Story 2436: Mailing List Subscription Post Auth

[herzog0]

Issue: #2436

⚠️ Base branch is teo/2283-mailing-list-modal

Summary & Context

Adds a post-login mailing list subscription modal that appears automatically on the homepage the first (and only) time a user lands there after logging in. The modal pre-fills the user's account email and lets them choose which lists to subscribe to.

• Figma link: https://www.figma.com/design/VhZHw3RudFNMzfPEEYchE9/UI-Kit---Foundations-Delivery?node-id=5247-36931&m=dev
• Link to components/page: localhost:8000/ (logged in, first visit after login)

Changes

• users/signals.py - set request.session["show_ml_post_auth_modal"] in user_logged_in when user hasn't seen the modal yet (User.data["ml_post_auth_seen"] falsy)
• ak/views.py (HomepageView) - pop session flag in get_v3_context_data; mark user as seen immediately; inject modal list context
• mailing_list/views.py - add PostAuthSubscribeView (login required); reuses existing subscription + confirmation-email logic; returns empty HTMX fragment to remove modal from DOM
• mailing_list/urls.py - register /mailing-list/post-auth-subscribe/
• templates/v3/includes/_mailing_list_post_auth_modal.html - new standalone modal partial; auto-opens via Alpine x-init + CSS :target; reuses .mailing-list-modal__* classes for checkboxes/list items
• static/css/v3/mailing-list-card.css - add .ml-post-auth-modal__* classes for email row, body, footer row, and count
• templates/v3/homepage.html - conditionally include the modal when show_ml_post_auth_modal is in context

How the "seen once" logic works

1. User logs in - user_logged_in signal sets request.session["show_ml_post_auth_modal"] = True (only if User.data["ml_post_auth_seen"] is not set)
2. User lands on homepage - HomepageView.get_v3_context_data pops the session key and immediately sets User.data["ml_post_auth_seen"] = True on the User record
3. Template renders the modal; Alpine x-init opens it by setting the URL hash
4. Close/cancel: no backend call needed - the seen flag is already persisted from step 2
5. Subscribe: HTMX POSTs to PostAuthSubscribeView, which creates PENDING subscription records and sends the confirmation email, then returns an empty response that HTMX uses to remove the modal from DOM

Risks & Considerations

• The User.data JSONField is used for the ml_post_auth_seen flag - no migration needed since the field already exists and defaults to {}
• The modal only renders on V3 homepage (waffle v3 flag gate via HomepageView.get_v3_context_data)
• No-JS: modal won't auto-open (Alpine required), but subscription is still accessible via the mailing list card on other pages

Screenshots

Peer-review testing steps

1. Mkae sure the v3 flag is enabled
2. Log out completely
3. Log in - you should be redirected to homepage and the modal should open automatically
4. Subscribe or cancel - modal closes, no reappearance on refresh
5. Log out and log in again - modal should NOT appear (flag set in the user model)
6. For a fresh test (you'll have to log out and log in again):
   • Open a djano shell in a new terminal with docker compose exec web python manage.py shell
   • Run (replace your email):

from users.models import User
user = User.objects.get(email="your@email.com")
user.data.pop("ml_post_auth_seen", None)
user.save()

Self-review Checklist

• Tag at least one team member from each team to review this PR
• Link this PR to the related GitHub Project ticket

Frontend

• UI implementation matches Figma design
• Tested in light and dark mode
• Responsive / mobile verified
• Accessibility checked (keyboard navigation, etc.)
• Ensure design tokens are used for colors, spacing, typography, etc. - No hardcoded values
• Test without JavaScript (if applicable)
• No console errors or warnings

[julioest]

Works as expected on my end ✅

[ycanales]

Works great, approving :)

Should the modal be disimissable with Esc key? I noticed that pattern in other modals with aria-label="Close", it does not work here so maybe that attribute that dialog.js uses to bind the Esc key is missing?