LG-13003: Make sure we are checking all relevant Threatmetrix flags where necessary

app/controllers/concerns/fraud_review_concern.rb

@@ -26,9 +26,14 @@ def handle_fraud_rejection
     redirect_to_fraud_rejection if fraud_rejection?
   end
 
+  # Returns true if the user has not passed IPP at the post office and is
+  # flagged for fraud review, or has been rejected for fraud.
+  # Ultimately this is to allow users who fail at the post office to create another enrollment
+  # bypassing the typical flow of showing the Please Call or Fraud Rejection screens.
   def in_person_prevent_fraud_redirection?
     IdentityConfig.store.in_person_proofing_enforce_tmx &&
-      current_user.ipp_enrollment_status_not_passed?
+      current_user.ipp_enrollment_status_not_passed? &&
+      (fraud_review_pending? || fraud_rejection?)
   end
 
   def redirect_to_fraud_review

app/models/profile.rb

@@ -111,6 +111,7 @@ def activate(reason_deactivated: nil)
 
   def tmx_status
     return nil unless IdentityConfig.store.in_person_proofing_enforce_tmx
+    return nil unless FeatureManagement.proofing_device_profiling_decisioning_enabled?
 
     fraud_pending_reason || :threatmetrix_pass
   end

app/services/idv/profile_maker.rb

@@ -48,7 +48,8 @@ def save_profile(
 
     def set_idv_level(in_person_verification_needed:, selfie_check_performed:)
       if in_person_verification_needed
-        if IdentityConfig.store.in_person_proofing_enforce_tmx
+        if IdentityConfig.store.in_person_proofing_enforce_tmx &&
+           FeatureManagement.proofing_device_profiling_decisioning_enabled?
           :in_person
         else
           :legacy_in_person

spec/features/idv/analytics_spec.rb

@@ -9,6 +9,7 @@
   let(:fake_analytics) { FakeAnalytics.new }
   let(:proofing_device_profiling) { :enabled }
   let(:threatmetrix) { true }
+  let(:idv_level) { 'in_person' }
   let(:threatmetrix_response) do
     { client: nil,
       errors: {},
@@ -510,21 +511,21 @@
         in_person_verification_pending: true,
         address_verification_method: 'phone',
         encrypted_profiles_missing: false,
-        active_profile_idv_level: nil, pending_profile_idv_level: 'in_person',
+        active_profile_idv_level: nil, pending_profile_idv_level: idv_level,
         proofing_components: { document_check: 'usps', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' }
       },
       'IdV: personal key acknowledgment toggled' => {
         checked: true,
-        active_profile_idv_level: nil, pending_profile_idv_level: 'in_person',
+        active_profile_idv_level: nil, pending_profile_idv_level: idv_level,
         proofing_components: { document_check: 'usps', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' }
       },
       'IdV: personal key submitted' => {
         address_verification_method: 'phone', fraud_review_pending: false, fraud_rejection: false, in_person_verification_pending: true, deactivation_reason: nil,
-        active_profile_idv_level: nil, pending_profile_idv_level: 'in_person',
+        active_profile_idv_level: nil, pending_profile_idv_level: idv_level,
         proofing_components: { document_check: 'usps', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' }
       },
       'IdV: in person ready to verify visited' => {
-        active_profile_idv_level: nil, pending_profile_idv_level: 'in_person',
+        active_profile_idv_level: nil, pending_profile_idv_level: idv_level,
         proofing_components: { document_check: 'usps', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' }
       },
       'IdV: user clicked what to bring link on ready to verify page' => {},
@@ -892,6 +893,7 @@
 
     context 'proofing_device_profiling disabled' do
       let(:proofing_device_profiling) { :disabled }
+      let(:idv_level) { 'legacy_in_person' }
       let(:threatmetrix) { false }
       let(:threatmetrix_response) do
         { client: 'tmx_disabled',

spec/services/idv/profile_maker_spec.rb

@@ -140,6 +140,8 @@
         before do
           allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx).
             and_return(in_person_proofing_enforce_tmx_mock)
+          allow(IdentityConfig.store).to receive(:proofing_device_profiling).
+            and_return(:disabled)
         end
 
         let(:profile) do
@@ -177,6 +179,8 @@
         before do
           allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx).
             and_return(in_person_proofing_enforce_tmx_mock)
+          allow(IdentityConfig.store).to receive(:proofing_device_profiling).
+            and_return(:enabled)
         end
 
         let(:profile) do