LG-13761: ProofingComponents to store real vendor used to verify document PII#11499
LG-13761: ProofingComponents to store real vendor used to verify document PII#11499
Conversation
There was a problem hiding this comment.
A/N: This seems less than ideal, but there doesn't seem to be any good means to pulling the supplied vendor_name out like I did in the VerifyInfoConcern#add_proofing_components method.
There was a problem hiding this comment.
I think there are 2 options here:
- Add a value to the session to indicate whether we performed an AAMVA check and use that
- Inspect the value of the issuing jurisdiction in
pii_from_userorpii_from_docand infer from that whether AAMVA was contacted
Option 1 may be slightly preferable since it stores the result of what the job actually does. The weakness is it involves adding another value to the session. As a result we'll need to break this into 2 deploys. One deploy to write the new value and a second to read and use it.
There was a problem hiding this comment.
Okay, I think I've addressed this here, so let me know what you think!
lmgeorge
force-pushed
the
lmgeorge/LG-13761
branch
from
83f1022 to
dd97fcc
Compare
lmgeorge
changed the title
lmgeorge
force-pushed
the
lmgeorge/LG-13761
branch
from
dd97fcc to
41597e5
Compare
n1zyy
left a comment
n1zyy
left a comment
There was a problem hiding this comment.
Not leaving an approval as this is still marked as a draft and Hooper's comment implies a pending change, but 👍 to where it's at so far.
There was a problem hiding this comment.
A/N: I feel like these two methods could be merged into an handle_success_updates_for_idv_session method, but leaving as is for now.
There was a problem hiding this comment.
A/N: Is there a better way to test this or is the captured by the end_to_end_idv feature spec?
There was a problem hiding this comment.
I think the VerifyInfoController (or the VerifyInfoConcern? I'm not sure which) should have a test asserting that the value in the result object is propagated to the Idv Session
There was a problem hiding this comment.
You are right, will add that now.
There was a problem hiding this comment.
The closest we get to validating the result object is in the end_to_end_idv feature spec -- we have a method, #validate_verify_info_submit, that validates the ProofingComponents structure, but not much else.
With respect to the controller specs, we primarily look at what value was logged in the event (with the exception of our threatmetrix status specs).
For now, I've updated the VerifyInfoController spec to look at what was logged in the state_id stage and am open to expanding the coverage here.
There was a problem hiding this comment.
Do we have any specs for these undo_step things that need to be updated? Or do we just test this as a side effect of other tests
There was a problem hiding this comment.
As far as I can tell, we test undo state primarily as a side effect and only test defaults for individual classes.
There was a problem hiding this comment.
(I was waiting for the pipeline to complete to verify that assumption, so taking a look now)
There was a problem hiding this comment.
Yep, seems like undo step validation is primarily tested through feature specs.
n1zyy
left a comment
n1zyy
left a comment
There was a problem hiding this comment.
This is a nice fix, and it cleans up formatting a bit as well!
lib/idp/constants.rb
Outdated
There was a problem hiding this comment.
(Possible bikeshedding) Is there a clearer name for this? I.e., SOCURE and LEXIS_NEXIS are sources that we check; can we make it obvious why they don't belong in this array? STATE_ID_SOURCE_CHECK?
Suggesting only in case you agree or have a better idea; I don't feel strongly at all here.
There was a problem hiding this comment.
I was on the fence about what to call this, but I wanted the relationship between this and ProofingComponents#source_check to be clear and deeply coupled.
There was a problem hiding this comment.
I went back and forth about asking for state_id_source_check, but the idea here is: you have given us a document of some kind. we then verify it with the issuing source. right now that is a drivers license + AAMVA. In the near future, hopefully, that will be other document types + other verifiers.
There was a problem hiding this comment.
Basically, source_check is probably good
lmgeorge
added
status - ready for review
ruby
lmgeorge
force-pushed
the
lmgeorge/LG-13761
branch
from
804fb5b to
dfe0ab6
Compare
…ment PII **Why** * Prior to this change, we always stored 'aamva' in a `User`'s `proofing_components.source_check` column regardless of whether a call to AAMVA was made or not. Accuracy is good and storing the actual "vendor_name" will align our analytics across our events. **How** * Instead of hard-coding `vendor_name` in `proofing_components.source_check`, we dig into the result object (as produced by the `ResultAdjudicator`) for the actual vendor_name. This value should always be present even though we don't have any validators for it. * Adds `:source_check_vendor` field to `Idv::Session` to capture the vendor name actually utilized to validate the state ID attributes. * Pulling `vendor_name` from the result object makes testing a little messier, cleaning up the various vendor names in our specs should be done in future work. For now, a new constant with the known `source_check` names has been added (`Idv::Constants::Vendors::SOURCE_CHECK`). * No new specs have been added as the functionality hasn't changed, but the relevant specs, including one end-to-end feature test, have been updated to check the vendor name is in the expected list or matches a placeholder value. changelog: Internal, Analytics, Store correct vendor name in ProofingComponents
lmgeorge
force-pushed
the
lmgeorge/LG-13761
branch
from
dfe0ab6 to
67fcdeb
Compare
|
|
||
| def source_check | ||
| Idp::Constants::Vendors::AAMVA if idv_session.verify_info_step_complete? | ||
| idv_session.source_check_vendor |
There was a problem hiding this comment.
I think we need to tweak to account for the 50/50 state:
| idv_session.source_check_vendor | |
| idv_session.source_check_vendor || (Idp::Constants::Vendors::AAMVA if idv_session.verify_info_step_complete?) |
(you can probably come up with a better / more ruby-ish way to do ☝️ )
Basically, if the key is not in the session, we need to fall back to the old (bad) way
| let(:errors) { {} } | ||
| let(:exception) { nil } | ||
| let(:vendor_name) { :aamva } | ||
| let(:vendor_name) { 'aamva_placeholder' } |
There was a problem hiding this comment.
will not approve without emoji vendor name
matthinz
left a comment
matthinz
left a comment
There was a problem hiding this comment.
All this looks good, just the one 50/50 state thing
4 participants
Why
User'sproofing_components.source_checkcolumn regardless of whether a call to AAMVA was made or not. Accuracy is good and storing the actual "vendor_name" will align our analytics across our events.How
Instead of hard-coding
vendor_nameinproofing_components.source_check, we dig into the result object (as produced by theResultAdjudicator) for the actual vendor_name. This value should always be present even though we don't have any validators for it.This makes testing a little messier, but cleaning up the various vendor names in our specs should be done in future work. For now, a new constant with the known
source_checknames has been added (Idv::Constants::Vendors::SOURCE_CHECK).No new specs have been added as the functionality hasn't changed, but one end-to-end feature test has been updated to check the vendor name is in the expected list.
changelog: Internal, Analytics, Store correct vendor name in ProofingComponents
🎫 Ticket
Link to the relevant ticket:
LG-13761
📜 Testing Plan
Provide a checklist of steps to confirm the changes.