Skip to content

ProgressiveProofer refactor 1/N: ThreatMetrix#11420

Merged
matthinz merged 5 commits intomainfrom
matthinz/prog-proofer-refactor-01-threatmetrix
Nov 1, 2024
Merged

ProgressiveProofer refactor 1/N: ThreatMetrix#11420
matthinz merged 5 commits intomainfrom
matthinz/prog-proofer-refactor-01-threatmetrix

Conversation

@matthinz
Copy link
Copy Markdown
Contributor

@matthinz matthinz commented Oct 29, 2024
edited
Loading

🛠 Summary of changes

Ahead of integrating a new vendor into the ProgressiveProofer, I'm going to do a series of PRs that extract code for individual vendors out into separate files/classes. I'm calling these "plugins" because I think that will ultimately describe the kind of architecture we're going for here, but for now these are basically just the old proof_with_X_if_needed methods extracted out into a new class with a call method.

Right now, each plugin's call method lays out exactly what its dependencies are. Each plugin also gets its own spec file, mainly focused on these primary scenarios:

  • Remote unsupervised proofing
  • In-person proofing (residential address == id address)
  • In-person proofing (residential address != id address)

In some cases I am pulling spec code out of the existing ProgressiveProofer spec, and in some cases I am modifying it slightly to ensure it addresses the above scenarios.

This PR implements the first (and simplest) "plugin", which does the ThreatMetrix Session Query API call. There are not significant differences in implementation for the Remote and IPP flows here, and there's not really any "new" code being introduced--this is mostly moving existing code around.

See also

  • The "How Login.gov does identity resolution and validation" section of the Identity Verification Business Logic doc, which is essentially an breakdown explanation of what exactly the ProgressiveProofer is doing.
  • This RFC about pulling the ProgressiveProofer apart. This work corresponds roughly to the "Phase One" identified in the RFC.

📜 Testing Plan

Provide a checklist of steps to confirm the changes.

  • Intend to commit fraud (signaling this using the Mock device profiling behavior box on the SSN screen), run through IdV, and be successfully caught
  • Be pure of heart (also signaling this using the Mock device profiling behavior box on the SSN screen) and complete IdV successfully.

@matthinz
Refactor ThreatMetrix out into a plugin
66aa5f4 
For now, just take the proof_with_threatmetrix_if_needed method + deps and move into a different file.

[skip changelog]
@matthinz matthinz requested a review from a team October 29, 2024 18:29
matthinz
matthinz commented Oct 29, 2024
View reviewed changes
spec/services/proofing/resolution/progressive_proofer_spec.rb
it 'returns a ResultAdjudicator' do
expect(proof).to be_an_instance_of(Proofing::Resolution::ResultAdjudicator)
expect(proof.same_address_as_id).to eq(nil)
context 'remote unsupervised proofing' do
Copy link
Copy Markdown
Contributor Author

@matthinz matthinz Oct 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This diff is a little messy, but my goal is to, at the end of this refactor, have two top level contexts here: remote unsupervised proofing and in-person proofing.

@aduth aduth requested a review from mdiarra3 October 29, 2024 20:18
zachmargolis
zachmargolis approved these changes Oct 29, 2024
View reviewed changes
mdiarra3
mdiarra3 approved these changes Oct 30, 2024
View reviewed changes
app/services/proofing/resolution/plugins/threat_metrix_plugin.rb
if IdentityConfig.store.lexisnexis_threatmetrix_mock_enabled
Proofing::Mock::DdpMockClient.new
else
Proofing::LexisNexis::Ddp::Proofer.new(
Copy link
Copy Markdown
Contributor

@mdiarra3 mdiarra3 Oct 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a heads up. Will be updating the config to add a "policy" attribute since we have decided for Authentication we will have a different policy. But otherwise. Taking a look this shouldn't affect our implementation much. may be a merge conflict depending on whats merged first.

matthinz and others added 2 commits October 30, 2024 12:27
@matthinz @zachmargolis
Update app/services/proofing/resolution/plugins/threat_metrix_plugin.rb
7d96842 
Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
@matthinz
Add sp_cost_count method to TMX plugin spec
083f8f5 
Allows much cleaner (1-line) checking of whether the plugin modifies cost counts
@matthinz matthinz mentioned this pull request Oct 30, 2024
Merged
6 tasks
This was referenced Oct 30, 2024
Merged
Merged
@matthinz matthinz merged commit 1767dd5 into main Nov 1, 2024
@matthinz matthinz deleted the matthinz/prog-proofer-refactor-01-threatmetrix branch November 1, 2024 15:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdiarra3 mdiarra3 mdiarra3 approved these changes

+3 more reviewers

@n1zyy n1zyy n1zyy approved these changes

@zachmargolis zachmargolis zachmargolis approved these changes

@jmhooper jmhooper jmhooper approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@matthinz @n1zyy @zachmargolis @jmhooper @mdiarra3