RubyGems - decidim-verifications - Versions diffs - 0.29.2 → 0.30.0.rc2 - Mend

decidim-verifications 0.29.2 → 0.30.0.rc2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

checksums.yaml +4 -4
data/app/commands/decidim/verifications/authorize_user.rb +24 -0
data/app/commands/decidim/verifications/revoke_by_name_authorizations.rb +51 -0
data/app/controllers/decidim/verifications/authorizations_controller.rb +73 -16
data/app/controllers/decidim/verifications/id_documents/authorizations_controller.rb +3 -1
data/app/forms/decidim/verifications/sms/mobile_phone_form.rb +1 -1
data/app/helpers/decidim/verifications/application_helper.rb +28 -0
data/app/models/decidim/verifications/conflict.rb +8 -0
data/app/services/decidim/authorization_handler.rb +22 -1
data/app/views/decidim/verifications/authorizations/_tos_acceptance_field.html.erb +11 -0
data/app/views/decidim/verifications/authorizations/index.html.erb +4 -4
data/app/views/decidim/verifications/authorizations/new.html.erb +14 -6
data/app/views/decidim/verifications/authorizations/onboarding_pending.html.erb +38 -0
data/app/views/decidim/verifications/id_documents/authorizations/choose.html.erb +2 -2
data/app/views/decidim/verifications/id_documents/authorizations/edit.html.erb +1 -1
data/app/views/decidim/verifications/id_documents/authorizations/new.html.erb +1 -1
data/app/views/decidim/verifications/postal_letter/authorizations/edit.html.erb +2 -2
data/app/views/decidim/verifications/postal_letter/authorizations/new.html.erb +1 -1
data/app/views/decidim/verifications/sms/authorizations/edit.html.erb +1 -1
data/app/views/decidim/verifications/sms/authorizations/new.html.erb +1 -1
data/app/views/dummy_authorization/_form.html.erb +0 -6
data/app/views/layouts/decidim/authorizations.html.erb +34 -0
data/config/locales/ar.yml +10 -21
data/config/locales/bg.yml +21 -36
data/config/locales/ca.yml +38 -35
data/config/locales/cs.yml +38 -35
data/config/locales/de.yml +38 -35
data/config/locales/el.yml +8 -22
data/config/locales/en.yml +18 -15
data/config/locales/es-MX.yml +39 -36
data/config/locales/es-PY.yml +39 -36
data/config/locales/es.yml +38 -35
data/config/locales/eu.yml +39 -36
data/config/locales/fi-plain.yml +38 -35
data/config/locales/fi.yml +38 -35
data/config/locales/fr-CA.yml +34 -36
data/config/locales/fr.yml +34 -36
data/config/locales/gl.yml +8 -24
data/config/locales/hu.yml +10 -25
data/config/locales/id-ID.yml +8 -21
data/config/locales/is-IS.yml +8 -16
data/config/locales/it.yml +8 -24
data/config/locales/ja.yml +38 -36
data/config/locales/lt.yml +10 -25
data/config/locales/lv.yml +8 -22
data/config/locales/nl.yml +8 -24
data/config/locales/no.yml +8 -24
data/config/locales/pl.yml +21 -36
data/config/locales/pt-BR.yml +8 -24
data/config/locales/pt.yml +8 -24
data/config/locales/ro-RO.yml +8 -24
data/config/locales/ru.yml +8 -17
data/config/locales/sk.yml +8 -22
data/config/locales/sv.yml +21 -34
data/config/locales/tr-TR.yml +8 -23
data/config/locales/uk.yml +8 -17
data/config/locales/zh-CN.yml +8 -25
data/config/locales/zh-TW.yml +10 -25
data/decidim-verifications.gemspec +1 -1
data/lib/decidim/verifications/adapter.rb +1 -1
data/lib/decidim/verifications/engine.rb +22 -1
data/lib/decidim/verifications/version.rb +1 -1
data/lib/decidim/verifications/workflow_manifest.rb +1 -0
metadata +13 -11
data/app/views/decidim/verifications/authorizations/first_login.html.erb +0 -21

