diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb index 713fd03552b..4054e20a230 100644 --- a/app/controllers/concerns/idv/document_capture_concern.rb +++ b/app/controllers/concerns/idv/document_capture_concern.rb @@ -49,7 +49,7 @@ def stored_result end def selfie_requirement_met? - !decorated_sp_session.selfie_required? || stored_result.selfie_check_performed? + !decorated_sp_session.biometric_comparison_required? || stored_result.selfie_check_performed? end private diff --git a/app/controllers/concerns/idv_session_concern.rb b/app/controllers/concerns/idv_session_concern.rb index 9857ee11ae5..d1ceafc3858 100644 --- a/app/controllers/concerns/idv_session_concern.rb +++ b/app/controllers/concerns/idv_session_concern.rb @@ -17,7 +17,7 @@ def hybrid_session? end def idv_needed? - user_needs_selfie? || + user_needs_biometric_comparison? || idv_session_user.active_profile.blank? || decorated_sp_session.requested_more_recent_verification? || idv_session_user.reproof_for_irs?(service_provider: current_sp) @@ -66,7 +66,8 @@ def idv_session_user current_user end - def user_needs_selfie? - decorated_sp_session.selfie_required? && !current_user.identity_verified_with_selfie? + def user_needs_biometric_comparison? + decorated_sp_session.biometric_comparison_required? && + !current_user.identity_verified_with_biometric_comparison? end end diff --git a/app/controllers/concerns/idv_step_concern.rb b/app/controllers/concerns/idv_step_concern.rb index 1344a5c8c3b..396dc73fa25 100644 --- a/app/controllers/concerns/idv_step_concern.rb +++ b/app/controllers/concerns/idv_step_concern.rb @@ -111,7 +111,7 @@ def flow_policy def confirm_step_allowed # set it everytime, since user may switch SP - idv_session.selfie_check_required = decorated_sp_session.selfie_required? + idv_session.selfie_check_required = decorated_sp_session.biometric_comparison_required? return if flow_policy.controller_allowed?(controller: self.class) redirect_to url_for_latest_step diff --git a/app/controllers/idv/document_capture_controller.rb b/app/controllers/idv/document_capture_controller.rb index 3cca276476b..1801378902e 100644 --- a/app/controllers/idv/document_capture_controller.rb +++ b/app/controllers/idv/document_capture_controller.rb @@ -51,7 +51,7 @@ def extra_view_variables skip_doc_auth: idv_session.skip_doc_auth, skip_doc_auth_from_handoff: idv_session.skip_doc_auth_from_handoff, opted_in_to_in_person_proofing: idv_session.opted_in_to_in_person_proofing, - doc_auth_selfie_capture: decorated_sp_session.selfie_required?, + doc_auth_selfie_capture: decorated_sp_session.biometric_comparison_required?, }.merge( acuant_sdk_upgrade_a_b_testing_variables, ) @@ -97,7 +97,7 @@ def analytics_arguments irs_reproofing: irs_reproofing?, redo_document_capture: idv_session.redo_document_capture, skip_hybrid_handoff: idv_session.skip_hybrid_handoff, - liveness_checking_required: decorated_sp_session.selfie_required?, + liveness_checking_required: decorated_sp_session.biometric_comparison_required?, selfie_check_required: idv_session.selfie_check_required, }.merge(ab_test_analytics_buckets) end diff --git a/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb b/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb index 6dd2cef744e..d40671dddb6 100644 --- a/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb +++ b/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb @@ -25,7 +25,7 @@ def analytics_arguments step: 'capture_complete', analytics_id: 'Doc Auth', irs_reproofing: irs_reproofing?, - liveness_checking_required: decorated_sp_session.selfie_required?, + liveness_checking_required: decorated_sp_session.biometric_comparison_required?, }.merge(ab_test_analytics_buckets) end end diff --git a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb index df483aa7e8a..ae138d92096 100644 --- a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb +++ b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb @@ -43,7 +43,7 @@ def extra_view_variables flow_path: 