[LG-324] Add piv/cac subject to attributes for move.mil

app/forms/user_piv_cac_setup_form.rb

@@ -59,7 +59,7 @@ def token_has_correct_nonce
 
   def piv_cac_not_already_associated
     self.x509_dn_uuid = @data['uuid']
-    self.x509_dn = @data['dn']
+    self.x509_dn = @data['subject']
     if User.find_by(x509_dn_uuid: x509_dn_uuid)
       self.error_type = 'piv_cac.already_associated'
       false

app/forms/user_piv_cac_verification_form.rb

@@ -44,7 +44,7 @@ def not_error_token
       false
     else
       self.x509_dn_uuid = @data['uuid']
-      self.x509_dn = @data['dn']
+      self.x509_dn = @data['subject']
       true
     end
   end

app/view_models/sign_up_completions_show.rb

@@ -17,6 +17,7 @@ def initialize(loa3_requested:, decorated_session:, current_user:, handoff:)
     [[:email], :email],
     [[:birthdate], :birthdate],
     [[:social_security_number], :social_security_number],
+    [[:x509_subject], :x509_subject],
   ].freeze
 
   MAX_RECENT_IDENTITIES = 5

config/locales/help_text/en.yml

@@ -11,6 +11,7 @@ en:
       intro_html: 'This is the only information %{app_name} will share with %{sp}:'
       phone: Phone number
       social_security_number: Social Security number
+      x509_subject: PIV/CAC Identity
     no_factor:
       delete_account: To delete your account, please confirm your password and security
         code.

config/locales/help_text/es.yml

@@ -11,6 +11,7 @@ es:
       intro_html: 'Esta es la única información que %{app_name} compartirá con %{sp}:'
       phone: Teléfono
       social_security_number: Número de Seguro Social
+      x509_subject: NOT TRANSLATED YET
     no_factor:
       delete_account: Para eliminar su cuenta, confirme su contraseña y código de
         seguridad.

config/locales/help_text/fr.yml

@@ -12,6 +12,7 @@ fr:
         %{sp}:'
       phone: Numéro de téléphone
       social_security_number: Numéro de sécurité sociale
+      x509_subject: NOT TRANSLATED YET
     no_factor:
       delete_account: Pour supprimer votre compte, veuillez confirmer votre mot de
         passe et votre code de sécurité.

config/service_providers.yml

@@ -584,7 +584,7 @@ production:
       - 'https://portal.dot.gov/'
     restrict_to_deploy_env: 'prod'
 
-  # NGA GEOWorks Symphony 
+  # NGA GEOWorks Symphony
   'urn:gov:gsa:openidconnect.profiles:sp:sso:mitre:symphony':
     agency_id: 5
     friendly_name: 'GEOWorks/Symphony'
@@ -628,7 +628,10 @@ production:
       - 'https://office.dp3.us'
       - 'https://office.dp3.us/auth/login-gov/callback'
     restrict_to_deploy_env: 'prod'
-
+    attribute_bundle:
+      - x509_subject
+      - x509_presented
+
   # My Move.mil
   'urn:gov:gsa:openidconnect.profiles:sp:sso:dod:mymovemilprod':
     agency_id: 8
@@ -643,6 +646,9 @@ production:
       - 'https://my.dp3.us'
       - 'https://my.dp3.us/auth/login-gov/callback'
     restrict_to_deploy_env: 'prod'
+    attribute_bundle:
+      - x509_subject
+      - x509_presented
 
   # DOT – National Registry of Certified Medical Examiners App
   'urn:gov:dot:openidconnect.profiles:sp:sso:dot:nr_auth':

spec/controllers/two_factor_authentication/piv_cac_verification_controller_spec.rb

@@ -15,22 +15,22 @@
     allow(subject).to receive(:user_session).and_return(session_info)
     allow(PivCacService).to receive(:decode_token).with('good-token').and_return(
       'uuid' => user.x509_dn_uuid,
-      'dn' => x509_subject,
+      'subject' => x509_subject,
       'nonce' => nonce
     )
     allow(PivCacService).to receive(:decode_token).with('good-other-token').and_return(
       'uuid' => user.x509_dn_uuid + 'X',
-      'dn' => x509_subject + 'X',
+      'subject' => x509_subject + 'X',
       'nonce' => nonce
     )
     allow(PivCacService).to receive(:decode_token).with('bad-token').and_return(
       'uuid' => 'bad-uuid',
-      'dn' => 'bad-dn',
+      'subject' => 'bad-dn',
       'nonce' => nonce
     )
     allow(PivCacService).to receive(:decode_token).with('bad-nonce').and_return(
       'uuid' => user.x509_dn_uuid,
-      'dn' => x509_subject,
+      'subject' => x509_subject,
       'nonce' => 'bad-' + nonce
     )
   end

spec/controllers/users/piv_cac_authentication_setup_controller_spec.rb

@@ -69,7 +69,7 @@
       let(:good_token) { 'good-token' }
       let(:good_token_response) do
         {
-          'dn' => 'some dn',
+          'subject' => 'some dn',
           'uuid' => 'some-random-string',
           'nonce' => nonce,
         }

spec/services/piv_cac_service_spec.rb

@@ -37,10 +37,10 @@
       end
 
       it 'returns the test data' do
-        token = 'TEST:{"uuid":"hijackedUUID","dn":"hijackedDN"}'
+        token = 'TEST:{"uuid":"hijackedUUID","subject":"hijackedDN"}'
         expect(PivCacService.decode_token(token)).to eq(
           'uuid' => 'hijackedUUID',
-          'dn' => 'hijackedDN'
+          'subject' => 'hijackedDN'
         )
       end
     end
@@ -110,7 +110,7 @@
             ).
             to_return(
               status: [200, 'Ok'],
-              body: '{"dn":"dn","uuid":"uuid"}'
+              body: '{"subject":"dn","uuid":"uuid"}'
             )
         end
 
@@ -121,14 +121,14 @@
 
         it 'returns the decoded JSON from the target service' do
           expect(PivCacService.decode_token('foo')).to eq(
-            'dn' => 'dn',
+            'subject' => 'dn',
             'uuid' => 'uuid'
           )
         end
 
         describe 'with test data' do
           it 'returns an error' do
-            token = 'TEST:{"uuid":"hijackedUUID","dn":"hijackedDN"}'
+            token = 'TEST:{"uuid":"hijackedUUID","subject":"hijackedDN"}'
             expect(PivCacService.decode_token(token)).to eq(
               'error' => 'token.bad'
             )