Modify the SP requirement for IdV to require the SP to request verification#9663
Merged
Modify the SP requirement for IdV to require the SP to request verification#9663
Conversation
In #4634 we restricted the identity verification process to require a service provider for a user to undergo proofing. This commit added other features like a `idv_sp_required` for configuring this behavior to be enabled or disabled. This commit required an SP to be present but did not require the SP to actually request verification. This commit changes the code so that `IalContext` is invoked to check if verification was in fact requested. This way users can't go to an SP that does not require verification and start the verification process by navigating to `/verify`. changelog: User-Facing Improvements, SP IdV Requirement, Users can only undergo proofing if the SP IAL context is for identity verification or greater.
jmhooper
changed the title
| it 'begins the proofing process if the user has a profile' do | ||
| create(:profile, :verified, user: user) | ||
| get :index | ||
| expect(response).to redirect_to idv_welcome_url |
Contributor
There was a problem hiding this comment.
It looks like this says if an SP is required but not present, and the user already has a verified profile, they restart proofing. Is that correct? I would expect it not to proof if they're already verified.
Contributor
Author
There was a problem hiding this comment.
The profile is verified, but not active. The logic allows a user who has gone through proofing before to go through proofing again without an SP requesting IdV for them. This enables things like proofing again after resetting a password without a personal key.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In #4634 we restricted the identity verification process to require a service provider for a user to undergo proofing. This commit added other features like a
idv_sp_requiredfor configuring this behavior to be enabled or disabled. This change required an SP to be present but did not require the SP to actually request verification.This commit changes the code so that
IalContextis invoked to check if verification was in fact requested. This way users can't go to an SP that does not require verification and start the verification process by navigating to/verify.