Fix bug in credential email route with missing credential email

[bosawt]

Summary

• This PR fixes a bug in the credential email route that occurs when a user's UserVerification does not have a UserCredentialEmail

What areas of the site does it impact?

Interstitial Authentication

[joeniquette]

@bosawt to test this would I login with a dslogon account that doesnt have either an idme or login.gov account attached to it? I would expect there to be no email present? Or is this it just that the dslogon or mhv account should have no contact email but also have an idme or login.gov verified account?

[bosawt]

@bosawt to test this would I login with a dslogon account that doesnt have either an idme or login.gov account attached to it? I would expect there to be no email present? Or is this it just that the dslogon or mhv account should have no contact email but also have an idme or login.gov verified account?

I left out the testing instructions because you have to set things up locally in a kind of contrived way. Basically you should always have an email on your account regardless of what you sign in as, it will be like this for all test accounts. If you really want to test, you have to:

• log in with id.me, discover your idme uuid
• on a rails console, run UserVerification.find_by(idme_uuid: your_idme_uuid).user_credential_email.destroy to get rid of the user credential email on the user verification
• Since you can't naturally get the interstitial to pop up (you'd have to log in with MHV which you can't do locally), put the backend route in the browser: localhost:3000/v0/user/credential_emails, if you don't get an error and get an empty response, then it's a success

[emilykim13]

I tested via rails console, lgtm

Testing a user without user_verifications: (line 24 was successfully skipped)

user_account = (some user with no user_verification)
...
vets-api(dev)*   emails = user_account.user_verifications.each_with_object({}) do |verification, credentials|
vets-api(dev)*     next unless verification.user_credential_email
vets-api(dev)* 
vets-api(dev)*     credentials[verification.credential_type.to_sym] = verification.user_credential_email.credential_email
vets-api(dev)>   end
=> {}

Then I tested to make sure the opposite condition provides the credential emails:

vets-api(dev)> UserAccount.left_joins(:user_verifications).group('user_accounts.id').having('COUNT(user_verifications.id) = 2')

vets-api(dev)> ua2 = UserAccount.find("29bf2f0d-61d3-46e4-a0db-331b45c1d069")

vets-api(dev)* emails = ua2.user_verifications.each_with_object({}) do |verification, credentials|
vets-api(dev)*     next unless verification.user_credential_email
vets-api(dev)*     credentials[verification.credential_type.to_sym] = verification.user_credential_email.credential_email
vets-api(dev)>   end

2025-01-08 10:59:19.339716 D [22468:11700 log_subscriber.rb:164] Rails --   Decrypt Data Key (0.0ms)  Context: {:model_name=>"UserCredentialEmail", :model_id=>6}
=> {:idme=>"vets.gov.user+1@gmail.com", :logingov=>"vets.gov.user+1@gmail.com"}

[rileyanderson]

Kind of a nitpick but I think it would be a bit cleaner if we select the user_verifications we want first instead of looping through them

verifications = current_user.user_account.user_verifications.select { |v| v.user_credential_email }

emails = verifications.to_h { |v|  [v.credential_type, v.user_credential_email.credential_email] }

[bosawt]

or for that matter I suppose we could do user_verifications.where.not(user_credential_email: nil), and just do it with the query