From 889d781f48ef83206149f65bd3c7ca0ab04129fb Mon Sep 17 00:00:00 2001
From: Zach Margolis <zachary.margolis@gsa.gov>
Date: Mon, 25 Oct 2021 11:46:00 -0700
Subject: [PATCH 1/4] Make Faraday request timeouts configurable (LG-5044)

---
 app/jobs/document_proofing_job.rb            |  8 ++++----
 app/jobs/risc_delivery_job.rb                |  8 ++++----
 app/services/doc_auth/acuant/request.rb      | 14 ++++++++------
 app/services/doc_auth/lexis_nexis/request.rb | 10 +++++-----
 app/services/piv_cac_service.rb              |  4 ++++
 app/services/usps_in_person_proofer.rb       |  8 ++++----
 config/application.yml.default               |  2 ++
 lib/identity_config.rb                       |  4 ++++
 8 files changed, 35 insertions(+), 23 deletions(-)

diff --git a/app/jobs/document_proofing_job.rb b/app/jobs/document_proofing_job.rb
index f4fb08a6251..a4a81accc81 100644
--- a/app/jobs/document_proofing_job.rb
+++ b/app/jobs/document_proofing_job.rb
@@ -153,10 +153,10 @@ def decrypt_from_s3(timer:, name:, url:, iv:, key:)
   # @return [Faraday::Connection] builds a Faraday instance with our defaults
   def build_faraday
     Faraday.new do |conn|
-      conn.options.timeout = 3
-      conn.options.read_timeout = 3
-      conn.options.open_timeout = 3
-      conn.options.write_timeout = 3
+      conn.options.timeout = IdentityConfig.store.doc_auth_s3_request_timeout
+      conn.options.read_timeout = IdentityConfig.store.doc_auth_s3_request_timeout
+      conn.options.open_timeout = IdentityConfig.store.doc_auth_s3_request_timeout
+      conn.options.write_timeout = IdentityConfig.store.doc_auth_s3_request_timeout
       conn.request :instrumentation, name: 'request_log.faraday'
 
       # raises errors on 4XX or 5XX responses
diff --git a/app/jobs/risc_delivery_job.rb b/app/jobs/risc_delivery_job.rb
index 24ddde5f663..6392c585da9 100644
--- a/app/jobs/risc_delivery_job.rb
+++ b/app/jobs/risc_delivery_job.rb
@@ -78,10 +78,10 @@ def faraday
     @faraday ||= Faraday.new do |f|
       f.request :instrumentation, name: 'request_log.faraday'
       f.adapter :net_http
-      f.options.timeout = 3
-      f.options.read_timeout = 3
-      f.options.open_timeout = 3
-      f.options.write_timeout = 3
+      f.options.timeout = IdentityConfig.store.risc_notifications_request_timeout
+      f.options.read_timeout = IdentityConfig.store.risc_notifications_request_timeout
+      f.options.open_timeout = IdentityConfig.store.risc_notifications_request_timeout
+      f.options.write_timeout = IdentityConfig.store.risc_notifications_request_timeout
     end
   end
 
diff --git a/app/services/doc_auth/acuant/request.rb b/app/services/doc_auth/acuant/request.rb
index 3b121a9e01c..ce48e194569 100644
--- a/app/services/doc_auth/acuant/request.rb
+++ b/app/services/doc_auth/acuant/request.rb
@@ -91,7 +91,7 @@ def faraday_connection
           end,
         }
 
-        Faraday.new(request: faraday_request_params, url: url.to_s, headers: headers) do |conn|
+        Faraday.new(url: url.to_s, headers: headers) do |conn|
           conn.basic_auth(
             config.assure_id_username,
             config.assure_id_password,
@@ -99,12 +99,14 @@ def faraday_connection
           conn.request :instrumentation, name: 'request_metric.faraday'
           conn.request :retry, retry_options
           conn.adapter :net_http
-        end
-      end
 
-      def faraday_request_params
-        timeout = config.timeout&.to_i || 45
-        { open_timeout: timeout, timeout: timeout }
+
+          timeout = config.timeout&.to_i || 45
+          conn.options.timeout = timeout
+          conn.options.read_timeout = timeout
+          conn.options.open_timeout = timeout
+          conn.options.write_timeout = timeout
+        end
       end
 
       def create_http_exception(http_response)
diff --git a/app/services/doc_auth/lexis_nexis/request.rb b/app/services/doc_auth/lexis_nexis/request.rb
index f1aa87846fd..a0e32dcf8e1 100644
--- a/app/services/doc_auth/lexis_nexis/request.rb
+++ b/app/services/doc_auth/lexis_nexis/request.rb
@@ -83,18 +83,18 @@ def faraday_connection
           end,
         }
 
