department-of-veterans-affairs · RachalCassity · Dec 13, 2024 · Dec 3, 2024 · Dec 13, 2024 · Dec 13, 2024
@@ -362,6 +362,7 @@ app/policies/mpi_policy.rb @department-of-veterans-affairs/octo-identity
 app/policies/ppiu_policy.rb @department-of-veterans-affairs/vfs-authenticated-experience-backend @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 app/policies/vet360_policy.rb @department-of-veterans-affairs/vfs-authenticated-experience-backend @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 app/policies/va_profile_policy.rb @department-of-veterans-affairs/vfs-authenticated-experience-backend @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
+app/policies/vye_policy.rb @department-of-veterans-affairs/govcio-vfep-codereviewers @department-of-veterans-affairs/backend-review-group
 app/serializers/appointment_serializer.rb @department-of-veterans-affairs/vfs-vaos @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 app/serializers/async_transaction @department-of-veterans-affairs/vfs-authenticated-experience-backend @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 app/serializers/async_transaction/base_serializer.rb @department-of-veterans-affairs/vfs-authenticated-experience-backend @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
@@ -1024,6 +1025,7 @@ lib/virtual_regional_office @department-of-veterans-affairs/va-api-engineers @de
 lib/vre @department-of-veterans-affairs/benefits-non-disability @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 lib/res @department-of-veterans-affairs/benefits-non-disability @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 lib/va_notify @department-of-veterans-affairs/pension-and-burials @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
+lib/vye @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/govcio-vfep-codereviewers
 lib/webhooks @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 lib/zero_silent_failures @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 modules/accredited_representative_portal @department-of-veterans-affairs/benefits-accredited-rep-facing-engineers @department-of-veterans-affairs/backend-review-group
@@ -1064,7 +1066,7 @@ modules/veteran @department-of-veterans-affairs/lighthouse-dash @department-of-v
 modules/pensions @department-of-veterans-affairs/pension-and-burials @department-of-veterans-affairs/backend-review-group
 modules/veteran_confirmation @department-of-veterans-affairs/lighthouse-ninjapigs @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 modules/travel_pay @department-of-veterans-affairs/travel-pay-integration @department-of-veterans-affairs/backend-review-group
-modules/vye @department-of-veterans-affairs/backend-review-group #@department-of-veterans-affairs/govcio-vye-codereviewers
+modules/vye @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/govcio-vfep-codereviewers
 modules/decision_reviews @department-of-veterans-affairs/benefits-decision-reviews-be @department-of-veterans-affairs/backend-review-group
 postman/vets-api.pm-collection.json @department-of-veterans-affairs/backend-review-group
 postman/Dockerfile @department-of-veterans-affairs/backend-review-group
@@ -1340,6 +1342,7 @@ spec/fixtures/supplemental_claims @department-of-veterans-affairs/benefits-decis
 spec/fixtures/va_profile @department-of-veterans-affairs/vfs-authenticated-experience-backend @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 spec/fixtures/vba_documents @department-of-veterans-affairs/lighthouse-banana-peels @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 spec/fixtures/vbms @department-of-veterans-affairs/benefits-dependents-management @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
+spec/lib/vye @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/govcio-vfep-codereviewers
 spec/sidekiq/account_login_statistics_job_spec.rb @department-of-veterans-affairs/octo-identity
 spec/sidekiq/benefits_intake_status_job_spec.rb @department-of-veterans-affairs/platform-va-product-forms @department-of-veterans-affairs/Disability-Experience @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group
 spec/sidekiq/bgs @department-of-veterans-affairs/va-api-engineers @department-of-veterans-affairs/backend-review-group @department-of-veterans-affairs/benefits-dependents-management

diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
@@ -315,6 +315,7 @@ Lint/MissingSuper:
     - 'modules/va_notify/lib/va_notify/service.rb'
     - 'modules/vaos/app/services/vaos/session_service.rb'
     - 'modules/veteran/app/models/veteran/user.rb'
+    - 'lib/vye/dgib/service.rb'
 
 # Offense count: 5
 Lint/NoReturnInBeginEndBlocks:

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+VyePolicy = Struct.new(:user, :user_info) do
+  def access?
+    user.present?
+  end
+end
@@ -6,6 +6,7 @@
 require 'central_mail/configuration'
 require 'debt_management_center/debts_configuration'
 require 'decision_review/configuration'
+require 'vye/dgib/service'
 require 'dgi/automation/configuration'
 require 'dgi/eligibility/configuration'
 require 'dgi/status/configuration'
@@ -84,6 +85,7 @@
     SearchTypeahead::Configuration.instance.breakers_service,
     SearchClickTracking::Configuration.instance.breakers_service,
     VAOS::Configuration.instance.breakers_service,
+    Vye::DGIB::Configuration.instance.breakers_service,
     IAMSSOeOAuth::Configuration.instance.breakers_service,
     CovidVaccine::V0::VetextConfiguration.instance.breakers_service,
     VEText::Configuration.instance.breakers_service,

