diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b2e4dc3720f..6444780a8cc 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -126,7 +126,7 @@ def sign_out(*args) end def context - user_session[:context] || UserSessionContext::DEFAULT_CONTEXT + user_session[:context] || UserSessionContext::AUTHENTICATION_CONTEXT end def current_sp diff --git a/app/controllers/concerns/remember_device_concern.rb b/app/controllers/concerns/remember_device_concern.rb index d30c8489ea0..db2a2b15193 100644 --- a/app/controllers/concerns/remember_device_concern.rb +++ b/app/controllers/concerns/remember_device_concern.rb @@ -14,7 +14,7 @@ def save_remember_device_preference end def check_remember_device_preference - return unless UserSessionContext.authentication_context?(context) + return unless UserSessionContext.authentication_or_reauthentication_context?(context) return if remember_device_cookie.nil? return unless remember_device_cookie.valid_for_user?( user: current_user, diff --git a/app/controllers/concerns/two_factor_authenticatable_methods.rb b/app/controllers/concerns/two_factor_authenticatable_methods.rb index 8dafe6c912b..4d8b8bb0cab 100644 --- a/app/controllers/concerns/two_factor_authenticatable_methods.rb +++ b/app/controllers/concerns/two_factor_authenticatable_methods.rb @@ -23,7 +23,7 @@ def handle_second_factor_locked_user(type:, context: nil) PushNotification::HttpPush.deliver(event) if context && type - if UserSessionContext.authentication_context?(context) + if UserSessionContext.authentication_or_reauthentication_context?(context) irs_attempts_api_tracker.mfa_login_rate_limited(mfa_device_type: type) elsif UserSessionContext.confirmation_context?(context) irs_attempts_api_tracker.mfa_enroll_rate_limited(mfa_device_type: type) @@ -37,7 +37,7 @@ def handle_too_many_otp_sends(phone: nil, context: nil) analytics.multi_factor_auth_max_sends if context && phone - if UserSessionContext.authentication_context?(context) + if UserSessionContext.authentication_or_reauthentication_context?(context) irs_attempts_api_tracker.mfa_login_phone_otp_sent_rate_limited( phone_number: phone, ) @@ -69,7 +69,7 @@ def current_password_required? end def check_already_authenticated - return unless UserSessionContext.initial_authentication_context?(context) + return unless UserSessionContext.authentication_context?(context) return unless user_fully_authenticated? return if remember_device_expired_for_sp? return if service_provider_mfa_policy.user_needs_sp_auth_method_verification? @@ -112,7 +112,7 @@ def handle_remember_device end def handle_valid_otp_for_context - if UserSessionContext.authentication_context?(context) + if UserSessionContext.authentication_or_reauthentication_context?(context) handle_valid_otp_for_authentication_context elsif UserSessionContext.confirmation_context?(context) handle_valid_otp_for_confirmation_context @@ -313,7 +313,7 @@ def generic_data end def display_phone_to_deliver_to - if UserSessionContext.authentication_context?(context) + if UserSessionContext.authentication_or_reauthentication_context?(context) phone_configuration.masked_phone else user_session[:unconfirmed_phone] @@ -321,7 +321,7 @@ def display_phone_to_deliver_to end def voice_otp_delivery_unsupported? - if UserSessionContext.authentication_context?(context) + if UserSessionContext.authentication_or_reauthentication_context?(context) PhoneNumberCapabilities.new(phone_configuration&.phone, phone_confirmed: true).supports_voice? else phone = user_session[:unconfirmed_phone] diff --git a/app/controllers/two_factor_authentication/otp_verification_controller.rb b/app/controllers/two_factor_authentication/otp_verification_controller.rb index b8bea9a7952..0755a446a1c 100644 --- a/app/controllers/two_factor_authentication/otp_verification_controller.rb +++ b/app/controllers/two_factor_authentication/otp_verification_controller.rb @@ -55,7 +55,7 @@ def phone_enabled? def confirm_voice_capability return if two_factor_authentication_method == 'sms' - phone_is_confirmed = UserSessionContext.authentication_context?