Re-Implement Email Confirmation

[aaronskiba]

Note

• This PR was previously approved and merged into development. https://github.com/DMPRoadmap/roadmap/pull/3507
• However, only a subset of development was merged into main for release v5.0.1.
• These changes have still not been merged into main.

Changes proposed in this PR:

• Added :confirmable module to User model, which implements email confirmation via Devise.

• Added the rake task, email_confirmation:clear_all (see lib/tasks/email_confirmation.rake)

  • The rake task sets the values of all email confirmation-related columns (confirmed_at, confirmation_token, and confirmation_sent_at) to nil for all users. It then proceeds to confirm all superusers within the app.

• Streamline the email confirmation process for existing users

  • By default, Devise's :confirmable module generates a confirmation_token and auto-sends confirmation instructions when a new user is created.
  • Because we are only implementing :confirmable now, existing users can't receive these autosent instructions. However, this PR implements autosent confirmation instructions in the following manner:
    1. A user attempts to sign into the app. (Note, this sign-in can either be performed via the system sign-in, or via the Shibboleth sign-in).
    2. The return if confirmation_instructions_missing_and_handled?(user) line of code is executed. This method belongs to the EmailConfirmationHandler concern, and works as follows: i) returns false if the user is either already confirmed or has an outstanding confirmation_token ii) Else (the user is unconfirmed AND has no outstanding confirmation_token). Generate the confirmation token and auto-send the confirmation instructions email. (Note: on subsequent sign-in attempts, attempts, the method will return false, preventing redundant emails.)

• Customise devise.failure.unconfirmed value in various config/locales/*.yml files. The customised value includes an embedded link to /users/confirmation/new. The following is a screenshot of the customised value for :"en-CA":

  • 

• Updated existing tests

  • Added confirmed_at { Time.current } to User factory
  • Added config.action_mailer.default_options = { from: '[email protected]' } to enable email confirmation tests

• Add new tests (spec/features/email_confirmation_spec.rb)

  • These tests verify the streamlined email confirmation behaviour for existing users
    • Quite a bit of config was needed to enable testing of behaviour with shibboleth (see spec/support/helpers/omniauth_helper.rb and additions to spec/rails_helper.rb)
  • They also test the clickable link to /users/confirmation/new embedded in the customised devise.failure.unconfirmed flash message.

• Refactoring

  • Addressed some rubocop offences within SessionsController#create and Users::OmniauthCallbacksController#handle_omniauth

• https://github.com/DMPRoadmap/roadmap/pull/3511

  • Update spec/support/faker.rb to replace 'en' with I18n.default_locale for assigning locales. This change should allow for more accurate testing by using the application's specified locale.
  • Prior to this PR, there was a commit in the aforementioned file that read "Keep this as :en. Faker doesn't have :en-GB". However, I18n.default_locale evaluates to :"en-GB" for this codebase, and all of the tests appear to be passing. Additionally, the branch that this PR is pointed at (upstream/aaron/add-email-confirmation), uses I18n.t(...) for several tests, and this change is required for those tests to pass.

[github-actions[bot]]

</tr>

	1 Error
:no_entry_sign:	Please include a CHANGELOG entry. You can find it at [CHANGELOG.md](https://github.com/DMPRoadmap/roadmap/blob/main/CHANGELOG.md).

Generated by :no_entry_sign: Danger