diff --git a/app/controllers/concerns/idv_session.rb b/app/controllers/concerns/idv_session.rb index 656a5a5c49e..057de096794 100644 --- a/app/controllers/concerns/idv_session.rb +++ b/app/controllers/concerns/idv_session.rb @@ -3,7 +3,7 @@ module IdvSession included do before_action :redirect_unless_idv_session_user - before_action :redirect_if_sp_context_needed + before_action :redirect_unless_sp_requested_verification end def confirm_idv_needed @@ -53,11 +53,17 @@ def redirect_unless_idv_session_user redirect_to root_url if !idv_session_user end - def redirect_if_sp_context_needed - return if sp_from_sp_session.present? - return unless IdentityConfig.store.idv_sp_required + def redirect_unless_sp_requested_verification + return if !IdentityConfig.store.idv_sp_required return if idv_session_user.profiles.any? + ial_context = IalContext.new( + ial: sp_session_ial, + service_provider: sp_from_sp_session, + user: idv_session_user, + ) + return if ial_context.ial2_or_greater? + redirect_to account_url end diff --git a/spec/controllers/idv/by_mail/request_letter_controller_spec.rb b/spec/controllers/idv/by_mail/request_letter_controller_spec.rb index f25cfd85661..2e0a7c38980 100644 --- a/spec/controllers/idv/by_mail/request_letter_controller_spec.rb +++ b/spec/controllers/idv/by_mail/request_letter_controller_spec.rb @@ -25,7 +25,7 @@ end it 'includes before_actions from IdvSession' do - expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + expect(subject).to have_actions(:before, :redirect_unless_sp_requested_verification) end end diff --git a/spec/controllers/idv/cancellations_controller_spec.rb b/spec/controllers/idv/cancellations_controller_spec.rb index 939a2fc136d..0266bc134f6 100644 --- a/spec/controllers/idv/cancellations_controller_spec.rb +++ b/spec/controllers/idv/cancellations_controller_spec.rb @@ -3,7 +3,7 @@ RSpec.describe Idv::CancellationsController do describe 'before_actions' do it 'includes before_actions from IdvSession' do - expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + expect(subject).to have_actions(:before, :redirect_unless_sp_requested_verification) end end diff --git a/spec/controllers/idv/enter_password_controller_spec.rb b/spec/controllers/idv/enter_password_controller_spec.rb index 482f19ef14f..25687b3fca7 100644 --- a/spec/controllers/idv/enter_password_controller_spec.rb +++ b/spec/controllers/idv/enter_password_controller_spec.rb @@ -48,7 +48,7 @@ end it 'includes before_actions from IdvSession' do - expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + expect(subject).to have_actions(:before, :redirect_unless_sp_requested_verification) end end diff --git a/spec/controllers/idv/forgot_password_controller_spec.rb b/spec/controllers/idv/forgot_password_controller_spec.rb index 2dc4f523e0b..90547f3f9a8 100644 --- a/spec/controllers/idv/forgot_password_controller_spec.rb +++ b/spec/controllers/idv/forgot_password_controller_spec.rb @@ -3,7 +3,7 @@ RSpec.describe Idv::ForgotPasswordController do describe 'before_actions' do it 'includes before_actions from IdvSession' do - expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + expect(subject).to have_actions(:before, :redirect_unless_sp_requested_verification) end end diff --git a/spec/controllers/idv/otp_verification_controller_spec.rb b/spec/controllers/idv/otp_verification_controller_spec.rb index 3c542b13646..3ca3199494d 100644 --- a/spec/controllers/idv/otp_verification_controller_spec.rb +++ b/spec/controllers/idv/otp_verification_controller_spec.rb @@ -36,7 +36,7 @@ describe 'before_actions' do it 'includes before_actions from IdvSession' do - expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + expect(subject).to have_actions(:before, :redirect_unless_sp_requested_verification) end end diff --git a/spec/controllers/idv/personal_key_controller_spec.rb b/spec/controllers/idv/personal_key_controller_spec.rb index fd7281fe08c..df57c4f0398 100644 --- a/spec/controllers/idv/personal_key_controller_spec.rb +++ b/spec/controllers/idv/personal_key_controller_spec.rb @@ -51,7 +51,7 @@ def stub_idv_session end it 'includes before_actions from IdvSession' do - expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + expect(subject).to have_actions(:before, :redirect_unless_sp_requested_verification) end describe '#confirm_profile_has_been_created' do diff --git a/spec/controllers/idv/phone_controller_spec.rb b/spec/controllers/idv/phone_controller_spec.rb index 9269c33d023..cd65c39a93a 100644 --- a/spec/controllers/idv/phone_controller_spec.rb +++ b/spec/controllers/idv/phone_controller_spec.rb @@ -30,7 +30,7 @@ describe 'before_actions' do it 'includes before_actions from IdvSession' do - expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + expect(subject).to have_actions(:before, :redirect_unless_sp_requested_verification) end end diff --git a/spec/controllers/idv/phone_errors_controller_spec.rb b/spec/controllers/idv/phone_errors_controller_spec.rb index 6f08b18147c..eb9a367e6d6 100644 --- a/spec/controllers/idv/phone_errors_controller_spec.rb +++ b/spec/controllers/idv/phone_errors_controller_spec.rb @@ -21,7 +21,7 @@ shared_examples_for 'an idv phone errors controller action' do describe 'before_actions' do it 'includes before_actions from IdvSession' do - expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + expect(subject).to have_actions(:before, :redirect_unless_sp_requested_verification) end end diff --git a/spec/controllers/idv/resend_otp_controller_spec.rb b/spec/controllers/idv/resend_otp_controller_spec.rb index 2162252da92..4d0ccced7ef 100644 --- a/spec/controllers/idv/resend_otp_controller_spec.rb +++ b/spec/controllers/idv/resend_otp_controller_spec.rb @@ -26,7 +26,7 @@ describe 'before_actions' do it 'includes before_actions from IdvSession' do - expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + expect(subject).to have_actions(:before, :redirect_unless_sp_requested_verification) end end diff --git a/spec/controllers/idv/session_errors_controller_spec.rb b/spec/controllers/idv/session_errors_controller_spec.rb index b3e8d7f2044..e7fac844696 100644 --- a/spec/controllers/idv/session_errors_controller_spec.rb +++ b/spec/controllers/idv/session_errors_controller_spec.rb @@ -135,7 +135,7 @@ describe 'before_actions' do it 'includes before_actions from IdvSession' do - expect(subject).to have_actions(:before, :redirect_if_sp_context_needed) + expect(subject).to have_actions(:before, :redirect_unless_sp_requested_verification) end end diff --git a/spec/controllers/idv_controller_spec.rb b/spec/controllers/idv_controller_spec.rb index 4ade439f2bb..7593d4ffd65 100644 --- a/spec/controllers/idv_controller_spec.rb +++ b/spec/controllers/idv_controller_spec.rb @@ -167,30 +167,71 @@ expect(response).to redirect_to idv_welcome_path end - context 'no SP context' do + describe 'SP for IdV requirement' do + let(:current_sp) { create(:service_provider) } + let(:ial) { 2 } let(:user) { build(:user, password: ControllerHelper::VALID_PASSWORD) } before do stub_sign_in(user) - session[:sp] = {} + if current_sp.present? + session[:sp] = { issuer: current_sp.issuer, ial: ial } + else + session[:sp] = {} + end allow(IdentityConfig.store).to receive(:idv_sp_required).and_return(idv_sp_required) end - context 'sp required' do - let(:idv_sp_required) { true } + context 'without an SP context' do + let(:current_sp) { nil } - it 'redirects back to the account page' do - get :index + context 'when an SP is required' do + let(:idv_sp_required) { true } - expect(response).to redirect_to account_url + it 'redirects back to the account page' do + get :index + expect(response).to redirect_to account_url + end + + it 'begins the proofing process if the user has a profile' do + create(:profile, :verified, user: user) + get :index + expect(response).to redirect_to idv_welcome_url + end end - context 'user has an existing profile' do - let(:user) do - profile = create(:profile) - profile.user + context 'no SP required' do + let(:idv_sp_required) { false } + + it 'begins the identity proofing process' do + get :index + + expect(response).to redirect_to idv_welcome_url + end + end + end + + context 'with an SP context that does not require IdV' do + let(:ial) { 1 } + + context 'when an SP is required' do + let(:idv_sp_required) { true } + + it 'redirects back to the account page' do + get :index + expect(response).to redirect_to account_url end + it 'begins the proofing process if the user has a profile' do + create(:profile, :verified, user: user) + get :index + expect(response).to redirect_to idv_welcome_url + end + end + + context 'no SP required' do + let(:idv_sp_required) { false } + it 'begins the identity proofing process' do get :index @@ -199,13 +240,26 @@ end end - context 'sp not required' do - let(:idv_sp_required) { false } + context 'with an SP context that requires IdV' do + let(:ial) { 2 } + + context 'when an SP is required' do + let(:idv_sp_required) { true } + + it 'begins the identity proofing process' do + get :index + expect(response).to redirect_to idv_welcome_url + end + end + + context 'no SP required' do + let(:idv_sp_required) { false } - it 'begins the identity proofing process' do - get :index + it 'begins the identity proofing process' do + get :index - expect(response).to redirect_to idv_welcome_url + expect(response).to redirect_to idv_welcome_url + end end end end