diff --git a/app/controllers/sign_up/registrations_controller.rb b/app/controllers/sign_up/registrations_controller.rb index c1ef375710c..522e6e26960 100644 --- a/app/controllers/sign_up/registrations_controller.rb +++ b/app/controllers/sign_up/registrations_controller.rb @@ -10,7 +10,10 @@ class RegistrationsController < ApplicationController CREATE_ACCOUNT = 'create_account' def new - @register_user_email_form = RegisterUserEmailForm.new(analytics: analytics) + @register_user_email_form = RegisterUserEmailForm.new( + analytics: analytics, + attempts_tracker: irs_attempts_api_tracker, + ) analytics.user_registration_enter_email_visit render :new, locals: { request_id: nil }, formats: :html end @@ -18,6 +21,7 @@ def new def create @register_user_email_form = RegisterUserEmailForm.new( analytics: analytics, + attempts_tracker: irs_attempts_api_tracker, ) result = @register_user_email_form.submit(permitted_params) diff --git a/app/forms/register_user_email_form.rb b/app/forms/register_user_email_form.rb index c65d2e5f616..9c6eafc259d 100644 --- a/app/forms/register_user_email_form.rb +++ b/app/forms/register_user_email_form.rb @@ -14,10 +14,11 @@ def self.model_name ActiveModel::Name.new(self, nil, 'User') end - def initialize(analytics:, password_reset_requested: false) + def initialize(analytics:, attempts_tracker:, password_reset_requested: false) @throttled = false @password_reset_requested = password_reset_requested @analytics = analytics + @attempts_tracker = attempts_tracker end def user @@ -133,6 +134,9 @@ def send_sign_up_unconfirmed_email(request_id) @analytics.throttler_rate_limit_triggered( throttle_type: :reg_unconfirmed_email, ) + @attempts_tracker.user_registration_email_submission_rate_limited( + email: email, email_already_registered: false, + ) else SendSignUpEmailConfirmation.new(existing_user).call(request_id: request_id) end @@ -146,6 +150,9 @@ def send_sign_up_confirmed_email @analytics.throttler_rate_limit_triggered( throttle_type: :reg_confirmed_email, ) + @attempts_tracker.user_registration_email_submission_rate_limited( + email: email, email_already_registered: true, + ) else UserMailer.signup_with_your_email(existing_user, email).deliver_now_or_later end diff --git a/app/services/irs_attempts_api/tracker_events.rb b/app/services/irs_attempts_api/tracker_events.rb index f9d7867828d..cc1c4ed4f2d 100644 --- a/app/services/irs_attempts_api/tracker_events.rb +++ b/app/services/irs_attempts_api/tracker_events.rb @@ -378,6 +378,20 @@ def user_registration_email_confirmation( ) end + # Tracks when user is rate limited for submitting registration email + # @param [String] email + # @param [Boolean] email_already_registered + def user_registration_email_submission_rate_limited( + email:, + email_already_registered: + ) + track_event( + :user_registration_email_submission_rate_limited, + email: email, + email_already_registered: email_already_registered, + ) + end + # Tracks when user submits registration email # @param [Boolean] success # @param [String] email diff --git a/app/services/request_password_reset.rb b/app/services/request_password_reset.rb index be4c4c45d49..d7de35d0fa4 100644 --- a/app/services/request_password_reset.rb +++ b/app/services/request_password_reset.rb @@ -5,7 +5,11 @@ ) do def perform if user_should_receive_registration_email? - form = RegisterUserEmailForm.new(password_reset_requested: true, analytics: analytics) + form = RegisterUserEmailForm.new( + password_reset_requested: true, + analytics: analytics, + attempts_tracker: irs_attempts_api_tracker, + ) result = form.submit({ email: email, terms_accepted: '1' }, instructions) [form.user, result] else diff --git a/spec/forms/register_user_email_form_spec.rb b/spec/forms/register_user_email_form_spec.rb index 0fa8058c86c..90dd2a545c4 100644 --- a/spec/forms/register_user_email_form_spec.rb +++ b/spec/forms/register_user_email_form_spec.rb @@ -2,7 +2,8 @@ describe RegisterUserEmailForm do let(:analytics) { FakeAnalytics.new } - subject { RegisterUserEmailForm.new(analytics: analytics) } + let(:attempts_tracker) { IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new } + subject { RegisterUserEmailForm.new(analytics: analytics, attempts_tracker: attempts_tracker) } it_behaves_like 'email validation' @@ -33,6 +34,12 @@ end it 'creates throttle events after reaching throttle limit' do + expect(attempts_tracker).to receive( + :user_registration_email_submission_rate_limited, + ).with( + email: 'taken@example.com', email_already_registered: true, + ) + create(:user, :signed_up, email: 'taken@example.com') (IdentityConfig.store.reg_confirmed_email_max_attempts + 1).times do @@ -72,6 +79,12 @@ end it 'creates throttle events after reaching throttle limit' do + expect(attempts_tracker).to receive( + :user_registration_email_submission_rate_limited, + ).with( + email: 'test@example.com', email_already_registered: false, + ) + create(:user, email: 'test@example.com', confirmed_at: nil, uuid: '123') (IdentityConfig.store.reg_unconfirmed_email_max_attempts + 1).times do subject.submit(email: 'test@example.com', terms_accepted: '1') @@ -122,7 +135,7 @@ end it 'saves the user email_language for a valid form' do - form = RegisterUserEmailForm.new(analytics: analytics) + form = RegisterUserEmailForm.new(analytics: analytics, attempts_tracker: attempts_tracker) response = form.submit( email: 'not_taken@gmail.com', email_language: 'fr', terms_accepted: '1', diff --git a/spec/views/sign_up/registrations/new.html.erb_spec.rb b/spec/views/sign_up/registrations/new.html.erb_spec.rb index bef5fd9612b..de563bc00a1 100644 --- a/spec/views/sign_up/registrations/new.html.erb_spec.rb +++ b/spec/views/sign_up/registrations/new.html.erb_spec.rb @@ -10,7 +10,10 @@ end before do allow(view).to receive(:current_user).and_return(nil) - @register_user_email_form = RegisterUserEmailForm.new(analytics: FakeAnalytics.new) + @register_user_email_form = RegisterUserEmailForm.new( + analytics: FakeAnalytics.new, + attempts_tracker: IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new, + ) view_context = ActionController::Base.new.view_context allow(view_context).to receive(:new_user_session_url). and_return('https://www.example.com/')