Add link to continue to SP after recovering with personal key

.erb-lint.yml

@@ -11,10 +11,6 @@ linters:
       - '*/app/views/accounts/_connected_app.html.erb'
       - '*/app/views/accounts/_emails.html.erb'
       - '*/app/views/accounts/_identity_item.html.erb'
-      - '*/app/views/accounts/_password_reset.html.erb'
-      - '*/app/views/accounts/_pending_profile_bounced_gpo.html.erb'
-      - '*/app/views/accounts/_pending_profile_gpo.html.erb'
-      - '*/app/views/accounts/_personal_key.html.erb'
       - '*/app/views/accounts/_phone.html.erb'
       - '*/app/views/accounts/_piv_cac.html.erb'
       - '*/app/views/accounts/_webauthn.html.erb'

app/controllers/accounts/connected_accounts_controller.rb

@@ -9,6 +9,8 @@ def show
       @view_model = AccountShow.new(
         decrypted_pii: nil,
         personal_key: flash[:personal_key],
+        sp_session_request_url: sp_session_request_url_without_prompt_login,
+        sp_name: decorated_session.sp_name,
         decorated_user: current_user.decorate,
         locked_for_session: pii_locked_for_session?(current_user),
       )

app/controllers/accounts/history_controller.rb

@@ -9,6 +9,8 @@ def show
       @view_model = AccountShow.new(
         decrypted_pii: nil,
         personal_key: flash[:personal_key],
+        sp_session_request_url: sp_session_request_url_without_prompt_login,
+        sp_name: decorated_session.sp_name,
         decorated_user: current_user.decorate,
         locked_for_session: pii_locked_for_session?(current_user),
       )

app/controllers/accounts/two_factor_authentication_controller.rb

@@ -10,6 +10,8 @@ def show
       @view_model = AccountShow.new(
         decrypted_pii: nil,
         personal_key: flash[:personal_key],
+        sp_session_request_url: sp_session_request_url_without_prompt_login,
+        sp_name: decorated_session.sp_name,
         decorated_user: current_user.decorate,
         locked_for_session: pii_locked_for_session?(current_user),
       )

app/controllers/accounts_controller.rb

@@ -11,6 +11,8 @@ def show
     @view_model = AccountShow.new(
       decrypted_pii: cacher.fetch,
       personal_key: flash[:personal_key],
+      sp_session_request_url: sp_session_request_url_without_prompt_login,
+      sp_name: decorated_session.sp_name,
       decorated_user: current_user.decorate,
       locked_for_session: pii_locked_for_session?(current_user),
     )

app/controllers/events_controller.rb

@@ -10,6 +10,8 @@ def show
     @view_model = AccountShow.new(
       decrypted_pii: nil,
       personal_key: nil,
+      sp_session_request_url: sp_session_request_url_without_prompt_login,
+      sp_name: decorated_session.sp_name,
       decorated_user: current_user.decorate,
       locked_for_session: pii_locked_for_session?(current_user),
     )

app/view_models/account_show.rb

@@ -1,10 +1,14 @@
 class AccountShow
-  attr_reader :decorated_user, :decrypted_pii, :personal_key, :locked_for_session, :pii
+  attr_reader :decorated_user, :decrypted_pii, :personal_key, :locked_for_session, :pii,
+              :sp_session_request_url, :sp_name
 
-  def initialize(decrypted_pii:, personal_key:, decorated_user:, locked_for_session:)
+  def initialize(decrypted_pii:, personal_key:, sp_session_request_url:, sp_name:, decorated_user:,
+                 locked_for_session:)
     @decrypted_pii = decrypted_pii
     @personal_key = personal_key
     @decorated_user = decorated_user
+    @sp_name = sp_name
+    @sp_session_request_url = sp_session_request_url
     @locked_for_session = locked_for_session
     @pii = determine_pii
   end
@@ -30,6 +34,20 @@ def show_manage_personal_key_partial?
     end
   end
 
+  def show_service_provider_continue_partial?
+    sp_name.present? && sp_session_request_url.present?
+  end
+
+  def show_gpo_partial?
+    decorated_user.pending_profile_requires_verification?
+  end
+
+  def showing_any_partials?
+    show_service_provider_continue_partial? || show_manage_personal_key_partial? ||
+      show_pii_partial? || show_password_reset_partial? || show_personal_key_partial? ||
+      show_gpo_partial?
+  end
+
   def backup_codes_generated_at
     decorated_user.user.backup_code_configurations.order(created_at: :asc).first&.created_at
   end

app/views/accounts/_password_reset.html.erb

@@ -1,8 +1,4 @@
-<%= render 'shared/alert', {
-  type: 'warning',
-  class: 'margin-bottom-8',
-  text_tag: 'div',
-} do %>
+<%= render 'shared/alert', { type: 'warning', text_tag: 'div' } do %>
   <p>
     <%= t('account.index.reactivation.instructions') %>
   </p>

