LG-13245: create enhanced ipp enrollment

app/controllers/idv/by_mail/enter_code_controller.rb

@@ -45,7 +45,7 @@ def create
 
         @gpo_verify_form = build_gpo_verify_form
 
-        result = @gpo_verify_form.submit
+        result = @gpo_verify_form.submit(resolved_authn_context_result.enhanced_ipp?)
         analytics.idv_verify_by_mail_enter_code_submitted(**result.to_h)
 
         if !result.success?

app/controllers/idv/enter_password_controller.rb

@@ -124,8 +124,10 @@ def gpo_mail_service
     end
 
     def init_profile
-      idv_session.create_profile_from_applicant_with_password(password)
-
+      idv_session.create_profile_from_applicant_with_password(
+        password,
+        resolved_authn_context_result.enhanced_ipp?,
+      )
       if idv_session.verify_by_mail?
         current_user.send_email_to_all_addresses(:verify_by_mail_letter_requested)
         analytics.idv_gpo_address_letter_enqueued(

app/forms/gpo_verify_form.rb

@@ -17,15 +17,15 @@ def initialize(user:, pii:, otp: nil)
     @otp = otp
   end
 
-  def submit
+  def submit(is_enhanced_ipp)
     result = valid?
     fraud_check_failed = pending_profile&.fraud_pending_reason.present?
 
     if result
       pending_profile&.remove_gpo_deactivation_reason
 
       if user.has_establishing_in_person_enrollment_safe?
-        schedule_in_person_enrollment_and_deactivate_profile
+        schedule_in_person_enrollment_and_deactivate_profile(is_enhanced_ipp)
       elsif fraud_check_failed && threatmetrix_enabled?
         pending_profile&.deactivate_for_fraud_review
       elsif fraud_check_failed
@@ -63,8 +63,12 @@ def gpo_confirmation_code
     pending_profile.gpo_confirmation_codes.first_with_otp(otp)
   end
 
-  def schedule_in_person_enrollment_and_deactivate_profile
-    UspsInPersonProofing::EnrollmentHelper.schedule_in_person_enrollment(user, pii)
+  def schedule_in_person_enrollment_and_deactivate_profile(is_enhanced_ipp)
+    UspsInPersonProofing::EnrollmentHelper.schedule_in_person_enrollment(
+      user:,
+      pii:,
+      is_enhanced_ipp:,
+    )
     pending_profile&.deactivate_for_in_person_verification
   end
 

app/services/idv/session.rb

@@ -62,7 +62,7 @@ def respond_to_missing?(method_sym, include_private)
       VALID_SESSION_ATTRIBUTES.include?(attr_name_sym) || super
     end
 
-    def create_profile_from_applicant_with_password(user_password)
+    def create_profile_from_applicant_with_password(user_password, is_enhanced_ipp)
       profile_maker = build_profile_maker(user_password)
       profile = profile_maker.save_profile(
         fraud_pending_reason: threatmetrix_fraud_pending_reason,
@@ -87,9 +87,10 @@ def create_profile_from_applicant_with_password(user_password)
         create_gpo_entry(profile_maker.pii_attributes, profile)
       elsif profile.in_person_verification_pending?
         UspsInPersonProofing::EnrollmentHelper.schedule_in_person_enrollment(
-          current_user,
-          profile_maker.pii_attributes,
-          opt_in_param,
+          user: current_user,
+          pii: profile_maker.pii_attributes,
+          is_enhanced_ipp: is_enhanced_ipp,
+          opt_in: opt_in_param,
         )
       end
     end

app/services/usps_in_person_proofing/enrollment_helper.rb

@@ -3,7 +3,7 @@
 module UspsInPersonProofing
   class EnrollmentHelper
     class << self
-      def schedule_in_person_enrollment(user, pii, opt_in = nil)
+      def schedule_in_person_enrollment(user:, pii:, is_enhanced_ipp:, opt_in: nil)
         enrollment = user.establishing_in_person_enrollment
         return unless enrollment
 
@@ -17,7 +17,7 @@ def schedule_in_person_enrollment(user, pii, opt_in = nil)
             transform_keys(SECONDARY_ID_ADDRESS_MAP)
         end
 
-        enrollment_code = create_usps_enrollment(enrollment, pii)
+        enrollment_code = create_usps_enrollment(enrollment, pii, is_enhanced_ipp)
         return unless enrollment_code
 