@@ -1442,10 +1442,19 @@ genisis:
   pass: bogus
 
 # Settings for connecting AFS Veteran Services
+# For locahost we can use the existing certs as long as we don't call out
 dgi:
   jwt:
     public_key_path: modules/meb_api/spec/fixtures/dgi_public_test.pem
     private_key_path: modules/meb_api/spec/fixtures/dgi_private_test.pem
+  vye:
+    jwt:
+      public_key_path: modules/vye/spec/fixtures/dgi_public_test.pem
+      private_key_path: modules/vye/spec/fixtures/dgi_private_test.pem
+      public_ica11_rca2_key_path: modules/vye/spec/fixtures/ICA11-RCA2-combined-cert.pem
+    vets:
+      url: ""
+      mock: false
   vets:
     url: "https://jenkins.ld.afsp.io:32512/vets-service/v1/" # Docker setup for microservice
     mock: false

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Vye
+  module DGIB
+    class AuthenticationTokenService
+      ALGORITHM_TYPE = 'RS256'
+      E = 'AQAB'
+      TYP = 'JWT'
+      KID = 'vye'
+      USE = 'sig'
+      SIGNING_KEY = Settings.dgi.vye.jwt.private_key_path
+      RSA_PRIVATE = OpenSSL::PKey::RSA.new(File.read(SIGNING_KEY))
+
+      def self.call
+        payload = {
+          exp: 5.minutes.from_now.to_i, # JWT expiration time (5 minutes)
+          nbf: Time.now.to_i,
+          realm_access: {
+            roles: ['VYE']
+          }
+        }
+
+        header_fields = { kid: KID, typ: TYP }
+
+        JWT.encode payload, RSA_PRIVATE, ALGORITHM_TYPE, header_fields
+      end
+    end
+  end
+end
@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Vye
+  module DGIB
+    class Configuration < Common::Client::Configuration::REST
+      def connection
+        @conn ||= Faraday.new(base_path, headers: base_request_headers, request: request_options) do |faraday|
+          faraday.use :breakers
+          faraday.ssl[:ca_file] = Settings.dgi.vye.jwt.public_ica11_rca2_key_path
+          faraday.request :json
+          faraday.use      Faraday::Response::RaiseError
+          faraday.response :betamocks if mock_enabled?
+          faraday.response :snakecase, symbolize: false
+          faraday.response :json, content_type: /\bjson$/ # ensures only json content types parsed
+          faraday.adapter Faraday.default_adapter
+        end
+      end
+
+      def base_path
+        Settings.dgi.vye.vets.url.to_s
+      end
+
+      def service_name
+        'VYE/DGIB'
+      end
+
+      def mock_enabled?
+        Settings.dgi.vye.vets.mock || false
+      end
+    end
+  end
+end
@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+require 'common/client/concerns/service_status'
+require 'common/models/base'
+
+module Vye
+  module DGIB
+    class Response < Common::Base
+      include Common::Client::Concerns::ServiceStatus
+
+      attribute :status, Integer
+
+      def initialize(status, attributes = nil)
+        super(attributes) if attributes
+        self.status = status
+      end
+
+      def ok?
+        status == 200
+      end
+
+      def cache?
+        ok?
+      end
+
+      def metadata
+        { status: response_status }
+      end
+
+      def response_status
+        case status
+        when 200
+          RESPONSE_STATUS[:ok]
+        when 204
+          RESPONSE_STATUS[:no_content]
+        when 403
+          RESPONSE_STATUS[:not_authorized]
+        when 404
+          RESPONSE_STATUS[:not_found]
+        when 500
+          RESPONSE_STATUS[:internal_server_error]
+        else
+          RESPONSE_STATUS[:server_error]
+        end
+      end
+    end
+
+    class ClaimantStatusResponse < Response
+      attribute :claimant_id, Integer
+      attribute :delimiting_date, String
+      attribute :verified_details, Array
+      attribute :payment_on_hold, Boolean
+
+      def initialize(status, response = nil)
+        attributes = {
+          claimant_id: response.body['claimant_id'],
+          delimiting_date: response.body['delimiting_date'],
+          verified_details: response.body['verified_details'],
+          payment_on_hold: response.body['payment_on_hold']
+        }
+
+        super(status, attributes)
+      end
+    end
+
+    class ClaimantLookupResponse < Response
+      attribute :claimant_id, Integer
+
+      def initialize(status, response = nil)
+        attributes = { claimant_id: response.body['claimant_id'] }
+
+        super(status, attributes)
+      end
+    end
+
+    class VerificationRecordResponse < Response
+      attribute :claimant_id, Integer
+      attribute :delimiting_date, String
+      attribute :enrollment_verifications, Array
+      attribute :verified_details, Array
+      attribute :payment_on_hold, Boolean
+
+      def initialize(status, response = nil)
+        attributes = {
+          claimant_id: response.body['claimant_id'],
+          delimiting_date: response.body['delimiting_date'],
+          enrollment_verifications: response.body['enrollment_verifications'],
+          verified_details: response.body['verified_details'],
