identity-idp icon indicating copy to clipboard operation
identity-idp copied to clipboard
verified publisher icon 18F

LG-13220: Fix aggregated new device sign-in for expired session

Open aduth opened this issue 1 year ago • 0 comments

🎫 Ticket

LG-13220

🛠 Summary of changes

Fixes an issue where new-device email notification is not sent as expected when fully authenticating after letting a first sign-in attempt expire.

This feature is only enabled in local development, so this is not a bug affecting production.

Draft: Currently, this only implements the failing regression spec, not the actual fix.

📜 Testing Plan

  1. In a private browser, go to http://localhost:3000
  2. Sign in successfully with email and password (do not complete MFA)
  3. Wait until your sign-in session times out (~15minutes, you'll see an alert "We cleared your information due to inactivity" and be returned to sign-in
  4. Sign in again and complete MFA

Before: The second email is not sent after completing MFA. After: Two emails are sent: One for the initial timeout of the notification window listing the email and password submission, and a second after completing MFA.

aduth avatar May 14 '24 20:05 aduth