Merge branch 'master' into MBMS-61276-Self-Service-Pre-Need-Pre-Integ…

…ration-CMP-UUID-Text-size-Increase

Gemfile

@@ -174,7 +174,7 @@ end
 
 group :test do
   gem 'apivore', git: 'https://github.com/department-of-veterans-affairs/apivore', tag: 'v2.0.0.vsp'
-  gem 'fakeredis'
+  gem 'mock_redis'
   gem 'pdf-inspector'
   gem 'rspec_junit_formatter'
   gem 'rspec-retry'
@@ -215,7 +215,7 @@ group :development, :test do
   gem 'rubocop-rails'
   gem 'rubocop-rspec'
   gem 'rubocop-thread_safety'
-  gem 'sidekiq', '>= 6.4.0'
+  gem 'sidekiq', '~> 7.2.0'
   gem 'timecop'
   gem 'webmock'
   gem 'yard'

Gemfile.lock

@@ -133,12 +133,13 @@ PATH
 GEM
   remote: https://enterprise.contribsys.com/
   specs:
-    sidekiq-ent (2.5.3)
-      einhorn (>= 0.7.4)
-      sidekiq (>= 6.5.0, < 7)
-      sidekiq-pro (>= 5.5.0, < 6)
-    sidekiq-pro (5.5.8)
-      sidekiq (~> 6.0, >= 6.5.6)
+    sidekiq-ent (7.2.2)
+      einhorn (~> 1.0)
+      gserver
+      sidekiq (>= 7.2.0, < 8)
+      sidekiq-pro (>= 7.2.0, < 8)
+    sidekiq-pro (7.2.0)
+      sidekiq (>= 7.2.0, < 8)
 
 GEM
   remote: https://rubygems.org/
@@ -282,7 +283,7 @@ GEM
       bundler (>= 1.2.0, < 3)
       thor (~> 1.0)
     byebug (11.1.3)
-    carrierwave (3.0.6)
+    carrierwave (3.0.7)
       activemodel (>= 6.0.0)
       activesupport (>= 6.0.0)
       addressable (~> 2.6)
@@ -417,8 +418,6 @@ GEM
       railties (>= 5.0.0)
     faker (3.2.3)
       i18n (>= 1.8.11, < 2)
-    fakeredis (0.9.2)
-      redis (~> 4.8)
     faraday (2.9.0)
       faraday-net_http (>= 2.0, < 3.2)
     faraday-follow_redirects (0.3.0)
@@ -634,6 +633,7 @@ GEM
     mini_mime (1.1.5)
     mini_portile2 (2.8.5)
     minitest (5.22.3)
+    mock_redis (0.44.0)
     msgpack (1.7.2)
     msgpack (1.7.2-java)
     multi_json (1.15.0)
@@ -812,7 +812,10 @@ GEM
     rchardet (1.8.0)
     rdoc (6.6.2)
       psych (>= 4.0.0)
-    redis (4.8.1)
+    redis (5.1.0)
+      redis-client (>= 0.17.0)
+    redis-client (0.20.0)
+      connection_pool
     redis-namespace (1.11.0)
       redis (>= 4)
     regexp_parser (2.9.0)
@@ -904,7 +907,7 @@ GEM
     rubocop-factory_bot (2.25.1)
       rubocop (~> 1.41)
     rubocop-junit-formatter (0.1.4)
-    rubocop-rails (2.24.0)
+    rubocop-rails (2.24.1)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
@@ -954,10 +957,11 @@ GEM
     shrine (3.5.0)
       content_disposition (~> 1.0)
       down (~> 5.1)
-    sidekiq (6.5.12)
-      connection_pool (>= 2.2.5, < 3)
-      rack (~> 2.0)
-      redis (>= 4.5.0, < 5)
+    sidekiq (7.2.2)
+      concurrent-ruby (< 2)
+      connection_pool (>= 2.3.0)
+      rack (>= 2.2.4)
+      redis-client (>= 0.19.0)
     sidekiq_alive (2.4.0)
       gserver (~> 0.0.1)
       sidekiq (>= 5, < 8)
@@ -1122,7 +1126,6 @@ DEPENDENCIES
   facilities_api!
   factory_bot_rails
   faker
-  fakeredis
   faraday (~> 2.9)
   faraday-follow_redirects
   faraday-httpclient
@@ -1170,6 +1173,7 @@ DEPENDENCIES
   mimemagic
   mini_magick
   mobile!
+  mock_redis
   mocked_authentication!
   my_health!
   net-sftp
@@ -1234,7 +1238,7 @@ DEPENDENCIES
   sentry-ruby
   shoulda-matchers
   shrine
-  sidekiq (>= 6.4.0)
+  sidekiq (~> 7.2.0)
   sidekiq-ent!
   sidekiq-pro!
   sidekiq_alive

