Skip to content

Switch mailers to SES #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
24c02 merged 12 commits into from
Dec 4, 2025
Merged

Switch mailers to SES #72

24c02 merged 12 commits into from
Dec 4, 2025

Conversation

@24c02
Copy link
Member

@24c02 24c02 commented Dec 4, 2025

loops delenda est......
until zach decides it's loops again

@24c02 24c02 merged commit 87bb6d4 into main Dec 4, 2025
3 checks passed
sentry[bot]
sentry bot reviewed Dec 4, 2025
View reviewed changes
app/controllers/step_up_controller.rb
Comment on lines 109 to 115

def send_step_up_email_code
login_code = current_identity.v2_login_codes.create!
IdentityMailer.step_up_code(current_identity, login_code).deliver_later
IdentityMailer.v2_login_code(current_identity, login_code).deliver_later
end

# Prevent open redirect attacks - only allow internal paths
Copy link

@sentry sentry bot Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The IdentityMailer.v2_login_code call in step_up_controller.rb passes two arguments, but the mailer method now expects only one.
Severity: CRITICAL | Confidence: High

🔍 Detailed Analysis

The IdentityMailer.v2_login_code method is called with two arguments (current_identity, login_code) in step_up_controller.rb's send_step_up_email_code method. However, the updated mailer method now expects only one argument (login_code). This mismatch will cause an ArgumentError: wrong number of arguments (given 2, expected 1) when users attempt to use email-based verification in the step-up authentication flow, leading to a critical application crash.

💡 Suggested Fix

Update the call to IdentityMailer.v2_login_code in step_up_controller.rb to pass only the login_code argument. The identity can be accessed via login_code.identity within the mailer.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: app/controllers/step_up_controller.rb#L109-L115

Potential issue: The `IdentityMailer.v2_login_code` method is called with two arguments
(`current_identity`, `login_code`) in `step_up_controller.rb`'s
`send_step_up_email_code` method. However, the updated mailer method now expects only
one argument (`login_code`). This mismatch will cause an `ArgumentError: wrong number of
arguments (given 2, expected 1)` when users attempt to use email-based verification in
the step-up authentication flow, leading to a critical application crash.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 5637289

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sentry sentry[bot] sentry[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@24c02