From 22919a686d5db7806ef3b695f54f9c30b2428202 Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Fri, 31 Mar 2023 10:37:23 -0700 Subject: [PATCH 1/8] "You verified your identity" email links to password reset (LG-9285) changelog: User-Facing Improvements, Identity Verification, Update link in "You verified your identity" email for password reset Co-authored-by: Amir Reavis-Bey --- app/controllers/idv/gpo_verify_controller.rb | 3 +-- app/controllers/idv/review_controller.rb | 3 +-- app/mailers/user_mailer.rb | 4 ++-- .../user_alerts/alert_user_about_account_verified.rb | 3 +-- app/views/user_mailer/account_verified.html.erb | 6 +++--- config/locales/user_mailer/en.yml | 4 ++-- config/locales/user_mailer/es.yml | 4 ++-- config/locales/user_mailer/fr.yml | 4 ++-- lib/tasks/review_profile.rake | 3 +-- spec/mailers/user_mailer_spec.rb | 4 ++++ 10 files changed, 19 insertions(+), 19 deletions(-) diff --git a/app/controllers/idv/gpo_verify_controller.rb b/app/controllers/idv/gpo_verify_controller.rb index b18ba0db301..9fabbf4a910 100644 --- a/app/controllers/idv/gpo_verify_controller.rb +++ b/app/controllers/idv/gpo_verify_controller.rb @@ -43,7 +43,7 @@ def create if result.extra[:pending_in_person_enrollment] redirect_to idv_in_person_ready_to_verify_url else - event, disavowal_token = create_user_event_with_disavowal(:account_verified) + event, _disavowal_token = create_user_event_with_disavowal(:account_verified) if result.extra[:threatmetrix_check_failed] && threatmetrix_enabled? redirect_to_fraud_review @@ -52,7 +52,6 @@ def create user: current_user, date_time: event.created_at, sp_name: decorated_session.sp_name, - disavowal_token: disavowal_token, ) flash[:success] = t('account.index.verification.success') redirect_to next_step diff --git a/app/controllers/idv/review_controller.rb b/app/controllers/idv/review_controller.rb index 4449c67cfe3..31136791df1 100644 --- a/app/controllers/idv/review_controller.rb +++ b/app/controllers/idv/review_controller.rb @@ -93,12 +93,11 @@ def init_profile end if idv_session.profile.active? - event, disavowal_token = create_user_event_with_disavowal(:account_verified) + event, _disavowal_token = create_user_event_with_disavowal(:account_verified) UserAlerts::AlertUserAboutAccountVerified.call( user: current_user, date_time: event.created_at, sp_name: decorated_session.sp_name, - disavowal_token: disavowal_token, ) end end diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index 0645399cf6d..3acd7ae7508 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -240,13 +240,13 @@ def add_email_associated_with_another_account end end - def account_verified(date_time:, sp_name:, disavowal_token:) + # remove disavowal_token after next deploy + def account_verified(date_time:, sp_name:, disavowal_token: nil) return unless email_should_receive_nonessential_notifications?(email_address.email) with_user_locale(user) do @date = I18n.l(date_time, format: :event_date) @sp_name = sp_name - @disavowal_token = disavowal_token mail( to: email_address.email, subject: t('user_mailer.account_verified.subject', sp_name: @sp_name), diff --git a/app/services/user_alerts/alert_user_about_account_verified.rb b/app/services/user_alerts/alert_user_about_account_verified.rb index 4823b813da4..5d4d0cf4459 100644 --- a/app/services/user_alerts/alert_user_about_account_verified.rb +++ b/app/services/user_alerts/alert_user_about_account_verified.rb @@ -1,12 +1,11 @@ module UserAlerts class AlertUserAboutAccountVerified - def self.call(user:, date_time:, sp_name:, disavowal_token:) + def self.call(user:, date_time:, sp_name:) sp_name ||= APP_NAME user.confirmed_email_addresses.each do |email_address| UserMailer.with(user: user, email_address: email_address).account_verified( date_time: date_time, sp_name: sp_name, - disavowal_token: disavowal_token, ).deliver_now_or_later end end diff --git a/app/views/user_mailer/account_verified.html.erb