Skip to content

store whole flow session in analytics if unable to find DCS during async document upload#4528

Merged
mitchellhenke merged 3 commits intomasterfrom
mitchellhenke/more-smoke-test-analytics
Dec 22, 2020
Merged

store whole flow session in analytics if unable to find DCS during async document upload#4528
mitchellhenke merged 3 commits intomasterfrom
mitchellhenke/more-smoke-test-analytics

Conversation

@mitchellhenke
Copy link
Contributor

@mitchellhenke mitchellhenke commented Dec 22, 2020

No description provided.

zachmargolis
zachmargolis reviewed Dec 22, 2020
View reviewed changes
app/services/idv/actions/verify_document_status_action.rb Outdated
@flow.analytics.track_event(Analytics::DOC_AUTH_ASYNC,
error: 'failed to load document_capture_session',
uuid: flow_session[verify_document_capture_session_uuid_key],
flow_session: flow_session,
Copy link
Contributor

@zachmargolis zachmargolis Dec 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ummmm this possibly contains PII right? we store the attributes here between steps?

Copy link
Contributor

@jmhooper jmhooper Dec 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, this is my first thought as well. Maybe something like flow_session.keys? Or a select set of values that we know aren't PII?

We should probably also add a flag to make sure this only happens in dev just to be safe.

Copy link
Contributor

@zachmargolis zachmargolis Dec 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can do a redacted log? A few ideas:

  1. just log if the key is empty or present?
  2. a refacted log? like run though all the keys and put in X for letters and # for numbers, ex:
SecureRandom.uuid.gsub(/\d/, '#').gsub(/\w/, 'X')
=> "#X####XX-##X#-#X##-####-##X####X###X"

Copy link
Contributor Author

@mitchellhenke mitchellhenke Dec 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right, I will try the subset of safe values and ensure only dev, and probably include the keys as well

Copy link
Contributor Author

@mitchellhenke mitchellhenke Dec 22, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added b92316e which will only store the flow session keys and the flow session (excluding pii_from_doc) in dev

@mitchellhenke mitchellhenke merged commit 9b1e99a into master Dec 22, 2020
@mitchellhenke mitchellhenke deleted the mitchellhenke/more-smoke-test-analytics branch December 22, 2020 19:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@zachmargolis zachmargolis zachmargolis left review comments

@jmhooper jmhooper jmhooper approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mitchellhenke @zachmargolis @jmhooper