From d0ec447e8f197debde18dc9b2fd8a1fd2dadb2a7 Mon Sep 17 00:00:00 2001 From: Keith Lawrence Date: Thu, 13 Jul 2023 13:29:26 +0100 Subject: [PATCH] Adds handler for from=your-services param hint in /email/manage In order to improve the logged-in experience, in https://github.com/alphagov/frontend/pull/3670 we are redirecting /account directly to home.account.gov.uk. This means that we are skipping session creation. It improves the general logged in behaviour, but means that if someone goes to /account and logs in, then follows the link to /email/manage, email-alert-frontend will not know that the user is logged in (because no session will exist), and they'll be prompted for their email address. To get around this, we add support for a hint parameter (from=your-services) which will be added to the link in the home.account.gov.uk/your-services page. When we go to /email/manage?from=your-services, the app knows that we came from One Login and are therefore probably logged in, so attempts a silent login. --- .../subscriptions_management_controller.rb | 8 ++++++ ...ubscriptions_management_controller_spec.rb | 27 +++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/app/controllers/subscriptions_management_controller.rb b/app/controllers/subscriptions_management_controller.rb index 1187231f..c852e86c 100644 --- a/app/controllers/subscriptions_management_controller.rb +++ b/app/controllers/subscriptions_management_controller.rb @@ -1,6 +1,7 @@ class SubscriptionsManagementController < ApplicationController include Slimmer::Headers include Slimmer::Template + before_action :handle_one_login_hint, only: [:index] before_action :require_authentication before_action :get_subscription_details before_action :set_back_url @@ -101,6 +102,13 @@ def use_govuk_account_layout? private + def handle_one_login_hint + return unless params[:from] == "your-services" && !authenticated? + + redirect_path = list_subscriptions_url + redirect_with_analytics GdsApi.account_api.get_sign_in_url(redirect_path:)["auth_uri"] + end + def get_subscription_details subscription_details = GdsApi.email_alert_api.get_subscriptions( id: authenticated_subscriber_id, diff --git a/spec/controllers/subscriptions_management_controller_spec.rb b/spec/controllers/subscriptions_management_controller_spec.rb index 785b0377..96f3861b 100644 --- a/spec/controllers/subscriptions_management_controller_spec.rb +++ b/spec/controllers/subscriptions_management_controller_spec.rb @@ -1,4 +1,5 @@ RSpec.describe SubscriptionsManagementController do + include GdsApi::TestHelpers::AccountApi include GdsApi::TestHelpers::EmailAlertApi include GdsApi::TestHelpers::ContentStore include GovukPersonalisation::TestHelpers::Requests @@ -40,6 +41,32 @@ end end + context "when the page is requested with a logged-in hint" do + before do + stub_account_api_get_sign_in_url( + redirect_path: "http://test.host/email/manage", + auth_uri:, + ) + end + + let(:auth_uri) { "/sign-in" } + + context "with a login session" do + it "ignores the " do + get(:index, session:, params: { from: "your-services" }) + expect(response).to have_http_status(:ok) + end + end + + context "without a login session" do + it "redirects to the account login bounce" do + get(:index, params: { from: "your-services" }) + expect(response).to have_http_status(:redirect) + expect(response).to redirect_to(auth_uri) + end + end + end + context "when there is a subscriber with a subscription" do it "renders the subscriber's email address" do get(:index, session:)