Adds handler for from=your-services param hint in /email/manage

In order to improve the logged-in experience, in alphagov/frontend#3670 we are redirecting /account directly to home.account.gov.uk. This means that we are skipping session creation. It improves the general logged in behaviour, but means that if someone goes to /account and logs in, then follows the link to /email/manage, email-alert-frontend will not know that the user is logged in (because no session will exist), and they'll be prompted for their email address. To get around this, we add support for a hint parameter (from=your-services) which will be added to the link in the home.account.gov.uk/your-services page. When we go to /email/manage?from=your-services, the app knows that we came from One Login and are therefore probably logged in, so attempts a silent login.
alphagov · Jul 20, 2023 · db403bb · db403bb
1 parent 93c6a56
commit db403bb
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/app/controllers/subscriptions_management_controller.rb b/app/controllers/subscriptions_management_controller.rb
@@ -1,6 +1,7 @@
 class SubscriptionsManagementController < ApplicationController
   include Slimmer::Headers
   include Slimmer::Template
+  before_action :handle_one_login_hint, only: [:index]
   before_action :require_authentication
   before_action :get_subscription_details
   before_action :set_back_url
@@ -101,6 +102,12 @@ def use_govuk_account_layout?
 
 private
 
+  def handle_one_login_hint
+    return unless params[:from] == "your-services" && !authenticated?
+
+    redirect_with_analytics GdsApi.account_api.get_sign_in_url(redirect_path: list_subscriptions_path)["auth_uri"]
+  end
+
   def get_subscription_details
     subscription_details = GdsApi.email_alert_api.get_subscriptions(
       id: authenticated_subscriber_id,

diff --git a/spec/controllers/subscriptions_management_controller_spec.rb b/spec/controllers/subscriptions_management_controller_spec.rb
@@ -1,4 +1,5 @@
 RSpec.describe SubscriptionsManagementController do
+  include GdsApi::TestHelpers::AccountApi
   include GdsApi::TestHelpers::EmailAlertApi
   include GdsApi::TestHelpers::ContentStore
   include GovukPersonalisation::TestHelpers::Requests
@@ -40,6 +41,32 @@
       end
     end
 
+    context "when the page is requested with a logged-in hint" do
+      before do
+        stub_account_api_get_sign_in_url(
+          redirect_path: "/email/manage",
+          auth_uri:,
+        )
+      end
+
+      let(:auth_uri) { "/sign-in" }
+
+      context "with a login session" do
+        it "ignores the hint and continues" do
+          get(:index, session:, params: { from: "your-services" })
+          expect(response).to have_http_status(:ok)
+        end
+      end
+
+      context "without a login session" do
+        it "redirects to the account login bounce" do
+          get(:index, params: { from: "your-services" })
+          expect(response).to have_http_status(:redirect)
+          expect(response).to redirect_to(auth_uri)
+        end
+      end
+    end
+
     context "when there is a subscriber with a subscription" do
       it "renders the subscriber's email address" do
         get(:index, session:)