diff --git a/app/controllers/users/verify_personal_key_controller.rb b/app/controllers/users/verify_personal_key_controller.rb index 6b61e1b68d1..5e9d5d59e5c 100644 --- a/app/controllers/users/verify_personal_key_controller.rb +++ b/app/controllers/users/verify_personal_key_controller.rb @@ -26,7 +26,12 @@ def create else result = personal_key_form.submit - analytics.track_event(Analytics::PERSONAL_KEY_REACTIVATION_SUBMITTED, result.to_h) + analytics_result = FormResponse.new( + success: result.success?, + errors: result.errors, + extra: result.extra.except(:decrypted_pii), + ) + analytics.track_event(Analytics::PERSONAL_KEY_REACTIVATION_SUBMITTED, analytics_result.to_h) if result.success? handle_success(result) else diff --git a/spec/controllers/users/verify_personal_key_controller_spec.rb b/spec/controllers/users/verify_personal_key_controller_spec.rb index c010135631f..d06873f4136 100644 --- a/spec/controllers/users/verify_personal_key_controller_spec.rb +++ b/spec/controllers/users/verify_personal_key_controller_spec.rb @@ -1,8 +1,8 @@ require 'rails_helper' describe Users::VerifyPersonalKeyController do - let(:user) { create(:user, profiles: profiles, personal_key: personal_key) } - let(:profiles) { [] } + let(:user) { create(:user, personal_key: personal_key) } + let!(:profiles) { [] } let(:personal_key) { 'key' } before { stub_sign_in(user) } @@ -22,7 +22,7 @@ end context 'with password reset profile' do - let(:profiles) { [create(:profile, deactivation_reason: :password_reset)] } + let!(:profiles) { [create(:profile, user: user, deactivation_reason: :password_reset)] } it 'renders the `new` template' do get :new @@ -46,7 +46,7 @@ end context 'with throttle reached' do - let(:profiles) { [create(:profile, deactivation_reason: :password_reset)] } + let!(:profiles) { [create(:profile, user: user, deactivation_reason: :password_reset)] } before do create(:throttle, :with_throttled, user: user, throttle_type: :verify_personal_key) @@ -70,29 +70,44 @@ end describe '#create' do - let(:profiles) { [create(:profile, deactivation_reason: :password_reset)] } + let!(:profiles) { + [ + create( + :profile, + user: user, deactivation_reason: :password_reset, + pii: { ssn: '123456789' } + ), + ] + } let(:form) { instance_double(VerifyPersonalKeyForm) } let(:error_text) { 'bad_key' } let(:personal_key_error) { { personal_key: [error_text] } } let(:response_ok) { FormResponse.new(success: true, errors: {}) } let(:response_bad) { FormResponse.new(success: false, errors: personal_key_error, extra: {}) } - context 'wth a valid form' do - before do + context 'with a valid form' do + it 'redirects to the next step of the account recovery flow' do allow(VerifyPersonalKeyForm).to receive(:new). with(user: subject.current_user, personal_key: personal_key). and_return(form) allow(form).to receive(:submit).and_return(response_ok) - end - - it 'redirects to the next step of the account recovery flow' do post :create, params: { personal_key: personal_key } expect(response).to redirect_to(verify_password_url) end it 'stores that the personal key was entered in the user session' do - post :create, params: { personal_key: personal_key } + stub_analytics + expect(@analytics).to receive(:track_event).with( + Analytics::PERSONAL_KEY_REACTIVATION_SUBMITTED, + { errors: {}, success: true }, + ).once + + expect(@analytics).to receive(:track_event).with( + Analytics::PERSONAL_KEY_REACTIVATION, + ).once + + post :create, params: { personal_key: profiles.first.personal_key } expect(subject.reactivate_account_session.personal_key?).to eq(true) end