RubyGems - decidim-verifications - Versions diffs - 0.29.1 → 0.30.0.rc1 - Mend

decidim-verifications 0.29.1 → 0.30.0.rc1

Files changed (68) hide show

checksums.yaml +4 -4
data/app/commands/decidim/verifications/authorize_user.rb +24 -0
data/app/commands/decidim/verifications/revoke_by_name_authorizations.rb +51 -0
data/app/controllers/decidim/verifications/authorizations_controller.rb +73 -16
data/app/controllers/decidim/verifications/id_documents/authorizations_controller.rb +3 -1
data/app/forms/decidim/verifications/id_documents/admin/config_form.rb +1 -1
data/app/forms/decidim/verifications/sms/mobile_phone_form.rb +1 -1
data/app/helpers/decidim/verifications/application_helper.rb +28 -0
data/app/models/decidim/verifications/conflict.rb +8 -0
data/app/services/decidim/authorization_handler.rb +22 -1
data/app/views/decidim/verifications/authorizations/_tos_acceptance_field.html.erb +11 -0
data/app/views/decidim/verifications/authorizations/index.html.erb +4 -4
data/app/views/decidim/verifications/authorizations/new.html.erb +14 -6
data/app/views/decidim/verifications/authorizations/onboarding_pending.html.erb +38 -0
data/app/views/decidim/verifications/id_documents/authorizations/choose.html.erb +2 -2
data/app/views/decidim/verifications/id_documents/authorizations/edit.html.erb +1 -1
data/app/views/decidim/verifications/id_documents/authorizations/new.html.erb +1 -1
data/app/views/decidim/verifications/postal_letter/authorizations/edit.html.erb +2 -2
data/app/views/decidim/verifications/postal_letter/authorizations/new.html.erb +1 -1
data/app/views/decidim/verifications/sms/authorizations/edit.html.erb +1 -1
data/app/views/decidim/verifications/sms/authorizations/new.html.erb +1 -1
data/app/views/dummy_authorization/_form.html.erb +0 -6
data/app/views/layouts/decidim/authorizations.html.erb +34 -0
data/config/locales/ar.yml +10 -21
data/config/locales/bg.yml +21 -36
data/config/locales/bn-BD.yml +1 -0
data/config/locales/bs-BA.yml +1 -0
data/config/locales/ca.yml +38 -35
data/config/locales/cs.yml +38 -35
data/config/locales/de.yml +38 -35
data/config/locales/el.yml +8 -22
data/config/locales/en.yml +18 -15
data/config/locales/es-MX.yml +39 -36
data/config/locales/es-PY.yml +39 -36
data/config/locales/es.yml +38 -35
data/config/locales/eu.yml +46 -43
data/config/locales/fi-plain.yml +38 -35
data/config/locales/fi.yml +44 -41
data/config/locales/fr-CA.yml +34 -36
data/config/locales/fr.yml +34 -36
data/config/locales/gl.yml +8 -24
data/config/locales/hu.yml +10 -25
data/config/locales/id-ID.yml +8 -21
data/config/locales/is-IS.yml +8 -16
data/config/locales/it.yml +8 -24
data/config/locales/ja.yml +38 -36
data/config/locales/lt.yml +10 -25
data/config/locales/lv.yml +8 -22
data/config/locales/nl.yml +8 -24
data/config/locales/no.yml +8 -24
data/config/locales/pl.yml +21 -36
data/config/locales/pt-BR.yml +8 -24
data/config/locales/pt.yml +8 -24
data/config/locales/ro-RO.yml +8 -24
data/config/locales/ru.yml +8 -17
data/config/locales/sk.yml +8 -22
data/config/locales/sv.yml +21 -34
data/config/locales/tr-TR.yml +8 -23
data/config/locales/uk.yml +8 -17
data/config/locales/zh-CN.yml +8 -25
data/config/locales/zh-TW.yml +10 -25
data/decidim-verifications.gemspec +2 -2
data/lib/decidim/verifications/adapter.rb +1 -1
data/lib/decidim/verifications/engine.rb +22 -1
data/lib/decidim/verifications/version.rb +1 -1
data/lib/decidim/verifications/workflow_manifest.rb +1 -0
metadata +16 -12
data/app/views/decidim/verifications/authorizations/first_login.html.erb +0 -21

