Conversation
changelog: User-Facing Improvements, Doc Auth, Allow user select IPP if available from handoff page.
n1zyy
left a comment
n1zyy
left a comment
There was a problem hiding this comment.
I haven't run this code, but wanted to make sure to take a look at the PR since you had asked about it.
Most of our IPP code isn't actually using Idv::InPersonConfig (because we didn't know about it when we were first starting out), but it's something we want to start using, so I think your use of it is good. The wrinkle is that it doesn't currently take into account the opt-in feature flag, when I think it should. That feature flag will go away after we have it running in the "permanent" condition for a while, but not immediately.
| idv_session.flow_path == 'hybrid' | ||
| # Only allow direct access to document capture if IPP available | ||
| return false unless IdentityConfig.store.in_person_doc_auth_button_enabled && | ||
| Idv::InPersonConfig.enabled_for_issuer?(decorated_sp_session.sp_issuer) |
There was a problem hiding this comment.
For posterity (you're the one that shared this, just want to note it here as well): that first line is due to https://gsa-tts.slack.com/archives/C5QUGUANN/p1689380596444809?thread_ts=1689376275.536679&cid=C5QUGUANN — it's a rarely-used shutoff valve.
We have not been using Idv::InPersonConfig, but arguably should be. The only issue with it right now is that it doesn't take into account the in_person_proofing_opt_in_enabled feature flag. Long-term that's going away and it'll just always be on. (Right now, in_person_proofing_enabled controls IPP globally, including as a fallback to remote proofing, while in_person_proofing_opt_in_enabled only controls whether we offer IPP up front.) I think we may want to add that conditional for now. It might sense to add it right on the enabled? method in InPersonConfig.
There was a problem hiding this comment.
I chatted with @JackRyan1989 a bit about this, and filed LG-12768 for us to update our code to use Idv::InPersonConfig.enabled_for_issuer?. Don't hold off until we do it, though, just noting it for your awareness.
There was a problem hiding this comment.
@n1zyy , i used this condition based on like in the frontend
Here I did not add in_person_proofing_opt_in_enabled because regardless of the how to verify opt-in screen enabled or not, the handoff page ipp option is not affected, only affected by system wide feature and sp option.
There was a problem hiding this comment.
@n1zyy is there existing documentation about IdentityConfig.store.in_person_doc_auth_button_enabled and Idv::InPersonConfig? I want to make sure this information is accessible outside of this github conversation.
There was a problem hiding this comment.
@eileen-nava I don't think there is (yet). :( For want of a better solution, I left comments here as little breadcrumbs. I'm still not quite sure what the best way to capture this information is. Do you have a better sense than I do of where we could capture this knowledge?
There was a problem hiding this comment.
@n1zyy Since the knowledge that needs to be documented is Team Joy domain, I will leave the decision up to you of where to document it.
| case params[:step] | ||
| when 'hybrid_handoff' | ||
| @previous_step_url = idv_hybrid_handoff_path | ||
| else | ||
| @previous_step_url = nil | ||
| end |
There was a problem hiding this comment.
This is an unimportant nit (or maybe just personal preference), but if there's only one case (other than the else), I'd personally be inclined to make this a simple conditional:
| case params[:step] | |
| when 'hybrid_handoff' | |
| @previous_step_url = idv_hybrid_handoff_path | |
| else | |
| @previous_step_url = nil | |
| end | |
| if params[:step] == 'hybrid_handoff' | |
| @previous_step_url = idv_hybrid_handoff_path | |
| else | |
| @previous_step_url = nil | |
| end |
There was a problem hiding this comment.
@n1zyy, agree, did this based on possibility that if we think top down, basically from opt-in page and handoff page we can go directly to document capture page, hence can use similar logic.
Indeed it seems extra in current stage.
| // If the user got here by opting-in to in-person proofing, when skipDocAuth === true, | ||
| // then set steps to inPersonSteps | ||
| const steps: FormStep[] = skipDocAuth ? inPersonSteps : defaultSteps; | ||
| const steps: FormStep[] = skipDocAuth || skipDocAuthFromHandoff ? inPersonSteps : defaultSteps; |
There was a problem hiding this comment.
I've gradually become a fan of trying to rewrite anything I have to stop and think about for a minute, not so much because I'm intellectually lazy, but because I feel like those are the places where bugs can hide.
How would you feel about adding (technically unnecessary) parenthesis to this line to make explicit the order of operations? I think this assignment could be read as either:
(skipDocAuth || skipDocAuthFromHandoff) ? inPersonSteps : defaultSteps;or
skipDocAuth || (skipDocAuthFromHandoff ? inPersonSteps : defaultSteps);I'm pretty sure I know which one is correct, but I think we could make it so obvious that it's immediately obvious to everyone.
There was a problem hiding this comment.
@n1zyy funny if I use (skipDocAuth || skipDocAuthFromHandoff) ? inPersonSteps : defaultSteps;, the prettier formatter seems automatically removed the parentheses.
I changed to the following, since the condition used at other locations too.
const isInPersonStepEnabled = skipDocAuth || skipDocAuthFromHandoff;
const steps: FormStep[] = isInPersonStepEnabled ? inPersonSteps : defaultSteps;
| return false if params[:step].blank? || params[:action].to_s != 'show' || | ||
| idv_session.flow_path == 'hybrid' | ||
| # Only allow direct access to document capture if IPP available | ||
| return false unless IdentityConfig.store.in_person_doc_auth_button_enabled && |
| else | ||
| @previous_step_url = nil | ||
| end | ||
| # allow |
There was a problem hiding this comment.
Helpful comment, I didn't wrap my head around this at first.
| idv_session.service_provider&.in_person_proofing_enabled | ||
| idv_session.skip_doc_auth == false | ||
| idv_session.skip_doc_auth == false || | ||
| idv_session.skip_doc_auth_from_handoff == true |
There was a problem hiding this comment.
My understanding is that idv_session.skip_doc_auth == false represents the scenario where the user did not select IPP on the IPP opt-in page. My understanding is also that idv_session.skip_doc_auth_from_handoff == true represents the scenario where the user did not select IPP on the hybrid handoff page.
Based on the above understanding, I get why self.selected_remote returns true for idv_session.skip_doc_auth == false || idv_session.skip_doc_auth_from_handoff == true. I also think it's confusing to have the same outcome for idv_session.skip_doc_auth == false and idv_session.skip_doc_auth_from_handoff == true. Would it be possible to change the logic to make this clearer?
(Also, let me know if my understanding is off.)
There was a problem hiding this comment.
@eileen-nava , your understanding is correct, I extract the new part out of this existing part.
eileen-nava
left a comment
eileen-nava
left a comment
There was a problem hiding this comment.
I can look at this more tomorrow - I think I am still finding the variables
skip_doc_auth and skip_doc_auth_from_handoff confusing. They're named similarly but seem to have each other's logic flipped.
| @upload_disabled = idv_session.selfie_check_required && | ||
| !idv_session.desktop_selfie_test_mode_enabled? | ||
|
|
||
| @direct_ipp_with_selfie_enabled = IdentityConfig.store.in_person_doc_auth_button_enabled && |
| ) | ||
|
|
||
| # reset if we visit or come back | ||
| idv_session.skip_doc_auth_from_handoff = nil |
There was a problem hiding this comment.
I'm checking my own understanding: why do we need to reset skip_doc_auth_from_handoff to nil if the user returns to this page? Is it to enable a user to select IPP on the hybrid handoff page (skip_doc_auth_from_handoff = true), navigate forward, change their mind, then navigate backward and select remote proofing (skip_doc_auth_from_handoff = false)?
There was a problem hiding this comment.
@eileen-nava , yes you are correct, it's kind of non-reentrant ticket, once you exit the venue, you have to get a ticket again.
kind of, my original thought is to unify these two under one flag, but that will involve large scope and multiple teams. So right now these are like two entrances to IPP doc capture, you can only enter from one entrance, if you choose one, then for sure you are not from the other one. No wave–particle duality here. |
| !idv_session.desktop_selfie_test_mode_enabled? | ||
|
|
||
| @direct_ipp_with_selfie_enabled = IdentityConfig.store.in_person_doc_auth_button_enabled && | ||
| Idv::InPersonConfig.enabled_for_issuer?( |
There was a problem hiding this comment.
I may very much be wrong here so please poke back- vacation brain.
I am wondering if in_person_doc_auth_button_enabled can be replaced by the already existing in_person_proofing_enabled flag? If you follow the flow through- if you fail remote and this flag is set to false- you will only be asked to retry remote- you will not have the option to move into IPP. If the flag is set to true (and you fail remote)- you will have the option to retry remote or start IPP. It seems like when we want the same logic here. Is there a situation in which the flags could be different? Or wondering if we want that extra control- should we also be evaluating the in_person_proofing_enabled flag here? Again, sorry if I am thinking about this all wrong but maybe good to think about more.
