Break account reactivation into two-step process#1483
Conversation
There was a problem hiding this comment.
Do we have a constant somewhere that defines the length of the personal key? I didn't see it, but I could have overlooked it
There was a problem hiding this comment.
It's a combination of RandomPhrase::WORD_LENGTH and Figaro.env.recovery_code_length.to_i so I think...
num_words = Figaro.env.recovery_code_length.to_i
(RandomPhrase::WORD_LENGTH * num_words) + (num_words - 1)
el-mapache
force-pushed
the
ab-two-step-reactivate-account
branch
2 times, most recently
from
1355929 to
ac46b61
Compare
el-mapache
force-pushed
the
ab-two-step-reactivate-account
branch
2 times, most recently
from
e9e83c2 to
24ca1e3
Compare
There was a problem hiding this comment.
should we make this a before_action ?
There was a problem hiding this comment.
I know that this didn't change here, bit .capitalize makes this not very i18n-friendly
There was a problem hiding this comment.
Changed in the actual locale file to be capitalized!
config/locales/forms/en.yml
Outdated
There was a problem hiding this comment.
I think this doesn't need _html because if the link is just at the end, we can just put the link right after the text in the view right?
zachmargolis
left a comment
zachmargolis
left a comment
There was a problem hiding this comment.
LGTM! tested this out locally
el-mapache
force-pushed
the
ab-two-step-reactivate-account
branch
from
c2d8e88 to
9cf0b03
Compare
**Why**: When a user reactivates their account, the personal key entry and re encryption of pii are being split out into separate steps Add personal key form partial, new form, alert **Why**: The personal key input form is separate from the rest of the presentation. Required for the new personal key entry form. Added an excalaimation point in the alert notice to match designs and other alert messages Adds verify password class and emphemera **Why**: We are splitting out the account reactivation flow, which requires an additional controller, shared views, new tests and routes Removes old account reactivation files **Why**: The flow isn't the same and these files are uneeded Spec updates, manage_reactivate to reactivate **Why**: The old account reactivation code was removed, so we can safely move manage_reactivate_account to reactivate_account
2 participants
Previously, account reactivation occurred on a single screen. We are now moving it to two screens to better match the identity verification flow.
New personal key entry screen:
Manual verification:
0). Make sure you have a personal key for the account in question
1). Reset the password of an LOA3 account
2). Log back in
3). Click 'I have my personal key' on the reactivate account screen
4). Enter your personal key
5). On the next screen, enter your password
6). You should be redirected to the account page, with a new personal key, as before
I'm also planning to refactor the user_session logic to use a service class, similar to the idv session implementation. If people think it makes more sense to include in this PR, I can go back and add it in!