Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LG-15216 Handle password reset for in-person enrollments waiting for fraud review #11855

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

LG-15216 Handle password reset for in-person enrollments waiting for fraud review #11855

wants to merge 3 commits into from
+440 −58

Conversation

shanechesnutt-ft
Copy link
Contributor

@shanechesnutt-ft shanechesnutt-ft commented Feb 7, 2025
edited by WilliamBirdsall
Loading

🎫 Ticket

Link to the relevant ticket:
LG-15216

🛠 Summary of changes

Enable user's to not lose in-person enrollment progress after a password reset when the user in fraud review.

Changes Include:

  • New InPersonEnrollment status in_fraud_review
  • New metric for GetUspsProofingResultsJob enrollments_in_fraud_review
  • Update to the action account scripts to update relevant in-person enrollments base on result

📜 Testing Plan

In-Person Password Reset enabled

  • Set feature_pending_in_person_password_reset_enabled: true in application.yml.default

Scenario: Fraud review in-person enrollment and user password resets with personal key

  • Login through the oidc sinatra application selecting the Identity Verified level of service.
  • Create a new account
  • Complete the ID-IPP flow reaching the ready ssn page.
  • Mark the threat metrics as review on the ready ssn page.
  • Submit the ssn form.
  • Continue the ID-IPP flow reaching the ready to verify page.
  • Run the GetUspsProofingResultsJob
  • Ensure the enrollment is updated to have in_fraud_review status.
  • Ensure user is navigated to the LG-99 screen.
  • Logout
  • Reset the password of the user.
  • Login through the oidc sinatra application selecting the Identity Verified level of service.
  • Ensure user is prompted for personal key entry
  • Enter in user's personal key
  • Ensure user is navigated to the LG-99 screen

Scenario: Fraud review in-person enrollment and user password resets without personal key

  • Login through the oidc sinatra application selecting the Identity Verified level of service.
  • Create a new account
  • Complete the ID-IPP flow reaching the ready ssn page.
  • Mark the threat metrics as review on the ready ssn page.
  • Submit the ssn form.
  • Continue the ID-IPP flow reaching the ready to verify page.
  • Run the GetUspsProofingResultsJob
  • Ensure the enrollment is updated to have in_fraud_review status.
  • Ensure user is navigated to the LG-99 screen.
  • Logout
  • Reset the password of the user.
  • Login through the oidc sinatra application selecting the Identity Verified level of service.
  • Ensure user is prompted for personal key entry
  • Continue without a personal key
  • Ensure user is navigated to the welcome page
  • Click Continue on welcome page
  • Ensure enrollment is cancelled

Scenario: Fraud review in-person enrollment and user password resets before deployment

  • Login through the oidc sinatra application selecting the Identity Verified level of service.
  • Create a new account
  • Complete the ID-IPP flow reaching the ready ssn page.
  • Mark the threat metrics as review on the ready ssn page.
  • Submit the ssn form.
  • Continue the ID-IPP flow reaching the ready to verify page.
  • Run the GetUspsProofingResultsJob
  • Ensure the enrollment is updated to have passed status.
  • Ensure user is navigated to the LG-99 screen.
  • Logout
  • Login through the oidc sinatra application selecting the Identity Verified level of service.
  • Ensure user is navigated to the LG-99 screen.
  • Logout
  • Reset the password of the user.
  • Login through the oidc sinatra application selecting the Identity Verified level of service.
  • Ensure user is navigated to the welcome page

Scenario: Fraud review in-person enrollment and user has passed review

  • Login through the oidc sinatra application selecting the Identity Verified level of service.
  • Create a new account
  • Complete the ID-IPP flow reaching the ready ssn page.
  • Mark the threat metrics as review on the ready ssn page.
  • Submit the ssn form.
  • Continue the ID-IPP flow reaching the ready to verify page.
  • Run the GetUspsProofingResultsJob
  • Ensure the enrollment is updated to have in_fraud_review status.
  • Ensure user is navigated to the LG-99 screen.
  • Run the review-passed script bin/action-account review-passed <user_uuid>
  • Ensure the enrollment is updated to have passed status.
  • Ensure the user is prompted to activate their account.

Scenario: Fraud review in-person enrollment and user has failed review

  • Login through the oidc sinatra application selecting the Identity Verified level of service.
  • Create a new account
  • Complete the ID-IPP flow reaching the ready ssn page.
  • Mark the threat metrics as review on the ready ssn page.
  • Submit the ssn form.
  • Continue the ID-IPP flow reaching the ready to verify page.
  • Run the GetUspsProofingResultsJob
  • Ensure the enrollment is updated to have in_fraud_review status.
  • Ensure user is navigated to the LG-99 screen.
  • Run the review-reject script bin/action-account review-reject <user_uuid>
  • Ensure the enrollment is updated to have failed status.
  • Ensure the user is redirected to the unverified page.

In-Person Password Reset disabled

  • Set feature_pending_in_person_password_reset_enabled: false in application.yml.default

Scenario: Fraud review in-person enrollment and user password resets

  • Login through the oidc sinatra application selecting the Identity Verified level of service.
  • Create a new account
  • Complete the ID-IPP flow reaching the ready ssn page.
  • Mark the threat metrics as review on the ready ssn page.
  • Submit the ssn form.
  • Continue the ID-IPP flow reaching the ready to verify page.
  • Run the GetUspsProofingResultsJob
  • Ensure the enrollment is updated to have in_fraud_review status.
  • Ensure user is navigated to the LG-99 screen.
  • Logout
  • Login through the oidc sinatra application selecting the Identity Verified level of service.
  • Ensure user is navigated to the LG-99 screen.
  • Logout
  • Reset the password of the user.
  • Login through the oidc sinatra application selecting the Identity Verified level of service.
  • Ensure user is navigated to the welcome page

@shanechesnutt-ft shanechesnutt-ft requested review from a team and WilliamBirdsall February 7, 2025 19:33
@shanechesnutt-ft
LG-15216 Handle password reset for in-person enrollments in fraud review
7336c0a 
changelog: User-facing Improvement, In-person Proofing, Allow users to
perform a password reset on pending in-person profiles in fraud review
without losing progress if the user supplies their personal key.
@shanechesnutt-ft
Cancel in_fraud_review enrollments when user does not have personal key
b99adbd
@shanechesnutt-ft
Minor code clean up
4ccd4e7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WilliamBirdsall WilliamBirdsall Awaiting requested review from WilliamBirdsall WilliamBirdsall was automatically assigned from 18F/identity-joy-engineers

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@shanechesnutt-ft