Conversation
…pleted the verify info step Currently we have some code in place to check that a user has completed the verify step in the review controller. This code supports us when both the FSM verify step and the new verify step are in place. It will be removed in this change request: #7747 After deploying the IDP with the feature flag enabled we discovered a bug in this code. This code calls `idv_session` in a before action that is added prior to adding the `IdvSession` concern. The `IdvSessnion` concern adds a before action to confirm the user is authenticated. This concern includes a before action to confirm the user is authenticated since calling `idv_session` with no user session results in a `NoMethodError`. Having the `confirm_verify_info_complete` prior to that before action is problematic since it calls `idv_session`. This commit works around the issue by guarding the before action with a check to confirm the user is authenticated. This is not the most elegant solution, but it should work and as stated previously will be removed in #7747. [skip changelog]
| redirect_to idv_verify_info_url | ||
| end | ||
| return unless IdentityConfig.store.doc_auth_verify_info_controller_enabled | ||
| return unless user_fully_authenticated? |
Contributor
There was a problem hiding this comment.
would before_action :confirm_two_factor_authenticated at the top work?
mitchellhenke
approved these changes
Feb 7, 2023
soniaconnolly
approved these changes
Feb 7, 2023
Contributor
soniaconnolly
left a comment
soniaconnolly
left a comment
There was a problem hiding this comment.
LGTM, with explanation in Slack that just checking idv_session is non-nil would result in a 500, so the full authentication check is needed. Yay tests!
jmhooper
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently we have some code in place to check that a user has completed the verify step in the review controller. This code supports us when both the FSM verify step and the new verify step are in place. It will be removed in this change request: #7747
After deploying the IDP with the feature flag enabled we discovered a bug in this code. This code calls
idv_sessionin a before action that is added prior to adding theIdvSessionconcern.The
IdvSessnionconcern adds a before action to confirm the user is authenticated. This concern includes a before action to confirm the user is authenticated since callingidv_sessionwith no user session results in aNoMethodError. Having theconfirm_verify_info_completeprior to that before action is problematic since it callsidv_session.This commit works around the issue by guarding the before action with a check to confirm the user is authenticated. This is not the most elegant solution, but it should work and as stated previously will be removed in #7747.