Skip to content

Move more PII bundle usage to the common interface in Pii::Cacher#6273

Merged
mitchellhenke merged 1 commit intomainfrom
mitchellhenke/improve-pii-handling-interface
Apr 29, 2022
Merged

Move more PII bundle usage to the common interface in Pii::Cacher#6273
mitchellhenke merged 1 commit intomainfrom
mitchellhenke/improve-pii-handling-interface

Conversation

@mitchellhenke
Copy link
Contributor

@mitchellhenke mitchellhenke commented Apr 28, 2022

Follow up to #6054 to update places where we store a PII bundle to use the Pii::Cacher:

  • Gpo Confirmation
  • End of IDV where we move PII from the IDV part to the main PII bundle location
  • Account reactivation

Move more PII bundle usage to the common interface in Pii::Cacher
dbb2fb4 
changelog: Internal, Security, Improve consistency in storing and fetching PII bundle from user session
mitchellhenke
mitchellhenke commented Apr 28, 2022
View reviewed changes
app/services/reactivate_account_session.rb
reactivate_account_session[:pii] = pii.to_json
pii_json = pii.to_json
reactivate_account_session[:pii] = pii_json
Pii::Cacher.new(@user, session).save_decrypted_pii_json(pii_json)
Copy link
Contributor Author

@mitchellhenke mitchellhenke Apr 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will write the value in both places, and after the next deploy, we can remove reactivate_account_session[:pii] and change the decrypted_pii to read from Pii::Cacher

Copy link
Contributor Author

@mitchellhenke mitchellhenke Apr 28, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One side effect of this is if the person is going through account reactivation while authenticating for an SP that's requesting IDV attributes, they will have the decrypted_pii in the expected spot, and after copying their new personal key and clicking "Continue to $SP", they won't have to enter their password again because the PII is already decrypted in the expected location.

@mitchellhenke mitchellhenke requested a review from jmhooper April 28, 2022 20:56
@mitchellhenke mitchellhenke merged commit efa887f into main Apr 29, 2022
@mitchellhenke mitchellhenke deleted the mitchellhenke/improve-pii-handling-interface branch April 29, 2022 16:09
This was referenced May 2, 2022
Merged
Merged
peggles2 pushed a commit that referenced this pull request May 3, 2022
@peggles2
Move more PII bundle usage to the common interface in Pii::Cacher (#6273
7d892ff 
)

changelog: Internal, Security, Improve consistency in storing and fetching PII bundle from user session
peggles2 pushed a commit that referenced this pull request May 5, 2022
@peggles2
Move more PII bundle usage to the common interface in Pii::Cacher (#6273
77b0f81 
)

changelog: Internal, Security, Improve consistency in storing and fetching PII bundle from user session
@mitchellhenke mitchellhenke mentioned this pull request May 5, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jmhooper jmhooper jmhooper approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mitchellhenke @jmhooper