Skip to content

LG-13054: Remove automatic account creation for forgot password missing user#10434

Merged
aduth merged 5 commits intomainfrom
aduth-lg-13054-reset-pw-create-account
Apr 15, 2024
Merged

LG-13054: Remove automatic account creation for forgot password missing user#10434
aduth merged 5 commits intomainfrom
aduth-lg-13054-reset-pw-create-account

Conversation

@aduth
Copy link
Contributor

@aduth aduth commented Apr 15, 2024

🎫 Ticket

LG-13054

🛠 Summary of changes

Updates forgotten password flow to avoid creating a stub account when submitting an email that is not associated with a user, to prevent waste in the likely scenario that someone may not complete the process to create an account. Instead, links directly to the standard "Create an account" screen.

In doing so, this also addresses a few additional issues:

  • The existing email does not preserve the request_id of the service provider if a user were to click the "Try a different email address" primary link in the email, and therefore they would likely not arrive back at the service provider as intended
  • Ensures that the user has the opportunity to select their preferred communication language preference

📜 Testing Plan

Verify that forgotten password for missing account directs new account creation to "Create an account" page:

  1. Go to http://localhost:3000
  2. Click "Forgot your password?
  3. Enter an email address for an account that does not exist
  4. Click "Continue"
  5. Observe email "Email not found" is shown
  6. Click "create a new account" link in the email body
  7. Observe that you're directed to the "Create an account for new users" page

Verify that request_id is retained in "Try a different email address" link:

  1. Go to http://localhost:3000/rails/mailers/anonymous_mailer/password_reset_missing_user
  2. Click "Try a different email address"
  3. Observe ?request_id= parameter in URL

👀 Screenshots

Before After
image image

aduth added 2 commits April 15, 2024 09:23
@aduth
LG-13054: Remove account creation from password reset
9e24a6e 
changelog: Bug Fixes, Forgot Password, Preserve service provider metadata through password reset unrecognized email
@aduth
Always deliver_now for AnonymousMailer
e1d7e4a
zachmargolis
zachmargolis reviewed Apr 15, 2024
View reviewed changes
aduth
aduth commented Apr 15, 2024
View reviewed changes
app/mailers/anonymous_mailer.rb
Comment on lines +6 to +9
# You MUST deliver these messages using `deliver_now`. Anonymous messages rely on a plaintext email
# address, which is personally-identifiable information (PII). All method arguments are stored in
# the database when the email is being sent asynchronusly by ActiveJob and we must not put PII in
# the database in plaintext.
Copy link
Contributor Author

@aduth aduth Apr 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm currently writing up a one-pager proposal for how we might address this moving forward, so I'm hoping this is a temporary limitation.

aduth added 3 commits April 15, 2024 15:24
@aduth
Fix typo asynchronously
d89a0c1
@aduth
Add spec AnonymousMailerPreview
1874b39 
To ensure all mail methods have corresponding preview methods, and that they don't raise an error when rendered

See: #10434 (comment)
@aduth
Fix the other "asynchronously" typo
9449c89
@aduth aduth merged commit 7eccf38 into main Apr 15, 2024
@aduth aduth deleted the aduth-lg-13054-reset-pw-create-account branch April 15, 2024 20:51
This was referenced Apr 15, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mitchellhenke mitchellhenke mitchellhenke approved these changes

+1 more reviewer

@zachmargolis zachmargolis zachmargolis left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aduth @zachmargolis @mitchellhenke