LG-7400 Add update functionality to VerifyInfoController outside Flow State Machine#7661
LG-7400 Add update functionality to VerifyInfoController outside Flow State Machine#7661soniaconnolly wants to merge 28 commits intomainfrom
Conversation
Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov>
Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov>
Co-authored-by: Eric Gade <eric.gade@gsa.gov> Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov>
Replace resolution_info_verified with already existing resolution_info_verified Co-authored-by: Eric Gade <eric.gade@gsa.gov>
Look for proofing results in :stages, :resolution rather than :extra Co-authored-by: Eric Gade <eric.gade@gsa.gov>
Redirect back to verify_info if needed from review controller before action Proofing results exception found deeper in data structure on failure Co-authored-by: Eric Gade <eric.gade@gsa.gov> Co-authored-by: Alex Bradley <alexander.bradley@gsa.gov>
| # rubocop:disable Style/IfUnlessModifier | ||
| if IdentityConfig.store.doc_auth_verify_info_controller_enabled | ||
| if !idv_session.resolution_successful | ||
| redirect_to idv_verify_info_url | ||
| end | ||
| end | ||
| # rubocop:enable Style/IfUnlessModifier |
There was a problem hiding this comment.
QQ what was the reason for disabling the lint? is this WIP?
Also, I think the lint would be quiet if we combined the two conditions to be one, so that it's too long to qualify for that modifier approach?
| # rubocop:disable Style/IfUnlessModifier | |
| if IdentityConfig.store.doc_auth_verify_info_controller_enabled | |
| if !idv_session.resolution_successful | |
| redirect_to idv_verify_info_url | |
| end | |
| end | |
| # rubocop:enable Style/IfUnlessModifier | |
| if IdentityConfig.store.doc_auth_verify_info_controller_enabled && !idv_session.resolution_successful | |
| redirect_to idv_verify_info_url | |
| end |
There was a problem hiding this comment.
Disabled lint when the outer if statement was in another location because it 1) complained that the line was too long and then 2) complained when I made it not a one-liner. It might not even be an issue here anymore with the inner if, and your solution should work, thanks.
| def redact(text) | ||
| text.gsub(/[a-z]/i, 'X').gsub(/\d/i, '#') | ||
| end |
There was a problem hiding this comment.
How is that usually done? Separate ticket + small PR? I looked at the existing helpers and looks like we would need a new one rather than adding to an existing one. Maybe something a little more general than StringRedacter, like PrivacyHelper?
There was a problem hiding this comment.
It depends on the complexity. To me, it looks like all 3 are the exact same method? And it would be a straightforward static method extraction, so I would consider doing it in this PR (because the additional overhead is almost the same as copy-pasting like we've done here). But if needed, we could file a ticket and follow up, which makes sense in more complicated refactors
As far as naming, I don't feel that strongly, PrivacyHelper seems fine, in general I feel like xyzHelper classes are not always super clear, I'd name it after what it does (redact strings), but to me the more important bit is extracting the shared code
There was a problem hiding this comment.
Fixed by adding a StringRedacter concern 41a6339. Will shift over the other places it's used separately from this PR. Also noting that VerifyInfoController will eventually replace VerifyBaseStep, so one of the uses will go away.
Tried adding a Helper first, but helpers are expected to be used in Views. Then tried adding it in lib, then settled on a Concern since that's what's used in Controllers.
per PR feedback. This is now available for a future PR to use in PhoneController and VerifyBaseStep. Co-authored-by: Alex Bradley <alexander.bradley@gsa.gov> Co-authored-by: Eric Gade <eric.gade@gsa.gov>
changelog: Internal improvements, Flow State Machine, Add update method to new VerifyInfoController
soniaconnolly
changed the title
| params.fetch(:user, {})[:password].presence | ||
| end | ||
|
|
||
| def confirm_verify_info_complete |
There was a problem hiding this comment.
I'm looking at #confirm_idv_steps_complete which is also a before action and has a call to #idv_profile_complete?. Wdyt of wrapping this logic into that method? That way a user can confirm in either the FSM or the new controller and still pass the before actions here.
