EVSS DependentsApplicationJob Form Encryption (#11520)

* removes unrelated commits * fixes KMS decryption & JSON parsing * adds decryption spec
department-of-veterans-affairs · Jan 31, 2023 · 879d471 · 879d471
1 parent 3219095
commit 879d471
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 10 deletions.
diff --git a/app/models/dependents_application.rb b/app/models/dependents_application.rb
@@ -248,6 +248,6 @@ def user_can_access_evss
   end
 
   def create_submission_job
-    EVSS::DependentsApplicationJob.perform_async(id, parsed_form, user.uuid)
+    EVSS::DependentsApplicationJob.perform_async(id, KmsEncrypted::Box.new.encrypt(parsed_form.to_json), user.uuid)
   end
 end
diff --git a/app/workers/evss/dependents_application_job.rb b/app/workers/evss/dependents_application_job.rb
@@ -10,8 +10,9 @@ class DependentsApplicationJob
     sidekiq_options retry: false
 
     # rubocop:disable Metrics/MethodLength
-    def perform(app_id, form, user_uuid)
+    def perform(app_id, encrypted_form, user_uuid)
       @app_id = app_id
+      form = JSON.parse(KmsEncrypted::Box.new.decrypt(encrypted_form))
       user = User.find(user_uuid)
       service = Dependents::Service.new(user)
       cached_info = Dependents::RetrievedInfo.for_user(user)

diff --git a/spec/jobs/evss/dependents_application_job_spec.rb b/spec/jobs/evss/dependents_application_job_spec.rb
@@ -39,14 +39,29 @@ def reload_dependents_application
       end
     end
 
-    it 'uses, then deletes a cache of user info' do
-      VCR.use_cassette(
-        'evss/dependents/all',
-        match_requests_on: %i[method uri body]
-      ) do
-        expect_any_instance_of(EVSS::Dependents::RetrievedInfo).to receive(:body).once.and_call_original
-        expect_any_instance_of(EVSS::Dependents::RetrievedInfo).to receive(:delete).once.and_call_original
-        described_class.drain
+    context 'user info protection' do
+      before { allow_any_instance_of(KmsEncrypted::Box).to receive(:decrypt).and_return(dependents_application.form) }
+
+      it 'decrypts the encrypted user form argument' do
+        VCR.use_cassette(
+          'evss/dependents/all',
+          match_requests_on: %i[method uri body]
+        ) do
+          expect_any_instance_of(KmsEncrypted::Box).to receive(:decrypt)
+          described_class.drain
+          reload_dependents_application
+        end
+      end
+
+      it 'uses, then deletes a cache of user info' do
+        VCR.use_cassette(
+          'evss/dependents/all',
+          match_requests_on: %i[method uri body]
+        ) do
+          expect_any_instance_of(EVSS::Dependents::RetrievedInfo).to receive(:body).once.and_call_original
+          expect_any_instance_of(EVSS::Dependents::RetrievedInfo).to receive(:delete).once.and_call_original
+          described_class.drain
+        end
       end
     end
   end