+          payment_on_hold: response.body['payment_on_hold']
+        }
+
+        super(status, attributes)
+      end
+    end
+
+    class VerifyClaimantResponse < Response
+      attribute :claimant_id, Integer
+      attribute :delimiting_date, String
+      attribute :verified_details, Array
+      attribute :payment_on_hold, Boolean
+
+      def initialize(status, response = nil)
+        attributes = {
+          claimant_id: response.body['claimant_id'],
+          delimiting_date: response.body['delimiting_date'],
+          verified_details: response.body['verified_details'],
+          payment_on_hold: response.body['payment_on_hold']
+        }
+
+        super(status, attributes)
+      end
+    end
+  end
+end
@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+
+require 'common/client/base'
+require_relative 'configuration'
+require_relative 'response'
+require_relative 'authentication_token_service'
+
+module Vye
+  module DGIB
+    class Service < Common::Client::Base
+      include Common::Client::Concerns::Monitoring
+
+      STATSD_KEY_PREFIX = 'api.vye.dgib'
+      configuration Vye::DGIB::Configuration
+
+      def initialize(user)
+        @user = user
+      end
+
+      def camelize_keys_for_java_service(params)
+        local_params = params[0] || params
+
+        local_params.permit!.to_h.deep_transform_keys do |key|
+          if key.include?('_')
+            split_keys = key.split('_')
+            split_keys.collect { |key_part| split_keys[0] == key_part ? key_part : key_part.capitalize }.join
+          else
+            key
+          end
+        end
+      end
+
+      def claimant_lookup(ssn)
+        params = ActionController::Parameters.new({ ssn: })
+        with_monitoring do
+          headers = request_headers
+          options = { timeout: 60 }
+          response = perform(:post, claimant_lookup_end_point, camelize_keys_for_java_service(params).to_json, headers,
+                             options)
+          ClaimantLookupResponse.new(response.status, response)
+        end
+      end
+
+      def get_claimant_status(claimant_id)
+        with_monitoring do
+          headers = request_headers
+          options = { timeout: 60 }
+          raw_response = perform(:get, claimant_status_end_point(claimant_id), {}, headers, options)
+          ClaimantStatusRecordResponse.new(raw_response.status, raw_response)
+        end
+      end
+
+      # rubocop:disable Metrics/ParameterLists
+      def verify_claimant(
+        claimant_id,
+        verified_period_begin_date,
+        verified_period_end_date,
+        verified_through_date,
+        verification_method,
+        response_type
+      )
+        params = ActionController::Parameters.new({
+                                                    claimant_id:,
+                                                    verified_period_begin_date:,
+                                                    verified_period_end_date:,
+                                                    verified_through_date:,
+                                                    verification_method:,
+                                                    app_communication: { response_type: }
+                                                  })
+        # rubocop:enable Metrics/ParameterLists
+
+        with_monitoring do
+          headers = request_headers
+          options = { timeout: 60 }
+          response = perform(:post, verify_claimant_end_point, camelize_keys_for_java_service(params).to_json, headers,
+                             options)
+          VerifyClaimantResponse.new(response.status, response)
+        end
+      end
+
+      def get_verification_record(claimant_id)
+        with_monitoring do
+          headers = request_headers
+          options = { timeout: 60 }
+          raw_response = perform(:get, verification_record_end_point(claimant_id), {}, headers, options)
+          VerificationRecordResponse.new(raw_response.status, raw_response)
+        end
+      end
+
+      private
+
+      def claimant_lookup_end_point
+        'dgi/vye/claimantLookup'
+      end
+
+      def claimant_status_end_point(claimant_id)
+        "verifications/vye/#{claimant_id}/status"
+      end
+
+      def verify_claimant_end_point
+        'verifications/vye/verify'
+      end
+
+      def verification_record_end_point(claimant_id)
+        "verifications/vye/#{claimant_id}/verification-record"
+      end
+
+      def json
+        nil
+      end
+
+      def request_headers
+        {
+          Authorization: "Bearer #{AuthenticationTokenService.call}"
+        }
+      end
+    end
+  end
+end
@@ -2,8 +2,6 @@
 
 module Vye
   class ApplicationController < ::ApplicationController
-    include Pundit::Authorization
-
     service_tag 'verify-your-enrollment'
 
     rescue_from Pundit::NotAuthorizedError, with: -> { render json: { error: 'Forbidden' }, status: :forbidden }