Skip to content

LG-8115: don't require any auth headers for DDP.#8358

Merged
solipet merged 4 commits intomainfrom
dprice-lg-8115-hmac-take-2
May 9, 2023
Merged

LG-8115: don't require any auth headers for DDP.#8358
solipet merged 4 commits intomainfrom
dprice-lg-8115-hmac-take-2

Conversation

@solipet
Copy link
Contributor

@solipet solipet commented May 8, 2023

🎫 Ticket

LG-8115

🛠 Summary of changes

The ThreatMetrix DDP API does not require any auth headers (basic or hmac) so let's stop sending them.

solipet added 2 commits May 8, 2023 15:49
@solipet
LG-8115: don't require any auth headers for DDP.
6dac213 
[skip changelog]
@solipet
Rename Proofing::LexisNexis::Request#send to Proofing::LexisNexis::Re…
cf154b5 
…quest#send_request

This is to avoid overriding Object#send and allow me to
test the ddp request headers (private method call).
solipet
solipet commented May 8, 2023
View reviewed changes
spec/services/proofing/lexis_nexis/ddp/verification_request_spec.rb
end

it 'does not include an Authorization header' do
expect(subject.send(:build_request_headers)['Authorization']).to be_nil
Copy link
Contributor Author

@solipet solipet May 8, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be able to call the private method Proofing::LexisNexis::Ddp::VerificationRequest#build_request_headers, I needed to rename Proofing::LexisNexis::Request#send to stop overriding Object#send

solipet
solipet commented May 8, 2023
View reviewed changes
app/services/proofing/lexis_nexis/request.rb
end

def send
def send_request
Copy link
Contributor Author

@solipet solipet May 8, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be able to call the private method Proofing::LexisNexis::Ddp::VerificationRequest#build_request_headers, I needed to rename Proofing::LexisNexis::Request#send to stop overriding Object#send

@solipet solipet requested review from a team and jmhooper May 8, 2023 21:28
eric-gade
eric-gade reviewed May 9, 2023
View reviewed changes
spec/services/proofing/lexis_nexis/ddp/verification_request_spec.rb
end

it 'does not include an Authorization header' do
expect(subject.send(:build_request_headers)['Authorization']).to be_nil
Copy link
Contributor

@eric-gade eric-gade May 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a little confused here -- shouldn't the header be the signed hmac value if the feature flat is set to true?

Copy link
Contributor Author

@solipet solipet May 9, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is for the DDP proofer - it includes the api key in the body of the message, so we don't need, and thus are explicitly removing, the auth header.

@solipet solipet merged commit 0b09057 into main May 9, 2023
@solipet solipet deleted the dprice-lg-8115-hmac-take-2 branch May 9, 2023 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@eric-gade eric-gade eric-gade left review comments

@jmhooper jmhooper jmhooper approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@solipet @jmhooper @eric-gade