LG-439 Don't raise error for invalid user params

.reek

@@ -49,6 +49,7 @@ FeatureEnvy:
     - Idv::Proofer#validate_vendors
     - PersonalKeyGenerator#create_legacy_recovery_code
     - TwoFactorAuthenticationController#capture_analytics_for_exception
+    - Users::SessionsController#configure_permitted_parameters
 InstanceVariableAssumption:
   exclude:
     - User
@@ -59,6 +60,7 @@ ManualDispatch:
   exclude:
     - EncryptedSidekiqRedis#respond_to_missing?
     - CloudhsmKeyGenerator#initialize_settings
+    - Users::SessionsController#configure_permitted_parameters
 NestedIterators:
   exclude:
     - UserFlowExporter#self.massage_html

app/controllers/users/sessions_controller.rb

@@ -9,6 +9,7 @@ class SessionsController < Devise::SessionsController
     skip_before_action :require_no_authentication, only: [:new]
     before_action :check_user_needs_redirect, only: [:new]
     before_action :apply_secure_headers_override, only: [:new]
+    before_action :configure_permitted_parameters, only: [:new]
 
     def new
       analytics.track_event(
@@ -48,6 +49,12 @@ def timeout
 
     private
 
+    def configure_permitted_parameters
+      devise_parameter_sanitizer.permit(:sign_in) do |user_params|
+        user_params.permit(:email) if user_params.respond_to?(:permit)
+      end
+    end
+
     def redirect_to_signin
       controller_info = 'users/sessions#create'
       analytics.track_event(Analytics::INVALID_AUTHENTICITY_TOKEN, controller: controller_info)

spec/requests/invalid_sign_in_params_spec.rb

@@ -0,0 +1,7 @@
+require 'rails_helper'
+
+describe 'visiting sign in page with invalid user params' do
+  it 'does not raise an exception' do
+    get new_user_session_path, params: { user: 'test@test.com' }
+  end
+end