Skip to content

LG-11085 delete idv doc auth session (remote flow_session) #9282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
soniaconnolly merged 5 commits into from
Oct 2, 2023
Merged

LG-11085 delete idv doc auth session (remote flow_session) #9282

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
4c7ae7e
Delete refs to 'idv/doc_auth' session
soniaconnolly Sep 20, 2023
a9b708a
Merge remote-tracking branch 'origin/main' into sonia-lg-11085-delete…
soniaconnolly Sep 28, 2023
28d0621
Changelog
soniaconnolly Sep 28, 2023
1f2a52f
Remove remaining references to 'idv/doc_auth in specs and a comment
soniaconnolly Sep 28, 2023
3c820c4
Remove ref to user_session['idv']
soniaconnolly Sep 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions app/controllers/idv/cancellations_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@ def cancel_session
idv_session = user_session[:idv]
idv_session&.clear
user_session['idv/in_person'] = {}
Comment on lines 67 to 69
Copy link
Contributor Author

@soniaconnolly soniaconnolly Sep 28, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this method be merged with SessionsController#clear_session? (But not in this PR)

reset_doc_auth
end
end

Expand All @@ -83,11 +82,6 @@ def location_params
params.permit(:step, :location).to_h.symbolize_keys
end

def reset_doc_auth
user_session.delete('idv/doc_auth')
user_session['idv'] = {}
Copy link
Contributor Author

@soniaconnolly soniaconnolly Sep 28, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We cleared idv_session above in cancel_session where this is called, and user_session['idv'] is not a hash (it was only a hash in the FSM), and also we use user_session[:idv] everywhere else.

end

def cancel_document_capture_session
document_capture_session&.update(cancelled_at: Time.zone.now)
end
Expand Down
1 change: 0 additions & 1 deletion app/controllers/idv/sessions_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ def cancel_in_person_enrollment_if_exists
end

def clear_session
user_session['idv/doc_auth'] = {}
user_session['idv/in_person'] = {}
idv_session.clear
Pii::Cacher.new(current_user, user_session).delete
Expand Down
3 changes: 1 addition & 2 deletions lib/session_encryptor.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,10 @@ class SensitiveValueError < StandardError; end
COMPRESSED_KEY = 'c'
VERSION_KEY = 'v'

# 'idv/doc_auth' and 'idv' are used during the proofing process and can contain PII
# 'idv/in_person' and 'idv' are used during the proofing process and can contain PII
# personal keys are generated and stored in the session between requests, but are used
# to decrypt PII bundles, so we treat them similarly to the PII itself.
SENSITIVE_PATHS = [
['warden.user.user.session', 'idv/doc_auth'],
Copy link
Contributor

@jmhooper jmhooper Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be find since we are no longer writing anything to this path, much less PII.

Copy link
Contributor

@matthinz matthinz Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment above this mentions idv/doc_auth and should probably be updated

['warden.user.user.session', 'idv/in_person'],
['warden.user.user.session', 'idv'],
['warden.user.user.session', 'personal_key'],
Expand Down
1 change: 0 additions & 1 deletion spec/controllers/idv/agreement_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
before do
stub_sign_in(user)
stub_analytics
subject.user_session['idv/doc_auth'] = {}
subject.idv_session.welcome_visited = true
allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args)
end
Expand Down
6 changes: 0 additions & 6 deletions spec/controllers/idv/cancellations_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,12 +207,6 @@
stub_sign_in(user)
end

it 'destroys session' do
expect(subject.user_session).to receive(:delete).with('idv/doc_auth')

delete :destroy
end

it 'renders template' do
delete :destroy

Expand Down
1 change: 0 additions & 1 deletion spec/controllers/idv/getting_started_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
before do
stub_sign_in(user)
stub_analytics
subject.user_session['idv/doc_auth'] = {}
allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args)
end

Expand Down
1 change: 0 additions & 1 deletion spec/controllers/idv/hybrid_handoff_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
stub_sign_in(user)
stub_analytics
stub_attempts_tracker
subject.user_session['idv/doc_auth'] = {}
subject.idv_session.idv_consent_given = true
allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args)
end
Expand Down
5 changes: 0 additions & 5 deletions spec/controllers/idv/sessions_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
before do
allow(idv_session).to receive(:clear)
allow(subject).to receive(:idv_session).and_return(idv_session)
controller.user_session['idv/doc_auth'] = flow_session
controller.user_session['idv/in_person'] = flow_session
controller.user_session[:decrypted_pii] = pii
end
Expand All @@ -29,10 +28,6 @@
delete :destroy
end

it 'clears the idv/doc_auth session' do
expect(controller.user_session['idv/doc_auth']).to be_blank
end

it 'clears the idv/in_person session' do
expect(controller.user_session['idv/in_person']).to be_blank
end
Expand Down
1 change: 0 additions & 1 deletion spec/controllers/idv/welcome_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
before do
stub_sign_in(user)
stub_analytics
subject.user_session['idv/doc_auth'] = {}
allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args)
end

Expand Down
8 changes: 4 additions & 4 deletions spec/lib/session_encryptor_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
it 'transparently encrypts/decrypts sensitive elements of the session' do
session = { 'warden.user.user.session' => {
'idv' => { 'ssn' => '666-66-6666' },
'idv/doc_auth' => { 'ssn' => '666-66-6666' },
'idv/in_person' => { 'ssn' => '666-66-6666' },
'other_value' => 42,
} }

Expand All @@ -28,7 +28,7 @@
expect(result).to eq(
{ 'warden.user.user.session' => {
'idv' => { 'ssn' => '666-66-6666' },
'idv/doc_auth' => { 'ssn' => '666-66-6666' },
'idv/in_person' => { 'ssn' => '666-66-6666' },
'other_value' => 42,
} },
)
Expand Down Expand Up @@ -71,7 +71,7 @@
it 'KMS encrypts/decrypts doc auth elements of the session' do
session = { 'warden.user.user.session' => {
'idv' => { 'ssn' => '666-66-6666' },
'idv/doc_auth' => { 'ssn' => '666-66-6666' },
'idv/in_person' => { 'ssn' => '666-66-6666' },
'other_value' => 42,
} }
ciphertext = subject.dump(session)
Expand All @@ -82,7 +82,7 @@
partially_decrypted_json = JSON.parse(partially_decrypted)

expect(partially_decrypted_json.fetch('warden.user.user.session')['idv']).to eq nil
expect(partially_decrypted_json.fetch('warden.user.user.session')['idv/doc_auth']).to eq nil
expect(partially_decrypted_json.fetch('warden.user.user.session')['idv/in_person']).to eq nil
expect(
partially_decrypted_json.fetch('sensitive_data'),
).to_not eq nil
Expand Down