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7e1acf59049f1b4ace8f5817fe43d60ed34394c46ecb959cba8d1a075486c994
-  data.tar.gz: a2e2895a490a17667f7b3e6c037b9a19545cb31c8f1aeb216a8a28714dc1950d
+  metadata.gz: 73370de2874c14a91d2dfa972ea2a2f228b2f1303a4deaa4e05643e8a19c2919
+  data.tar.gz: b373104782c2536d56db880fa35c12acac7ff4f493d0b813537e29f816579795
 SHA512:
-  metadata.gz: 30bcb7118cca8f9bfee87d72cd43b1a4496009d8d3354b44b4cdd42b56453d71f0974f169625f93638cd0c1dfa59f0038dfd8f15d8a1ef394fc1533ae6d000e0
-  data.tar.gz: dd085ecde5f4ed49e5aad2111c6ceaf77e6b8b7dfc0ba6e9d4b5441d19958e3ca2db52195abe98fe716838723567017e882eed0e32ca0d6f8bd372eed8334061
+  metadata.gz: d9a4f2b93f42cf03451c9c6f3f08a1b661bb7f2384aba3b73df224bc862e4500aa9eabf67ca7452694fca5fe03d9814d342d5b188c7134a2e27ec92a1187fba0
+  data.tar.gz: 6b5ba9a048fdca5b285ad5638583de4e93215d77f94c47c94bbbb0b31dc7779387c1f54199903445e0cfdcc5262266eedba5e376ad6debe08edc75c156450cb1

data/app/commands/decidim/verifications/authorize_user.rb CHANGED Viewed

@@ -16,9 +16,22 @@ module Decidim
       #
       # - :ok when everything is valid.
       # - :invalid if the handler was not valid and we could not proceed.
+      # - :transferred if there is a duplicated authorization associated
+      #                to other user and the authorization can be
+      #                transferred.
+      # - :transfer_user if there is a duplicated authorization associated
+      #                  to an ephemeral user and the current user is also
+      #                  ephemeral the session is transferred to the user
+      #                  with the existing authorization
       #
       # Returns nothing.
       def call
+        if !handler.unique? && handler.user_transferrable?
+          handler.user = handler.duplicate.user
+          Authorization.create_or_update_from(handler)
+          return broadcast(:transfer_user, handler.user)
+        end
         return transfer_authorization if !handler.unique? && handler.transferrable?
         if handler.invalid?
@@ -27,6 +40,8 @@ module Decidim
           return broadcast(:invalid)
         end
+        return broadcast(:invalid) unless set_tos_agreement
         Authorization.create_or_update_from(handler)
         broadcast(:ok)
@@ -79,6 +94,15 @@ module Decidim
         conflict
       end
+      def set_tos_agreement
+        user = handler.user
+        return true if user.tos_accepted? || !user.ephemeral?
+        return unless handler.try(:tos_agreement)
+        user.update(accepted_tos_version: @organization.tos_version)
+      end
     end
   end
 end

data/app/commands/decidim/verifications/revoke_by_name_authorizations.rb ADDED Viewed

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+module Decidim
+  module Verifications
+    # A command to revoke authorizations by name
+    class RevokeByNameAuthorizations < Decidim::Command
+      # Public: Initializes the command.
+      #
+      # organization - Organization object.
+      # name - Authorizations handler name
+      # current_user - The current user.
+      def initialize(organization, name, current_user)
+        @organization = organization
+        @current_user = current_user
+        @name = name
+      end
+      # Executes the command. Broadcasts these events:
+      #
+      # - :ok when everything is valid.
+      # - :invalid if the handler was not valid and we could not proceed.
+      #
+      # Returns nothing.
+      def call
+        return broadcast(:invalid) unless [organization, name].all?(&:present?)
+        auths = Decidim::Verifications::Authorizations.new(
+          organization:,
+          name:,
+          granted: true
+        ).query
+        auths.find_each do |auth|
+          Decidim.traceability.perform_action!(
+            :destroy,
+            auth,
+            current_user
+          ) do
+            auth.destroy
+          end
+        end
+        broadcast(:ok)
+      end
+      private
+      attr_reader :organization, :name, :current_user
+    end
+  end
+end

data/app/controllers/decidim/verifications/authorizations_controller.rb CHANGED Viewed

