Skip to content

LG-13985: Avoid new device email for reauthentication from new account#10978

Merged
aduth merged 3 commits intomainfrom
aduth-new-device-new-account-reauthn
Jul 30, 2024
Merged

LG-13985: Avoid new device email for reauthentication from new account#10978
aduth merged 3 commits intomainfrom
aduth-new-device-new-account-reauthn

Conversation

@aduth
Copy link
Contributor

@aduth aduth commented Jul 23, 2024
edited
Loading

🎫 Ticket

LG-13985

🛠 Summary of changes

Fixes an issue with aggregated new device sign-in email notifications to avoid sending an email when a user reauthenticates during the same session they created their account.

📜 Testing Plan

  1. Go to http://localhost:3000
  2. Create an account
  3. Wait for reauthentication window to lapse, keeping your session active (reload page if neccessary)
    • Set reauthn_window to a low value in config/application.yml to facilitate testing
  4. From account dashboard, take an action that requires reauthentication (e.g. add a phone number, delete account)
  5. Finish reauthentication

Before: "New sign-in and authentication with your Login.gov account" email is sent
After: "New sign-in and authentication with your Login.gov account" email is not sent

aduth added 2 commits July 23, 2024 13:47
@aduth
Avoid new device email for reauthentication from new account
07ac755 
changelog: Upcoming Features, Aggregated Sign-in Emails, Avoid new device email for reauthentication from new account
@aduth
Refine spec description
5d25e9a
@aduth aduth changed the title Avoid new device email for reauthentication from new account LG-13985: Avoid new device email for reauthentication from new account Jul 23, 2024
@aduth aduth marked this pull request as ready for review July 25, 2024 16:28
@aduth aduth requested a review from a team July 25, 2024 16:28
@aduth aduth merged commit 0293751 into main Jul 30, 2024
@aduth aduth deleted the aduth-new-device-new-account-reauthn branch July 30, 2024 13:52
mitchellhenke pushed a commit that referenced this pull request Jul 31, 2024
@aduth
LG-13985: Avoid new device email for reauthentication from new account (
96f5e45 
#10978)

* Avoid new device email for reauthentication from new account

changelog: Upcoming Features, Aggregated Sign-in Emails, Avoid new device email for reauthentication from new account

* Refine spec description

* Set new device session value at account initialization
@zachmargolis zachmargolis mentioned this pull request Aug 1, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmdembe jmdembe jmdembe approved these changes

@mdiarra3 mdiarra3 mdiarra3 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aduth @jmdembe @mdiarra3