diff --git a/app/controllers/two_factor_authentication/otp_verification_controller.rb b/app/controllers/two_factor_authentication/otp_verification_controller.rb index f60c17bdba6..43cc0937b97 100644 --- a/app/controllers/two_factor_authentication/otp_verification_controller.rb +++ b/app/controllers/two_factor_authentication/otp_verification_controller.rb @@ -178,6 +178,7 @@ def phone_view_data confirmation_for_add_phone: confirmation_for_add_phone?, phone_number: display_phone_to_deliver_to, code_value: direct_otp_code, + in_multi_mfa_selection_flow: in_multi_mfa_selection_flow?, otp_expiration: otp_expiration, otp_delivery_preference: params[:otp_delivery_preference], otp_make_default_number: selected_otp_make_default_number, diff --git a/app/presenters/two_factor_auth_code/phone_delivery_presenter.rb b/app/presenters/two_factor_auth_code/phone_delivery_presenter.rb index 8bf2f003c51..d3bf7d1a287 100644 --- a/app/presenters/two_factor_auth_code/phone_delivery_presenter.rb +++ b/app/presenters/two_factor_auth_code/phone_delivery_presenter.rb @@ -7,9 +7,11 @@ class PhoneDeliveryPresenter < TwoFactorAuthCode::GenericDeliveryPresenter attr_reader :otp_delivery_preference, :otp_make_default_number, :unconfirmed_phone, - :otp_expiration + :otp_expiration, + :in_multi_mfa_selection_flow alias_method :unconfirmed_phone?, :unconfirmed_phone + alias_method :in_multi_mfa_selection_flow?, :in_multi_mfa_selection_flow def header t('two_factor_authentication.header_text') @@ -58,7 +60,9 @@ def troubleshooting_options def cancel_link locale = LinkLocaleResolver.locale - if confirmation_for_add_phone || reauthn + if in_multi_mfa_selection_flow + authentication_methods_setup_path(locale: locale) + elsif confirmation_for_add_phone || reauthn account_path(locale: locale) else sign_out_path(locale: locale) diff --git a/app/views/two_factor_authentication/otp_verification/show.html.erb b/app/views/two_factor_authentication/otp_verification/show.html.erb index bc98b579a25..771ec1f84ad 100644 --- a/app/views/two_factor_authentication/otp_verification/show.html.erb +++ b/app/views/two_factor_authentication/otp_verification/show.html.erb @@ -62,7 +62,6 @@ <% end %> <%= render 'two_factor_authentication/troubleshooting_options', presenter: @presenter %> - <% if MfaPolicy.new(current_user).two_factor_enabled? %> <%= render 'shared/cancel', link: @presenter.cancel_link %> <% else %> diff --git a/spec/features/two_factor_authentication/multiple_mfa_sign_up_spec.rb b/spec/features/two_factor_authentication/multiple_mfa_sign_up_spec.rb index 1abaa311ddd..3eeeec8e952 100644 --- a/spec/features/two_factor_authentication/multiple_mfa_sign_up_spec.rb +++ b/spec/features/two_factor_authentication/multiple_mfa_sign_up_spec.rb @@ -266,6 +266,36 @@ end end + describe 'adding a phone as a second mfa' do + it 'at setup, phone as second MFA show a cancel link that returns to mfa setup' do + allow(IdentityConfig.store).to receive(:platform_auth_set_up_enabled).and_return(true) + allow(IdentityConfig.store). + to receive(:show_unsupported_passkey_platform_authentication_setup). + and_return(true) + + sign_up_and_set_password + mock_webauthn_setup_challenge + select_2fa_option('webauthn_platform', visible: :all) + + click_continue + fill_in_nickname_and_click_continue + mock_press_button_on_hardware_key_on_setup + + click_link t('mfa.add') + + select_2fa_option('phone') + click_continue + + fill_in :new_phone_form_phone, with: '3015551212' + click_send_one_time_code + + expect(page).to have_link( + t('links.cancel'), + href: authentication_methods_setup_path, + ) + end + end + def click_2fa_option(option) find("label[for='two_factor_options_form_selection_#{option}']").click end