Log session answers to rollbar

Some of the errors in rollbar are tricky to debug as we don't know what answers the claimant provided. This commit adds a mechanism for flagging attributes as PII and updates the ClaimsController to include the non pii attributes in the Rollbar scope such that they are available in Rollbar.
DFE-Digital · Dec 30, 2024 · 4e32654 · 4e32654
1 parent 2cd7f30
commit 4e32654
Show file tree

Hide file tree

Showing 6 changed files with 74 additions and 38 deletions.
diff --git a/app/controllers/claims_controller.rb b/app/controllers/claims_controller.rb
@@ -10,6 +10,7 @@ class ClaimsController < BasePublicController
   before_action :prepend_view_path_for_journey
   before_action :persist_claim, only: [:new, :create]
   before_action :handle_magic_link, only: [:new], if: -> { journey.start_with_magic_link? }
+  before_action :add_answers_to_rollbar_context, only: [:show, :update]
   after_action :update_session_with_current_slug, only: [:update]
 
   include AuthorisedSlugs
@@ -129,4 +130,10 @@ def handle_magic_link
     end
     redirect_to_next_slug if claim_in_progress?
   end
+
+  def add_answers_to_rollbar_context
+    return unless journey_session
+
+    Rollbar.scope!(answers: journey_session.answers.attributes_with_pii_redacted)
+  end
 end
diff --git a/app/models/concerns/journeys/sessions/pii_attributes.rb b/app/models/concerns/journeys/sessions/pii_attributes.rb
@@ -0,0 +1,28 @@
+module Journeys
+  module Sessions
+    module PiiAttributes
+      extend ActiveSupport::Concern
+
+      included do
+        class_attribute :pii_attributes, default: [], instance_writer: false
+      end
+
+      class_methods do
+        def attribute(name, type = nil, **options)
+          pii_attributes << name if options.delete(:pii)
+          super
+        end
+      end
+
+      def attributes_with_pii_redacted
+        attributes.map do |key, value|
+          if pii_attributes.include?(key.to_sym) && value.present?
+            [key, "[PII]"]
+          else
+            [key, value]
+          end
+        end.to_h
+      end
+    end
+  end
+end
diff --git a/app/models/journeys/early_years_payment/provider/authenticated/session_answers.rb b/app/models/journeys/early_years_payment/provider/authenticated/session_answers.rb
@@ -5,17 +5,17 @@ module Authenticated
         class SessionAnswers < Journeys::SessionAnswers
           attribute :consent_given, :boolean
           attribute :nursery_urn
-          attribute :paye_reference
+          attribute :paye_reference, pii: true
           attribute :start_date, :date
           attribute :child_facing_confirmation_given, :boolean
           attribute :returning_within_6_months, :boolean
           attribute :returner_worked_with_children, :boolean
           attribute :returner_contract_type
-          attribute :practitioner_email_address
-          attribute :provider_contact_name
-          attribute :provider_email_address
-          attribute :practitioner_first_name
-          attribute :practitioner_surname
+          attribute :practitioner_email_address, pii: true
+          attribute :provider_contact_name, pii: true
+          attribute :provider_email_address, pii: true
+          attribute :practitioner_first_name, pii: true
+          attribute :practitioner_surname, pii: true
 
           def policy
             Policies::EarlyYearsPayments

diff --git a/app/models/journeys/further_education_payments/provider/session_answers.rb b/app/models/journeys/further_education_payments/provider/session_answers.rb
@@ -7,12 +7,12 @@ class SessionAnswers < Journeys::SessionAnswers
         attribute :dfe_sign_in_uid, :string
         attribute :dfe_sign_in_organisation_id, :string
         attribute :dfe_sign_in_organisation_ukprn, :string
-        attribute :dfe_sign_in_organisation_name, :string
+        attribute :dfe_sign_in_organisation_name, :string, pii: true
         attribute :dfe_sign_in_service_access, :boolean, default: false
         attribute :dfe_sign_in_role_codes, default: []
-        attribute :dfe_sign_in_first_name, :string
-        attribute :dfe_sign_in_last_name, :string
-        attribute :dfe_sign_in_email, :string
+        attribute :dfe_sign_in_first_name, :string, pii: true
+        attribute :dfe_sign_in_last_name, :string, pii: true
+        attribute :dfe_sign_in_email, :string, pii: true
 
         def claim
           @claim ||= Claim.includes(eligibility: :school).find(claim_id)