@@ -5,8 +5,11 @@ module Decidim
     # This controller allows users to create and destroy their authorizations. It
     # should not be necessary to expand it to add new authorization schemes.
     class AuthorizationsController < Verifications::ApplicationController
-      helper_method :handler, :unauthorized_methods, :authorization_method, :authorization
-      before_action :valid_handler, only: [:new, :create]
+      helper_method :handler, :unauthorized_methods, :authorization_method, :authorization,
+                    :granted_authorizations, :pending_authorizations, :active_authorization_methods
+      before_action :valid_handler, :authorize_handler, only: [:new, :create]
+      before_action :set_ephemeral_user, only: :renew_onboarding_data
       include Decidim::UserProfile
       include Decidim::HtmlSafeFlash
@@ -16,23 +19,40 @@ module Decidim
       helper Decidim::AuthorizationFormHelper
       helper Decidim::TranslationsHelper
-      layout "layouts/decidim/authorizations", except: :index
+      layout "layouts/decidim/authorizations", except: [:index, :onboarding_pending]
       def new; end
-      def index
-        @granted_authorizations = granted_authorizations
-        @pending_authorizations = pending_authorizations
-      end
+      def index; end
+      def onboarding_pending
+        return redirect_back(fallback_location: authorizations_path) unless onboarding_manager.valid?
-      def first_login
-        if unauthorized_methods.length == 1
-          redirect_to(
-            action: :new,
-            handler: unauthorized_methods.first.name,
-            redirect_url: decidim.account_path
+        authorizations = action_authorized_to(onboarding_manager.action, **onboarding_manager.action_authorized_resources)
+        authorization_status = authorizations.global_code
+        if authorizations.single_authorization_required?
+          flash.keep
+          return redirect_to(authorizations.statuses.first.current_path(redirect_url: decidim_verifications.onboarding_pending_authorizations_path))
+        end
+        return unless onboarding_manager.finished_verifications?(active_authorization_methods) || authorization_status == :unauthorized
+        if authorization_status == :unauthorized
+          flash[:alert] = t("authorizations.onboarding_pending.unauthorized", scope: "decidim.verifications", action: onboarding_manager.action_text.downcase)
+        elsif current_user.ephemeral?
+          flash[:notice] = t("ephemeral_authorized_message", scope: "decidim.onboarding_action_message")
+        else
+          flash[:notice] = t(
+            "authorizations.onboarding_pending.completed_verifications",
+            scope: "decidim.verifications",
+            action: onboarding_manager.action_text.downcase,
+            resource_name: onboarding_manager.model_name.human.downcase
           )
         end
+        redirect_to onboarding_manager.finished_redirect_path
+        clear_onboarding_data!(current_user)
       end
       def create
@@ -57,6 +77,14 @@ module Decidim
             redirect_to redirect_url || authorizations_path
           end
+          on(:transfer_user) do |authorized_user|
+            authorized_user.update(last_sign_in_at: Time.current, deleted_at: nil)
+            sign_out(current_user)
+            sign_in(authorized_user)
+            redirect_to decidim_verifications.onboarding_pending_authorizations_path
+          end
           on(:invalid) do
             flash[:alert] = t("authorizations.create.error", scope: "decidim.verifications")
             render action: :new
@@ -64,6 +92,16 @@ module Decidim
         end
       end
+      def renew_onboarding_data
+        store_onboarding_cookie_data!(current_user)
+        redirect_to onboarding_pending_authorizations_path
+      end
+      def clear_onboarding_data
+        clear_onboarding_data!(current_user)
+      end
       protected
       def authorization_method(authorization)
@@ -103,6 +141,25 @@ module Decidim
         redirect_to(authorizations_path) && (return false)
       end
+      def authorize_handler
+        raise Decidim::ActionForbidden if current_user.ephemeral? && !Decidim::Verifications::Adapter.from_element(handler_name).ephemeral?
+      end
+      def set_ephemeral_user
+        return if user_signed_in?
+        onboarding_manager = Decidim::OnboardingManager.new(Decidim::User.new(extended_data: onboarding_cookie_data))
+        authorizations = action_authorized_to(onboarding_manager.action, **onboarding_manager.action_authorized_resources)
+        return unless authorizations.ephemeral?
+        form = Decidim::EphemeralUserForm.new(organization: current_organization, locale: current_locale)
+        CreateEphemeralUser.call(form) do
+          on(:ok) do |ephemeral_user|
+            sign_in(ephemeral_user)
+          end
+        end
+      end
       def unauthorized_methods
         @unauthorized_methods ||= available_verification_workflows.reject do |handler|
           active_authorization_methods.include?(handler.key)
@@ -110,15 +167,15 @@ module Decidim
       end
       def active_authorization_methods
-        Authorizations.new(organization: current_organization, user: current_user).pluck(:name)
+        @active_authorization_methods ||= Authorizations.new(organization: current_organization, user: current_user).pluck(:name)
       end
       def granted_authorizations
-        Authorizations.new(organization: current_organization, user: current_user, granted: true)
+        @granted_authorizations ||= Authorizations.new(organization: current_organization, user: current_user, granted: true)
       end
       def pending_authorizations
-        Authorizations.new(organization: current_organization, user: current_user, granted: false)
+        @pending_authorizations ||= Authorizations.new(organization: current_organization, user: current_user, granted: false)
       end
       def store_current_location