'hybrid', document_capture_session_uuid: document_capture_session_uuid, failure_to_proof_url: return_to_sp_failure_to_proof_url(step: 'document_capture'), - doc_auth_selfie_capture: decorated_sp_session.selfie_required?, + doc_auth_selfie_capture: decorated_sp_session.biometric_comparison_required?, }.merge( acuant_sdk_upgrade_a_b_testing_variables, ) @@ -57,8 +57,8 @@ def analytics_arguments step: 'document_capture', analytics_id: 'Doc Auth', irs_reproofing: irs_reproofing?, - liveness_checking_required: decorated_sp_session.selfie_required?, - selfie_check_required: decorated_sp_session.selfie_required?, + liveness_checking_required: decorated_sp_session.biometric_comparison_required?, + selfie_check_required: decorated_sp_session.biometric_comparison_required?, }.merge( ab_test_analytics_buckets, ) diff --git a/app/controllers/idv/image_uploads_controller.rb b/app/controllers/idv/image_uploads_controller.rb index b5d45f192ba..e9a7105e6ad 100644 --- a/app/controllers/idv/image_uploads_controller.rb +++ b/app/controllers/idv/image_uploads_controller.rb @@ -25,7 +25,7 @@ def image_upload_form uuid_prefix: current_sp&.app_id, irs_attempts_api_tracker: irs_attempts_api_tracker, store_encrypted_images: store_encrypted_images?, - liveness_checking_required: decorated_sp_session.selfie_required?, + liveness_checking_required: decorated_sp_session.biometric_comparison_required?, ) end diff --git a/app/controllers/idv_controller.rb b/app/controllers/idv_controller.rb index e2d41392326..1f0c366e581 100644 --- a/app/controllers/idv_controller.rb +++ b/app/controllers/idv_controller.rb @@ -32,8 +32,8 @@ def activated private def already_verified? - if decorated_sp_session.selfie_required? - return current_user.identity_verified_with_selfie? + if decorated_sp_session.biometric_comparison_required? + return current_user.identity_verified_with_biometric_comparison? end return current_user.active_profile.present? diff --git a/app/controllers/openid_connect/authorization_controller.rb b/app/controllers/openid_connect/authorization_controller.rb index 9c3b3483c15..a40e470c4fd 100644 --- a/app/controllers/openid_connect/authorization_controller.rb +++ b/app/controllers/openid_connect/authorization_controller.rb @@ -30,7 +30,7 @@ def index return redirect_to reactivate_account_url if user_needs_to_reactivate_account? return redirect_to url_for_pending_profile_reason if user_has_pending_profile? return redirect_to idv_url if identity_needs_verification? - return redirect_to idv_url if selfie_needed? + return redirect_to idv_url if biometric_comparison_needed? end return redirect_to sign_up_completed_url if needs_completion_screen_reason link_identity_to_service_provider @@ -127,9 +127,9 @@ def identity_needs_verification? current_user.reproof_for_irs?(service_provider: current_sp) end - def selfie_needed? - decorated_sp_session.selfie_required? && - !current_user.identity_verified_with_selfie? + def biometric_comparison_needed? + decorated_sp_session.biometric_comparison_required? && + !current_user.identity_verified_with_biometric_comparison? end def build_authorize_form_from_params diff --git a/app/controllers/saml_idp_controller.rb b/app/controllers/saml_idp_controller.rb index 83fe68307bd..d7f37c7c2fa 100644 --- a/app/controllers/saml_idp_controller.rb +++ b/app/controllers/saml_idp_controller.rb @@ -36,7 +36,7 @@ def auth return redirect_to reactivate_account_url if user_needs_to_reactivate_account? return redirect_to url_for_pending_profile_reason if user_has_pending_profile? return redirect_to idv_url if identity_needs_verification? - return redirect_to idv_url if selfie_needed? + return redirect_to idv_url if biometric_comparison_needed? end return redirect_to sign_up_completed_url if needs_completion_screen_reason if auth_count == 1 && first_visit_for_sp? @@ -112,9 +112,9 @@ def prompt_for_password_if_ial2_request_and_pii_locked redirect_to capture_password_url end - def selfie_needed? - decorated_sp_session.selfie_required? && - !current_user.identity_verified_with_selfie? + def