Skip to content

LG-5873: Allow users to sign back into the SP with original browser after error #9692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mdiarra3 merged 5 commits into from
Dec 7, 2023
Merged

LG-5873: Allow users to sign back into the SP with original browser after error #9692

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
46cd769
changelog: Bug Fixes, Authentication, Redirect with the sp already lo…
mdiarra3 Dec 1, 2023
9ff2118
add spec to ensure things arent broken
mdiarra3 Dec 5, 2023
12025e8
branded experience
mdiarra3 Dec 5, 2023
7abf139
Merge remote-tracking branch 'origin/main' into LG-5873-sign-in-sp-bug
mdiarra3 Dec 5, 2023
5e64f9d
change test title name
mdiarra3 Dec 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions config/initializers/session_limitable.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

if warden.authenticated?(scope) && options[:store] != false
if record.unique_session_id != current_session_id
service_provider = warden.raw_session.dig('sp')
Copy link
Copy Markdown
Contributor Author

@mdiarra3 mdiarra3 Dec 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will maintain the SP for the user when theyre redirected back to the Error page.

analytics = Analytics.new(
user: record,
request: warden.request,
Expand All @@ -28,6 +29,7 @@
analytics.concurrent_session_logout
warden.raw_session.clear
warden.logout(scope)
warden.raw_session['sp'] = service_provider
throw :warden, scope: scope, message: :session_limited
end
end
Expand Down
32 changes: 32 additions & 0 deletions spec/features/users/sign_in_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -431,6 +431,38 @@
end
end
end

context 'with sp' do
scenario 'redirects to home page with error and preserves branded experience' do
user = user_with_2fa
service_provider = ServiceProvider.find_by(issuer: OidcAuthHelper::OIDC_IAL1_ISSUER)
IdentityLinker.new(user, service_provider).link_identity(
verified_attributes: %w[openid email],
)

perform_in_browser(:one) do
visit_idp_from_sp_with_ial1(:oidc)
sign_in_live_with_2fa(user)

expect(current_url).to match('http://localhost:7654/auth/result')
end

perform_in_browser(:two) do
visit_idp_from_sp_with_ial1(:oidc)
sign_in_live_with_2fa(user)

expect(current_url).to match('http://localhost:7654/auth/result')
end

perform_in_browser(:one) do
visit account_path

expect(current_path).to eq new_user_session_path
expect(page).to have_content(t('devise.failure.session_limited'))
expect_branded_experience
end
end
end
end

context 'attribute_encryption_key is changed but queue does not contain any previous keys' do
Expand Down