data/app/controllers/decidim/verifications/id_documents/authorizations_controller.rb CHANGED Viewed

@@ -14,7 +14,9 @@ module Decidim
         before_action :load_authorization
         def choose
-          return redirect_to action: :new, using: verification_type if available_methods.count == 1
+          url_params = { redirect_url: }.compact
+          return redirect_to(action: :new, **url_params.merge(using: verification_type)) if available_methods.count == 1
           render :choose
         end

data/app/forms/decidim/verifications/id_documents/admin/config_form.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Decidim
           attribute :offline, Boolean
           attribute :online, Boolean
-          translatable_attribute :offline_explanation, String
+          translatable_attribute :offline_explanation, Decidim::Attributes::RichText
           validates :offline_explanation, translatable_presence: true, if: :offline
           validate :has_some_method_selected?

data/app/forms/decidim/verifications/sms/mobile_phone_form.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module Decidim
         # A mobile phone can only be verified once but it should be private.
         def unique_id
           Digest::MD5.hexdigest(
-            "#{mobile_phone_number}-#{Rails.application.secrets.secret_key_base}"
+            "#{mobile_phone_number}-#{Rails.application.secret_key_base}"
           )
         end

data/app/helpers/decidim/verifications/application_helper.rb CHANGED Viewed

@@ -47,6 +47,12 @@ module Decidim
         renew_modal_authorizations_path(handler: authorization.name)
       end
+      def authorizations_back_path(user, redirect_url: nil)
+        return redirect_url if redirect_url == decidim_verifications.onboarding_pending_authorizations_path && pending_onboarding_action?(user)
+        decidim_verifications.authorizations_path
+      end
       def granted_authorization_explanation(authorization)
         expiration_timestamp = authorization.expires_at.presence && l(authorization.expires_at, format: :long_with_particles)
         if authorization.expired?
@@ -86,6 +92,28 @@ module Decidim
           button_text: t("authorizations.index.subscribe", scope: "decidim.verifications")
         }
       end
+      def onboarding_sections(onboarding_manager, redirect_url: nil, granted_authorizations: nil, pending_authorizations: nil, unauthorized_methods: nil)
+        [
+          [
+            t("granted_verifications", scope: "decidim.verifications.authorizations.onboarding_pending"),
+            onboarding_manager.filter_authorizations(granted_authorizations),
+            :granted_authorization_display_data
+          ],
+          [
+            t("pending_admin_approval_verifications", scope: "decidim.verifications.authorizations.onboarding_pending"),
+            onboarding_manager.filter_authorizations(pending_authorizations),
+            :pending_authorization_display_data
+          ],
+          [
+            t("pending_verifications", scope: "decidim.verifications.authorizations.onboarding_pending"),
+            onboarding_manager.filter_authorizations(unauthorized_methods),
+            :unauthorized_method_display_data
+          ]
+        ].filter_map do |title, authorizations, presenter|
+          { title:, items: authorizations.map { |authorization| send(presenter, authorization, redirect_url) } } if authorizations.present?
+        end
+      end
     end
   end
 end

data/app/models/decidim/verifications/conflict.rb CHANGED Viewed

@@ -4,5 +4,13 @@ module Decidim::Verifications
   class Conflict < ApplicationRecord
     belongs_to :current_user, class_name: "User"
     belongs_to :managed_user, class_name: "User"
+    def self.ransackable_attributes(_auth_object = nil)
+      []
+    end
+    def self.ransackable_associations(_auth_object = nil)
+      %w(current_user)
+    end
   end
 end

