DFE-Digital · CatalinVoineag · Jan 2, 2025 · Dec 18, 2024
diff --git a/app/controllers/one_login_controller.rb b/app/controllers/one_login_controller.rb
@@ -36,7 +36,7 @@ def sign_out
     reset_session
 
     session[:one_login_error] = one_login_error
-    if OneLogin.bypass?
+    if OneLogin.bypass? || id_token.nil?
       redirect_to candidate_interface_create_account_or_sign_in_path
     else
       # Go back to one login to sign out the user on their end as well

diff --git a/spec/requests/one_login_controller_spec.rb b/spec/requests/one_login_controller_spec.rb
@@ -110,7 +110,7 @@
     end
   end
 
-  describe 'GET /auth/one-login/sign_out' do
+  describe 'GET /auth/one-login/sign-out' do
     it 'redirects to one_login logout url' do
       create(:candidate, email_address: '[email protected]')
 
@@ -162,9 +162,16 @@
         expect(response).to redirect_to candidate_interface_create_account_or_sign_in_path
       end
     end
+
+    context 'session id_token is nil' do
+      it 'redirects to sign_in page' do
+        get auth_one_login_sign_out_path
+        expect(response).to redirect_to candidate_interface_create_account_or_sign_in_path
+      end
+    end
   end
 
-  describe 'GET /auth/one-login/sign_out_complete' do
+  describe 'GET /auth/one-login/sign-out-complete' do
     context 'when candidate has a different one login token than the one returned by one login' do
       it 'redirects to logout_one_login_path and persists the session error message' do
         candidate = create(:candidate, email_address: '[email protected]')