18F · jmdembe · Jan 2, 2025 · Jan 3, 2025 · Jan 3, 2025 · Jan 3, 2025
diff --git a/app/controllers/accounts/connected_accounts_controller.rb b/app/controllers/accounts/connected_accounts_controller.rb
@@ -3,6 +3,8 @@
 module Accounts
   class ConnectedAccountsController < ApplicationController
     include RememberDeviceConcern
+    include ApplicationHelper
+
     before_action :confirm_two_factor_authenticated
 
     layout 'account_side_nav'
@@ -16,6 +18,7 @@ def show
         sp_name: decorated_sp_session.sp_name,
         user: current_user,
         locked_for_session: pii_locked_for_session?(current_user),
+        change_email_available: decorated_sp_session.requested_attributes,
       )
     end
   end

diff --git a/app/controllers/accounts/history_controller.rb b/app/controllers/accounts/history_controller.rb
@@ -15,6 +15,7 @@ def show
         sp_name: decorated_sp_session.sp_name,
         user: current_user,
         locked_for_session: pii_locked_for_session?(current_user),
+        change_email_available: false,
       )
     end
   end

diff --git a/app/controllers/accounts/two_factor_authentication_controller.rb b/app/controllers/accounts/two_factor_authentication_controller.rb
@@ -16,6 +16,7 @@ def show
         sp_name: decorated_sp_session.sp_name,
         user: current_user,
         locked_for_session: pii_locked_for_session?(current_user),
+        change_email_available: false,
       )
     end
   end

diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
@@ -18,6 +18,7 @@ def show
       sp_name: decorated_sp_session.sp_name,
       user: current_user,
       locked_for_session: pii_locked_for_session?(current_user),
+      change_email_available: false,
     )
     if session.delete(:from_select_email_flow)
       flash.now[:success] = t(

diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb
@@ -16,6 +16,7 @@ def show
       sp_name: decorated_sp_session.sp_name,
       user: current_user,
       locked_for_session: pii_locked_for_session?(current_user),
+      change_email_available: false,
     )
     device_and_events
   rescue ActiveRecord::RecordNotFound, ActiveModel::RangeError

diff --git a/app/presenters/account_show_presenter.rb b/app/presenters/account_show_presenter.rb
@@ -7,7 +7,8 @@ class AccountShowPresenter
               :pii,
               :sp_session_request_url,
               :authn_context,
-              :sp_name
+              :sp_name,
+              :change_email_available
 
   delegate :identity_verified_with_facial_match?, to: :user
 
@@ -17,14 +18,16 @@ def initialize(
     authn_context:,
     sp_name:,
     user:,
-    locked_for_session:
+    locked_for_session:,
+    change_email_available:
   )
     @decrypted_pii = decrypted_pii
     @user = user
     @sp_name = sp_name
     @sp_session_request_url = sp_session_request_url
     @authn_context = authn_context
     @locked_for_session = locked_for_session
+    @change_email_available = change_email_available
     @pii = determine_pii
   end
 
@@ -141,6 +144,13 @@ def connected_apps
     user.connected_apps.includes([:service_provider_record, :email_address])
   end
 
+  def hide_change_option
+    if change_email_available
+      decorated_sp_session.requested_attributes.include?('all_emails') ||
+        !decorated_sp_session.requested_attributes.include?('email')
+    end
+  end
+
   delegate :recent_events, :recent_devices, to: :user
 
   private

diff --git a/app/views/accounts/_connected_app.html.erb b/app/views/accounts/_connected_app.html.erb
@@ -17,13 +17,15 @@
           timestamp_html: render(TimeComponent.new(time: identity.created_at)),
         ) %>
     <br />
-    <strong>
-      <%= identity.email_address&.email || t('account.connected_apps.email_not_selected') %>
-    </strong>
-    <%= link_to(
-          t('help_text.requested_attributes.change_email_link'),
-          edit_connected_account_selected_email_path(identity_id: identity.id),
-        ) %>
+    <% if @presenter.hide_change_option %>
+      <strong>
+        <%= identity.email_address&.email || t('account.connected_apps.email_not_selected') %>
+      </strong>
+      <%= link_to(
+            t('help_text.requested_attributes.change_email_link'),
+            edit_connected_account_selected_email_path(identity_id: identity.id),
+          ) %>
+    <% end %>
   <% else %>
     <%= t(
           'account.connected_apps.associated_html',

diff --git a/spec/controllers/accounts_controller_spec.rb b/spec/controllers/accounts_controller_spec.rb
@@ -134,6 +134,7 @@
           sp_name: nil,
           user: user,
           locked_for_session: false,
+          change_email_available: false,
         )
         allow(subject).to receive(:presenter).and_return(presenter)
 
@@ -172,6 +173,7 @@
             sp_name: nil,
             user: user,
             locked_for_session: false,
+            change_email_available: false,
           )
           allow(subject).to receive(:presenter).and_return(presenter)
 

diff --git a/spec/presenters/account_show_presenter_spec.rb b/spec/presenters/account_show_presenter_spec.rb
@@ -25,6 +25,7 @@
       sp_name:,
       user:,
       locked_for_session:,
+      change_email_available:,
     )
   end
 
