LG-6885: Remind users about backup codes & regenerate

[jc-gsa]

No description provided.

[mitchellhenke]

If we're including sign_in_after_2fa, do we need to include sign_in_before_2fa?

[jc-gsa]

Yeah, I questioned that myself. As the method is named second_last_signed_in_at I figured I'd keep it generic as possible and count both events. Open to other suggestions.

I find the name second_last_signed_in_at somewhat awkward, but found it necessary for a currently signed in user. Maybe the wording can be changed. Otherwise a method like last_signed_in_at returns the current login date for the current_user.

[jc-gsa]

These columns were previously dropped from the User table when Devise's trackable module was removed, I believe: https://gsa-tts.slack.com/archives/C0NGESUN5/p1649098117066389

I guess that had the distinction:
current_sign_in_at vs. last_sign_in_at

[mitchellhenke]

Yep, they were unused (and duplicative of events), so I think it's fine to use events. I don't mind the naming, I think it's clear and explicit 🙂

When someone signs in, they will create both a sign_in_before_2fa and sign_in_after_2fa event, but I'm not sure if that means the 2nd most recent event will likely always be within the last few minutes. If it does, that's probably a decent enough reason to drop sign_in_before_2fa from the query?

[aduth]

I've seen this col-12 make an appearance quite often in recent months. col-12 is a remnant from Basscss which was removed quite a while ago. It seems redundant anyways, since it just assigns width: 100%, which would be the default for a block-level <div> element.

Can we just remove the wrapper?

Suggested change

<div class="col-12">

[mitchellhenke]

Suggested change

	).order(id: :desc).pluck(:created_at).second
	).order(created_at: :desc).pluck(:created_at).second

I think created_at is preferable for the sort, and we already have an index on (user_id, created_at) as a bonus.

[jc-gsa]

During testing, I think I had some specific reason for preferring id. This has been changed.

[mitchellhenke]

What do you think of dropping the presenter and putting the I18n calls directly in the template? In the case where we only have content in the presenter, I think it would be good to skip a layer of abstraction.

[jmdembe]

👍🏾

[mitchellhenke]

Couple comments, otherwise looks good!

[mitchellhenke]

Suggested change

	mfa_user = MfaContext.new(current_user)
	mfa_user.backup_code_configurations.present?
	MfaContext.new(current_user).backup_code_configurations.present?

[mitchellhenke]

Suggested change

	def last_signed_in_at
	user.devices.order(last_used_at: :desc).first&.last_used_at
	end

It looks like this isn't used?

[jc-gsa]

Yeah, this isn't used. It can be removed. I originally included it because it seemed odd to have a method for second_last_signed_in_at but no method for last_signed_in_at.

[zachmargolis]

test approve after requested changes