Fix missing reactivation prompt for password reset with prior cancell…

…ed profile (#6439)

* Fix missing reactivation prompt for password reset with prior cancelled profile

**Why**: So that a user who resets their password with an active profile always has the chance to reactivate the profile.

changelog: Bug Fix, Password Reset, Allow user to reactivate profile after password reset if they had cancelled a previous proofing attempt

* Add timestamps for password reset profile factory

To match how it works in the real-world, and to avoid being skipped for updated logic in UserDecorator#password_reset_profile

* Use profile factory traits consistently

Consistency, convenience, assurance that behavior of a "password reset" profile is accurate (with timestamps)

app/decorators/user_decorator.rb

@@ -73,7 +73,7 @@ def active_profile_newer_than_pending_profile?
   # This user's most recently activated profile that has also been deactivated
   # due to a password reset, or nil if there is no such profile
   def password_reset_profile
-    profile = user.profiles.order(activated_at: :desc).first
+    profile = user.profiles.where.not(activated_at: nil).order(activated_at: :desc).first
     profile if profile&.password_reset?
   end
 

spec/controllers/idv_controller_spec.rb

@@ -38,7 +38,7 @@
     end
 
     it 'redirects to account recovery if user has a password reset profile' do
-      profile = create(:profile, deactivation_reason: :password_reset)
+      profile = create(:profile, :password_reset)
       stub_sign_in(profile.user)
       allow(subject.reactivate_account_session).to receive(:started?).and_return(true)
 

spec/controllers/reactivate_account_controller_spec.rb

@@ -14,7 +14,7 @@
 
   describe '#index' do
     context 'with a password reset profile' do
-      let(:profiles) { [create(:profile, deactivation_reason: :password_reset)] }
+      let(:profiles) { [create(:profile, :password_reset)] }
 
       it 'renders the index template' do
         get :index
@@ -34,7 +34,7 @@
   end
 
   describe '#update' do
-    let(:profiles) { [create(:profile, deactivation_reason: :password_reset)] }
+    let(:profiles) { [create(:profile, :password_reset)] }
 
     it 'redirects user to idv_url' do
       put :update

spec/controllers/users/verify_password_controller_spec.rb

@@ -21,7 +21,7 @@
   end
 
   context 'with password reset profile' do
-    let(:profiles) { [create(:profile, deactivation_reason: :password_reset)] }
+    let(:profiles) { [create(:profile, :password_reset)] }
     let(:response_ok) { FormResponse.new(success: true, errors: {}, extra: { personal_key: key }) }
     let(:response_bad) { FormResponse.new(success: false, errors: {}) }
     let(:key) { 'key' }

spec/controllers/users/verify_personal_key_controller_spec.rb

@@ -22,7 +22,7 @@
     end
 
     context 'with password reset profile' do
-      let!(:profiles) { [create(:profile, user: user, deactivation_reason: :password_reset)] }
+      let!(:profiles) { [create(:profile, :password_reset, user: user)] }
 
       it 'renders the `new` template' do
         get :new
@@ -46,7 +46,7 @@
     end
 
     context 'with throttle reached' do
-      let!(:profiles) { [create(:profile, user: user, deactivation_reason: :password_reset)] }
+      let!(:profiles) { [create(:profile, :password_reset, user: user)] }
 
       before do
         Throttle.new(throttle_type: :verify_personal_key, user: user).increment_to_throttled!
@@ -74,8 +74,9 @@
       [
         create(
           :profile,
-          user: user, deactivation_reason: :password_reset,
-          pii: { ssn: '123456789' }
+          :password_reset,
+          user: user,
+          pii: { ssn: '123456789' },
         ),
       ]
     }

spec/decorators/user_decorator_spec.rb

@@ -295,6 +295,14 @@
         before { active_profile.deactivate(:password_reset) }
 
         it { expect(decorated_user.password_reset_profile).to eq(active_profile) }
+
+        context 'with a previously-cancelled pending profile' do
+          before do
+            user.profiles << build(:profile, :verification_cancelled)
+          end
+
+          it { expect(decorated_user.password_reset_profile).to eq(active_profile) }
+        end
       end
     end
   end

spec/factories/profiles.rb

@@ -16,9 +16,15 @@
     end
 
     trait :password_reset do
+      activated_at { Time.zone.now }
+      verified_at { Time.zone.now }
       deactivation_reason { :password_reset }
     end
 
+    trait :verification_cancelled do
+      deactivation_reason { :verification_cancelled }
+    end
+
     trait :with_liveness do
       proofing_components { { liveness_check: 'vendor' } }
     end

spec/forms/verify_password_form_spec.rb

@@ -7,7 +7,7 @@
         password = 'cab123DZN456'
         user = create(:user, password: password)
         pii = { ssn: '111111111' }
-        create(:profile, user: user, deactivation_reason: :password_reset, pii: pii)
+        create(:profile, :password_reset, user: user, pii: pii)
 
         form = VerifyPasswordForm.new(
           user: user, password: password,
@@ -25,7 +25,7 @@
         password = 'cab123DZN456'
         user = create(:user, password: password)
         pii = { ssn: '111111111' }
-        create(:profile, user: user, deactivation_reason: :password_reset, pii: pii)
+        create(:profile, :password_reset, user: user, pii: pii)
 
         form = VerifyPasswordForm.new(
           user: user, password: "#{password}a",

spec/helpers/application_helper_spec.rb

@@ -95,7 +95,7 @@
               create(
                 :profile,
                 :verified,
-                deactivation_reason: :password_reset,
+                :password_reset,
               ),
             ],
           )
@@ -115,7 +115,7 @@
                 :profile,
                 :active,
                 :verified,
-                deactivation_reason: :password_reset,
+                :password_reset,
                 proofing_components: {
                   liveness_check: DocAuthRouter.doc_auth_vendor,
                   address_check: :lexis_nexis_address,

spec/models/user_spec.rb

@@ -377,13 +377,13 @@
         user = User.new
         _old_profile = create(
           :profile,
-          deactivation_reason: :verification_pending,
+          :verification_pending,
           created_at: 1.day.ago,
           user: user,
         )
         new_profile = create(
           :profile,
-          deactivation_reason: :verification_pending,
+          :verification_pending,
           user: user,
         )
 
@@ -396,7 +396,7 @@
         user = User.new
         create(
           :profile,
-          deactivation_reason: :password_reset,
+          :password_reset,
           created_at: 1.day.ago,
           user: user,
         )