Skip to content

LG-12577 Allow active profile to sign in to non-biometric SP#10211

Merged
theabrad merged 11 commits intomainfrom
abrad-lg-12577-non-biometric-sp
Mar 15, 2024
Merged

LG-12577 Allow active profile to sign in to non-biometric SP#10211
theabrad merged 11 commits intomainfrom
abrad-lg-12577-non-biometric-sp

Conversation

@theabrad
Copy link
Copy Markdown
Contributor

@theabrad theabrad commented Mar 7, 2024

🎫 Ticket

LG-12577

🛠 Summary of changes

If a user has an active non-biometric profile and a pending biometric profile, when they sign into a SP that does not require biometrics they will be not be redirected to the SP with their non-biometric attributes.

📜 Testing Plan

Provide a checklist of steps to confirm the changes.

  • Go through proofing without a biometric requirement. Finish the whole flow
  • Go through proofing with a biometric requirement. Select verify by mail flow. Do not enter GPO code yet.
  • Go through proofing again without a biometric requirement
  • Verify you are redirected back to the SP with your non-biometric attributes.

theabrad added 4 commits March 5, 2024 14:39
@theabrad
user has active profile and non biometric request will not redirect
2b289cc
@theabrad
add user#active_legacy_profile
a9691ea 
user#active_legacy_profile checks for active profiles that do not have
the biometric selfie requirement
@theabrad
add changelog
067afe2 
changelog: Internal, IdV biometrics, allow active user to sign into non biometric sp
@theabrad
fix tests and logic
571f5fe
@theabrad theabrad requested a review from a team March 7, 2024 16:55
matthinz
matthinz suggested changes Mar 7, 2024
View reviewed changes
spec/models/user_spec.rb Outdated
describe '#active_legacy_profile' do
it 'returns the active_legacy_profile' do
user = create(:user, :fully_registered)
profile1 = create(:profile, :active, :verified, user: user, idv_level: :legacy_unsupervised)
Copy link
Copy Markdown
Contributor

@matthinz matthinz Mar 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we get a version of this test that does the same check for in_person and legacy_in_person just so we have the other possible values for idv_level covered

theabrad and others added 5 commits March 8, 2024 12:13
@theabrad
add check for verified attributes in test
ecbb827
@theabrad @solipet
created PendingProfilePolicy
a9fec7e 
PendingProfilePolicy is a class used to determine if a user has a legacy
or biometric pending profile and if the service provider requests
biometrics or not

Co-authored-by: Doug Price <douglas.price@gsa.gov>
@theabrad
remove user#active_legacy_profile
a38c598
@theabrad
use PendingProfilePolicy in oidc authorize controller
aec27ef
@theabrad
Merge branch 'main' of github.com:18F/identity-idp into abrad-lg-1257…
26c0505 
…7-non-biometric-sp
aduth
aduth reviewed Mar 13, 2024
View reviewed changes
app/controllers/openid_connect/authorization_controller.rb Outdated
)
end

def user_has_useable_pending_profile?
Copy link
Copy Markdown
Contributor

@aduth aduth Mar 13, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL "useable" can be considered a valid spelling, but from this resource it seems without the "e" is more common in American English:

https://capitalizemytitle.com/usable-vs-useable/#Useable_or_Usable_What%E2%80%99s_the_Correct_Spelling

Suggested change
def user_has_useable_pending_profile?
def user_has_usable_pending_profile?

Copy link
Copy Markdown
Contributor Author

@theabrad theabrad Mar 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://capitalizemytitle.com/usable-vs-useable/#Useable_or_Usable_What%E2%80%99s_the_Correct_Spelling

"The addition of the “e” in “useable” is considered more common in British English and Europe. "

Oi bruv I was just using the Bri'ish spelling innit. I'll rename it.

matthinz
matthinz approved these changes Mar 14, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@matthinz matthinz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you!

I am wondering if eventually we can remove VerifyProfileConcern or move user_has_usable_pending_profile? in there, but that can wait for now.

@theabrad
Copy link
Copy Markdown
Contributor Author

theabrad commented Mar 14, 2024

LGTM, thank you!

I am wondering if eventually we can remove VerifyProfileConcern or move user_has_usable_pending_profile? in there, but that can wait for now.

We could probably move that method into the VerifyProfileConcern. I'll look into it while I work on the SAML implementation.

@theabrad theabrad merged commit b7f2534 into main Mar 15, 2024
@theabrad theabrad deleted the abrad-lg-12577-non-biometric-sp branch March 15, 2024 17:34
@matthinz matthinz mentioned this pull request Mar 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@aduth aduth aduth left review comments

@matthinz matthinz matthinz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@theabrad @matthinz @aduth