Class: SignIn::AttributeValidator

Inherits:

Object

• Object
• SignIn::AttributeValidator

Defined in:

app/services/sign_in/attribute_validator.rb

Instance Attribute Summary

• #address ⇒ Object readonly

  Returns the value of attribute address.

• #auto_uplevel ⇒ Object readonly

  Returns the value of attribute auto_uplevel.

• #birth_date ⇒ Object readonly

  Returns the value of attribute birth_date.

• #credential_email ⇒ Object readonly

  Returns the value of attribute credential_email.

• #current_ial ⇒ Object readonly

  Returns the value of attribute current_ial.

• #edipi ⇒ Object readonly

  Returns the value of attribute edipi.

• #first_name ⇒ Object readonly

  Returns the value of attribute first_name.

• #idme_uuid ⇒ Object readonly

  Returns the value of attribute idme_uuid.

• #last_name ⇒ Object readonly

  Returns the value of attribute last_name.

• #logingov_uuid ⇒ Object readonly

  Returns the value of attribute logingov_uuid.

• #mhv_correlation_id ⇒ Object readonly

  Returns the value of attribute mhv_correlation_id.

• #mhv_icn ⇒ Object readonly

  Returns the value of attribute mhv_icn.

• #service_name ⇒ Object readonly

  Returns the value of attribute service_name.

• #ssn ⇒ Object readonly

  Returns the value of attribute ssn.

Instance Method Summary

• #add_mpi_user ⇒ Object private
• #attribute_mismatch_check(type, credential_attribute, mpi_attribute, prevent_auth: false) ⇒ Object private
• #check_id_mismatch(id_array, id_description, code) ⇒ Object private
• #check_lock_flag(attribute, attribute_description, code) ⇒ Object private
• #credential_attribute_check(type, credential_attribute) ⇒ Object private
• #credential_uuid ⇒ Object private
• #dslogon_auth? ⇒ Boolean private
• #handle_error(error_message, error_code, error: nil) ⇒ Object private
• #initialize(user_attributes:) ⇒ AttributeValidator constructor

  A new instance of AttributeValidator.

• #loa ⇒ Object private
• #mhv_auth? ⇒ Boolean private
• #mpi_record_exists? ⇒ Boolean private
• #mpi_response_profile ⇒ Object private
• #mpi_service ⇒ Object private
• #perform ⇒ Object
• #scrub_attribute(attribute) ⇒ Object private
• #sign_in_logger ⇒ Object private
• #update_mpi_correlation_record ⇒ Object private
• #user_attribute_mismatch_checks ⇒ Object private
• #validate_credential_attributes ⇒ Object private
• #validate_existing_mpi_attributes ⇒ Object private
• #validate_mhv_mpi_record ⇒ Object private
• #verified_credential? ⇒ Boolean private
• #verified_icn ⇒ Object private

Constructor Details

#initialize(user_attributes:) ⇒ AttributeValidator

Returns a new instance of AttributeValidator.

# File 'app/services/sign_in/attribute_validator.rb', line 20

def initialize(user_attributes:)
  @idme_uuid = user_attributes[:idme_uuid]
  @logingov_uuid = user_attributes[:logingov_uuid]
  @auto_uplevel = user_attributes[:auto_uplevel]
  @current_ial = user_attributes[:current_ial]
  @service_name = user_attributes[:service_name]
  @first_name = user_attributes[:first_name]
  @last_name = user_attributes[:last_name]
  @birth_date = user_attributes[:birth_date]
  @credential_email = user_attributes[:csp_email]
  @address = user_attributes[:address]
  @ssn = user_attributes[:ssn]
  @mhv_icn = user_attributes[:mhv_icn]
  @edipi = user_attributes[:edipi]
  @mhv_correlation_id = user_attributes[:mhv_correlation_id]
end

Instance Attribute Details

#address ⇒ Object (readonly)

Returns the value of attribute address.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def address
  @address
end

#auto_uplevel ⇒ Object (readonly)

Returns the value of attribute auto_uplevel.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def auto_uplevel
  @auto_uplevel
end

#birth_date ⇒ Object (readonly)

Returns the value of attribute birth_date.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def birth_date
  @birth_date
end

#credential_email ⇒ Object (readonly)

Returns the value of attribute credential_email.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def credential_email
  @credential_email
end

#current_ial ⇒ Object (readonly)

Returns the value of attribute current_ial.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def current_ial
  @current_ial
end

#edipi ⇒ Object (readonly)

Returns the value of attribute edipi.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def edipi
  @edipi
end

#first_name ⇒ Object (readonly)

Returns the value of attribute first_name.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def first_name
  @first_name
end

#idme_uuid ⇒ Object (readonly)

