Create "You've created your [x] authentication method!" page

[jmdembe]

This PR creates the confirmation page that will inform the user that they have successfully set up one of their selected MFA methods.

Notes:

• Currently, there is no path to go from the "Choose your method page" to "You've created your first authentication method". This is expected because routing is the next piece of the functionality that we are adding for the MFA feature.
• Another next step is to add "You've added your second method", "You've added your third method", etc. The logic is not here because the routing has not been set up. A presenter will be added to facilitate that logic once routing and the data structure is in place
• "You've added your first authentication method", "Add phone", and "Face ID has been added to your account" is dummy data for the purpose of this ticket
• We are implementing small commits for this feature for ease of testing and to make sure that we have not broken the functionality of two-factor authentication setup.
• EDIT: The button and the "Skip for now" links do not lead the user to the correct page at this time as we still need to set up the router.

[aduth]

For consistency with other routes, can we replace - with _ ?

Suggested change

	get '/auth-method-confirmation' => 'mfa_confirmation#index'
	get '/auth_method_confirmation' => 'mfa_confirmation#index'

[aduth]

Not sure if it's just because draft, but noting that we should probably want a unique title here from "Confirm the password for your account" ?

[zachmargolis]

Left some ideas to increase code coverage to get around the error

[zachmargolis]

this method is marked as not covered by code coverage, and I'm not seeing it used anywhere in the diff, can we remove it?

[zachmargolis]

Looks like this method was added but here and so was the template, but I'm not seeing it in the diff. Can we add a stub for it like this?

identity-idp/app/controllers/users/backup_code_setup_controller.rb

Line 13 in 5968911

def index; end

[jmdembe]

so add that stub to the mfa_confirmation_controller.rb file? If so, that makes sense.

[mitchellhenke]

This would also be where we could add a check to not render in production if we want to prevent it from being available there

[zachmargolis]

this template was added but I'm not seeing any tests that call it. WDYT of adding a very simple view spec for it?

[zachmargolis]

How come this is a 302 status (usually a redirect?) but it's rendering instead of redirecting?

Also can we use new-style hashes render file: "abc/def", layout: true if possible?

[jmdembe]

yeah, I thought redirecting would cause it not render, but I was wrong. Instead, we are going to put a flag on that route.

[aduth]

Are we intending to add a second link to the live MFA setup screen?

[aduth]

👍

[aduth]

A few thoughts on this route and associated controller:

• MfaConfirmationController seems to be primarily concerned with the "reauthn" (password reentry) behavior, not with MFA setup, where MFA setup is split across TwoFactorAuthenticationSetupController and ad-hoc controllers. I might wonder if this should be a separate controller, or part of TwoFactorAuthenticationSetupController?
• While we're not entirely consistent about it, I usually prefer when the route aligns to the controller name, since it makes it easier for me to backtrack from a URL to its associated controller.
• To me, #index implies some sort of listing, or at least an entry-point of a controller, where this is more like a confirmation screen.

Depending on how this feature evolves, I suppose this view would probably be the rendered result of, for example, TwoFactorAuthenticationSetupController#create ? With that in mind, it could be fine if it's expected to be temporary, though we may be able to save some future effort by implementing it closer to where we expect it to be eventually used.

[jmdembe]

• I think we are going in the direction of using the TwoFactorAuthenticationSetupController to set up the MFA prototype. In fact, work for setup in that controller is being done in a separate ticket
• I think the plan is to have the route and controller to reflect its new functionality. This might be in the form of changing the name of TwoFactorAuthenticationSetupController and any routes associated with it.
• By the look of it, it can be changed to a #show. I can address that part now. There is no logic associated with this page right now, so that will be easy.

I anticipate that we will have additional changes to routes and controllers. There are a few things to think through to make it sound, but I think that is a little further down the road.

[aduth]

That all sounds good to me! 👍