Refactor: rename EligibilityVerifier to EnrollmentFlow

.env.sample

@@ -8,7 +8,7 @@ DJANGO_DB_FILE=django.db
 DJANGO_DB_FIXTURES="benefits/core/migrations/local_fixtures.json"
 
 claims_provider_client_id=benefits-oauth-client-id
-agency_card_verifier_api_auth_key=server-auth-token
+agency_card_flow_api_auth_key=server-auth-token
 client_private_key='-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA1pt0ZoOuPEVPJJS+5r884zcjZLkZZ2GcPwr79XOLDbOi46on\nCa79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2RoxFb5QGaevnJY828NupzTNdUd0sY\nJK3kRjKUggHWuB55hwJcH/Dx7I3DNH4NL68UAlK+VjwJkfYPrhq/bl5z8ZiurvBa\n5C1mDxhFpcTZlCfxQoas7D1d+uPACF6mEMbQNd3RaIaSREO50NvNywXIIt/OmCiR\nqI7JtOcn4eyh1I4j9WtlbMhRJLfwPMAgY5epTsWcURmhVofF2wVoFbib3JGCfA7t\nz/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUViwIDAQABAoIBAQCIv0XMjNvZS9DC\nXoXGQtVpcxj6dXfaiDgnc7hZDubsNCr3JtT5NqgdIYdVNQUABNDIPNEiCkzFjuwM\nuuF2+dRzM/x6UCs/cSsCjXYBCCOwMwV/fjpEJQnwMQqwTLulVsXZYYeSUtXVBf/8\n0tVULRty34apLFhsyX30UtboXQdESfpmm5ZsqsZJlYljw+M7JxRMneQclI19y/ya\nhPWlfhLB9OffVEJXGaWx1NSYnKoCMKqE/+4krROr6V62xXaNyX6WtU6XiT7C6R5A\nPBxfhmoeFdVCF6a+Qq0v2fKThYoZnV4sn2q2An9YPfynFYnlgzdfnAFSejsqxQd0\nfxYLOtMBAoGBAP1jxjHDJngZ1N+ymw9MIpRgr3HeuMP5phiSTbY2tu9lPzQd+TMX\nfhr1bQh2Fd/vU0u7X0yPnTWtUrLlCdGnWPpXivx95GNGgUUIk2HStFdrRx+f2Qvk\nG8vtLgmSbjQ26UiHzxi9Wa0a41PWIA3TixkcFrS2X29Qc4yd6pVHmicfAoGBANjR\nZ8aaDkSKLkq5Nk1T7I0E1+mtPoH1tPV/FJClXjJrvfDuYHBeOyUpipZddnZuPGWA\nIW2tFIsMgJQtgpvgs52NFI7pQGJRUPK/fTG+Ycocxo78TkLr/RIj8Kj5brXsbZ9P\n3/WBX5GAISTSp1ab8xVgK/Tm07hGupKVqnY2lCAVAoGAIql0YjhE2ecGtLcU+Qm8\nLTnwpg4GjmBnNTNGSCfB7IuYEsQK489R49Qw3xhwM5rkdRajmbCHm+Eiz+/+4NwY\nkt5I1/NMu7vYUR40MwyEuPSm3Q+bvEGu/71pL8wFIUVlshNJ5CN60fA8qqo+5kVK\n4Ntzy7Kq6WpC9Dhh75vE3ZcCgYEAty99uXtxsJD6+aEwcvcENkUwUztPQ6ggAwci\nje9Z/cmwCj6s9mN3HzfQ4qgGrZsHpk4ycCK655xhilBFOIQJ3YRUKUaDYk4H0YDe\nOsf6gTP8wtQDH2GZSNlavLk5w7UFDYQD2b47y4fw+NaOEYvjPl0p5lmb6ebAPZb8\nFbKZRd0CgYBC1HTbA+zMEqDdY4MWJJLC6jZsjdxOGhzjrCtWcIWEGMDF7oDDEoix\nW3j2hwm4C6vaNkH9XX1dr5+q6gq8vJQdbYoExl22BGMiNbfI3+sLRk0zBYL//W6c\ntSREgR4EjosqQfbkceLJ2JT1wuNjInI0eR9H3cRugvlDTeWtbdJ5qA==\n-----END RSA PRIVATE KEY-----'
 client_public_key='-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pt0ZoOuPEVPJJS+5r88\n4zcjZLkZZ2GcPwr79XOLDbOi46onCa79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2R\noxFb5QGaevnJY828NupzTNdUd0sYJK3kRjKUggHWuB55hwJcH/Dx7I3DNH4NL68U\nAlK+VjwJkfYPrhq/bl5z8ZiurvBa5C1mDxhFpcTZlCfxQoas7D1d+uPACF6mEMbQ\nNd3RaIaSREO50NvNywXIIt/OmCiRqI7JtOcn4eyh1I4j9WtlbMhRJLfwPMAgY5ep\nTsWcURmhVofF2wVoFbib3JGCfA7tz/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUV\niwIDAQAB\n-----END PUBLIC KEY-----'
 cst_transit_processor_client_secret=secret

