Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API-24371-valid-ssn #11899

Merged
merged 0 commits into from
Mar 6, 2023
Merged

API-24371-valid-ssn #11899

merged 0 commits into from
Mar 6, 2023

Conversation

stiehlrod
Copy link
Contributor

@stiehlrod stiehlrod commented Feb 24, 2023
edited by mchristiansonVA
Loading

Summary

  • Adds validation for claimantSsn parameter when supplied and returns an HTTP 422 error in cases where the ssn fails validation.
  • SSN validation includes check for numeric digits only, as well as length of 9.
  • Strips "-" from parameter value before validation and submission.

Related issue(s)

Testing done

  • Tested various invalid SSN values for claimantSsn with /intent-to-file endpoint to ensure the appropriate error is returned.
  • Updated rspec tests to include cases where SSN validation should fail and return HTTP 422.

What areas of the site does it impact?

  • vets-api Benefits Claims /intent-to-file endpoint

Acceptance criteria

  • I fixed|updated|added unit tests and integration tests for each feature (if applicable).
  • No error nor warning in the console.
  • Events are being sent to the appropriate logging solution
  • Documentation has been updated (link to documentation)
  • No sensitive information (i.e. PII/credentials/internal URLs/etc.) is captured in logging, hardcoded, or specs
  • Feature/bug has a monitor built into Datadog or Grafana (if applicable)
  • If app impacted requires authentication, did you login to a local build and verify all authenticated routes work as expected
  • I added a screenshot of the developed feature

@stiehlrod stiehlrod added the claimsApi modules/claims_api label Feb 24, 2023
@va-vfs-bot va-vfs-bot temporarily deployed to API-24371-valid-ssn/main/main February 24, 2023 22:29 Inactive
@va-vfs-bot va-vfs-bot temporarily deployed to API-24371-valid-ssn/main/main February 27, 2023 16:03 Inactive
@stiehlrod stiehlrod self-assigned this Feb 28, 2023
@stiehlrod stiehlrod closed this Mar 1, 2023
@va-vfs-bot va-vfs-bot temporarily deployed to API-24371-valid-ssn/main/main March 1, 2023 15:56 Inactive
@mchristiansonVA mchristiansonVA added the Lighthouse lighthouse label Mar 2, 2023
@mchristiansonVA mchristiansonVA marked this pull request as ready for review March 2, 2023 16:28
@mchristiansonVA mchristiansonVA requested review from a team as code owners March 2, 2023 16:28
acovrig
acovrig reviewed Mar 3, 2023
View reviewed changes
modules/claims_api/app/controllers/claims_api/v2/veterans/intent_to_file_controller.rb
@@ -76,7 +84,10 @@ def intent_to_file_options(type)
# BGS requires at least 1 of 'participant_claimant_id' or 'claimant_ssn'
def handle_claimant_fields(options:, params:, target_veteran:)
claimant_ssn = params[:claimantSsn]

if claimant_ssn.present?
claimant_ssn = claimant_ssn.gsub('-', '')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I presume people don't use any other separators (like phone numbers sometimes have . instead of -)?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

claimant_ssn.delete('^0-9') feels more idiomatic to me to whitelist only digits, if we're worried about such things. I'm actually a little surprised rubocop didn't flag the non-regex gsub use with an alternative like tr or delete. Maybe we have that cop turned off.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to use delete in PR for API-24720.

cilestin
cilestin reviewed Mar 4, 2023
View reviewed changes
modules/claims_api/spec/requests/v2/veterans/intent_to_files_request_spec.rb
@@ -411,7 +411,7 @@
with_okta_user(scopes) do |auth_header|
survivor_data = data
survivor_data[:type] = 'survivor'
survivor_data[:claimantSsn] = '123456'
survivor_data[:claimantSsn] = '123456789'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't testing that the gsub is working to remove the dashes & parse the SSN as valid.123-45-6789 would ensure this passes as expected :)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a test for claimantSsn with separators in PR for API-24720.

@mchristiansonVA mchristiansonVA merged commit 6958800 into master Mar 6, 2023
@mchristiansonVA mchristiansonVA deleted the API-24371-valid-ssn branch March 6, 2023 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mchristiansonVA mchristiansonVA mchristiansonVA left review comments

@cilestin cilestin cilestin left review comments

@acovrig acovrig acovrig approved these changes

Assignees

@mchristiansonVA mchristiansonVA

Labels
claimsApi modules/claims_api Lighthouse lighthouse
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@stiehlrod @cilestin @acovrig @mchristiansonVA @va-vfs-bot