Returns the value of attribute idme_uuid.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def idme_uuid
  @idme_uuid
end

#last_name ⇒ Object (readonly)

Returns the value of attribute last_name.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def last_name
  @last_name
end

#logingov_uuid ⇒ Object (readonly)

Returns the value of attribute logingov_uuid.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def logingov_uuid
  @logingov_uuid
end

#mhv_correlation_id ⇒ Object (readonly)

Returns the value of attribute mhv_correlation_id.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def mhv_correlation_id
  @mhv_correlation_id
end

#mhv_icn ⇒ Object (readonly)

Returns the value of attribute mhv_icn.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def mhv_icn
  @mhv_icn
end

#service_name ⇒ Object (readonly)

Returns the value of attribute service_name.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def service_name
  @service_name
end

#ssn ⇒ Object (readonly)

Returns the value of attribute ssn.

# File 'app/services/sign_in/attribute_validator.rb', line 5

def ssn
  @ssn
end

Instance Method Details

#add_mpi_user ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 66

def add_mpi_user
  add_person_response = mpi_service.add_person_implicit_search(first_name:,
                                                               last_name:,
                                                               ssn:,
                                                               birth_date:,
                                                               email: credential_email,
                                                               address:,
                                                               idme_uuid:,
                                                               logingov_uuid:)
  unless add_person_response.ok?
    handle_error('User MPI record cannot be created',
                 Constants::ErrorCode::GENERIC_EXTERNAL_ISSUE,
                 error: Errors::MPIUserCreationFailedError)
  end
end

#attribute_mismatch_check(type, credential_attribute, mpi_attribute, prevent_auth: false) ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 129

def attribute_mismatch_check(type, credential_attribute, mpi_attribute, prevent_auth: false)
  return unless mpi_attribute

  if scrub_attribute(credential_attribute) != scrub_attribute(mpi_attribute)
    error = prevent_auth ? Errors::AttributeMismatchError : nil
    handle_error("Attribute mismatch, #{type} in credential does not match MPI attribute",
                 Constants::ErrorCode::GENERIC_EXTERNAL_ISSUE,
                 error:)
  end
end

#check_id_mismatch(id_array, id_description, code) ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 157

def check_id_mismatch(id_array, id_description, code)
  if id_array && id_array.compact.uniq.size > 1
    handle_error("User attributes contain multiple distinct #{id_description} values",
                 code,
                 error: Errors::MPIMalformedAccountError)
  end
end

#check_lock_flag(attribute, attribute_description, code) ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 153

def check_lock_flag(attribute, attribute_description, code)
  handle_error("#{attribute_description} Detected", code, error: Errors::MPILockedAccountError) if attribute
end

#credential_attribute_check(type, credential_attribute) ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 121

def credential_attribute_check(type, credential_attribute)
  return if credential_attribute.present?

  handle_error("Missing attribute in credential: #{type}",
               Constants::ErrorCode::GENERIC_EXTERNAL_ISSUE,
               error: Errors::CredentialMissingAttributeError)
end

#credential_uuid ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 193

def credential_uuid
  @credential_uuid ||= idme_uuid || logingov_uuid
end

#dslogon_auth? ⇒ Boolean (private)

Returns:

• (Boolean)

# File 'app/services/sign_in/attribute_validator.rb', line 213

def dslogon_auth?
  service_name == Constants::Auth::DSLOGON
end

#handle_error(error_message, error_code, error: nil) ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 165

def handle_error(error_message, error_code, error: nil)
  sign_in_logger.info('attribute validator error', { errors: error_message,
                                                     credential_uuid:,
                                                     mhv_icn:,
                                                     type: service_name }.compact)
  raise error.new message: error_message, code: error_code if error
end

#loa ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 205

def loa
  @loa ||= { current: Constants::Auth::LOA_THREE, highest: Constants::Auth::LOA_THREE }
end

#mhv_auth? ⇒ Boolean (private)

Returns:

• (Boolean)

# File 'app/services/sign_in/attribute_validator.rb', line 209

def mhv_auth?
  service_name == Constants::Auth::MHV
end

#mpi_record_exists? ⇒ Boolean (private)

Returns:

• (Boolean)

# File 'app/services/sign_in/attribute_validator.rb', line 197

def mpi_record_exists?
  mpi_response_profile.present?
end

#mpi_response_profile ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 173

def mpi_response_profile
  @mpi_response_profile ||=
    if mhv_correlation_id
      mpi_service.find_profile_by_identifier(identifier: mhv_correlation_id,
                                             identifier_type: MPI::Constants::MHV_UUID)&.profile
    elsif idme_uuid
      mpi_service.find_profile_by_identifier(identifier: idme_uuid,
                                             identifier_type: MPI::Constants::IDME_UUID)&.profile
    elsif logingov_uuid
      mpi_service.find_profile_by_identifier(identifier: logingov_uuid,
                                             identifier_type: MPI::Constants::LOGINGOV_UUID)&.profile
    elsif mhv_icn
      mpi_service.find_profile_by_identifier(identifier: mhv_icn, identifier_type: MPI::Constants::ICN)&.profile
    end
end

