Add Link warmup pane for deferred intents (#4272)

## Summary
<!-- Simple summary of what was changed. -->

This pull request improves the returning-user experience for IBP
consumers when the flow is opened for deferred intents. With those, we
don’t have a populated `accountholderCustomerEmailAddress`, so we need
to manually look for a consumer account after the user accepts on the
consent pane.

It also updates the warmup pane to only lookup a consumer session if
there isn’t one yet.

## Motivation
<!-- Why are you making this change? If it's for fixing a bug, if
possible, please include a code snippet or example project that
demonstrates the issue. -->

## Testing
<!-- How was the code tested? Be as specific as possible. -->

## Changelog
<!-- Is this a notable change that affects users? If so, add a line to
`CHANGELOG.md` and prefix the line with one of the following:
    - [Added] for new features.
    - [Changed] for changes in existing functionality.
    - [Deprecated] for soon-to-be removed features.
    - [Removed] for now removed features.
    - [Fixed] for any bug fixes.
    - [Security] in case of vulnerabilities.
-->

Author: tillh-stripe

StripeFinancialConnections/StripeFinancialConnections/Source/Native/Consent/ConsentDataSource.swift

@@ -9,12 +9,28 @@ import Foundation
 @_spi(STP) import StripeCore
 
 protocol ConsentDataSource: AnyObject {
+    var email: String? { get }
     var manifest: FinancialConnectionsSessionManifest { get }
     var consent: FinancialConnectionsConsent { get }
     var merchantLogo: [String]? { get }
     var analyticsClient: FinancialConnectionsAnalyticsClient { get }
 
-    func markConsentAcquired() -> Promise<FinancialConnectionsSessionManifest>
+    func markConsentAcquired() -> Future<ConsentAcquiredResult>
+    func completeAssertionIfNeeded(
+        possibleError: Error?,
+        api: FinancialConnectionsAPIClientLogger.API
+    ) -> Error?
+}
+
+struct ConsentAcquiredResult {
+    var manifest: FinancialConnectionsSessionManifest
+    var consumerSession: ConsumerSessionData?
+    var consumerPublishableKey: String?
+
+    var nextPane: FinancialConnectionsSessionManifest.NextPane {
+        // If we have a consumer session, then provide the returning-user experience
+        consumerSession != nil ? .networkingLinkLoginWarmup : manifest.nextPane
+    }
 }
 
 final class ConsentDataSourceImplementation: ConsentDataSource {
@@ -25,24 +41,80 @@ final class ConsentDataSourceImplementation: ConsentDataSource {
     private let apiClient: any FinancialConnectionsAPI
     private let clientSecret: String
     let analyticsClient: FinancialConnectionsAnalyticsClient
+    private let elementsSessionContext: ElementsSessionContext?
+
+    var email: String? {
+        elementsSessionContext?.prefillDetails?.email
+    }
 
     init(
         manifest: FinancialConnectionsSessionManifest,
         consent: FinancialConnectionsConsent,
         merchantLogo: [String]?,
         apiClient: any FinancialConnectionsAPI,
         clientSecret: String,
-        analyticsClient: FinancialConnectionsAnalyticsClient
+        analyticsClient: FinancialConnectionsAnalyticsClient,
+        elementsSessionContext: ElementsSessionContext?
     ) {
         self.manifest = manifest
         self.consent = consent
         self.merchantLogo = merchantLogo
         self.apiClient = apiClient
         self.clientSecret = clientSecret
         self.analyticsClient = analyticsClient
+        self.elementsSessionContext = elementsSessionContext
+    }
+
+    func markConsentAcquired() -> Future<ConsentAcquiredResult> {
+        return apiClient.markConsentAcquired(clientSecret: clientSecret).chained { [weak self] manifest in
+            guard let self, manifest.shouldLookupConsumerSession, let email else {
+                let result = ConsentAcquiredResult(manifest: manifest)
+                return Promise(value: result)
+            }
+
+            let promise = Promise<ConsentAcquiredResult>()
+
+            apiClient.consumerSessionLookup(
+                emailAddress: email,
+                clientSecret: clientSecret,
+                sessionId: manifest.id,
+                emailSource: .customerObject,
+                useMobileEndpoints: manifest.verified,
+                pane: .consent
+            ).observe { lookupResult in
+                switch lookupResult {
+                case .success(let response):
+                    let result = ConsentAcquiredResult(
+                        manifest: manifest,
+                        consumerSession: response.consumerSession,
+                        consumerPublishableKey: response.publishableKey
+                    )
+                    promise.resolve(with: result)
+                case .failure:
+                    let result = ConsentAcquiredResult(manifest: manifest)
+                    promise.resolve(with: result)
+                }
+            }
+
+            return promise
+        }
     }
 
