LG-11085 delete idv doc auth session (remote flow_session)#9282
Merged
soniaconnolly merged 5 commits intomainfrom Oct 2, 2023
Merged
LG-11085 delete idv doc auth session (remote flow_session)#9282soniaconnolly merged 5 commits intomainfrom
soniaconnolly merged 5 commits intomainfrom
Conversation
jmhooper
reviewed
Sep 28, 2023
| # personal keys are generated and stored in the session between requests, but are used | ||
| # to decrypt PII bundles, so we treat them similarly to the PII itself. | ||
| SENSITIVE_PATHS = [ | ||
| ['warden.user.user.session', 'idv/doc_auth'], |
Contributor
There was a problem hiding this comment.
This should be find since we are no longer writing anything to this path, much less PII.
Contributor
There was a problem hiding this comment.
The comment above this mentions idv/doc_auth and should probably be updated
1) it's not a hash, it's an Idv::Session; and 2) we use user_session[:idv] everywhere
soniaconnolly
commented
Sep 28, 2023
|
|
||
| def reset_doc_auth | ||
| user_session.delete('idv/doc_auth') | ||
| user_session['idv'] = {} |
Contributor
Author
There was a problem hiding this comment.
We cleared idv_session above in cancel_session where this is called, and user_session['idv'] is not a hash (it was only a hash in the FSM), and also we use user_session[:idv] everywhere else.
soniaconnolly
commented
Sep 28, 2023
Comment on lines
67
to
69
| idv_session = user_session[:idv] | ||
| idv_session&.clear | ||
| user_session['idv/in_person'] = {} |
Contributor
Author
There was a problem hiding this comment.
Could this method be merged with SessionsController#clear_session? (But not in this PR)
solipet
approved these changes
Oct 2, 2023
Contributor
solipet
left a comment
There was a problem hiding this comment.
LGTM!
Checked out the branch and ran through the test steps.
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎫 Ticket
LG-11085
🛠 Summary of changes
Delete last remaining references to remote flow_session accessed as
user_session['idv/doc_auth']. Remote flow_session is no longer in use, so this should not cause any 50/50 state issues. (But please let me know if you have any concerns!)Note to self: Notify deployer when this will be going out, just in case.
📜 Testing Plan