Remove sp_request_requested_attributes from completion events

[aduth]

🛠 Summary of changes

Removes sp_request_requested_attributes from 'User registration: complete' and 'User registration: agency handoff visited' analytics events.

These values are never assigned (see #10736 (comment)), and are prone to confusion with the sp_session_requested_attributes analytics property.

Previous discussion: #10736 (comment)

📜 Testing Plan

Verify that this property is never logged in production analytics.

[aduth]

Trying to sift through the layers of abstraction, we could also do something like this, which still indirectly falls back to service_provider_request.requested_attributes (source):

Suggested change

	sp_session_requested_attributes: sp_session[:requested_attributes],
	sp_requested_attributes: decorated_sp_session.requested_attributes,

Still trying to understand if we really need service_provider_request at all though...

[zachmargolis]

tracing this back looks like it should come from

identity-idp/app/services/service_provider_request_handler.rb

Line 68 in 449ce68

requested_attributes: protocol.requested_attributes,

which comes from either

identity-idp/app/models/federated_protocols/oidc.rb

Lines 29 to 31 in 9aadb98

	def requested_attributes
	OpenidConnectAttributeScoper.new(request.scope).requested_attributes
	end

or

identity-idp/app/models/federated_protocols/saml.rb

Lines 33 to 40 in 9aadb98

	def requested_attributes
	@requested_attributes ||= SamlRequestedAttributesPresenter.new(
	service_provider: current_service_provider,
	ial: ial,
	vtr: vtr,
	authn_request_attribute_bundle: SamlRequestParser.new(request).requested_attributes,
	).requested_attributes
	end

which don't seem like they should be as empty as they are?

[aduth]

The problem is ApplicationController#service_provider_request will always be NullServiceProviderRequest, because uuid is blank since there is no request_id query parameter at this controller.

[zachmargolis]

oh that explains a lot

[zachmargolis]

maybe a next PR could clean up that helper? I know in at least one place use do pass request_id as a URL param for emails, but maybe it shouldn't be in a shared controller like it is now

[aduth]

Yeah, that's part of the trickiness, since there are a few places we do expect request_id query parameter to be supported (the entrypoints like password reset, sign-in), so we might rely on it there. But I'd think the way it should work is that we immediately store it all in the session and then refer to sp_session from that point forward.