For some forms, we want to limit the form submissions to a single submission per NRIC. (Eg, each unique voter can only cast 1 vote)
Closes FRM-1756
Solution
Implement single limit per nric flow.
Storybook test:
toggle works
error messages for auth settings and payments settings reflects correctly
...and more
Unit tests:
test submitterId are hashed when saved
ensure backend validation works, also as a security practice
...and more
Breaking Changes
No - this PR is backwards compatible
Before & After Screenshots
Subject
Before
After
single submission per submitterId toggle
block user from seeing form if already submitted
NA
modal popup if user has accessed form and submitting twice from 2 diff browser, firefox/chrome or incognito/private mode
NA
toast error if user uses browser which share same cookie
NA
Tests
TC1: single submission per nric toggle is disabled/locked when payments is connected
[ ] create a new storage mode form
[ ] connect payments on settings page
[ ] check that the singpass settings isSingleSubmission toggle is off and disabled and the reason is correctly displayed in the info box below.
TC2: payments cannot be connected when single submission per nric toggle is enabled, error message changes when both email notifications + single submission for storage mode
[ ] create a new storage mode form
[ ] toggle on isSingleSubmission toggle on singpass settings page
[ ] go to payments settings, check that connect to stripe button is disabled and error message reflects correct reason.
[ ] go to email notif settings, add an email
[ ] go to payments settings again, check still disabled and error message reflects correct reason
[ ] turn off isSingleSubmission toggle
[ ] go to payments settings again, check still disabled and error message reflects correct reason
[ ] remove email notification emails
[ ] go to payments settings again, check now enabled and no more error message
TC3: same nric can submit multiple times when isSingleSubmission is toggled off, does not affect other nric, same nric cannot submit once isSingleSubmission is toggled on (Remembers past submitterIds even before toggle is turned on).
[ ] create a new storage mode form, open the form to responses, enable singpass auth to any
[ ] respond to the form multiple times with the same singpass login credentials. the system should accept multiple form submissions from same singpass cred.
[ ] go back to form and enable isSingleSubmission toggle.
[ ] try and respond using the same singpass account as previously. we should not be able to login to the form and will be stuck at the 'sign in with singpass' page, with an error box stating that duplicate nric submissions are not allowed.
[ ] use another singpass credential to login and submit the form, it should be allowed.
[ ] repeat the previous steps with email mode form.
TC4: if isSingleSubmission is toggled on from the start, same nric can only submit once.
[ ] create a storage mode form, choose any singpass auth setting and toggle on isSingleSubmission.
[ ] open the form to public and submit the form with singpass.
[ ] complete the form and click submit another response button at the end. it should redirect back to log in with singpass with no error box anywhere.
[ ] log in with the same singpass credentials in previous steps. it should block from entering the form with an error box saying no duplicate submission for given singpass cred.
[ ] repeat with email mode form.
TC5: if isSingleSubmission is toggled on from the start, different nric can submit
[ ] create a storage mode form, choose any singpass auth setting and toggle on isSingleSubmission.
[ ] open the form to public and submit the form with singpass.
[ ] complete the form and click submit another response button at the end. it should redirect back to log in with singpass with no error box anywhere.
[ ] log in with another singpass credentials from what is used in previous steps. it should allow submission of the form.
[ ] repeat with email mode form.
TC6: same nric cannot submit despite both logging in and having race condition, same browser
[ ] create a storage mode form, choose any singpass auth setting and toggle on isSingleSubmission, open form to public.
[ ] open respondent form link on 2 separate tabs
[ ] log in with singpass on first tab
[ ] log in with singpass on 2nd tab
[ ] both forms should now be logged in and enter the respondent form fields page to fill up form.
[ ] try to submit both forms.
[ ] 1st submission should be successful with no error
[ ] 2nd submission should have a toast message stating that something has failed (this is due to missing the cookie from forced log out)
[ ] repeat for email mode form
TC7: same nric cannot submit despite both logging in and having race condition, different browser
[ ] create a storage mode form, choose any singpass auth setting and toggle on isSingleSubmission, open form to public.
[ ] open respondent form link on 2 separate browsers (eg, 1 chrome and 1 firefox)
[ ] log in with singpass on first browser
[ ] log in with singpass on 2nd browser
[ ] both forms should now be logged in and enter the respondent form fields page to fill up form.
[ ] try to submit both forms.
[ ] 1st submission should be successful with no error
[ ] 2nd submission should have a pop up modal saying only one submission nric/fin per nric fin.
[ ] close the modal (click x or background)
[ ] try and submit the 2nd submission again. the same modal should pop up.
[ ] when the modal pops up, click on return to singpass login page action button on the modal. should be redirected to the login with singpass page with no error messages shown anywhere.
[ ] try and login with the same singpass account, it should block entrance and display an error box saying no duplicate submission per nric.
[ ] repeat for email mode form
TC8: when admin turns on isSingleSubmission while prev submitter is resubmitting form
linear[bot]
commented
2 weeks ago
Problem
For some forms, we want to limit the form submissions to a single submission per NRIC. (Eg, each unique voter can only cast 1 vote)
Closes FRM-1756
Solution
Implement single limit per nric flow.
Storybook test:
Unit tests:
Breaking Changes
Before & After Screenshots
Tests
TC1: single submission per nric toggle is disabled/locked when payments is connected
TC2: payments cannot be connected when single submission per nric toggle is enabled, error message changes when both email notifications + single submission for storage mode
TC3: same nric can submit multiple times when isSingleSubmission is toggled off, does not affect other nric, same nric cannot submit once isSingleSubmission is toggled on (Remembers past submitterIds even before toggle is turned on).
TC4: if isSingleSubmission is toggled on from the start, same nric can only submit once.
TC5: if isSingleSubmission is toggled on from the start, different nric can submit
TC6: same nric cannot submit despite both logging in and having race condition, same browser
TC7: same nric cannot submit despite both logging in and having race condition, different browser
TC8: when admin turns on isSingleSubmission while prev submitter is resubmitting form
TC9: duplicate also retains the isSingleSubmission setting