Remove feature flag devise_email_organization_routes

Andrew Evansrequested to merge
580586-atevans-enable-devise-email-organization-routes into master

What does this MR do and why?

Remove feature flag devise_email_organization_routes

Because of the work merged in !209311 (merged) and the guidance in !212901 (merged) , we do not need to use specifically organization-scoped url helpers. We can use the built-in route helpers, and the organization paths will be transparently added if the request is made on a scoped route to begin with. This should transparently work for all url helpers.

The FF is currently disabled in production, and this MR removes the code that was feature-flagged, restoring the original behavior.

References

Screenshots or screen recordings

Before After

How to set up and validate locally

Use the Rails mailer previews: https://gdk.test:3443/rails/mailers

In the previews, the links should not have the /o/organization-name prefix. All users in previews are in the default organization, and the links were not generated from pages with an /o/organization-name/ path prefix. Links should appear as:

  • https://gdk.test:3443/users/confirmation?confirmation_token=faketoken
  • https://gdk.test:3443/-/profile/emails/confirmation?confirmation_token=faketoken
  • https://gdk.test:3443/users/password/edit?reset_password_token=faketoken
  • https://gdk.test:3443/users/unlock?unlock_token=faketoken

The feature-flagged code ensured that all links sent in Devise emails were organization-scoped, such as:

  • https://gdk.test:3443/o/default/users/confirmation?confirmation_token=faketoken

This is no longer necessary due to the work in !209311 (merged) , so it is being removed.

Details about how organization-scoped urls work now, not strictly relevant to this MR

Because of the work in !209311 (merged) , links generated from pages on organization-scoped routes will generate organization-scoped links. This does not need to be verified here, since it was the result of 209311 and not the feature-flagged code this MR is removing.

If you wish to verify that links are generated appropriately, you may follow these steps:

  1. Ensure you have an organization set up with path snake-oil - https://gdk.test:3443/admin/organizations
  2. Ensure a user exists with the "home" organization set to snake-oil . This can be done by:
  3. creating a top-level group in snake-oil
  4. Set up SAML SSO for the group using Okta or SimpleSAMLPHP
  5. Signing up as a new user via this SSO path
  6. Alternatively, create a user and change them via the Rails command line: user.update(organization: Organizations::Organization.find_by_path('snake-oil'))
  7. Go to https://gdk.test:3443/o/snake-oil/users/password/new
  8. Enter an email of a user in snake-oil organization
  9. Check https://gdk.test:3443/rails/letter_opener for the reset instructions
  10. Click "copy link" and open in a new tab (letter_opener does something weird with iframes that breaks Devise email links)
  11. https://gdk.test:3443/o/snake-oil/users/password/edit?reset_password_token=abcdef1234
  12. Fill out the form
  13. Password updated and redirected to https://gdk.test:3443/o/snake-oil/users/sign_in

Unlock steps:

  1. On the rails console: `Current.organization = Organizations::Organization.find_by_path('snake-oil')
  2. user.lock_access!
  3. Check https://gdk.test:3443/rails/letter_opener for the unlock instructions
  4. The CTA link should have the /o/snake-oil prefix

Confirmation steps:

  1. As the new user, go to the Edit Emails screen: https://gdk.test:3443/o/snake-oil/-/profile/emails
  2. Add a new email address
  3. Check https://gdk.test:3443/rails/letter_opener for the confirmation instructions
  4. CTA link should have the /o/snake-oil/ prefix

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #580586

Edited by Andrew Evans

Merge request reports