Conversation
…to lg-6114-personal-key
aduth
reviewed
Apr 25, 2022
aduth
reviewed
Apr 27, 2022
Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
to fetch pii from the PII::Cacher Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov>
jmhooper
reviewed
Apr 28, 2022
jmhooper
approved these changes
Apr 28, 2022
Contributor
jmhooper
left a comment
jmhooper
left a comment
There was a problem hiding this comment.
One last comment from me
peggles2
added a commit
that referenced
this pull request
May 3, 2022
* personal-key repo
* update route to verify/complete/personal_key
* get request working with postman to return empty hash for now
* add_proofing_component to get_personal_key
* add analytics for personal key
* update complete_controller
* update error messages for the 2 factor auth so api can get proper json response
* cleanup code
* update the application controller
* changes made to return proper json error responses
* latest changes
* update code
* create the profile and cache the pii
* create the profile creation form correctly
* clean up the JWT code, use idv certificate pair
* update code
* changes made to cleanup code
* update FormResponse to return a {} if extra_attributes is nil
* changes made to fix the correct jwt to return user key
* specs for Api::ProfileCreationForm
* specs for Api::ProfileCreationForm (for reals)
* add rspec tests
* cleanup test
* cleanup code
* fix profile creation form spec on recovery key
* changes made to make it a post instead of a get
* cleanup lint
* fix some more linter errors
* Include "personal_key" as alertable key in analytics PiiDetector
**Why**: Since we don't want to be including this detail in any logs, as it is password-like.
* Revert "Include "personal_key" as alertable key in analytics PiiDetector"
This reverts commit 3f00de9.
* implement/test complete_session
* changes made to fix the code review feedacks
* get rid of aliased methods
* lints
* fix linter error
* remove parenthesis
* code review feedback
* changelog: Upcoming Features, Identity Verification, API endpoint for IdV completion
* fix line space
* code review feedback
* fix lint error
* add feature flagging
* move the personal_key to a dedicated method, encapsulate the JWT in a decorator
* lints
* convert profile_completion_form to return the personal_key separately from the response.
* remove unused custom form response class
* Update config/routes.rb
Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* Update app/forms/api/profile_creation_form.rb
to fetch pii from the PII::Cacher
Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov>
* remove `gpo_otp` as a method on the form
* move the feature flag check from routes.rb to the controller
* remove unnecessary session usage
* default keys for IdV JWTs
* guard against small IdV JWT keys in production envs
Co-authored-by: Douglas Price <douglas.price@gsa.gov>
Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov>
peggles2
added a commit
that referenced
this pull request
May 5, 2022
* personal-key repo
* update route to verify/complete/personal_key
* get request working with postman to return empty hash for now
* add_proofing_component to get_personal_key
* add analytics for personal key
* update complete_controller
* update error messages for the 2 factor auth so api can get proper json response
* cleanup code
* update the application controller
* changes made to return proper json error responses
* latest changes
* update code
* create the profile and cache the pii
* create the profile creation form correctly
* clean up the JWT code, use idv certificate pair
* update code
* changes made to cleanup code
* update FormResponse to return a {} if extra_attributes is nil
* changes made to fix the correct jwt to return user key
* specs for Api::ProfileCreationForm
* specs for Api::ProfileCreationForm (for reals)
* add rspec tests
* cleanup test
* cleanup code
* fix profile creation form spec on recovery key
* changes made to make it a post instead of a get
* cleanup lint
* fix some more linter errors
* Include "personal_key" as alertable key in analytics PiiDetector
**Why**: Since we don't want to be including this detail in any logs, as it is password-like.
* Revert "Include "personal_key" as alertable key in analytics PiiDetector"
This reverts commit 3f00de9.
* implement/test complete_session
* changes made to fix the code review feedacks
* get rid of aliased methods
* lints
* fix linter error
* remove parenthesis
* code review feedback
* changelog: Upcoming Features, Identity Verification, API endpoint for IdV completion
* fix line space
* code review feedback
* fix lint error
* add feature flagging
* move the personal_key to a dedicated method, encapsulate the JWT in a decorator
* lints
* convert profile_completion_form to return the personal_key separately from the response.
* remove unused custom form response class
* Update config/routes.rb
Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
* Update app/forms/api/profile_creation_form.rb
to fetch pii from the PII::Cacher
Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov>
* remove `gpo_otp` as a method on the form
* move the feature flag check from routes.rb to the controller
* remove unnecessary session usage
* default keys for IdV JWTs
* guard against small IdV JWT keys in production envs
Co-authored-by: Douglas Price <douglas.price@gsa.gov>
Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
Co-authored-by: Mitchell Henke <mitchell.henke@gsa.gov>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request is the first API request for the Flow state machine api.
It makes a post request and sends a password and jwt key and in exchange retrieves the personal key.
API Request:
POST /api/verify/complete
PARAMETERS:
{ password: 'iambatman', details: jwt }
RESPONSE:
success:
{"personal_key"=>"J4S5-3Y93-F84X-NSN1", "profile_pending"=>true, "status"=>"SUCCESS"}
failed:
{"error"=>"user is not fully authenticated", "status"=>"ERROR"}