LG-10157 Profiles should have activation characterization tests#8629
LG-10157 Profiles should have activation characterization tests#8629
Conversation
also: - use active profile factory - replace double negatives with positive checks
TODO: target new `active` trait on profile factory
|
|
||
| # TODO: this preserves the previous passing behavior, but should be re-implemented | ||
| # to rely on the `Profile#active` boolean rather than the `Profile#activated_at` timestamp | ||
| let!(:user) { create(:user, profiles: [create(:profile, activated_at: Time.zone.now)]) } |
There was a problem hiding this comment.
note: Here is the spec below that fails:
e08d8f8#diff-6bf8b5abaee036aff5e33c715c093fd644b2a81cd370915848679e2914ce8fdeR365
There was a problem hiding this comment.
TODO: this change accounts for the following non-active profile scenarios: - deactivated - password_reset - encryption_error There may also be other possible non-active scenarios.
kbighorse
changed the title
| request_url: 'http://example.com', | ||
| } | ||
|
|
||
| expect(unverified_profile.activated_at).to be_present |
There was a problem hiding this comment.
if the profile is unverified should there be an activated_at?
There was a problem hiding this comment.
I agree that this is an issue to investigate if we keep this code around.
| expect(unverified_profile.fraud_review_pending?).to eq(false) | ||
| expect(unverified_profile.gpo_verification_pending_at).to be_nil | ||
| expect(unverified_profile.initiating_service_provider).to be_nil | ||
| expect(unverified_profile.verified_at).to be_nil |
| it 'logs a reproofing event upon reproofing' do | ||
| user.profiles.create(verified_at: Time.zone.now, active: true, activated_at: Time.zone.now) | ||
| unverified_profile = user.profiles.first | ||
| verified_profile = create(:profile, :verified, user: user) |
There was a problem hiding this comment.
@theabrad note: is this equivalent to what's on main?
| expect(verified_profile.initiating_service_provider).to be_nil | ||
| expect(verified_profile.verified_at).to be_present | ||
|
|
||
| expect(@irs_attempts_api_tracker).to receive(:idv_reproof) |
There was a problem hiding this comment.
@soniaconnolly: @theabrad and I think that Profile#has_proofed_before? may need to be refactored to rely on activated_at AND verified_at. It currently considers activated_at only.
@benjaminchait this is IRS-related code, should we loop in anyone else?
soniaconnolly
left a comment
soniaconnolly
left a comment
There was a problem hiding this comment.
Thank you for all this work and analysis! Approving, with the strong recommendation to add one more commit to automatically include :verified in the :active trait. And some other comments.
| request_url: 'http://example.com', | ||
| } | ||
|
|
||
| expect(unverified_profile.activated_at).to be_present |
There was a problem hiding this comment.
I agree that this is an issue to investigate if we keep this code around.
spec/factories/profiles.rb
Outdated
| # `activated_at` will be always defined for active profiles, | ||
| # but it is not defined here so tests will not rely on it | ||
| # instead of the `active` boolean above as they should |
There was a problem hiding this comment.
Recommend adding activated_at and verified_at fields to accurately reflect what's required in the code.
|
|
||
| trait :deactivated do | ||
| active { false } | ||
| activated_at { Time.zone.now } |
There was a problem hiding this comment.
If it's deactivated, activated_at should be in the past, and this should also have a matching verified_at.
spec/models/profile_spec.rb
Outdated
| describe '#activate' do | ||
| it 'activates current Profile, de-activates all other Profile for the user' do | ||
| active_profile = user.profiles.create(active: true) | ||
| # TODO: should also be verified |
There was a problem hiding this comment.
As noted above, :active should automatically imply :verified.
| describe '#activate_after_password_reset' do | ||
| it 'activates a profile after password reset' do | ||
| it 'activates a non-verified, non-active, non-activated profile after password reset' do | ||
| # TODO: this profile scenario shouldn't be possible |
There was a problem hiding this comment.
As discussed, this scenario should expect a RuntimeError, and the code should raise.
| end | ||
|
|
||
| # ??? This method still nils out deactivation_reason even though it raises | ||
| it 'does not activate a profile if it has a pending reason' do |
There was a problem hiding this comment.
Test title could be more descriptive.
| it 'does not activate a profile if it has a pending reason' do | |
| it 'does not activate a profile after password reset if it has fraud review pending' do |
Maybe it's removing password_reset as the deactivation reason because they used their Personal Key to recover the PII bundle? Do they have a Personal Key if they're fraud review pending? Maybe these password reset specs are left over from when the user saw the Personal Key before entering their GPO code.
| :fraud_review_pending, | ||
| :in_person_verification_pending, |
There was a problem hiding this comment.
This is an invalid combination of characteristics. Fraud review pending doesn't apply to in person proofing.
| # TODO: does deactivating make sense for a non-active profile? Should we prevent it? | ||
| # TODO: related: should we test against an active profile here? |
There was a problem hiding this comment.
We used to activate and immediately deactivate. I think Amir fixed that, but the method names still include "deactivate."
3 participants
🎫 Ticket
Profile de-/activation methods should have characterization tests
🛠 Summary of changes