Skip to content

LG-13739: Avoid sending new device email after account creation #10877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aduth merged 1 commit into from
Jun 27, 2024
Merged

LG-13739: Avoid sending new device email after account creation #10877

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion app/models/user.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -425,7 +425,10 @@ def has_devices?

def authenticated_device?(cookie_uuid:)
return false if cookie_uuid.blank?
devices.joins(:events).exists?(cookie_uuid:, events: { event_type: :sign_in_after_2fa })
devices.joins(:events).exists?(
cookie_uuid:,
events: { event_type: [:account_created, :sign_in_after_2fa] },
)
end

# Returns the number of times the user has signed in, corresponding to the `sign_in_before_2fa`
Expand Down
20 changes: 20 additions & 0 deletions spec/features/new_device_tracking_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,26 @@
end
end
end

context 'authenticating after new account creation from the same device' do
let(:user) do
user = sign_up_and_2fa_ial1_user
click_on t('links.sign_out')
user
end

before do
user
reset_email
end

it 'does not send a second user notification' do
visit new_user_session_path
sign_in_live_with_2fa(user)

expect_delivered_email_count(0)
end
end
end

context 'user does not have existing devices' do
Expand Down
8 changes: 8 additions & 0 deletions spec/models/user_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1564,6 +1564,14 @@ def it_should_not_send_survey
end

it { expect(result).to eq(false) }

context 'with account_created event' do
before do
create(:event, device:, event_type: :account_created)
end

it { expect(result).to eq(true) }
end
end

context 'with existing device with sign_in_after_2fa event' do
Expand Down
9 changes: 6 additions & 3 deletions spec/support/features/session_helper.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,9 +137,9 @@ def fill_in_password_and_submit(password)
end

def sign_up
user = create(:user, :unconfirmed)
email = Faker::Internet.safe_email
sign_up_with(email)
confirm_last_user
user
end

def sign_up_and_set_password
Expand Down Expand Up @@ -232,15 +232,18 @@ def user_with_piv_cac
end

def confirm_last_user
user = User.last
@raw_confirmation_token, = Devise.token_generator.generate(EmailAddress, :confirmation_token)

User.last.email_addresses.first.update(
user.email_addresses.first.update(
confirmation_token: @raw_confirmation_token, confirmation_sent_at: Time.zone.now,
)

visit sign_up_create_email_confirmation_path(
confirmation_token: @raw_confirmation_token,
)

user
end

def click_send_one_time_code
Expand Down