b/app/views/user_mailer/account_verified.html.erb index 0e7b1c9bc05..35c80c349d1 100644 --- a/app/views/user_mailer/account_verified.html.erb +++ b/app/views/user_mailer/account_verified.html.erb @@ -4,9 +4,9 @@ sp_name: @sp_name, app_name: APP_NAME, date: @date, - disavowal_link: link_to( - t('user_mailer.account_verified.disavowal_link'), - event_disavowal_url(disavowal_token: @disavowal_token), + change_password_link: link_to( + t('user_mailer.account_verified.change_password_link'), + new_user_password_url, ), contact_link: link_to(t('user_mailer.account_verified.contact_link'), MarketingSite.contact_url), ) %> diff --git a/config/locales/user_mailer/en.yml b/config/locales/user_mailer/en.yml index aa17f309252..37339e16039 100644 --- a/config/locales/user_mailer/en.yml +++ b/config/locales/user_mailer/en.yml @@ -38,11 +38,11 @@ en: account will not be deleted until you confirm.' subject: How to delete your %{app_name} account account_verified: + change_password_link: change your password contact_link: contact us - disavowal_link: change your password intro_html: You successfully verified your identity with %{sp_name} on %{date} using %{app_name}. If you did not perform this action, please - %{contact_link} and sign in to %{disavowal_link}. + %{contact_link} and sign in to %{change_password_link}. subject: You verified your identity with %{sp_name}. add_email: footer: This link will expire in %{confirmation_period}. diff --git a/config/locales/user_mailer/es.yml b/config/locales/user_mailer/es.yml index 5d9b500ffa9..886d25fa866 100644 --- a/config/locales/user_mailer/es.yml +++ b/config/locales/user_mailer/es.yml @@ -41,11 +41,11 @@ es: eliminará hasta que confirme.' subject: Cómo eliminar su cuenta de %{app_name} account_verified: + change_password_link: cambiar tu contraseña contact_link: contacto con nosotros - disavowal_link: cambiar tu contraseña intro_html: Verificaste correctamente tu identidad con %{sp_name} el %{date} a través de %{app_name}. Si no realizaste esta acción, ponte en - %{contact_link} e inicia sesión para %{disavowal_link}. + %{contact_link} e inicia sesión para %{change_password_link}. subject: Verificaste tu identidad con %{sp_name} add_email: footer: Este enlace expira en %{confirmation_period}. diff --git a/config/locales/user_mailer/fr.yml b/config/locales/user_mailer/fr.yml index 12f672428eb..4fe567ba16c 100644 --- a/config/locales/user_mailer/fr.yml +++ b/config/locales/user_mailer/fr.yml @@ -40,12 +40,12 @@ fr: compte ne sera pas supprimé tant que vous ne l’aurez pas confirmé.' subject: Comment supprimer votre compte %{app_name} account_verified: + change_password_link: changer votre mot de passe contact_link: nous contacter - disavowal_link: changer votre mot de passe intro_html: Vous avez vérifié avec succès votre identité auprès de %{sp_name} le %{date} en utilisant %{app_name}. Si vous n’avez pas effectué cette action, veuillez %{contact_link} et vous connecter pour - %{disavowal_link}. + %{change_password_link}. subject: Vous avez vérifié votre identité avec %{sp_name} add_email: footer: Ce lien expirera dans %{confirmation_period}. diff --git a/lib/tasks/review_profile.rake b/lib/tasks/review_profile.rake index c7ac1568e0b..f771add766d 100644 --- a/lib/tasks/review_profile.rake +++ b/lib/tasks/review_profile.rake @@ -31,14 +31,13 @@ namespace :users do profile.activate_after_passing_review if profile.active? - event, disavowal_token = UserEventCreator.new(current_user: user). + event, _disavowal_token = UserEventCreator.new(current_user: user). create_out_of_band_user_event_with_disavowal(:account_verified) UserAlerts::AlertUserAboutAccountVerified.call( user: user, date_time: event.created_at, sp_name: nil, - disavowal_token: disavowal_token, ) STDOUT.puts "User's profile has been activated and the user has been emailed." diff --git a/spec/mailers/user_mailer_spec.rb b/spec/mailers/user_mailer_spec.rb