diff --git a/app/controllers/accounts/connected_accounts_controller.rb b/app/controllers/accounts/connected_accounts_controller.rb
index f9c4581986e..480a4e5b312 100644
--- a/app/controllers/accounts/connected_accounts_controller.rb
+++ b/app/controllers/accounts/connected_accounts_controller.rb
@@ -3,6 +3,8 @@
module Accounts
class ConnectedAccountsController < ApplicationController
include RememberDeviceConcern
+ include ApplicationHelper
+
before_action :confirm_two_factor_authenticated
layout 'account_side_nav'
diff --git a/app/models/service_provider_identity.rb b/app/models/service_provider_identity.rb
index 5ad3eaf6ede..cc23f48e3cf 100644
--- a/app/models/service_provider_identity.rb
+++ b/app/models/service_provider_identity.rb
@@ -65,6 +65,10 @@ def happened_at
last_authenticated_at.in_time_zone('UTC')
end
+ def hide_change_email?
+ verified_attributes&.include?('all_emails') && !verified_attributes.include?('email')
+ end
+
def email_address_for_sharing
if IdentityConfig.store.feature_select_email_to_share_enabled && email_address
return email_address
diff --git a/app/views/accounts/_connected_app.html.erb b/app/views/accounts/_connected_app.html.erb
index 63b229fea39..e77c8c4cbd1 100644
--- a/app/views/accounts/_connected_app.html.erb
+++ b/app/views/accounts/_connected_app.html.erb
@@ -12,18 +12,24 @@
<% if IdentityConfig.store.feature_select_email_to_share_enabled %>
- <%= t(
- 'account.connected_apps.associated_attributes_html',
- timestamp_html: render(TimeComponent.new(time: identity.created_at)),
- ) %>
-
-
- <%= identity.email_address&.email || t('account.connected_apps.email_not_selected') %>
-
- <%= link_to(
- t('help_text.requested_attributes.change_email_link'),
- edit_connected_account_selected_email_path(identity_id: identity.id),
- ) %>
+ <% if !identity.hide_change_email? %>
+ <%= t(
+ 'account.connected_apps.associated_attributes_html',
+ timestamp_html: render(TimeComponent.new(time: identity.created_at)),
+ ) %>
+
+ <%= identity.email_address&.email || t('account.connected_apps.email_not_selected') %>
+
+ <%= link_to(
+ t('help_text.requested_attributes.change_email_link'),
+ edit_connected_account_selected_email_path(identity_id: identity.id),
+ ) %>
+ <% else %>
+ <%= t(
+ 'account.connected_apps.associated_html',
+ timestamp_html: render(TimeComponent.new(time: identity.created_at)),
+ ) %>
+ <% end %>
<% else %>
<%= t(
'account.connected_apps.associated_html',
diff --git a/spec/presenters/account_show_presenter_spec.rb b/spec/presenters/account_show_presenter_spec.rb
index f06774f5557..ecb1ddfea2c 100644
--- a/spec/presenters/account_show_presenter_spec.rb
+++ b/spec/presenters/account_show_presenter_spec.rb
@@ -521,19 +521,37 @@
end
describe '#connected_apps' do
- let(:user) { create(:user, identities: [create(:service_provider_identity)]) }
-
- subject(:connected_apps) { presenter.connected_apps }
-
- it 'delegates to user, eager-loading view-specific relations' do
- expect(connected_apps).to be_present
- .and eq(user.connected_apps)
- .and all(
- satisfy do |app|
- app.association(:service_provider_record).loaded? &&
- app.association(:email_address).loaded?
- end,
- )
+ context 'without email_address loaded' do
+ let(:user) { create(:user, identities: [create(:service_provider_identity)]) }
+
+ subject(:connected_apps) { presenter.connected_apps }
+
+ it 'does not attempt eager-loading' do
+ expect(connected_apps).to be_present
+ .and eq(user.connected_apps)
+ .and all(
+ satisfy do |app|
+ app.association(:service_provider_record).loaded?
+ end,
+ )
+ end
+ end
+
+ context 'with email_address loaded' do
+ let(:user) { create(:user, identities: [create(:service_provider_identity)]) }
+ let(:show_change_option) { true }
+ subject(:connected_apps) { presenter.connected_apps }
+
+ it 'delegates to user, eager-loading view-specific relations' do
+ expect(connected_apps).to be_present
+ .and eq(user.connected_apps)
+ .and all(
+ satisfy do |app|
+ app.association(:service_provider_record).loaded? &&
+ app.association(:email_address).loaded?
+ end,
+ )
+ end
end
end
@@ -666,4 +684,19 @@
end
end
end
+
+ describe '#show_change_option' do
+ let(:view_context) { ActionController::Base.new.view_context }
+ let(:service_provider) { create(:service_provider) }
+ let(:view_context) { ActionController::Base.new.view_context }
+
+ let(:decorated_sp_session) do
+ ServiceProviderSession.new(
+ sp: service_provider,
+ view_context: view_context,
+ sp_session: {},
+ service_provider_request: ServiceProviderRequestProxy.new,
+ )
+ end
+ end
end
diff --git a/spec/views/accounts/connected_accounts/show.html.erb_spec.rb b/spec/views/accounts/connected_accounts/show.html.erb_spec.rb
index 9a18c8cbb00..d44fae7bcd7 100644
--- a/spec/views/accounts/connected_accounts/show.html.erb_spec.rb
+++ b/spec/views/accounts/connected_accounts/show.html.erb_spec.rb
@@ -107,4 +107,34 @@
expect(rendered).to_not include('<')
end
end
+
+ context 'when the partner requests all_emails' do
+ let!(:identity) do
+ create(:service_provider_identity, deleted_at: nil, verified_attributes: ['all_emails'])
+ end
+
+ it 'does not show the change link' do
+ render
+
+ expect(rendered).not_to have_link(
+ t('help_text.requested_attributes.change_email_link'),
+ href: edit_connected_account_selected_email_path(identity_id: identity.id),
+ )
+ end
+ end
+
+ context 'when the partner does not request email' do
+ let!(:identity) do
+ create(:service_provider_identity, deleted_at: nil, verified_attributes: ['ssn'])
+ end
+
+ it 'hides the change link' do
+ render
+
+ expect(rendered).to_not have_link(
+ t('help_text.requested_attributes.change_email_link'),
+ href: edit_connected_account_selected_email_path(identity_id: identity.id),
+ )
+ end
+ end
end