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 49ff72a860fec85533ab436db4e7c70a262b27de8abbeea7ad177f65cbaaaa4f
-  data.tar.gz: 912fa95af54afc87537d35134863392c3547792aa818573a580df748985e63ee
+  metadata.gz: dbf4b3cecf23032b6b5a0cb28d16a1ede3b1a33d6ce68026e52ed158e7de882f
+  data.tar.gz: c026654751a16bea277b65e560f16c9fdbcfa1fddcf0e5ee3f5e6909cba5f5f7
 SHA512:
-  metadata.gz: b72c35d415950c125f9fafd24f2989293c76a74ff19d7e50a7c1af731df139cfedd2907b7494ce22eca2555b93a68aa8ba501e2641c54dca297160228b7444fd
-  data.tar.gz: a7c472ec82128d09f7b27a8f99ebe6f4dc610c7704230684e8222136b3615776b5f8c18074ac9696e82438046c36203246b4c7d7c853254b3f32dbafc541f1aa
+  metadata.gz: c89002102986c8a645b88d9946b479db2cb4f1eda46c2fc626a2b3815597c75f90ea495bacecb1d8dbf4b1084c646268a3541d195188c97f1ad51a40a3f9fc7b
+  data.tar.gz: b821c2fa1cbfdb0d324efb821909a0460a29ff297b5bddb1aa14c55412238fd0dd6a8e6982c5452fcf238ab23e7380541b01932153438c5c55a9d44693781454

data/app/commands/decidim/verifications/authorize_user.rb CHANGED Viewed

@@ -16,9 +16,22 @@ module Decidim
       #
       # - :ok when everything is valid.
       # - :invalid if the handler was not valid and we could not proceed.
+      # - :transferred if there is a duplicated authorization associated
+      #                to other user and the authorization can be
+      #                transferred.
+      # - :transfer_user if there is a duplicated authorization associated
+      #                  to an ephemeral user and the current user is also
+      #                  ephemeral the session is transferred to the user
+      #                  with the existing authorization
       #
       # Returns nothing.
       def call
+        if !handler.unique? && handler.user_transferrable?
+          handler.user = handler.duplicate.user
+          Authorization.create_or_update_from(handler)
+          return broadcast(:transfer_user, handler.user)
+        end
         return transfer_authorization if !handler.unique? && handler.transferrable?
         if handler.invalid?
@@ -27,6 +40,8 @@ module Decidim
           return broadcast(:invalid)
         end
+        return broadcast(:invalid) unless set_tos_agreement
         Authorization.create_or_update_from(handler)
         broadcast(:ok)
@@ -79,6 +94,15 @@ module Decidim
         conflict
       end
+      def set_tos_agreement
+        user = handler.user
+        return true if user.tos_accepted? || !user.ephemeral?
+        return unless handler.try(:tos_agreement)
+        user.update(accepted_tos_version: @organization.tos_version)
+      end
     end
   end
 end

data/app/commands/decidim/verifications/revoke_by_name_authorizations.rb ADDED Viewed

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+module Decidim
+  module Verifications
+    # A command to revoke authorizations by name
+    class RevokeByNameAuthorizations < Decidim::Command
+      # Public: Initializes the command.
+      #
+      # organization - Organization object.
+      # name - Authorizations handler name
+      # current_user - The current user.
+      def initialize(organization, name, current_user)
+        @organization = organization
+        @current_user = current_user
+        @name = name
+      end
+      # Executes the command. Broadcasts these events:
+      #
+      # - :ok when everything is valid.
+      # - :invalid if the handler was not valid and we could not proceed.
+      #
+      # Returns nothing.
+      def call
+        return broadcast(:invalid) unless [organization, name].all?(&:present?)
+        auths = Decidim::Verifications::Authorizations.new(
+          organization:,
+          name:,
+          granted: true
+        ).query
+        auths.find_each do |auth|
+          Decidim.traceability.perform_action!(
+            :destroy,
+            auth,
+            current_user
+          ) do
+            auth.destroy
+          end
+        end
+        broadcast(:ok)
+      end
+      private
+      attr_reader :organization, :name, :current_user
+    end
+  end
+end

data/app/controllers/decidim/verifications/authorizations_controller.rb CHANGED Viewed

