Skip to content

LG-12283 handle missing PII in session#10103

Merged
jmax-gsa merged 9 commits intomainfrom
jmax/LG-12283-handle-missing-pii-in-session
Feb 21, 2024
Merged

LG-12283 handle missing PII in session#10103
jmax-gsa merged 9 commits intomainfrom
jmax/LG-12283-handle-missing-pii-in-session

Conversation

@jmax-gsa
Copy link
Contributor

@jmax-gsa jmax-gsa commented Feb 16, 2024

🎫 Ticket

LG-12283

🛠 Summary of changes

Added code to PersonalKeyController#show to catch a situation where we very occasionally have no PII available in the session when we are about to try to encrypt PII from the session.

In this case, we redirect to the code for a missing or bad personal key, which prompts the user for their password and retrieves the PII. We also arrange to return here afterward.

📜 Testing Plan

Provide a checklist of steps to confirm the changes.

  • Add a call to binding.pry at the top of PersonalKeyController#show
  • Start the server, create a user, and proceed through IdV until you hit the pry (this will be after you enter your password to encrypt your PII, and just before the app is about to render the personal key page).
  • Clear the PII out of the session and continue execution with the commands:
idv_session.personal_key = nil
user_session[:encrypted_profiles] = nil
continue
  • Verify that you are prompted to re-enter your password again.
  • After re-entering your password, you will hit the pry again. This time, leave the PII in the session and continue:
continue
  • Verify that you are on the personal key page.
  • Continue, and verify that IdV completes successfully

👀 Screenshots

If relevant, include a screenshot or screen capture of the changes.

Re-entering your password:

Screenshot 2024-02-15 at 9 35 27 PM

Personal key page:

Screenshot 2024-02-15 at 9 38 08 PM

@jmax-gsa jmax-gsa requested review from a team and matthinz February 16, 2024 02:56
@jmax-gsa
Refactoring
e234426 
Extracted `redirect_to_retrieve_pii`

changelog: Bug Fixes,Personal Key Creation,Handle a rare error gracefully
@jmax-gsa jmax-gsa force-pushed the jmax/LG-12283-handle-missing-pii-in-session branch from a5af0ff to e234426 Compare February 16, 2024 02:58
matthinz
matthinz reviewed Feb 16, 2024
View reviewed changes
Copy link
Contributor

@matthinz matthinz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tested this and it works as described! Nice! Just the one comment about analytics.

@jmax-gsa jmax-gsa requested a review from a team February 16, 2024 17:28
@jmax-gsa jmax-gsa merged commit a69be97 into main Feb 21, 2024
@jmax-gsa jmax-gsa deleted the jmax/LG-12283-handle-missing-pii-in-session branch February 21, 2024 16:04
@jmhooper jmhooper mentioned this pull request Feb 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@matthinz matthinz matthinz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jmax-gsa @matthinz