diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index e60d2e4a39..0483917792 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -70,6 +70,7 @@ def process_one_login_authentication_callback onelogin_uid: omniauth_hash.uid, onelogin_user_info:, onelogin_credentials:, + onelogin_auth_at: Time.now, logged_in_with_onelogin: true ) journey_session.save! @@ -91,13 +92,18 @@ def process_one_login_identity_verification_callback(core_identity_jwt) return redirect_to "/auth/failure?strategy=onelogin&message=access_denied&origin=#{origin}" end - first_name, surname = extract_name_from_jwt(core_identity_jwt) + first_name, last_name, date_of_birth = extract_data_from_jwt(core_identity_jwt) journey_session.answers.assign_attributes( - identity_confirmed_with_onelogin: true + identity_confirmed_with_onelogin: true, + onelogin_idv_at: Time.now, + onelogin_idv_first_name: first_name, + onelogin_idv_last_name: last_name, + onelogin_idv_date_of_birth: date_of_birth ) journey_session.answers.first_name ||= first_name - journey_session.answers.surname ||= surname + journey_session.answers.surname ||= last_name + journey_session.answers.date_of_birth ||= date_of_birth journey_session.save! redirect_to( @@ -108,17 +114,20 @@ def process_one_login_identity_verification_callback(core_identity_jwt) ) end - def extract_name_from_jwt(jwt) + def extract_data_from_jwt(jwt) if OneLoginSignIn.bypass? first_name = "TEST" - surname = "USER" + last_name = "USER" + date_of_birth = Date.new(1970, 1, 1) else validator = OneLogin::CoreIdentityValidator.new(jwt:) validator.call first_name = validator.first_name - surname = validator.surname + last_name = validator.last_name + date_of_birth = validator.date_of_birth end - [first_name, surname] + + [first_name, last_name, date_of_birth] end def test_user_auth_hash diff --git a/app/models/claim.rb b/app/models/claim.rb index 135f4f87a9..df7ea95da9 100644 --- a/app/models/claim.rb +++ b/app/models/claim.rb @@ -83,6 +83,12 @@ class Claim < ApplicationRecord logged_in_with_onelogin: false, onelogin_credentials: true, onelogin_user_info: true, + onelogin_uid: true, + onelogin_auth_at: false, + onelogin_idv_at: false, + onelogin_idv_first_name: true, + onelogin_idv_last_name: true, + onelogin_idv_date_of_birth: true, paye_reference: true, practitioner_email_address: true, provider_contact_name: true diff --git a/app/models/journeys/session_answers.rb b/app/models/journeys/session_answers.rb index 709655849e..4d2711d9b8 100644 --- a/app/models/journeys/session_answers.rb +++ b/app/models/journeys/session_answers.rb @@ -39,6 +39,13 @@ class SessionAnswers attribute :onelogin_user_info, default: {} attribute :onelogin_credentials, default: {} attribute :onelogin_uid, :string + + attribute :onelogin_idv_first_name, :string + attribute :onelogin_idv_last_name, :string + attribute :onelogin_idv_date_of_birth, :date + + attribute :onelogin_auth_at, :datetime + attribute :onelogin_idv_at, :datetime attribute :email_address_check, :boolean attribute :mobile_check, :string attribute :qualifications_details_check, :boolean diff --git a/app/models/one_login/core_identity_validator.rb b/app/models/one_login/core_identity_validator.rb index 0b31a2015a..6adcae864c 100644 --- a/app/models/one_login/core_identity_validator.rb +++ b/app/models/one_login/core_identity_validator.rb @@ -13,10 +13,14 @@ def first_name name_parts.find { |part| part["type"] == "GivenName" }["value"] end - def surname + def last_name name_parts.find { |part| part["type"] == "FamilyName" }["value"] end + def date_of_birth + Date.parse(decoded_jwt[0]["vc"]["credentialSubject"]["birthDate"][0]["value"]) + end + private def name_parts diff --git a/config/analytics.yml b/config/analytics.yml index f46111dadd..ad12c5150b 100644 --- a/config/analytics.yml +++ b/config/analytics.yml @@ -76,6 +76,8 @@ shared: - journeys_session_id - identity_confirmed_with_onelogin - logged_in_with_onelogin + - onelogin_auth_at + - onelogin_idv_at :decisions: - id - result diff --git a/config/analytics_blocklist.yml b/config/analytics_blocklist.yml index ac734c1f16..df4942ffd7 