18F · zachmargolis · Sep 6, 2023 · Sep 5, 2023 · Sep 5, 2023 · Sep 5, 2023
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -218,6 +218,7 @@ def fix_broken_personal_key_url
 
   def after_sign_in_path_for(_user)
     accept_rules_of_use_url ||
+      user_suspended_url ||
       service_provider_mfa_setup_url ||
       add_piv_cac_setup_url ||
       fix_broken_personal_key_url ||
@@ -228,7 +229,6 @@ def after_sign_in_path_for(_user)
 
   def signed_in_url
     return user_two_factor_authentication_url unless user_fully_authenticated?
-    return user_please_call_url if current_user.suspended?
     return reactivate_account_url if user_needs_to_reactivate_account?
     return url_for_pending_profile_reason if user_has_pending_profile?
     return backup_code_reminder_url if user_needs_backup_code_reminder?
@@ -292,7 +292,7 @@ def user_fully_authenticated?
   end
 
   def confirm_user_is_not_suspended
-    redirect_to user_please_call_url if current_user.suspended?
+    redirect_to user_suspended_url if user_suspended_url
   end
 
   def confirm_two_factor_authenticated
@@ -350,6 +350,10 @@ def prompt_to_verify_sp_required_mfa
     redirect_to sp_required_mfa_verification_url
   end
 
+  def user_suspended_url
+    user_please_call_url if current_user.suspended?
+  end
+
   def sp_required_mfa_verification_url
     return login_two_factor_piv_cac_url if service_provider_mfa_policy.piv_cac_required?
 

diff --git a/spec/controllers/accounts_controller_spec.rb b/spec/controllers/accounts_controller_spec.rb
@@ -79,14 +79,9 @@
     end
 
     context 'when a user is suspended' do
-      render_views
       it 'redirects to contact support page' do
-        user = create(
-          :user,
-          :fully_registered,
-        )
+        user = create(:user, :fully_registered, :suspended)
 
-        user.suspend!
         sign_in user
         get :show
 

diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
@@ -210,6 +210,26 @@ def index
     end
   end
 
+  describe '#user_suspended_url' do
+    before { sign_in(user) }
+
+    context 'when user is suspended' do
+      let(:user) { create(:user, :suspended) }
+
+      it 'is the please call url' do
+        expect(controller.send(:user_suspended_url)).to eq(user_please_call_url)
+      end
+    end
+
+    context 'when user is not suspended' do
+      let(:user) { create(:user) }
+
+      it 'is nil' do
+        expect(controller.send(:user_suspended_url)).to be_nil
+      end
+    end
+  end
+
   describe '#confirm_two_factor_authenticated' do
     controller do
       before_action :confirm_two_factor_authenticated

diff --git a/spec/features/users/sign_in_spec.rb b/spec/features/users/sign_in_spec.rb
@@ -62,6 +62,21 @@
     expect(current_path).to eq account_path
   end
 
+  scenario 'user is suspended, gets show please call page after 2fa' do
+    user = create(:user, :fully_registered, :suspended)
+    service_provider = ServiceProvider.find_by(issuer: OidcAuthHelper::OIDC_IAL1_ISSUER)
+    IdentityLinker.new(user, service_provider).link_identity(
+      verified_attributes: %w[openid email],
+    )
+
+    visit_idp_from_sp_with_ial1(:oidc)
+    fill_in_credentials_and_submit(user.email, user.password)
+    fill_in_code_with_last_phone_otp
+    click_submit_default
+
+    expect(current_path).to eq(user_please_call_path)
+  end
+
   scenario 'user opts to add piv/cac card' do
     perform_steps_to_get_to_add_piv_cac_during_sign_up
     nonce = piv_cac_nonce_from_form_action