Conversation
app/services/idv/session.rb
Outdated
There was a problem hiding this comment.
As far as I can tell this acts like an ivar, but since this object represents a session it resulted in the PII actually being written to the session. Thankfully the entirety of the idv session is encrypted so this PII is encrypted.
app/services/idv/session.rb
Outdated
There was a problem hiding this comment.
This wrote the PII to the Idv session as decrypted_pii. At this point the PII was available as decrypted_pii and pii in the IdV session. Later in the old implementation of move_pii_to_user_session the decrypted_pii value was deleted from the IdV session and copied over into the user session.
I cannot explain any of this but I'm reasonably confident none of it is necessary.
…ecrypted_pii` This `#save_decrypted_pii_json` method consumed a JSON PII object and wrote it into the session under the `decrypted_pii` key. This method was called in 2 places: - The `ReactivateAccountController` - The `Idv::Session` In `ReactivateAccountController` the PII is available as `Pii::Attributes` and is converted to JSON to enable a call to `#save_decrypted_pii_json`. In the `Idv::Session` the PII is available as `Pii::Attributes`, but prior to this commit underwent quite the Rube Goldberg process to find it's way into a JSON string that was then written to the session. This commit changes `save_decrypted_pii_json` to be `save_decrypted_pii` and take a `Pii::Attributes` instead of a JSON string argument. This will make it easier to implement a version of this method that handles multiple profiles when we start encrypting both the active and pending profile in the session. changelog: Internal, PII session encryption, The Pii::Cacher#save_decrypted_pii_json was modified to be the Pii:Cacher#save_decrypted_pii.
jmhooper
force-pushed
the
jmhooper-remove-save-decrypted-pii-json
branch
from
60aecf9 to
484c7b3
Compare
soniaconnolly
left a comment
soniaconnolly
left a comment
There was a problem hiding this comment.
LGTM, thanks for sorting this out. I've been puzzled by it but haven't dug in.
2 participants
The
#save_decrypted_pii_jsonmethod consumed a JSON PII object and wrote it into the session under thedecrypted_piikey.This method was called in 2 places:
ReactivateAccountControllerIdv::SessionIn
ReactivateAccountControllerthe PII is available asPii::Attributesand is converted to JSON to enable a call to#save_decrypted_pii_json.In the
Idv::Sessionthe PII is available asPii::Attributes, but prior to this commit underwent quite the Rube Goldberg process to find it's way into a JSON string that was then written to the session bysave_decrypted_pii_json.This commit changes
save_decrypted_pii_jsonto besave_decrypted_piiand take aPii::Attributesinstead of a JSON string argument. This will make it easier to implement a version of this method that handles multiple profiles when we start encrypting both the active and pending profile in the session.This commit also short circuits the Rube Goldberg machine in
Idv::Sessionand simply writes the attributes to the user session when the profile is created.