@@ -294,6 +295,7 @@
           sp_name: nil,
           user: user,
           locked_for_session: false,
+          change_email_available: false,
         )
 
         expect(account_show.pending_ipp?).to be(false)
@@ -327,6 +329,7 @@
           sp_name: nil,
           user: user,
           locked_for_session: false,
+          change_email_available: false,
         )
 
         expect(account_show.pending_ipp?).to be(false)
@@ -454,6 +457,7 @@
           authn_context: nil,
           sp_name: nil,
           locked_for_session: false,
+          change_email_available: false,
         )
 
         expect(profile_index.header_personalization).to eq first_name
@@ -472,6 +476,7 @@
           authn_context: nil,
           sp_name: nil,
           locked_for_session: false,
+          change_email_available: false,
         )
 
         expect(profile_index.header_personalization).to eq email_address.email
@@ -494,6 +499,7 @@
           authn_context: nil,
           sp_name: nil,
           locked_for_session: false,
+          change_email_available: false,
         )
 
         expect(profile_index.totp_content).to eq t('account.index.auth_app_enabled')
@@ -513,6 +519,7 @@
           authn_context: nil,
           sp_name: nil,
           locked_for_session: false,
+          change_email_available: false,
         )
 
         expect(profile_index.totp_content).to eq t('account.index.auth_app_disabled')
@@ -550,6 +557,7 @@
         sp_name: nil,
         user: user.reload,
         locked_for_session: false,
+        change_email_available: false,
       )
 
       expect(account_show.backup_codes_generated_at).to be_within(
@@ -569,6 +577,7 @@
         sp_name: nil,
         user: user.reload,
         locked_for_session: false,
+        change_email_available: false,
       )
 
       expect(account_show.backup_codes_generated_at).to be_nil
@@ -617,6 +626,7 @@
           authn_context: nil,
           sp_name: nil,
           locked_for_session: false,
+          change_email_available: false,
         )
 
         expect(
@@ -641,6 +651,7 @@
           authn_context: nil,
           sp_name: nil,
           locked_for_session: false,
+          change_email_available: false,
         )
 
         expect(
@@ -660,6 +671,7 @@
           authn_context: nil,
           sp_name: nil,
           locked_for_session: false,
+          change_email_available: false,
         )
 
         expect(profile_index.personal_key_generated_at).to be_nil

diff --git a/spec/views/accounts/_badges.html.erb_spec.rb b/spec/views/accounts/_badges.html.erb_spec.rb
@@ -12,6 +12,7 @@
       sp_name: nil,
       user:,
       locked_for_session: false,
+      change_email_available: false,
     )
   end
 

diff --git a/spec/views/accounts/_identity_verification.html.erb_spec.rb b/spec/views/accounts/_identity_verification.html.erb_spec.rb
@@ -23,6 +23,7 @@
       sp_name:,
       user:,
       locked_for_session: false,
+      change_email_available: false,
     )
   end
 

diff --git a/spec/views/accounts/connected_accounts/show.html.erb_spec.rb b/spec/views/accounts/connected_accounts/show.html.erb_spec.rb
@@ -17,6 +17,7 @@
         authn_context: nil,
         sp_name: nil,
         locked_for_session: false,
+        change_email_available: false,
       ),
     )
   end
@@ -107,4 +108,31 @@
       expect(rendered).to_not include('&lt;')
     end
   end
+
+  context 'when the partner requests all emails' do
+    before do
+      assign(
+        :presenter,
+        AccountShowPresenter.new(
+          decrypted_pii: nil,
+          user: user,
+          sp_session_request_url: nil,
+          authn_context: nil,
+          sp_name: nil,
+          locked_for_session: false,
+          change_email_available: true,
+        ),
+      )
+    end
+    let!(:identity) { create(:service_provider_identity, user:) }
+
+    it 'does not show the change link' do
+      render
+
+      expect(rendered).not_to have_link(
+        t('help_text.requested_attributes.change_email_link'),
+        href: edit_connected_account_selected_email_path(identity_id: identity.id),
+      )
+    end
+  end
 end
diff --git a/spec/views/accounts/history/show.html.erb_spec.rb b/spec/views/accounts/history/show.html.erb_spec.rb
@@ -14,6 +14,7 @@
         authn_context: nil,
         sp_name: nil,
         locked_for_session: false,
+        change_email_available: false,
       ),
     )
   end

diff --git a/spec/views/accounts/show.html.erb_spec.rb b/spec/views/accounts/show.html.erb_spec.rb
@@ -24,6 +24,7 @@
         authn_context:,
         sp_name: nil,
         locked_for_session: false,
+        change_email_available: false,
       ),
     )
   end
@@ -255,6 +256,7 @@
           authn_context:,
           sp_name: sp.friendly_name,
           locked_for_session: false,
+          change_email_available: false,
         ),
       )
     end

diff --git a/spec/views/accounts/two_factor_authentication/show.html.erb_spec.rb b/spec/views/accounts/two_factor_authentication/show.html.erb_spec.rb
@@ -14,6 +14,7 @@
         authn_context: nil,
         sp_name: nil,
         locked_for_session: false,
+        change_email_available: false,
       ),
     )
   end
@@ -40,6 +41,7 @@
           authn_context: nil,
           sp_name: nil,
           locked_for_session: false,
+          change_email_available: false,
         ),
       )
     end
-Original file line number
+Diff line change
@@ Expand Up / @@ -12,6 +12,7 @@ @@
           sp_name: nil,
           user:,
           locked_for_session: false,
+          change_email_available: false,
         )
       end
@@ Expand Down @@