@@ -5,8 +5,11 @@ module Decidim
     # This controller allows users to create and destroy their authorizations. It
     # should not be necessary to expand it to add new authorization schemes.
     class AuthorizationsController < Verifications::ApplicationController
-      helper_method :handler, :unauthorized_methods, :authorization_method, :authorization
-      before_action :valid_handler, only: [:new, :create]
+      helper_method :handler, :unauthorized_methods, :authorization_method, :authorization,
+                    :granted_authorizations, :pending_authorizations, :active_authorization_methods
+      before_action :valid_handler, :authorize_handler, only: [:new, :create]
+      before_action :set_ephemeral_user, only: :renew_onboarding_data
       include Decidim::UserProfile
       include Decidim::HtmlSafeFlash
@@ -16,23 +19,40 @@ module Decidim
       helper Decidim::AuthorizationFormHelper
       helper Decidim::TranslationsHelper
-      layout "layouts/decidim/authorizations", except: :index
+      layout "layouts/decidim/authorizations", except: [:index, :onboarding_pending]
       def new; end
-      def index
-        @granted_authorizations = granted_authorizations
-        @pending_authorizations = pending_authorizations
-      end
+      def index; end
+      def onboarding_pending
+        return redirect_back(fallback_location: authorizations_path) unless onboarding_manager.valid?
-      def first_login
-        if unauthorized_methods.length == 1
-          redirect_to(
-            action: :new,
-            handler: unauthorized_methods.first.name,
-            redirect_url: decidim.account_path
+        authorizations = action_authorized_to(onboarding_manager.action, **onboarding_manager.action_authorized_resources)
+        authorization_status = authorizations.global_code
+        if authorizations.single_authorization_required?
+          flash.keep
+          return redirect_to(authorizations.statuses.first.current_path(redirect_url: decidim_verifications.onboarding_pending_authorizations_path))
+        end
+        return unless onboarding_manager.finished_verifications?(active_authorization_methods) || authorization_status == :unauthorized
+        if authorization_status == :unauthorized
+          flash[:alert] = t("authorizations.onboarding_pending.unauthorized", scope: "decidim.verifications", action: onboarding_manager.action_text.downcase)
+        elsif current_user.ephemeral?
+          flash[:notice] = t("ephemeral_authorized_message", scope: "decidim.onboarding_action_message")
+        else
+          flash[:notice] = t(
+            "authorizations.onboarding_pending.completed_verifications",
+            scope: "decidim.verifications",
+            action: onboarding_manager.action_text.downcase,
+            resource_name: onboarding_manager.model_name.human.downcase
           )
         end
+        redirect_to onboarding_manager.finished_redirect_path
+        clear_onboarding_data!(current_user)
       end
       def create
@@ -57,6 +77,14 @@ module Decidim
             redirect_to redirect_url || authorizations_path
           end
+          on(:transfer_user) do |authorized_user|
+            authorized_user.update(last_sign_in_at: Time.current, deleted_at: nil)
+            sign_out(current_user)
+            sign_in(authorized_user)
+            redirect_to decidim_verifications.onboarding_pending_authorizations_path
+          end
           on(:invalid) do
             flash[:alert] = t("authorizations.create.error", scope: "decidim.verifications")
             render action: :new
@@ -64,6 +92,16 @@ module Decidim
         end
       end
+      def renew_onboarding_data
+        store_onboarding_cookie_data!(current_user)
+        redirect_to onboarding_pending_authorizations_path
+      end
+      def clear_onboarding_data
+        clear_onboarding_data!(current_user)
+      end
       protected
       def authorization_method(authorization)
@@ -103,6 +141,25 @@ module Decidim
         redirect_to(authorizations_path) && (return false)
       end
+      def authorize_handler
+        raise Decidim::ActionForbidden if current_user.ephemeral? && !Decidim::Verifications::Adapter.from_element(handler_name).ephemeral?
+      end
+      def set_ephemeral_user
+        return if user_signed_in?
+        onboarding_manager = Decidim::OnboardingManager.new(Decidim::User.new(extended_data: onboarding_cookie_data))
+        authorizations = action_authorized_to(onboarding_manager.action, **onboarding_manager.action_authorized_resources)
+        return unless authorizations.ephemeral?
+        form = Decidim::EphemeralUserForm.new(organization: current_organization, locale: current_locale)
+        CreateEphemeralUser.call(form) do
+          on(:ok) do |ephemeral_user|
+            sign_in(ephemeral_user)
+          end
+        end
+      end
       def unauthorized_methods
         @unauthorized_methods ||= available_verification_workflows.reject do |handler|
           active_authorization_methods.include?(handler.key)
@@ -110,15 +167,15 @@ module Decidim
       end
       def active_authorization_methods
-        Authorizations.new(organization: current_organization, user: current_user).pluck(:name)
+        @active_authorization_methods ||= Authorizations.new(organization: current_organization, user: current_user).pluck(:name)
       end
       def granted_authorizations
-        Authorizations.new(organization: current_organization, user: current_user, granted: true)
+        @granted_authorizations ||= Authorizations.new(organization: current_organization, user: current_user, granted: true)
       end
       def pending_authorizations
-        Authorizations.new(organization: current_organization, user: current_user, granted: false)
+        @pending_authorizations ||= Authorizations.new(organization: current_organization, user: current_user, granted: false)
       end
       def store_current_location

