Skip to content

Fix behavior for PIV/CAC declined setup from sign-in#9146

Merged
aduth merged 1 commit intomainfrom
aduth-piv-cac-setup-from-sign-in-fix-decline-path
Sep 11, 2023
Merged

Fix behavior for PIV/CAC declined setup from sign-in#9146
aduth merged 1 commit intomainfrom
aduth-piv-cac-setup-from-sign-in-fix-decline-path

Conversation

@aduth
Copy link
Contributor

@aduth aduth commented Sep 5, 2023

🛠 Summary of changes

Ensures that when the user opts to decline the option to set up a PIV/CAC authenticator after attempting to sign in with it without having first linked an account, the user arrives at the correct place. Previously, the user would arrive at their account dashboard, even if they had started from a partner application.

Before these changes, the existing controller action for Users::PivCacSetupFromSignInController#decline is unused.

📜 Testing Plan

Easiest to test with PIV/CAC simulator in local development. In config/application.yml:

identity_pki_disabled: true
  1. Have OIDC sample app running in a separate terminal process
  2. Go to http://localhost:9292
  3. Click "Sign in"
  4. Click "Sign in with your government employee ID"
  5. Click "Insert your PIV/CAC"
  6. Authenticate with a PIV credential not already associated to an account
  7. On the screen "Your PIV/CAC is not connected to an account", click "Go back to sign in"
  8. Sign in to an existing account
  9. On the screen "Add your PIV or CAC", click "No thanks" to decline setting up PIV

Before: You'd be redirected to your account page, with a link to "Continue to [SP]"

After: Depending if you've already granted consent for the SP, you're either redirected back to the SP or prompted to agree and continue

👀 Screenshots

Setup screen:

Screenshot 2023-09-05 at 4 37 34 PM

Before After
image image

mitchellhenke
mitchellhenke reviewed Sep 5, 2023
View reviewed changes
@aduth aduth marked this pull request as draft September 8, 2023 14:05
@aduth aduth marked this pull request as ready for review September 8, 2023 19:42
@aduth
Fix behavior for PIV/CAC declined setup from sign-in
4e89766 
changelog: Bug Fixes, PIV CAC Sign-In, Fix issue preventing user from being redirected to partner after declined PIV/CAC setup from sign-in
@aduth aduth force-pushed the aduth-piv-cac-setup-from-sign-in-fix-decline-path branch from fa8144d to 4e89766 Compare September 11, 2023 12:00
@aduth aduth merged commit 3387b61 into main Sep 11, 2023
@aduth aduth deleted the aduth-piv-cac-setup-from-sign-in-fix-decline-path branch September 11, 2023 12:24
@aduth aduth mentioned this pull request Sep 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mitchellhenke mitchellhenke mitchellhenke left review comments

@mdiarra3 mdiarra3 mdiarra3 approved these changes

+1 more reviewer

@zachmargolis zachmargolis zachmargolis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aduth @zachmargolis @mitchellhenke @mdiarra3