benefits/core/admin.py

@@ -60,8 +60,8 @@ def get_readonly_fields(self, request, obj=None):
             return super().get_readonly_fields(request, obj)
 
 
-@admin.register(models.EligibilityVerifier)
-class SortableEligibilityVerifierAdmin(SortableAdminMixin, admin.ModelAdmin):  # pragma: no cover
+@admin.register(models.EnrollmentFlow)
+class SortableEnrollmentFlowAdmin(SortableAdminMixin, admin.ModelAdmin):  # pragma: no cover
     def get_exclude(self, request, obj=None):
         if not request.user.is_superuser:
             return [

benefits/core/analytics.py

@@ -45,8 +45,8 @@ def __init__(self, request, event_type, **kwargs):
 
         agency = session.agency(request)
         agency_name = agency.long_name if agency else None
-        verifier = session.verifier(request)
-        verifier_name = verifier.name if verifier else None
+        flow = session.flow(request)
+        verifier_name = flow.name if flow else None
         eligibility_types = session.eligibility(request)
         eligibility_types = EligibilityType.get_names(eligibility_types) if eligibility_types else None
 

benefits/core/context_processors.py

@@ -12,10 +12,10 @@ def unique_values(original_list):
     return list(dict.fromkeys(original_list))
 
 
-def _agency_context(agency):
+def _agency_context(agency: models.TransitAgency):
     return {
         "eligibility_index_url": agency.eligibility_index_url,
-        "help_templates": unique_values([v.help_template for v in agency.active_verifiers if v.help_template]),
+        "help_templates": unique_values([f.help_template for f in agency.enrollment_flows.all() if f.help_template]),
         "info_url": agency.info_url,
         "long_name": agency.long_name,
         "phone": agency.phone,
@@ -48,16 +48,16 @@ def analytics(request):
 
 def authentication(request):
     """Context processor adds authentication information to request context."""
-    verifier = session.verifier(request)
+    flow = session.flow(request)
 
-    if verifier:
+    if flow:
         data = {
             "logged_in": session.logged_in(request),
         }
 
-        if verifier.uses_claims_verification:
-            data["sign_out_button_template"] = verifier.claims_provider.sign_out_button_template
-            data["sign_out_link_template"] = verifier.claims_provider.sign_out_link_template
+        if flow.uses_claims_verification:
+            data["sign_out_button_template"] = flow.claims_provider.sign_out_button_template
+            data["sign_out_link_template"] = flow.claims_provider.sign_out_link_template
 
         return {"authentication": data}
     else:

benefits/core/middleware.py

@@ -83,15 +83,15 @@ def process_request(self, request):
         return self.get_response(request)
 
 
-class VerifierSessionRequired(MiddlewareMixin):
-    """Middleware raises an exception for sessions lacking an eligibility verifier configuration."""
+class FlowSessionRequired(MiddlewareMixin):
+    """Middleware raises an exception for sessions lacking a configured enrollment flow."""
 
