From 19d77d315d425e6158515928eda095cb15ddaba0 Mon Sep 17 00:00:00 2001 From: Sonia Connolly Date: Wed, 22 Nov 2023 08:19:42 -0800 Subject: [PATCH 1/3] Don't delete pii_from_doc and pii_from_user on VerifyInfo submission This allows us to enable the browser back button from Phone -> VerifyInfo and further back, without risking that unvalidated user id data from the in person flow could be submitted on the remote flow. It prevents the path of pii_from_user -> applicant -> pii_from doc. --- app/controllers/concerns/idv/verify_info_concern.rb | 8 -------- 1 file changed, 8 deletions(-) diff --git a/app/controllers/concerns/idv/verify_info_concern.rb b/app/controllers/concerns/idv/verify_info_concern.rb index 2421aafd1c4..fb2e23a0efa 100644 --- a/app/controllers/concerns/idv/verify_info_concern.rb +++ b/app/controllers/concerns/idv/verify_info_concern.rb @@ -315,14 +315,6 @@ def move_applicant_to_idv_session idv_session.applicant = pii idv_session.applicant[:ssn] = idv_session.ssn idv_session.applicant['uuid'] = current_user.uuid - delete_pii - end - - def delete_pii - idv_session.pii_from_doc = nil - if defined?(flow_session) # no longer defined for remote flow - flow_session.delete(:pii_from_user) - end end def add_proofing_costs(results) From ee1a120882555ceed9c6ac7cac4fa9414228551d Mon Sep 17 00:00:00 2001 From: Sonia Connolly Date: Wed, 22 Nov 2023 09:38:52 -0800 Subject: [PATCH 2/3] Allow :same_address_as_id to be logged in proofing results now that :pii_from_user is still available [skip changelog] Co-authored-by: Gina Yamada --- spec/features/idv/analytics_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/features/idv/analytics_spec.rb b/spec/features/idv/analytics_spec.rb index 744fa2bbc33..f21ab9a8cd7 100644 --- a/spec/features/idv/analytics_spec.rb +++ b/spec/features/idv/analytics_spec.rb @@ -412,7 +412,7 @@ analytics_id: 'In Person Proofing', step: 'verify', flow_path: 'standard', irs_reproofing: false, same_address_as_id: false, getting_started_ab_test_bucket: :welcome_default, phone_question_ab_test_bucket: :bypass_phone_question, phone_with_camera: nil, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil }, 'IdV: doc auth verify proofing results' => { - success: true, errors: {}, flow_path: 'standard', address_edited: false, address_line2_present: false, analytics_id: 'In Person Proofing', ssn_is_unique: true, step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, getting_started_ab_test_bucket: :welcome_default, phone_question_ab_test_bucket: :bypass_phone_question, phone_with_camera: nil, irs_reproofing: false, skip_hybrid_handoff: nil, + success: true, errors: {}, flow_path: 'standard', address_edited: false, address_line2_present: false, analytics_id: 'In Person Proofing', ssn_is_unique: true, step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, getting_started_ab_test_bucket: :welcome_default, phone_question_ab_test_bucket: :bypass_phone_question, phone_with_camera: nil, irs_reproofing: false, same_address_as_id: false, skip_hybrid_handoff: nil, proofing_results: { exception: nil, timed_out: false, threatmetrix_review_status: 'pass', context: { device_profiling_adjudication_reason: 'device_profiling_result_pass', resolution_adjudication_reason: 'pass_resolution_and_state_id', should_proof_state_id: true, stages: { resolution: { success: true, errors: {}, exception: nil, timed_out: false, transaction_id: 'resolution-mock-transaction-id-123', reference: 'aaa-bbb-ccc', can_pass_with_additional_verification: false, attributes_requiring_additional_verification: [], vendor_name: 'ResolutionMock', vendor_workflow: nil }, residential_address: { errors: {}, exception: nil, reference: 'aaa-bbb-ccc', success: true, timed_out: false, transaction_id: 'resolution-mock-transaction-id-123', can_pass_with_additional_verification: false, attributes_requiring_additional_verification: [], vendor_name: 'ResolutionMock', vendor_workflow: nil }, state_id: { success: true, errors: {}, exception: nil, mva_exception: nil, timed_out: false, transaction_id: 'state-id-mock-transaction-id-456', vendor_name: 'StateIdMock', verified_attributes: [], state: 'MT', state_id_jurisdiction: 'ND', state_id_number: '#############' }, threatmetrix: threatmetrix_response } } } }, 'IdV: phone confirmation form' => { From e53f3b755b27f8be5a15f599ef0e74786af7c602 Mon Sep 17 00:00:00 2001 From: Sonia Connolly Date: Wed, 22 Nov 2023 11:29:29 -0800 Subject: [PATCH 3/3] Don't repeat the start of the flow in verify_info specs, hoping they'll be less flaky --- spec/features/idv/doc_auth/verify_info_step_spec.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/spec/features/idv/doc_auth/verify_info_step_spec.rb b/spec/features/idv/doc_auth/verify_info_step_spec.rb index 182f6544011..7b1f9a706be 100644 --- a/spec/features/idv/doc_auth/verify_info_step_spec.rb +++ b/spec/features/idv/doc_auth/verify_info_step_spec.rb @@ -350,8 +350,7 @@ context 'async missing' do it 'allows resubmitting form' do - sign_in_and_2fa_user(user) - complete_doc_auth_steps_before_verify_step + complete_ssn_step allow(DocumentCaptureSession).to receive(:find_by). and_return(nil) @@ -386,8 +385,7 @@ context 'async timed out' do it 'allows resubmitting form' do - sign_in_and_2fa_user(user) - complete_doc_auth_steps_before_verify_step + complete_ssn_step allow(DocumentCaptureSession).to receive(:find_by). and_return(nil)