data/app/controllers/decidim/verifications/id_documents/authorizations_controller.rb CHANGED Viewed

@@ -14,7 +14,9 @@ module Decidim
         before_action :load_authorization
         def choose
-          return redirect_to action: :new, using: verification_type if available_methods.count == 1
+          url_params = { redirect_url: }.compact
+          return redirect_to(action: :new, **url_params.merge(using: verification_type)) if available_methods.count == 1
           render :choose
         end

data/app/forms/decidim/verifications/sms/mobile_phone_form.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module Decidim
         # A mobile phone can only be verified once but it should be private.
         def unique_id
           Digest::MD5.hexdigest(
-            "#{mobile_phone_number}-#{Rails.application.secrets.secret_key_base}"
+            "#{mobile_phone_number}-#{Rails.application.secret_key_base}"
           )
         end

data/app/helpers/decidim/verifications/application_helper.rb CHANGED Viewed

@@ -47,6 +47,12 @@ module Decidim
         renew_modal_authorizations_path(handler: authorization.name)
       end
+      def authorizations_back_path(user, redirect_url: nil)
+        return redirect_url if redirect_url == decidim_verifications.onboarding_pending_authorizations_path && pending_onboarding_action?(user)
+        decidim_verifications.authorizations_path
+      end
       def granted_authorization_explanation(authorization)
         expiration_timestamp = authorization.expires_at.presence && l(authorization.expires_at, format: :long_with_particles)
         if authorization.expired?
@@ -86,6 +92,28 @@ module Decidim
           button_text: t("authorizations.index.subscribe", scope: "decidim.verifications")
         }
       end
+      def onboarding_sections(onboarding_manager, redirect_url: nil, granted_authorizations: nil, pending_authorizations: nil, unauthorized_methods: nil)
+        [
+          [
+            t("granted_verifications", scope: "decidim.verifications.authorizations.onboarding_pending"),
+            onboarding_manager.filter_authorizations(granted_authorizations),
+            :granted_authorization_display_data
+          ],
+          [
+            t("pending_admin_approval_verifications", scope: "decidim.verifications.authorizations.onboarding_pending"),
+            onboarding_manager.filter_authorizations(pending_authorizations),
+            :pending_authorization_display_data
+          ],
+          [
+            t("pending_verifications", scope: "decidim.verifications.authorizations.onboarding_pending"),
+            onboarding_manager.filter_authorizations(unauthorized_methods),
+            :unauthorized_method_display_data
+          ]
+        ].filter_map do |title, authorizations, presenter|
+          { title:, items: authorizations.map { |authorization| send(presenter, authorization, redirect_url) } } if authorizations.present?
+        end
+      end
     end
   end
 end

data/app/models/decidim/verifications/conflict.rb CHANGED Viewed

@@ -4,5 +4,13 @@ module Decidim::Verifications
   class Conflict < ApplicationRecord
     belongs_to :current_user, class_name: "User"
     belongs_to :managed_user, class_name: "User"
+    def self.ransackable_attributes(_auth_object = nil)
+      []
+    end
+    def self.ransackable_associations(_auth_object = nil)
+      %w(current_user)
+    end
   end
 end

