diff --git a/app/controllers/jobseekers/accounts_controller.rb b/app/controllers/jobseekers/accounts_controller.rb index f67a2d4fdc..01e127c710 100644 --- a/app/controllers/jobseekers/accounts_controller.rb +++ b/app/controllers/jobseekers/accounts_controller.rb @@ -1,8 +1,6 @@ class Jobseekers::AccountsController < Jobseekers::BaseController def show; end - def confirmation; end - def account_found; end def account_not_found; end diff --git a/app/controllers/jobseekers/confirmations_controller.rb b/app/controllers/jobseekers/confirmations_controller.rb deleted file mode 100644 index 9fd23c1554..0000000000 --- a/app/controllers/jobseekers/confirmations_controller.rb +++ /dev/null @@ -1,45 +0,0 @@ -class Jobseekers::ConfirmationsController < Devise::ConfirmationsController - # - # Overriden Devise methods. - # - - # Introduces a middle step to confirm the user account after following the email confirmation link. - # This resolves issues with some email cloud providers (Outlook) security checks consuming the confirmation token and - # and then redirecting the user to the page, causing the user to land at a "link expired" error page. - def show - return super if request.method == "POST" # When clicking "Confirm" on the confirmation page, handles it to Devise. - - # When landing on the confirmation page from the email link. - return not_found unless params[:confirmation_token].present? - - if (user = Jobseeker.find_by(confirmation_token: params[:confirmation_token])) - user.needs_email_confirmation? ? render(:show) : render(:already_confirmed) - else - not_found - end - end - - # Completely replaces the Devise definition - # Takes user to "check your email" page even if they introduced the wrong email address. - # This is to avoid an attacker discovering registered email addresses on the service through this form. - def create - if resource_params[:email].blank? - self.resource = Jobseeker.new - resource.errors.add(:email, :blank) - return render(:new) - end - self.resource = Jobseeker.send_confirmation_instructions(resource_params) - - session[:jobseeker_id] = resource.id if resource # Ensures that the jobseeker is identified on following pages. - flash[:success] = t("jobseekers.registrations.check_your_email.resent_email_confirmation") - respond_with({}, location: jobseekers_check_your_email_path) - end - - protected - - def after_confirmation_path_for(_resource_name, resource) - sign_in(resource) - flash.delete(:notice) - confirmation_jobseekers_account_path - end -end diff --git a/app/controllers/jobseekers/registrations_controller.rb b/app/controllers/jobseekers/registrations_controller.rb index 123a30e9e0..23b36f4c34 100644 --- a/app/controllers/jobseekers/registrations_controller.rb +++ b/app/controllers/jobseekers/registrations_controller.rb @@ -25,17 +25,6 @@ def check_your_email @resource = Jobseeker.find_by(id: session[:jobseeker_id]) end - def resend_instructions - if session[:jobseeker_id].blank? - redirect_to new_jobseeker_confirmation_path - else - @resource = Jobseeker.find(session[:jobseeker_id]) - @resource.send_confirmation_instructions - flash[:success] = t("jobseekers.registrations.check_your_email.resent_email_confirmation") - render :check_your_email - end - end - protected def check_password_difference @@ -81,8 +70,8 @@ def after_inactive_sign_up_path_for(resource) jobseekers_check_your_email_path end - def after_update_path_for(resource) - resource.pending_reconfirmation? && !password_update? ? jobseekers_check_your_email_path : jobseekers_account_path + def after_update_path_for(_resource) + jobseekers_account_path end def close_account_feedback_form_params diff --git a/app/helpers/notify_views_helper.rb b/app/helpers/notify_views_helper.rb index 6209201c6b..bc79d0238f 100644 --- a/app/helpers/notify_views_helper.rb +++ b/app/helpers/notify_views_helper.rb @@ -12,11 +12,6 @@ def choose_organisation_link(token) notify_link(url) end - def email_confirmation_url(token) - url = jobseeker_confirmation_url(confirmation_token: token, **utm_params) - notify_link(url) - end - def expired_vacancy_feedback_link(vacancy) url = new_organisation_job_expired_feedback_url(vacancy.signed_id) notify_link(url, I18n.t("publishers.expired_vacancy_feedback_prompt_mailer.feedback_link_text")) diff --git a/app/mailers/jobseekers/devise_emails.rb