-        Faraday.new(request: faraday_request_params, url: url.to_s, headers: headers) do |conn|
+        Faraday.new(url: url.to_s, headers: headers) do |conn|
           conn.request :retry, retry_options
           conn.request :instrumentation, name: 'request_metric.faraday'
           conn.basic_auth username, password
           conn.adapter :net_http
+          conn.options.timeout = timeout
+          conn.options.read_timeout = timeout
+          conn.options.open_timeout = timeout
+          conn.options.write_timeout = timeout
         end
       end
 
-      def faraday_request_params
-        { open_timeout: timeout, timeout: timeout }
-      end
-
       def path
         "/restws/identity/v3/accounts/#{account_id}/workflows/#{workflow}/conversations"
       end
diff --git a/app/services/piv_cac_service.rb b/app/services/piv_cac_service.rb
index a944e9c0fe0..b560b544af7 100644
--- a/app/services/piv_cac_service.rb
+++ b/app/services/piv_cac_service.rb
@@ -60,6 +60,10 @@ def token_response(token)
 
       Faraday.new(ssl: ssl_config) do |f|
         f.request :instrumentation, name: 'request_metric.faraday'
+        f.options.timeout = IdentityConfig.store.piv_cac_service_timeout
+        f.options.read_timeout = IdentityConfig.store.piv_cac_service_timeout
+        f.options.open_timeout = IdentityConfig.store.piv_cac_service_timeout
+        f.options.write_timeout = IdentityConfig.store.piv_cac_service_timeout
       end.post(
         verify_token_uri,
         URI.encode_www_form({ token: token }),
diff --git a/app/services/usps_in_person_proofer.rb b/app/services/usps_in_person_proofer.rb
index c26964cc16f..b0716d4b2de 100644
--- a/app/services/usps_in_person_proofer.rb
+++ b/app/services/usps_in_person_proofer.rb
@@ -199,10 +199,10 @@ def request_id
 
   def faraday
     Faraday.new do |conn|
-      conn.options.timeout = 10
-      conn.options.read_timeout = 10
-      conn.options.open_timeout = 10
-      conn.options.write_timeout = 10
+      conn.options.timeout = IdentityConfig.store.usps_ipp_request_timeout
+      conn.options.read_timeout = IdentityConfig.store.usps_ipp_request_timeout
+      conn.options.open_timeout = IdentityConfig.store.usps_ipp_request_timeout
+      conn.options.write_timeout = IdentityConfig.store.usps_ipp_request_timeout
     end
   end
 
