Bug - New user cannot be created as SBC User

[rstens]

We created 2 new test ids (See: https://bcgov.sharepoint.com/:x:/r/teams/09399/Shared%20Documents/Product-Scrum%20Team%20Chat/LTSA%20Test%20Accounts.csv?d=w93c41235b128494b9adfd5593814c554&csf=1&web=1&e=35uyog)

The first time logging in, the app goes to the finalization Page and tries to create the user in the SBC DB. It fails to do that with no msg in the UI.

However, the network trace shows:

• OPTIONS Call to https://strr-api-dev-i2rbretwta-nn.a.run.app/account/sbc (200 OK)
• POST Call to https://strr-api-dev-i2rbretwta-nn.a.run.app/account/sbc (502 Bad Gateway)
• Payload:

  {phone: "6048313629", phoneExtension: "", email: "roland.stens@gmail.com", name: "Main Account"}

  {"details":[],"message":"3rd party service error while processing request."}

Acceptance Criteria

Generated by Zenhub AI

• [ ] Scenario: New LTSA user creation as SBC User
  • Given a new test ID is created for an LTSA user
  • When the app tries to create the user in the SBC DB
  • Then the app should successfully create the user without any error messages

• [ ] Scenario: Network trace of LTSA user creation as SBC User
  • Given a new test ID is created for an LTSA user
  • When the app tries to create the user in the SBC DB
  • Then the network trace should show successful calls with no errors

[rstens]

Test can commence with these new users as the accounts are created through https://dev.account.bcregistry.gov.bc.ca/setup-account

@kris-daxiom Has identified an issue that needs to be addressed.

See discussion in Team Chat

[jdyck-fw]

No longer blocked, but if there's still work to do this needs an estimate to help us not overload the sprint. Adding an estimate as best we can with you absent @kris-daxiom

[kris-daxiom]

@jdyck-fw I am not aware of any open issues blocking this. @rstens should be able to help us verify that this is working as expected

[kris-daxiom]

@rstens - To simulate a new user, the user needs to be removed from keycloak, sbc auth and STRR db

[rstens]

I suggest we use/remove user: myLTSA05 (bcsc/l7v6ce7gpph5x5a3eoghb75e6fkzmmei)

[kris-daxiom]

@rstens The user is removed from dev keycloak

[qudsia-khan-fw]

1. Clear out KeyCloak (done)
2. SBC auth and RDB need to be cleaned out (Roland to do)
3. Create user

[rstens]

STRR-DB Clear out SQL:

delete from events where user_id = 19;
delete from registration where user_id = 19;
delete from application where submitter_id = 19;
delete from users where id =19;

Delete from SBC Connect:

• Login as user
• Deactivate account

[rstens]

FAILED

Before I started I cleared out:

• Keycloak
• auth-db (Through SBC Connect UI)
• STRR DB (Manually) So this reflects a BCSC user who for the very first time interacts with Registries through STRR.

Steps

• Login with: myLTSA05/98900005

• Forwarded to finalization 3 Errors:

  1. https://strr-api-dev-i2rbretwta-nn.a.run.app/accounts, 502 bad gateway, {details: [], message: "3rd party service error while processing request."}
  2. https://pay-api-dev.apps.silver.devops.gov.bc.ca/api/v1/fees/STRR/RENTAL_FEE, 401 Unauthorized, {code: "missing_a_valid_role", description: "Missing a role required to access this endpoint"}
  3. https://strr-api-dev-i2rbretwta-nn.a.run.app/users/tos, 502 Bad Gateway

• Fill out the page

  

• Click Save& Start Registration

2 Errors:

1. https://pay-api-dev.apps.silver.devops.gov.bc.ca/api/v1/fees/STRR/RENTAL_FEE, 401 UNAUTHORIZED, {code: "missing_a_valid_role", description: "Missing a role required to access this endpoint"}
2. https://strr-api-dev-i2rbretwta-nn.a.run.app/accounts, 502 Bad Gateway, {phone: "6048313629", phoneExtension: "", email: "roland.stens@gmail.com",…}, {"details":[],"message":"Error checking if SBC account name already exists."}

Now the application hangs.

