LG-6160: Validate personal key value as case-insensitive, Crockford base32#6240
LG-6160: Validate personal key value as case-insensitive, Crockford base32#6240
Conversation
changelog: Upcoming Features, Identity Verification, Add personal key step screen
| const input = getByRole('textbox') as HTMLInputElement; | ||
|
|
||
| await userEvent.type(input, '0000-0000-0000-000'); | ||
| await userEvent.type(input, 'ABCD-0000-defg-000'); |
There was a problem hiding this comment.
Would it make sense to have a second test where the values.toLowercase() match and we expect not to see an error?
There was a problem hiding this comment.
Could you share a snippet of the test case you have in mind?
The idea with mixed case here and in the expectedValue above is to try to cover both upper- and lower- variations in either the expected value or the given value.
There was a problem hiding this comment.
oh one more thought! the keys are base32-crockford encoded, so that they fold 0 and o together, 1 and i, when we compare on the server we normalize them. We should probably do the same thing here while we're fixing
There was a problem hiding this comment.
link to source:
identity-idp/app/services/personal_key_generator.rb
Lines 17 to 38 in db4c94a
There was a problem hiding this comment.
Good call @zachmargolis , I'll add that. I guess we don't have any feature specs covering that? (That's what originally prompted me to create this pull request)
I also forgot we had created a package for that purpose. Ideally we could fold that in here, but since we still have to maintain the old page, we might have to keep it around for a while in its current form.
There was a problem hiding this comment.
I guess we don't have any feature specs covering that?
I'm not seeing any feature specs... but we do have unit test coverage of it:
identity-idp/spec/services/personal_key_generator_spec.rb
Lines 76 to 78 in db4c94a
There was a problem hiding this comment.
Enhanced feature spec coverage in d4599a5. Will implement it here shortly.
There was a problem hiding this comment.
Implemented in a6404d6. I could have pulled in the library we used in @18f/identity-personal-key-input, but it kinda seemed a bit overkill?
aduth
changed the title
| * | ||
| * @return Normalized value. | ||
| */ | ||
| const normalize = (string: string) => string.toLowerCase().replace(/o/g, '0').replace(/[il]/g, '1'); |
There was a problem hiding this comment.
yeah it's silly to have a whole library that we can replicate with two regexes, this seems easy enough to maintain 👍
3 participants
Extracted from #6229
Why: So that a user is not prevented from submitting the personal key confirmation step due to case sensitivity, for feature parity with the existing screen.