Skip to content

LG-11839 Don't delete proofing_component on password reset for profiles not yet activated#9820

Merged
theabrad merged 3 commits intomainfrom
abrad-lg-11839-proofing-component-password-reset
Dec 21, 2023
Merged

LG-11839 Don't delete proofing_component on password reset for profiles not yet activated#9820
theabrad merged 3 commits intomainfrom
abrad-lg-11839-proofing-component-password-reset

Conversation

@theabrad
Copy link
Contributor

@theabrad theabrad commented Dec 21, 2023
edited
Loading

🎫 Ticket

LG-11839

🛠 Summary of changes

If a user goes through IdV and choses to reset their password at the enter password step and then disavow that password reset, their proofing components gets deleted. We want to keep those proofing components until a user completed IdV so that they get minted with the profile. This PR fixes that. This should not matter because if a user resets their password they have to go through IdV again, but this eliminates an edge case.

📜 Testing Plan

Provide a checklist of steps to confirm the changes.

  • Go through IdV until the enter code step.
  • At the enter password step, reset your password.
  • Once you reset your password disavow that reset. (Click the email link in the email that says If you did not make this change reset your password)
  • Open rails console and confirm that user still has proofing components.

@theabrad theabrad requested a review from a team December 21, 2023 19:30
soniaconnolly
soniaconnolly reviewed Dec 21, 2023
View reviewed changes
app/forms/event_disavowal/password_reset_from_disavowal_form.rb
end

def mark_profile_inactive
return if user.active_profile.blank?
Copy link
Contributor

@soniaconnolly soniaconnolly Dec 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice one-line fix! Do we want to destroy the proofing component if they have an active profile? I thought we never destroyed proofing components.

Copy link
Contributor Author

@theabrad theabrad Dec 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When a profile is minted, the proofing component gets saved to that profile in an immutable kind of form so it will still be there. If a user goes through IdV again then they will have an overwritten proofing_component table so it's probably not as important.

soniaconnolly
soniaconnolly approved these changes Dec 21, 2023
View reviewed changes
Copy link
Contributor

@soniaconnolly soniaconnolly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Tried it out, still had a proofing component.

@theabrad theabrad merged commit 02ead1b into main Dec 21, 2023
@theabrad theabrad deleted the abrad-lg-11839-proofing-component-password-reset branch December 21, 2023 22:01
matthinz
matthinz reviewed Dec 21, 2023
View reviewed changes
app/forms/event_disavowal/password_reset_from_disavowal_form.rb
return if user.active_profile.blank?

user.active_profile&.deactivate(:password_reset)
Funnel::DocAuth::ResetSteps.call(@user.id)
Copy link
Contributor

@matthinz matthinz Dec 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it matter that we're skipping this doc auth log thing in this case?

@soniaconnolly soniaconnolly mentioned this pull request Jan 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@matthinz matthinz matthinz left review comments

@soniaconnolly soniaconnolly soniaconnolly approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@theabrad @matthinz @soniaconnolly