Remove request_id parameters from Sign In view links

app/controllers/sign_up/email_resend_controller.rb

@@ -2,9 +2,7 @@ module SignUp
   class EmailResendController < ApplicationController
     def new
       @user = User.new
-      @resend_email_confirmation_form = ResendEmailConfirmationForm.new(
-        request_id: params[:request_id],
-      )
+      @resend_email_confirmation_form = ResendEmailConfirmationForm.new
     end
   end
 end

app/controllers/sign_up/emails_controller.rb

@@ -7,9 +7,7 @@ def show
         @resend_confirmation = params[:resend].present?
 
         email = session.delete(:email)
-        @resend_email_confirmation_form = ResendEmailConfirmationForm.new(
-          email: email, request_id: params[:request_id],
-        )
+        @resend_email_confirmation_form = ResendEmailConfirmationForm.new(email:)
 
         render :show, locals: { email: email }
       end

app/controllers/sign_up/registrations_controller.rb

@@ -20,7 +20,7 @@ def new
         sign_in_a_b_test_bucket: @sign_in_a_b_test_bucket,
         from_sign_in: params[:source] == 'sign_in',
       )
-      render :new, locals: { request_id: nil }, formats: :html
+      render :new, formats: :html
     end
 
     def create
@@ -29,7 +29,7 @@ def create
         attempts_tracker: irs_attempts_api_tracker,
       )
 
-      result = @register_user_email_form.submit(permitted_params)
+      result = @register_user_email_form.submit(permitted_params.merge(request_id:))
 
       analytics.user_registration_email(**result.to_h)
       irs_attempts_api_tracker.user_registration_email_submitted(
@@ -41,7 +41,7 @@ def create
       if result.success?
         process_successful_creation
       else
-        render :new, locals: { request_id: sp_request_id }
+        render :new
       end
     end
 
@@ -55,7 +55,7 @@ def require_no_authentication
     end
 
     def permitted_params
-      params.require(:user).permit(:email, :email_language, :request_id, :terms_accepted)
+      params.require(:user).permit(:email, :email_language, :terms_accepted)
     end
 
     def process_successful_creation
@@ -65,15 +65,11 @@ def process_successful_creation
       resend_confirmation = params[:user][:resend]
       session[:email] = @register_user_email_form.email
 
-      redirect_to sign_up_verify_email_url(
-        resend: resend_confirmation, request_id: permitted_params[:request_id],
-      )
+      redirect_to sign_up_verify_email_url(resend: resend_confirmation)
     end
 
-    def sp_request_id
-      request_id = permitted_params.fetch(:request_id, '')
-
-      ServiceProviderRequestProxy.from_uuid(request_id).uuid
+    def request_id
+      sp_session[:request_id]
     end
 
     def redirect_if_ial2_and_idv_unavailable

app/controllers/users/emails_controller.rb

@@ -89,10 +89,7 @@ def process_successful_creation
       resend_confirmation = params[:user][:resend]
       session[:email] = @add_user_email_form.email
 
-      redirect_to add_email_verify_email_url(
-        resend: resend_confirmation,
-        request_id: permitted_params[:request_id],
-      )
+      redirect_to add_email_verify_email_url(resend: resend_confirmation)
     end
 
     def session_email

app/controllers/users/reset_passwords_controller.rb

@@ -71,15 +71,15 @@ def forbidden_passwords(email_addresses)
     end
 
     def email_params
-      params.require(:password_reset_email_form).permit(:email, :resend, :request_id)
+      params.require(:password_reset_email_form).permit(:email, :resend)
     end
 
     def email
       email_params[:email]
     end
 
     def request_id
-      email_params[:request_id]
+      sp_session[:request_id]
     end
 
     def handle_valid_email
@@ -88,7 +88,7 @@ def handle_valid_email
       session[:email] = email
       resend_confirmation = email_params[:resend]
 
-      redirect_to forgot_password_url(resend: resend_confirmation, request_id: request_id)
+      redirect_to forgot_password_url(resend: resend_confirmation)
     end
 
     def create_account_if_email_not_found

app/controllers/users/sessions_controller.rb

@@ -22,7 +22,6 @@ class SessionsController < Devise::SessionsController
     def new
       override_csp_for_google_analytics
 
-      @request_id = request_id_if_valid
       @ial = sp_session_ial
       @browser_is_ie11 = browser_is_ie11?
       @sign_in_a_b_test_bucket = sign_in_a_b_test_bucket
@@ -104,7 +103,7 @@ def process_locked_out_session
       )
 
       flash[:error] = t('errors.sign_in.bad_password_limit')
-      redirect_to root_url(request_id: request_id)
+      redirect_to root_url
     end
 
     def redirect_to_signin
@@ -124,7 +123,7 @@ def check_user_needs_redirect
     end
 
     def auth_params
-      params.require(:user).permit(:email, :password, :request_id)
+      params.require(:user).permit(:email, :password)
     end
 
     def process_locked_out_user
@@ -222,14 +221,6 @@ def pending_account_reset_request
       ).call
     end
 