(context) + phone_is_confirmed = UserSessionContext.authentication_or_reauthentication_context?(context) capabilities = PhoneNumberCapabilities.new(phone, phone_confirmed: phone_is_confirmed) @@ -98,7 +98,7 @@ def post_analytics(result) reauthentication: true, success: properties[:success], ) - elsif UserSessionContext.authentication_context?(context) + elsif UserSessionContext.authentication_or_reauthentication_context?(context) irs_attempts_api_tracker.mfa_login_phone_otp_submitted( reauthentication: false, success: properties[:success], diff --git a/app/controllers/users/two_factor_authentication_controller.rb b/app/controllers/users/two_factor_authentication_controller.rb index 245fcd93fa4..eeb01398869 100644 --- a/app/controllers/users/two_factor_authentication_controller.rb +++ b/app/controllers/users/two_factor_authentication_controller.rb @@ -74,7 +74,7 @@ def phone_configuration def validate_otp_delivery_preference_and_send_code result = otp_delivery_selection_form.submit(otp_delivery_preference: delivery_preference) analytics.otp_delivery_selection(**result.to_h) - phone_is_confirmed = UserSessionContext.authentication_context?(context) + phone_is_confirmed = UserSessionContext.authentication_or_reauthentication_context?(context) phone_capabilities = PhoneNumberCapabilities.new( parsed_phone, phone_confirmed: phone_is_confirmed, @@ -230,7 +230,7 @@ def track_events(otp_delivery_preference:) phone_number: parsed_phone.e164, otp_delivery_method: otp_delivery_preference, ) - elsif UserSessionContext.authentication_context?(context) + elsif UserSessionContext.authentication_or_reauthentication_context?(context) irs_attempts_api_tracker.mfa_login_phone_otp_sent( success: @telephony_result.success?, reauthentication: false, @@ -280,7 +280,7 @@ def send_user_otp(method) country_code: parsed_phone.country, } - if UserSessionContext.authentication_context?(context) + if UserSessionContext.authentication_or_reauthentication_context?(context) Telephony.send_authentication_otp(**params) else Telephony.send_confirmation_otp(**params) @@ -304,7 +304,9 @@ def delivery_params end def phone_to_deliver_to - return phone_configuration&.phone if UserSessionContext.authentication_context?(context) + if UserSessionContext.authentication_or_reauthentication_context?(context) + return phone_configuration&.phone + end user_session[:unconfirmed_phone] end @@ -313,7 +315,7 @@ def otp_rate_limiter @otp_rate_limiter ||= OtpRateLimiter.new( phone: phone_to_deliver_to, user: current_user, - phone_confirmed: UserSessionContext.authentication_context?(context), + phone_confirmed: UserSessionContext.authentication_or_reauthentication_context?(context), ) end diff --git a/app/forms/otp_delivery_selection_form.rb b/app/forms/otp_delivery_selection_form.rb index 000dc6a41c5..5575a489063 100644 --- a/app/forms/otp_delivery_selection_form.rb +++ b/app/forms/otp_delivery_selection_form.rb @@ -53,6 +53,6 @@ def parsed_phone end def confirmed_phone? - UserSessionContext.authentication_context?(context) + UserSessionContext.authentication_or_reauthentication_context?(context) end end diff --git a/app/services/user_session_context.rb b/app/services/user_session_context.rb index b398689aa87..5e047ef3bba 100644 --- a/app/services/user_session_context.rb +++ b/app/services/user_session_context.rb @@ -1,18 +1,18 @@ class UserSessionContext - DEFAULT_CONTEXT = 'authentication'.freeze + AUTHENTICATION_CONTEXT = 'authentication'.freeze REAUTHENTICATION_CONTEXT = 'reauthentication'.freeze CONFIRMATION_CONTEXT = 'confirmation'.freeze - def self.initial_authentication_context?(context) - context == DEFAULT_CONTEXT + def self.authentication_context?(context) + context == AUTHENTICATION_CONTEXT end def self.reauthentication_context?(context) context == REAUTHENTICATION_CONTEXT end - def self.authentication_context?(context) - initial_authentication_context?(context) || reauthentication_context?(context) + def self.authentication_or_reauthentication_context?(context) + authentication_context?(context) || reauthentication_context?(context) end def self.confirmation_context?