biometric_comparison_needed? + decorated_sp_session.biometric_comparison_required? && + !current_user.identity_verified_with_biometric_comparison? end def set_devise_failure_redirect_for_concurrent_session_logout diff --git a/app/controllers/sign_up/completions_controller.rb b/app/controllers/sign_up/completions_controller.rb index 19b4c451bb2..ae83a189aaf 100644 --- a/app/controllers/sign_up/completions_controller.rb +++ b/app/controllers/sign_up/completions_controller.rb @@ -6,7 +6,6 @@ class CompletionsController < ApplicationController before_action :confirm_two_factor_authenticated before_action :confirm_identity_verified, if: :identity_proofing_required? - before_action :confirm_selfie_captured, if: :selfie_required? before_action :apply_secure_headers_override, only: [:show, :update] before_action :verify_needs_completions_screen @@ -38,10 +37,6 @@ def confirm_identity_verified redirect_to idv_url if current_user.identity_not_verified? end - def confirm_selfie_captured - redirect_to idv_url if !current_user.identity_verified_with_selfie? - end - def verify_needs_completions_screen return_to_account unless needs_completion_screen_reason end @@ -65,10 +60,6 @@ def ial2_requested? resolved_authn_context_result.identity_proofing_or_ialmax? && current_user.identity_verified? end - def selfie_required? - decorated_sp_session.selfie_required? - end - def return_to_account track_completion_event('account-page') redirect_to account_url diff --git a/app/decorators/null_service_provider_session.rb b/app/decorators/null_service_provider_session.rb index a7024670293..f1c649e76ab 100644 --- a/app/decorators/null_service_provider_session.rb +++ b/app/decorators/null_service_provider_session.rb @@ -47,7 +47,7 @@ def request_url_params {} end - def selfie_required? + def biometric_comparison_required? false end diff --git a/app/decorators/service_provider_session.rb b/app/decorators/service_provider_session.rb index 2cd97bb39be..d2e2c41a1ce 100644 --- a/app/decorators/service_provider_session.rb +++ b/app/decorators/service_provider_session.rb @@ -72,7 +72,7 @@ def sp_issuer sp.issuer end - def selfie_required? + def biometric_comparison_required? !!(FeatureManagement.idv_allow_selfie_check? && sp_session[:biometric_comparison_required]) end diff --git a/app/models/user.rb b/app/models/user.rb index 75ef943078b..9dff0e26c4f 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -373,7 +373,7 @@ def identity_verified?(service_provider: nil) active_profile.present? && !reproof_for_irs?(service_provider: service_provider) end - def identity_verified_with_selfie? + def identity_verified_with_biometric_comparison? BIOMETRIC_COMPARISON_IDV_LEVELS.include?(active_profile&.idv_level) end diff --git a/app/presenters/idv/welcome_presenter.rb b/app/presenters/idv/welcome_presenter.rb index c9a3c2c57b2..fbb2a65cbd9 100644 --- a/app/presenters/idv/welcome_presenter.rb +++ b/app/presenters/idv/welcome_presenter.rb @@ -22,6 +22,10 @@ def title t('doc_auth.headings.welcome', sp_name: sp_name) end + def selfie_required? + decorated_sp_session.biometric_comparison_required? + end + def explanation_text(help_link) if first_time_idv? t( diff --git a/spec/controllers/concerns/idv/document_capture_concern_spec.rb b/spec/controllers/concerns/idv/document_capture_concern_spec.rb index c77665906c4..5b2375acfc8 100644 --- a/spec/controllers/concerns/idv/document_capture_concern_spec.rb +++ b/spec/controllers/concerns/idv/document_capture_concern_spec.rb @@ -20,7 +20,8 @@ def show context 'selfie checks enabled' do before do decorated_sp_session = instance_double(ServiceProviderSession) - allow(decorated_sp_session).to receive(:selfie_required?).and_return(selfie_required) + allow(decorated_sp_session).to receive(:biometric_comparison_required?). + and_return(biometric_comparison_required) allow(controller).to receive(:decorated_sp_session).and_return(decorated_sp_session) stored_result = instance_double(DocumentCaptureSessionResult) allow(stored_result).to