-    LETTERS_AND_DASHES = /\A[a-z0-9-]+\Z/i
-
-    def request_id_if_valid
-      request_id = (params[:request_id] || sp_session[:request_id]).to_s
-
-      request_id if LETTERS_AND_DASHES.match?(request_id)
-    end
-
     def override_csp_for_google_analytics
       return unless IdentityConfig.store.participate_in_dap
       policy = current_content_security_policy

app/forms/resend_email_confirmation_form.rb

@@ -1,15 +1,14 @@
 class ResendEmailConfirmationForm
   include ActiveModel::Model
 
-  attr_reader :email, :request_id
+  attr_reader :email
 
   def self.model_name
     ActiveModel::Name.new(self, nil, 'User')
   end
 
   def initialize(params = {})
     @email = params[:email]
-    @request_id = params[:request_id]
   end
 
   def resend

app/views/devise/passwords/edit.html.erb

@@ -1,7 +1,5 @@
 <% title t('titles.passwords.change') %>
 
-<% request_id = params[:request_id] || sp_session[:request_id] %>
-
 <%= render PageHeadingComponent.new.with_content(t('headings.passwords.change')) %>
 
 <p><%= t('instructions.password.password_key') %></p>
@@ -21,7 +19,6 @@
           required: true,
         },
       ) %>
-  <%= hidden_field_tag('request_id', request_id) %>
   <%= render 'devise/shared/password_strength', forbidden_passwords: @forbidden_passwords %>
   <%= f.submit t('forms.passwords.edit.buttons.submit'), class: 'display-block margin-y-5' %>
 <% end %>

app/views/devise/passwords/new.html.erb

@@ -1,5 +1,4 @@
 <% title t('titles.passwords.forgot') %>
-<% request_id = params[:request_id] || sp_session[:request_id] %>
 
 <%= render 'shared/sp_alert', section: 'forgot_password' %>
 
@@ -22,7 +21,6 @@
         input_html: { autocorrect: 'off',
                       aria: { describedby: 'email-description' } },
       ) %>
-  <%= f.input :request_id, as: :hidden, input_html: { value: request_id } %>
   <%= f.submit t('forms.buttons.continue'), class: 'display-block margin-y-5' %>
 <% end %>
 

app/views/devise/sessions/new.html.erb

@@ -18,8 +18,8 @@
   <%= render TabNavigationComponent.new(
         label: t('account.login.tab_navigation'),
         routes: [
-          { text: t('links.next'), path: new_user_session_url(request_id: @request_id) },
-          { text: t('links.create_account'), path: sign_up_email_url(request_id: @request_id, source: :sign_in) },
+          { text: t('links.next'), path: new_user_session_url },
+          { text: t('links.create_account'), path: sign_up_email_url(source: :sign_in) },
         ],
         class: 'margin-bottom-4',
       ) %>
@@ -48,17 +48,18 @@
         class: 'margin-bottom-4',
         field_options: { required: true },
       ) %>
-  <%= f.input :request_id, as: :hidden, input_html: { value: @request_id } %>
   <%= f.submit t('links.next'), full_width: true, wide: false %>
   <% if @sign_in_a_b_test_bucket == :default %>
     <h2 class='separator-text'>
       <%= t('headings.create_account_with_sp.cta', app_name: APP_NAME) %>
     </h2>
-    <%= link_to(
-          t('links.create_account'),
-          sign_up_email_url(request_id: @request_id, source: :sign_in),
-          class: 'usa-button usa-button--big usa-button--outline usa-button--full-width margin-bottom-105',
-        ) %>
+    <%= render ButtonComponent.new(
+          action: ->(**tag_options, &block) { link_to(sign_up_email_url(source: :sign_in), **tag_options, &block) },
+          big: true,
+          outline: true,
+          full_width: true,
+          class: 'margin-bottom-105',
+        ).with_content(t('links.create_account')) %>
   <% end %>
 <% end %>
 <% if @ial && desktop_device? %>
@@ -83,10 +84,7 @@
   <% end %>
 
   <div class="margin-bottom-1">
-    <%= link_to(
-          t('links.passwords.forgot'),
-          new_user_password_url(request_id: @request_id),
-        ) %>
+    <%= link_to(t('links.passwords.forgot'), new_user_password_url) %>
   </div>
 
   <p class="margin-y-1">

app/views/forgot_password/show.html.erb

@@ -1,5 +1,4 @@
 <% title t('titles.verify_email') %>
-<% request_id = params[:request_id] || sp_session[:request_id] %>
 
 <% if @resend.present? %>
   <%= render 'forgot_password/resend_alert' %>
@@ -22,13 +21,12 @@
 
