From afe61eb61ba50385cbc2146331547231ce4e44a4 Mon Sep 17 00:00:00 2001
From: davida marion <davida.marion@gsa.gov>
Date: Tue, 19 Nov 2024 14:01:59 -0500
Subject: [PATCH 1/2] changelog: Internal, Analytics, Exclude stale sessions in
 IAL2 usage query

---
 lib/reporting/protocols_report.rb           |  9 +++++-
 spec/lib/reporting/protocols_report_spec.rb | 32 +++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/lib/reporting/protocols_report.rb b/lib/reporting/protocols_report.rb
index 5f83c29ab2e..fe1d333961a 100644
--- a/lib/reporting/protocols_report.rb
+++ b/lib/reporting/protocols_report.rb
@@ -282,11 +282,18 @@ def aal3_issuers_query
     end
 
     def facial_match_issuers_query
-      format(<<~QUERY)
+      params = {
+        events: quote([SAML_AUTH_EVENT, OIDC_AUTH_EVENT]),
+      }
+      # OIDC_AUTH_EVENT and SAML_AUTH_EVENTs are fired before the initiating
+      # session is stored.
+      # We are omitting those events to prevent false positives
+      format(<<~QUERY, params)
         fields
           coalesce(properties.event_properties.service_provider,
           properties.event_properties.client_id,
           properties.service_provider) as issuer
+        | filter name NOT IN %{events}
         | filter properties.sp_request.facial_match
         | display issuer
         | sort issuer
diff --git a/spec/lib/reporting/protocols_report_spec.rb b/spec/lib/reporting/protocols_report_spec.rb
index 6d39565bed9..53690ceda3c 100644
--- a/spec/lib/reporting/protocols_report_spec.rb
+++ b/spec/lib/reporting/protocols_report_spec.rb
@@ -113,6 +113,38 @@
     it 'generates the tabular csv data' do
       expect(report.as_tables).to eq expected_tables
     end
+
+    describe 'queries' do
+      let(:client) { report.cloudwatch_client }
+      let(:time_query) do
+        {
+          from: report.time_range.begin,
+          to: report.time_range.end,
+        }
+      end
+      before do
+        allow(client).to receive(:fetch).and_call_original
+      end
+
+      it 'calls the cloudwatch client with the expected queries' do
+        report.as_tables
+
+        %i[
+          aal3_issuers_query
+          saml_signature_query
+          facial_match_issuers_query
+          id_token_hint_query
+          loa_issuers_query
+          protocol_query
+          saml_signature_query
+        ].each do |query|
+          expect(client).to have_received(:fetch).with(
+            query: report.send(query),
+            **time_query,
+          )
+        end
+      end
+    end
   end
 
   describe '#as_emailable_reports' do

From 67530e6af02e82fc0934b39b9e26c13cfc5ee1fc Mon Sep 17 00:00:00 2001
From: davida marion <davida.marion@gsa.gov>
Date: Wed, 20 Nov 2024 08:23:44 -0500
Subject: [PATCH 2/2] Update send to public_send

---
 spec/lib/reporting/protocols_report_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/lib/reporting/protocols_report_spec.rb b/spec/lib/reporting/protocols_report_spec.rb
index 53690ceda3c..7d9dbb12faa 100644
--- a/spec/lib/reporting/protocols_report_spec.rb
+++ b/spec/lib/reporting/protocols_report_spec.rb
@@ -139,7 +139,7 @@
           saml_signature_query
         ].each do |query|
           expect(client).to have_received(:fetch).with(
-            query: report.send(query),
+            query: report.public_send(query),
             **time_query,
           )
         end