data/app/services/decidim/authorization_handler.rb CHANGED Viewed

@@ -20,7 +20,10 @@ module Decidim
     # infer the class name of the authorization handler.
     attribute :handler_name, String
+    attribute :tos_agreement, Boolean
     validate :uniqueness
+    validates :tos_agreement, allow_nil: false, acceptance: true, if: :ephemeral_tos_pending?
     # A unique ID to be implemented by the authorization handler that ensures
     # no duplicates are created. This uniqueness check will be skipped if
@@ -47,6 +50,15 @@ module Decidim
       duplicate.present? && duplicate.user.deleted?
     end
+    # Defines whether the identity of an ephemeral user with the same authorization
+    # can be transferred to the current session and replace the existing user.
+    #
+    # @return [Boolean] A boolean indicating whether the user identifier can be
+    #   transferred.
+    def user_transferrable?
+      duplicate.present? && [user, duplicate.user].all?(&:ephemeral?)
+    end
     # Fetches the duplicate record of the same authorization currently belonging
     # to other user than the user being authorized.
     #
@@ -67,7 +79,10 @@ module Decidim
     #
     # Returns an Array of Strings.
     def form_attributes
-      attributes.except("id", "user").keys
+      excluded = %w(id user)
+      excluded << "tos_agreement" unless ephemeral_tos_pending?
+      attributes.except(*excluded).keys
     end
     # The String partial path so Rails can render the handler as a form. This
@@ -155,6 +170,12 @@ module Decidim
       manifest.form.constantize.from_params(params || {})
     end
+    def ephemeral_tos_pending?
+      return if user.blank?
+      user.ephemeral? && !user.tos_accepted?
+    end
     private
     def uniqueness

data/app/views/decidim/verifications/authorizations/_tos_acceptance_field.html.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<div id="card__tos" class="form__wrapper-block">
+  <h2 class="h4"><%= t("decidim.devise.registrations.new.tos_title") %></h2>
+  <div>
+    <% terms_of_service_summary_content_blocks.each do |content_block| %>
+      <%= cell content_block.manifest.cell, content_block %>
+    <% end %>
+  </div>
+  <%= form.check_box :tos_agreement, label: t("decidim.verifications.authorizations.new.tos_agreement", link: link_to(t("decidim.devise.registrations.new.terms"), decidim.page_path("terms-of-service"))), label_options: { class: "form__wrapper-checkbox-label" } %>
+</div>

data/app/views/decidim/verifications/authorizations/index.html.erb CHANGED Viewed

@@ -12,13 +12,13 @@
         subsections << {
           title: t("authorizations.index.granted_verification", scope: "decidim.verifications"),
-          items: @granted_authorizations.map { |authorization| granted_authorization_display_data(authorization, redirect_url) }
-        } if @granted_authorizations.any?
+          items: granted_authorizations.map { |authorization| granted_authorization_display_data(authorization, redirect_url) }
+        } if granted_authorizations.any?
         subsections << {
           title: t("authorizations.index.pending_verification", scope: "decidim.verifications"),
-          items: @pending_authorizations.map { |authorization| pending_authorization_display_data(authorization, redirect_url) }
-        } if @pending_authorizations.any?
+          items: pending_authorizations.map { |authorization| pending_authorization_display_data(authorization, redirect_url) }
+        } if pending_authorizations.any?
         subsections << {
           title: t("authorizations.index.unauthorized_methods", scope: "decidim.verifications"),

data/app/views/decidim/verifications/authorizations/new.html.erb CHANGED Viewed

@@ -13,10 +13,16 @@
     </div>
   <% end %>
+  <% if current_user.ephemeral? && !current_user.tos_accepted? %>
+    <%= render partial: "tos_acceptance_field", locals: { form: } %>
+  <% end %>
   <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-    <%= link_to authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
-      <%= icon "arrow-left-line", class: "fill-current" %>
-      <span><%= t("decidim.wizard_step_form.wizard_aside.back") %></span>
+    <% if onboarding_manager.available_authorization_selection_page? %>
+      <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
+        <%= icon "arrow-left-line", class: "fill-current" %>
+        <span><%= t("decidim.wizard_step_form.wizard_aside.back") %></span>
+      <% end %>
     <% end %>
     <button type="submit" class="button button__sm md:button__lg button__secondary">
       <span><%= t("decidim.verifications.authorizations.new.authorize") %></span>
@@ -24,7 +30,9 @@
     </button>
   </div>
-  <p class="prose prose-a:text-secondary">
-    <%= t("decidim.verifications.authorizations.skip_verification", link: link_to(t("decidim.verifications.authorizations.start_exploring"), cta_button_path).html_safe).html_safe %>.
-  </p>
+  <% unless onboarding_manager.ephemeral? %>
+    <p class="prose prose-a:text-secondary">
+      <%= t("decidim.verifications.authorizations.skip_verification", link: link_to(t("decidim.verifications.authorizations.start_exploring"), cta_button_path).html_safe).html_safe %>.
+    </p>
+  <% end %>
 <% end %>

