changes user.fingerprint to request.remote_ip for better accuracy (#1…

…2878)
department-of-veterans-affairs · Jun 5, 2023 · 343ade3 · 343ade3
1 parent 86c4e4e
commit 343ade3
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 15 deletions.
diff --git a/app/controllers/concerns/sign_in/authentication.rb b/app/controllers/concerns/sign_in/authentication.rb
@@ -69,11 +69,11 @@ def handle_authenticate_error(error)
     end
 
     def validate_request_ip
-      return if @current_user.fingerprint == request.ip
+      return if @current_user.fingerprint == request.remote_ip
 
-      log_context = { request_ip: request.ip, fingerprint: @current_user.fingerprint }
+      log_context = { request_ip: request.remote_ip, fingerprint: @current_user.fingerprint }
       Rails.logger.warn('[SignIn][Authentication] fingerprint mismatch', log_context)
-      @current_user.fingerprint = request.ip
+      @current_user.fingerprint = request.remote_ip
       @current_user.save
     end
   end

diff --git a/spec/controllers/sign_in/application_controller_spec.rb b/spec/controllers/sign_in/application_controller_spec.rb
@@ -67,19 +67,19 @@ def append_info_to_payload(payload)
       context 'user.fingerprint matches request IP' do
         it 'passes fingerprint validation and does not create a log' do
           expect_any_instance_of(SentryLogging).not_to receive(:log_message_to_sentry).with(:warn)
-          expect(subject.request.ip).to eq(user.fingerprint)
+          expect(subject.request.remote_ip).to eq(user.fingerprint)
         end
       end
 
       context 'user.fingerprint does not match request IP' do
         let!(:user) { create(:user, :loa3, uuid: access_token_object.user_uuid) }
         let(:expected_error) { '[SignIn][Authentication] fingerprint mismatch' }
-        let(:log_context) { { request_ip: request.ip, fingerprint: user.fingerprint } }
+        let(:log_context) { { request_ip: request.remote_ip, fingerprint: user.fingerprint } }
 
         it 'fails fingerprint validation and creates a log' do
           expect(Rails.logger).to receive(:warn).with(expected_error, log_context)
 
-          expect(subject.request.ip).not_to eq(user.fingerprint)
+          expect(subject.request.remote_ip).not_to eq(user.fingerprint)
         end
 
         it 'does not prevent authentication' do
@@ -133,7 +133,7 @@ def append_info_to_payload(payload)
           let(:access_token_cookie) { SignIn::AccessTokenJwtEncoder.new(access_token: access_token_object).perform }
           let(:expected_error) { SignIn::Errors::AccessTokenMalformedJWTError.to_s }
           let!(:user) do
-            create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.ip)
+            create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.remote_ip)
           end
           let(:user_serializer) { SignIn::IntrospectSerializer.new(user) }
           let(:expected_introspect_response) { JSON.parse(user_serializer.to_json) }
@@ -185,7 +185,7 @@ def append_info_to_payload(payload)
         let(:access_token) { SignIn::AccessTokenJwtEncoder.new(access_token: access_token_object).perform }
         let(:expected_error) { SignIn::Errors::AccessTokenMalformedJWTError.to_s }
         let!(:user) do
-          create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.ip)
+          create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.remote_ip)
         end
         let(:user_serializer) { SignIn::IntrospectSerializer.new(user) }
         let(:expected_introspect_response) { JSON.parse(user_serializer.to_json) }
@@ -212,18 +212,18 @@ def append_info_to_payload(payload)
       context 'user.fingerprint matches request IP' do
         it 'passes fingerprint validation and does not create a log' do
           expect_any_instance_of(SentryLogging).not_to receive(:log_message_to_sentry).with(:warn)
-          expect(subject.request.ip).to eq(user.fingerprint)
+          expect(subject.request.remote_ip).to eq(user.fingerprint)
         end
       end
 
       context 'user.fingerprint does not match request IP' do
         let!(:user) { create(:user, :loa3, uuid: access_token_object.user_uuid) }
         let(:expected_error) { '[SignIn][Authentication] fingerprint mismatch' }
-        let(:log_context) { { request_ip: request.ip, fingerprint: user.fingerprint } }
+        let(:log_context) { { request_ip: request.remote_ip, fingerprint: user.fingerprint } }
 
         it 'fails fingerprint validation and creates a log' do
           expect(Rails.logger).to receive(:warn).with(expected_error, log_context)
-          expect(subject.request.ip).not_to eq(user.fingerprint)
+          expect(subject.request.remote_ip).not_to eq(user.fingerprint)
         end
 
         it 'does not prevent authentication' do
@@ -276,7 +276,7 @@ def append_info_to_payload(payload)
           let(:access_token_cookie) { SignIn::AccessTokenJwtEncoder.new(access_token: access_token_object).perform }
           let(:expected_error) { SignIn::Errors::AccessTokenMalformedJWTError.to_s }
           let!(:user) do
-            create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.ip)
+            create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.remote_ip)
           end
           let(:user_serializer) { SignIn::IntrospectSerializer.new(user) }
           let(:expected_introspect_response) { JSON.parse(user_serializer.to_json) }
@@ -332,7 +332,7 @@ def append_info_to_payload(payload)
         let(:access_token) { SignIn::AccessTokenJwtEncoder.new(access_token: access_token_object).perform }
         let(:expected_error) { SignIn::Errors::AccessTokenMalformedJWTError.to_s }
         let!(:user) do
-          create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.ip)
+          create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.remote_ip)
         end
         let(:user_serializer) { SignIn::IntrospectSerializer.new(user) }
         let(:expected_introspect_response) { JSON.parse(user_serializer.to_json) }
@@ -404,7 +404,7 @@ def append_info_to_payload(payload)
                     loa:,
                     authn_context:,
                     mhv_icn: user_account.icn,
-                    fingerprint: request.ip)
+                    fingerprint: request.remote_ip)
     end
     let(:expected_error) { 'Service unavailable' }
 

diff --git a/spec/controllers/v0/sign_in_controller_spec.rb b/spec/controllers/v0/sign_in_controller_spec.rb
@@ -723,7 +723,7 @@
                     birth_date: Formatters::DateFormatter.format_date(user_info.birthdate),
                     first_name: user_info.given_name,
                     last_name: user_info.family_name,
-                    fingerprint: request.ip
+                    fingerprint: request.remote_ip
                   }
                 end
                 let(:mpi_profile) do