Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[LUPEYALPHA-1109] Bug: Clear the employee-email slug on form failure so it is not bypassed #3253

Merged
merged 5 commits into from
Oct 4, 2024
Merged

[LUPEYALPHA-1109] Bug: Clear the employee-email slug on form failure so it is not bypassed #3253

merged 5 commits into from
Oct 4, 2024

Conversation

vacabor
Copy link
Contributor

@vacabor vacabor commented Oct 1, 2024

This is an edge case but if the user:

  • Fills in a claim up until employee email
  • Submits a blank employee email (causing a validation error)
  • Clicks the back button to change the employee's contract type
  • Selects any eligible value
  • They were taken to the "check your answers" screen instead of to "employee email" as the email slug was considered already visited

Fixes the underlying cause of #3247.

@vacabor vacabor added bug Something isn't working deploy Deploy a review app for this PR labels Oct 1, 2024
@vacabor vacabor requested a review from kenfodder October 1, 2024 15:47
@vacabor vacabor self-assigned this Oct 1, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 1, 2024

Deployments

Journey URL
Additional Payments https://claim-additional-payments-for-teaching-review-3253-web.test.teacherservices.cloud/additional-payments/claim
Student Loans https://claim-additional-payments-for-teaching-review-3253-web.test.teacherservices.cloud/student-loans/claim
Further Education https://claim-additional-payments-for-teaching-review-3253-web.test.teacherservices.cloud/further-education-payments/landing-page
Early Years Payment https://claim-additional-payments-for-teaching-review-3253-web.test.teacherservices.cloud/early-years-payment/landing-page
Relocation Payments https://claim-additional-payments-for-teaching-review-3253-web.test.teacherservices.cloud/get-a-teacher-relocation-payment/landing-page
Admin https://claim-additional-payments-for-teaching-review-3253-web.test.teacherservices.cloud/admin

@vacabor vacabor mentioned this pull request Oct 2, 2024
Closed
asmega
asmega approved these changes Oct 2, 2024
View reviewed changes
Copy link
Contributor

@asmega asmega left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

obviously outside the scope of this PR but think this whole mechanism needs an overhaul

  • session[:slugs] should go
  • these arbitrary controller callbacks
  • the way we navigate forwards/backwards in journeys

think it would really help prevent quirks like this and make life easier

alkesh
alkesh reviewed Oct 2, 2024
View reviewed changes
app/controllers/claims_form_callbacks.rb
def employee_email_after_form_save_failure
session[:slugs].delete("employee-email")
render_template_for_current_slug
end
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we not just missing a validation somewhere?
If the practitioner_email_address is blank, than the claim should not be valid, and the ClaimSubmissionForm should not be valid.
I can't see how to add this validation to just the EY Authenticated journey - so actually, this callback may be the best solution.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Either way, I think this needs a feature spec in spec/features/early_years_payment/provider/authenticated

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alkesh it's true that the claim is considered submittable at this point; @kenfodder and I discussed this and the project has been taking the approach of removing validations from the Claim/ClaimSubmissionForm in favour of callbacks like this, but I agree it doesn't feel quite right - @asmega is correct in that the whole mechanism has flaws. I suspect there is a bigger issue where this bug is likely present whenever the second to last page (the last page before a dead-end/results slug) is submitted as invalid as the mechanism will mark that slug as completed regardless of whether it actually saved.

we also discussed whether adding a spec would provide any value and decided against it, but I'm happy to add one to cover the session manipulation behaviour.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍🏽 happy with it as it is for now.
My worry about a lack of feature spec, is when we refactor, we re-introduce this bug.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added a feature spec to cover this 🙂

@vacabor vacabor merged commit 235a5aa into master Oct 4, 2024
14 checks passed
@vacabor vacabor deleted the LUPEYALPHA-1109-fix-bypassable-slug-for-employee-email branch October 4, 2024 09:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asmega asmega asmega approved these changes

@alkesh alkesh alkesh approved these changes

@kenfodder kenfodder Awaiting requested review from kenfodder

Assignees

@vacabor vacabor

Labels
bug Something isn't working deploy Deploy a review app for this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vacabor @alkesh @asmega