data/app/services/decidim/authorization_handler.rb CHANGED Viewed

@@ -20,7 +20,10 @@ module Decidim
     # infer the class name of the authorization handler.
     attribute :handler_name, String
+    attribute :tos_agreement, Boolean
     validate :uniqueness
+    validates :tos_agreement, allow_nil: false, acceptance: true, if: :ephemeral_tos_pending?
     # A unique ID to be implemented by the authorization handler that ensures
     # no duplicates are created. This uniqueness check will be skipped if
@@ -47,6 +50,15 @@ module Decidim
       duplicate.present? && duplicate.user.deleted?
     end
+    # Defines whether the identity of an ephemeral user with the same authorization
+    # can be transferred to the current session and replace the existing user.
+    #
+    # @return [Boolean] A boolean indicating whether the user identifier can be
+    #   transferred.
+    def user_transferrable?
+      duplicate.present? && [user, duplicate.user].all?(&:ephemeral?)
+    end
     # Fetches the duplicate record of the same authorization currently belonging
     # to other user than the user being authorized.
     #
@@ -67,7 +79,10 @@ module Decidim
     #
     # Returns an Array of Strings.
     def form_attributes
-      attributes.except("id", "user").keys
+      excluded = %w(id user)
+      excluded << "tos_agreement" unless ephemeral_tos_pending?
+      attributes.except(*excluded).keys
     end
     # The String partial path so Rails can render the handler as a form. This
@@ -155,6 +170,12 @@ module Decidim
       manifest.form.constantize.from_params(params || {})
     end
+    def ephemeral_tos_pending?
+      return if user.blank?
+      user.ephemeral? && !user.tos_accepted?
+    end
     private
     def uniqueness

data/app/views/decidim/verifications/authorizations/_tos_acceptance_field.html.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<div id="card__tos" class="form__wrapper-block">
+  <h2 class="h4"><%= t("decidim.devise.registrations.new.tos_title") %></h2>
+  <div>
+    <% terms_of_service_summary_content_blocks.each do |content_block| %>
+      <%= cell content_block.manifest.cell, content_block %>
+    <% end %>
+  </div>
+  <%= form.check_box :tos_agreement, label: t("decidim.verifications.authorizations.new.tos_agreement", link: link_to(t("decidim.devise.registrations.new.terms"), decidim.page_path("terms-of-service"))), label_options: { class: "form__wrapper-checkbox-label" } %>
+</div>

data/app/views/decidim/verifications/authorizations/index.html.erb CHANGED Viewed

@@ -12,13 +12,13 @@
         subsections << {
           title: t("authorizations.index.granted_verification", scope: "decidim.verifications"),
-          items: @granted_authorizations.map { |authorization| granted_authorization_display_data(authorization, redirect_url) }
-        } if @granted_authorizations.any?
+          items: granted_authorizations.map { |authorization| granted_authorization_display_data(authorization, redirect_url) }
+        } if granted_authorizations.any?
         subsections << {
           title: t("authorizations.index.pending_verification", scope: "decidim.verifications"),
-          items: @pending_authorizations.map { |authorization| pending_authorization_display_data(authorization, redirect_url) }
-        } if @pending_authorizations.any?
+          items: pending_authorizations.map { |authorization| pending_authorization_display_data(authorization, redirect_url) }
+        } if pending_authorizations.any?
         subsections << {
           title: t("authorizations.index.unauthorized_methods", scope: "decidim.verifications"),

data/app/views/decidim/verifications/authorizations/new.html.erb CHANGED Viewed

@@ -13,10 +13,16 @@
     </div>
   <% end %>
+  <% if current_user.ephemeral? && !current_user.tos_accepted? %>
+    <%= render partial: "tos_acceptance_field", locals: { form: } %>
+  <% end %>
   <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-    <%= link_to authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
-      <%= icon "arrow-left-line", class: "fill-current" %>
-      <span><%= t("decidim.wizard_step_form.wizard_aside.back") %></span>
+    <% if onboarding_manager.available_authorization_selection_page? %>
+      <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
+        <%= icon "arrow-left-line", class: "fill-current" %>
+        <span><%= t("decidim.wizard_step_form.wizard_aside.back") %></span>
+      <% end %>
     <% end %>
     <button type="submit" class="button button__sm md:button__lg button__secondary">
       <span><%= t("decidim.verifications.authorizations.new.authorize") %></span>
@@ -24,7 +30,9 @@
     </button>
   </div>
-  <p class="prose prose-a:text-secondary">
-    <%= t("decidim.verifications.authorizations.skip_verification", link: link_to(t("decidim.verifications.authorizations.start_exploring"), cta_button_path).html_safe).html_safe %>.
-  </p>
+  <% unless onboarding_manager.ephemeral? %>
+    <p class="prose prose-a:text-secondary">
+      <%= t("decidim.verifications.authorizations.skip_verification", link: link_to(t("decidim.verifications.authorizations.start_exploring"), cta_button_path).html_safe).html_safe %>.
+    </p>
+  <% end %>
 <% end %>

data/app/views/decidim/verifications/authorizations/onboarding_pending.html.erb ADDED Viewed

