Skip to content
This repository has been archived by the owner on Nov 30, 2022. It is now read-only.

Backend - generate ID verification code #1010

Closed
adriaaaa opened this issue Aug 2, 2022 · 3 comments · Fixed by #1115
Closed

Backend - generate ID verification code #1010

adriaaaa opened this issue Aug 2, 2022 · 3 comments · Fixed by #1115

Comments

@adriaaaa
Copy link

adriaaaa commented Aug 2, 2022

Description

When Fides admins are using our ID verification solution, Fides will need logic to validate that a submitted verification code matches (or doesn't match) what it is expecting to receive. Fides should create a privacy request if the codes match. Fides should not create a privacy request if the codes do not match.

Assumptions

  • this includes figuring out how to store the code temporarily
  • scope of this ticket includes sending out the code to the subject

Acceptance Criteria

  1. Show that Fides will not accept a privacy request if the ID verification code provided does not match the one sent to the user
  2. Show that Fides will accept a privacy request if the ID verification code provided matchs the one sent to the user
@adriaaaa adriaaaa changed the title Backend - validate MFA code to verify identity Backend - validate ID verification code Aug 10, 2022
@adriaaaa adriaaaa changed the title Backend - validate ID verification code Backend - generate & validate ID verification code Aug 16, 2022
@pattisdr
Copy link
Contributor

I'm going to split work a little differently:

#1062 - separate endpoint that verifies and then queues the privacy request
#1010 - generate code and send to the user when they attempt to create a privacy request and they have identity verification turned on.

@pattisdr pattisdr changed the title Backend - generate & validate ID verification code Backend - generate ID verification code Aug 18, 2022
@pattisdr
Copy link
Contributor

Note to self: Add documentation as part of this work

@pattisdr
Copy link
Contributor

Flow:

  • check if subject identity verification is on
  • if so, create the privacy request/cache the identities, and set the status of the privacy request to "identity_unverified".
  • generate a verification code and email that to the user.
  • continue, don't queue the privacy request.

seanpreston pushed a commit that referenced this issue Aug 23, 2022
* If identity verification required, send email to the user with the verification code.

* Adjust the identity_verification_required autouse fixture, and add an autouse override for just the tests where we want to turn on identity verification.

* Add starting docs and updating the changelog.

Start with identity_verification_required set to False for now until all the related pieces are in.

* Update some of the docstrings.

* Add unverified status color in the FE.

* Add new privacy request status to types and constants.

* Restore trailing comma.

* Update identity_verification_required to subject_identity_verification_required for clarity.

* Adjust email_body_params to accommodate new template.

Co-authored-by: Sean Preston <[email protected]>
sanders41 pushed a commit that referenced this issue Sep 22, 2022
* If identity verification required, send email to the user with the verification code.

* Adjust the identity_verification_required autouse fixture, and add an autouse override for just the tests where we want to turn on identity verification.

* Add starting docs and updating the changelog.

Start with identity_verification_required set to False for now until all the related pieces are in.

* Update some of the docstrings.

* Add unverified status color in the FE.

* Add new privacy request status to types and constants.

* Restore trailing comma.

* Update identity_verification_required to subject_identity_verification_required for clarity.

* Adjust email_body_params to accommodate new template.

Co-authored-by: Sean Preston <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants