LG-6086 route to interstatial

app/controllers/concerns/mfa_setup_concern.rb

@@ -1,8 +1,26 @@
 module MfaSetupConcern
   extend ActiveSupport::Concern
 
-  def user_next_authentication_setup_path!(final_path = nil)
-    case user_session[:selected_mfa_options]&.shift
+  def user_next_authentication_setup_path(next_setup_choice)
+    if user_session.dig(:selected_mfa_options, determine_next_mfa_selection).present? &&
+       IdentityConfig.store.select_multiple_mfa_options
+      auth_method_confirmation_url(next_setup_choice: next_setup_choice)
+    else
+      user_session.delete(:selected_mfa_options)
+      nil
+    end
+  end
+
+  def determine_next_mfa_selection
+    return unless user_session[:selected_mfa_options]
+    current_session = user_session[:next_mfa_selection_choice]
+    current_index = user_session[:selected_mfa_options].find_index(current_session) || 0
+    current_index + 1
+  end
+
+  def confirmation_path(next_mfa_selection_choice)
+    user_session[:next_mfa_selection_choice] = next_mfa_selection_choice
+    case next_mfa_selection_choice
     when 'voice', 'sms', 'phone'
       phone_setup_url
     when 'auth_app'
@@ -15,8 +33,6 @@ def user_next_authentication_setup_path!(final_path = nil)
       webauthn_setup_url(platform: true)
     when 'backup_code'
       backup_code_setup_url
-    else
-      final_path
     end
   end
 

app/controllers/mfa_confirmation_controller.rb

@@ -1,5 +1,20 @@
 class MfaConfirmationController < ApplicationController
-  before_action :confirm_two_factor_authenticated
+  include MfaSetupConcern
+  before_action :confirm_two_factor_authenticated, except: [:show]
+
+  def show
+    @presenter = MfaConfirmationShowPresenter.new(
+      current_user: current_user,
+      next_path: next_path,
+      final_path: after_mfa_setup_path,
+    )
+  end
+
+  def skip
+    user_session.delete(:selected_mfa_options)
+    user_session.delete(:next_mfa_selection_choice)
+    redirect_to after_mfa_setup_path
+  end
 
   def new
     session[:password_attempts] ||= 0
@@ -19,6 +34,15 @@ def password
     params.require(:user)[:password]
   end
 
+  def next_mfa_selection_choice
+    params[:next_setup_choice] ||
+      user_session[:next_mfa_selection_choice]
+  end
+
+  def next_path
+    confirmation_path(next_mfa_selection_choice)
+  end
+
   def handle_valid_password
     if current_user.auth_app_configurations.any?
       redirect_to login_two_factor_authenticator_url(reauthn: true)

app/controllers/two_factor_authentication/otp_verification_controller.rb

@@ -19,7 +19,13 @@ def create
       if result.success?
         next_url = nil
         if UserSessionContext.confirmation_context?(context)
-          next_url = user_next_authentication_setup_path!
+          next_mfa_setup_for_user = user_session.dig(
+            :selected_mfa_options,
+            determine_next_mfa_selection,
+          )
+          next_url = user_next_authentication_setup_path(
+            next_mfa_setup_for_user,
+          )
         end
         handle_valid_otp(next_url)
       else

app/controllers/users/backup_code_setup_controller.rb

@@ -25,7 +25,12 @@ def edit; end
 
     def continue
       flash[:success] = t('notices.backup_codes_configured')
-      redirect_to user_next_authentication_setup_path!(after_mfa_setup_path)
+      next_mfa_setup_for_user = user_session.dig(
+        :selected_mfa_options,
+        determine_next_mfa_selection,
+      )
+      redirect_to user_next_authentication_setup_path(next_mfa_setup_for_user) ||
+                  after_mfa_setup_path
     end
 
     def download

app/controllers/users/piv_cac_authentication_setup_controller.rb

@@ -104,7 +104,12 @@ def process_valid_submission
       Funnel::Registration::AddMfa.call(current_user.id, 'piv_cac')
       session[:needs_to_setup_piv_cac_after_sign_in] = false
       final_path = after_sign_in_path_for(current_user)
-      redirect_to user_next_authentication_setup_path!(final_path)
+      next_mfa_setup_for_user = user_session.dig(
+        :selected_mfa_options,
+        determine_next_mfa_selection,
+      )
+      redirect_to user_next_authentication_setup_path(next_mfa_setup_for_user) ||
+                  final_path
     end
 
     def piv_cac_enabled?