100644 --- a/config/analytics_blocklist.yml +++ b/config/analytics_blocklist.yml @@ -31,6 +31,10 @@ - paye_reference - practitioner_email_address - provider_contact_name + - onelogin_uid + - onelogin_idv_first_name + - onelogin_idv_last_name + - onelogin_idv_date_of_birth :claim_decisions: - trn - claimant_age diff --git a/db/migrate/20240904150711_add_onelogin_idv_to_claims.rb b/db/migrate/20240904150711_add_onelogin_idv_to_claims.rb new file mode 100644 index 0000000000..b20b69a64c --- /dev/null +++ b/db/migrate/20240904150711_add_onelogin_idv_to_claims.rb @@ -0,0 +1,10 @@ +class AddOneloginIdvToClaims < ActiveRecord::Migration[7.0] + def change + add_column :claims, :onelogin_uid, :text + add_column :claims, :onelogin_auth_at, :datetime + add_column :claims, :onelogin_idv_at, :datetime + add_column :claims, :onelogin_idv_first_name, :text + add_column :claims, :onelogin_idv_last_name, :text + add_column :claims, :onelogin_idv_date_of_birth, :date + end +end diff --git a/db/schema.rb b/db/schema.rb index 9e6740d5c2..b1ed675783 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.0].define(version: 2024_09_04_105917) do +ActiveRecord::Schema[7.0].define(version: 2024_09_04_150711) do # These are extensions that must be enabled in order to support this database enable_extension "citext" enable_extension "pg_trgm" @@ -105,6 +105,12 @@ t.string "paye_reference" t.string "practitioner_email_address" t.string "provider_contact_name" + t.text "onelogin_uid" + t.datetime "onelogin_auth_at" + t.datetime "onelogin_idv_at" + t.text "onelogin_idv_first_name" + t.text "onelogin_idv_last_name" + t.date "onelogin_idv_date_of_birth" t.index ["academic_year"], name: "index_claims_on_academic_year" t.index ["created_at"], name: "index_claims_on_created_at" t.index ["eligibility_type", "eligibility_id"], name: "index_claims_on_eligibility_type_and_eligibility_id" diff --git a/spec/forms/journeys/further_education_payments/claim_submission_form_spec.rb b/spec/forms/journeys/further_education_payments/claim_submission_form_spec.rb index eb1f96d6da..26a11b5540 100644 --- a/spec/forms/journeys/further_education_payments/claim_submission_form_spec.rb +++ b/spec/forms/journeys/further_education_payments/claim_submission_form_spec.rb @@ -35,6 +35,13 @@ expect(claim.onelogin_credentials).to eq(answers.onelogin_credentials) expect(claim.onelogin_user_info).to eq(answers.onelogin_user_info) + expect(claim.onelogin_uid).to eql(answers.onelogin_uid) + expect(claim.onelogin_auth_at).to eql(answers.onelogin_auth_at) + expect(claim.onelogin_idv_at).to eql(answers.onelogin_idv_at) + expect(claim.onelogin_idv_first_name).to eql(answers.onelogin_idv_first_name) + expect(claim.onelogin_idv_last_name).to eql(answers.onelogin_idv_last_name) + expect(claim.onelogin_idv_date_of_birth).to eql(answers.onelogin_idv_date_of_birth) + expect(eligibility.award_amount).to eq(answers.award_amount) expect(eligibility.teacher_reference_number).to eq(answers.teacher_reference_number) expect(eligibility.teaching_responsibilities).to eq(answers.teaching_responsibilities) diff --git a/spec/models/claim_spec.rb b/spec/models/claim_spec.rb index 8ff0154012..3342b81d5d 100644 --- a/spec/models/claim_spec.rb +++ b/spec/models/claim_spec.rb @@ -605,6 +605,10 @@ :column_to_remove_teacher_reference_number, :onelogin_credentials, :onelogin_user_info, + :onelogin_uid, + :onelogin_idv_first_name, + :onelogin_idv_last_name, + :onelogin_idv_date_of_birth, :paye_reference, :practitioner_email_address, :provider_contact_name diff --git a/spec/models/one_login/core_identity_validator_spec.rb b/spec/models/one_login/core_identity_validator_spec.rb index 651fe5b345..189c3bd725 100644 --- a/spec/models/one_login/core_identity_validator_spec.rb +++ b/spec/models/one_login/core_identity_validator_spec.rb @@ -37,6 +37,48 @@ end end + describe "#first_name" do + before do + stub_normal_did + + travel_to(Time.at(1723548751)) do + subject.call + end + end + + it "returns first name" do + expect(subject.first_name).to eql("KENNETH") + end + end + + describe "#last_name" do + before do + stub_normal_did + + travel_to(Time.at(1723548751)) do + subject.call + end + end + + it "returns last name" do + expect(subject.last_name).to eql("DECERQUEIRA") + end + end + + describe "#date_of_birth" do + before do + stub_normal_did + + travel_to(Time.at(1723548751)) do + subject.call + end + end + + it "returns date of birth" do + expect(subject.date_of_birth).to eql(Date.new(1965, 7, 8)) + end + end + let(:stub_normal_did) do return_headers = { "Cache-Control" => "max-age=3600, private" diff --git a/spec/requests/admin_allocations_spec.rb b/spec/requests/admin/admin_allocations_spec.rb similarity index 100% rename from spec/requests/admin_allocations_spec.rb rename to spec/requests/admin/admin_allocations_spec.rb diff --git a/spec/requests/admin_amendments_spec.rb b/spec/requests/admin/admin_amendments_spec.rb similarity index 100% rename from spec/requests/admin_amendments_spec.rb rename to spec/requests/admin/admin_amendments_spec.rb diff --git a/spec/requests/admin_authentication_spec.rb b/spec/requests/admin/admin_authentication_spec.rb similarity index 100% rename from spec/requests/admin_authentication_spec.rb rename to spec/requests/admin/admin_authentication_spec.rb diff --git a/spec/requests/admin_claims_spec.rb b/spec/requests/admin/admin_claims_spec.rb similarity index 100% rename from spec/requests/admin_claims_spec.rb rename to spec/requests/admin/admin_claims_spec.rb diff --git a/spec/requests/admin_concurrent_sessions_spec.rb b/spec/requests/admin/admin_concurrent_sessions_spec.rb similarity index 100% rename from spec/requests/admin_concurrent_sessions_spec.rb rename to spec/requests/admin/admin_concurrent_sessions_spec.rb diff --git a/spec/requests/admin_configure_services_spec.rb b/spec/requests/admin/admin_configure_services_spec.rb similarity index 100% rename from spec/requests/admin_configure_services_spec.rb rename to spec/requests/admin/admin_configure_services_spec.rb diff --git a/spec/requests/admin_decisions_spec.rb b/spec/requests/admin/admin_decisions_spec.rb similarity index 100% rename from spec/requests/admin_decisions_spec.rb rename to spec/requests/admin/admin_decisions_spec.rb diff --git a/spec/requests/admin_notes_spec.rb b/spec/requests/admin/admin_notes_spec.rb similarity index 100% rename from spec/requests/admin_notes_spec.rb rename to spec/requests/admin/admin_notes_spec.rb diff --git a/spec/requests/admin_page_spec.rb b/spec/requests/admin/admin_page_spec.rb similarity index 100% rename from spec/requests/admin_page_spec.rb rename to spec/requests/admin/admin_page_spec.rb diff --git a/spec/requests/admin_payment_confirmation_report_upload_spec.rb b/spec/requests/admin/admin_payment_confirmation_report_upload_spec.rb similarity index 100% rename from spec/requests/admin_payment_confirmation_report_upload_spec.rb rename to spec/requests/admin/admin_payment_confirmation_report_upload_spec.rb diff --git a/spec/requests/admin_payroll_gender_tasks_spec.rb b/spec/requests/admin/admin_payroll_gender_tasks_spec.rb similarity index 100% rename from spec/requests/admin_payroll_gender_tasks_spec.rb rename to spec/requests/admin/admin_payroll_gender_tasks_spec.rb diff --git a/spec/requests/admin_payroll_run_downloads_spec.rb b/spec/requests/admin/admin_payroll_run_downloads_spec.rb similarity index 100% rename from spec/requests/admin_payroll_run_downloads_spec.rb rename to spec/requests/admin/admin_payroll_run_downloads_spec.rb diff --git a/spec/requests/admin_payroll_run_payments_spec.rb b/spec/requests/admin/admin_payroll_run_payments_spec.rb similarity index 100% rename from spec/requests/admin_payroll_run_payments_spec.rb rename to spec/requests/admin/admin_payroll_run_payments_spec.rb diff --git a/spec/requests/admin_payroll_runs_spec.rb b/spec/requests/admin/admin_payroll_runs_spec.rb similarity index 100% rename from spec/requests/admin_payroll_runs_spec.rb rename to spec/requests/admin/admin_payroll_runs_spec.rb diff --git a/spec/requests/admin_school_workforce_data_upload_spec.rb b/spec/requests/admin/admin_school_workforce_data_upload_spec.rb similarity index 100% rename from