         # update the enrollment to status pending
@@ -52,7 +52,7 @@ def send_ready_to_verify_email(user, enrollment)
       # @param [Pii::Attributes] pii The PII associated with the in-person enrollment
       # @return [String] The enrollment code
       # @raise [Exception::RequestEnrollException] Raised with a problem creating the enrollment
-      def create_usps_enrollment(enrollment, pii)
+      def create_usps_enrollment(enrollment, pii, is_enhanced_ipp)
         # Use the enrollment's unique_id value if it exists, otherwise use the deprecated
         # #usps_unique_id value in order to remain backwards-compatible. LG-7024 will remove this
         unique_id = enrollment.unique_id || enrollment.usps_unique_id
@@ -71,7 +71,7 @@ def create_usps_enrollment(enrollment, pii)
         )
 
         proofer = usps_proofer
-        response = proofer.request_enroll(applicant)
+        response = proofer.request_enroll(applicant, is_enhanced_ipp)
         response.enrollment_code
       rescue Faraday::BadRequestError => err
         handle_bad_request_error(err, enrollment)

app/services/usps_in_person_proofing/mock/fixtures.rb

@@ -19,8 +19,8 @@ def self.request_facilities_response
         load_response_fixture('request_facilities_response.json')
       end
 
-      def self.request_eipp_facilities_response
-        load_response_fixture('request_eipp_facilities_response.json')
+      def self.request_enhanced_ipp_facilities_response
+        load_response_fixture('request_enhanced_ipp_facilities_response.json')
       end
 
       def self.request_facilities_response_with_unordered_distance
@@ -43,6 +43,10 @@ def self.request_enroll_response
         load_response_fixture('request_enroll_response.json')
       end
 
+      def self.request_enroll_response_enhanced_ipp
+        load_response_fixture('request_enroll_response_enhanced_ipp.json')
+      end
+
       def self.request_enroll_bad_request_response
         load_response_fixture('request_enroll_failed_response.json')
       end

app/services/usps_in_person_proofing/mock/proofer.rb

@@ -3,7 +3,7 @@
 module UspsInPersonProofing
   module Mock
     class Proofer < UspsInPersonProofing::Proofer
-      def request_enroll(applicant)
+      def request_enroll(applicant, is_enhanced_ipp)
         case applicant['first_name']
         when 'usps waiting'
           # timeout
@@ -26,12 +26,15 @@ def request_enroll(applicant)
           res = JSON.parse(Fixtures.request_enroll_response)
         end
 
+        if is_enhanced_ipp
+          res = JSON.parse(Fixtures.request_enroll_response_enhanced_ipp)
+        end
         Response::RequestEnrollResponse.new(res)
       end
 
       def request_facilities(_location, is_enhanced_ipp)
         if is_enhanced_ipp
-          parse_facilities(JSON.parse(Fixtures.request_eipp_facilities_response))
+          parse_facilities(JSON.parse(Fixtures.request_enhanced_ipp_facilities_response))
         else
           parse_facilities(JSON.parse(Fixtures.request_facilities_response))
         end

app/services/usps_in_person_proofing/mock/responses/request_enroll_response_enhanced_ipp.json

@@ -0,0 +1,4 @@
+{
+  "enrollmentCode": "314159",
+  "responseMessage": "Applicant 314159 successfully processed through enhanced ipp"
+}

app/services/usps_in_person_proofing/proofer.rb

@@ -46,7 +46,7 @@ def request_facilities(location, is_enhanced_ipp)
     # stored with the unique ID to be able to request the status of proofing.
     # @param applicant [Hash]
     # @return [Hash] API response
-    def request_enroll(applicant)
+    def request_enroll(applicant, is_enhanced_ipp)
       url = "#{root_url}/ivs-ippaas-api/IPPRest/resources/rest/optInIPPApplicant"
       request_body = {
         sponsorID: sponsor_id,
@@ -61,6 +61,11 @@ def request_enroll(applicant)
         IPPAssuranceLevel: '1.5',
       }
 
+      if is_enhanced_ipp
+        request_body[:sponsorID] = IdentityConfig.store.usps_eipp_sponsor_id.to_i
+        request_body[:IPPAssuranceLevel] = '2.0'
+      end
+
       res = faraday.post(url, request_body, dynamic_headers) do |req|
         req.options.context = { service_name: 'usps_enroll' }
       end

lib/tasks/dev.rake

@@ -81,6 +81,7 @@ namespace :dev do
 
   desc 'Create in-person enrollments for N random users'
   task random_in_person_users: [:environment, :random_users] do
+    is_enhanced_ipp = false
     usps_request_delay_ms = (ENV['USPS_REQUEST_DELAY_MS'] || 0).to_i
     num_users = (ENV['NUM_USERS'] || 100).to_i
     pw = 'salty pickles'
@@ -149,8 +150,9 @@ namespace :dev do
                 num_attempts += 1
                 begin
                   UspsInPersonProofing::EnrollmentHelper.schedule_in_person_enrollment(
-                    user,
-                    pii,
+                    user: user,
+                    pii: pii,
+                    is_enhanced_ipp: is_enhanced_ipp,
                   )
                 rescue StandardError => e
                   Rails.logger.error 'Exception raised while enrolling user: ' + e.message

