Fix verification by mail redirect logic#1569
Conversation
There was a problem hiding this comment.
Code Climate says this is not tested. Can you double check that the specs are performing the correct steps? I would expect at least one of those specs (if not both) to have an expectation that the user ends up on the account_path.
There was a problem hiding this comment.
hmmm. Yeah, I'll check.
There was a problem hiding this comment.
the flow just wasn't completed. I updated the specs and Code Climate should be happy now
gemfarmer
force-pushed
the
bsh-usps-verification
branch
from
637e746 to
71312bd
Compare
spec/features/saml/loa3_sso_spec.rb
Outdated
There was a problem hiding this comment.
I know this was like this before this PR, but to make sure we're testing things exactly like the user would experience, can we change sign_in_live_with_2fa(user) to this instead?
click_link t('links.sign_in')
fill_in_credentials_and_submit(user.email, user.password)
click_submit_defaultThe difference is that the latter preserves the request_id in the URL, whereas the former doesn't, and we have logic in the app that does different things depending on whether or not the request_id is present.
There was a problem hiding this comment.
We'll also need allow(FeatureManagement).to receive(:prefill_otp_codes?).and_return(true) if the test doesn't already use that.
There was a problem hiding this comment.
👍
It looks like we are prefilling before each test, so I won't add anything new on that front!
There was a problem hiding this comment.
But wait, isn't the point of reusing methods like sign_in_live_with_2fa(user) to avoid duplication of processes that are the same? How is this different?
There was a problem hiding this comment.
The problem is sign_in_live_with_2fa(user) visits new_user_session_path explicitly, instead of clicking the "Sign In" button, which drops the request_id from the URL. To avoid duplication, we can create a new helper method.
Fixes an issue that was redirecting users to /verify instead of /account after clicking the "Send another letter" button.
gemfarmer
force-pushed
the
bsh-usps-verification
branch
from
2b15136 to
a86a124
Compare
|
@monfresh made those final changes. Ready for review! I'm headed out on vacation, so merge if you think it is ready :) |
2 participants
For issue https://github.com/18F/identity-private/issues/1890
Fixes an issue that was redirecting users to
/verifyinstead of/accountafter clicking the "Send another letter" button.There are now two tests to check the verification letter flow. One if the user doesn't log out before entering their confirmation letter (this probably will never happen in real life) and one if they do log out.