[Spike] Decrypting password protected documents

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:

https://depo-platform-documentation.scrollhelp.site/index.html

281 stars 197 forks source link

[Spike] Decrypting password protected documents #91069

Closed lisacapaccioli closed 2 weeks ago

lisacapaccioli commented 3 weeks ago

Today in production users can upload evidence documents that are password protected and the system doesn't know the password, the document is considered a failure.

The purpose of this spike is to research and confirm both the user experience and system performance in the situation where a Veteran/user uploaded a password protected document as evidence and how it is handled.

Example of some of the things we should be checking for:

[x] Is there something in production today that would recognize that the document is protected/locked?
[x] If yes, is there something that notifies the user that a password is required?
[x] If yes, does this notification also ask the user to provide the password?
[x] Is decrypting the file successful in the system? (in other words, does it work)
[ ] If we are able to decrypt the document is LH able to accept it then?
```
### Tasks
```
[ ] Report on the findings, include screen shots and message content if possible.

ajones446 commented 3 weeks ago

On staging, locked PDFs are checked during the upload supporting evidence step. Overview of the user's perspective:

If a locked PDF is added, the password is requested. The file cannot be added without the correct password.

Screenshot 2024-08-21 at 4 06 22 PM

This error message appears if the password is incorrect: Error We couldn’t unlock your PDF. Save the PDF without a password and try again.

Screenshot 2024-08-21 at 4 21 42 PM

When the correct password is entered, this message is displayed: The PDF password has been added.

lisacapaccioli commented 3 weeks ago

Thanks @ajones446. I think the last thing we need to confirm from the list above is whether once it's decrypted if LH is able to accept it. I don't want to assume that will work.

Honestly I am not sure how this all works, do we actually decrypt it and store it that way so that the adjudicator doesn't need the password, or do we save the password and the adjudicator has access to it and knows to use it???

ajones446 commented 2 weeks ago

Honestly I am not sure how this all works, do we actually decrypt it and store it that way so that the adjudicator doesn't need the password, or do we save the password and the adjudicator has access to it and knows to use it???

Quick update @lisacapaccioli: We store and send the file as a decrypted PDF. The adjudicator does not need the password to open it.

ajones446 commented 2 weeks ago

Thanks @ajones446. I think the last thing we need to confirm from the list above is whether once it's decrypted if LH is able to accept it. I don't want to assume that will work.

Confirming all the LH requirements will be part of the next spike: #91097 LH migration for evidence uploads error responses