receive(:selfie_check_performed?).and_return(selfie_check_performed) @@ -28,7 +29,7 @@ def show end context 'SP requires biometric_comparison' do - let(:selfie_required) { true } + let(:biometric_comparison_required) { true } context 'selfie check performed' do let(:selfie_check_performed) { true } @@ -46,7 +47,7 @@ def show end context 'SP does not require biometric_comparison' do - let(:selfie_required) { false } + let(:biometric_comparison_required) { false } context 'selfie check performed' do let(:selfie_check_performed) { true } diff --git a/spec/controllers/idv/document_capture_controller_spec.rb b/spec/controllers/idv/document_capture_controller_spec.rb index 6ef47db3842..57e58874208 100644 --- a/spec/controllers/idv/document_capture_controller_spec.rb +++ b/spec/controllers/idv/document_capture_controller_spec.rb @@ -30,7 +30,7 @@ stub_up_to(:hybrid_handoff, idv_session: subject.idv_session) stub_analytics subject.idv_session.document_capture_session_uuid = document_capture_session_uuid - allow(controller.decorated_sp_session).to receive(:selfie_required?). + allow(controller.decorated_sp_session).to receive(:biometric_comparison_required?). and_return(doc_auth_selfie_capture_enabled && sp_selfie_enabled) subject.idv_session.flow_path = flow_path allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args) @@ -265,7 +265,8 @@ before do allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode).and_return(false) allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).with(anything).and_return(false) - allow(subject.decorated_sp_session).to receive(:selfie_required?).and_return(true) + allow(subject.decorated_sp_session).to receive(:biometric_comparison_required?). + and_return(true) end it 'redirect back when accessed from handoff' do subject.idv_session.skip_hybrid_handoff = nil diff --git a/spec/controllers/idv/hybrid_handoff_controller_spec.rb b/spec/controllers/idv/hybrid_handoff_controller_spec.rb index 41a2c3549a7..35c86c9fa4c 100644 --- a/spec/controllers/idv/hybrid_handoff_controller_spec.rb +++ b/spec/controllers/idv/hybrid_handoff_controller_spec.rb @@ -25,7 +25,7 @@ stub_attempts_tracker allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args) allow(subject.idv_session).to receive(:service_provider).and_return(service_provider) - allow(subject.decorated_sp_session).to receive(:selfie_required?). + allow(subject.decorated_sp_session).to receive(:biometric_comparison_required?). and_return(sp_selfie_enabled && doc_auth_selfie_capture_enabled) allow(IdentityConfig.store).to receive(:in_person_proofing_enabled) { in_person_proofing } allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled) { diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb index de0d01b980d..4a260d4ff14 100644 --- a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb @@ -79,7 +79,12 @@ context 'when a selfie is requested' do before do allow(subject).to receive(:decorated_sp_session). - and_return(double('decorated_session', { selfie_required?: true, sp_name: 'sp' })) + and_return( + double( + 'decorated_session', + { biometric_comparison_required?: true, sp_name: 'sp' }, + ), + ) end context 'when selfie is required by sp session' do it 'requests FE to display selfie' do diff --git a/spec/controllers/idv/image_uploads_controller_spec.rb b/spec/controllers/idv/image_uploads_controller_spec.rb index 91e3ed90794..7e48898ad57 100644 --- a/spec/controllers/idv/image_uploads_controller_spec.rb +++ b/spec/controllers/idv/image_uploads_controller_spec.rb @@ -334,7 +334,8 @@ let(:selfie_img) { DocAuthImageFixtures.selfie_image_multipart } before do - allow(controller.decorated_sp_session).to receive(:selfie_required?).and_return(true) + allow(controller.decorated_sp_session).to receive(:biometric_comparison_required?). + and_return(true) end it 'returns a successful response and modifies the session' do @@ -1225,7 +1226,7 @@ context 'the frontend requests a selfie' do before do allow(controller).to