     def process_request(self, request):
-        if session.verifier(request):
-            logger.debug("Session configured with eligibility verifier")
+        if session.flow(request):
+            logger.debug("Session configured with enrollment flow")
             return None
         else:
-            logger.debug("Session not configured with eligibility verifier")
+            logger.debug("Session not configured with enrollment flow")
             return user_error(request)
 
 
@@ -129,9 +129,9 @@ class LoginRequired(MiddlewareMixin):
     """Middleware that checks whether a user is logged in."""
 
     def process_view(self, request, view_func, view_args, view_kwargs):
-        # only require login if verifier uses claims verification
-        verifier = session.verifier(request)
-        if not verifier or not verifier.uses_claims_verification or session.logged_in(request):
+        # only require login if flow uses claims verification
+        flow = session.flow(request)
+        if not flow or not flow.uses_claims_verification or session.logged_in(request):
             # pass through
             return None
 

benefits/core/migrations/0014_staff_group_view_permissions.py

@@ -1,12 +1,6 @@
-from django.contrib.auth.management import create_permissions
 from django.db import migrations
 
-
-def create_all_permissions(apps, schema_editor):
-    for app_config in apps.get_app_configs():
-        app_config.models_module = True
-        create_permissions(app_config, apps=apps, verbosity=0)
-        app_config.models_module = None
+from benefits.core.migrations import create_all_permissions
 
 
 def add_view_permissions(apps, schema_editor):

benefits/core/migrations/0016_refactor_paymentprocessor_transitprocessor.py

@@ -1,19 +1,12 @@
 # Generated by Django 5.0.7 on 2024-07-31 22:41
 
-from django.contrib.auth.management import create_permissions
 from django.db import migrations, models
 
+from benefits.core.migrations import create_all_permissions
 import benefits.core.models
 import benefits.secrets
 
 
-def create_all_permissions(apps, schema_editor):
-    for app_config in apps.get_app_configs():
-        app_config.models_module = True
-        create_permissions(app_config, apps=apps, verbosity=0)
-        app_config.models_module = None
-
-
 def update_permissions(apps, schema_editor):
     Group = apps.get_model("auth", "Group")
     staff_group = Group.objects.get(name="Cal-ITP")

benefits/core/migrations/0017_refactor_authprovider_claimsprovider.py

@@ -1,19 +1,12 @@
 # Generated by Django 5.0.7 on 2024-08-02 22:52
 
-from django.contrib.auth.management import create_permissions
 from django.db import migrations, models
 
+from benefits.core.migrations import create_all_permissions
 import benefits.core.models
 import benefits.secrets
 
 
-def create_all_permissions(apps, schema_editor):
-    for app_config in apps.get_app_configs():
-        app_config.models_module = True
-        create_permissions(app_config, apps=apps, verbosity=0)
-        app_config.models_module = None
-
-
 def update_permissions(apps, schema_editor):
     # delete old permissions
     Permission = apps.get_model("auth", "Permission")

