identity-oidc-sinatra icon indicating copy to clipboard operation
identity-oidc-sinatra copied to clipboard
verified publisher icon 18F

LG-12858 - Add new vtr option (enhanced ipp)

Open gina-yamada opened this issue 1 year ago • 1 comments

🛑 -- DO NOT MERGE- WAITING ON DEPENDENCY -- 🛑

All items in list must be complete before this can be merged:

  • [ ] Ensure dependency has been merged in and has been deployed to production

🎫 Ticket

LG-12858 Implementation: Add new Vector of Trust Option on Sinatra for F&F testing

🛠 Summary of changes

  • Set eipp_allowed in staging in oidc-sinatra*
  • Set eipp_allowed to false in all other environments in oidc-sinatra* * I think this is achieved. Please see changes in .env.example and config.rb
  • Added Enhanced In-Person Proofing option to the ial (level of service) drop down conditionally (to display in staging only)
  • Mapped new ial (enhanced-ipp-required) to vtr_values P1.Pe (P1 : Identity proofing is performed Pe :Enhanced proofing)
  • Mapped new ial to arc_value

📜 Testing Plan

  1. Pull down branch keithw/LG-13235-consume-eipp-data-from-sinatra from idp. Open file app/services/service_provider_request_handler.rb and add puts sp_session on the last line in initialize.
  2. Start server on branch keithw/LG-13235-consume-eipp-data-from-sinatra
  3. Pull down this branch locally.
  4. Open .env and ensure idp_environment is set to dev
  5. Start the server.
  6. Visit http://localhost:9292/
  7. Click on the Level of Service drop down. You should not see Enhanced In-Person Proofing as an option.
  8. Kill the server. Change the value of idp_environmentto staging. Start the server.
  9. Click on the Level of Service drop down. You should see Enhanced In-Person Proofing as an option now.
  10. Change the Level of Service drop down to Enhanced In-Person Proofing and click sign in.
  11. You should be taken to Login locally
  12. Inspect the identity-oidc-sinatra terminal. You should see the vtr (vector of trust contains value C1.P1.Pe (Pe= enhanced proofing) and that the ial is set to enhanced-ipp-required
  13. Inspect the identity-idp terminal for the log you set up in testing plan 1. You should see that vrt is added to the session (that is Keith's PR) and that ["C1.P1.Pe"] is set.
  14. Visit http://localhost:9292/ again.
  15. Confirm we are not changing existing behavior. Pick other options in the Level of Service drop down. Ensure that you are not seeing C1.P1.Pe value be passed in when Enhanced In-Person Proofing is not selected (ie you should see Pb for biometrics rather than Pe) and that the ial set is not enhanced-ipp-required. (Step 12 and 13)

gina-yamada avatar May 15 '24 16:05 gina-yamada

@KeithNava @eileen-nava I am re-requesting a review because I made what I think are fairly large changes to the conditional logic of the drop down. Pay extra attention to the last commit (see default_config func in config.rb). I think this is how we should go about this but not 100% confident. Please review and fire up again. The testing plan has been updated. Thanks!

gina-yamada avatar May 22 '24 21:05 gina-yamada

@eileen-nava @KeithNava This is ready for a final review! Sorry for the delay.

I updated the solution to use env variable set in Cloud.gov as suggested by @zachmargolis. 🙏 💯 I added screenshots above for each env so you can see how "eipp_allowed" is set in each environment. I also updated the testing instructions to fit this new approach.

I request review again primary to ensure how I am fetching that env variable is accurate. It should default to false (even though I set in all envs) and I am expecting it to come in as a string. I was using vtr_disabled as an example.

Thanks again.

gina-yamada avatar May 31 '24 19:05 gina-yamada