diff --git a/app/services/idv/inherited_proofing/va/service.rb b/app/services/idv/inherited_proofing/va/service.rb new file mode 100644 index 00000000000..094d9747ca2 --- /dev/null +++ b/app/services/idv/inherited_proofing/va/service.rb @@ -0,0 +1,88 @@ +module Idv + module InheritedProofing + module Va + # Encapsulates request, response, error handling, validation, etc. for calling + # the VA service to gain PII for a particular user that will be subsequently + # used to proof the user using inherited proofing. + class Service + BASE_URI = IdentityConfig.store.inherited_proofing_va_base_url + + attr_reader :auth_code + + def initialize(auth_code) + @auth_code = auth_code + end + + # Calls the endpoint and returns the decrypted response. + def execute + raise 'The provided auth_code is blank?' if auth_code.blank? + + response = request + payload_to_hash decrypt_payload(response) + end + + private + + def request + connection.get(request_uri) { |req| req.headers = request_headers } + end + + def connection + Faraday.new do |conn| + conn.options.timeout = request_timeout + conn.options.read_timeout = request_timeout + conn.options.open_timeout = request_timeout + conn.options.write_timeout = request_timeout + conn.request :instrumentation, name: 'inherited_proofing.va' + + # raises errors on 4XX or 5XX responses + conn.response :raise_error + end + end + + def request_timeout + @request_timeout ||= IdentityConfig.store.doc_auth_s3_request_timeout + end + + def request_uri + @request_uri ||= "#{ URI(BASE_URI) }/inherited_proofing/user_attributes" + end + + def request_headers + { Authorization: "Bearer #{jwt_token}" } + end + + def jwt_token + JWT.encode(jwt_payload, private_key, jwt_encryption) + end + + def jwt_payload + { inherited_proofing_auth: auth_code, exp: jwt_expires } + end + + def private_key + @private_key ||= AppArtifacts.store.oidc_private_key + end + + def jwt_encryption + 'RS256' + end + + def jwt_expires + 1.day.from_now.to_i + end + + def decrypt_payload(response) + payload = JSON.parse(response.body)['data'] + JWE.decrypt(payload, private_key) if payload + end + + def payload_to_hash(decrypted_payload, default: nil) + return default unless decrypted_payload.present? + + JSON.parse(decrypted_payload, symbolize_names: true) + end + end + end + end +end diff --git a/app/services/inherited_proofing/va/service.rb b/app/services/inherited_proofing/va/service.rb deleted file mode 100644 index 87a7c047190..00000000000 --- a/app/services/inherited_proofing/va/service.rb +++ /dev/null @@ -1,86 +0,0 @@ -module InheritedProofing - module Va - # Encapsulates request, response, error handling, validation, etc. for calling - # the VA service to gain PII for a particular user that will be subsequently - # used to proof the user using inherited proofing. - class Service - BASE_URI = IdentityConfig.store.inherited_proofing_va_base_url - - attr_reader :auth_code - - def initialize(auth_code) - @auth_code = auth_code - end - - # Calls the endpoint and returns the decrypted response. - def execute - raise 'The provided auth_code is blank?' if auth_code.blank? - - response = request - payload_to_hash decrypt_payload(response) - end - - private - - def request - connection.get(request_uri) { |req| req.headers = request_headers } - end - - def connection - Faraday.new do |conn| - conn.options.timeout = request_timeout - conn.options.read_timeout = request_timeout - conn.options.open_timeout = request_timeout - conn.options.write_timeout = request_timeout - conn.request :instrumentation, name: 'inherited_proofing.va' - - # raises errors on 4XX or 5XX responses - conn.response :raise_error - end - end - - def request_timeout - @request_timeout ||= IdentityConfig.store.doc_auth_s3_request_timeout - end - - def request_uri - @request_uri ||= "#{ URI(BASE_URI) }/inherited_proofing/user_attributes" - end - - def request_headers - { Authorization: "Bearer #{jwt_token}" } - end - - def jwt_token - JWT.encode(jwt_payload, private_key, jwt_encryption) - end - - def jwt_payload - { inherited_proofing_auth: auth_code, exp: jwt_expires } - end - - def private_key - @private_key ||= AppArtifacts.store.oidc_private_key - end - - def jwt_encryption - 'RS256' - end - - def jwt_expires - 1.day.from_now.to_i - end - - def decrypt_payload(response) - payload = JSON.parse(response.body)['data'] - JWE.decrypt(payload, private_key) if payload - end - - def payload_to_hash(decrypted_payload, default: nil) - return default unless decrypted_payload.present? - - JSON.parse(decrypted_payload, symbolize_names: true) - end - end - end -end diff --git a/spec/services/inherited_proofing/va/service_spec.rb b/spec/services/idv/inherited_proofing/va/service_spec.rb similarity index 96% rename from spec/services/inherited_proofing/va/service_spec.rb rename to spec/services/idv/inherited_proofing/va/service_spec.rb index 9809685e576..b53560ccfdf 100644 --- a/spec/services/inherited_proofing/va/service_spec.rb +++ b/spec/services/idv/inherited_proofing/va/service_spec.rb @@ -6,7 +6,7 @@ end end -RSpec.describe InheritedProofing::Va::Service do +RSpec.describe Idv::InheritedProofing::Va::Service do include_context 'va_api_context' include_context 'va_user_context' diff --git a/spec/support/shared_contexts/inherited_proofing/va_api_context.rb b/spec/support/shared_contexts/inherited_proofing/va_api_context.rb index 230a5b8307b..ae5a049b6d3 100644 --- a/spec/support/shared_contexts/inherited_proofing/va_api_context.rb +++ b/spec/support/shared_contexts/inherited_proofing/va_api_context.rb @@ -9,7 +9,7 @@ let(:payload) { { inherited_proofing_auth: auth_code, exp: 1.day.from_now.to_i } } let(:jwt_token) { JWT.encode(payload, private_key, 'RS256') } let(:request_uri) { - "#{InheritedProofing::Va::Service::BASE_URI}/inherited_proofing/user_attributes" + "#{Idv::InheritedProofing::Va::Service::BASE_URI}/inherited_proofing/user_attributes" } let(:request_headers) { { Authorization: "Bearer #{jwt_token}" } } end