fix(auth): new device email not sent after verify success

Author: toufali

packages/fxa-auth-server/lib/routes/session.js

@@ -512,6 +512,35 @@ module.exports = function (
           glean.login.verifyCodeConfirmed(request, { uid });
           await signinUtils.cleanupReminders({ verified: true }, account);
           await push.notifyAccountUpdated(uid, devices, 'accountConfirm');
+
+          // Send new device login notification email after successful verification
+          const geoData = request.app.geo;
+          const service = options.service || request.query.service;
+          const emailOptions = {
+            acceptLanguage: request.app.acceptLanguage,
+            ip: request.app.clientAddress,
+            location: geoData.location,
+            service,
+            timeZone: geoData.timeZone,
+            uaBrowser: sessionToken.uaBrowser,
+            uaBrowserVersion: sessionToken.uaBrowserVersion,
+            uaOS: sessionToken.uaOS,
+            uaOSVersion: sessionToken.uaOSVersion,
+            uaDeviceType: sessionToken.uaDeviceType,
+            uid,
+          };
+
+          try {
+            await mailer.sendNewDeviceLoginEmail(
+              account.emails,
+              account,
+              emailOptions
+            );
+          } catch (err) {
+            log.trace('Session.verify_code.sendNewDeviceLoginEmail.error', {
+              error: err,
+            });
+          }
         }
 
         return {};
@@ -794,6 +823,37 @@ module.exports = function (
         const devices = await db.devices(uid);
         await push.notifyAccountUpdated(uid, devices, 'accountConfirm');
 
+        // Send new device login notification email after successful verification
+        if (account.primaryEmail.isVerified) {
+          const geoData = request.app.geo;
+          const service = request.query.service;
+          const emailOptions = {
+            acceptLanguage: request.app.acceptLanguage,
+            ip: request.app.clientAddress,
+            location: geoData.location,
+            service,
+            timeZone: geoData.timeZone,
+            uaBrowser: sessionToken.uaBrowser,
+            uaBrowserVersion: sessionToken.uaBrowserVersion,
+            uaOS: sessionToken.uaOS,
+            uaOSVersion: sessionToken.uaOSVersion,
+            uaDeviceType: sessionToken.uaDeviceType,
+            uid,
+          };
+
+          try {
+            await mailer.sendNewDeviceLoginEmail(
+              account.emails,
+              account,
+              emailOptions
+            );
+          } catch (err) {
+            log.trace('Session.verify_push.sendNewDeviceLoginEmail.error', {
+              error: err,
+            });
+          }
+        }
+
         return {};
       },
     },

packages/fxa-auth-server/test/local/routes/session.js

@@ -1584,6 +1584,7 @@ describe('/session/verify_code', () => {
     assert.equal(args[0], 'account.confirmed');
     assert.equal(args[1].uid, signupCodeAccount.uid);
     sinon.assert.calledOnce(gleanMock.login.verifyCodeConfirmed);
+    assert.calledOnce(mailer.sendNewDeviceLoginEmail);
   });
 
   it('should fail for invalid code', async () => {