b/app/mailers/jobseekers/devise_emails.rb index 53b65ecba5..1c8864e1f6 100644 --- a/app/mailers/jobseekers/devise_emails.rb +++ b/app/mailers/jobseekers/devise_emails.rb @@ -1,26 +1,4 @@ module Jobseekers::DeviseEmails - def confirmation_instructions(record, token, _opts = {}) - to = subject = nil - - if !record.confirmed? && record.confirmation_sent_at < 12.hours.ago - to = record.unconfirmed_email - subject = t(".reminder.subject") - @confirmation_type = ".reminder" - elsif record.pending_reconfirmation? - to = record.unconfirmed_email - subject = t(".reconfirmation.subject") - @confirmation_type = ".reconfirmation" - end - - send_email( - jobseeker: record, - subject: subject, - template: template, - to: to, - token: token, - ) - end - def email_changed(record, _opts = {}) send_email( jobseeker: record, @@ -52,11 +30,6 @@ def send_email(template:, jobseeker:, token: nil, to: nil, subject: nil) end def dfe_analytics_custom_data - case action_name - when "confirmation_instructions" - @jobseeker.pending_reconfirmation? ? { previous_email_identifier: DfE::Analytics.anonymise(@jobseeker.email) } : {} - else - {} - end + {} end end diff --git a/app/models/jobseeker.rb b/app/models/jobseeker.rb index 3865b5c4a1..74133934c4 100644 --- a/app/models/jobseeker.rb +++ b/app/models/jobseeker.rb @@ -2,7 +2,6 @@ class Jobseeker < ApplicationRecord has_encrypted :last_sign_in_ip, :current_sign_in_ip devise(*%I[ - confirmable database_authenticatable registerable timeoutable @@ -30,10 +29,6 @@ def account_closed? !!account_closed_on end - def needs_email_confirmation? - !confirmed? || unconfirmed_email.present? - end - def self.create_from_govuk_one_login(email:, govuk_one_login_id:) return unless email.present? && govuk_one_login_id.present? diff --git a/app/views/jobseekers/account_mailer/confirmation_instructions.text.erb b/app/views/jobseekers/account_mailer/confirmation_instructions.text.erb deleted file mode 100644 index f761237f58..0000000000 --- a/app/views/jobseekers/account_mailer/confirmation_instructions.text.erb +++ /dev/null @@ -1,13 +0,0 @@ -# <%= t(".heading") %> - -<%= t(".intro") %> - -<%= t(".body") %> - -<%= email_confirmation_url(@token) %> - ---- - -# <%= t(".not_requested.heading") %> - -<%= t(".not_requested.body") %> diff --git a/app/views/jobseekers/confirmations/_new_hidden_email.html.slim b/app/views/jobseekers/confirmations/_new_hidden_email.html.slim deleted file mode 100644 index f0e2e01c07..0000000000 --- a/app/views/jobseekers/confirmations/_new_hidden_email.html.slim +++ /dev/null @@ -1,11 +0,0 @@ -- content_for :page_title_prefix, t(".title") - -.govuk-grid-row - .govuk-grid-column-two-thirds - h1.govuk-heading-xl = t(".title") - p.govuk-body = t(".description", email: resource.email) - - = form_for resource, url: jobseeker_confirmation_path, method: :post do |f| - = f.hidden_field :email - - = f.govuk_submit t("buttons.resend_email"), class: "govuk-!-margin-bottom-0" diff --git a/app/views/jobseekers/confirmations/_new_with_email.html.slim b/app/views/jobseekers/confirmations/_new_with_email.html.slim deleted file mode 100644 index cb794b0e61..0000000000 --- a/app/views/jobseekers/confirmations/_new_with_email.html.slim +++ /dev/null @@ -1,11 +0,0 @@ -- content_for :page_title_prefix, t(".title") - -.govuk-grid-row - .govuk-grid-column-two-thirds - h1.govuk-heading-xl = t(".title") - p.govuk-body = t(".description") - - = form_for resource, url: jobseeker_confirmation_path, method: :post do |f| - = f.govuk_error_summary - = f.govuk_email_field :email, label: { size: "s" }, width: "two-thirds", required: true - = f.govuk_submit t("buttons.resend_email"), class: "govuk-!-margin-bottom-0" diff --git a/app/views/jobseekers/confirmations/already_confirmed.html.slim b/app/views/jobseekers/confirmations/already_confirmed.html.slim deleted file mode 100644 index 42d7bcd71d..0000000000 --- a/app/views/jobseekers/confirmations/already_confirmed.html.slim +++ /dev/null @@ -1,8 +0,0 @@ -- content_for :page_title_prefix, t(".title") - -.govuk-grid-row - .govuk-grid-column-two-thirds - h1.govuk-heading-xl = t(".title") - - p.govuk-body = t(".description") - p.govuk-body You can #{govuk_link_to("return to the homepage", "/")} to use the service. diff --git a/app/views/jobseekers/confirmations/new.html.slim b/app/views/jobseekers/confirmations/new.html.slim deleted file mode 