LG-11535 Encrypt the pending and active profile when a user updates their password

app/forms/update_user_password_form.rb

@@ -24,23 +24,26 @@ def submit(params)
 
   def process_valid_submission
     update_user_password
-    encrypt_user_profile_if_active
+    encrypt_user_profiles
   end
 
   def update_user_password
     attributes = { password: password }
     UpdateUser.new(user: user, attributes: attributes).call
   end
 
-  def encrypt_user_profile_if_active
-    active_profile = user.active_profile
-    return if active_profile.blank?
+  def encrypt_user_profiles
+    return if user.active_or_pending_profile.blank?
 
-    encryptor.call
+    encryptor.encrypt
   end
 
   def encryptor
-    @encryptor ||= ActiveProfileEncryptor.new(user, user_session, password)
+    @encryptor ||= UserProfilesEncryptor.new(
+      user: user,
+      user_session: user_session,
+      password: password,
+    )
   end
 
   def extra_analytics_attributes

app/services/user_profiles_encryptor.rb

@@ -0,0 +1,28 @@
+class UserProfilesEncryptor
+  attr_reader :personal_key
+
+  def initialize(user:, user_session:, password:)
+    @user = user
+    @user_session = user_session
+    @password = password
+  end
+
+  def encrypt
+    if user.active_profile.present?
+      encrypt_pii_for_profile(user.active_profile)
+    end
+    if user.pending_profile.present?
+      encrypt_pii_for_profile(user.pending_profile)
+    end
+  end
+
+  private
+
+  attr_reader :user, :password, :user_session
+
+  def encrypt_pii_for_profile(profile)
+    pii = Pii::Cacher.new(user, user_session).fetch(profile.id)
+    @personal_key = profile.encrypt_pii(pii, password)
+    profile.save!
+  end
+end

spec/controllers/users/passwords_controller_spec.rb

@@ -48,6 +48,7 @@
         stub_sign_in(user)
         Pii::Cacher.new(user, controller.user_session).save_decrypted_pii(
           Pii::Attributes.new(ssn: '111-222-3333'),
+          user.active_profile.id,
         )
 
         params = {

spec/forms/update_user_password_form_spec.rb

@@ -34,7 +34,7 @@
         }
 
         expect(UpdateUser).not_to receive(:new)
-        expect(ActiveProfileEncryptor).not_to receive(:new)
+        expect(UserProfilesEncryptor).not_to receive(:new)
         expect(subject.submit(params).to_h).to include(
           success: false,
           errors: errors,
@@ -70,17 +70,21 @@
     context 'when the user has an active profile' do
       let(:profile) { create(:profile, :active, :verified, pii: { ssn: '1234' }) }
       let(:user) { profile.user }
-      let(:user_session) { { decrypted_pii: { ssn: '1234' }.to_json } }
+      let(:user_session) { {} }
+
+      before do
+        Pii::Cacher.new(user, user_session).save_decrypted_pii({ ssn: '1234' }, profile.id)
+      end
 
       it 'encrypts the active profile' do
-        encryptor = instance_double(ActiveProfileEncryptor)
-        allow(ActiveProfileEncryptor).to receive(:new).
-          with(user, user_session, password).and_return(encryptor)
-        allow(encryptor).to receive(:call)
+        encryptor = instance_double(UserProfilesEncryptor)
+        allow(UserProfilesEncryptor).to receive(:new).
+          with(user: user, user_session: user_session, password: password).and_return(encryptor)
+        allow(encryptor).to receive(:encrypt)
 
         subject.submit(params)
 
-        expect(encryptor).to have_received(:call)
+        expect(encryptor).to have_received(:encrypt)
       end
 
       it 'logs that the user has an active profile' do
@@ -96,11 +100,21 @@
     context 'the user has a pending profile' do
       let(:profile) { create(:profile, :verify_by_mail_pending, :verified, pii: { ssn: '1234' }) }
       let(:user) { profile.user }
+      let(:user_session) { {} }
 
-      it 'does not call ActiveProfileEncryptor' do
-        expect(ActiveProfileEncryptor).to_not receive(:new)
+      before do
+        Pii::Cacher.new(user, user_session).save_decrypted_pii({ ssn: '1234' }, profile.id)
+      end
+
+      it 'encrypts the pending profile' do
+        encryptor = instance_double(UserProfilesEncryptor)
+        allow(UserProfilesEncryptor).to receive(:new).
+          with(user: user, user_session: user_session, password: password).and_return(encryptor)
+        allow(encryptor).to receive(:encrypt)
 
         subject.submit(params)
+
+        expect(encryptor).to have_received(:encrypt)
       end
 