Next Steps

• Logout
• Login again: myLTSA05/98900005 2 errors:
  1. https://pay-api-dev.apps.silver.devops.gov.bc.ca/api/v1/fees/STRR/RENTAL_FEE, 401 Unauthorized, {code: "missing_a_valid_role", description: "Missing a role required to access this endpoint"}
  2. https://strr-api-dev-i2rbretwta-nn.a.run.app/users/tos, 502 Bad Gateway

Newly entered info (different from the first time)

Click Save& Start Registration 1 error:

1. https://strr-api-dev-i2rbretwta-nn.a.run.app/accounts, 502 Bad Gateway, {phone: "1234567890", phoneExtension: "", email: "test@test.ca",…}, {"details":[],"message":"Error checking if SBC account name already exists."}

Additional Observations

Even known users (in SBC Connect) that have never visited STRR, run into issues with the accounts call.

[dimak1]

I tried with myLTSA05 user credentials, and it seems to be a backend issue:

[kris-daxiom]

@dimak1 @rstens I see issues with the Auth accounts endpoints and I am talking to Patrick Wei about this. But if the account of tos has an error, are we still going to create registration stepper page? Are we not showing any error pop up and preventing further navigation?

[dimak1]

@kris-daxiom this is more of a design question for Andy @andyyanggov.

[rstens]

@kris-daxiom For a brand new User entering for the first time, TOS should be there.

BTW, for users with no SBC connect could we simply not send them to SBC connect to get account created? Would save us some time here.

[mbertucci]

Lekshmi to discuss with Patrick Wei to discuss any changes to authorization to let us know so we are aware.

[kris-daxiom]

API is working fine. We need to revisit the account UI flow @dimak1 @mbertucci @andyyanggov .

1. When a new account is created, unless you logout and login, the account is not selected in the header as shown below. This will cause all subsequent operations to fail.

2. Automatic redirection to create sbc account page is not happening when you enter https://strr-ui-dev.web.app/application-status/ or https://strr-ui-dev.web.app/create-account
3. When tos is accepted, even when there is no account, it gets redirected to the create-account page.

Private Zenhub Video

[mbertucci]

after the user authenticates with BC Services Card Account they need to go to https://strr-ui-dev.web.app/account-select/

[mbertucci]

@kris-daxiom - to do the api validation to ensure that the user cannot create a duplicate account in the same session (not sure if this captures what lekshmi said)

[jdyck-fw]

Cannot close this off until the FE work is done.

[mbertucci]

@kris-daxiom assigning to you as you mentioned creating an API validation to ensure the user cannot create a duplicate account .. see above. If you have please add it as a dependency to this ticket

If UI work needs to be done can you also create a ticket for that and link it to this story?

Thank you,

[jdyck-fw]

If it's a duplicate name it adds a suffix, so not required for now.

[mbertucci]

@dimak1 can you move this one along with the Host UI

[dimak1]

@rstens, is this still relevant, the bug description? If users can be created, even with a different name (with additional suffix) then it might not be a bug anymore.

[mbertucci]

Hey, yes, I changed the title so that it was relevant

---

From: Dima K @.> Sent: 30 October 2024 2:00 PM To: entity @.> Cc: Bertucci, Mikaela CITZ:EX @.>; Assign @.> Subject: Re: [bcgov/entity] Bug - New user cannot be created as SBC User (Issue #22909)

[EXTERNAL] This email came from an external source. Only open attachments or links that you are expecting from a known sender.

@rstenshttps://github.com/rstens, is this still relevant, the bug description? If users can be created, even with a different name (with additional suffix) then it might not be a bug anymore.

— Reply to this email directly, view it on GitHubhttps://github.com/bcgov/entity/issues/22909#issuecomment-2448369882, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANF3VC3Y3CDNHIIJOXQIVATZ6FCFPAVCNFSM6AAAAABM4QK5ASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINBYGM3DSOBYGI. You are receiving this because you were assigned.Message ID: @.***>

[jdyck-fw]

Closing as a duplicate of 23957