18F · amirbey · Mar 1, 2024 · Mar 1, 2024 · Mar 1, 2024 · Mar 4, 2024
diff --git a/app/controllers/idv/capture_doc_status_controller.rb b/app/controllers/idv/capture_doc_status_controller.rb
@@ -33,7 +33,7 @@ def status
         elsif session_result.blank? || pending_barcode_attention_confirmation? ||
               redo_document_capture_pending?
           :accepted
-        elsif !session_result.success?
+        elsif !session_result.success?(selfie_required: decorated_sp_session.selfie_required?)
           :unauthorized
         else
           :ok

diff --git a/app/controllers/idv/document_capture_controller.rb b/app/controllers/idv/document_capture_controller.rb
@@ -25,15 +25,17 @@ def update
       # Not used in standard flow, here for data consistency with hybrid flow.
       document_capture_session.confirm_ocr
 
-      result = handle_stored_result
-      analytics.idv_doc_auth_document_capture_submitted(**result.to_h.merge(analytics_arguments))
+      form_response = handle_stored_result
+      analytics.idv_doc_auth_document_capture_submitted(
+        **form_response.to_h.merge(analytics_arguments),
+      )
 
       Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
         call('document_capture', :update, true)
 
       cancel_establishing_in_person_enrollments
 
-      if result.success?
+      if form_response.success?
         redirect_to idv_ssn_url
       else
         redirect_to idv_document_capture_url
@@ -98,7 +100,8 @@ def analytics_arguments
     end
 
     def handle_stored_result
-      if stored_result&.success? && selfie_requirement_met?
+      if stored_result&.success?(selfie_required: decorated_sp_session.selfie_required?) &&
+         selfie_requirement_met?
         save_proofing_components(current_user)
         extract_pii_from_doc(current_user, store_in_session: true)
         flash[:success] = t('doc_auth.headings.capture_complete')

diff --git a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb
@@ -20,15 +20,17 @@ def show
 
       def update
         document_capture_session.confirm_ocr
-        result = handle_stored_result
+        form_response = handle_stored_result
 
-        analytics.idv_doc_auth_document_capture_submitted(**result.to_h.merge(analytics_arguments))
+        analytics.idv_doc_auth_document_capture_submitted(
+          **form_response.to_h.merge(analytics_arguments),
+        )
 
         Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer]).
           call('document_capture', :update, true)
 
         # rate limiting redirect is in ImageUploadResponsePresenter
-        if result.success?
+        if form_response.success?
           flash[:success] = t('doc_auth.headings.capture_complete')
           redirect_to idv_hybrid_mobile_capture_complete_url
         else
@@ -63,7 +65,8 @@ def analytics_arguments
       end
 
       def handle_stored_result
-        if stored_result&.success? && selfie_requirement_met?
+        if stored_result&.success?(selfie_required: decorated_sp_session.selfie_required?) &&
+           selfie_requirement_met?
           save_proofing_components(document_capture_user)
           extract_pii_from_doc(document_capture_user)
           successful_response
@@ -74,7 +77,8 @@ def handle_stored_result
       end
 
       def confirm_document_capture_needed
-        return unless stored_result&.success?
+        return unless stored_result&.
+          success?(selfie_required: decorated_sp_session.selfie_required?)
         return if redo_document_capture_pending?
 
         redirect_to idv_hybrid_mobile_capture_complete_url

diff --git a/app/controllers/idv/link_sent_controller.rb b/app/controllers/idv/link_sent_controller.rb
@@ -80,7 +80,8 @@ def render_step_incomplete_error
     end
 
     def take_photo_with_phone_successful?
-      stored_result&.success? && selfie_requirement_met?
+      stored_result&.success?(selfie_required: decorated_sp_session.selfie_required?) &&
+        selfie_requirement_met?
     end
   end
 end
diff --git a/app/services/doc_auth/lexis_nexis/responses/true_id_response.rb b/app/services/doc_auth/lexis_nexis/responses/true_id_response.rb
@@ -103,12 +103,13 @@ def billed?
         end
 
         # @return [:success, :fail, :not_processed]
-        # When selfie result is missing, return :not_processed
+        # When selfie result is missing or not requested:
+        #  return :not_processed
         # Otherwise:
         #   return :success if selfie check result == 'Pass'
         #   return :fail
         def selfie_status
-          return :not_processed if selfie_result.nil?
+          return :not_processed if selfie_result.nil? || !@liveness_checking_enabled
           selfie_result == 'Pass' ? :success : :fail
         end
 

diff --git a/app/services/doc_auth/mock/result_response.rb b/app/services/doc_auth/mock/result_response.rb
@@ -86,7 +86,7 @@ def pii_from_doc
       end
 
       def success?
-        doc_auth_success? && (selfie_check_performed? ? selfie_passed? : true)
+        doc_auth_success? && (@selfie_required ? selfie_passed? : true)
       end
 
       def attention_with_barcode?

diff --git a/app/services/doc_auth/selfie_concern.rb b/app/services/doc_auth/selfie_concern.rb
@@ -29,7 +29,7 @@ def selfie_check_performed?
       SELFIE_PERFORMED_STATUSES.include?(selfie_status)
     end
 
-  private
+    private
 
     SELFIE_PERFORMED_STATUSES = %i[success fail]
 
