LG-7089 - Add tracking for event forgot_password_new_password_submitted

app/controllers/users/reset_passwords_controller.rb

@@ -39,6 +39,10 @@ def update
       result = @reset_password_form.submit(user_params)
 
       analytics.password_reset_password(**result.to_h)
+      irs_attempts_api_tracker.forgot_password_new_password_submitted(
+        success: result.success?,
+        failure_reason: result.errors,
+      )
 
       if result.success?
         handle_successful_password_reset

app/services/irs_attempts_api/tracker_events.rb

@@ -20,6 +20,16 @@ def logout_initiated(success:)
       )
     end
 
+    # @param [Boolean] success
+    # @param [Hash<Symbol,Array<Symbol>>] failure_reason
+    def forgot_password_new_password_submitted(success:, failure_reason: nil)
+      track_event(
+        :forgot_password_new_password_submitted,
+        success: success,
+        failure_reason: failure_reason,
+      )
+    end
+
     # Tracks when the user has attempted to enroll the Backup Codes MFA method to their account
     # @param [Boolean] success
     def mfa_enroll_backup_code(success:)

spec/controllers/users/reset_passwords_controller_spec.rb

@@ -81,9 +81,18 @@
 
   describe '#update' do
     context 'user submits new password after token expires' do
+      let(:irs_tracker_failure_reason) do
+        {
+          password: [password_error_message],
+          reset_password_token: ['token_expired'],
+        }
+      end
+
       it 'redirects to page where user enters email for password reset token' do
         stub_analytics
+        stub_attempts_tracker
         allow(@analytics).to receive(:track_event)
+        allow(@irs_attempts_api_tracker).to receive(:track_event)
 
         raw_reset_token, db_confirmation_token =
           Devise.token_generator.generate(User, :reset_password_token)
@@ -116,14 +125,26 @@
         expect(@analytics).to have_received(:track_event).
           with('Password Reset: Password Submitted', analytics_hash)
 
+        expect(@irs_attempts_api_tracker).to have_received(:track_event).with(
+          :forgot_password_new_password_submitted,
+          success: false,
+          failure_reason: irs_tracker_failure_reason,
+        )
+
         expect(response).to redirect_to new_user_password_path
         expect(flash[:error]).to eq t('devise.passwords.token_expired')
       end
     end
 
     context 'user submits invalid new password' do
+      let(:irs_tracker_failure_reason) do
+        { password: [password_error_message] }
+      end
+
       it 'renders edit' do
         stub_analytics
+        stub_attempts_tracker
+        allow(@irs_attempts_api_tracker).to receive(:track_event)
 
         raw_reset_token, db_confirmation_token =
           Devise.token_generator.generate(User, :reset_password_token)
@@ -153,6 +174,11 @@
 
         expect(assigns(:forbidden_passwords)).to all(be_a(String))
         expect(response).to render_template(:edit)
+        expect(@irs_attempts_api_tracker).to have_received(:track_event).with(
+          :forgot_password_new_password_submitted,
+          success: false,
+          failure_reason: irs_tracker_failure_reason,
+        )
       end
     end
 
@@ -179,7 +205,9 @@
     context 'IAL1 user submits valid new password' do
       it 'redirects to sign in page' do
         stub_analytics
+        stub_attempts_tracker
         allow(@analytics).to receive(:track_event)
+        allow(@irs_attempts_api_tracker).to receive(:track_event)
 
         raw_reset_token, db_confirmation_token =
           Devise.token_generator.generate(User, :reset_password_token)
@@ -214,7 +242,11 @@
 
           expect(@analytics).to have_received(:track_event).
             with('Password Reset: Password Submitted', analytics_hash)
-
+          expect(@irs_attempts_api_tracker).to have_received(:track_event).with(
+            :forgot_password_new_password_submitted,
+            success: true,
+            failure_reason: {},
+          )
           expect(user.events.password_changed.size).to be 1
 
           expect(response).to redirect_to new_user_session_path
@@ -227,7 +259,9 @@
     context 'ial2 user submits valid new password' do
       it 'deactivates the active profile and redirects' do
         stub_analytics
+        stub_attempts_tracker
         allow(@analytics).to receive(:track_event)
+        allow(@irs_attempts_api_tracker).to receive(:track_event)
 
         raw_reset_token, db_confirmation_token =
           Devise.token_generator.generate(User, :reset_password_token)
@@ -258,6 +292,11 @@
 
         expect(@analytics).to have_received(:track_event).
           with('Password Reset: Password Submitted', analytics_hash)
+        expect(@irs_attempts_api_tracker).to have_received(:track_event).with(
+          :forgot_password_new_password_submitted,
+          success: true,
+          failure_reason: {},
+        )
 
         expect(user.active_profile.present?).to eq false
 
@@ -268,7 +307,9 @@
     context 'unconfirmed user submits valid new password' do
       it 'confirms the user' do
         stub_analytics
+        stub_attempts_tracker
         allow(@analytics).to receive(:track_event)
+        allow(@irs_attempts_api_tracker).to receive(:track_event)
 
         raw_reset_token, db_confirmation_token =
           Devise.token_generator.generate(User, :reset_password_token)
@@ -300,6 +341,11 @@
 
         expect(@analytics).to have_received(:track_event).
           with('Password Reset: Password Submitted', analytics_hash)
+        expect(@irs_attempts_api_tracker).to have_received(:track_event).with(
+          :forgot_password_new_password_submitted,
+          success: true,
+          failure_reason: {},
+        )
 
         expect(user.reload.confirmed?).to eq true