diff --git a/config/application.yml.default b/config/application.yml.default
index 7e259ebf7f3..f2f45ae8547 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -149,6 +149,7 @@ pinpoint_sms_sender_id: 'aaa'
 pinpoint_sms_configs: '[]'
 pinpoint_voice_configs: '[]'
 piv_cac_service_url: https://localhost:8443/
+piv_cac_service_timeout: '5'
 piv_cac_verify_token_url: https://localhost:8443/
 poll_rate_for_verify_in_seconds: '3'
 proofer_mock_fallback: 'true'
@@ -184,6 +185,7 @@ risc_notifications_active_job_enabled: 'false'
 risc_notifications_rate_limit_interval: '60'
 risc_notifications_rate_limit_max_requests: '1000'
 risc_notifications_rate_limit_overrides: '{"https://example.com/push":{"interval":120,"max_requests":10000}}'
+risc_notifications_request_timeout: '3'
 ruby_workers_cron_enabled: 'true'
 ruby_workers_idv_enabled: 'true'
 rules_of_use_horizon_years: '6'
diff --git a/lib/identity_config.rb b/lib/identity_config.rb
index a0f7395fb1c..1de4e3ec2bd 100644
--- a/lib/identity_config.rb
+++ b/lib/identity_config.rb
@@ -125,6 +125,7 @@ def self.build_store(config_map)
     config.add(:doc_auth_error_sharpness_threshold, type: :integer)
     config.add(:doc_auth_extend_timeout_by_minutes, type: :integer)
     config.add(:doc_auth_max_attempts, type: :integer)
+    config.add(:doc_auth_s3_request_timeout, type: :integer)
     config.add(:doc_auth_vendor, type: :string)
     config.add(:doc_auth_vendor_randomize, type: :boolean)
     config.add(:doc_auth_vendor_randomize_percent, type: :integer)
@@ -216,6 +217,7 @@ def self.build_store(config_map)
     config.add(:pinpoint_sms_sender_id, type: :string, allow_nil: true)
     config.add(:pinpoint_voice_configs, type: :json)
     config.add(:piv_cac_service_url)
+    config.add(:piv_cac_service_timeout, type: :integer)
     config.add(:piv_cac_verify_token_secret)
     config.add(:piv_cac_verify_token_url)
     config.add(:phone_setups_per_ip_track_only_mode, type: :boolean)
@@ -254,6 +256,7 @@ def self.build_store(config_map)
     config.add(:risc_notifications_rate_limit_interval, type: :integer)
     config.add(:risc_notifications_rate_limit_max_requests, type: :integer)
     config.add(:risc_notifications_rate_limit_overrides, type: :json)
+    config.add(:risc_notifications_request_timeout, type: :integer)
     config.add(:ruby_workers_cron_enabled, type: :boolean)
     config.add(:ruby_workers_idv_enabled, type: :boolean)
     config.add(:rules_of_use_horizon_years, type: :integer)
@@ -288,6 +291,7 @@ def self.build_store(config_map)
     config.add(:usps_ipp_root_url, type: :string)
     config.add(:usps_ipp_sponsor_id, type: :string)
     config.add(:usps_ipp_username, type: :string)
+    config.add(:usps_ipp_request_timeout, type: :integer)
     config.add(:usps_upload_enabled, type: :boolean)
     config.add(:usps_upload_sftp_directory, type: :string)
     config.add(:usps_upload_sftp_host, type: :string)

From e7286546eedaa3a154adb72a1be3544f242395e4 Mon Sep 17 00:00:00 2001
From: Zach Margolis <zachary.margolis@gsa.gov>
Date: Mon, 25 Oct 2021 12:02:03 -0700
Subject: [PATCH 2/4] add missing config

---
 config/application.yml.default | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/application.yml.default b/config/application.yml.default
index f2f45ae8547..96dcfe499d0 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -64,6 +64,7 @@ doc_capture_polling_enabled: 'true'
 doc_auth_client_glare_threshold: '50'
 doc_auth_client_sharpness_threshold: '50'
 doc_auth_enable_presigned_s3_urls: 'false'
+doc_auth_s3_request_timeout: '5'
 doc_auth_error_dpi_threshold: '290'
 doc_auth_error_glare_threshold: '40'
 doc_auth_error_sharpness_threshold: '40'

From c9f69a1a4c974a50bf2c40bfeb4b0ca3efbee127 Mon Sep 17 00:00:00 2001
From: Zach Margolis <zachary.margolis@gsa.gov>
Date: Mon, 25 Oct 2021 12:21:21 -0700
Subject: [PATCH 3/4] Add missing config

---
 config/application.yml.default | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/application.yml.default b/config/application.yml.default
index 96dcfe499d0..074344e989a 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -216,6 +216,7 @@ use_kms: 'false'
 usps_confirmation_max_days: '10'
 usps_ipp_password: ''
 usps_ipp_root_url: ''
+usps_ipp_request_timeout: '10'
 usps_ipp_sponsor_id: ''
 usps_ipp_username: ''
 voice_otp_pause_time: '0.5s'

From 9dc6b2ddfec26ead583127d4a12a182bb04eb545 Mon Sep 17 00:00:00 2001
From: Zach Margolis <zachary.margolis@gsa.gov>
Date: Mon, 25 Oct 2021 12:27:55 -0700
Subject: [PATCH 4/4] fix lint

---
 app/services/doc_auth/acuant/request.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/services/doc_auth/acuant/request.rb b/app/services/doc_auth/acuant/request.rb
index ce48e194569..b6ff357a594 100644
--- a/app/services/doc_auth/acuant/request.rb
+++ b/app/services/doc_auth/acuant/request.rb
@@ -100,7 +100,6 @@ def faraday_connection
           conn.request :retry, retry_options
           conn.adapter :net_http
 
-
           timeout = config.timeout&.to_i || 45
           conn.options.timeout = timeout
           conn.options.read_timeout = timeout