Open
Conversation
Implements a full email change verification flow for users and admins. Adds EmailChangeRequest model, migrations and schema entries (token, expires_at, used_at, active) and ApiMessage helper. Exposes API endpoints (v1/email_verifications#create, verification, active, cancel_pending_email_change) and v1/users#update_email; adds admin UI/actions to edit/update user email. Introduces background jobs to send verification/confirmation emails via GOV.UK Notify (SendEmailVerificationJob, SendConfirmEmailVerificationJob) and Notify service wrapper. Adds services to update local user email and sync with Auth0 (UpdateUserEmail, UpdateUserEmailInAuth0) and to fetch auth logs (UserLogsInAuth0). Includes JSONAPI serializable resources, controller logic, view, route updates and comprehensive specs for models, controllers and services. Token expiry is 2 days; update operations are wrapped in DB transactions and Auth0 sync errors roll back changes.
Add the notifications-ruby-client gem to the Gemfile so the application can use the Notifications Ruby client library. The gem is added without a version constraint and is placed at top-level of the Gemfile.
test key removed and will populate to live key in env.
Pass user.name through controllers and services into SendEmailVerificationJob and SendConfirmEmailVerificationJob, add person_name to Notify template vars so emails can include the recipient's name, and update SendConfirmEmailVerificationJob signature. Also correct the Notify client initializer to use ENV['GOV_NOTIFY_API_KEY'] (was GOVUK_NOTIFY_API_KEY).
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
https://crowncommercialservice.atlassian.net/browse/NRMI-289
https://crowncommercialservice.atlassian.net/browse/NRMI-320
https://crowncommercialservice.atlassian.net/browse/NRMI-302
https://crowncommercialservice.atlassian.net/browse/NRMI-171
Why was the change made?
This PR enables users to update their email address and view a history of their last five login sessions. The update flow focuses on a direct email change with built-in validation, while the security dashboard provides visibility into recent account activity by displaying the timestamp and device info for the five most recent sessions (excluding IP data).
What type of change is it?
[ ] New feature
How was the change tested?
I performed end-to-end testing by using the browser to verify the UI flow for email updates and session displays. I also used Postman to hit the API endpoints directly, ensuring the backend correctly processes email changes and accurately retrieves the last five login sessions.