spec/requests/admin_school_workforce_data_upload_spec.rb rename to spec/requests/admin/admin_school_workforce_data_upload_spec.rb diff --git a/spec/requests/admin_sessions_spec.rb b/spec/requests/admin/admin_sessions_spec.rb similarity index 100% rename from spec/requests/admin_sessions_spec.rb rename to spec/requests/admin/admin_sessions_spec.rb diff --git a/spec/requests/admin_static_pages_spec.rb b/spec/requests/admin/admin_static_pages_spec.rb similarity index 100% rename from spec/requests/admin_static_pages_spec.rb rename to spec/requests/admin/admin_static_pages_spec.rb diff --git a/spec/requests/admin_student_loans_data_upload_spec.rb b/spec/requests/admin/admin_student_loans_data_upload_spec.rb similarity index 100% rename from spec/requests/admin_student_loans_data_upload_spec.rb rename to spec/requests/admin/admin_student_loans_data_upload_spec.rb diff --git a/spec/requests/admin_support_tickets_spec.rb b/spec/requests/admin/admin_support_tickets_spec.rb similarity index 100% rename from spec/requests/admin_support_tickets_spec.rb rename to spec/requests/admin/admin_support_tickets_spec.rb diff --git a/spec/requests/admin_tasks_spec.rb b/spec/requests/admin/admin_tasks_spec.rb similarity index 100% rename from spec/requests/admin_tasks_spec.rb rename to spec/requests/admin/admin_tasks_spec.rb diff --git a/spec/requests/admin_timeout_spec.rb b/spec/requests/admin/admin_timeout_spec.rb similarity index 100% rename from spec/requests/admin_timeout_spec.rb rename to spec/requests/admin/admin_timeout_spec.rb diff --git a/spec/requests/admin_tps_data_upload_spec.rb b/spec/requests/admin/admin_tps_data_upload_spec.rb similarity index 100% rename from spec/requests/admin_tps_data_upload_spec.rb rename to spec/requests/admin/admin_tps_data_upload_spec.rb diff --git a/spec/requests/admin_undo_decisions_spec.rb b/spec/requests/admin/admin_undo_decisions_spec.rb similarity index 100% rename from spec/requests/admin_undo_decisions_spec.rb rename to spec/requests/admin/admin_undo_decisions_spec.rb diff --git a/spec/requests/omniauth_callbacks_controller_spec.rb b/spec/requests/omniauth_callbacks_controller_spec.rb index 650131c767..d04111a37a 100644 --- a/spec/requests/omniauth_callbacks_controller_spec.rb +++ b/spec/requests/omniauth_callbacks_controller_spec.rb @@ -167,6 +167,14 @@ def set_mock_auth(trn) get auth_onelogin_path }.to change { journey_session.reload.answers.onelogin_uid }.from(nil).to("12345") end + + it "sets timestamp onelogin_auth_at" do + journey_session = Journeys::FurtherEducationPayments::Session.last + + expect { + get auth_onelogin_path + }.to change { journey_session.reload.answers.onelogin_auth_at }.from(nil).to(be_within(10.seconds).of(Time.now)) + end end context "idv step" do @@ -190,7 +198,7 @@ def set_mock_auth(trn) OneLogin::CoreIdentityValidator, call: nil, first_name: "John", - surname: "Doe" + last_name: "Doe" ) allow(OneLogin::CoreIdentityValidator).to receive(:new).and_return(validator_double) @@ -199,6 +207,29 @@ def set_mock_auth(trn) expect(response).to redirect_to("http://www.example.com/auth/failure?strategy=onelogin&message=access_denied&origin=http://www.example.com/further-education-payments/sign-in") end + + it "sets timestamp onelogin_idv_* variables" do + journey_session = Journeys::FurtherEducationPayments::Session.last + journey_session.answers.onelogin_uid = "12345" + journey_session.save! + + validator_double = double( + OneLogin::CoreIdentityValidator, + call: nil, + first_name: "John", + last_name: "Doe", + date_of_birth: Date.new(1970, 12, 13) + ) + + allow(OneLogin::CoreIdentityValidator).to receive(:new).and_return(validator_double) + + expect { + get auth_onelogin_path + }.to change { journey_session.reload.answers.onelogin_idv_at }.from(nil).to(be_within(10.seconds).of(Time.now)) + .and change { journey_session.reload.answers.onelogin_idv_first_name }.from(nil).to("John") + .and change { journey_session.reload.answers.onelogin_idv_last_name }.from(nil).to("Doe") + .and change { journey_session.reload.answers.onelogin_idv_date_of_birth }.from(nil).to(Date.new(1970, 12, 13)) + end end end end