@@ -0,0 +1,38 @@
+<% add_decidim_page_title(t("authorizations", scope: "layouts.decidim.user_profile")) %>
+<% content_for(:subtitle) { t("authorizations", scope: "layouts.decidim.user_profile") } %>
+<% redirect_url = onboarding_pending_authorizations_path %>
+<%= append_javascript_pack_tag "decidim_verifications" %>
+<%= append_stylesheet_pack_tag "decidim_verifications" %>
+<%= render layout: "layouts/decidim/shared/layout_center" do %>
+  <div class="py-10">
+    <%= t(
+          "onboarding_message_html",
+          scope: "decidim.verifications.authorizations.onboarding_pending",
+          action: onboarding_manager.action_text.downcase,
+          resource_name: onboarding_manager.model_name.human.downcase,
+          resource_title: translated_attribute(onboarding_manager.model_title)
+        ) %>
+  </div>
+  <section class="authorizations-list">
+    <% onboarding_sections(
+        onboarding_manager,
+        redirect_url:,
+        granted_authorizations:,
+        pending_authorizations:,
+        unauthorized_methods:
+      ).each do |section| %>
+      <div class="verification__container-title"><%= section[:title] %></div>
+      <div class="verification__container my-4">
+        <% section[:items].each do |locals| %>
+          <%= render partial: "item", locals: %>
+        <% end %>
+      </div>
+    <% end %>
+  </section>
+  <p class="prose prose-a:text-secondary">
+    <%= t("decidim.verifications.authorizations.skip_verification", link: link_to(t("decidim.verifications.authorizations.start_exploring"), cta_button_path).html_safe).html_safe %>.
+  </p>
+<% end %>

data/app/views/decidim/verifications/id_documents/authorizations/choose.html.erb CHANGED Viewed

@@ -7,6 +7,6 @@
 <p><%= t("decidim.verifications.id_documents.authorizations.choose.choose_a_type") %></p>
 <div class="mt-4 flex justify-between">
-  <%= link_to t("decidim.verifications.id_documents.authorizations.choose.offline"), { action: :new, using: :offline }, class: "button button__sm md:button__lg button__transparent-secondary" %>
-  <%= link_to t("decidim.verifications.id_documents.authorizations.choose.online"), { action: :new, using: :online }, class: "button button__sm md:button__lg button__secondary" %>
+  <%= link_to t("decidim.verifications.id_documents.authorizations.choose.offline"), { action: :new, using: :offline, redirect_url: }.compact, class: "button button__sm md:button__lg button__transparent-secondary" %>
+  <%= link_to t("decidim.verifications.id_documents.authorizations.choose.online"), { action: :new, using: :online, redirect_url: }.compact, class: "button button__sm md:button__lg button__secondary" %>
 </div>

data/app/views/decidim/verifications/id_documents/authorizations/edit.html.erb CHANGED Viewed

@@ -18,7 +18,7 @@
     <%= render partial: "form", locals: { form: } %>
   <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-    <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
+    <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
       <%= icon "arrow-left-line", class: "fill-current" %>
       <span><%= t("decidim.wizard_step_form.wizard_aside.back") %></span>
     <% end %>

data/app/views/decidim/verifications/id_documents/authorizations/new.html.erb CHANGED Viewed

@@ -10,7 +10,7 @@
       <%= render partial: "form", locals: { form: } %>
   <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-    <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
+    <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
       <%= icon "arrow-left-line", class: "fill-current" %>
       <%= t("decidim.wizard_step_form.wizard_aside.back") %>
     <% end %>

data/app/views/decidim/verifications/postal_letter/authorizations/edit.html.erb CHANGED Viewed

@@ -13,7 +13,7 @@
     </div>
     <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-      <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
+      <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
         <%= icon "arrow-left-line", class: "fill-current" %>
         <span><%= t("decidim.wizard_step_form.wizard_aside.back") %></span>
       <% end %>
@@ -29,7 +29,7 @@
   </div>
   <div class="form__wrapper-block">
-    <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary mr-auto" do %>
+    <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
       <%= icon "arrow-left-line", class: "fill-current" %>
       <%= t("decidim.wizard_step_form.wizard_aside.back") %>
     <% end %>

data/app/views/decidim/verifications/postal_letter/authorizations/new.html.erb CHANGED Viewed