app/views/accounts/_pending_profile_bounced_gpo.html.erb

@@ -1,8 +1,4 @@
-<%= render 'shared/alert', {
-  type: 'warning',
-  class: 'margin-bottom-8',
-  text_tag: 'div',
-} do %>
+<%= render 'shared/alert', { type: 'warning', text_tag: 'div' } do %>
   <p>
     <%= t('account.index.verification.bounced') %>
   </p>

app/views/accounts/_pending_profile_gpo.html.erb

@@ -1,8 +1,4 @@
-<%= render 'shared/alert', {
-  type: 'warning',
-  class: 'margin-bottom-8',
-  text_tag: 'div',
-} do %>
+<%= render 'shared/alert', { type: 'warning', text_tag: 'div' } do %>
   <p>
     <%= t('account.index.verification.instructions') %>
   </p>

app/views/accounts/_personal_key.html.erb

@@ -1,8 +1,4 @@
-<%= render 'shared/alert', {
-  type: 'warning',
-  class: 'margin-bottom-8',
-  text_tag: 'div',
-} do %>
+<%= render 'shared/alert', { type: 'warning', class: 'margin-bottom-2', text_tag: 'div' } do %>
   <p>
     <%= t('idv.messages.personal_key') %>
   </p>

app/views/accounts/_service_provider_continue.html.erb

@@ -0,0 +1,3 @@
+<%= render 'shared/alert', { type: 'info', text_tag: 'div' } do %>
+    <%= link_to(t('account.index.continue_to_service_provider', service_provider: view_model.sp_name), view_model.sp_session_request_url) %>
+<% end %>

app/views/accounts/show.html.erb

@@ -1,18 +1,27 @@
 <% title t('titles.account') %>
 
-<% if @view_model.show_personal_key_partial? %>
-  <%= render 'accounts/personal_key', view_model: @view_model %>
-<% end %>
-<% if @view_model.show_password_reset_partial? %>
-  <%= render 'accounts/password_reset', view_model: @view_model %>
-<% end %>
+<% if @view_model.showing_any_partials? %>
+  <div class="margin-bottom-8">
+    <% if @view_model.show_personal_key_partial? %>
+      <%= render 'accounts/personal_key', view_model: @view_model %>
+    <% end %>
 
-<% if @view_model.decorated_user.pending_profile_requires_verification? %>
-  <% if @view_model.decorated_user.gpo_mail_bounced? %>
-    <%= render 'accounts/pending_profile_bounced_gpo' %>
-  <% else %>
-    <%= render 'accounts/pending_profile_gpo' %>
-  <% end %>
+    <% if @view_model.show_password_reset_partial? %>
+      <%= render 'accounts/password_reset', view_model: @view_model %>
+    <% end %>
+
+    <% if @view_model.show_gpo_partial? %>
+      <% if @view_model.decorated_user.gpo_mail_bounced? %>
+        <%= render 'accounts/pending_profile_bounced_gpo' %>
+      <% else %>
+        <%= render 'accounts/pending_profile_gpo' %>
+      <% end %>
+    <% end %>
+
+    <% if @view_model.show_service_provider_continue_partial? %>
+      <%= render 'accounts/service_provider_continue', view_model: @view_model %>
+    <% end %>
+  </div>
 <% end %>
 
 <%= render 'accounts/header', view_model: @view_model %>

config/locales/account/en.yml

@@ -32,6 +32,7 @@ en:
       backup_code_confirm_regenerate: Yes, regenerate codes
       backup_codes_exist: Generated
       backup_codes_no_exist: Not generated
+      continue_to_service_provider: Continue to %{service_provider}
       default: default
       device: '%{browser} on %{os}'
       dob: Date of birth

config/locales/account/es.yml

@@ -33,6 +33,7 @@ es:
       backup_code_confirm_regenerate: Sí, regenerar códigos.
       backup_codes_exist: Generado
       backup_codes_no_exist: No generado
+      continue_to_service_provider: Continuar con %{service_provider}
       default: defecto
       device: '%{browser} en %{os}'
       dob: Fecha de nacimiento

config/locales/account/fr.yml

@@ -34,6 +34,7 @@ fr:
       backup_code_confirm_regenerate: Oui, régénérer les codes
       backup_codes_exist: Généré
       backup_codes_no_exist: Non généré
+      continue_to_service_provider: Continuer à %{service_provider}
       default: défaut
       device: '%{browser} sur %{os}'
       dob: Date de naissance

