Conversation
…ccount_verified` email When a user completes verification we send them an `account_verified` email which contains the following information: - The date the verification occurred - The service provider for which the verification was performed This applies to all verifications except for verifications through in-person which have their own email. Prior to this commit the service provider was determined using the SP in the session. This means that when the user is verifying in an out-of-band flow (verify-by-mail or fraud review in this case) their email would likely not contain the name of the SP that triggered the verification. For verify-by-mail we tell the user to enter their code by going to “secure.login.gov”. In this case there is no SP in the session. For fraud review we made no effort to send an email with a named SP. This commit modifies the logic to use `Profile#initiating_service_provider` to determine which SP to name in the email. As a result the email should contain the name of the service provider for which the user was originally proofing. This will be true for the inline flow and the out-of-band flows. The `UserAlerts::AlertUserAboutAccountVerified` service is used to send these `account_verified` notifications. This commit changes this service to take a profile as its only argument since all of the information necessary for this email is accessible via the profile model. [skip changelog]
zachmargolis
approved these changes
Sep 9, 2024
matthinz
approved these changes
Sep 9, 2024
Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
jmhooper
deleted the
jmhooper-update-alert-user-about-account-verified
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When a user completes verification we send them an
account_verifiedemail which contains the following information:This applies to all verifications except for verifications through in-person which have their own email.
Prior to this commit the service provider was determined using the SP in the session. This means that when the user is verifying in an out-of-band flow (verify-by-mail or fraud review in this case) their email would likely not contain the name of the SP that triggered the verification. For verify-by-mail we tell the user to enter their code by going to “secure.login.gov”. In this case there is no SP in the session. For fraud review we made no effort to send an email with a named SP.
This commit modifies the logic to use
Profile#initiating_service_providerto determine which SP to name in the email. As a result the email should contain the name of the service provider for which the user was originally proofing. This will be true for the inline flow and the out-of-band flows.The
UserAlerts::AlertUserAboutAccountVerifiedservice is used to send theseaccount_verifiednotifications. This commit changes this service to take a profile as its only argument since all of the information necessary for this email is accessible via theProfilemodel.