Skip to content

Allow users to send verification code to verified secondary email

Eugie Limpinrequested to merge
el-send-verification-code-to-secondary-email into master

What does this MR do and why?

Implements #416451 (closed).

Allow a user to receive a new email verification code on one of their verified secondary email when their account is locked (see doc).

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screen_Recording_2024-09-11_at_4.03.22_PM

How to set up and validate locally

  1. Enable require_email_verification and send_verification_code_to_secondary_email features 
    $ rails console
> Feature.enable(:require_email_verification)
=> true
> Feature.enable(:send_verification_code_to_secondary_email)
=> true
  2. Still on the Rails console, create a verified secondary email for the root user 
    > FactoryBot.create(:email, email: 'root_secondary@ex.com', user: User.first, confirmed_at: Time.zone.now)
  3. Update app/controllers/concerns/verifies_with_email.rb so that a successful sign-in results to a locked account. This will display the email verification page after a successful sign-in. 
    diff --git a/app/controllers/concerns/verifies_with_email.rb b/app/controllers/concerns/verifies_with_email.rb
index c68fc28cae5a8..4e3450d04c2db 100644
--- a/app/controllers/concerns/verifies_with_email.rb
+++ b/app/controllers/concerns/verifies_with_email.rb
@@ -167,9 +167,10 @@ def handle_verification_success(user)
   end
 
   def trusted_ip_address?(user)
-    return true if Feature.disabled?(:check_ip_address_for_email_verification)
+    false
+    # return true if Feature.disabled?(:check_ip_address_for_email_verification)
 
-    AuthenticationEvent.initial_login_or_known_ip_address?(user, request.ip)
+    # AuthenticationEvent.initial_login_or_known_ip_address?(user, request.ip)
   end
 
   def prompt_for_email_verification(user)
  4. Sign-in with root user
  5. Verify that you are redirected to the email verification page with the option to resend a new code to a verified secondary email
  6. Click the send the code to a verified secondary email instead link
  7. Enter the secondary email you created in step 2
  8. Go to http://localhost:3000/rails/letter_opener and verify that a new code has been sent
Edited by Eugie Limpin

Merge request reports