Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create classes for tracking Attempts API events #11716

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Create classes for tracking Attempts API events #11716

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9c396e8
Create classes for tracking Attempts API events
mitchellhenke Jan 3, 2025
031b693
Add linting for tracker events
mitchellhenke Jan 7, 2025
8a0c392
use dashed name
mitchellhenke Jan 7, 2025
3f86703
use Hash#except to exclude :failure_reason
mitchellhenke Jan 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 88 additions & 0 deletions app/services/attempts_api/tracker.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
# frozen_string_literal: true

module AttemptsApi
class Tracker
attr_reader :session_id, :enabled_for_session, :request, :user, :sp, :cookie_device_uuid,
:sp_request_uri, :analytics

def initialize(session_id:, request:, user:, sp:, cookie_device_uuid:,
sp_request_uri:, enabled_for_session:, analytics:)
@session_id = session_id
@request = request
@user = user
@sp = sp
@cookie_device_uuid = cookie_device_uuid
@sp_request_uri = sp_request_uri
@enabled_for_session = enabled_for_session
@analytics = analytics
end
include TrackerEvents

def track_event(event_type, metadata = {})
return unless enabled?

if metadata.has_key?(:failure_reason) &&
(metadata[:failure_reason].blank? ||
metadata[:success].present?)
metadata.delete(:failure_reason)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we do metadata.dup so we're not mutating an input?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've replaced metadata.delete with using metadata.except which should have the same effect of creating a new hash.

end

event_metadata = {
user_agent: request&.user_agent,
unique_session_id: hashed_session_id,
user_uuid: sp && AgencyIdentityLinker.for(user: user, service_provider: sp)&.uuid,
device_fingerprint: hashed_cookie_device_uuid,
user_ip_address: request&.remote_ip,
application_url: sp_request_uri,
client_port: CloudFrontHeaderParser.new(request).client_port,
}

event_metadata.merge!(metadata)

event = AttemptEvent.new(
event_type: event_type,
session_id: session_id,
occurred_at: Time.zone.now,
event_metadata: event_metadata,
)

jwe = event.to_jwe(
issuer: sp.issuer,
public_key: sp.ssl_certs.first.public_key,
)

redis_client.write_event(
event_key: event.jti,
jwe: jwe,
timestamp: event.occurred_at,
issuer: sp.issuer,
)

event
end

def parse_failure_reason(result)
return result.to_h[:error_details] || result.errors.presence
end

private

def hashed_session_id
return nil unless user&.unique_session_id
Digest::SHA1.hexdigest(user&.unique_session_id)
mitchellhenke marked this conversation as resolved.
Show resolved Hide resolved
end

def hashed_cookie_device_uuid
return nil unless cookie_device_uuid
Digest::SHA1.hexdigest(cookie_device_uuid)
end

def enabled?
IdentityConfig.store.attempts_api_enabled && @enabled_for_session
end

def redis_client
@redis_client ||= AttemptsApi::RedisClient.new
end
end
end
16 changes: 16 additions & 0 deletions app/services/attempts_api/tracker_events.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# frozen_string_literal: true

module AttemptsApi
module TrackerEvents
# @param [String] email The submitted email address
# @param [Boolean] success True if the email and password matched
# A user has submitted an email address and password for authentication
def email_and_password_auth(email:, success:)
track_event(
:email_and_password_auth,
mitchellhenke marked this conversation as resolved.
Show resolved Hide resolved
email: email,
success: success,
)
end
end
end
1 change: 1 addition & 0 deletions config/application.yml.default
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ allowed_verified_within_providers: '[]'
asset_host: ''
async_stale_job_timeout_seconds: 300
async_wait_timeout_seconds: 60
attempts_api_enabled: false
attempts_api_event_ttl_seconds: 3_600
attribute_encryption_key:
attribute_encryption_key_queue: '[]'
Expand Down
1 change: 1 addition & 0 deletions lib/identity_config.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ def self.store
config.add(:async_stale_job_timeout_seconds, type: :integer)
config.add(:async_wait_timeout_seconds, type: :integer)
config.add(:attempts_api_event_ttl_seconds, type: :integer)
config.add(:attempts_api_enabled, type: :boolean)
config.add(:attribute_encryption_key, type: :string)
config.add(:attribute_encryption_key_queue, type: :json)
config.add(:available_locales, type: :comma_separated_string_list)
Expand Down
150 changes: 150 additions & 0 deletions spec/services/attempts_api/tracker_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
require 'rails_helper'