spec/controllers/accounts_controller_spec.rb

@@ -44,6 +44,8 @@
         view_model = AccountShow.new(
           decrypted_pii: nil,
           personal_key: nil,
+          sp_session_request_url: nil,
+          sp_name: nil,
           decorated_user: user.decorate,
           locked_for_session: false,
         )
@@ -86,6 +88,8 @@
           view_model = AccountShow.new(
             decrypted_pii: nil,
             personal_key: nil,
+            sp_session_request_url: nil,
+            sp_name: nil,
             decorated_user: user.decorate,
             locked_for_session: false,
           )

spec/view_models/account_show_spec.rb

@@ -14,6 +14,7 @@
         )
         profile_index = AccountShow.new(
           decrypted_pii: decrypted_pii, personal_key: '', decorated_user: user.decorate,
+          sp_session_request_url: nil, sp_name: nil,
           locked_for_session: false
         )
 
@@ -28,6 +29,7 @@
         email_address.update!(last_sign_in_at: 1.minute.from_now)
         profile_index = AccountShow.new(
           decrypted_pii: {}, personal_key: '', decorated_user: decorated_user,
+          sp_session_request_url: nil, sp_name: nil,
           locked_for_session: false
         )
 
@@ -46,6 +48,7 @@
 
         profile_index = AccountShow.new(
           decrypted_pii: {}, personal_key: '', decorated_user: user.decorate,
+          sp_session_request_url: nil, sp_name: nil,
           locked_for_session: false
         )
 
@@ -61,6 +64,7 @@
         ).to receive(:enabled?).and_return(false)
         profile_index = AccountShow.new(
           decrypted_pii: {}, personal_key: '', decorated_user: user,
+          sp_session_request_url: nil, sp_name: nil,
           locked_for_session: false
         )
 
@@ -78,6 +82,8 @@
       account_show = AccountShow.new(
         decrypted_pii: {},
         personal_key: '',
+        sp_session_request_url: nil,
+        sp_name: nil,
         decorated_user: user.reload.decorate,
         locked_for_session: false,
       )
@@ -95,6 +101,8 @@
       account_show = AccountShow.new(
         decrypted_pii: {},
         personal_key: '',
+        sp_session_request_url: nil,
+        sp_name: nil,
         decorated_user: user.reload.decorate,
         locked_for_session: false,
       )
@@ -113,6 +121,8 @@
       AccountShow.new(
         decrypted_pii: decrypted_pii,
         personal_key: '',
+        sp_session_request_url: nil,
+        sp_name: nil,
         decorated_user: user.decorate,
         locked_for_session: false,
       )

spec/views/accounts/connected_accounts/show.html.erb_spec.rb

@@ -10,6 +10,7 @@
       :view_model,
       AccountShow.new(
         decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user,
+        sp_session_request_url: nil, sp_name: nil,
         locked_for_session: false
       ),
     )

spec/views/accounts/history/show.html.erb_spec.rb

@@ -11,6 +11,7 @@
       :view_model,
       AccountShow.new(
         decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user,
+        sp_session_request_url: nil, sp_name: nil,
         locked_for_session: false
       ),
     )

spec/views/accounts/show.html.erb_spec.rb

@@ -11,6 +11,7 @@
       :view_model,
       AccountShow.new(
         decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user,
+        sp_session_request_url: nil, sp_name: nil,
         locked_for_session: false
       ),
     )
@@ -149,4 +150,27 @@
       expect(user.email_addresses.size).to eq(5)
     end
   end
+
+  context 'when a profile has just been re-activated with personal key during SP auth' do
+    let(:sp) { build(:service_provider, return_to_sp_url: 'https://www.example.com/auth') }
+    before do
+      assign(
+        :view_model,
+        AccountShow.new(
+          decrypted_pii: nil, personal_key: 'abc123', decorated_user: decorated_user,
+          sp_session_request_url: sp.return_to_sp_url, sp_name: sp.friendly_name,
+          locked_for_session: false
+        ),
+      )
+    end
+
+    it 'renders the link to continue to the SP' do
+        render
+
+        expect(rendered).to have_link(
+          t('account.index.continue_to_service_provider', service_provider: sp.friendly_name),
+          href: sp.return_to_sp_url,
+        )
+    end
+  end
 end

spec/views/accounts/two_factor_authentication/show.html.erb_spec.rb

@@ -11,6 +11,7 @@
       :view_model,
       AccountShow.new(
         decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user,
+        sp_session_request_url: nil, sp_name: nil,
         locked_for_session: false
       ),
     )
@@ -33,6 +34,7 @@
         :view_model,
         AccountShow.new(
           decrypted_pii: nil, personal_key: nil, decorated_user: decorated_user,
+          sp_session_request_url: nil, sp_name: nil,
           locked_for_session: false
         ),
       )