OAuth: Fix age validation edge case #18912
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I believe this will fix this Honeybadger error.
This happens for both Google Classroom and Clever.
We have two validations for user age: One to see if it's present, another to see if it's in the list of accepted age values.
code-dot-org/dashboard/app/models/user.rb
Lines 407 to 412 in 84bba2a
In #15882 @joshlory correctly set us up to bypass the first age validation for Google Classroom since a birthdate is not guaranteed to be provided via OAuth. In #16632 he did the same for Clever. The second validation still runs, but when an age isn't provided it passes as well.
However, there is an edge case we didn't account for: If a birthdate is provided, but the user is less than four years old, we skip the first validation and fail the second. I verified this with a new set of user model tests in this PR:
I think a reasonable behavior in this case is to act as if a birthdate wasn't provided at all, so the user will be prompted to provide an age when they log in.