Skip to content

Add reactivation warning modal, fallback, specs#1487

Merged
el-mapache merged 1 commit intomasterfrom
ab-account-reactivate-modal
Jun 22, 2017
Merged

Add reactivation warning modal, fallback, specs#1487
el-mapache merged 1 commit intomasterfrom
ab-account-reactivate-modal

Conversation

@el-mapache
Copy link
Contributor

@el-mapache el-mapache commented Jun 14, 2017

Why: The user should know that they must reactivate their account
following a password reset. Using a modal to provide 'heads up'
information matches our current UX. A fallback alert message is also
provided when JS is disabled

Screenshots:

screen shot 2017-06-13 at 9 01 22 am

screen shot 2017-06-13 at 9 36 18 am

@el-mapache el-mapache self-assigned this Jun 14, 2017
monfresh
monfresh reviewed Jun 17, 2017
View reviewed changes
spec/features/users/password_recovery_via_recovery_code_spec.rb Outdated
Copy link
Contributor

@monfresh monfresh Jun 17, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about using the helper method complete_idv_profile_ok(user), which performs lines 43-51?

Copy link
Contributor Author

@el-mapache el-mapache Jun 19, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That method assumes we want to use the user's old password, in this case we want to use the new one.

Copy link
Contributor

@monfresh monfresh Jun 19, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about we modify that method to take in the password as a second argument, and default it to the user's old password?

monfresh
monfresh reviewed Jun 17, 2017
View reviewed changes
spec/features/users/password_recovery_via_recovery_code_spec.rb Outdated
Copy link
Contributor

@monfresh monfresh Jun 17, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add a expect(current_path).to eq reactivate_account_path here since we're visiting another page below and then manually visiting the expected page later?

monfresh
monfresh reviewed Jun 17, 2017
View reviewed changes
spec/features/users/password_recovery_via_recovery_code_spec.rb Outdated
Copy link
Contributor

@monfresh monfresh Jun 17, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove the JS from this test? Don't we want to have a JS test for the scenario where the reactivation is done with a personal key, as opposed to without a personal key?

Copy link
Contributor Author

@el-mapache el-mapache Jun 19, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I originally added it for debugging, but I can leave it in.

@el-mapache el-mapache force-pushed the ab-account-reactivate-modal branch from 1f47801 to 8b6b4ac Compare June 19, 2017 14:57
@el-mapache
Copy link
Contributor Author

el-mapache commented Jun 19, 2017

@monfresh updated

monfresh
monfresh reviewed Jun 21, 2017
View reviewed changes
spec/features/users/password_recovery_via_recovery_code_spec.rb Outdated
Copy link
Contributor

@monfresh monfresh Jun 21, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about skipping enter_correct_otp_code_for_user(user) by adding allow(FeatureManagement).to receive(:prefill_otp_codes?).and_return(true) at the top of the test?

@monfresh
Copy link
Contributor

monfresh commented Jun 21, 2017

I pulled this down to test it and found some issues. The first should probably be addressed in this PR since it's related to the modal that was introduced here. The other one is probably an existing issue and can be addressed in a follow-up PR.

  1. On the reactivate your account page, if I click "I don't have my key", I am forced to click "Continue". I have no way of canceling or changing my mind, other than using the browser's back button, which takes me back to the /account page, and requires me to click on "Reactivate your profile now" in order to go back to account/reactivate/start.

  2. On the reactivate your account page, if I click "I have my key", but then click on "Please verify your identity again", it won't let me go to that page because it's asking me to fill in the required personal key field.

@el-mapache
Copy link
Contributor Author

el-mapache commented Jun 21, 2017
edited
Loading

@monfresh as far as I know, having only the continue button was the desired behavior, at least as far as the mocks and user flows were concerned. We have a few places throughout the login flow where there is no way to cancel the current action, so this isn't totally without precedent. I can bring this up in the issue and see about adding a cancel link. It would make sense to have one since the modal is warning the user of the consequences of not having their key -- they may be more inclined to try and find it when they see they have to reverify their identity.

@monfresh
Copy link
Contributor

monfresh commented Jun 21, 2017

Fair enough.

monfresh
monfresh approved these changes Jun 21, 2017
View reviewed changes
Copy link
Contributor

@monfresh monfresh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@el-mapache el-mapache force-pushed the ab-account-reactivate-modal branch from 8b6b4ac to 44f551e Compare June 21, 2017 18:51
@el-mapache
Copy link
Contributor Author

el-mapache commented Jun 21, 2017

Your second point is totally valid, there is a nested html form on this page, and that is a no-no. I'm going to update the PR to change that.

@el-mapache el-mapache force-pushed the ab-account-reactivate-modal branch 2 times, most recently from 39696b3 to 06f9789 Compare June 22, 2017 17:53
@el-mapache
Add reactivation warning modal, fallback, specs
06f9789 
**Why**: The user should know that they must reactivate their account
following a password reset. Using a modal to provide 'heads up'
information matches our current UX. A fallback alert message is also
provided when JS is disabled

Spec changes

**Why**: Satisfy PR feedback

Removes manual otp code entry

**Why**: Only one of the specs in
`password_recovery_via_recovery_code_spec.rb` needs to go through the
otp code entry page

Un-nest personal key verification bail out form

**Why**: Having a form nested in a form is bad.

Add cancel link to no pkey warning modal

**Why**: User should have the option to cancel the modal and verify
their personal key once they are warned that lack of said key will
require identity reverification

Add specs for modal cancel and pkey verify cancel

**Why**: We should have confidence that a user attempting to close the
reverify warning modal or electing to reverify their info once on the
personal key verification page can do so
@el-mapache el-mapache merged commit 63b05ea into master Jun 22, 2017
@el-mapache el-mapache deleted the ab-account-reactivate-modal branch June 22, 2017 20:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@monfresh monfresh monfresh approved these changes

Assignees

@el-mapache el-mapache

Labels

status - ready for review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@el-mapache @monfresh