From 879d4719588eb3be97520a1a9b590705e5552b8e Mon Sep 17 00:00:00 2001
From: John Bramley <john.bramley@adhocteam.us>
Date: Tue, 31 Jan 2023 10:23:04 -0700
Subject: [PATCH] EVSS DependentsApplicationJob Form Encryption (#11520)

* removes unrelated commits

* fixes KMS decryption & JSON parsing

* adds decryption spec
---
 app/models/dependents_application.rb          |  2 +-
 .../evss/dependents_application_job.rb        |  3 +-
 .../evss/dependents_application_job_spec.rb   | 31 ++++++++++++++-----
 3 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/app/models/dependents_application.rb b/app/models/dependents_application.rb
index 0d8d238ad02..1db2654843a 100644
--- a/app/models/dependents_application.rb
+++ b/app/models/dependents_application.rb
@@ -248,6 +248,6 @@ def user_can_access_evss
   end
 
   def create_submission_job
-    EVSS::DependentsApplicationJob.perform_async(id, parsed_form, user.uuid)
+    EVSS::DependentsApplicationJob.perform_async(id, KmsEncrypted::Box.new.encrypt(parsed_form.to_json), user.uuid)
   end
 end
diff --git a/app/workers/evss/dependents_application_job.rb b/app/workers/evss/dependents_application_job.rb
index 30e793f0fb5..dbc33939111 100644
--- a/app/workers/evss/dependents_application_job.rb
+++ b/app/workers/evss/dependents_application_job.rb
@@ -10,8 +10,9 @@ class DependentsApplicationJob
     sidekiq_options retry: false
 
     # rubocop:disable Metrics/MethodLength
-    def perform(app_id, form, user_uuid)
+    def perform(app_id, encrypted_form, user_uuid)
       @app_id = app_id
+      form = JSON.parse(KmsEncrypted::Box.new.decrypt(encrypted_form))
       user = User.find(user_uuid)
       service = Dependents::Service.new(user)
       cached_info = Dependents::RetrievedInfo.for_user(user)
diff --git a/spec/jobs/evss/dependents_application_job_spec.rb b/spec/jobs/evss/dependents_application_job_spec.rb
index 20bc5226db3..3265ff09abd 100644
--- a/spec/jobs/evss/dependents_application_job_spec.rb
+++ b/spec/jobs/evss/dependents_application_job_spec.rb
@@ -39,14 +39,29 @@ def reload_dependents_application
       end
     end
 
-    it 'uses, then deletes a cache of user info' do
-      VCR.use_cassette(
-        'evss/dependents/all',
-        match_requests_on: %i[method uri body]
-      ) do
-        expect_any_instance_of(EVSS::Dependents::RetrievedInfo).to receive(:body).once.and_call_original
-        expect_any_instance_of(EVSS::Dependents::RetrievedInfo).to receive(:delete).once.and_call_original
-        described_class.drain
+    context 'user info protection' do
+      before { allow_any_instance_of(KmsEncrypted::Box).to receive(:decrypt).and_return(dependents_application.form) }
+
+      it 'decrypts the encrypted user form argument' do
+        VCR.use_cassette(
+          'evss/dependents/all',
+          match_requests_on: %i[method uri body]
+        ) do
+          expect_any_instance_of(KmsEncrypted::Box).to receive(:decrypt)
+          described_class.drain
+          reload_dependents_application
+        end
+      end
+
+      it 'uses, then deletes a cache of user info' do
+        VCR.use_cassette(
+          'evss/dependents/all',
+          match_requests_on: %i[method uri body]
+        ) do
+          expect_any_instance_of(EVSS::Dependents::RetrievedInfo).to receive(:body).once.and_call_original
+          expect_any_instance_of(EVSS::Dependents::RetrievedInfo).to receive(:delete).once.and_call_original
+          described_class.drain
+        end
       end
     end
   end