Bypass feature

app/controllers/one_login_controller.rb

@@ -16,14 +16,35 @@ def callback
     redirect_to auth_onelogin_sign_out_path
   end
 
+  def bypass_callback
+    one_login_user_bypass = OneLoginUserBypass.new(
+      token: request.env['omniauth.auth']&.uid,
+    )
+    candidate = one_login_user_bypass.authentificate
+
+    if one_login_user_bypass.valid? && candidate.present?
+      sign_in(candidate, scope: :candidate)
+      candidate.update!(last_signed_in_at: Time.zone.now)
+
+      redirect_to candidate_interface_interstitial_path
+    else
+      flash[:warning] = one_login_user_bypass.errors.full_messages.join('\n')
+      redirect_to candidate_interface_create_account_or_sign_in_path
+    end
+  end
+
   def sign_out
     id_token = session[:onelogin_id_token]
     one_login_error = session[:one_login_error]
     reset_session
 
     session[:one_login_error] = one_login_error
-    # Go back to one login to sign out the user on their end as well
-    redirect_to logout_onelogin_path(id_token_hint: id_token)
+    if OneLogin.bypass?
+      redirect_to candidate_interface_create_account_or_sign_in_path
+    else
+      # Go back to one login to sign out the user on their end as well
+      redirect_to logout_onelogin_path(id_token_hint: id_token)
+    end
   end
 
   def sign_out_complete

app/models/one_login_user_bypass.rb

@@ -0,0 +1,30 @@
+class OneLoginUserBypass
+  include ActiveModel::Model
+
+  validates :token, presence: true
+
+  attr_accessor :token
+
+  def authentificate
+    return unless valid?
+
+    one_login_auth = OneLoginAuth.find_by(token:)
+
+    return one_login_auth.candidate if one_login_auth
+
+    created_candidate
+  end
+
+private
+
+  def created_candidate
+    candidate = Candidate.create!(email_address: bypass_email_address)
+    candidate.create_one_login_auth!(token:, email_address: bypass_email_address)
+
+    candidate
+  end
+
+  def bypass_email_address
+    "#{token}@example.com"
+  end
+end

app/views/candidate_interface/start_page/create_account_or_sign_in.html.erb

@@ -13,7 +13,7 @@
         <%= t('govuk.one_login_account_guidance') %>
       </p>
 
-      <%= govuk_button_to(t('continue'), '/auth/onelogin') %>
+      <%= govuk_button_to(t('continue'), OneLogin.bypass? ? '/auth/one-login-developer' : '/auth/onelogin') %>
     <% else %>
      <%= form_with(
         model: @create_account_or_sign_in_form,

config/initializers/omniauth.rb

@@ -1,5 +1,6 @@
 OmniAuth.config.logger = Rails.logger
 require 'omniauth/strategies/govuk_one_login_openid_connect'
+require 'omniauth/strategies/one_login_developer'
 require 'omniauth/onelogin_setup'
 
 OmniAuth.config.add_camelization('govuk_one_login_openid_connect', 'GovukOneLoginOpenIDConnect')
@@ -36,6 +37,12 @@ def self.bypass?
   end
 end
 
+module ::OneLogin
+  def self.bypass?
+    HostingEnvironment.review? || HostingEnvironment.loadtest? || Rails.env.development?
+  end
+end
+
 if DfESignIn.bypass?
   Rails.application.config.middleware.use OmniAuth::Builder do
     provider :developer,
@@ -46,6 +53,16 @@ def self.bypass?
   Rails.application.config.middleware.use OmniAuth::Strategies::OpenIDConnect, options
 end
 
-Rails.application.config.middleware.use OmniAuth::Builder do |builder|
-  OneloginSetup.configure(builder)
+if OneLogin.bypass?
+  Rails.application.config.middleware.use OmniAuth::Builder do
+    provider :one_login_developer,
+             request_path: '/auth/one-login-developer',
+             callback_path: '/auth/one-login-developer/callback',
+             fields: %i[uid],
+             uid_field: :uid
+  end
+else
+  Rails.application.config.middleware.use OmniAuth::Builder do |builder|
+    OneloginSetup.configure(builder)
+  end
 end

config/routes.rb

@@ -24,6 +24,7 @@
   get '/auth/dfe/sign-out' => 'dfe_sign_in#redirect_after_dsi_signout'
 
   get '/auth/onelogin/callback', to: 'one_login#callback'
+  get '/auth/one-login-developer/callback' => 'one_login#bypass_callback'
   get '/auth/onelogin/sign-out', to: 'one_login#sign_out'
   get '/auth/onelogin/logout', to: 'sessions#logout', as: 'logout_onelogin'
   get '/auth/onelogin/sign-out-complete', to: 'one_login#sign_out_complete'

lib/omniauth/strategies/one_login_developer.rb

@@ -0,0 +1,9 @@
+require 'omniauth'
+
+module OmniAuth
+  module Strategies
+    class OneLoginDeveloper < Developer
+      include OmniAuth::Strategy
+    end
+  end
+end