LG-13726 update verify info controller to redirect when pii is missing

[jennyverdeyen]

🎫 Ticket

Link to the relevant ticket:
LG-13726

🛠 Summary of changes

An error recently surfaced in NewRelic: undefined method 'merge' for nil occurring in the verify info controller. This error would occur because a possibly nil "pii_from_user "object was being called "merge" upon. This updates the code to check for missing PII before rendering the verify info controller, as well as handle that nil object gracefully and prevent such an the error from breaking the app.

📜 Testing Plan

• Reproduce the error:
  • On the main branch (without this fix) complete the IPP flow to the point of the 'verify/in_person/verify_info' page (after you've entered SSN).
  • Hit the 'Cancel' link near the bottom of the page
  • Choose "Exit Login.gov"
  • Hit the back button in your browser to return to Login.gov
  • Choose "Keep going"
  • Observe the application breaks with undefined method 'merge' for nil error

Screen.Recording.2024-08-23.at.8.46.52.PM.mov

• Perform the same actions to confirm the fix on this branch:

  • Checkout this branch (jverdeyen/LG-13726-fix-nil-merge-error) and complete the IPP flow to the point of the 'verify/in_person/verify_info' page (after you've entered SSN).
  • Hit the 'Cancel' link near the bottom of the page
  • Choose "Exit Login.gov"
  • Hit the back button in your browser to return to Login.gov
  • Choose "Keep going"
  • Observe that it redirects to the /verify/welcome page without error
  Screen.Recording.2024-08-23.at.8.41.28.PM.mov

• Confirm the tests are passing (spec/controllers/idv/in_person/verify_info_controller_spec.rb) ✅

[mitchellhenke]

How does IPP end up in a state where pii is nil at this point? It should already exist?

[jennyverdeyen]

I was wondering the same! We observed errors in NewRelic that traced back to pii being nil here. I couldn't reproduce it manually. Not sure if this indicates something bigger worth investigating? Perhaps handling the error here isn't sufficient? Open to discussion!

[mitchellhenke]

For posterity, discussion was continued internally here

[jennyverdeyen]

Revisited this, and after investigating the logs I found that a user could cancel their in person proofing flow at the verify info page, exit login.gov, then hit the back button to re-enter login.gov, and hit "keep going" to return to the verify info page, where they would no longer have PII in their session since it was cleared on exit.

So, I've added a before_action to redirect if there is no IPP session data present. This follows the behavior on the remote flow side, where the verify info controller also checks that that the step is valid and otherwise redirects.

[WilliamBirdsall]

LGTM and tests pass :D

[KeithNava]

Awesome work! Thanks for really "digging" into this! 😆

[WilliamBirdsall]

Still LGTM!