Skip to content

Don't use stale document capture user ids for effective_user#10293

Merged
matthinz merged 2 commits intomainfrom
matthinz/12793-detect-stale-effective-user
Mar 22, 2024
Merged

Don't use stale document capture user ids for effective_user#10293
matthinz merged 2 commits intomainfrom
matthinz/12793-detect-stale-effective-user

Conversation

@matthinz
Copy link
Contributor

@matthinz matthinz commented Mar 22, 2024

🎫 Ticket

Link to the relevant ticket:
LG-12793

🛠 Summary of changes

If the user deletes their account, it is possible that the user id stored in the session for document capture will not be valid. This results in analytics events being improperly attributed to anonymous-uuid.

@matthinz @solipet
Don't use stale document capture user ids for effective_user
3e8d28f 
If the user deletes their account, it is possible that the user id stored in the session for document capture will not be valid. This results in analytics events being improperly attributed to `anonymous-uuid`.

changelog: Bug Fixes, Identity verification, Fix log attribute issue associated with hybrid handoff.

Co-authored-by: Doug Price <douglas.price@gsa.gov>
@matthinz matthinz requested a review from a team March 22, 2024 18:25
theabrad
theabrad approved these changes Mar 22, 2024
View reviewed changes
Copy link
Contributor

@theabrad theabrad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

zachmargolis
zachmargolis approved these changes Mar 22, 2024
View reviewed changes
@matthinz @zachmargolis
Update spec/controllers/concerns/effective_user_spec.rb
f7ffa19 
Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
@matthinz matthinz merged commit 15fa2dc into main Mar 22, 2024
@matthinz matthinz deleted the matthinz/12793-detect-stale-effective-user branch March 22, 2024 21:41
aduth
aduth reviewed Mar 25, 2024
View reviewed changes
app/controllers/concerns/effective_user.rb
user = User.find_by(id: effective_user_id) if effective_user_id

if user.nil?
session.delete(:doc_capture_user_id)
Copy link
Contributor

@aduth aduth Mar 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find it a little strange we delete this after-the-fact, and as a side-effect of a getter method.

Should we delete this at the time that it becomes invalid? As in your pull request comment: "If the user deletes their account".

Copy link
Contributor Author

@matthinz matthinz Mar 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we considered that at first. But I think keeping it here means that things are slightly less "spread out" and easier to keep track of. Hopefully it will be academic because I am trying to get a ticket to remove effective_user refined and on Team Ada's plate.

@zachmargolis zachmargolis mentioned this pull request Mar 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theabrad theabrad theabrad approved these changes

+2 more reviewers

@aduth aduth aduth left review comments

@zachmargolis zachmargolis zachmargolis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@matthinz @zachmargolis @theabrad @aduth