receive(:decorated_sp_session). - and_return(double('decorated_session', { selfie_required?: true })) + and_return(double('decorated_session', { biometric_comparison_required?: true })) end let(:back_image) { DocAuthImageFixtures.portrait_match_success_yaml } diff --git a/spec/controllers/sign_up/completions_controller_spec.rb b/spec/controllers/sign_up/completions_controller_spec.rb index 17d953e9c5b..6f0b9990838 100644 --- a/spec/controllers/sign_up/completions_controller_spec.rb +++ b/spec/controllers/sign_up/completions_controller_spec.rb @@ -103,33 +103,6 @@ expect(response).to redirect_to(idv_url) end end - - context 'sp requires selfie' do - let(:selfie_capture_enabled) { true } - before do - expect(FeatureManagement).to receive(:idv_allow_selfie_check?). - and_return(selfie_capture_enabled) - subject.session[:sp][:biometric_comparison_required] = 'true' - end - - context 'user does not have a selfie' do - it 'redirects to idv_url' do - get :show - - expect(response).to redirect_to(idv_url) - end - end - - context 'selfie capture not enabled' do - let(:selfie_capture_enabled) { false } - - it 'does not redirect' do - get :show - - expect(response).to render_template :show - end - end - end end context 'IALMax' do diff --git a/spec/decorators/service_provider_session_spec.rb b/spec/decorators/service_provider_session_spec.rb index 49de2b5c8dc..489c90fb87c 100644 --- a/spec/decorators/service_provider_session_spec.rb +++ b/spec/decorators/service_provider_session_spec.rb @@ -190,22 +190,22 @@ it 'returns true when sp biometric_comparison_required is true' do sp_session[:biometric_comparison_required] = true - expect(subject.selfie_required?).to eq(true) + expect(subject.biometric_comparison_required?).to eq(true) end it 'returns true when sp biometric_comparison_required is truthy' do sp_session[:biometric_comparison_required] = 1 - expect(subject.selfie_required?).to eq(true) + expect(subject.biometric_comparison_required?).to eq(true) end it 'returns false when sp biometric_comparison_required is false' do sp_session[:biometric_comparison_required] = false - expect(subject.selfie_required?).to eq(false) + expect(subject.biometric_comparison_required?).to eq(false) end it 'returns false when sp biometric_comparison_required is nil' do sp_session[:biometric_comparison_required] = nil - expect(subject.selfie_required?).to eq(false) + expect(subject.biometric_comparison_required?).to eq(false) end end @@ -214,7 +214,7 @@ it 'returns false' do sp_session[:biometric_comparison_required] = true - expect(subject.selfie_required?).to eq(false) + expect(subject.biometric_comparison_required?).to eq(false) end end end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 38abe57012f..48515dbeb8f 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -1415,7 +1415,7 @@ def it_should_not_send_survey end end - describe '#identity_verified_with_selfie?' do + describe '#identity_verified_with_biometric_comparison?' do let(:user) { create(:user) } let(:active_profile) do create( @@ -1428,23 +1428,23 @@ def it_should_not_send_survey it 'returns true if user has an active profile with selfie' do active_profile.idv_level = :unsupervised_with_selfie active_profile.save - expect(user.identity_verified_with_selfie?).to eq true + expect(user.identity_verified_with_biometric_comparison?).to eq true end it 'returns false if user has an active profile without selfie' do - expect(user.identity_verified_with_selfie?).to eq false + expect(user.identity_verified_with_biometric_comparison?).to eq false end it 'return true if user has an active in-person profile' do active_profile.idv_level = :in_person active_profile.save - expect(user.identity_verified_with_selfie?).to eq true + expect(user.identity_verified_with_biometric_comparison?).to eq true end context 'user does not have active profile' do let(:active_profile) { nil } it 'returns false' do - expect(user.identity_verified_with_selfie?).to eq false + expect(user.identity_verified_with_biometric_comparison?).to eq false end end end