index c31c0471968..8db61936449 100644 --- a/spec/mailers/user_mailer_spec.rb +++ b/spec/mailers/user_mailer_spec.rb @@ -554,6 +554,10 @@ def expect_email_body_to_have_help_and_contact_links ) expect(mail.to).to eq(nil) end + + it 'links to the forgot password page' do + expect(mail.html_part.body).to have_selector("a[href='#{new_user_password_url}']") + end end describe '#in_person_ready_to_verify' do From bdfdc10126d15d8476932797273a141e7e577165 Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Fri, 31 Mar 2023 11:28:32 -0700 Subject: [PATCH 2/8] Fix spec for removal of disavowal_token --- .../user_alerts/alert_user_about_account_verified_spec.rb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/spec/services/user_alerts/alert_user_about_account_verified_spec.rb b/spec/services/user_alerts/alert_user_about_account_verified_spec.rb index 24098f9c8f0..6862853085b 100644 --- a/spec/services/user_alerts/alert_user_about_account_verified_spec.rb +++ b/spec/services/user_alerts/alert_user_about_account_verified_spec.rb @@ -3,7 +3,6 @@ describe UserAlerts::AlertUserAboutAccountVerified do describe '#call' do let(:user) { create(:user, :signed_up) } - let(:disavowal_token) { 'the_disavowal_token' } let(:device) { create(:device, user: user) } let(:date_time) { Time.zone.now } @@ -16,24 +15,20 @@ user: user, date_time: date_time, sp_name: '', - disavowal_token: disavowal_token, ) expect_delivered_email_count(3) expect_delivered_email( to: [confirmed_email_addresses[0].email], subject: t('user_mailer.account_verified.subject', sp_name: ''), - body: [disavowal_token], ) expect_delivered_email( to: [confirmed_email_addresses[1].email], subject: t('user_mailer.account_verified.subject', sp_name: ''), - body: [disavowal_token], ) expect_delivered_email( to: [confirmed_email_addresses[2].email], subject: t('user_mailer.account_verified.subject', sp_name: ''), - body: [disavowal_token], ) end end From ba7fdb505c7db14bb827dd5b132eb20c4ba6016c Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Fri, 31 Mar 2023 11:41:21 -0700 Subject: [PATCH 3/8] Create event without disavowal token Co-authored-by: Andrew Duthie --- app/controllers/idv/gpo_verify_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/idv/gpo_verify_controller.rb b/app/controllers/idv/gpo_verify_controller.rb index 9fabbf4a910..9e6c4888806 100644 --- a/app/controllers/idv/gpo_verify_controller.rb +++ b/app/controllers/idv/gpo_verify_controller.rb @@ -43,7 +43,7 @@ def create if result.extra[:pending_in_person_enrollment] redirect_to idv_in_person_ready_to_verify_url else - event, _disavowal_token = create_user_event_with_disavowal(:account_verified) + event = create_user_event(:account_verified) if result.extra[:threatmetrix_check_failed] && threatmetrix_enabled? redirect_to_fraud_review From 1caf6aa37f33b79497f0faa26d73ed7ab86e332d Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Fri, 31 Mar 2023 11:43:31 -0700 Subject: [PATCH 4/8] Create events without disavowal tokens --- app/controllers/idv/review_controller.rb | 2 +- lib/tasks/review_profile.rake | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/idv/review_controller.rb b/app/controllers/idv/review_controller.rb index 31136791df1..be6eb85510a 100644 --- a/app/controllers/idv/review_controller.rb +++ b/app/controllers/idv/review_controller.rb @@ -93,7 +93,7 @@ def init_profile end if idv_session.profile.active? - event, _disavowal_token = create_user_event_with_disavowal(:account_verified) + event = create_user_event(:account_verified) UserAlerts::AlertUserAboutAccountVerified.call( user: current_user, date_time: event.created_at, diff --git a/lib/tasks/review_profile.rake b/lib/tasks/review_profile.rake index f771add766d..44e64f3378c 100644 --- a/lib/tasks/review_profile.rake +++ b/lib/tasks/review_profile.rake @@ -31,8 +31,8 @@ namespace :users do profile.activate_after_passing_review if profile.active? - event, _disavowal_token = UserEventCreator.new(current_user: user). - create_out_of_band_user_event_with_disavowal(:account_verified) + event = UserEventCreator.new(current_user: user). + create_out_of_band_user_event(:account_verified) UserAlerts::AlertUserAboutAccountVerified.call( user: user, From a751d136e679ab3f50656b6da12238d934c7a33e Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Fri, 31 Mar 2023 12:02:24 -0700 Subject: [PATCH 5/8] Revert "Create events without disavowal tokens" This reverts commit 1caf6aa37f33b79497f0faa26d73ed7ab86e332d. --- app/controllers/idv/review_controller.rb | 2 +- lib/tasks/review_profile.rake | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/idv/review_controller.rb b/app/controllers/idv/review_controller.rb index be6eb85510a..31136791df1 100644 --- a/app/controllers/idv/review_controller.rb +++ b/app/controllers/idv/review_controller.rb @@ -93,7 +93,7 @@ def init_profile end if idv_session.profile.active? - event = create_user_event(:account_verified) + event, _disavowal_token = create_user_event_with_disavowal(:account_verified) UserAlerts::AlertUserAboutAccountVerified.call( user: current_user, date_time: event.created_at, diff --git a/lib/tasks/review_profile.rake b/lib/tasks/review_profile.rake index 44e64f3378c..f771add766d 100644 --- a/lib/tasks/review_profile.rake +++ b/lib/tasks/review_profile.rake @@ -31,8 +31,8 @@ namespace :users do profile.activate_after_passing_review if profile.active? - event = UserEventCreator.new(current_user: user). - create_out_of_band_user_event(:account_verified) + event, _disavowal_token = UserEventCreator.new(current_user: user). + create_out_of_band_user_event_with_disavowal(:account_verified) UserAlerts::AlertUserAboutAccountVerified.call( user: user, From 87613d53a6a5fb893994129f16a9054855ec717c Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Fri, 31 Mar 2023 12:02:35 -0700 Subject: [PATCH 6/8] Revert "Create event without disavowal token" This reverts commit ba7fdb505c7db14bb827dd5b132eb20c4ba6016c. --- app/controllers/idv/gpo_verify_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/idv/gpo_verify_controller.rb b/app/controllers/idv/gpo_verify_controller.rb index 9e6c4888806..9fabbf4a910 100644 --- a/app/controllers/idv/gpo_verify_controller.rb +++ b/app/controllers/idv/gpo_verify_controller.rb @@ -43,7 +43,7 @@ def create if result.extra[:pending_in_person_enrollment] redirect_to idv_in_person_ready_to_verify_url else - event = create_user_event(:account_verified) + event, _disavowal_token = create_user_event_with_disavowal(:account_verified) if result.extra[:threatmetrix_check_failed] && threatmetrix_enabled? redirect_to_fraud_review From 83410ee0941940ecf22c2bde7a7ce4916a3e146b Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Fri, 31 Mar 2023 12:13:23 -0700 Subject: [PATCH 7/8] clean up some specs and things --- app/controllers/idv/gpo_verify_controller.rb | 2 +- app/controllers/idv/review_controller.rb | 2 +- lib/tasks/review_profile.rake | 2 +- spec/controllers/idv/gpo_verify_controller_spec.rb | 12 ++++++------ spec/controllers/idv/review_controller_spec.rb | 6 +++--- spec/lib/tasks/review_profile_spec.rb | 1 - 6 files changed, 12 insertions(+), 13 deletions(-) diff --git a/app/controllers/idv/gpo_verify_controller.rb b/app/controllers/idv/gpo_verify_controller.rb index 9fabbf4a910..9f852072a61 100644 --- a/app/controllers/idv/gpo_verify_controller.rb +++ b/app/controllers/idv/gpo_verify_controller.rb @@ -43,7 +43,7 @@ def create if result.extra[:pending_in_person_enrollment] redirect_to idv_in_person_ready_to_verify_url else - event, _disavowal_token = create_user_event_with_disavowal(:account_verified) + event, _disavowal_token = create_user_event(:account_verified) if result.extra[:threatmetrix_check_failed] && threatmetrix_enabled? redirect_to_fraud_review diff --git a/app/controllers/idv/review_controller.rb b/app/controllers/idv/review_controller.rb