There was a problem hiding this comment.
Sadly it doesn't get to that before action, but makes a redirect loop between review and verify_info somewhere before that. I couldn't figure out where, but putting this before action right at the top fixed it.
There was a problem hiding this comment.
Paired on this with the team. We figured out that the problem is a little complicated. The process looks like this:
- The user fails proofing at the verify info controller
- The user is redirected to the idv session error page
- There is a link on the idv session error page that redirects back to the doc auth FSM
- The user enters the doc auth FSM which sees that all steps are complete and redirects to the review controller
- The review controller runs the
confirm_idv_session_startedbefore action which checks for an applicant. Since resolution did not succeed there is no applicant. This causes it to redirect back to the doc auth FSM - The doc auth FSM proceeds as if in step 4 and begins thrashing
With all that in mind we are all convinced the before action is probably the best route. We will have to figure out how to handle the redirects back to the flow state machine or our new code when we handle the deployment ticket (LG-7402).
|
|
||
| pii[:uuid_prefix] = ServiceProvider.find_by(issuer: sp_session[:issuer])&.app_id | ||
|
|
||
| if ssn_throttle.throttled_else_increment? |
There was a problem hiding this comment.
I see the SSN rate limiting in effect here, but I do not see the resolution rate limiting in effect. I only see that in the new method. Is there something I am missing?
There was a problem hiding this comment.
There are two different throttles as you noted. In the old code they are both referred to as "throttle." We decided to resolve the confusion. Verify_base_step was only checking the ssn throttle on enqueue_job (see second link) which is our update method. Do you want us to add resolution throttle here? See
identity-idp/app/services/idv/steps/verify_base_step.rb
Lines 72 to 74 in cc482cb
identity-idp/app/services/idv/steps/verify_base_step.rb
Lines 175 to 177 in cc482cb
There was a problem hiding this comment.
Chatted with the team; we're going to address this in the PR for LG-7401
| </div> | ||
| <div class="margin-top-5"> | ||
| <%= render SpinnerButtonComponent.new( | ||
| <%= render ButtonComponent.new( |
There was a problem hiding this comment.
I believe we need to make this back into a SpinnerButtonComponent, but presumably we can save that for the async story?
There was a problem hiding this comment.
Yes, that's the idea. We are working on that part of things in the sonia-lg-7401 branch at the moment
Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov>
Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov>
Co-authored-by: Eric Gade <eric.gade@gsa.gov> Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov>
Replace resolution_info_verified with already existing resolution_info_verified Co-authored-by: Eric Gade <eric.gade@gsa.gov>
Look for proofing results in :stages, :resolution rather than :extra Co-authored-by: Eric Gade <eric.gade@gsa.gov>
Redirect back to verify_info if needed from review controller before action Proofing results exception found deeper in data structure on failure Co-authored-by: Eric Gade <eric.gade@gsa.gov> Co-authored-by: Alex Bradley <alexander.bradley@gsa.gov>
per PR feedback. This is now available for a future PR to use in PhoneController and VerifyBaseStep. Co-authored-by: Alex Bradley <alexander.bradley@gsa.gov> Co-authored-by: Eric Gade <eric.gade@gsa.gov>
changelog: Internal, Flow State Machine, Add update action for new VerifyInfoController
soniaconnolly
force-pushed
the
sonia-lg-7400
branch
from
a241b3e to
6c8669d
Compare
|
Closing and replacing with PR #7676 because of rebase issues. |
4 participants
ETA: It looks like rebasing on main caused this PR to include extra commits. Created PR #7676 from the correct cherry-picked commits, recommend merging that one instead.
What
Add update functionality to VerifyInfoController outside Flow State Machine
All changes are hidden behind doc_auth_verify_info_controller_enabled IdentityConfig feature flag which is false in prod.
🎫 Ticket
LG-7400
📜 Testing Plan
Provide a checklist of steps to confirm the changes.