-    func markConsentAcquired() -> Promise<FinancialConnectionsSessionManifest> {
-        return apiClient.markConsentAcquired(clientSecret: clientSecret)
+    func completeAssertionIfNeeded(
+        possibleError: Error?,
+        api: FinancialConnectionsAPIClientLogger.API
+    ) -> Error? {
+        guard manifest.verified else { return nil }
+        return apiClient.completeAssertion(
+            possibleError: possibleError,
+            api: api,
+            pane: .linkLogin
+        )
+    }
+}
+
+private extension FinancialConnectionsSessionManifest {
+    var shouldLookupConsumerSession: Bool {
+        isLinkWithStripe == true && accountholderCustomerEmailAddress == nil
     }
 }

StripeFinancialConnections/StripeFinancialConnections/Source/Native/Consent/ConsentViewController.swift

@@ -19,7 +19,11 @@ protocol ConsentViewControllerDelegate: AnyObject {
     )
     func consentViewController(
         _ viewController: ConsentViewController,
-        didConsentWithManifest manifest: FinancialConnectionsSessionManifest
+        didConsentWithResult result: ConsentAcquiredResult
+    )
+    func consentViewControllerDidFailAttestationVerdict(
+        _ viewController: ConsentViewController,
+        prefillDetails: WebPrefillDetails
     )
 }
 
@@ -146,9 +150,19 @@ class ConsentViewController: UIViewController {
             .observe(on: .main) { [weak self] result in
                 guard let self = self else { return }
                 switch result {
-                case .success(let manifest):
-                    self.delegate?.consentViewController(self, didConsentWithManifest: manifest)
+                case .success(let result):
+                    self.delegate?.consentViewController(self, didConsentWithResult: result)
                 case .failure(let error):
+                    let attestationError = self.dataSource.completeAssertionIfNeeded(
+                        possibleError: error,
+                        api: .consumerSessionLookup
+                    )
+
+                    if attestationError != nil {
+                        let prefillDetails = WebPrefillDetails(email: dataSource.email)
+                        self.delegate?.consentViewControllerDidFailAttestationVerdict(self, prefillDetails: prefillDetails)
+                    }
+
                     // we display no errors on failure
                     self.dataSource
                         .analyticsClient

StripeFinancialConnections/StripeFinancialConnections/Source/Native/NativeFlowController.swift

@@ -696,16 +696,18 @@ extension NativeFlowController: ConsentViewControllerDelegate {
 
     func consentViewController(
         _ viewController: ConsentViewController,
-        didConsentWithManifest manifest: FinancialConnectionsSessionManifest
+        didConsentWithResult result: ConsentAcquiredResult
     ) {
         delegate?.nativeFlowController(
             self,
             didReceiveEvent: FinancialConnectionsEvent(name: .consentAcquired)
         )
 
-        dataManager.manifest = manifest
+        dataManager.manifest = result.manifest
+        dataManager.consumerSession = result.consumerSession
+        dataManager.consumerPublishableKey = result.consumerPublishableKey
 
-        let nextPane = manifest.nextPane
+        let nextPane = result.nextPane
         if nextPane == .networkingLinkLoginWarmup {
             presentPaneAsSheet(nextPane)
         } else {
@@ -727,6 +729,17 @@ extension NativeFlowController: ConsentViewControllerDelegate {
             pushPane(nextPane, parameters: parameters, animated: true)
         }
     }
+
+    func consentViewControllerDidFailAttestationVerdict(
+        _ viewController: ConsentViewController,
+        prefillDetails: WebPrefillDetails
+    ) {
+        delegate?.nativeFlowController(
+            self,
+            shouldLaunchWebFlow: dataManager.manifest,
+            prefillDetails: prefillDetails
+        )
+    }
 }
 
 // MARK: - InstitutionPickerViewControllerDelegate
@@ -1030,13 +1043,18 @@ extension NativeFlowController: NetworkingLinkSignupViewControllerDelegate {
 
 extension NativeFlowController: NetworkingLinkLoginWarmupViewControllerDelegate {
 