data/app/views/decidim/verifications/authorizations/onboarding_pending.html.erb ADDED Viewed

@@ -0,0 +1,38 @@
+<% add_decidim_page_title(t("authorizations", scope: "layouts.decidim.user_profile")) %>
+<% content_for(:subtitle) { t("authorizations", scope: "layouts.decidim.user_profile") } %>
+<% redirect_url = onboarding_pending_authorizations_path %>
+<%= append_javascript_pack_tag "decidim_verifications" %>
+<%= append_stylesheet_pack_tag "decidim_verifications" %>
+<%= render layout: "layouts/decidim/shared/layout_center" do %>
+  <div class="py-10">
+    <%= t(
+          "onboarding_message_html",
+          scope: "decidim.verifications.authorizations.onboarding_pending",
+          action: onboarding_manager.action_text.downcase,
+          resource_name: onboarding_manager.model_name.human.downcase,
+          resource_title: translated_attribute(onboarding_manager.model_title)
+        ) %>
+  </div>
+  <section class="authorizations-list">
+    <% onboarding_sections(
+        onboarding_manager,
+        redirect_url:,
+        granted_authorizations:,
+        pending_authorizations:,
+        unauthorized_methods:
+      ).each do |section| %>
+      <div class="verification__container-title"><%= section[:title] %></div>
+      <div class="verification__container my-4">
+        <% section[:items].each do |locals| %>
+          <%= render partial: "item", locals: %>
+        <% end %>
+      </div>
+    <% end %>
+  </section>
+  <p class="prose prose-a:text-secondary">
+    <%= t("decidim.verifications.authorizations.skip_verification", link: link_to(t("decidim.verifications.authorizations.start_exploring"), cta_button_path).html_safe).html_safe %>.
+  </p>
+<% end %>

data/app/views/decidim/verifications/id_documents/authorizations/choose.html.erb CHANGED Viewed

@@ -7,6 +7,6 @@
 <p><%= t("decidim.verifications.id_documents.authorizations.choose.choose_a_type") %></p>
 <div class="mt-4 flex justify-between">
-  <%= link_to t("decidim.verifications.id_documents.authorizations.choose.offline"), { action: :new, using: :offline }, class: "button button__sm md:button__lg button__transparent-secondary" %>
-  <%= link_to t("decidim.verifications.id_documents.authorizations.choose.online"), { action: :new, using: :online }, class: "button button__sm md:button__lg button__secondary" %>
+  <%= link_to t("decidim.verifications.id_documents.authorizations.choose.offline"), { action: :new, using: :offline, redirect_url: }.compact, class: "button button__sm md:button__lg button__transparent-secondary" %>
+  <%= link_to t("decidim.verifications.id_documents.authorizations.choose.online"), { action: :new, using: :online, redirect_url: }.compact, class: "button button__sm md:button__lg button__secondary" %>
 </div>

data/app/views/decidim/verifications/id_documents/authorizations/edit.html.erb CHANGED Viewed

@@ -18,7 +18,7 @@
     <%= render partial: "form", locals: { form: } %>
   <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-    <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
+    <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
       <%= icon "arrow-left-line", class: "fill-current" %>
       <span><%= t("decidim.wizard_step_form.wizard_aside.back") %></span>
     <% end %>

data/app/views/decidim/verifications/id_documents/authorizations/new.html.erb CHANGED Viewed

@@ -10,7 +10,7 @@
       <%= render partial: "form", locals: { form: } %>
   <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-    <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
+    <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
       <%= icon "arrow-left-line", class: "fill-current" %>
       <%= t("decidim.wizard_step_form.wizard_aside.back") %>
     <% end %>

data/app/views/decidim/verifications/postal_letter/authorizations/edit.html.erb CHANGED Viewed

