18F · jmhooper · Apr 10, 2024 · Apr 9, 2024 · Apr 9, 2024 · Apr 10, 2024
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -25,6 +25,8 @@ class User < ApplicationRecord
   MAX_RECENT_EVENTS = 5
   MAX_RECENT_DEVICES = 5
 
+  BIOMETRIC_COMPARISON_IDV_LEVELS = %w[unsupervised_with_selfie in_person].to_set.freeze
+
   enum otp_delivery_preference: { sms: 0, voice: 1 }
 
   # rubocop:disable Rails/HasManyOrHasOneDependent
@@ -365,7 +367,7 @@ def identity_verified?(service_provider: nil)
   end
 
   def identity_verified_with_selfie?
-    active_profile&.idv_level == 'unsupervised_with_selfie'
+    BIOMETRIC_COMPARISON_IDV_LEVELS.include?(active_profile&.idv_level)
   end
 
   def reproof_for_irs?(service_provider:)

diff --git a/spec/controllers/openid_connect/authorization_controller_spec.rb b/spec/controllers/openid_connect/authorization_controller_spec.rb
@@ -477,6 +477,16 @@
                 end
               end
 
+              context 'biometric comparison was performed in-person' do
+                it 'redirects to the redirect_uri immediately when pii is unlocked if client-side redirect is disabled' do
+                  user.active_profile.idv_level = :in_person
+
+                  action
+
+                  expect(response).to redirect_to(/^#{params[:redirect_uri]}/)
+                end
+              end
+
               context 'selfie capture not enabled, biometric_comparison_check requested by sp' do
                 let(:selfie_capture_enabled) { false }
                 it 'returns status not_acceptable' do

diff --git a/spec/controllers/saml_idp_controller_spec.rb b/spec/controllers/saml_idp_controller_spec.rb
@@ -658,7 +658,7 @@ def name_id_version(format_urn)
           end
         end
 
-        context 'the user has proofed with a biometric check' do
+        context 'the user has proofed with a biometric check remotely' do
           before do
             user.active_profile.update!(idv_level: :unsupervised_with_selfie)
           end
@@ -670,6 +670,18 @@ def name_id_version(format_urn)
           end
         end
 
+        context 'the user has proofed with a biometric check in-person' do
+          before do
+            user.active_profile.update!(idv_level: :in_person)
+          end
+
+          it 'does not redirect to proofing' do
+            saml_get_auth(vtr_settings)
+            expect(response).to redirect_to(sign_up_completed_url)
+            expect(controller.session[:sp][:vtr]).to eq(['C1.C2.P1.Pb'])
+          end
+        end
+
         context 'selfie check is disabled for the environment' do
           let(:doc_auth_selfie_capture_enabled) { false }
 

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
@@ -1435,6 +1435,12 @@ def it_should_not_send_survey
       expect(user.identity_verified_with_selfie?).to eq false
     end
 
+    it 'return true if user has an active in-person profile' do
+      active_profile.idv_level = :in_person
+      active_profile.save
+      expect(user.identity_verified_with_selfie?).to eq true
+    end
+
     context 'user does not have active profile' do
       let(:active_profile) { nil }
       it 'returns false' do