Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[VI-762] Properly managing UserVerification creating during SSOe auth flow #19456

Merged
merged 1 commit into from
Nov 15, 2024
Merged

[VI-762] Properly managing UserVerification creating during SSOe auth flow #19456

merged 1 commit into from
Nov 15, 2024

Conversation

bosawt
Copy link
Contributor

@bosawt bosawt commented Nov 13, 2024
edited
Loading

Summary

  • This PR creates a UserVerification object before the User object has been persisted on SSOe authentications
  • This prevents an issue where a User object potentially stored a related (but technically incorrect) UserVerification for that authenticated session'

Related issue(s)

Testing done

  • Logged in with verified DSLogon user, checked user.user_verification and noted the returned object
  • Logged in with a new LOA1 id.me user that had the same email as the DSLogon user, checked user.user_verification and confirmed the new UserVerification was associated with the id.me credential, not the DSLogon credential

What areas of the site does it impact?

Authentication

Acceptance criteria

  • Before PR changes, authenticate with a DSLogon user, in a rails console, check user.user_verification
  • Create an ID.me loa1 account that has the same email as the DSLogon account, so that the ID.me uuids are the same for both accoutns
  • Authenticate with the new ID.me loa1 account, confirm that user.user_verification is associated with the DSLogon account, NOT the ID.me account
  • Follow the above steps with PR changes, confirm that the user.user_verification of the ID.me loa1 user is the proper ID.me account

@bosawt bosawt requested a review from a team as a code owner November 13, 2024 23:26
@va-vfs-bot va-vfs-bot temporarily deployed to vi_762_recache_user_model_attributes/main/main November 13, 2024 23:29 Inactive
@bosawt bosawt force-pushed the vi_762_recache_user_model_attributes branch from c552034 to 9027610 Compare November 15, 2024 00:04
@bosawt bosawt changed the title [VI-762] Fully destroying User redis on login so that specific fields don't persist between logins [VI-762] Properly managing UserVerification creating during SSOe auth flow Nov 15, 2024
@va-vfs-bot va-vfs-bot temporarily deployed to vi_762_recache_user_model_attributes/main/main November 15, 2024 00:10 Inactive
@bosawt bosawt force-pushed the vi_762_recache_user_model_attributes branch from 9027610 to 984d1d2 Compare November 15, 2024 00:14
@va-vfs-bot va-vfs-bot temporarily deployed to vi_762_recache_user_model_attributes/main/main November 15, 2024 00:19 Inactive
joeniquette
joeniquette approved these changes Nov 15, 2024
View reviewed changes
Copy link
Contributor

@joeniquette joeniquette left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we cant test this locally, specs appear to have passed. Will schedule staging testing once the code is merged and get ready for a revert if we detect issues in the lower environments.

@bosawt bosawt merged commit b150d7c into master Nov 15, 2024
27 checks passed
@bosawt bosawt deleted the vi_762_recache_user_model_attributes branch November 15, 2024 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joeniquette joeniquette joeniquette approved these changes

Assignees
No one assigned
Labels
omit-backend-approval ready-for-backend-review test-passing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bosawt @joeniquette @va-vfs-bot