app/controllers/v1/pension_ipf_callbacks_controller.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+require 'decision_review_v1/utilities/logging_utils'
+
+module V1
+  class PensionIpfCallbacksController < ApplicationController
+    include ActionController::HttpAuthentication::Token::ControllerMethods
+    include DecisionReviewV1::Appeals::LoggingUtils
+
+    service_tag 'pension-ipf-callbacks'
+
+    skip_before_action :verify_authenticity_token, only: [:create]
+    skip_before_action :authenticate, only: [:create]
+    skip_after_action :set_csrf_header, only: [:create]
+    before_action :authenticate_header, only: [:create]
+
+    STATUSES_TO_IGNORE = %w[sent delivered temporary-failure].freeze
+
+    def create
+      return render json: nil, status: :not_found unless Flipper.enabled? :pension_ipf_callbacks_endpoint
+
+      payload = JSON.parse(request.body.string)
+
+      # save encrypted request body in database table for non-successful notifications
+      payload_status = payload['status']&.downcase
+      if STATUSES_TO_IGNORE.exclude? payload_status
+        begin
+          PensionIpfNotification.create!(payload:)
+        rescue ActiveRecord::RecordInvalid => e
+          log_formatted(**log_params(payload).merge(is_success: false), params: { exception_message: e.message })
+          return render json: { message: 'failed' }
+        end
+      end
+
+      log_formatted(**log_params(payload).merge(is_success: true))
+      render json: { message: 'success' }
+    end
+
+    private
+
+    def authenticate_header
+      authenticate_user_with_token || authenticity_error
+    end
+
+    def authenticate_user_with_token
+      Rails.logger.info('pension-ipf-callbacks-69766 - Received request, authenticating')
+      authenticate_with_http_token do |token|
+        return false if bearer_token_secret.nil?
+
+        token == bearer_token_secret
+      end
+    end
+
+    def authenticity_error
+      Rails.logger.info('pension-ipf-callbacks-69766 - Failed to authenticate request')
+      render json: { message: 'Invalid credentials' }, status: :unauthorized
+    end
+
+    def bearer_token_secret
+      Settings.dig(:pension_ipf_vanotify_status_callback, :bearer_token)
+    end
+
+    def log_params(payload)
+      {
+        key: :callbacks,
+        form_id: '21P-527EZ',
+        user_uuid: nil,
+        upstream_system: 'VANotify',
+        body: payload.merge('to' => '<FILTERED>') # scrub PII from logs
+      }
+    end
+  end
+end

app/models/pension_ipf_notification.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'json_marshal/marshaller'
+
+class PensionIpfNotification < ApplicationRecord
+  serialize :payload, JsonMarshal::Marshaller
+
+  has_kms_key
+  has_encrypted :payload, key: :kms_key, **lockbox_options
+
+  validates(:payload, presence: true)
+
+  before_save :serialize_payload
+
+  private
+
+  def serialize_payload
+    self.payload = payload.to_json unless payload.is_a?(String)
+  end
+end

app/policies/mhv_messaging_policy.rb

@@ -2,11 +2,15 @@
 
 MHVMessagingPolicy = Struct.new(:user, :mhv_messaging) do
   def access?
+    return false unless user.mhv_correlation_id
+
     client = SM::Client.new(session: { user_id: user.mhv_correlation_id })
     validate_client(client)
   end
 
   def mobile_access?
+    return false unless user.mhv_correlation_id
+
     client = Mobile::V0::Messaging::Client.new(session: { user_id: user.mhv_correlation_id })
     validate_client(client)
   end