diff --git a/app/models/journeys/get_a_teacher_relocation_payment/session_answers.rb b/app/models/journeys/get_a_teacher_relocation_payment/session_answers.rb
@@ -9,8 +9,8 @@ class SessionAnswers < Journeys::SessionAnswers
       attribute :visa_type, :string
       attribute :date_of_entry, :date
       attribute :nationality, :string
-      attribute :passport_number, :string
-      attribute :school_headteacher_name, :string
+      attribute :passport_number, :string, pii: true
+      attribute :school_headteacher_name, :string, pii: true
 
       def policy
         Policies::InternationalRelocationPayments

diff --git a/app/models/journeys/session_answers.rb b/app/models/journeys/session_answers.rb
@@ -4,46 +4,47 @@ class SessionAnswers
     include ActiveModel::Attributes
     include ActiveModel::Dirty
     include Sessions::TeacherId
+    include Sessions::PiiAttributes
 
     attribute :current_school_id, :string # UUID
-    attribute :address_line_1, :string
-    attribute :address_line_2, :string
-    attribute :address_line_3, :string
-    attribute :address_line_4, :string
-    attribute :postcode, :string
+    attribute :address_line_1, :string, pii: true
+    attribute :address_line_2, :string, pii: true
+    attribute :address_line_3, :string, pii: true
+    attribute :address_line_4, :string, pii: true
+    attribute :postcode, :string, pii: true
     attribute :date_of_birth, :date
-    attribute :teacher_reference_number, :string
-    attribute :national_insurance_number, :string
-    attribute :email_address, :string
-    attribute :bank_sort_code, :string
-    attribute :bank_account_number, :string
+    attribute :teacher_reference_number, :string, pii: true
+    attribute :national_insurance_number, :string, pii: true
+    attribute :email_address, :string, pii: true
+    attribute :bank_sort_code, :string, pii: true
+    attribute :bank_account_number, :string, pii: true
     attribute :payroll_gender, :string
-    attribute :first_name, :string
-    attribute :middle_name, :string
-    attribute :surname, :string
-    attribute :banking_name, :string
-    attribute :building_society_roll_number, :string
+    attribute :first_name, :string, pii: true
+    attribute :middle_name, :string, pii: true
+    attribute :surname, :string, pii: true
+    attribute :banking_name, :string, pii: true
+    attribute :building_society_roll_number, :string, pii: true
     attribute :academic_year, AcademicYear::Type.new
     attribute :bank_or_building_society, :string
     attribute :provide_mobile_number, :boolean
-    attribute :mobile_number, :string
+    attribute :mobile_number, :string, pii: true
     attribute :email_verified, :boolean
-    attribute :email_verification_secret, :string
+    attribute :email_verification_secret, :string, pii: true
     attribute :mobile_verified, :boolean
-    attribute :mobile_verification_secret, :string
+    attribute :mobile_verification_secret, :string, pii: true
     attribute :hmrc_bank_validation_succeeded, :boolean
     attribute :hmrc_bank_validation_responses, default: []
     attribute :logged_in_with_tid, :boolean
     attribute :logged_in_with_onelogin, :boolean
     attribute :identity_confirmed_with_onelogin, :boolean
     attribute :details_check, :boolean
-    attribute :teacher_id_user_info, default: {}
-    attribute :onelogin_user_info, default: {}
-    attribute :onelogin_credentials, default: {}
+    attribute :teacher_id_user_info, default: {}, pii: true
+    attribute :onelogin_user_info, default: {}, pii: true
+    attribute :onelogin_credentials, default: {}, pii: true
     attribute :onelogin_uid, :string
 
-    attribute :onelogin_idv_first_name, :string
-    attribute :onelogin_idv_last_name, :string
+    attribute :onelogin_idv_first_name, :string, pii: true
+    attribute :onelogin_idv_last_name, :string, pii: true
     attribute :onelogin_idv_date_of_birth, :date
 
     attribute :onelogin_auth_at, :datetime
@@ -59,9 +60,9 @@ class SessionAnswers
     attribute :hmrc_validation_attempt_count, :integer
     attribute :reminder_id, :string
 
-    attribute :reminder_full_name, :string
-    attribute :reminder_email_address, :string
-    attribute :reminder_otp_secret, :string
+    attribute :reminder_full_name, :string, pii: true
+    attribute :reminder_email_address, :string, pii: true
+    attribute :reminder_otp_secret, :string, pii: true
     attribute :reminder_otp_confirmed, :boolean, default: false # whether or not they have confirmed email via otp
 
     def has_attribute?(name)