       it 'logs that the user has a pending profile' do
@@ -114,8 +128,8 @@
     end
 
     context 'when the user does not have a profile' do
-      it 'does not call ActiveProfileEncryptor' do
-        expect(ActiveProfileEncryptor).to_not receive(:new)
+      it 'does not call UserProfilesEncryptor' do
+        expect(UserProfilesEncryptor).to_not receive(:new)
 
         subject.submit(params)
       end

spec/services/user_profiles_encryptor_spec.rb

@@ -0,0 +1,121 @@
+require 'rails_helper'
+
+RSpec.describe UserProfilesEncryptor do
+  describe '#call' do
+    let(:user_session) { {}.with_indifferent_access }
+    let(:pii) { Pii::Attributes.new(ssn: '1234') }
+    let(:profile) { create(:profile, :active, :verified, pii: pii.to_h) }
+    let(:user) { profile.user }
+    let(:password) { 'a new and incredibly exciting password' }
+
+    before do
+      Pii::Cacher.new(user, user_session).save_decrypted_pii(pii, profile.id)
+    end
+
+    context 'when the user has an active profile' do
+      it 'encrypts the PII for the active profile with the password' do
+        encryptor = UserProfilesEncryptor.new(
+          user: user,
+          user_session: user_session,
+          password: password,
+        )
+        encryptor.encrypt
+
+        profile.reload
+
+        personal_key = PersonalKeyGenerator.new(user).normalize(encryptor.personal_key)
+
+        decrypted_profile_pii = profile.decrypt_pii(password)
+        decrypted_profile_recovery_pii = profile.recover_pii(personal_key)
+
+        expect(pii).to eq(decrypted_profile_pii)
+        expect(pii).to eq(decrypted_profile_recovery_pii)
+        expect(user.valid_personal_key?(personal_key)).to eq(true)
+      end
+    end
+
+    context 'when the user has a pending profile' do
+      let(:profile) { create(:profile, :verify_by_mail_pending, :verified, pii: pii.to_h) }
+
+      it 'encrypts the PII for the pending profile with the password' do
+        encryptor = UserProfilesEncryptor.new(
+          user: user,
+          user_session: user_session,
+          password: password,
+        )
+        encryptor.encrypt
+
+        profile.reload
+
+        personal_key = PersonalKeyGenerator.new(user).normalize(encryptor.personal_key)
+
+        decrypted_profile_pii = profile.decrypt_pii(password)
+        decrypted_profile_recovery_pii = profile.recover_pii(personal_key)
+
+        expect(pii).to eq(decrypted_profile_pii)
+        expect(pii).to eq(decrypted_profile_recovery_pii)
+        expect(user.valid_personal_key?(personal_key)).to eq(true)
+      end
+    end
+
+    context 'when the user has an active and a pending profile' do
+      let(:active_pii) { pii }
+      let(:active_profile) { profile }
+      let(:pending_pii) { Pii::Attributes.new(ssn: '5555') }
+      let(:pending_profile) do
+        create(
+          :profile,
+          :verify_by_mail_pending,
+          :verified,
+          pii: pending_pii.to_h,
+          user: user,
+        )
+      end
+
+      before do
+        Pii::Cacher.new(user, user_session).save_decrypted_pii(pending_pii, pending_profile.id)
+      end
+
+      it 'encrypts the PII for both profiles with the password' do
+        encryptor = UserProfilesEncryptor.new(
+          user: user,
+          user_session: user_session,
+          password: password,
+        )
+        encryptor.encrypt
+
+        active_profile.reload
+        pending_profile.reload
+
+        decrypted_active_profile_pii = active_profile.decrypt_pii(password)
+        decrypted_pending_profile_pii = pending_profile.decrypt_pii(password)
+
+        expect(decrypted_active_profile_pii).to eq(active_pii)
+        expect(decrypted_pending_profile_pii).to eq(pending_pii)
+      end
+
+      it 'sets the pending profile personal key as the personal key' do
+        encryptor = UserProfilesEncryptor.new(
+          user: user,
+          user_session: user_session,
+          password: password,
+        )
+        encryptor.encrypt
+
+        active_profile.reload
+        pending_profile.reload
+
+        personal_key = PersonalKeyGenerator.new(user).normalize(encryptor.personal_key)
+
+        expect do
+          active_profile.recover_pii(personal_key)
+        end.to raise_error(Encryption::EncryptionError)
+
+        decrypted_pending_profile_recovery_pii = pending_profile.recover_pii(personal_key)
+        expect(decrypted_pending_profile_recovery_pii).to eq(pending_pii)
+
+        expect(user.valid_personal_key?(personal_key)).to eq(true)
+      end
+    end
+  end
+end