diff --git a/app/controllers/idv/in_person/ready_to_verify_controller.rb b/app/controllers/idv/in_person/ready_to_verify_controller.rb index ab70eeb3f32..fbd0aeeee2c 100644 --- a/app/controllers/idv/in_person/ready_to_verify_controller.rb +++ b/app/controllers/idv/in_person/ready_to_verify_controller.rb @@ -12,8 +12,8 @@ class ReadyToVerifyController < ApplicationController check_or_render_not_found -> { IdentityConfig.store.in_person_proofing_enabled } - before_action :handle_fraud before_action :confirm_two_factor_authenticated + before_action :handle_fraud before_action :confirm_in_person_session def show diff --git a/spec/controllers/idv/in_person/ready_to_verify_controller_spec.rb b/spec/controllers/idv/in_person/ready_to_verify_controller_spec.rb index 17f4be87a7c..88f77fd2e31 100644 --- a/spec/controllers/idv/in_person/ready_to_verify_controller_spec.rb +++ b/spec/controllers/idv/in_person/ready_to_verify_controller_spec.rb @@ -7,7 +7,6 @@ before do stub_analytics - stub_sign_in(user) allow(IdentityConfig.store).to receive(:in_person_proofing_enabled). and_return(in_person_proofing_enabled) allow(IdentityConfig.store).to receive(:in_person_proofing_enforce_tmx). @@ -27,97 +26,117 @@ subject(:response) { get :show } it 'renders not found' do + stub_sign_in(user) expect(response.status).to eq 404 end context 'with in person proofing enabled' do let(:in_person_proofing_enabled) { true } - it 'redirects to account page' do - expect(response).to redirect_to account_url - end - - context 'with enrollment' do - let(:user) { create(:user, :with_pending_in_person_enrollment) } - let(:profile) { create(:profile, :with_pii, user: user) } + context 'authenticated' do + before do + stub_sign_in(user) + end - it 'renders show template' do - expect(response).to render_template :show + it 'redirects to account page' do + expect(response).to redirect_to account_url end - it 'logs analytics' do - response + context 'with enrollment' do + let(:user) { create(:user, :with_pending_in_person_enrollment) } + let(:profile) { create(:profile, :with_pii, user: user) } - expect(@analytics).to have_logged_event('IdV: in person ready to verify visited') - end + it 'renders show template' do + expect(response).to render_template :show + end - context 'with in_person_proofing_enforce_tmx disabled and pending fraud review' do - let!(:profile) { create(:profile, fraud_review_pending_at: 1.day.ago, user: user) } - let!(:enrollment) { create(:in_person_enrollment, :passed, user: user, profile: profile) } - it 'redirects to please call page' do + it 'logs analytics' do response - expect(response).not_to render_template :show - expect(response).to redirect_to idv_please_call_url + expect(@analytics).to have_logged_event('IdV: in person ready to verify visited') end - end - context 'in_person_proofing_enforce_tmx enabled, pending fraud review, enrollment passed' do - let(:in_person_proofing_enforce_tmx) { true } - let!(:profile) { create(:profile, fraud_review_pending_at: 1.day.ago, user: user) } - let!(:enrollment) { create(:in_person_enrollment, :passed, user: user, profile: profile) } + context 'with in_person_proofing_enforce_tmx disabled and pending fraud review' do + let!(:profile) { create(:profile, fraud_review_pending_at: 1.day.ago, user: user) } + let!(:enrollment) do + create(:in_person_enrollment, :passed, user: user, profile: profile) + end + it 'redirects to please call page' do + response + + expect(response).not_to render_template :show + expect(response).to redirect_to idv_please_call_url + end + end - it 'redirects to please call' do - response + context 'in_person_proofing_enforce_tmx enabled, pending fraud review, enrollment pass' do + let(:in_person_proofing_enforce_tmx) { true } + let!(:profile) { create(:profile, fraud_review_pending_at: 1.day.ago, user: user) } + let!(:enrollment) do + create(:in_person_enrollment, :passed, user: user, profile: profile) + end - expect(response).to redirect_to idv_please_call_url + it 'redirects to please call' do + response + + expect(response).to redirect_to idv_please_call_url + end end - end - context 'in_person_proofing_enforce_tmx enabled, pending fraud review, + context 'in_person_proofing_enforce_tmx enabled, pending fraud review, enrollment not passed' do - let(:in_person_proofing_enforce_tmx) { true } - let!(:profile) { create(:profile, fraud_review_pending_at: 1.day.ago, user: user) } - let!(:enrollment) do - create(:in_person_enrollment, :establishing, user: user, profile: profile) + let(:in_person_proofing_enforce_tmx) { true } + let!(:profile) { create(:profile, fraud_review_pending_at: 1.day.ago, user: user) } + let!(:enrollment) do + create(:in_person_enrollment, :establishing, user: user, profile: profile) + end + + it 'does not redirect to please call' do + response + + expect(response).to render_template :show + expect(response).not_to redirect_to idv_please_call_url + end end - it 'does not redirect to please call' do - response + context 'when vtr (vector of trust) does not include Enhanced Proofing (Pe)' do + before do + resolved_authn_context_result = Vot::Parser.new(vector_of_trust: 'Pb').parse - expect(response).to render_template :show - expect(response).not_to redirect_to idv_please_call_url - end - end + allow(controller).to receive(:resolved_authn_context_result). + and_return(resolved_authn_context_result) + end - context 'when vtr (vector of trust) does not include Enhanced Proofing (Pe)' do - before do - resolved_authn_context_result = Vot::Parser.new(vector_of_trust: 'Pb').parse + it 'evaluates to In Person Proofing' do + response - allow(controller).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context_result) + expect(assigns(:is_enhanced_ipp)).to be false + end end - it 'evaluates to In Person Proofing' do - response + context 'when vtr (vector of trust) includes Enhanced Proofing (Pe)' do + before do + resolved_authn_context_result = Vot::Parser.new(vector_of_trust: 'Pe').parse - expect(assigns(:is_enhanced_ipp)).to be false - end - end + allow(controller).to receive(:resolved_authn_context_result). + and_return(resolved_authn_context_result) + end - context 'when vtr (vector of trust) includes Enhanced Proofing (Pe)' do - before do - resolved_authn_context_result = Vot::Parser.new(vector_of_trust: 'Pe').parse + it 'evaluates to Enhanced IPP' do + response - allow(controller).to receive(:resolved_authn_context_result). - and_return(resolved_authn_context_result) + expect(assigns(:is_enhanced_ipp)).to be true + end end + end + end - it 'evaluates to Enhanced IPP' do - response + context 'with hybrid session' do + let(:in_person_proofing_enforce_tmx) { true } + it 'redirects to root' do + controller.session[:doc_capture_user_id] = user.id - expect(assigns(:is_enhanced_ipp)).to be true - end + expect(response).to redirect_to(new_user_session_url) end end end