There was a problem hiding this comment.
@gina-yamada , that in_person_proofing_enabled flag is already considered in Idv::InPersonConfig.enabled_for_issuer?.
There was a problem hiding this comment.
This raises the question should we push in_person_doc_auth_button_enabled down there too?
There was a problem hiding this comment.
@dawei-nava looks like we maybe don't want to since that is a global configuration value independent of the service provider? See link
In thinking about these variables, I'm wondering if it makes sense to say something about where you are skipping from, and where you are skipping to in the name? Implicit in the @JackRyan1989 , basically right and it's really Or |
|
@kellular, could you take a look at the contents when having time? |
eileen-nava
left a comment
eileen-nava
left a comment
There was a problem hiding this comment.
I'm approving this PR. Since it is such a big PR, and since it affects both Timnit and Joy domain, I do think the PR needs to get a second approval before we merge it.
| !idv_session.desktop_selfie_test_mode_enabled? | ||
|
|
||
| @direct_ipp_with_selfie_enabled = IdentityConfig.store.in_person_doc_auth_button_enabled && | ||
| Idv::InPersonConfig.enabled_for_issuer?( |
There was a problem hiding this comment.
@dawei-nava looks like we maybe don't want to since that is a global configuration value independent of the service provider? See link
| @@ -9,5 +9,6 @@ | |||
| acuant_version: acuant_version, | |||
| opted_in_to_in_person_proofing: opted_in_to_in_person_proofing, | |||
| skip_doc_auth: skip_doc_auth, | |||
There was a problem hiding this comment.
@n1zyy I vote for opening a ticket to rename skip_doc_auth to skip_doc_auth_from_opt_in, what do you think?
There was a problem hiding this comment.
@n1zyy and @JackRyan1989 ... I also strongly vote to renameskip_doc_auth ... i think renaming skip_doc_auth to be more inline with what is trying to be accomplished would be alot more helpful to folks across appDev teams to understand what is happening.
When reviewing this PR, I was confused and really had to dig around in the code to understand the goal of skip_doc_auth. Could the rename more so reflect the goal with something like ie: ipp_requested or opted_in_to_ipp?
is there a ticket open that I can follow? Thanks 🙏🏿
There was a problem hiding this comment.
@amirbey hot off the presses: https://cm-jira.usa.gov/browse/LG-13006
|
|
||
| before_action :confirm_not_rate_limited, except: [:update] | ||
| before_action :confirm_step_allowed | ||
| before_action :confirm_step_allowed, unless: -> { allow_direct_ipp? } |
There was a problem hiding this comment.
this does not enforce that welcome and agreement pages were completed if IPP is enabled? 🤔
perhaps we should make this less lax?
There was a problem hiding this comment.
@amirbey, good suggestions, i was thinking add checking the referer, but this sounds better. Added check and tests.
| return false unless idv_session.welcome_visited == true && | ||
| idv_session.idv_consent_given == true |
There was a problem hiding this comment.
| return false unless idv_session.welcome_visited == true && | |
| idv_session.idv_consent_given == true | |
| return false unless idv_session.welcome_visited && | |
| idv_session.idv_consent_given |
| self.selected_remote(idv_session: idv_session) | ||
| (self.selected_remote(idv_session: idv_session) || # from opt-in screen | ||
| # back from ipp doc capture screen | ||
| idv_session.skip_doc_auth_from_handoff == true) |
There was a problem hiding this comment.
| idv_session.skip_doc_auth_from_handoff == true) | |
| idv_session.skip_doc_auth_from_handoff) |
amirbey
left a comment
amirbey
left a comment
There was a problem hiding this comment.
A few minor comments ... LGTM 👍🏿
7 participants
🎫 Ticket
Link to the relevant ticket:
LG-12631
Previous PR with wrong branch name: #10260
🛠 Summary of changes
IPP options on hybrid handoff page when IPP is available. User can select IPP and start document capture from handoff page on desktop.
A new
skip_doc_auth_from_handoffflag is added for idv_session, simlar toskip_doc_authwhich works with the optin page.Test cases for configuration items combination:
📜 Testing Plan
Provide a checklist of steps to confirm the changes.
Scenario 1:
Scenario 2:
Please refer the test cases spreadsheet, it may not be realistic to test all combinations in staging environment.
👀 Screenshots
If relevant, include a screenshot or screen capture of the changes.
Details
After:
IPP available and selfie required
IPP available and NO selfie required
IPP NOT available and Selfie required
IPP NOT available and NO Selfie required