Merge pull request #19512 from mozilla/FXA-12467

LZoog · web-flow · commit 415f56b7fec9 · 2025-09-29T11:02:04.000-05:00
fix(email): Send signin code for sign in with password unverified session case
diff --git a/packages/fxa-settings/src/pages/Signin/container.tsx b/packages/fxa-settings/src/pages/Signin/container.tsx
@@ -442,7 +442,6 @@ const SigninContainer = ({
         // but we should update 'verified' once we know the real status
         // this will be taken care of in the clean up ticket FXA-12454
         isVerified = await session.isSessionVerified();
-        console.log('HELLO isVerified', isVerified);
         storeAccountData({
           ...accountData,
           verified: isVerified,
diff --git a/packages/fxa-settings/src/pages/Signin/index.test.tsx b/packages/fxa-settings/src/pages/Signin/index.test.tsx
@@ -102,6 +102,7 @@ jest.mock('../../lib/storage-utils', () => ({
 }));
 
 const mockSetData = jest.fn();
+const mockSendVerificationCode = jest.fn();
 jest.mock('../../models', () => {
   return {
     ...jest.requireActual('../../models'),
@@ -110,6 +111,9 @@ jest.mock('../../models', () => {
         setDataType: mockSetData,
       };
     },
+    useSession: () => ({
+      sendVerificationCode: mockSendVerificationCode,
+    }),
   };
 });
 
@@ -446,6 +450,39 @@ describe('Signin component', () => {
             });
           });
 
+          it('calls sendVerificationCode with successful signin, but unverified session', async () => {
+            const beginSigninHandler = jest.fn().mockReturnValueOnce(
+              createBeginSigninResponse({
+                verified: false,
+                verificationReason: undefined,
+              })
+            );
+
+            render({ beginSigninHandler });
+
+            await enterPasswordAndSubmit();
+            await waitFor(() => {
+              expect(mockSendVerificationCode).toHaveBeenCalledTimes(1);
+            });
+          });
+
+          it('does not call sendVerificationCode when reason is signup, on successful signin unverified session', async () => {
+            const beginSigninHandler = jest.fn().mockReturnValueOnce(
+              createBeginSigninResponse({
+                verified: false,
+                verificationReason: VerificationReasons.SIGN_UP,
+              })
+            );
+
+            render({ beginSigninHandler });
+
+            await enterPasswordAndSubmit();
+            await waitFor(() => {
+              expect(navigate).toHaveBeenCalled();
+            });
+            expect(mockSendVerificationCode).not.toHaveBeenCalled();
+          });
+
           it('OAuth forced 2FA without TOTP navigates to /signin_token_code (email OTP first)', async () => {
             const beginSigninHandler = jest.fn().mockReturnValueOnce(
               createBeginSigninResponse({
diff --git a/packages/fxa-settings/src/pages/Signin/index.tsx b/packages/fxa-settings/src/pages/Signin/index.tsx
@@ -24,6 +24,7 @@ import {
   useFtlMsgResolver,
   isWebIntegration,
   isOAuthIntegration,
+  useSession,
 } from '../../models';
 import {
   isClientMonitor,
@@ -38,6 +39,7 @@ import Banner from '../../components/Banner';
 import { SensitiveData } from '../../lib/sensitive-data-client';
 import { BannerLinkProps } from '../../components/Banner/interfaces';
 import CmsButtonWithFallback from '../../components/CmsButtonWithFallback';
+import VerificationReasons from '../../constants/verification-reasons';
 
 export const viewName = 'signin';
 
@@ -68,6 +70,7 @@ const Signin = ({
   const ftlMsgResolver = useFtlMsgResolver();
   const webRedirectCheck = useWebRedirect(integration.data.redirectTo);
   const sensitiveDataClient = useSensitiveDataClient();
+  const session = useSession();
 
   const [localizedBannerError, setLocalizedBannerError] = useState(
     localizedErrorFromLocationState || ''
@@ -227,6 +230,16 @@ const Signin = ({
           setLocalizedBannerError(
             getLocalizedErrorMessage(ftlMsgResolver, navError)
           );
+        } else {
+          // TODO, address signIn.verified vs session.verified discrepancy
+          // currently 'verified' only checks session status, but 'verificationReason'
+          // can tell us if it's a sign up. This will be cleaned up in FXA-12454
+          if (
+            !data.signIn.verified &&
+            data.signIn.verificationReason !== VerificationReasons.SIGN_UP
+          ) {
+            session.sendVerificationCode();
+          }
         }
       }
       if (error) {
@@ -321,6 +334,7 @@ const Signin = ({
       setLocalizedBannerError,
       finishOAuthFlowHandler,
       integration,
+      session,
       location.search,
       webRedirectCheck,
       sensitiveDataClient,
