add redirect for users without security question responses (#2560) (#…

…2566)

* add redirect for users without security question responses

* move method to user model

* add comment for redirect

---------

Co-authored-by: Ryan Eddy <44847768+RyanEddyIC@users.noreply.github.com>

app/controllers/application_controller.rb

@@ -204,6 +204,9 @@ def require_login
 
     def after_sign_in_path_for(resource)
       if request.referrer =~ /sign_in/
+        # Redirect the user to the main page to ensure that they submit missing security question responses
+        return root_path if resource&.is_active_without_security_question_responses?
+
         session[:portal] || resource.try(:last_portal_visited) || root_path
       else
         session[:portal] || request.referer || root_path

app/models/user.rb

@@ -224,6 +224,10 @@ def get_announcements_by_roles_and_portal(portal_path="")
     announcements.uniq
   end
 
+  def is_active_without_security_question_responses?
+    needs_to_provide_security_questions? && person&.primary_family&.enrollments&.detect{|a| a.active_during?(TimeKeeper.date_of_record) }.present?
+  end
+
   class << self
     def find_for_database_authentication(warden_conditions)
       #TODO: Another explicit oim_id dependency

spec/controllers/application_controller_spec.rb

@@ -41,6 +41,17 @@ def index
     it "should return the root url in dev environment" do
       expect( controller.send(:after_sign_out_path_for, user) ).to eq logout_saml_index_path
     end
+
+    context "when user has active enrollments but no security question responses" do
+      before do
+        user.security_question_responses = []
+        user.save
+      end
+
+      it "after_sign_in_path_for should return the root path" do
+        expect(controller.send(:after_sign_in_path_for, user)).to eq root_path
+      end
+    end
   end
 
   context "when signed in" do