(context) diff --git a/spec/presenters/two_factor_login_options_presenter_spec.rb b/spec/presenters/two_factor_login_options_presenter_spec.rb index 5cd84eacb9a..57672582243 100644 --- a/spec/presenters/two_factor_login_options_presenter_spec.rb +++ b/spec/presenters/two_factor_login_options_presenter_spec.rb @@ -7,7 +7,7 @@ let(:view) { ActionController::Base.new.view_context } let(:phishing_resistant_required) { false } let(:piv_cac_required) { false } - let(:user_session_context) { UserSessionContext::DEFAULT_CONTEXT } + let(:user_session_context) { UserSessionContext::AUTHENTICATION_CONTEXT } subject(:presenter) do TwoFactorLoginOptionsPresenter.new( @@ -96,7 +96,7 @@ subject(:cancel_link) { presenter.cancel_link } context 'default user session context' do - let(:user_session_context) { UserSessionContext::DEFAULT_CONTEXT } + let(:user_session_context) { UserSessionContext::AUTHENTICATION_CONTEXT } it { should eq sign_out_path } end diff --git a/spec/services/user_session_context_spec.rb b/spec/services/user_session_context_spec.rb index 603703639c3..a60e63a7dff 100644 --- a/spec/services/user_session_context_spec.rb +++ b/spec/services/user_session_context_spec.rb @@ -3,22 +3,22 @@ describe UserSessionContext do let(:confirmation) { { context: 'confirmation' } } - describe '.initial_authentication_context?' do + describe '.authentication_context?' do it 'returns true when context is default context' do expect( - UserSessionContext.initial_authentication_context?(UserSessionContext::DEFAULT_CONTEXT), + UserSessionContext.authentication_context?(UserSessionContext::AUTHENTICATION_CONTEXT), ).to eq true end it 'returns false when context is not default context' do expect( - UserSessionContext.initial_authentication_context?( + UserSessionContext.authentication_context?( UserSessionContext::CONFIRMATION_CONTEXT, ), ).to eq false expect( - UserSessionContext.initial_authentication_context?( + UserSessionContext.authentication_context?( UserSessionContext::REAUTHENTICATION_CONTEXT, ), ).to eq false @@ -34,25 +34,29 @@ it 'returns false when context is default context' do expect( - UserSessionContext.reauthentication_context?(UserSessionContext::DEFAULT_CONTEXT), + UserSessionContext.reauthentication_context?(UserSessionContext::AUTHENTICATION_CONTEXT), ).to eq false end end - describe '.authentication_context?' do + describe '.authentication_or_reauthentication_context?' do it 'returns true when context is default or reauth context' do expect( - UserSessionContext.authentication_context?(UserSessionContext::DEFAULT_CONTEXT), + UserSessionContext.authentication_or_reauthentication_context?( + UserSessionContext::AUTHENTICATION_CONTEXT, + ), ).to eq true expect( - UserSessionContext.authentication_context?(UserSessionContext::REAUTHENTICATION_CONTEXT), + UserSessionContext.authentication_or_reauthentication_context?( + UserSessionContext::REAUTHENTICATION_CONTEXT, + ), ).to eq true end it 'returns false when context is confirmation context' do expect( - UserSessionContext.initial_authentication_context?( + UserSessionContext.authentication_context?( UserSessionContext::CONFIRMATION_CONTEXT, ), ).to eq false @@ -68,7 +72,7 @@ it 'returns false when context is default or reauth context' do expect( - UserSessionContext.confirmation_context?(UserSessionContext::DEFAULT_CONTEXT), + UserSessionContext.confirmation_context?(UserSessionContext::AUTHENTICATION_CONTEXT), ).to eq false expect( diff --git a/spec/views/two_factor_authentication/options/index.html.erb_spec.rb b/spec/views/two_factor_authentication/options/index.html.erb_spec.rb index cb0d353163c..b7dca2fdd4b 100644 --- a/spec/views/two_factor_authentication/options/index.html.erb_spec.rb +++ b/spec/views/two_factor_authentication/options/index.html.erb_spec.rb @@ -9,7 +9,7 @@ @presenter = TwoFactorLoginOptionsPresenter.new( user: user, view: view, - user_session_context: UserSessionContext::DEFAULT_CONTEXT, + user_session_context: UserSessionContext::AUTHENTICATION_CONTEXT, service_provider: nil, phishing_resistant_required: false, piv_cac_required: false,