LG-11463 Don't delete pii_from_doc and pii_from_user on VerifyInfo submission#9645
Merged
soniaconnolly merged 3 commits intomainfrom Nov 22, 2023
Merged
LG-11463 Don't delete pii_from_doc and pii_from_user on VerifyInfo submission#9645soniaconnolly merged 3 commits intomainfrom
soniaconnolly merged 3 commits intomainfrom
Conversation
This allows us to enable the browser back button from Phone -> VerifyInfo and further back, without risking that unvalidated user id data from the in person flow could be submitted on the remote flow. It prevents the path of pii_from_user -> applicant -> pii_from doc.
jmhooper
approved these changes
Nov 22, 2023
gina-yamada
reviewed
Nov 22, 2023
spec/features/idv/analytics_spec.rb
Outdated
Contributor
There was a problem hiding this comment.
Walked through this with Sonia. pii_from_user was deleted so same_address_as_id never got added via extra_analytics_properties. This change makes sense to me
…pii_from_user is still available [skip changelog] Co-authored-by: Gina Yamada <gina.yamada@gsa.gov>
soniaconnolly
force-pushed
the
sonia-lg-11463-keep-pii-from-doc
branch
from
ae12e45 to
ee1a120
Compare
18 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎫 Ticket
LG-11463
🛠 Summary of changes
Don't delete pii_from_doc and pii_from_user on VerifyInfo submission. This allows us to enable the browser back button from Phone -> VerifyInfo and further back, without risking that unvalidated user id data from the in person flow could be submitted on the remote flow. It prevents the path of pii_from_user -> applicant -> pii_from doc.
Currently, applicant is deleted in invalidate_steps_after_ssn! which is called from the remote and in_person ssn_controllers on successful ssn submission, which comes after document capture.
This needs to be deployed before the main PR for LG-11463 (#9636) is merged, to allow for the 50/50 state. In that PR, we ensure that applicant is deleted if earlier steps are submitted, which also prevents unverified data from being submitted on the remote flow.
📜 Testing Plan
/verify/ssnand/verify/verify_info(remote steps), expect not to be allowed (currently get redirected to DocumentCapture, can click back to go back to in person VerifyInfo)/verify/ssnand/verify/verify_info(completed remote steps), expect not to be allowed