Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LG-142 Password reset should count as email confirmation #2079

Merged
merged 1 commit into from
Apr 9, 2018
Merged

LG-142 Password reset should count as email confirmation #2079

merged 1 commit into from
Apr 9, 2018

Conversation

stevegsa
Copy link
Contributor

@stevegsa stevegsa commented Apr 4, 2018
edited
Loading

Why: When you don't have an account and request a password reset and click through to that email that says create your account now, users are taken to the very first step of having to confirm their email address again.

How: Override the functionality of reset password when the user is not found to behave like create account.

Hi! Before submitting your PR for review, and/or before merging it, please
go through the following checklist:

  • For DB changes, check for missing indexes, check to see if the changes
    affect other apps (such as the dashboard), make sure the DB columns in the
    various environments are properly populated, coordinate with devops, plan
    migrations in separate steps.

  • For route changes, make sure GET requests don't change state or result in
    destructive behavior. GET requests should only result in information being
    read, not written.

  • For encryption changes, make sure it is compatible with data that was
    encrypted with the old code.

  • For secrets changes, make sure to update the S3 secrets bucket with the
    new configs in all environments.

  • Do not disable Rubocop or Reek offenses unless you are absolutely sure
    they are false positives. If you're not sure how to fix the offense, please
    ask a teammate.

  • When reading data, write tests for nil values, empty strings,
    and invalid formats.

  • When calling redirect_to in a controller, use _url, not _path.

  • When adding user data to the session, use the user_session helper
    instead of the session helper so the data does not persist beyond the user's
    session.

  • When adding a new controller that requires the user to be fully
    authenticated, make sure to add before_action :confirm_two_factor_authenticated.

@stevegsa stevegsa force-pushed the stevegsa-reset-password-creates-account-if-not-found branch from 8f1af28 to 8ad1166 Compare April 4, 2018 19:42
@stevegsa stevegsa requested review from monfresh and jmhooper April 5, 2018 14:49
monfresh
monfresh reviewed Apr 5, 2018
View reviewed changes
spec/services/request_password_reset_spec.rb Outdated
expect(mailer).to receive(:deliver_later)

RequestPasswordReset.new(email, 'request_id').perform
expect_any_instance_of(User).to receive(:send_custom_confirmation_instructions)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to create a new email for this scenario? It might be confusing to get an email confirming account creation when the user was trying to reset their password. Maybe we should come up with new wording that says something like "you were trying to reset your password, but you don't have an account yet, so we created one for you."

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed.

@stevegsa
Copy link
Contributor Author

stevegsa commented Apr 5, 2018
edited
Loading

Reset password / confirmation email:

screen shot 2018-04-06 at 4 07 34 pm

@stevegsa stevegsa force-pushed the stevegsa-reset-password-creates-account-if-not-found branch 2 times, most recently from 9afb79a to db5cf0a Compare April 6, 2018 20:14
@stevegsa
LG-142 Password reset should count as email confirmation
d02f7e4 
**Why**: When you don't have an account and request a password reset and click through to that email that says create your account now, users are taken to the very first step of having to confirm their email address again.

**How**: Override the functionality of reset password when the user is not found to behave like create account.
@stevegsa stevegsa force-pushed the stevegsa-reset-password-creates-account-if-not-found branch from c4d11ec to d02f7e4 Compare April 9, 2018 13:19
monfresh
monfresh approved these changes Apr 9, 2018
View reviewed changes
Copy link
Contributor

@monfresh monfresh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stevegsa stevegsa merged commit de8c3e9 into master Apr 9, 2018
@amathews-fs amathews-fs deleted the stevegsa-reset-password-creates-account-if-not-found branch January 7, 2021 18:33
@mitchellhenke mitchellhenke mentioned this pull request Oct 6, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@monfresh monfresh monfresh approved these changes

@jmhooper jmhooper Awaiting requested review from jmhooper

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stevegsa @monfresh