From cb7856179082336539025fc7f652b5b2a87cdfc9 Mon Sep 17 00:00:00 2001 From: Matt Hinz Date: Tue, 19 Nov 2024 10:46:57 -0800 Subject: [PATCH] LG-15090: Update Socure config key names (#11512) * Change socure_enabled config to socure_docv_enabled Reduce potential confusion between doc auth and identity resolution Socure implementations [skip changelog] * socure_document_request_endpoint -> socure_docv_document_request_endpoint Maybe a little redundant, but it's (somewhat) consistent? * Remove socure_standard_capture_desktop_enabled Does not appear to be referenced anywhere * Remove socure_webhook_enabled does not appear to be referenced * socure_webhook_secret_key_queue -> socure_docv_webhook_secret_key_queue * socure_webhook_secret_key -> socure_docv_webhook_secret_key * let's get it sorted in here * normalize_yaml yaml is good --- .../socure/document_capture_controller.rb | 2 +- .../idv/socure/document_capture_controller.rb | 2 +- app/controllers/socure_webhook_controller.rb | 6 +++--- .../doc_auth/socure/requests/document_request.rb | 2 +- config/application.yml.default | 14 ++++++-------- lib/identity_config.rb | 10 ++++------ .../socure/document_capture_controller_spec.rb | 14 +++++++------- .../idv/socure/document_capture_controller_spec.rb | 14 +++++++------- spec/controllers/socure_webhook_controller_spec.rb | 12 ++++++------ spec/features/idv/doc_auth/hybrid_handoff_spec.rb | 6 +++--- spec/features/idv/hybrid_mobile/entry_spec.rb | 2 +- .../idv/hybrid_mobile/hybrid_mobile_spec.rb | 2 +- spec/services/doc_auth/socure/request_spec.rb | 2 +- .../socure/requests/document_request_spec.rb | 2 +- 14 files changed, 43 insertions(+), 47 deletions(-) diff --git a/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb index c62aab7201f..6dfd7980241 100644 --- a/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb +++ b/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb @@ -10,7 +10,7 @@ class DocumentCaptureController < ApplicationController include RenderConditionConcern include DocumentCaptureConcern - check_or_render_not_found -> { IdentityConfig.store.socure_enabled } + check_or_render_not_found -> { IdentityConfig.store.socure_docv_enabled } before_action :check_valid_document_capture_session, except: [:update] before_action -> { redirect_to_correct_vendor(Idp::Constants::Vendors::SOCURE, true) } diff --git a/app/controllers/idv/socure/document_capture_controller.rb b/app/controllers/idv/socure/document_capture_controller.rb index 8a67b633466..b93ec65334c 100644 --- a/app/controllers/idv/socure/document_capture_controller.rb +++ b/app/controllers/idv/socure/document_capture_controller.rb @@ -8,7 +8,7 @@ class DocumentCaptureController < ApplicationController include DocumentCaptureConcern include RenderConditionConcern - check_or_render_not_found -> { IdentityConfig.store.socure_enabled } + check_or_render_not_found -> { IdentityConfig.store.socure_docv_enabled } before_action :confirm_not_rate_limited before_action :confirm_step_allowed before_action -> { redirect_to_correct_vendor(Idp::Constants::Vendors::SOCURE, false) } diff --git a/app/controllers/socure_webhook_controller.rb b/app/controllers/socure_webhook_controller.rb index b30b14a6306..0d0354da7d1 100644 --- a/app/controllers/socure_webhook_controller.rb +++ b/app/controllers/socure_webhook_controller.rb @@ -4,7 +4,7 @@ class SocureWebhookController < ApplicationController include RenderConditionConcern skip_before_action :verify_authenticity_token - check_or_render_not_found -> { IdentityConfig.store.socure_enabled } + check_or_render_not_found -> { IdentityConfig.store.socure_docv_enabled } before_action :check_token before_action :check_socure_event @@ -65,12 +65,12 @@ def token_valid? def verify_current_key(authorization_header:) ActiveSupport::SecurityUtils.secure_compare( authorization_header, - IdentityConfig.store.socure_webhook_secret_key, + IdentityConfig.store.socure_docv_webhook_secret_key, ) end def verify_queue(authorization_header:) - IdentityConfig.store.socure_webhook_secret_key_queue.any? do |key| + IdentityConfig.store.socure_docv_webhook_secret_key_queue.any? do |key| ActiveSupport::SecurityUtils.secure_compare( authorization_header, key, diff --git a/app/services/doc_auth/socure/requests/document_request.rb b/app/services/doc_auth/socure/requests/document_request.rb index 5121e72c577..f214f8867c6 100644 --- a/app/services/doc_auth/socure/requests/document_request.rb +++ b/app/services/doc_auth/socure/requests/document_request.rb @@ -63,7 +63,7 @@ def method end def endpoint - IdentityConfig.store.socure_document_request_endpoint + IdentityConfig.store.socure_docv_document_request_endpoint end def metric_name diff --git a/config/application.yml.default b/config/application.yml.default index ad74721128a..a69b70d25ea 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -381,18 +381,16 @@ sign_in_user_id_per_ip_attempt_window_in_minutes: 720 sign_in_user_id_per_ip_attempt_window_max_minutes: 43_200 sign_in_user_id_per_ip_max_attempts: 50 skip_encryption_allowed_list: '["urn:gov:gsa:SAML:2.0.profiles:sp:sso:dev", "urn:gov:gsa:SAML:2.0.profiles:sp:sso:int"]' -socure_document_request_endpoint: '' -socure_enabled: false +socure_docv_document_request_endpoint: '' +socure_docv_enabled: false +socure_docv_webhook_secret_key: '' +socure_docv_webhook_secret_key_queue: '[]' socure_idplus_api_key: '' socure_idplus_base_url: '' socure_idplus_timeout_in_seconds: 5 socure_reason_code_api_key: '' socure_reason_code_base_url: '' socure_reason_code_timeout_in_seconds: 5 -socure_standard_capture_desktop_enabled: false -socure_webhook_enabled: false -socure_webhook_secret_key: '' -socure_webhook_secret_key_queue: '[]' sp_handoff_bounce_max_seconds: 2 sp_issuer_user_counts_report_configs: '[]' state_tracking_enabled: true @@ -593,8 +591,8 @@ test: session_encryption_key: 27bad3c25711099429c1afdfd1890910f3b59f5a4faec1c85e945cb8b02b02f261ba501d99cfbb4fab394e0102de6fecf8ffe260f322f610db3e96b2a775c120 short_term_phone_otp_max_attempts: 100 skip_encryption_allowed_list: '[]' - socure_webhook_secret_key: 'secret-key' - socure_webhook_secret_key_queue: '["old-key-one", "old-key-two"]' + socure_docv_webhook_secret_key: 'secret-key' + socure_docv_webhook_secret_key_queue: '["old-key-one", "old-key-two"]' team_ada_email: 'ada@example.com' team_all_login_emails: '["b@example.com", "c@example.com"]' team_daily_fraud_metrics_emails: '["g@example.com", "h@example.com"]' diff --git a/lib/identity_config.rb b/lib/identity_config.rb index 3de48d0a232..ea6d23bfc8d 100644 --- a/lib/identity_config.rb +++ b/lib/identity_config.rb @@ -413,18 +413,16 @@ def self.store config.add(:skip_encryption_allowed_list, type: :json) config.add(:recommend_webauthn_platform_for_sms_ab_test_account_creation_percent, type: :integer) config.add(:recommend_webauthn_platform_for_sms_ab_test_authentication_percent, type: :integer) - config.add(:socure_document_request_endpoint, type: :string) - config.add(:socure_enabled, type: :boolean) + config.add(:socure_docv_document_request_endpoint, type: :string) + config.add(:socure_docv_enabled, type: :boolean) + config.add(:socure_docv_webhook_secret_key_queue, type: :json) + config.add(:socure_docv_webhook_secret_key, type: :string) config.add(:socure_idplus_api_key, type: :string) config.add(:socure_idplus_base_url, type: :string) config.add(:socure_idplus_timeout_in_seconds, type: :integer) config.add(:socure_reason_code_api_key, type: :string) config.add(:socure_reason_code_base_url, type: :string) config.add(:socure_reason_code_timeout_in_seconds, type: :integer) - config.add(:socure_standard_capture_desktop_enabled, type: :boolean) - config.add(:socure_webhook_enabled, type: :boolean) - config.add(:socure_webhook_secret_key, type: :string) - config.add(:socure_webhook_secret_key_queue, type: :json) config.add(:sp_handoff_bounce_max_seconds, type: :integer) config.add(:sp_issuer_user_counts_report_configs, type: :json) config.add(:state_tracking_enabled, type: :boolean) diff --git a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb index 35c205101d2..60b77e84bdb 100644 --- a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb @@ -7,7 +7,7 @@ let(:fake_socure_endpoint) { 'https://fake-socure.test' } let(:user) { create(:user) } let(:stored_result) { nil } - let(:socure_enabled) { true } + let(:socure_docv_enabled) { true } let(:document_capture_session) do DocumentCaptureSession.create( @@ -18,9 +18,9 @@ let(:document_capture_session_uuid) { document_capture_session&.uuid } before do - allow(IdentityConfig.store).to receive(:socure_enabled). - and_return(socure_enabled) - allow(IdentityConfig.store).to receive(:socure_document_request_endpoint). + allow(IdentityConfig.store).to receive(:socure_docv_enabled). + and_return(socure_docv_enabled) + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). and_return(fake_socure_endpoint) allow(IdentityConfig.store).to receive(:doc_auth_vendor).and_return(idv_vendor) allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(idv_vendor) @@ -179,7 +179,7 @@ end context 'when socure is disabled' do - let(:socure_enabled) { false } + let(:socure_docv_enabled) { false } it 'the webhook route does not exist' do get(:show) @@ -212,7 +212,7 @@ } end before do - allow(IdentityConfig.store).to receive(:socure_document_request_endpoint). + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). and_return(fake_socure_endpoint) end it 'connection timeout still responds to user' do @@ -276,7 +276,7 @@ end context 'when socure is disabled' do - let(:socure_enabled) { false } + let(:socure_docv_enabled) { false } it 'the webhook route does not exist' do get(:update) diff --git a/spec/controllers/idv/socure/document_capture_controller_spec.rb b/spec/controllers/idv/socure/document_capture_controller_spec.rb index f0fc04b39e0..e431b493a6a 100644 --- a/spec/controllers/idv/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/socure/document_capture_controller_spec.rb @@ -17,7 +17,7 @@ attention_with_barcode: false, ) end - let(:socure_enabled) { true } + let(:socure_docv_enabled) { true } let(:document_capture_session) do DocumentCaptureSession.create( @@ -27,9 +27,9 @@ end before do - allow(IdentityConfig.store).to receive(:socure_enabled). - and_return(socure_enabled) - allow(IdentityConfig.store).to receive(:socure_document_request_endpoint). + allow(IdentityConfig.store).to receive(:socure_docv_enabled). + and_return(socure_docv_enabled) + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). and_return(fake_socure_endpoint) allow(IdentityConfig.store).to receive(:doc_auth_vendor).and_return(idv_vendor) allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(idv_vendor) @@ -194,7 +194,7 @@ end context 'when socure is disabled' do - let(:socure_enabled) { false } + let(:socure_docv_enabled) { false } it 'the webhook route does not exist' do get(:show) @@ -227,7 +227,7 @@ } end before do - allow(IdentityConfig.store).to receive(:socure_document_request_endpoint). + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). and_return(fake_socure_endpoint) end it 'connection timeout still responds to user' do @@ -313,7 +313,7 @@ end context 'when socure is disabled' do - let(:socure_enabled) { false } + let(:socure_docv_enabled) { false } it 'the webhook route does not exist' do get(:update) diff --git a/spec/controllers/socure_webhook_controller_spec.rb b/spec/controllers/socure_webhook_controller_spec.rb index ac6ea6373fc..a4f5ae0afce 100644 --- a/spec/controllers/socure_webhook_controller_spec.rb +++ b/spec/controllers/socure_webhook_controller_spec.rb @@ -6,7 +6,7 @@ describe 'POST /api/webhooks/socure/event' do let(:socure_secret_key) { 'this-is-a-secret' } let(:socure_secret_key_queue) { ['this-is-an-old-secret', 'this-is-an-older-secret'] } - let(:socure_enabled) { true } + let(:socure_docv_enabled) { true } let(:event_type) { 'TEST_WEBHOOK' } let(:event_docv_transaction_token) { 'TEST_WEBHOOK_TOKEN' } let(:customer_user_id) { '#1-customer' } @@ -32,12 +32,12 @@ end before do - allow(IdentityConfig.store).to receive(:socure_webhook_secret_key). + allow(IdentityConfig.store).to receive(:socure_docv_webhook_secret_key). and_return(socure_secret_key) - allow(IdentityConfig.store).to receive(:socure_webhook_secret_key_queue). + allow(IdentityConfig.store).to receive(:socure_docv_webhook_secret_key_queue). and_return(socure_secret_key_queue) - allow(IdentityConfig.store).to receive(:socure_enabled). - and_return(socure_enabled) + allow(IdentityConfig.store).to receive(:socure_docv_enabled). + and_return(socure_docv_enabled) allow(SocureDocvResultsJob).to receive(:perform_later) stub_analytics @@ -258,7 +258,7 @@ end context 'when socure webhook disabled' do - let(:socure_enabled) { false } + let(:socure_docv_enabled) { false } it 'the webhook route does not exist' do post :create, params: webhook_body diff --git a/spec/features/idv/doc_auth/hybrid_handoff_spec.rb b/spec/features/idv/doc_auth/hybrid_handoff_spec.rb index ed52c7441fa..f6a26076917 100644 --- a/spec/features/idv/doc_auth/hybrid_handoff_spec.rb +++ b/spec/features/idv/doc_auth/hybrid_handoff_spec.rb @@ -320,7 +320,7 @@ def verify_no_upload_photos_section_and_link(page) let(:sp_ipp_enabled) { true } let(:in_person_proofing_opt_in_enabled) { true } let(:facial_match_required) { true } - let(:socure_enabled) { false } + let(:socure_docv_enabled) { false } let(:doc_auth_vendor) { Idp::Constants::Vendors::MOCK } let(:desktop_test_mode_enabled) { false } let(:user) { user_with_2fa } @@ -331,7 +331,7 @@ def verify_no_upload_photos_section_and_link(page) service_provider.in_person_proofing_enabled = false service_provider.save! end - allow(IdentityConfig.store).to receive(:socure_enabled).and_return(socure_enabled) + allow(IdentityConfig.store).to receive(:socure_docv_enabled).and_return(socure_docv_enabled) allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(doc_auth_vendor) allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode). and_return(desktop_test_mode_enabled) @@ -362,7 +362,7 @@ def verify_no_upload_photos_section_and_link(page) let(:facial_match_required) { false } let(:in_person_proofing_opt_in_enabled) { false } let(:sp_ipp_enabled) { false } - let(:socure_enabled) { true } + let(:socure_docv_enabled) { true } let(:doc_auth_vendor) { Idp::Constants::Vendors::SOCURE } context 'when socure desktop test mode is not enabled' do diff --git a/spec/features/idv/hybrid_mobile/entry_spec.rb b/spec/features/idv/hybrid_mobile/entry_spec.rb index 4261ce82806..7a979138551 100644 --- a/spec/features/idv/hybrid_mobile/entry_spec.rb +++ b/spec/features/idv/hybrid_mobile/entry_spec.rb @@ -23,7 +23,7 @@ context 'valid link' do before do - allow(IdentityConfig.store).to receive(:socure_enabled).and_return(true) + allow(IdentityConfig.store).to receive(:socure_docv_enabled).and_return(true) end it 'puts the user on the document capture page' do diff --git a/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb index 5b53406d281..fe21fec28d4 100644 --- a/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb +++ b/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb @@ -10,7 +10,7 @@ before do allow(FeatureManagement).to receive(:doc_capture_polling_enabled?).and_return(true) - allow(IdentityConfig.store).to receive(:socure_enabled).and_return(true) + allow(IdentityConfig.store).to receive(:socure_docv_enabled).and_return(true) allow(IdentityConfig.store).to receive(:use_vot_in_sp_requests).and_return(true) allow(Telephony).to receive(:send_doc_auth_link).and_wrap_original do |impl, config| @sms_link = config[:link] diff --git a/spec/services/doc_auth/socure/request_spec.rb b/spec/services/doc_auth/socure/request_spec.rb index 10f2cc1fad1..bab8c1901f9 100644 --- a/spec/services/doc_auth/socure/request_spec.rb +++ b/spec/services/doc_auth/socure/request_spec.rb @@ -14,7 +14,7 @@ let(:fake_metric_name) { 'fake metric' } before do - allow(IdentityConfig.store).to receive(:socure_document_request_endpoint). + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). and_return(fake_socure_endpoint) allow(request).to receive(:endpoint).and_return(fake_socure_endpoint) allow(request).to receive(:metric_name).and_return(fake_metric_name) diff --git a/spec/services/doc_auth/socure/requests/document_request_spec.rb b/spec/services/doc_auth/socure/requests/document_request_spec.rb index 6635c856550..8eeafaced02 100644 --- a/spec/services/doc_auth/socure/requests/document_request_spec.rb +++ b/spec/services/doc_auth/socure/requests/document_request_spec.rb @@ -47,7 +47,7 @@ let(:fake_socure_status) { 200 } before do - allow(IdentityConfig.store).to receive(:socure_document_request_endpoint). + allow(IdentityConfig.store).to receive(:socure_docv_document_request_endpoint). and_return(fake_socure_endpoint) stub_request(:post, fake_socure_endpoint). to_return(