From c17446b5397d9e249227c974333351a1a15175c7 Mon Sep 17 00:00:00 2001 From: Matt Hinz Date: Thu, 30 May 2024 09:29:29 -0700 Subject: [PATCH 1/6] Move log_irs_threatmetrix_fraud_check_event to VerifyInfoConcern Couple changes: 1. Move log_irs_threatmetrix_fraud_check_event to VerifyInfoConcern 2. Move the logging out of `add_proofing_costs`, which we are trying to move out of VerifyInfoConcern [skip changelog] --- .../concerns/idv/verify_info_concern.rb | 33 ++++++++++++++++--- .../idv/steps/threat_metrix_step_helper.rb | 17 ---------- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/app/controllers/concerns/idv/verify_info_concern.rb b/app/controllers/concerns/idv/verify_info_concern.rb index f1770be8e92..f3338d5ae6f 100644 --- a/app/controllers/concerns/idv/verify_info_concern.rb +++ b/app/controllers/concerns/idv/verify_info_concern.rb @@ -171,6 +171,9 @@ def process_async_state(current_async_state) def async_state_done(current_async_state) add_proofing_costs(current_async_state.result) + + log_irs_threatmetrix_fraud_check_event(current_async_state.result) + form_response = idv_result_to_form_response( result: current_async_state.result, state: pii[:state], @@ -297,6 +300,26 @@ def log_idv_verification_submitted_event(success: false) ) end + def log_irs_threatmetrix_fraud_check_event(result) + return unless FeatureManagement.proofing_device_profiling_collecting_enabled? + + threatmetrix_result = result.dig(:context, :stages, :threatmetrix) + return unless threatmetrix_result + + success = threatmetrix_result[:review_status] == 'pass' + + if !success + FraudReviewRequest.create( + user: current_user, + login_session_id: Digest::SHA1.hexdigest(current_user.unique_session_id.to_s), + ) + end + + irs_attempts_api_tracker.idv_tmx_fraud_check( + success: success, + ) + end + def move_applicant_to_idv_session idv_session.applicant = pii idv_session.applicant[:ssn] = idv_session.ssn @@ -319,10 +342,12 @@ def add_proofing_costs(results) add_cost(:aamva, transaction_id: hash[:transaction_id]) track_aamva elsif stage == :threatmetrix - # transaction_id comes from request_id - tmx_id = hash[:transaction_id] - log_irs_tmx_fraud_check_event(hash, current_user) if tmx_id - add_cost(:threatmetrix, transaction_id: tmx_id) if tmx_id + if hash[:transaction_id] + add_cost( + :threatmetrix, + transaction_id: hash[:transaction_id], + ) + end end end end diff --git a/app/services/idv/steps/threat_metrix_step_helper.rb b/app/services/idv/steps/threat_metrix_step_helper.rb index 95c719ab2d8..cb4bbab8eea 100644 --- a/app/services/idv/steps/threat_metrix_step_helper.rb +++ b/app/services/idv/steps/threat_metrix_step_helper.rb @@ -48,23 +48,6 @@ def threatmetrix_iframe_url(session_id) session_id: session_id, ) end - - def log_irs_tmx_fraud_check_event(result, user) - return unless FeatureManagement.proofing_device_profiling_collecting_enabled? - - success = result[:review_status] == 'pass' - - unless success - FraudReviewRequest.create( - user: user, - login_session_id: Digest::SHA1.hexdigest(user.unique_session_id.to_s), - ) - end - - irs_attempts_api_tracker.idv_tmx_fraud_check( - success: success, - ) - end end end end From 6310feaebd088e9f5bc4f601d650eb91563abff2 Mon Sep 17 00:00:00 2001 From: Matt Hinz Date: Fri, 31 May 2024 09:56:24 -0700 Subject: [PATCH 2/6] Restore comment about source of transaction_id --- app/controllers/concerns/idv/verify_info_concern.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/concerns/idv/verify_info_concern.rb b/app/controllers/concerns/idv/verify_info_concern.rb index f3338d5ae6f..04513c05942 100644 --- a/app/controllers/concerns/idv/verify_info_concern.rb +++ b/app/controllers/concerns/idv/verify_info_concern.rb @@ -342,6 +342,7 @@ def add_proofing_costs(results) add_cost(:aamva, transaction_id: hash[:transaction_id]) track_aamva elsif stage == :threatmetrix + # transaction_id comes from request_id if hash[:transaction_id] add_cost( :threatmetrix, From c514e6bad2526141554f5d6aa98941cbbda3115c Mon Sep 17 00:00:00 2001 From: Matt Hinz Date: Fri, 31 May 2024 10:01:55 -0700 Subject: [PATCH 3/6] Split log_irs_threatmetrix_fraud_check_event into two methods This method does two separate things: 1. Create a FraudReviewRequest that is used to track a user's fraud review 2. Sends an event to the attempts api So this commit splits it in two. --- .../concerns/idv/verify_info_concern.rb | 27 ++++++++++++------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/app/controllers/concerns/idv/verify_info_concern.rb b/app/controllers/concerns/idv/verify_info_concern.rb index 04513c05942..6811df6af9f 100644 --- a/app/controllers/concerns/idv/verify_info_concern.rb +++ b/app/controllers/concerns/idv/verify_info_concern.rb @@ -172,7 +172,9 @@ def process_async_state(current_async_state) def async_state_done(current_async_state) add_proofing_costs(current_async_state.result) - log_irs_threatmetrix_fraud_check_event(current_async_state.result) + create_fraud_review_request_if_needed(current_async_state.result) + + track_attempts_api_fraud_check_event_if_needed(current_async_state.result) form_response = idv_result_to_form_response( result: current_async_state.result, @@ -300,20 +302,27 @@ def log_idv_verification_submitted_event(success: false) ) end - def log_irs_threatmetrix_fraud_check_event(result) + def create_fraud_review_request_if_needed(result) return unless FeatureManagement.proofing_device_profiling_collecting_enabled? threatmetrix_result = result.dig(:context, :stages, :threatmetrix) return unless threatmetrix_result - success = threatmetrix_result[:review_status] == 'pass' + return if threatmetrix_result[:review_status] == 'pass' - if !success - FraudReviewRequest.create( - user: current_user, - login_session_id: Digest::SHA1.hexdigest(current_user.unique_session_id.to_s), - ) - end + FraudReviewRequest.create( + user: current_user, + login_session_id: Digest::SHA1.hexdigest(current_user.unique_session_id.to_s), + ) + end + + def track_attempts_api_fraud_check_event_if_needed(result) + return unless FeatureManagement.proofing_device_profiling_collecting_enabled? + + threatmetrix_result = result.dig(:context, :stages, :threatmetrix) + return unless threatmetrix_result + + success = threatmetrix_result[:review_status] == 'pass' irs_attempts_api_tracker.idv_tmx_fraud_check( success: success, From 5363c0383203e267615fe83faa61e74de1de3222 Mon Sep 17 00:00:00 2001 From: Matt Hinz Date: Thu, 30 May 2024 15:14:30 -0700 Subject: [PATCH 4/6] Remove unused AAMVA DocAuthLog tracking This state_tracking_enabled flag was never turned on in prod, and as a result this entire method is not used. [skip changelog] --- app/controllers/concerns/idv/verify_info_concern.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/app/controllers/concerns/idv/verify_info_concern.rb b/app/controllers/concerns/idv/verify_info_concern.rb index 6811df6af9f..3bbb468f91b 100644 --- a/app/controllers/concerns/idv/verify_info_concern.rb +++ b/app/controllers/concerns/idv/verify_info_concern.rb @@ -349,7 +349,6 @@ def add_proofing_costs(results) next if hash[:vendor_name] == 'UnsupportedJurisdiction' # transaction_id comes from TransactionLocatorId add_cost(:aamva, transaction_id: hash[:transaction_id]) - track_aamva elsif stage == :threatmetrix # transaction_id comes from request_id if hash[:transaction_id] @@ -362,14 +361,6 @@ def add_proofing_costs(results) end end - def track_aamva - return unless IdentityConfig.store.state_tracking_enabled - doc_auth_log = DocAuthLog.find_by(user_id: current_user.id) - return unless doc_auth_log - doc_auth_log.aamva = true - doc_auth_log.save! - end - def add_cost(token, transaction_id: nil) Db::SpCost::AddSpCost.call(current_sp, token, transaction_id: transaction_id) end From 67d8a834b0756cfca331b3a0f5d6a781064eabee Mon Sep 17 00:00:00 2001 From: Matt Hinz Date: Fri, 31 May 2024 15:15:25 -0700 Subject: [PATCH 5/6] Add `aamva` to ignored_columns for DocAuthLog We aren't using this column and will want to drop it someday. --- app/models/doc_auth_log.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/models/doc_auth_log.rb b/app/models/doc_auth_log.rb index 498147064e9..468f95a4705 100644 --- a/app/models/doc_auth_log.rb +++ b/app/models/doc_auth_log.rb @@ -11,6 +11,7 @@ class DocAuthLog < ApplicationRecord # rubocop:disable Rails/UnusedIgnoredColumns self.ignored_columns = [ + :aamva, :email_sent_view_at, :email_sent_view_count, :send_link_view_at, From 7b00a30b5f606c61067718310e4688104a7ec339 Mon Sep 17 00:00:00 2001 From: Matt Hinz Date: Fri, 31 May 2024 15:20:15 -0700 Subject: [PATCH 6/6] Remove references to DocAuthLog.aamva in specs --- spec/features/idv/doc_auth/verify_info_step_spec.rb | 4 ---- spec/features/idv/end_to_end_idv_spec.rb | 1 - 2 files changed, 5 deletions(-) diff --git a/spec/features/idv/doc_auth/verify_info_step_spec.rb b/spec/features/idv/doc_auth/verify_info_step_spec.rb index 1a8fd3cf682..fa4c295f89e 100644 --- a/spec/features/idv/doc_auth/verify_info_step_spec.rb +++ b/spec/features/idv/doc_auth/verify_info_step_spec.rb @@ -299,8 +299,6 @@ complete_ssn_step complete_verify_step - - expect(DocAuthLog.find_by(user_id: user.id).aamva).not_to be_nil end end @@ -322,8 +320,6 @@ complete_ssn_step complete_verify_step - - expect(DocAuthLog.find_by(user_id: user.id).aamva).to be_nil end end end diff --git a/spec/features/idv/end_to_end_idv_spec.rb b/spec/features/idv/end_to_end_idv_spec.rb index 71f95b6b145..b26d4f711b7 100644 --- a/spec/features/idv/end_to_end_idv_spec.rb +++ b/spec/features/idv/end_to_end_idv_spec.rb @@ -255,7 +255,6 @@ def validate_verify_info_submit(user) expect(page).to have_content(t('doc_auth.forms.doc_success')) expect(user.proofing_component.resolution_check).to eq(Idp::Constants::Vendors::LEXIS_NEXIS) expect(user.proofing_component.source_check).to eq(Idp::Constants::Vendors::AAMVA) - expect(DocAuthLog.find_by(user_id: user.id).aamva).to eq(true) end def validate_phone_page