index 31136791df1..5c648c2f146 100644 --- a/app/controllers/idv/review_controller.rb +++ b/app/controllers/idv/review_controller.rb @@ -93,7 +93,7 @@ def init_profile end if idv_session.profile.active? - event, _disavowal_token = create_user_event_with_disavowal(:account_verified) + event, _disavowal_token = create_user_event(:account_verified) UserAlerts::AlertUserAboutAccountVerified.call( user: current_user, date_time: event.created_at, diff --git a/lib/tasks/review_profile.rake b/lib/tasks/review_profile.rake index f771add766d..86c1c85a9e2 100644 --- a/lib/tasks/review_profile.rake +++ b/lib/tasks/review_profile.rake @@ -32,7 +32,7 @@ namespace :users do if profile.active? event, _disavowal_token = UserEventCreator.new(current_user: user). - create_out_of_band_user_event_with_disavowal(:account_verified) + create_out_of_band_user_event(:account_verified) UserAlerts::AlertUserAboutAccountVerified.call( user: user, diff --git a/spec/controllers/idv/gpo_verify_controller_spec.rb b/spec/controllers/idv/gpo_verify_controller_spec.rb index cc9b7466ca2..0fd105054d4 100644 --- a/spec/controllers/idv/gpo_verify_controller_spec.rb +++ b/spec/controllers/idv/gpo_verify_controller_spec.rb @@ -122,9 +122,9 @@ action - disavowal_event_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0'). - where.not(disavowal_token_fingerprint: nil).count - expect(disavowal_event_count).to eq 1 + event_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0'). + where(disavowal_token_fingerprint: nil).count + expect(event_count).to eq 1 expect(response).to redirect_to(idv_personal_key_url) end @@ -194,9 +194,9 @@ action - disavowal_event_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0'). - where.not(disavowal_token_fingerprint: nil).count - expect(disavowal_event_count).to eq 1 + event_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0'). + where(disavowal_token_fingerprint: nil).count + expect(event_count).to eq 1 expect(response).to redirect_to(idv_personal_key_url) end end diff --git a/spec/controllers/idv/review_controller_spec.rb b/spec/controllers/idv/review_controller_spec.rb index bf0c77b6ab7..86bdd2cc118 100644 --- a/spec/controllers/idv/review_controller_spec.rb +++ b/spec/controllers/idv/review_controller_spec.rb @@ -328,9 +328,9 @@ def show it 'creates an `account_verified` event once per confirmation' do put :create, params: { user: { password: ControllerHelper::VALID_PASSWORD } } - disavowal_event_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0'). - where.not(disavowal_token_fingerprint: nil).count - expect(disavowal_event_count).to eq 1 + events_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0'). + where(disavowal_token_fingerprint: nil).count + expect(events_count).to eq 1 end context 'with in person profile' do diff --git a/spec/lib/tasks/review_profile_spec.rb b/spec/lib/tasks/review_profile_spec.rb index e6e6fec3d08..6aa98f44bd2 100644 --- a/spec/lib/tasks/review_profile_spec.rb +++ b/spec/lib/tasks/review_profile_spec.rb @@ -37,7 +37,6 @@ expect(UserAlerts::AlertUserAboutAccountVerified).to receive(:call).with( user: user, date_time: Time.zone.now, - disavowal_token: kind_of(String), sp_name: nil, ) invoke_task From 7570eae820bd018403006dfe24284637514073cb Mon Sep 17 00:00:00 2001 From: Zach Margolis Date: Fri, 31 Mar 2023 15:48:02 -0700 Subject: [PATCH 8/8] rubocop lint --- app/mailers/user_mailer.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index 3acd7ae7508..ee529fc8454 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -241,7 +241,7 @@ def add_email_associated_with_another_account end # remove disavowal_token after next deploy - def account_verified(date_time:, sp_name:, disavowal_token: nil) + def account_verified(date_time:, sp_name:, disavowal_token: nil) # rubocop:disable Lint/UnusedMethodArgument return unless email_should_receive_nonessential_notifications?(email_address.email) with_user_locale(user) do