -1,6 +1,12 @@ require 'rails_helper' shared_examples_for 'an idv phone errors controller action' do + describe 'before_actions' do + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end + end + context 'the user is authenticated and has not confirmed their phone' do it 'renders the error' do stub_sign_in diff --git a/spec/controllers/idv/recovery_controller_spec.rb b/spec/controllers/idv/recovery_controller_spec.rb index 03a64e2bece..c1aa9f3b663 100644 --- a/spec/controllers/idv/recovery_controller_spec.rb +++ b/spec/controllers/idv/recovery_controller_spec.rb @@ -18,6 +18,12 @@ allow(@analytics).to receive(:track_event) end + describe 'before_actions' do + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end + end + describe 'unauthenticated', :skip_sign_in do it 'redirects to the root url' do get :index diff --git a/spec/controllers/idv/resend_otp_controller_spec.rb b/spec/controllers/idv/resend_otp_controller_spec.rb index e108aaa1d09..a7b78443955 100644 --- a/spec/controllers/idv/resend_otp_controller_spec.rb +++ b/spec/controllers/idv/resend_otp_controller_spec.rb @@ -24,6 +24,12 @@ subject.idv_session.user_phone_confirmation_session = user_phone_confirmation_session end + describe 'before_actions' do + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end + end + describe '#create' do context 'the user has not selected a delivery method' do let(:user_phone_confirmation_session) { nil } diff --git a/spec/controllers/idv/review_controller_spec.rb b/spec/controllers/idv/review_controller_spec.rb index f9a5de1dfce..de67df58094 100644 --- a/spec/controllers/idv/review_controller_spec.rb +++ b/spec/controllers/idv/review_controller_spec.rb @@ -45,6 +45,10 @@ :confirm_idv_steps_complete, ) end + + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end end describe '#confirm_idv_steps_complete' do diff --git a/spec/controllers/idv/session_errors_controller_spec.rb b/spec/controllers/idv/session_errors_controller_spec.rb index 7671cfebbfe..5c73ffe3a93 100644 --- a/spec/controllers/idv/session_errors_controller_spec.rb +++ b/spec/controllers/idv/session_errors_controller_spec.rb @@ -64,6 +64,12 @@ allow(controller).to receive(:idv_session).and_return(idv_session) end + describe 'before_actions' do + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end + end + describe '#warning' do let(:action) { :warning } let(:template) { 'idv/session_errors/warning' } diff --git a/spec/controllers/idv/usps_controller_spec.rb b/spec/controllers/idv/usps_controller_spec.rb index e788c835351..bd2d6255469 100644 --- a/spec/controllers/idv/usps_controller_spec.rb +++ b/spec/controllers/idv/usps_controller_spec.rb @@ -12,6 +12,10 @@ :confirm_mail_not_spammed, ) end + + it 'includes before_actions from IdvSession' do + expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + end end describe '#index' do diff --git a/spec/controllers/idv_controller_spec.rb b/spec/controllers/idv_controller_spec.rb index ed74566c77f..e298096f1de 100644 --- a/spec/controllers/idv_controller_spec.rb +++ b/spec/controllers/idv_controller_spec.rb @@ -71,15 +71,18 @@ end context 'no SP context' do + let(:user) { user = build(:user, password: ControllerHelper::VALID_PASSWORD) } + before do - stub_sign_in + stub_sign_in(user) session[:sp] = {} + allow(LoginGov::Hostdata).to receive(:in_datacenter?).and_return(true) + allow(AppConfig.env).to receive(:sp_context_needed_environment).and_return('prod') end context 'prod environment' do before do allow(LoginGov::Hostdata).to receive(:env).and_return('prod') - allow(LoginGov::Hostdata).to receive(:in_datacenter?).and_return(true) end it 'redirects back to the account page' do @@ -87,12 +90,24 @@ expect(response).to redirect_to account_url end + + context 'user has an existing profile' do + let(:user) do + profile = create(:profile) + profile.user + end + + it 'begins the identity proofing process' do + get :index + + expect(response).to redirect_to idv_doc_auth_url + end + end end context 'non-prod environment' do before do allow(LoginGov::Hostdata).to receive(:env).and_return('staging') - allow(LoginGov::Hostdata).to receive(:in_datacenter?).and_return(true) end it 'begins the identity proofing process' do diff --git a/spec/controllers/reactivate_account_controller_spec.rb b/spec/controllers/reactivate_account_controller_spec.rb index 55424e8e2f8..2cbfe9662b4 100644 --- a/spec/controllers/reactivate_account_controller_spec.rb +++ b/spec/controllers/reactivate_account_controller_spec.rb @@ -8,9 +8,7 @@ describe 'before_actions' do it 'requires the user to be logged in' do - expect(subject).to have_actions( - :confirm_two_factor_authenticated, - ) + expect(subject).to have_actions(:before, :confirm_two_factor_authenticated) end end diff --git a/spec/controllers/users/verify_personal_key_controller_spec.rb b/spec/controllers/users/verify_personal_key_controller_spec.rb index c14089d2800..9a4d7e2f328 100644 --- a/spec/controllers/users/verify_personal_key_controller_spec.rb +++ b/spec/controllers/users/verify_personal_key_controller_spec.rb @@ -9,7 +9,7 @@ describe 'before actions' do it 'only allows 2fa users through' do - expect(subject).to have_actions(:confirm_two_factor_authenticated) + expect(subject).to have_actions(:before, :confirm_two_factor_authenticated) end end diff --git a/spec/support/matchers/have_actions.rb b/spec/support/matchers/have_actions.rb index 99a512e03c6..e349af88807 100644 --- a/spec/support/matchers/have_actions.rb +++ b/spec/support/matchers/have_actions.rb @@ -29,6 +29,12 @@ RSpec::Matchers.define :have_actions do |kind, *names| match do |controller| + if kind.blank? || names.blank? + message = "Must provide kind and an array of names to check for\n" + message += 'See spec/matchers/have_actions.rb for details' + raise ArgumentError.new(message) + end + callbacks = controller._process_action_callbacks.select { |callback| callback.kind == kind } actions = callbacks.each_with_object([]) do |f, result|