RSpec.describe AttemptsApi::Tracker do
before do
allow(IdentityConfig.store).to receive(:attempts_api_enabled)
.and_return(attempts_api_enabled)
allow(request).to receive(:user_agent).and_return('example/1.0')
allow(request).to receive(:remote_ip).and_return('192.0.2.1')
allow(request).to receive(:headers).and_return(
{ 'CloudFront-Viewer-Address' => '192.0.2.1:1234' },
)
end

let(:attempts_api_enabled) { true }
let(:session_id) { 'test-session-id' }
let(:enabled_for_session) { true }
let(:request) { instance_double(ActionDispatch::Request) }
let(:service_provider) { create(:service_provider) }
let(:cookie_device_uuid) { 'device_id' }
let(:sp_request_uri) { 'https://example.com/auth_page' }
let(:user) { create(:user) }
let(:analytics) { FakeAnalytics.new }

subject do
described_class.new(
session_id: session_id,
request: request,
user: user,
sp: service_provider,
cookie_device_uuid: cookie_device_uuid,
sp_request_uri: sp_request_uri,
enabled_for_session: enabled_for_session,
analytics: analytics,
)
end

describe '#track_event' do
it 'omit failure reason when success is true' do
freeze_time do
event = subject.track_event(:test_event, foo: :bar, success: true, failure_reason: nil)
expect(event.event_metadata).to_not have_key(:failure_reason)
end
end

it 'omit failure reason when failure_reason is blank' do
freeze_time do
event = subject.track_event(:test_event, foo: :bar, failure_reason: nil)
expect(event.event_metadata).to_not have_key(:failure_reason)
end
end

it 'should not omit failure reason when success is false and failure_reason is not blank' do
freeze_time do
event = subject.track_event(
:test_event, foo: :bar, success: false,
failure_reason: { foo: [:bar] }
)
expect(event.event_metadata).to have_key(:failure_reason)
expect(event.event_metadata).to have_key(:success)
end
end

it 'records the event in redis' do
freeze_time do
subject.track_event(:test_event, foo: :bar)

events = AttemptsApi::RedisClient.new.read_events(
timestamp: Time.zone.now,
issuer: service_provider.issuer,
)

expect(events.values.length).to eq(1)
end
end

it 'does not store events in plaintext in redis' do
freeze_time do
subject.track_event(:event, first_name: Idp::Constants::MOCK_IDV_APPLICANT[:first_name])

events = AttemptsApi::RedisClient.new.read_events(
timestamp: Time.zone.now,
issuer: service_provider.issuer,
)

expect(events.keys.first).to_not include('first_name')
expect(events.values.first).to_not include(Idp::Constants::MOCK_IDV_APPLICANT[:first_name])
end
end

context 'the current session is not an attempts API session' do
let(:enabled_for_session) { false }

it 'does not record any events in redis' do
freeze_time do
subject.track_event(:test_event, foo: :bar)

events = AttemptsApi::RedisClient.new.read_events(
timestamp: Time.zone.now,
issuer: service_provider.issuer,
)

expect(events.values.length).to eq(0)
end
end
end

context 'the attempts API is not enabled' do
let(:attempts_api_enabled) { false }

it 'does not record any events in redis' do
freeze_time do
subject.track_event(:test_event, foo: :bar)

events = AttemptsApi::RedisClient.new.read_events(
timestamp: Time.zone.now,
issuer: service_provider.issuer,
)

expect(events.values.length).to eq(0)
end
end
end
end

describe '#parse_failure_reason' do
let(:mock_error_message) { 'failure_reason_from_error' }
let(:mock_error_details) { [{ mock_error: 'failure_reason_from_error_details' }] }

it 'parses failure_reason from error_details' do
test_failure_reason = subject.parse_failure_reason(
{ errors: mock_error_message,
error_details: mock_error_details },
)

expect(test_failure_reason).to eq(mock_error_details)
end

it 'parses failure_reason from errors when no error_details present' do
mock_failure_reason = double(
'MockFailureReason',
errors: mock_error_message,
to_h: {},
)

test_failure_reason = subject.parse_failure_reason(mock_failure_reason)

expect(test_failure_reason).to eq(mock_error_message)
end
end
end