mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-23 03:44:38 -05:00
7b3751240c
We signal that we're mid-way through the sign-in flow by adding a `user_details` dict to the session. previously, we'd only put a user's details in the session in `User.sign_in`, just before sending any 2fa prompt and redirecting to the two factor pages. However, we found a bug where a user with no session (eg, using a fresh browser) tried to log in, but they had never clicked the link to validate their email address when registering. Their user's state was still in "pending", so we redirected to `main.resend_email_verification` as intended - however, they didn't have anything in the session and the resend page expected to get the email address to resend to out of that. To be safe, as soon as we've confirmed the user has entered their password correctly, lets save the session data at that point. That way any redirects will be fine.