From b5c849eb3f33993a186c7df54926c8917c93d0ca Mon Sep 17 00:00:00 2001
From: Vraj Mohan <vraj.mohan@gsa.gov>
Date: Wed, 18 Dec 2024 20:28:32 -0800
Subject: [PATCH]  Add test for email shown in OIDC authorization confirmation

---
 .../authorization_controller.rb               |  2 +-
 .../authorization_confirmation_spec.rb        | 67 ++++++++++++++++---
 2 files changed, 58 insertions(+), 11 deletions(-)

diff --git a/app/controllers/openid_connect/authorization_controller.rb b/app/controllers/openid_connect/authorization_controller.rb
index d015161a030..1480697d6b6 100644
--- a/app/controllers/openid_connect/authorization_controller.rb
+++ b/app/controllers/openid_connect/authorization_controller.rb
@@ -93,7 +93,7 @@ def email_address_id
       if user_session[:selected_email_id_for_linked_identity].present?
         return user_session[:selected_email_id_for_linked_identity]
       end
-      identity = current_user.identities.find_by(service_provider: sp_session['issuer'])
+      identity = current_user.identities.find_by(service_provider: sp_session[:issuer])
       identity&.email_address_id
     end
 
diff --git a/spec/features/openid_connect/authorization_confirmation_spec.rb b/spec/features/openid_connect/authorization_confirmation_spec.rb
index f95566dcaa4..edc4944ec9e 100644
--- a/spec/features/openid_connect/authorization_confirmation_spec.rb
+++ b/spec/features/openid_connect/authorization_confirmation_spec.rb
@@ -31,36 +31,83 @@ def create_user_and_remember_device
       user1
     end
 
-    shared_examples 'signin email after signing in again' do
+    shared_examples 'signing in with a different email prompts with the shared email' do
       it 'confirms the user wants to continue to SP' do
+        shared_email = user1.identities.first.email_address.email
         second_email = create(:email_address, user: user1)
         sign_in_user(user1, second_email.email)
         visit_idp_from_ial1_oidc_sp
         expect(current_url).to match(user_authorization_confirmation_path)
-        expect(page).to have_content second_email.email
+        expect(page).to have_content shared_email
 
         continue_as(second_email.email)
         expect(oidc_redirect_url).to match('http://localhost:7654/auth/result')
       end
     end
 
-    it_behaves_like 'signin email after signing in again'
+    shared_examples 'signing in with a different email prompts with the signed in email' do
+      it 'confirms the user wants to continue to SP' do
+        second_email = create(:email_address, user: user1)
+        sign_in_user(user1, second_email.email)
+        visit_idp_from_ial1_oidc_sp
+        expect(current_url).to match(user_authorization_confirmation_path)
+        expect(page).to have_content second_email.email
+
+        continue_as(second_email.email)
+        expect(oidc_redirect_url).to match('http://localhost:7654/auth/result')
+      end
+    end
 
-    context 'with client-side redirect' do
+    context 'when email sharing feature is enabled' do
       before do
-        allow(IdentityConfig.store).to receive(:openid_connect_redirect).and_return('client_side')
+        allow(IdentityConfig.store)
+          .to receive(:feature_select_email_to_share_enabled).and_return(true)
       end
 
-      it_behaves_like 'signin email after signing in again'
+      it_behaves_like 'signing in with a different email prompts with the shared email'
+
+      context 'with client-side redirect' do
+        before do
+          allow(IdentityConfig.store).to receive(:openid_connect_redirect).and_return('client_side')
+        end
+
+        it_behaves_like 'signing in with a different email prompts with the shared email'
+      end
+
+      context 'with client-side javascript redirect' do
+        before do
+          allow(IdentityConfig.store).to receive(:openid_connect_redirect)
+            .and_return('client_side_js')
+        end
+
+        it_behaves_like 'signing in with a different email prompts with the shared email'
+      end
     end
 
-    context 'with client-side javascript redirect' do
+    context 'when email sharing feature is disabled' do
       before do
-        allow(IdentityConfig.store).to receive(:openid_connect_redirect)
-          .and_return('client_side_js')
+        allow(IdentityConfig.store)
+          .to receive(:feature_select_email_to_share_enabled).and_return(false)
       end
 
-      it_behaves_like 'signin email after signing in again'
+      it_behaves_like 'signing in with a different email prompts with the signed in email'
+
+      context 'with client-side redirect' do
+        before do
+          allow(IdentityConfig.store).to receive(:openid_connect_redirect).and_return('client_side')
+        end
+
+        it_behaves_like 'signing in with a different email prompts with the signed in email'
+      end
+
+      context 'with client-side javascript redirect' do
+        before do
+          allow(IdentityConfig.store).to receive(:openid_connect_redirect)
+            .and_return('client_side_js')
+        end
+
+        it_behaves_like 'signing in with a different email prompts with the signed in email'
+      end
     end
 
     it 'it allows the user to switch accounts prior to continuing to the SP' do