-    func networkingLinkLoginWarmupViewControllerDidSelectContinue(
+    func networkingLinkLoginWarmupViewControllerDidFindConsumerSession(
         _ viewController: NetworkingLinkLoginWarmupViewController,
-        withSession consumerSession: ConsumerSessionData,
+        consumerSession: ConsumerSessionData,
         consumerPublishableKey: String
     ) {
         dataManager.consumerSession = consumerSession
         dataManager.consumerPublishableKey = consumerPublishableKey
+    }
+
+    func networkingLinkLoginWarmupViewControllerDidSelectContinue(
+        _ viewController: NetworkingLinkLoginWarmupViewController
+    ) {
         pushPane(.networkingLinkVerification, animated: true)
     }
 
@@ -1417,7 +1435,8 @@ private func CreatePaneViewController(
                 merchantLogo: dataManager.merchantLogo,
                 apiClient: dataManager.apiClient,
                 clientSecret: dataManager.clientSecret,
-                analyticsClient: dataManager.analyticsClient
+                analyticsClient: dataManager.analyticsClient,
+                elementsSessionContext: dataManager.elementsSessionContext
             )
             let consentViewController = ConsentViewController(dataSource: consentDataSource)
             consentViewController.delegate = nativeFlowController

StripeFinancialConnections/StripeFinancialConnections/Source/Native/NetworkingLinkLoginWarmup/NetworkingLinkLoginWarmupDataSource.swift

@@ -12,6 +12,7 @@ protocol NetworkingLinkLoginWarmupDataSource: AnyObject {
     var manifest: FinancialConnectionsSessionManifest { get }
     var analyticsClient: FinancialConnectionsAnalyticsClient { get }
     var email: String? { get }
+    var hasConsumerSession: Bool { get }
 
     func lookupConsumerSession() -> Future<LookupConsumerSessionResponse>
     func disableNetworking() -> Future<FinancialConnectionsSessionManifest>
@@ -34,6 +35,10 @@ final class NetworkingLinkLoginWarmupDataSourceImplementation: NetworkingLinkLog
         manifest.accountholderCustomerEmailAddress ?? elementsSessionContext?.prefillDetails?.email
     }
 
+    var hasConsumerSession: Bool {
+        apiClient.consumerSession != nil && apiClient.consumerPublishableKey != nil
+    }
+
     init(
         manifest: FinancialConnectionsSessionManifest,
         apiClient: any FinancialConnectionsAPI,

StripeFinancialConnections/StripeFinancialConnections/Source/Native/NetworkingLinkLoginWarmup/NetworkingLinkLoginWarmupViewController.swift

@@ -14,8 +14,11 @@ typealias NetworkingLinkLoginWarmupFooterView = (footerView: UIView?, primaryBut
 
 protocol NetworkingLinkLoginWarmupViewControllerDelegate: AnyObject {
     func networkingLinkLoginWarmupViewControllerDidSelectContinue(
+        _ viewController: NetworkingLinkLoginWarmupViewController
+    )
+    func networkingLinkLoginWarmupViewControllerDidFindConsumerSession(
         _ viewController: NetworkingLinkLoginWarmupViewController,
-        withSession consumerSession: ConsumerSessionData,
+        consumerSession: ConsumerSessionData,
         consumerPublishableKey: String
     )
     func networkingLinkLoginWarmupViewControllerDidSelectCancel(
@@ -118,6 +121,16 @@ final class NetworkingLinkLoginWarmupViewController: SheetViewController {
             pane: .networkingLinkLoginWarmup
         )
 
+        if dataSource.hasConsumerSession {
+            // We already have a consumer session, so let's us this one directly
+            delegate?.networkingLinkLoginWarmupViewControllerDidSelectContinue(self)
+        } else {
+            // Otherwise, look it up so that we have it for the next pane
+            lookupConsumerSessionAndContinue()
+        }
+    }
+
+    private func lookupConsumerSessionAndContinue() {
         warmupFooterView.primaryButton?.isLoading = true
 
         dataSource
@@ -141,11 +154,12 @@ final class NetworkingLinkLoginWarmupViewController: SheetViewController {
                 switch result {
                 case .success(let response):
                     if let consumerSession = response.consumerSession, let publishableKey = response.publishableKey {
-                        self.delegate?.networkingLinkLoginWarmupViewControllerDidSelectContinue(
+                        self.delegate?.networkingLinkLoginWarmupViewControllerDidFindConsumerSession(
                             self,
-                            withSession: consumerSession,
+                            consumerSession: consumerSession,
                             consumerPublishableKey: publishableKey
                         )
+                        self.delegate?.networkingLinkLoginWarmupViewControllerDidSelectContinue(self)
                     } else {
                         let error = FinancialConnectionsSheetError.unknown(
                             debugDescription: "Unexpected consumer lookup response without consumer session or publishable key"