18F · dawei-nava · Mar 29, 2024 · Mar 14, 2024 · Mar 14, 2024 · Mar 15, 2024
diff --git a/app/controllers/idv/document_capture_controller.rb b/app/controllers/idv/document_capture_controller.rb
@@ -7,7 +7,7 @@ class DocumentCaptureController < ApplicationController
     include StepIndicatorConcern
 
     before_action :confirm_not_rate_limited, except: [:update]
-    before_action :confirm_step_allowed
+    before_action :confirm_step_allowed, unless: -> { allow_direct_ipp? }
     before_action :override_csp_to_allow_acuant
 
     def show
@@ -47,6 +47,7 @@ def extra_view_variables
         sp_name: decorated_sp_session.sp_name,
         failure_to_proof_url: return_to_sp_failure_to_proof_url(step: 'document_capture'),
         skip_doc_auth: idv_session.skip_doc_auth,
+        skip_doc_auth_from_handoff: idv_session.skip_doc_auth_from_handoff,
         opted_in_to_in_person_proofing: idv_session.opted_in_to_in_person_proofing,
         doc_auth_selfie_capture: decorated_sp_session.selfie_required?,
       }.merge(
@@ -62,6 +63,7 @@ def self.step_info
         preconditions: ->(idv_session:, user:) {
                          idv_session.flow_path == 'standard' && (
                            # mobile
+                           idv_session.skip_doc_auth_from_handoff ||
                            idv_session.skip_hybrid_handoff ||
                             idv_session.skip_doc_auth ||
                             !idv_session.selfie_check_required || # desktop but selfie not required
@@ -109,5 +111,22 @@ def handle_stored_result
         failure(I18n.t('doc_auth.errors.general.network_error'), extra)
       end
     end
+
+    def allow_direct_ipp?
+      return false unless idv_session.welcome_visited &&
+                          idv_session.idv_consent_given
+      # not allowed when no step param and action:show(get request)
+      return false if params[:step].blank? || params[:action].to_s != 'show' ||
+                      idv_session.flow_path == 'hybrid'
+      # Only allow direct access to document capture if IPP available
+      return false unless IdentityConfig.store.in_person_doc_auth_button_enabled &&
+                          Idv::InPersonConfig.enabled_for_issuer?(decorated_sp_session.sp_issuer)
 idv_in_person_url: (IdentityConfig.store.in_person_doc_auth_button_enabled && Idv::InPersonConfig.enabled_for_issuer?(decorated_sp_session.sp_issuer)) ? idv_in_person_url : nil, 
 idv_in_person_url: (IdentityConfig.store.in_person_doc_auth_button_enabled && Idv::InPersonConfig.enabled_for_issuer?(decorated_sp_session.sp_issuer)) ? idv_in_person_url : nil, 
+      @previous_step_url = params[:step] == 'hybrid_handoff' ? idv_hybrid_handoff_path : nil
+      # allow
+      idv_session.flow_path = 'standard'
+      idv_session.skip_doc_auth_from_handoff = true
+      idv_session.skip_hybrid_handoff = nil
+      true
+    end
   end
 end
diff --git a/app/controllers/idv/hybrid_handoff_controller.rb b/app/controllers/idv/hybrid_handoff_controller.rb
@@ -13,6 +13,11 @@ def show
       @upload_disabled = idv_session.selfie_check_required &&
                          !idv_session.desktop_selfie_test_mode_enabled?
 
+      @direct_ipp_with_selfie_enabled = IdentityConfig.store.in_person_doc_auth_button_enabled &&
+                                        Idv::InPersonConfig.enabled_for_issuer?(
+                                          decorated_sp_session.sp_issuer,
+                                        )
+
       @selfie_required = idv_session.selfie_check_required
 
       analytics.idv_doc_auth_hybrid_handoff_visited(**analytics_arguments)
@@ -22,6 +27,8 @@ def show
         true
       )
 
+      # reset if we visit or come back
+      idv_session.skip_doc_auth_from_handoff = nil
       render :show, locals: extra_view_variables
     end
 
