18F · JackRyan1989 · Apr 1, 2024 · Mar 22, 2024 · Mar 27, 2024 · Mar 28, 2024
diff --git a/app/controllers/concerns/fraud_review_concern.rb b/app/controllers/concerns/fraud_review_concern.rb
@@ -26,8 +26,7 @@ def handle_fraud_rejection
 
   def in_person_prevent_fraud_redirection?
     IdentityConfig.store.in_person_proofing_enforce_tmx &&
-      !current_user.in_person_enrollment_status.nil? &&
-      current_user.in_person_enrollment_status != 'passed'
+      current_user.ipp_enrollment_status_not_passed?
   end
 
   def redirect_to_fraud_review

diff --git a/app/controllers/concerns/verify_profile_concern.rb b/app/controllers/concerns/verify_profile_concern.rb
@@ -4,6 +4,9 @@ module VerifyProfileConcern
   def url_for_pending_profile_reason
     return idv_verify_by_mail_enter_code_url if current_user.gpo_verification_pending_profile?
     return idv_in_person_ready_to_verify_url if current_user.in_person_pending_profile?
+    # We don't want to hit idv_please_call_url in cases where the user
+    # has fraud review pending and not passed at the post office
+    return idv_welcome_url if user_failed_ipp_with_fraud_review_pending?
     return idv_please_call_url if current_user.fraud_review_pending?
     idv_not_verified_url if current_user.fraud_rejection?
   end
@@ -19,4 +22,10 @@ def pending_profile_policy
       biometric_comparison_requested: nil,
     )
   end
+
+  def user_failed_ipp_with_fraud_review_pending?
+    IdentityConfig.store.in_person_proofing_enforce_tmx &&
+      current_user.ipp_enrollment_status_not_passed? &&
+      current_user.fraud_review_pending?
+  end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -213,6 +213,11 @@ def in_person_enrollment_status
     pending_profile&.in_person_enrollment&.status
   end
 
+  def ipp_enrollment_status_not_passed?
+    !in_person_enrollment_status.blank? &&
+      in_person_enrollment_status != 'passed'
+  end
+
   def has_in_person_enrollment?
     pending_in_person_enrollment.present? || establishing_in_person_enrollment.present?
   end

diff --git a/spec/features/idv/in_person_threatmetrix_spec.rb b/spec/features/idv/in_person_threatmetrix_spec.rb
@@ -249,39 +249,37 @@ def deactivate_profile_update_enrollment(status:)
         end
       end
 
-      # To be completed in a future ticket
-      # context 'User fails IPP and fails TMX review' do
-      #   it_behaves_like 'initially shows the user the barcode page'
-
-      #   it 'allows the user to restart the flow', allow_browser_log: true do
-      #     deactivate_profile_update_enrollment(status: :failed)
-
-      #     visit_idp_from_sp_with_ial2(sp)
-      #     # user should not see the please call page as they failed ipp
-      #     expect(page).not_to have_current_path(idv_please_call_path)
-      #     # redo the flow:
-      #     complete_entire_ipp_flow(user, tmx_status)
-      #     expect(page).to have_current_path(idv_in_person_ready_to_verify_path)
-      #   end
-      # end
-
-      # To be completed in a future ticket
-      # context 'User cancels IPP after being deactivated for TMX review',
-      #         allow_browser_log: true do
-      #   it 'allows the user to restart IPP' do
-      #     # set fraud review to pending:
-      #     profile.deactivate_for_fraud_review
-      #     profile.reload
-      #
-      #     # cancel the enrollment
-      #     click_link t('links.cancel')
-      #     # user can restart
-      #     click_on t('idv.cancel.actions.start_over')
-      #
-      #     # user should be redirected to the welcome path when they cancel
-      #     expect(page).to have_current_path(idv_welcome_path)
-      #   end
-      # end
+      context 'User fails IPP and fails TMX review' do
+        it_behaves_like 'initially shows the user the barcode page'
+
+        it 'allows the user to restart the flow', allow_browser_log: true do
+          deactivate_profile_update_enrollment(status: :failed)
+
+          visit_idp_from_sp_with_ial2(sp)
+          # user should not see the please call page as they failed ipp
+          expect(page).not_to have_current_path(idv_please_call_path)
+          # redo the flow:
+          complete_entire_ipp_flow(user, tmx_status)
+          expect(page).to have_current_path(idv_in_person_ready_to_verify_path)
+        end
+      end
+
+      context 'User cancels IPP after being deactivated for TMX review',
+              allow_browser_log: true do
+        it 'allows the user to restart IPP' do
+          # set fraud review to pending:
+          profile.deactivate_for_fraud_review
+          profile.reload
+
+          # cancel the enrollment
+          click_link t('links.cancel')
+          # user can restart
+          click_on t('idv.cancel.actions.start_over')
+
+          # user should be redirected to the welcome path when they cancel
+          expect(page).to have_current_path(idv_welcome_path)
+        end
+      end
     end
   end