@@ -43,5 +43,5 @@ def selfie_check_performed?
     def get_portrait_error(portrait_match_results)
       portrait_match_results&.with_indifferent_access&.dig(:FaceErrorMessage)
     end
-end
+  end
 end
diff --git a/app/services/document_capture_session_result.rb b/app/services/document_capture_session_result.rb
@@ -26,9 +26,9 @@ def selfie_status
     self[:selfie_status].to_sym
   end
 
-  def success_status
+  def success_status(selfie_required:)
     # doc_auth_success : including document, attention_with_barcode and id type verification
-    !!doc_auth_success && selfie_status != :fail && !!pii
+    !!doc_auth_success && (selfie_required ? selfie_status == :success : true) && !!pii
   end
 
   alias_method :success?, :success_status

diff --git a/spec/controllers/idv/image_uploads_controller_spec.rb b/spec/controllers/idv/image_uploads_controller_spec.rb
@@ -8,6 +8,7 @@
   let(:back_image) { DocAuthImageFixtures.document_back_image_multipart }
   let(:selfie_img) { nil }
   let(:state_id_number) { 'S59397998' }
+  let(:liveness_checking_required) { false }
 
   describe '#create' do
     subject(:action) do
@@ -354,6 +355,7 @@
       context 'selfie included' do
         let(:back_image) { DocAuthImageFixtures.portrait_match_success_yaml }
         let(:selfie_img) { DocAuthImageFixtures.selfie_image_multipart }
+        let(:liveness_checking_required) { true }
 
         before do
           allow(controller.decorated_sp_session).to receive(:selfie_required?).and_return(true)
@@ -368,15 +370,19 @@
               image_source: :unknown,
               user_uuid: an_instance_of(String),
               uuid_prefix: nil,
-              liveness_checking_required: true,
+              liveness_checking_required: liveness_checking_required,
               images_cropped: false,
             ).and_call_original
 
           action
 
           expect(response.status).to eq(200)
           expect(json[:success]).to eq(true)
-          expect(document_capture_session.reload.load_result.success?).to eq(true)
+          expect(
+            document_capture_session.reload.load_result.success?(
+              selfie_required: liveness_checking_required,
+            ),
+          ).to eq(true)
           expect(document_capture_session.reload.load_result.selfie_check_performed?).to eq(true)
         end
       end
@@ -390,15 +396,18 @@
             image_source: :unknown,
             user_uuid: an_instance_of(String),
             uuid_prefix: nil,
-            liveness_checking_required: false,
+            liveness_checking_required: liveness_checking_required,
             images_cropped: false,
           ).and_call_original
 
         action
 
         expect(response.status).to eq(200)
         expect(json[:success]).to eq(true)
-        expect(document_capture_session.reload.load_result.success?).to eq(true)
+        expect(
+          document_capture_session.reload.load_result.
+            success?(selfie_required: liveness_checking_required),
+        ).to eq(true)
       end
 
       it 'tracks events' do
@@ -1271,12 +1280,17 @@
 
       let(:back_image) { DocAuthImageFixtures.portrait_match_success_yaml }
       let(:selfie_img) { DocAuthImageFixtures.selfie_image_multipart }
+      let(:liveness_checking_required) { true }
 
       it 'returns a successful response' do
         action
         expect(response.status).to eq(200)
         expect(json[:success]).to eq(true)
-        expect(document_capture_session.reload.load_result.success?).to eq(true)
+        expect(
+          document_capture_session.reload.load_result.success?(
+            selfie_required: liveness_checking_required,
+          ),
+        ).to eq(true)
         expect(document_capture_session.reload.load_result.selfie_check_performed?).to eq(true)
       end
 
@@ -1296,7 +1310,11 @@
         action
         expect(response.status).to eq(200)
         expect(json[:success]).to eq(true)
-        expect(document_capture_session.reload.load_result.success?).to eq(true)
+        expect(
+          document_capture_session.reload.load_result.success?(
+            selfie_required: liveness_checking_required,
+          ),
+        ).to eq(true)
       end
     end
   end

diff --git a/spec/features/idv/doc_auth/document_capture_spec.rb b/spec/features/idv/doc_auth/document_capture_spec.rb
@@ -192,11 +192,18 @@
         expect_step_indicator_current_step(t('step_indicator.flows.idv.verify_id'))
         expect(page).not_to have_content(t('doc_auth.headings.document_capture_selfie'))
 
-        attach_and_submit_images
+        # doc auth is successful while liveness is not req'd
+        attach_images(
+          Rails.root.join(
+            'spec', 'fixtures',
+            'ial2_test_credential_no_liveness.yml'
+          ),
+        )
+        submit_images
 
         expect(page).to have_current_path(idv_ssn_url)
         expect_costing_for_document
-        expect(DocAuthLog.find_by(user_id: user.id).state).to eq('MT')
+        expect(DocAuthLog.find_by(user_id: user.id).state).to eq('NY')
 
         expect(page).to have_current_path(idv_ssn_url)
         fill_out_ssn_form_ok

diff --git a/spec/models/document_capture_session_spec.rb b/spec/models/document_capture_session_spec.rb
@@ -54,7 +54,7 @@
       record.store_result_from_response(doc_auth_response)
       result = record.load_result
 
-      expect(result.success?).to eq(doc_auth_response.success?)
+      expect(result.success?(selfie_required: true)).to eq(doc_auth_response.success?)
       expect(result.pii).to eq(doc_auth_response.pii_from_doc.deep_symbolize_keys)
     end