One login Account Recovery

[CatalinVoineag]

Context

When going live with one login, a candidate can sign up with a different
email address, not the magic link email address.

For this, we need to allow our candidates to recover their 'old'
account. This commit adds this feature.

We show a banner which the candidate can dismiss or they can click to
recover their old account. They will be asked to input their old email
and a code will be sent to their email. The code is encrypted with
bcrypt.

Changes proposed in this pull request

Account recovery forms
button_to style to look like a link
specs

Guidance to review

Go on QA and try to recover an account. The account that you recover needs to exist in QA DB.

I have created candidates in the QA DB for you to recover. [email protected] Created 3 accounts so you can go +apply up to 3.

Things to check

• If the code removes any existing feature flags, a data migration has also been added to delete the entry from the database
• This code does not rely on migrations in the same Pull Request
• If this code includes a migration adding or changing columns, it also backfills existing records for consistency
• If this code adds a column to the DB, decide whether it needs to be in analytics yml file or analytics blocklist, if included inform data insights team of the changes
• If this code adds a column that may include PII, the sanitise.sql script and 0025-protecting-personal-data-in-production-dump.md ADR have been updated.
• API release notes have been updated if necessary
• If it adds a significant user-facing change, is it documented in the CHANGELOG?
• Attach the PR to the Trello card

[github-actions]

Database-level enum changes detected

Please include a data migration for these attributes and values:

33a34
> <enum> Candidate.account_recovery_status: ["not_started", "recovered", "dismissed"]

[CatalinVoineag]

https://trello.com/c/c04CQ2zt/510-implement-one-login-recovery-with-content?filter=member:catalinvoineag1

[CatalinVoineag]

We don't care about other candidates having the same code because the code is scoped to a specific candidate

apply-for-teacher-training/app/forms/candidate_interface/account_recovery_form.rb

Line 21 in 8f15e68

valid_request_code = current_candidate.account_recovery_request.codes.not_expired.find do |requested_code|

[CatalinVoineag]

Database-level enum changes detected

Please include a data migration for these attributes and values:

33a34
> <enum> Candidate.account_recovery_status: ["not_started", "recovered", "dismissed"]

I think we can ignore this. All the candidates have 'not_started' as their account_recovery_status

[elceebee]

Nice work! A few comments from me before I test on QA.

[elceebee]

Suggested change

	<% content_for :title, page_title %>
	<% content_for :title, title_with_error_prefix(page_title, @account_recovery.errors.any?) %>

If there is a form error, the page title should change to be Error: page_title

[elceebee]

Suggested change

	<% content_for :title, t('page_titles.account_recovery_request') %>
	<% content_for :title, title_with_error_prefix(t('page_titles.account_recovery_request'), @account_recovery_request.errors.any?) %>

[elceebee]

Thanks for addressing all the comments! This looks great. I haven't tested it on QA, but I know Rebecca and Pete have and we'll do more at the bug party on Thursday, so happy for the code to go in!