@@ -55,7 +62,9 @@ def self.step_info
         next_steps: [:link_sent, :document_capture],
         preconditions: ->(idv_session:, user:) {
                          idv_session.idv_consent_given &&
-                          self.selected_remote(idv_session: idv_session)
+                           (self.selected_remote(idv_session: idv_session) || # from opt-in screen
+                             # back from ipp doc capture screen
+                             idv_session.skip_doc_auth_from_handoff)
                        },
         undo_step: ->(idv_session:, user:) do
           idv_session.flow_path = nil

diff --git a/app/javascript/packages/document-capture/components/document-capture.tsx b/app/javascript/packages/document-capture/components/document-capture.tsx
@@ -37,7 +37,8 @@ function DocumentCapture({ onStepChange = () => {} }: DocumentCaptureProps) {
   const { t } = useI18n();
   const { flowPath } = useContext(UploadContext);
   const { trackSubmitEvent, trackVisitEvent } = useContext(AnalyticsContext);
-  const { inPersonFullAddressEntryEnabled, inPersonURL, skipDocAuth } = useContext(InPersonContext);
+  const { inPersonFullAddressEntryEnabled, inPersonURL, skipDocAuth, skipDocAuthFromHandoff } =
+    useContext(InPersonContext);
   const appName = getConfigValue('appName');
 
   useDidUpdateEffect(onStepChange, [stepName]);
@@ -137,12 +138,14 @@ function DocumentCapture({ onStepChange = () => {} }: DocumentCaptureProps) {
 
   // If the user got here by opting-in to in-person proofing, when skipDocAuth === true,
   // then set steps to inPersonSteps
-  const steps: FormStep[] = skipDocAuth ? inPersonSteps : defaultSteps;
+  const isInPersonStepEnabled = skipDocAuth || skipDocAuthFromHandoff;
+  const steps: FormStep[] = isInPersonStepEnabled ? inPersonSteps : defaultSteps;
 
-  // If the user got here by opting-in to in-person proofing, when skipDocAuth === true,
+  // If the user got here by opting-in to in-person proofing, when skipDocAuth === true;
+  // or opting-in ipp from handoff page, and selfie is required, when skipDocAuthFromHandoff === true
   // then set stepIndicatorPath to VerifyFlowPath.IN_PERSON
   const stepIndicatorPath =
-    (stepName && ['location', 'prepare', 'switch_back'].includes(stepName)) || skipDocAuth
+    (stepName && ['location', 'prepare', 'switch_back'].includes(stepName)) || isInPersonStepEnabled
       ? VerifyFlowPath.IN_PERSON
       : VerifyFlowPath.DEFAULT;
 
@@ -181,7 +184,7 @@ function DocumentCapture({ onStepChange = () => {} }: DocumentCaptureProps) {
             onStepSubmit={trackSubmitEvent}
             autoFocus={!!submissionError}
             titleFormat={`%{step} - ${appName}`}
-            initialStep={skipDocAuth ? steps[0].name : undefined}
+            initialStep={isInPersonStepEnabled ? steps[0].name : undefined}
           />
         </>
       )}

diff --git a/app/javascript/packages/document-capture/components/in-person-prepare-step.tsx b/app/javascript/packages/document-capture/components/in-person-prepare-step.tsx
@@ -20,11 +20,16 @@ function InPersonPrepareStep({ toPreviousStep }) {
     inPersonOutageMessageEnabled,
     inPersonOutageExpectedUpdateDate,
     skipDocAuth,
+    skipDocAuthFromHandoff,
     howToVerifyURL,
+    previousStepURL,
   } = useContext(InPersonContext);
 
   function goBack() {
-    if (skipDocAuth && howToVerifyURL) {
+    if (skipDocAuthFromHandoff && previousStepURL) {
+      // directly from handoff page
+      forceRedirect(previousStepURL);
+    } else if (skipDocAuth && howToVerifyURL) {
       forceRedirect(howToVerifyURL);
     } else {
       toPreviousStep();

diff --git a/app/javascript/packages/document-capture/context/in-person.ts b/app/javascript/packages/document-capture/context/in-person.ts
@@ -49,10 +49,21 @@ export interface InPersonContextProps {
    */
   skipDocAuth?: boolean;
 