config/features.yml

@@ -1120,6 +1120,10 @@ features:
     actor_type: user
     enable_in_development: true
     description: Allows appointment cancellations to be routed to Oracle Health sites.
+  va_online_scheduling_enable_OH_slots_search:
+    actor_type: user
+    enable_in_development: true
+    description: Toggle for routing slots search requests to the VetsAPI Gateway Service(VPG) instead of vaos-service
   va_online_scheduling_datadog_RUM:
     actor_type: user
     description: Enables datadog Real User Monitoring.
@@ -1281,6 +1285,10 @@ features:
     actor_type: user
     description: NOD VANotify notification callbacks endpoint
     enable_in_development: true
+  pension_ipf_callbacks_endpoint:
+    actor_type: user
+    description: Pension IPF VANotify notification callbacks endpoint
+    enable_in_development: true
   hlr_browser_monitoring_enabled:
     actor_type: user
     description: HLR Datadog RUM monitoring

config/initializers/01_redis.rb

@@ -4,6 +4,10 @@
 REDIS_CONFIG = Rails.application.config_for(:redis).freeze
 # set the current global instance of Redis based on environment specific config
 
-$redis = Redis.new(REDIS_CONFIG[:redis].to_hash)
-
-Redis.exists_returns_integer = true
+$redis =
+  if Rails.env.test?
+    require 'mock_redis'
+    MockRedis.new(url: REDIS_CONFIG[:redis][:url])
+  else
+    Redis.new(REDIS_CONFIG[:redis].to_h)
+  end

config/initializers/sidekiq.rb

@@ -59,6 +59,8 @@
     end
 
     # Remove the default error handler
-    config.error_handlers.delete_if { |handler| handler.is_a?(Sidekiq::ExceptionHandler::Logger) }
+    config.error_handlers.delete(Sidekiq::Config::ERROR_HANDLER)
   end
+
+  Sidekiq.strict_args!(false)
 end

config/redis.yml

@@ -197,6 +197,9 @@ test:
   <<: *defaults
   redis:
     inherit_socket: true
+    url: <%= Settings.redis.app_data.url %>
+  sidekiq:
+    url: <%= Settings.redis.sidekiq.url %>
 
 production:
   <<: *defaults

config/routes.rb

@@ -437,6 +437,7 @@
 
     scope format: false do
       resources :nod_callbacks, only: [:create]
+      resources :pension_ipf_callbacks, only: [:create]
     end
   end
 

config/settings/test.yml

@@ -417,3 +417,17 @@ ask_va:
 
 nod_vanotify_status_callback:
   bearer_token: bearer_token_secret
+
+travel_pay:
+  veis:
+    client_id: 'client_id'
+    client_secret: 'client_secret'
+    resource: 'resource_id'
+    tenant_id: 'tenant_id'
+    auth_url: 'https://auth.veis.gov'
+  subscription_key: 'api_key'
+  base_url: 'https://btsss.gov'
+  service_name: 'BTSSS-API'
+
+pension_ipf_vanotify_status_callback:
+  bearer_token: bearer_token_secret

docker-compose.test.yml

@@ -1,5 +1,7 @@
 version: '3.4'
 services:
+  redis:
+    image: redis:6.2-alpine
   postgres:
     image: mdillon/postgis:11-alpine
     command: postgres -c shared_preload_libraries=pg_stat_statements -c pg_stat_statements.track=all -c max_connections=200
@@ -21,6 +23,8 @@ services:
       "Settings.database_url": "postgis://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-password}@${POSTGRES_HOST:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DATABASE:-vets_api_development}?pool=4"
       "Settings.test_database_url": "postgis://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-password}@${POSTGRES_HOST:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DATABASE:-vets_api_test}"
       "Settings.binaries.clamdscan": "clamscan"           # Not running a separate process within the container for clamdscan, so we use clamscan which requires no daemon
+      "Settings.redis.app_data.url": "redis://redis:6379"
+      "Settings.redis.sidekiq.url": "redis://redis:6379"
       POSTGRES_HOST: "${POSTGRES_HOST:-postgres}"
       POSTGRES_PORT: "${POSTGRES_PORT:-5432}"
       POSTGRES_USER: "${POSTGRES_USER:-postgres}"
@@ -34,7 +38,9 @@ services:
       DANGER_GITHUB_API_TOKEN: "${DANGER_GITHUB_API_TOKEN}"
     depends_on:
       - postgres
+      - redis
     links:
       - postgres
+      - redis
 volumes:
   test_bundle:

lib/common/models/redis_store.rb

@@ -48,6 +48,8 @@ def initialize(attributes = {}, persisted = false)
     end
 
     def self.find(redis_key = nil)
+      return nil if redis_key.nil?
+
       response = redis_namespace.get(redis_key)
       return nil unless response