app/controllers/users/totp_setup_controller.rb

@@ -79,7 +79,12 @@ def process_valid_code
       handle_remember_device
       flash[:success] = t('notices.totp_configured')
       user_session.delete(:new_totp_secret)
-      redirect_to user_next_authentication_setup_path!(after_mfa_setup_path)
+      next_mfa_setup_for_user = user_session.dig(
+        :selected_mfa_options,
+        determine_next_mfa_selection,
+      )
+      redirect_to user_next_authentication_setup_path(next_mfa_setup_for_user) ||
+                  after_mfa_setup_path
     end
 
     def handle_remember_device

app/controllers/users/two_factor_authentication_setup_controller.rb

@@ -44,7 +44,7 @@ def two_factor_options_presenter
 
     def process_valid_form
       user_session[:selected_mfa_options] = @two_factor_options_form.selection
-      redirect_to user_next_authentication_setup_path!(user_session[:selected_mfa_options].first)
+      redirect_to confirmation_path(user_session[:selected_mfa_options].first)
     end
 
     def handle_empty_selection

app/controllers/users/webauthn_setup_controller.rb

@@ -139,7 +139,12 @@ def process_valid_webauthn(form)
       end
       user_session[:auth_method] = 'webauthn'
 
-      redirect_to user_next_authentication_setup_path!(after_mfa_setup_path)
+      next_mfa_setup_for_user = user_session.dig(
+        :selected_mfa_options,
+        determine_next_mfa_selection,
+      )
+      redirect_to user_next_authentication_setup_path(next_mfa_setup_for_user) ||
+                  after_mfa_setup_path
     end
 
     def handle_remember_device

app/presenters/mfa_confirmation_show_presenter.rb

@@ -0,0 +1,34 @@
+class MfaConfirmationShowPresenter
+  include ActionView::Helpers::TranslationHelper
+  attr_reader :mfa_context, :final_path, :next_path
+  def initialize(current_user:, next_path:, final_path:)
+    @mfa_context = MfaContext.new(current_user)
+    @final_path = final_path
+    @next_path = next_path
+  end
+
+  def title
+    if enabled_method_count > 1
+      t(
+        'titles.mfa_setup.multiple_authentication_methods_setup',
+        method_count: method_count_text,
+      )
+    else
+      t('titles.mfa_setup.first_authentication_method')
+    end
+  end
+
+  def info
+    t('mfa.account_info', count: enabled_method_count)
+  end
+
+  private
+
+  def enabled_method_count
+    mfa_context.enabled_mfa_methods_count
+  end
+
+  def method_count_text
+    t('mfa.current_method_count')[enabled_method_count - 1]
+  end
+end

app/views/mfa_confirmation/show.html.erb

@@ -0,0 +1,22 @@
+<% title @presenter.title %>
+
+<%= image_tag asset_url('user-signup-ial1.svg'), width: 107, height: 119, alt: '', class: 'margin-bottom-4' %>
+
+<%= render PageHeadingComponent.new.with_content(@presenter.title) %>
+
+<p class='margin-top-1 margin-bottom-4'><%= @presenter.info %></p>
+
+<div class="col-12">
+  <%= link_to(
+        @presenter.next_path,
+        class: 'usa-button usa-button--wide usa-button--big margin-bottom-3',
+      ) { t('mfa.add') } %>
+</div>
+
+<%= button_to(
+      auth_method_confirmation_skip_path,
+      method: :post,
+      class: 'usa-button usa-button--unstyled',
+    ) do %>
+  <%= t('mfa.skip') %>
+<% end %>

config/locales/headings/en.yml

@@ -29,8 +29,6 @@ en:
     edit_info:
       password: Change your password
       phone: Manage your phone settings
-    mfa_setup:
-      first_authentication_method: You’ve added your first authentication method!
     passwords:
       change: Change your password
       confirm: Confirm your current password to continue

config/locales/headings/es.yml

@@ -29,8 +29,6 @@ es:
     edit_info:
       password: Cambie su contraseña
       phone: Administrar la configuración de su teléfono
-    mfa_setup:
-      first_authentication_method: ¡Has agregado tu primer método de autenticación!
     passwords:
       change: Cambie su contraseña
       confirm: Confirme la contraseña actual para continuar

config/locales/headings/fr.yml

@@ -29,8 +29,6 @@ fr:
     edit_info:
       password: Changez votre mot de passe
       phone: Administrer les paramètres de votre téléphone
-    mfa_setup:
-      first_authentication_method: Vous avez ajouté votre première méthode d’authentification!
     passwords:
       change: Changez votre mot de passe
       confirm: Confirmez votre mot de passe actuel pour continuer

config/locales/mfa/en.yml

@@ -1,13 +1,23 @@
 ---
 en:
   mfa:
+    account_info:
+      one: Adding another authentication method prevents you from getting locked out
+        of your account if you lose one of your methods.
+      other: Congratulations! You are doing very well to keep your account secure. Add
+        new devices to stay up to date.
     add: Add another method
-    cta: Adding another authentication method prevents you from getting locked out
-      of your account if you lose one of your methods.
+    current_method_count:
+      - first
+      - second
+      - third
+      - fourth
+      - fifth
+      - sixth
+      - seventh
+      - eighth
     info: We recommend you select at least (2) two different methods so you have a
       backup if you lose one of your chosen authentication devices.
-    method_confirmation:
-      face_id: Face ID has been added to your account
     second_method_warning:
       link: Add a second authentication method.
       text: You will have to delete your account and start over if you lose your only

config/locales/mfa/es.yml

@@ -1,14 +1,24 @@
 ---
 es:
   mfa:
+    account_info:
+      one: Agregar otro método de autenticación evita que se le bloquee el acceso a su
+        cuenta si pierde uno de sus métodos.
+      other: ¡Felicitaciones! Está haciendo muy bien en mantener su cuenta segura.
+        Añada nuevos dispositivos para mantenerse al día.
     add: Agregar otro método
-    cta: Agregar otro método de autenticación evita que se le bloquee el acceso a su
-      cuenta si pierde uno de sus métodos.
+    current_method_count:
+      - primero
+      - segundo
+      - tercero
+      - cuarto
+      - quinto
+      - sexto
+      - séptimo
+      - octavo
     info: Le recomendamos que seleccione al menos (2) dos métodos diferentes para
       tener una copia de seguridad si pierde uno de los dispositivos de
       autenticación elegidos.
-    method_confirmation:
-      face_id: Se ha agregado Face ID a su cuenta
     second_method_warning:
       link: Agregue un segundo método de autenticación.
       text: Deberá eliminar su cuenta y comenzar de nuevo si pierde su único método de

config/locales/mfa/fr.yml

@@ -1,14 +1,24 @@
 ---
 fr:
   mfa:
+    account_info:
+      one: L’ajout d’une autre méthode d’authentification vous empêche d’être bloqué
+        sur votre compte si vous perdez l’une de vos méthodes.
+      other: Félicitations! Vous faites très bien d’assurer la sécurité de votre
+        compte. Ajoutez de nouveaux appareils pour rester à jour.
     add: Agregar otro método
-    cta: L’ajout d’une autre méthode d’authentification vous empêche d’être bloqué
-      sur votre compte si vous perdez l’une de vos méthodes.
+    current_method_count:
+      - premiere
+      - deuxième
+      - troisième
+      - quatrième
+      - cinquième
+      - sixième
+      - septième
+      - huitième
     info: Nous vous recommandons de sélectionner au moins (2) deux méthodes
       différentes afin d’avoir une sauvegarde si vous perdez l’un de vos
       dispositifs d’authentification choisis.
-    method_confirmation:
-      face_id: Face ID a été ajouté à votre compte
     second_method_warning:
       link: Ajoutez une deuxième méthode d’authentification.
       text: Vous devrez supprimer votre compte et recommencer si vous perdez votre

config/locales/titles/en.yml

@@ -42,6 +42,7 @@ en:
       review: Re-enter your password
     mfa_setup:
       first_authentication_method: You’ve added your first authentication method!
+      multiple_authentication_methods_setup: You’ve added a %{method_count} authentication method!
     no_auth_option: No sign-in method found
     openid_connect:
       authorization: OpenID Connect Authorization

config/locales/titles/es.yml

@@ -42,6 +42,7 @@ es:
       review: Vuelve a ingresar tu contraseña
     mfa_setup:
       first_authentication_method: ¡Has agregado tu primer método de autenticación!
+      multiple_authentication_methods_setup: ¡Se ha agregado un %{method_count} código de autenticación!
     no_auth_option: No se encontró mensaje de inicio de sesión
     openid_connect:
       authorization: Autorización de OpenID Connect

config/locales/titles/fr.yml

@@ -42,6 +42,7 @@ fr:
       review: Saisissez à nouveau votre mot de passe
     mfa_setup:
       first_authentication_method: Vous avez ajouté votre première méthode d’authentification!
+      multiple_authentication_methods_setup: Vous avez ajouté une %{method_count} méthode d’authentification!
     no_auth_option: Aucun message de connexion trouvé
     openid_connect:
       authorization: Autorisation OpenID Connect

config/routes.rb

@@ -140,9 +140,8 @@
       end
     end
 
-    if IdentityConfig.store.select_multiple_mfa_options
-      get '/auth_method_confirmation' => 'mfa_confirmation#show'
-    end
+    get '/auth_method_confirmation' => 'mfa_confirmation#show'
+    post '/auth_method_confirmation/skip' => 'mfa_confirmation#skip'
 
     # Non-devise-controller routes. Alphabetically sorted.
     get '/.well-known/openid-configuration' => 'openid_connect/configuration#index',