#mpi_service ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 201

def mpi_service
  @mpi_service ||= MPI::Service.new
end

#perform ⇒ Object

# File 'app/services/sign_in/attribute_validator.rb', line 37

def perform
  return unless verified_credential?

  validate_credential_attributes

  if mhv_auth?
    validate_mhv_mpi_record
    validate_existing_mpi_attributes
  elsif mpi_record_exists?
    validate_existing_mpi_attributes
    update_mpi_correlation_record
  else
    add_mpi_user
    validate_existing_mpi_attributes
  end

  verified_icn
end

#scrub_attribute(attribute) ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 140

def scrub_attribute(attribute)
  attribute.tr('-', '').downcase
end

#sign_in_logger ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 221

def sign_in_logger
  @sign_in_logger = Logger.new(prefix: self.class)
end

#update_mpi_correlation_record ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 82

def update_mpi_correlation_record
  return if auto_uplevel

  user_attribute_mismatch_checks
  update_profile_response = mpi_service.update_profile(last_name:,
                                                       ssn:,
                                                       birth_date:,
                                                       icn: verified_icn,
                                                       email: credential_email,
                                                       address:,
                                                       idme_uuid:,
                                                       logingov_uuid:,
                                                       edipi:,
                                                       first_name:)
  unless update_profile_response&.ok?
    handle_error('User MPI record cannot be updated', Constants::ErrorCode::GENERIC_EXTERNAL_ISSUE)
  end
end

#user_attribute_mismatch_checks ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 101

def user_attribute_mismatch_checks
  attribute_mismatch_check(:first_name, first_name, mpi_response_profile.given_names.first)
  attribute_mismatch_check(:last_name, last_name, mpi_response_profile.family_name)
  attribute_mismatch_check(:birth_date, birth_date, mpi_response_profile.birth_date)
  attribute_mismatch_check(:ssn, ssn, mpi_response_profile.ssn, prevent_auth: true)
end

#validate_credential_attributes ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 108

def validate_credential_attributes
  if mhv_auth?
    credential_attribute_check(:icn, mhv_icn)
    credential_attribute_check(:mhv_uuid, mhv_correlation_id)
  else
    credential_attribute_check(:dslogon_uuid, edipi) if dslogon_auth?
    credential_attribute_check(:last_name, last_name) unless auto_uplevel
    credential_attribute_check(:birth_date, birth_date) unless auto_uplevel
  end
  credential_attribute_check(:uuid, logingov_uuid || idme_uuid)
  credential_attribute_check(:email, credential_email)
end

#validate_existing_mpi_attributes ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 58

def validate_existing_mpi_attributes
  check_lock_flag(mpi_response_profile.id_theft_flag, 'Theft Flag', Constants::ErrorCode::MPI_LOCKED_ACCOUNT)
  check_lock_flag(mpi_response_profile.deceased_date, 'Death Flag', Constants::ErrorCode::MPI_LOCKED_ACCOUNT)
  check_id_mismatch(mpi_response_profile.edipis, 'EDIPI', Constants::ErrorCode::MULTIPLE_EDIPI)
  check_id_mismatch(mpi_response_profile.mhv_iens, 'MHV_ID', Constants::ErrorCode::MULTIPLE_MHV_IEN)
  check_id_mismatch(mpi_response_profile.participant_ids, 'CORP_ID', Constants::ErrorCode::MULTIPLE_CORP_ID)
end

#validate_mhv_mpi_record ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 144

def validate_mhv_mpi_record
  unless mpi_response_profile
    handle_error('No MPI Record for MHV Account',
                 Constants::ErrorCode::GENERIC_EXTERNAL_ISSUE,
                 error: Errors::MHVMissingMPIRecordError)
  end
  attribute_mismatch_check(:icn, mhv_icn, verified_icn)
end

#verified_credential? ⇒ Boolean (private)

Returns:

• (Boolean)

# File 'app/services/sign_in/attribute_validator.rb', line 217

def verified_credential?
  current_ial == Constants::Auth::IAL_TWO
end

#verified_icn ⇒ Object (private)

# File 'app/services/sign_in/attribute_validator.rb', line 189

def verified_icn
  @verified_icn ||= mpi_response_profile.icn
end