#3353: handle multiple login.gov accounts with same email address [DK]

[dave-kennedy-ecs]

Ticket

Resolves #3353

Changes

• During OIDC login, if login.gov account contains a username which does not match an existing user, but the email matches an existing user, update the username of the existing user and match on email.
• Fixtures modified so that fixture users which match by email are updated with the existing user's username.

Context for reviewers

Still in draft mode until fixtures is modified

Setup

The setup requires either:

1. the ability to setup and destroy login.gov accounts
2. the ability to access registrar database
   I found (2) above was much easier to do to test this. The process I used to test was as follows:

Log in to registrar as your existing user. Then log out.
Access the database. Query the registrar_user table for the email address you used to log in. Note the username. Then update the username for this user to some bogus username.
Log in again to the registrar with the same email address you used before.
Access the database again. Query the registrar_user for the email address you used to log in. Note the username. It should now be the original username (from login.gov)

There are lots of ways to do the above. For reference, I logged in as '[email protected]'. Then logged out.
I accessed database using sqltools extension in visual studio code. I viewed all records in the table. Then updated my user:
update registrar_user set username='fake_username' where email='[email protected]';
I then logged in again. And I viewed all records in the registrar_user table, verifying the username.

Code Review Verification Steps

As the original developer, I have

Satisfied acceptance criteria and met development standards

• Met the acceptance criteria, or will meet them in a subsequent PR
• Created/modified automated tests
• Update documentation in READMEs and/or onboarding guide

Ensured code standards are met (Original Developer)

• If any updated dependencies on Pipfile, also update dependencies in requirements.txt.
• Interactions with external systems are wrapped in try/except
• Error handling exists for unusual or missing values

Validated user-facing changes (if applicable)

• Tag @dotgov-designers in this PR's Reviewers for design review. If code is not user-facing, delete design reviewer checklist
• Verify new pages have been added to .pa11yci file so that they will be tested with our automated accessibility testing
• Checked keyboard navigability
• Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)

As a code reviewer, I have

Reviewed, tested, and left feedback about the changes

• Pulled this branch locally and tested it
• Verified code meets all checks above. Address any checks that are not satisfied
• Reviewed this code and left comments. Indicate if comments must be addressed before code is merged
• Checked that all code is adequately covered by tests
• Verify migrations are valid and do not conflict with existing migrations

Validated user-facing changes as a developer

Note: Multiple code reviewers can share the checklists above, a second reviewer should not make a duplicate checklist. All checks should be checked before approving, even those labeled N/A.

• New pages have been added to .pa11yci file so that they will be tested with our automated accessibility testing
• Checked keyboard navigability
• Meets all designs and user flows provided by design/product
• Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)
• (Rarely needed) Tested as both an analyst and applicant user

As a designer reviewer, I have

Verified that the changes match the design intention

• Checked that the design translated visually
• Checked behavior. Comment any found issues or broken flows.
• Checked different states (empty, one, some, error)
• Checked for landmarks, page heading structure, and links

Validated user-facing changes as a designer

• Checked keyboard navigability
• Tested general usability, landmarks, page header structure, and links with a screen reader (such as Voiceover or ANDI)
• Tested with multiple browsers (check off which ones were used)
  • Chrome
  • Microsoft Edge
  • FireFox
  • Safari
• (Rarely needed) Tested as both an analyst and applicant user

References

• Code review best practices

Screenshots

[github-actions]

🥳 Successfully deployed to developer sandbox dk.

[github-actions]

🥳 Successfully deployed to developer sandbox dk.

[github-actions]

🥳 Successfully deployed to developer sandbox dk.