100644 index 30b786bd30..0000000000 --- a/app/views/jobseekers/confirmations/new.html.slim +++ /dev/null @@ -1,4 +0,0 @@ -- if resource&.email.present? - = render "new_hidden_email" -- else - = render "new_with_email" diff --git a/app/views/jobseekers/confirmations/show.html.slim b/app/views/jobseekers/confirmations/show.html.slim deleted file mode 100644 index e49c551d12..0000000000 --- a/app/views/jobseekers/confirmations/show.html.slim +++ /dev/null @@ -1,7 +0,0 @@ -- content_for :page_title_prefix, t(".title") - -.govuk-grid-row - .govuk-grid-column-two-thirds - h1.govuk-heading-xl = t(".title") - - = govuk_button_to t(".confirm"), jobseekers_confirm_email_address_path, params: { confirmation_token: params[:confirmation_token] } diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml index 157d259d41..895d94a1a3 100644 --- a/config/locales/devise.en.yml +++ b/config/locales/devise.en.yml @@ -39,8 +39,6 @@ en: already_signed_out: Signed out successfully. errors: messages: - already_confirmed: was already confirmed, please try signing in - confirmation_period_expired: needs to be confirmed within %{period}, please request a new one expired: has expired, please request a new one not_found: not found not_saved: diff --git a/config/locales/jobseekers.yml b/config/locales/jobseekers.yml index 81b4541e7a..99071a2d67 100644 --- a/config/locales/jobseekers.yml +++ b/config/locales/jobseekers.yml @@ -63,19 +63,6 @@ en: account_survey: survey_link_text: Give feedback survey_text: Take our quick survey about your experience of using Teaching Vacancies - confirmations: - already_confirmed: - description: Your email address has already been confirmed. - title: Email already confirmed - new_with_email: - description: We need to email another link so you can activate your account. - title: Resend confirmation - new_hidden_email: - description: We need to email another link to %{email} so you can activate your account. - title: Link has expired - show: - confirm: Confirm - title: Confirm your email address employments: break: Gap in work history current_role: Is this your current role? @@ -567,7 +554,6 @@ en: resend_link: resend the email restart_link: provide another email address title: Check your email - resent_email_confirmation: Email has been resent confirm_destroy: feedback_title: Tell us why you are closing your account page_title: Close account diff --git a/config/routes.rb b/config/routes.rb index c83bc2ea08..7e3c994cc2 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -57,7 +57,6 @@ draw :legacy_redirects devise_for :jobseekers, controllers: { - confirmations: "jobseekers/confirmations", registrations: "jobseekers/registrations", sessions: "jobseekers/sessions", }, path_names: { @@ -77,7 +76,6 @@ get :check_your_email, to: "registrations#check_your_email", as: :check_your_email get :confirm_destroy, to: "registrations#confirm_destroy", as: :confirm_destroy_account get :resend_instructions, to: "registrations#resend_instructions", as: :resend_instructions - post :confirm_email_address, to: "confirmations#show" end resources :job_applications, only: %i[index show destroy] do @@ -178,7 +176,6 @@ resources :subscriptions, only: %i[index] resource :account, only: %i[show] do member do - get :confirmation get :account_found get :account_not_found end diff --git a/spec/controllers/jobseekers/sessions_controller_spec.rb b/spec/controllers/jobseekers/sessions_controller_spec.rb index a954bcd4dd..6b63cb09cd 100644 --- a/spec/controllers/jobseekers/sessions_controller_spec.rb +++ b/spec/controllers/jobseekers/sessions_controller_spec.rb @@ -10,9 +10,6 @@ before do # Required to test Devise controller independently of routing @request.env["devise.mapping"] = Devise.mappings[:jobseeker] - - jobseeker.confirm - session.merge!