   <%= f.input :email, as: :hidden %>
   <%= f.input :resend, as: :hidden %>
-  <%= f.input :request_id, as: :hidden, input_html: { value: request_id } %>
   <p><%= t('notices.forgot_password.no_email_sent_explanation_start') %>
   <%= f.button :button, t('links.resend'), class: 'usa-button--unstyled margin-left-05' %></p>
 
   <% link = link_to(
        t('notices.forgot_password.use_diff_email.link'),
-       sign_up_email_path(request_id: request_id),
+       sign_up_email_path,
      ) %>
   <p><%= t('notices.forgot_password.use_diff_email.text_html', link: link) %></p>
   <p><%= t('instructions.forgot_password.close_window') %></p>

app/views/sign_up/email_resend/new.html.erb

@@ -12,6 +12,5 @@
         label: t('forms.registration.labels.email'),
         required: true,
       ) %>
-  <%= f.input :request_id, as: :hidden %>
   <%= f.submit t('forms.buttons.resend_confirmation'), class: 'margin-top-2 margin-bottom-1' %>
 <% end %>

app/views/sign_up/emails/show.html.erb

@@ -24,14 +24,10 @@
                     url: sign_up_register_path do |f| %>
   <%= f.input :email, as: :hidden %>
   <%= f.input :resend, as: :hidden %>
-  <%= f.input :request_id, as: :hidden %>
   <p><%= t('notices.signed_up_but_unconfirmed.no_email_sent_explanation_start') %>
   <%= f.button :button, t('links.resend'), class: 'usa-button--unstyled margin-left-05' %></p>
 
-  <% link = link_to(
-       t('notices.use_diff_email.link'),
-       sign_up_email_path(request_id: params[:request_id]),
-     ) %>
+  <% link = link_to(t('notices.use_diff_email.link'), sign_up_email_path) %>
   <p><%= t('notices.use_diff_email.text_html', link: link) %></p>
   <p><%= t('devise.registrations.close_window') %></p>
 

app/views/sign_up/registrations/new.html.erb

@@ -10,8 +10,8 @@
   <%= render TabNavigationComponent.new(
         label: t('account.login.tab_navigation'),
         routes: [
-          { text: t('links.next'), path: new_user_session_url(request_id: sp_session[:request_id]) },
-          { text: t('links.create_account'), path: sign_up_email_path(request_id: sp_session[:request_id]) },
+          { text: t('links.next'), path: new_user_session_url },
+          { text: t('links.create_account'), path: sign_up_email_path },
         ],
         class: 'margin-bottom-4',
       ) %>
@@ -50,7 +50,6 @@
         required: true,
       ) %>
 
-  <%= f.input :request_id, as: :hidden, input_html: { value: params[:request_id] || request_id } %>
   <%= f.submit t('forms.buttons.submit.default'), class: 'display-block margin-y-5' %>
 <% end %>
 

spec/support/features/session_helper.rb

@@ -390,11 +390,12 @@ def sign_up_user_from_sp_without_confirming_email(email)
 
       click_sign_in_from_landing_page_then_click_create_account
 
-      expect(current_url).to eq sign_up_email_url(request_id: sp_request_id, source: :sign_in)
+      expect(current_url).to eq sign_up_email_url(source: :sign_in)
+      expect_branded_experience
 
       visit_landing_page_and_click_create_account_with_request_id(sp_request_id)
 
-      expect(current_url).to eq sign_up_email_url(request_id: sp_request_id, source: :sign_in)
+      expect(current_url).to eq sign_up_email_url(source: :sign_in)
       expect_branded_experience
 
       submit_form_with_invalid_email
@@ -404,23 +405,23 @@ def sign_up_user_from_sp_without_confirming_email(email)
 
       submit_form_with_valid_but_wrong_email
 
-      expect(current_url).to eq sign_up_verify_email_url(request_id: sp_request_id)
+      expect(current_url).to eq sign_up_verify_email_url
       expect_branded_experience
 
       click_link_to_use_a_different_email
 
-      expect(current_url).to eq sign_up_email_url(request_id: sp_request_id)
+      expect(current_url).to eq sign_up_email_url
       expect_branded_experience
 
       submit_form_with_valid_email(email)
 
-      expect(current_url).to eq sign_up_verify_email_url(request_id: sp_request_id)
+      expect(current_url).to eq sign_up_verify_email_url
       expect(last_email.html_part.body.raw_source).to include "?_request_id=#{sp_request_id}"
       expect_branded_experience
 
       click_link_to_resend_the_email
 
-      expect(current_url).to eq sign_up_verify_email_url(request_id: sp_request_id, resend: true)
+      expect(current_url).to eq sign_up_verify_email_url(resend: true)
       expect_branded_experience
 
       attempt_to_confirm_email_with_invalid_token(sp_request_id)