Skip to content

Commit

Permalink
changes user.fingerprint to request.remote_ip for better accuracy (#1…
Browse files Browse the repository at this point in the history
  • Loading branch information
bramleyjl authored Jun 5, 2023
1 parent 582c013 commit 94ae98a
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 15 deletions.
6 changes: 3 additions & 3 deletions app/controllers/concerns/sign_in/authentication.rb
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,11 @@ def handle_authenticate_error(error)
end

def validate_request_ip
return if @current_user.fingerprint == request.ip
return if @current_user.fingerprint == request.remote_ip

log_context = { request_ip: request.ip, fingerprint: @current_user.fingerprint }
log_context = { request_ip: request.remote_ip, fingerprint: @current_user.fingerprint }
Rails.logger.warn('[SignIn][Authentication] fingerprint mismatch', log_context)
@current_user.fingerprint = request.ip
@current_user.fingerprint = request.remote_ip
@current_user.save
end
end
Expand Down
22 changes: 11 additions & 11 deletions spec/controllers/sign_in/application_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -67,19 +67,19 @@ def append_info_to_payload(payload)
context 'user.fingerprint matches request IP' do
it 'passes fingerprint validation and does not create a log' do
expect_any_instance_of(SentryLogging).not_to receive(:log_message_to_sentry).with(:warn)
expect(subject.request.ip).to eq(user.fingerprint)
expect(subject.request.remote_ip).to eq(user.fingerprint)
end
end

context 'user.fingerprint does not match request IP' do
let!(:user) { create(:user, :loa3, uuid: access_token_object.user_uuid) }
let(:expected_error) { '[SignIn][Authentication] fingerprint mismatch' }
let(:log_context) { { request_ip: request.ip, fingerprint: user.fingerprint } }
let(:log_context) { { request_ip: request.remote_ip, fingerprint: user.fingerprint } }

it 'fails fingerprint validation and creates a log' do
expect(Rails.logger).to receive(:warn).with(expected_error, log_context)

expect(subject.request.ip).not_to eq(user.fingerprint)
expect(subject.request.remote_ip).not_to eq(user.fingerprint)
end

it 'does not prevent authentication' do
Expand Down Expand Up @@ -133,7 +133,7 @@ def append_info_to_payload(payload)
let(:access_token_cookie) { SignIn::AccessTokenJwtEncoder.new(access_token: access_token_object).perform }
let(:expected_error) { SignIn::Errors::AccessTokenMalformedJWTError.to_s }
let!(:user) do
create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.ip)
create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.remote_ip)
end
let(:user_serializer) { SignIn::IntrospectSerializer.new(user) }
let(:expected_introspect_response) { JSON.parse(user_serializer.to_json) }
Expand Down Expand Up @@ -185,7 +185,7 @@ def append_info_to_payload(payload)
let(:access_token) { SignIn::AccessTokenJwtEncoder.new(access_token: access_token_object).perform }
let(:expected_error) { SignIn::Errors::AccessTokenMalformedJWTError.to_s }
let!(:user) do
create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.ip)
create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.remote_ip)
end
let(:user_serializer) { SignIn::IntrospectSerializer.new(user) }
let(:expected_introspect_response) { JSON.parse(user_serializer.to_json) }
Expand All @@ -212,18 +212,18 @@ def append_info_to_payload(payload)
context 'user.fingerprint matches request IP' do
it 'passes fingerprint validation and does not create a log' do
expect_any_instance_of(SentryLogging).not_to receive(:log_message_to_sentry).with(:warn)
expect(subject.request.ip).to eq(user.fingerprint)
expect(subject.request.remote_ip).to eq(user.fingerprint)
end
end

context 'user.fingerprint does not match request IP' do
let!(:user) { create(:user, :loa3, uuid: access_token_object.user_uuid) }
let(:expected_error) { '[SignIn][Authentication] fingerprint mismatch' }
let(:log_context) { { request_ip: request.ip, fingerprint: user.fingerprint } }
let(:log_context) { { request_ip: request.remote_ip, fingerprint: user.fingerprint } }

it 'fails fingerprint validation and creates a log' do
expect(Rails.logger).to receive(:warn).with(expected_error, log_context)
expect(subject.request.ip).not_to eq(user.fingerprint)
expect(subject.request.remote_ip).not_to eq(user.fingerprint)
end

it 'does not prevent authentication' do
Expand Down Expand Up @@ -276,7 +276,7 @@ def append_info_to_payload(payload)
let(:access_token_cookie) { SignIn::AccessTokenJwtEncoder.new(access_token: access_token_object).perform }
let(:expected_error) { SignIn::Errors::AccessTokenMalformedJWTError.to_s }
let!(:user) do
create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.ip)
create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.remote_ip)
end
let(:user_serializer) { SignIn::IntrospectSerializer.new(user) }
let(:expected_introspect_response) { JSON.parse(user_serializer.to_json) }
Expand Down Expand Up @@ -332,7 +332,7 @@ def append_info_to_payload(payload)
let(:access_token) { SignIn::AccessTokenJwtEncoder.new(access_token: access_token_object).perform }
let(:expected_error) { SignIn::Errors::AccessTokenMalformedJWTError.to_s }
let!(:user) do
create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.ip)
create(:user, :loa3, uuid: access_token_object.user_uuid, fingerprint: request.remote_ip)
end
let(:user_serializer) { SignIn::IntrospectSerializer.new(user) }
let(:expected_introspect_response) { JSON.parse(user_serializer.to_json) }
Expand Down Expand Up @@ -404,7 +404,7 @@ def append_info_to_payload(payload)
loa:,
authn_context:,
mhv_icn: user_account.icn,
fingerprint: request.ip)
fingerprint: request.remote_ip)
end
let(:expected_error) { 'Service unavailable' }

Expand Down
2 changes: 1 addition & 1 deletion spec/controllers/v0/sign_in_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -723,7 +723,7 @@
birth_date: Formatters::DateFormatter.format_date(user_info.birthdate),
first_name: user_info.given_name,
last_name: user_info.family_name,
fingerprint: request.ip
fingerprint: request.remote_ip
}
end
let(:mpi_profile) do
Expand Down

0 comments on commit 94ae98a

Please sign in to comment.