@@ -12,7 +12,7 @@
   </div>
   <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-    <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
+    <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
       <%= icon "arrow-left-line", class: "fill-current" %>
       <%= t("decidim.wizard_step_form.wizard_aside.back") %>
     <% end %>

data/app/views/decidim/verifications/sms/authorizations/edit.html.erb CHANGED Viewed

@@ -12,7 +12,7 @@
   </div>
   <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-    <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
+    <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
       <%= icon "arrow-left-line", class: "fill-current" %>
       <span><%= t("decidim.wizard_step_form.wizard_aside.back") %></span>
     <% end %>

data/app/views/decidim/verifications/sms/authorizations/new.html.erb CHANGED Viewed

@@ -12,7 +12,7 @@
   </div>
   <div class="form__wrapper-block flex-col-reverse md:flex-row justify-between">
-    <%= link_to decidim_verifications.authorizations_path, class: "button button__sm md:button__lg button__text-secondary" do %>
+    <%= link_to authorizations_back_path(current_user, redirect_url:), class: "button button__sm md:button__lg button__text-secondary" do %>
       <%= icon "arrow-left-line", class: "fill-current" %>
       <span><%= t("decidim.wizard_step_form.wizard_aside.back") %></span>
     <% end %>

data/app/views/dummy_authorization/_form.html.erb CHANGED Viewed

@@ -3,10 +3,6 @@
   <p><%= t("extra_explanation.postal_codes", scope: "decidim.verifications.dummy_authorization", postal_codes: postal_codes.join(", "), count: postal_codes.count, user_postal_code: request["user_postal_code"]) %></p>
 <% end %>
-<% if request["scope"] && (scope = Decidim::Scope.find(request["scope"]&.to_i)) %>
-  <p><%= t("extra_explanation.scope", scope: "decidim.verifications.dummy_authorization", scope_name: translated_attribute(scope.name), user_scope_name: request["user_scope_name"]) %></p>
-<% end %>
 <div class="form__wrapper" data-partial-demo>
   <%= form.hidden_field :handler_name %>
   <%= form.text_field :document_number %>
@@ -14,6 +10,4 @@
   <div class="row">
     <%= form.date_field :birthday %>
   </div>
-  <%= scopes_select_field(form, :scope_id) %>
 </div>
-git

data/app/views/layouts/decidim/authorizations.html.erb CHANGED Viewed

@@ -3,6 +3,40 @@
 <%= render "layouts/decidim/application" do %>
   <%= render layout: "layouts/decidim/shared/layout_center" do %>
+    <% if onboarding_manager.valid? %>
+      <% authorizations = action_authorized_to(onboarding_manager.action, **onboarding_manager.action_authorized_resources) %>
+      <% if authorizations.single_authorization_required? && is_active_link?(authorizations.statuses.first.current_path) %>
+        <% if current_user.ephemeral? %>
+          <%= cell(
+            "decidim/announcement",
+            t("pending_ephemeral_authorization", scope: "decidim.onboarding_action_message"),
+            callout_class: "warning"
+          ) %>
+        <% else %>
+          <%= cell(
+            "decidim/announcement",
+            {
+              title: case authorizations.statuses.first.code
+                     when :expired
+                       t("expired_authorization_active_title", scope: "decidim.onboarding_action_message")
+                     when :incomplete
+                       t("incomplete_authorization_active_title", scope: "decidim.onboarding_action_message")
+                     else
+                       t("pending_authorization_active_title", scope: "decidim.onboarding_action_message")
+                     end,
+              body: t(
+                  "pending_authorization_active_message",
+                  scope: "decidim.onboarding_action_message",
+                  action: onboarding_manager.action_text.downcase,
+                  resource_name: onboarding_manager.model_name.human.downcase,
+                  resource_title: decidim_sanitize_translated(onboarding_manager.model_title)
+                )
+            },
+            callout_class: "warning"
+          ) %>
+        <% end %>
+      <% end %>
+    <% end %>
     <%= yield %>
   <% end %>
 <% end %>