LG-12557: session result success status + portrait match result not requested#10197
LG-12557: session result success status + portrait match result not requested#10197
Conversation
[skip changelog]
…us basedon whether a selfie is required
…TrueIDReponse signature
amirbey
force-pushed
the
amirbey/LG-12557-selfie-status_required
branch
from
8704550 to
8920b82
Compare
amirbey
changed the title
amirbey
changed the title
amirbey
changed the title
amirbey
changed the title
eileen-nava
left a comment
eileen-nava
left a comment
There was a problem hiding this comment.
I didn't have time to do a full review but can look at this more tomorrow, too.
| # return :fail | ||
| def selfie_status | ||
| return :not_processed if selfie_result.nil? | ||
| return :not_processed if selfie_result.nil? || !@liveness_checking_enabled |
| # return :fail | ||
| def selfie_status | ||
| return :not_processed if selfie_result.nil? | ||
| return :not_processed if selfie_result.nil? || !@liveness_checking_enabled |
There was a problem hiding this comment.
Nit: Would you be okay with updating the comment on L106? Something like:
# When selfie result is missing or was not requested, return :not_processed
| user_uuid: an_instance_of(String), | ||
| uuid_prefix: nil, | ||
| liveness_checking_required: true, | ||
| liveness_checking_required: liveness_checking_required, |
| def success_status(selfie_required:) | ||
| # doc_auth_success : including document, attention_with_barcode and id type verification | ||
| !!doc_auth_success && selfie_status != :fail && !!pii | ||
| !!doc_auth_success && (selfie_required ? selfie_status == :success : true) && !!pii |
There was a problem hiding this comment.
What was the motivation for changing selfie_status != :fail to (selfie_required ? selfie_status == :success : true)?
I’d expect selfie_status to equal :not_processed whenever selfie_required equals false, which makes me expect that the previous implementation would still work.
There was a problem hiding this comment.
with the presence of selfie_required argument we now have the ability to be more strict which is a more secure to way to say what is a pass as opposed to allowing anything that is !:fail to be a pass. it also safeguards against the potential for values of selfie_status to expand over time and requires us to be explicit about what passes.
There was a problem hiding this comment.
it also safeguards against the potential for values of selfie_status to expand over time
Since we determine the values of selfie_status ourselves, I don’t think there’s as much of a need to safeguard against the value of selfie_status changing over time. I think that would be a bigger concern if we were determining success based solely on a value that is passed to us from the vendor, like selfie_result.
Both implementations work. I do think the previous implementation is more readable, but YMMV.
There was a problem hiding this comment.
it's a small add but I do understand your readability sentiment 👍🏿
- similar to this scenario where a selfie_status is returned when not requested, what if a selfie_status is not returned when requested
- i think it is safer to be explicit as to what is a pass, as opposed to what is not a fail.
- you'r right, we do determine the value of selfie_status (I say that with the assumption you are speaking about the TrueIDResponse.selfie_status) ... if in a future state a new key option is added to define selfie_status, a developer must remember to redefine what is a fail here
selfie_status != :failor we could run the risk of passing folks through that should not go through
something to consider 🤔 ... An easier and more readable option could be to simply use the :success attribute since it has all of these scenarios baked in and this bug nor the previous bug would be an issue 😐
There was a problem hiding this comment.
I think may be we should create a response subclass for selfie required scenario(not now), where it's unambiguous and can decide success accordingly and from session result perspective it's simple and straight.
There was a problem hiding this comment.
In retrospective and a little bit of topic, the session_result should perform it's designed purpose, store business result, more complex logic should be in service layer(seems what the api_image_upload_form does). The api_image_upload_form does input validation and is what a form should do. It also does some result validation(pii info using another form, yes it's handy to use form for validation in Rails), which sounds a little bit off.
Since we introduce selfie related function, it feels like we are bubbling up some of the logic here, not specific in this PR, but previous ones also.
There was a problem hiding this comment.
(I’m not sure the status of this work because I was out yesterday and the jira ticket is in the review column, but I figured I should still respond.)
As discussed in past meetings, I will defer to the rest of the team about using the success attribute. I get the argument that you’d rather be explicit about what is a pass, as opposed to what is not a fail. I think my concern is similar to what Zach posted, that this seems like an unexpected place to pass a param.
| end | ||
|
|
||
| def success_status | ||
| def success_status(selfie_required:) |
There was a problem hiding this comment.
this seems like a really unexpected place to pass a param, sepecially since this method is aliased as :success? as well, does that mean we need to update every callsite to pass the param? or add a default value?
is there any way we can pass the selfie_required bit as part of the data that is stored inside this struct so the callees don't have to pass this in?
| redo_document_capture_pending? | ||
| :accepted | ||
| elsif !session_result.success? | ||
| elsif !session_result.success?(selfie_required: decorated_sp_session.selfie_required?) |
There was a problem hiding this comment.
This makes me think the session result should reflect all business logic?
|
|
||
| result = handle_stored_result | ||
| analytics.idv_doc_auth_document_capture_submitted(**result.to_h.merge(analytics_arguments)) | ||
| form_response = handle_stored_result |
|
closed in favor of #10193 |
4 participants
🎫 Ticket
LG-12557
🛠 Summary of changes
📜 Testing Plan