benefits/core/migrations/0021_rename_eligibilityverifier_enrollmentflow.py

@@ -0,0 +1,174 @@
+# Generated by Django 5.0.7 on 2024-08-07 21:22
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+import benefits.core.models
+import benefits.secrets
+from benefits.core.migrations import create_all_permissions
+
+
+def update_permissions(apps, schema_editor):
+    Group = apps.get_model("auth", "Group")
+    staff_group = Group.objects.get(name="Cal-ITP")
+
+    Permission = apps.get_model("auth", "Permission")
+
+    remove_permissions = ["Can view", "Can change", "Can add", "Can delete"]
+    for remove_permission in remove_permissions:
+        current_permission = Permission.objects.get(name=f"{remove_permission} eligibility verifier")
+        staff_group.permissions.remove(current_permission)
+        current_permission.delete()
+
+    add_permissions = ["Can view", "Can change"]
+    for add_permission in add_permissions:
+        new_permission = Permission.objects.get(name=f"{add_permission} enrollment flow")
+        staff_group.permissions.add(new_permission)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("core", "0020_refactor_idg_config_eligibilityverifier"),
+    ]
+
+    operations = [
+        migrations.RenameModel(
+            old_name="EligibilityVerifier",
+            new_name="EnrollmentFlow",
+        ),
+        migrations.RenameField(
+            model_name="transitagency",
+            old_name="eligibility_verifiers",
+            new_name="enrollment_flows",
+        ),
+        migrations.RemoveField(
+            model_name="enrollmentflow",
+            name="active",
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="claims_provider",
+            field=models.ForeignKey(
+                blank=True,
+                help_text="An entity that provides claims for eligibility verification for this flow.",
+                null=True,
+                on_delete=django.db.models.deletion.PROTECT,
+                to="core.claimsprovider",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="eligibility_api_auth_header",
+            field=models.TextField(
+                blank=True, help_text="The auth header to send in Eligibility API requests for this flow.", null=True
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="eligibility_api_auth_key_secret_name",
+            field=benefits.core.models.SecretNameField(
+                blank=True,
+                help_text="The name of a secret containing the value of the auth header to send in Eligibility API requests for this flow.",  # noqa: E501
+                max_length=127,
+                null=True,
+                validators=[benefits.secrets.SecretNameValidator()],
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="eligibility_api_jwe_cek_enc",
+            field=models.TextField(
+                blank=True,
+                help_text="The JWE-compatible Content Encryption Key (CEK) key-length and mode to use in Eligibility API requests for this flow.",  # noqa: E501
+                null=True,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="eligibility_api_jwe_encryption_alg",
+            field=models.TextField(
+                blank=True,
+                help_text="The JWE-compatible encryption algorithm to use in Eligibility API requests for this flow.",
+                null=True,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="eligibility_api_jws_signing_alg",
+            field=models.TextField(
+                blank=True,
+                help_text="The JWS-compatible signing algorithm to use in Eligibility API requests for this flow.",
+                null=True,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="eligibility_api_public_key",
+            field=models.ForeignKey(
+                blank=True,
+                help_text="The public key used to encrypt Eligibility API requests and to verify signed Eligibility API responses for this flow.",  # noqa: E501
+                null=True,
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name="+",
+                to="core.pemdata",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="eligibility_api_url",
+            field=models.TextField(
+                blank=True, help_text="Fully qualified URL for an Eligibility API server used by this flow.", null=True
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="eligibility_form_class",
+            field=models.TextField(
+                blank=True,
+                help_text="The fully qualified Python path of a form class used by this flow, e.g. benefits.eligibility.forms.FormClass",  # noqa: E501
+                null=True,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="eligibility_start_template",
+            field=models.TextField(
+                default="eligibility/start.html",
+                help_text="Path to a Django template for the informational page of this flow.",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="eligibility_unverified_template",
+            field=models.TextField(
+                default="eligibility/unverified.html",
+                help_text="Path to a Django template that defines the page when a user fails eligibility verification for this flow.",  # noqa: E501
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="help_template",
+            field=models.TextField(
+                blank=True,
+                help_text="Path to a Django template that defines the help text for this enrollment flow, used in building the dynamic help page for an agency",  # noqa: E501
+                null=True,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="name",
+            field=models.TextField(
+                help_text="Primary internal system name for this EnrollmentFlow instance, e.g. in analytics and Eligibility API requests."  # noqa: E501
+            ),
+        ),
+        migrations.AlterField(
+            model_name="enrollmentflow",
+            name="selection_label_template",
+            field=models.TextField(
+                help_text="Path to a Django template that defines the end-user UI for selecting this flow among other options."
+            ),
+        ),
+        migrations.RunPython(create_all_permissions),
+        migrations.RunPython(update_permissions),
+    ]

benefits/core/migrations/__init__.py

@@ -0,0 +1,8 @@
+from django.contrib.auth.management import create_permissions
+
+
+def create_all_permissions(apps, schema_editor):
+    for app_config in apps.get_app_configs():
+        app_config.models_module = True
+        create_permissions(app_config, apps=apps, verbosity=0)
+        app_config.models_module = None