@@ -13,7 +13,7 @@
     </div>
     <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-      <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
+      <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
         <%= icon "arrow-left-line", class: "fill-current" %>
         <span><%= t("decidim.wizard_step_form.wizard_aside.back") %></span>
       <% end %>
@@ -29,7 +29,7 @@
   </div>
   <div class="form__wrapper-block">
-    <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary mr-auto" do %>
+    <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
       <%= icon "arrow-left-line", class: "fill-current" %>
       <%= t("decidim.wizard_step_form.wizard_aside.back") %>
     <% end %>

data/app/views/decidim/verifications/postal_letter/authorizations/new.html.erb CHANGED Viewed

@@ -12,7 +12,7 @@
   </div>
   <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-    <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
+    <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
       <%= icon "arrow-left-line", class: "fill-current" %>
       <%= t("decidim.wizard_step_form.wizard_aside.back") %>
     <% end %>

data/app/views/decidim/verifications/sms/authorizations/edit.html.erb CHANGED Viewed

@@ -12,7 +12,7 @@
   </div>
   <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-    <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
+    <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
       <%= icon "arrow-left-line", class: "fill-current" %>
       <span><%= t("decidim.wizard_step_form.wizard_aside.back") %></span>
     <% end %>

data/app/views/decidim/verifications/sms/authorizations/new.html.erb CHANGED Viewed

@@ -12,7 +12,7 @@
   </div>
   <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-    <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
+    <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
       <%= icon "arrow-left-line", class: "fill-current" %>
       <span><%= t("decidim.wizard_step_form.wizard_aside.back") %></span>
     <% end %>

data/app/views/dummy_authorization/_form.html.erb CHANGED Viewed

@@ -3,10 +3,6 @@
   <p><%= t("extra_explanation.postal_codes", scope: "decidim.verifications.dummy_authorization", postal_codes: postal_codes.join(", "), count: postal_codes.count, user_postal_code: request["user_postal_code"]) %></p>
 <% end %>
-<% if request["scope"] && (scope = Decidim::Scope.find(request["scope"]&.to_i)) %>
-  <p><%= t("extra_explanation.scope", scope: "decidim.verifications.dummy_authorization", scope_name: translated_attribute(scope.name), user_scope_name: request["user_scope_name"]) %></p>
-<% end %>
 <div class="form__wrapper" data-partial-demo>
   <%= form.hidden_field :handler_name %>
   <%= form.text_field :document_number %>
@@ -14,6 +10,4 @@
   <div class="row">
     <%= form.date_field :birthday %>
   </div>
-  <%= scopes_select_field(form, :scope_id) %>
 </div>
-git

data/app/views/layouts/decidim/authorizations.html.erb CHANGED Viewed

@@ -3,6 +3,40 @@
 <%= render "layouts/decidim/application" do %>
   <%= render layout: "layouts/decidim/shared/layout_center" do %>
+    <% if onboarding_manager.valid? %>
+      <% authorizations = action_authorized_to(onboarding_manager.action, **onboarding_manager.action_authorized_resources) %>
+      <% if authorizations.single_authorization_required? && is_active_link?(authorizations.statuses.first.current_path) %>
+        <% if current_user.ephemeral? %>
+          <%= cell(
+            "decidim/announcement",
+            t("pending_ephemeral_authorization", scope: "decidim.onboarding_action_message"),
+            callout_class: "warning"
+          ) %>
+        <% else %>
+          <%= cell(
+            "decidim/announcement",
+            {
+              title: case authorizations.statuses.first.code
+                     when :expired
+                       t("expired_authorization_active_title", scope: "decidim.onboarding_action_message")
+                     when :incomplete
+                       t("incomplete_authorization_active_title", scope: "decidim.onboarding_action_message")
+                     else
+                       t("pending_authorization_active_title", scope: "decidim.onboarding_action_message")
+                     end,
+              body: t(
+                  "pending_authorization_active_message",
+                  scope: "decidim.onboarding_action_message",
+                  action: onboarding_manager.action_text.downcase,
+                  resource_name: onboarding_manager.model_name.human.downcase,
+                  resource_title: decidim_sanitize_translated(onboarding_manager.model_title)
+                )
+            },
+            callout_class: "warning"
+          ) %>
+        <% end %>
+      <% end %>
+    <% end %>
     <%= yield %>
   <% end %>
 <% end %>