+  /**
+   * Flag set when user select IPP from handoff page when IPP is available
+   * and selfie is required
+   */
+  skipDocAuthFromHandoff?: boolean;
+
   /**
    * URL for Opt-in IPP, used when in_person_proofing_opt_in_enabled is enabled
    */
   howToVerifyURL?: string;
+
+  /**
+   * URL for going back to previous steps in Doc Auth, like handoff and howToVerify
+   */
+  previousStepURL?: string;
 }
 
 const InPersonContext = createContext<InPersonContextProps>({

diff --git a/app/javascript/packs/document-capture.tsx b/app/javascript/packs/document-capture.tsx
@@ -37,7 +37,9 @@ interface AppRootData {
   optedInToInPersonProofing: string;
   securityAndPrivacyHowItWorksUrl: string;
   skipDocAuth: string;
+  skipDocAuthFromHandoff: string;
   howToVerifyURL: string;
+  previousStepUrl: string;
   uiExitQuestionSectionEnabled: string;
   docAuthSelfieDesktopTestMode: string;
 }
@@ -105,7 +107,9 @@ const {
   optedInToInPersonProofing,
   usStatesTerritories = '',
   skipDocAuth,
+  skipDocAuthFromHandoff,
   howToVerifyUrl,
+  previousStepUrl,
   uiExitQuestionSectionEnabled = '',
   docAuthSelfieDesktopTestMode,
 } = appRoot.dataset as DOMStringMap & AppRootData;
@@ -131,7 +135,9 @@ const App = composeComponents(
         optedInToInPersonProofing: optedInToInPersonProofing === 'true',
         usStatesTerritories: parsedUsStatesTerritories,
         skipDocAuth: skipDocAuth === 'true',
+        skipDocAuthFromHandoff: skipDocAuthFromHandoff === 'true',
         howToVerifyURL: howToVerifyUrl,
+        previousStepURL: previousStepUrl,
       },
     },
   ],

diff --git a/app/services/idv/session.rb b/app/services/idv/session.rb
@@ -25,6 +25,7 @@ class Session
       selfie_check_performed
       selfie_check_required
       skip_doc_auth
+      skip_doc_auth_from_handoff
       skip_hybrid_handoff
       ssn
       threatmetrix_review_status

diff --git a/app/views/idv/document_capture/show.html.erb b/app/views/idv/document_capture/show.html.erb
@@ -9,5 +9,6 @@
       acuant_version: acuant_version,
       opted_in_to_in_person_proofing: opted_in_to_in_person_proofing,
       skip_doc_auth: skip_doc_auth,
+      skip_doc_auth_from_handoff: skip_doc_auth_from_handoff,
       doc_auth_selfie_capture: doc_auth_selfie_capture,
     ) %>
diff --git a/app/views/idv/hybrid_handoff/show.html.erb b/app/views/idv/hybrid_handoff/show.html.erb
@@ -89,6 +89,16 @@
       <%= f.submit t('forms.buttons.send_link') %>
     <% end %>
   </div>
+  <% if @direct_ipp_with_selfie_enabled %>
+    <div class="margin-top-4 padding-top-2 border-top border-primary-light">
+      <p class="margin-top-1">
+        <%= t('doc_auth.info.hybrid_handoff_ipp_html') %>
+      </p>
+      <p class="margin-top-1 margin-bottom-0">
+        <%= link_to t('in_person_proofing.headings.prepare'), idv_document_capture_path(step: :hybrid_handoff) %>
+      </p>
+    </div>
+  <% end %>
   </div>
 <% end %>
 

diff --git a/app/views/idv/hybrid_mobile/document_capture/show.html.erb b/app/views/idv/hybrid_mobile/document_capture/show.html.erb
@@ -9,5 +9,6 @@
       acuant_version: acuant_version,
       opted_in_to_in_person_proofing: false,
       skip_doc_auth: false,
+      skip_doc_auth_from_handoff: nil,
       doc_auth_selfie_capture: doc_auth_selfie_capture,
     ) %>
diff --git a/app/views/idv/shared/_document_capture.html.erb b/app/views/idv/shared/_document_capture.html.erb
@@ -39,7 +39,9 @@
       doc_auth_selfie_capture: FeatureManagement.idv_allow_selfie_check? && doc_auth_selfie_capture,
       doc_auth_selfie_desktop_test_mode: IdentityConfig.store.doc_auth_selfie_desktop_test_mode,
       skip_doc_auth: skip_doc_auth,
+      skip_doc_auth_from_handoff: skip_doc_auth_from_handoff,
       how_to_verify_url: idv_how_to_verify_url,
+      previous_step_url: @previous_step_url,
       ui_exit_question_section_enabled: IdentityConfig.store.doc_auth_exit_question_section_enabled,
     } %>
   <%= simple_form_for(