(unrelated_session_contents) end diff --git a/spec/mailers/jobseekers/account_mailer_spec.rb b/spec/mailers/jobseekers/account_mailer_spec.rb index 12e1e3c068..9ac15ac8ae 100644 --- a/spec/mailers/jobseekers/account_mailer_spec.rb +++ b/spec/mailers/jobseekers/account_mailer_spec.rb @@ -31,44 +31,6 @@ end end - describe "#confirmation_instructions" do - let(:mail) { described_class.confirmation_instructions(jobseeker, token) } - let(:notify_template) { NOTIFY_PRODUCTION_TEMPLATE } - - context "when the jobseeker is not pending reconfirmation" do - before { jobseeker.confirm } - - it "sends a `jobseeker_confirmation_instructions` email" do - expect(mail.subject).to eq(I18n.t("jobseekers.account_mailer.confirmation_instructions.subject")) - expect(mail.to).to eq([email]) - expect(mail.body.encoded).to include(I18n.t("jobseekers.account_mailer.confirmation_instructions.body")) - .and include(jobseeker_confirmation_path(confirmation_token: token)) - end - - it "triggers a `jobseeker_confirmation_instructions` email event" do - mail.deliver_now - expect(:jobseeker_confirmation_instructions).to have_been_enqueued_as_analytics_events - end - end - - context "when the jobseeker is being reminded to confirm" do - let(:email_address) { Faker::Internet.email(domain: TEST_EMAIL_DOMAIN) } - let(:jobseeker) { create(:jobseeker, email: email_address, confirmation_token: token, unconfirmed_email: email_address, confirmed_at: nil, confirmation_sent_at: 18.hours.ago) } - - it "sends a `jobseeker_confirmation_instructions` email" do - expect(mail.subject).to eq(I18n.t("jobseekers.account_mailer.confirmation_instructions.reminder.subject")) - expect(mail.to).to eq([email_address]) - expect(mail.body.encoded).to include(I18n.t("jobseekers.account_mailer.confirmation_instructions.body")) - .and include(jobseeker_confirmation_path(confirmation_token: token)) - end - - it "triggers a `jobseeker_confirmation_instructions` email event" do - mail.deliver_now - expect(:jobseeker_confirmation_instructions).to have_been_enqueued_as_analytics_events - end - end - end - describe "#email_changed" do let(:mail) { described_class.email_changed(jobseeker) } let(:notify_template) { NOTIFY_PRODUCTION_TEMPLATE } diff --git a/spec/models/jobseeker_spec.rb b/spec/models/jobseeker_spec.rb index e5bd288600..1be33d35a1 100644 --- a/spec/models/jobseeker_spec.rb +++ b/spec/models/jobseeker_spec.rb @@ -12,43 +12,10 @@ it "updates the email address of every subscription associated with their previous email address" do expect { jobseeker.update!(email: new_email_address) - jobseeker.confirm }.to change { subscription.reload.email }.to(new_email_address) end end - describe "#needs_email_confirmation?" do - subject(:jobseeker) { build_stubbed(:jobseeker) } - - context "when the user is confirmed" do - before { jobseeker.confirmed_at = Time.current } - - context "when the user does not have a new unconfirmed email address" do - before { jobseeker.unconfirmed_email = nil } - it { is_expected.not_to be_needs_email_confirmation } - end - - context "when the user has a new unconfirmed email address" do - before { jobseeker.unconfirmed_email = "foobar@example.com" } - it { is_expected.to be_needs_email_confirmation } - end - end - - context "when the user is not confirmed" do - before { jobseeker.confirmed_at = nil } - - context "when the user does not have a new unconfirmed email address" do - before { jobseeker.unconfirmed_email = nil } - it { is_expected.to be_needs_email_confirmation } - end - - context "when the user has a new unconfirmed email address" do - before { jobseeker.unconfirmed_email = "foobar@example.com" } - it { is_expected.to be_needs_email_confirmation } - end - end - end - describe ".create_from_govuk_one_login" do let(:email) { "notarealuser121342@gmail.com" } let(:govuk_one_login_id) { "urn:fdc:gov.uk:2022:VtcZjnU4Sif2oyJZola3OkN0e3Jeku1cIMN38rFlhU4" } diff --git a/spec/system/jobseekers/jobseekers_can_change_password_spec.rb b/spec/system/jobseekers/jobseekers_can_change_password_spec.rb index c2ed77c697..e4ffee6f32 100644 --- a/spec/system/jobseekers/jobseekers_can_change_password_spec.rb +++ b/spec/system/jobseekers/jobseekers_can_change_password_spec.rb @@ -22,21 +22,4 @@ expect(page).to have_content I18n.t("devise.passwords.updated") expect(current_path).to eq(jobseekers_account_path) end - - context "when email is not pending reconfirmation" do - before { jobseeker.confirm } - - it "changes the password and redirects to the account details page" do - click_on I18n.t("buttons.update_password") - - expect(page).to have_content("There is a problem") - - fill_in "jobseeker[current_password]", with: "password1234" - fill_in "jobseeker[password]", with: "4321newpass" - click_on I18n.t("buttons.update_password") - - expect(page).to have_content I18n.t("devise.passwords.updated") - expect(current_path).to eq(jobseekers_account_path) - end - end end