Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ProgressiveProofer refactor 1/N: ThreatMetrix #11420

Merged
merged 5 commits into from
Nov 1, 2024
Merged

ProgressiveProofer refactor 1/N: ThreatMetrix #11420

merged 5 commits into from
Nov 1, 2024

Conversation

matthinz
Copy link
Member

@matthinz matthinz commented Oct 29, 2024
edited
Loading

🛠 Summary of changes

Ahead of integrating a new vendor into the ProgressiveProofer, I'm going to do a series of PRs that extract code for individual vendors out into separate files/classes. I'm calling these "plugins" because I think that will ultimately describe the kind of architecture we're going for here, but for now these are basically just the old proof_with_X_if_needed methods extracted out into a new class with a call method.

Right now, each plugin's call method lays out exactly what its dependencies are. Each plugin also gets its own spec file, mainly focused on these primary scenarios:

  • Remote unsupervised proofing
  • In-person proofing (residential address == id address)
  • In-person proofing (residential address != id address)

In some cases I am pulling spec code out of the existing ProgressiveProofer spec, and in some cases I am modifying it slightly to ensure it addresses the above scenarios.

This PR implements the first (and simplest) "plugin", which does the ThreatMetrix Session Query API call. There are not significant differences in implementation for the Remote and IPP flows here, and there's not really any "new" code being introduced--this is mostly moving existing code around.

See also

  • The "How Login.gov does identity resolution and validation" section of the Identity Verification Business Logic doc, which is essentially an breakdown explanation of what exactly the ProgressiveProofer is doing.
  • This RFC about pulling the ProgressiveProofer apart. This work corresponds roughly to the "Phase One" identified in the RFC.

📜 Testing Plan

Provide a checklist of steps to confirm the changes.

  • Intend to commit fraud (signaling this using the Mock device profiling behavior box on the SSN screen), run through IdV, and be successfully caught
  • Be pure of heart (also signaling this using the Mock device profiling behavior box on the SSN screen) and complete IdV successfully.

@matthinz
Refactor ThreatMetrix out into a plugin
66aa5f4 
For now, just take the proof_with_threatmetrix_if_needed method + deps and move into a different file.

[skip changelog]
@matthinz matthinz requested a review from a team October 29, 2024 18:29
matthinz
matthinz commented Oct 29, 2024
View reviewed changes
spec/services/proofing/resolution/progressive_proofer_spec.rb
it 'returns a ResultAdjudicator' do
expect(proof).to be_an_instance_of(Proofing::Resolution::ResultAdjudicator)
expect(proof.same_address_as_id).to eq(nil)
context 'remote unsupervised proofing' do
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This diff is a little messy, but my goal is to, at the end of this refactor, have two top level contexts here: remote unsupervised proofing and in-person proofing.

@aduth aduth requested a review from mdiarra3 October 29, 2024 20:18
mdiarra3
mdiarra3 approved these changes Oct 30, 2024
View reviewed changes
app/services/proofing/resolution/plugins/threat_metrix_plugin.rb
if IdentityConfig.store.lexisnexis_threatmetrix_mock_enabled
Proofing::Mock::DdpMockClient.new
else
Proofing::LexisNexis::Ddp::Proofer.new(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a heads up. Will be updating the config to add a "policy" attribute since we have decided for Authentication we will have a different policy. But otherwise. Taking a look this shouldn't affect our implementation much. may be a merge conflict depending on whats merged first.

matthinz and others added 2 commits October 30, 2024 12:27
@matthinz @zachmargolis
Update app/services/proofing/resolution/plugins/threat_metrix_plugin.rb
7d96842 
Co-authored-by: Zach Margolis <[email protected]>
@matthinz
Add sp_cost_count method to TMX plugin spec
083f8f5 
Allows much cleaner (1-line) checking of whether the plugin modifies cost counts
@matthinz matthinz mentioned this pull request Oct 30, 2024
Merged
6 tasks
This was referenced Oct 30, 2024
Merged
Merged
@matthinz matthinz merged commit 1767dd5 into main Nov 1, 2024
2 checks passed
@matthinz matthinz deleted the matthinz/prog-proofer-refactor-01-threatmetrix branch November 1, 2024 15:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdiarra3 mdiarra3 mdiarra3 approved these changes

@jmhooper jmhooper jmhooper approved these changes

@zachmargolis zachmargolis zachmargolis approved these changes

@n1zyy n1zyy n1zyy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@matthinz @n1zyy @zachmargolis @jmhooper @mdiarra3