diff --git a/config/locales/doc_auth/en.yml b/config/locales/doc_auth/en.yml
@@ -208,6 +208,8 @@ en:
         at a participating Post Office
       how_to_verify_troubleshooting_options_header: Want to learn more about how to verify your identity?
       hybrid_handoff: We’ll collect information about you by reading your state‑issued ID.
+      hybrid_handoff_ipp_html: <strong>Don’t have a mobile phone?</strong> You can
+        verify your identity at a United States Post Office instead.
       image_loaded: Image loaded
       image_loading: Image loading
       image_updated: Image updated

diff --git a/config/locales/doc_auth/es.yml b/config/locales/doc_auth/es.yml
@@ -243,6 +243,9 @@ es:
       how_to_verify_troubleshooting_options_header: ¿Quiere saber más sobre cómo verificar su identidad?
       hybrid_handoff: Recopilaremos información sobre usted leyendo su documento de
         identidad expedido por el estado.
+      hybrid_handoff_ipp_html: <strong>¿No tiene celular?</strong> Como alternativa,
+        puede verificar su identidad en una oficina de correos de Estados
+        Unidos.
       image_loaded: Imagen cargada
       image_loading: Cargando la imagen
       image_updated: Imagen actualizada

diff --git a/config/locales/doc_auth/fr.yml b/config/locales/doc_auth/fr.yml
@@ -251,6 +251,9 @@ fr:
       how_to_verify_troubleshooting_options_header: Vous voulez en savoir plus sur la façon de vérifier votre identité?
       hybrid_handoff: Nous recueillons des informations sur vous en lisant votre carte
         d’identité délivrée par l’État.
+      hybrid_handoff_ipp_html: <strong>Vous n’avez pas de téléphone
+        cellulaire?</strong> Vous pouvez vérifier votre identité dans un bureau
+        de poste américain.
       image_loaded: Image chargée
       image_loading: Chargement de l’image
       image_updated: Image mise à jour

diff --git a/spec/controllers/idv/document_capture_controller_spec.rb b/spec/controllers/idv/document_capture_controller_spec.rb
@@ -224,6 +224,8 @@
       before do
         allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) { true }
         allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled) { true }
+        allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).and_return(true)
+        allow(IdentityConfig.store).to receive(:in_person_doc_auth_button_enabled).and_return(true)
       end
 
       it 'renders show when flow path is standard' do
@@ -249,6 +251,28 @@
 
         expect(response).to redirect_to(idv_hybrid_handoff_url)
       end
+
+      it 'renders show when accessed from handoff' do
+        allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).and_return(true)
+        allow(IdentityConfig.store).to receive(:in_person_doc_auth_button_enabled).and_return(true)
+        get :show, params: { step: 'hybrid_handoff' }
+        expect(response).to render_template :show
+        expect(subject.idv_session.skip_doc_auth_from_handoff).to eq(true)
+      end
+    end
+
+    context 'ipp disabled for sp' do
+      before do
+        allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode).and_return(false)
+        allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).with(anything).and_return(false)
+        allow(subject.decorated_sp_session).to receive(:selfie_required?).and_return(true)
+      end
+      it 'redirect back when accessed from handoff' do
+        subject.idv_session.skip_hybrid_handoff = nil
+        get :show, params: { step: 'hybrid_handoff' }
+        expect(response).to redirect_to(idv_hybrid_handoff_url)
+        expect(subject.idv_session.skip_doc_auth_from_handoff).to_not eq(true)
+      end
     end
   end
 

diff --git a/spec/controllers/idv/hybrid_handoff_controller_spec.rb b/spec/controllers/idv/hybrid_handoff_controller_spec.rb
@@ -235,6 +235,7 @@
           allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode).
             and_return(false)
           subject.idv_session.skip_doc_auth = true
+          subject.idv_session.skip_hybrid_handoff = true
         end
 
         it 'redirects to the how to verify page' do