spec/controllers/idv/by_mail/enter_code_controller_spec.rb

@@ -446,5 +446,28 @@
         end
       end
     end
+
+    context 'when the user is going through enhanced ipp' do
+      subject(:action) do
+        post(:create, params: { gpo_verify_form: { otp: good_otp } })
+      end
+      let(:is_enhanced_ipp) { true }
+      let(:user) { create(:user, :with_pending_gpo_profile, created_at: 2.days.ago) }
+      let(:gpo_verify_form) { GpoVerifyForm.new(user: user, pii: {}, otp: good_otp) }
+      before do
+        authn_context_result = Vot::Parser.new(vector_of_trust: 'Pe').parse
+        allow(controller).to(
+          receive(:resolved_authn_context_result).and_return(authn_context_result),
+        )
+        allow(GpoVerifyForm).to receive(:new).and_return(gpo_verify_form)
+        allow(gpo_verify_form).to receive(:submit).and_call_original
+      end
+
+      it 'passes the correct param to the gpo verify form submit method' do
+        action
+
+        expect(gpo_verify_form).to have_received(:submit).with(is_enhanced_ipp)
+      end
+    end
   end
 end

spec/controllers/idv/enter_password_controller_spec.rb

@@ -890,5 +890,29 @@ def show
         end
       end
     end
+
+    context 'user is going through enhanced ipp' do
+      let(:is_enhanced_ipp) { true }
+      let!(:enrollment) do
+        create(:in_person_enrollment, :establishing, user: user, profile: nil)
+      end
+      before do
+        authn_context_result = Vot::Parser.new(vector_of_trust: 'Pe').parse
+        allow(controller).to(
+          receive(:resolved_authn_context_result).and_return(authn_context_result),
+        )
+      end
+      it 'passes the correct param to the enrollment helper method' do
+        expect(UspsInPersonProofing::EnrollmentHelper).to receive(:schedule_in_person_enrollment).
+          with(
+            user: user,
+            pii: Pii::Attributes.new_from_hash(applicant),
+            is_enhanced_ipp: is_enhanced_ipp,
+            opt_in: nil,
+          )
+
+        put :create, params: { user: { password: ControllerHelper::VALID_PASSWORD } }
+      end
+    end
   end
 end

spec/controllers/idv/in_person/usps_locations_controller_spec.rb

@@ -85,18 +85,18 @@
       allow(UspsInPersonProofing::Proofer).to receive(:new).and_return(proofer)
     end
 
-    context 'with EIPP enabled' do
+    context 'with a user going through enhanced ipp' do
       let(:vtr) { ['C1.C2.P1.Pe'] }
-      let(:eipp_sp_session) { { vtr: vtr, acr_values: nil } }
+      let(:enhanced_ipp_sp_session) { { vtr: vtr, acr_values: nil } }
       let(:user) { build(:user) }
       let(:sp) { build(:service_provider, ial: 2) }
 
       before do
-        allow(controller).to receive(:sp_session).and_return(eipp_sp_session)
+        allow(controller).to receive(:sp_session).and_return(enhanced_ipp_sp_session)
         allow(controller).to receive(:sp_from_sp_session).and_return(sp)
       end
 
-      it 'requests EIPP locations' do
+      it 'requests enhanced ipp locations' do
         expect(AuthnContextResolver).to receive(:new).with(
           user: user, service_provider: sp,
           vtr: vtr, acr_values: nil

spec/controllers/idv/personal_key_controller_spec.rb

@@ -30,6 +30,7 @@ def assert_personal_key_generated_for_profiles(*profile_pii_pairs)
   let(:applicant) { Idp::Constants::MOCK_IDV_APPLICANT_WITH_PHONE }
   let(:password) { 'sekrit phrase' }
   let(:user) { create(:user, :fully_registered, password: password) }
+  let(:is_enhanced_ipp) { false }
 
   # Most (but not all) of these tests assume that a profile has been minted
   # from the data in idv_session. Set this to false to prevent this behavior
@@ -68,7 +69,7 @@ def assert_personal_key_generated_for_profiles(*profile_pii_pairs)
     idv_session.applicant = applicant
 
     if mint_profile_from_idv_session
-      idv_session.create_profile_from_applicant_with_password(password)
+      idv_session.create_profile_from_applicant_with_password(password, is_enhanced_ipp)
     end
   end