Deploy RC 394 to Production

app/controllers/concerns/idv_step_concern.rb

@@ -50,9 +50,12 @@ def check_for_mail_only_outage
   end
 
   def redirect_for_mail_only
-    return redirect_to vendor_outage_url unless FeatureManagement.gpo_verification_enabled?
-
-    redirect_to idv_mail_only_warning_url
+    policy = Idv::GpoVerifyByMailPolicy.new(current_user)
+    if policy.send_letter_available?
+      redirect_to idv_mail_only_warning_url
+    else
+      redirect_to vendor_outage_url
+    end
   end
 
   def pii_from_user

app/controllers/concerns/rate_limit_concern.rb

@@ -29,7 +29,8 @@ def confirm_not_rate_limited_for_phone_address_verification
   private
 
   def confirm_not_rate_limited_for_phone_and_letter_address_verification
-    if idv_attempter_rate_limited?(:proof_address) && Idv::GpoMail.new(current_user).rate_limited?
+    gpo_policy = Idv::GpoVerifyByMailPolicy.new(current_user)
+    if idv_attempter_rate_limited?(:proof_address) && gpo_policy.rate_limited?
       rate_limit_redirect!(:proof_address)
       return true
     end

app/controllers/idv/by_mail/enter_code_controller.rb

@@ -148,11 +148,8 @@ def user_did_not_receive_letter?
 
       def user_can_request_another_letter?
         return @user_can_request_another_letter if defined?(@user_can_request_another_letter)
-        gpo_mail = Idv::GpoMail.new(current_user)
-        @user_can_request_another_letter =
-          FeatureManagement.gpo_verification_enabled? &&
-          !gpo_mail.rate_limited? &&
-          !gpo_mail.profile_too_old?
+        policy = Idv::GpoVerifyByMailPolicy.new(current_user)
+        @user_can_request_another_letter = policy.resend_letter_available?
       end
 
       def last_date_letter_was_sent

app/controllers/idv/by_mail/request_letter_controller.rb

@@ -39,8 +39,8 @@ def create
         end
       end
 
-      def gpo_mail_service
-        @gpo_mail_service ||= Idv::GpoMail.new(current_user)
+      def gpo_mail_policy
+        @gpo_mail_policy ||= Idv::GpoVerifyByMailPolicy.new(current_user)
       end
 
       def self.step_info
@@ -59,7 +59,7 @@ def self.step_info
       private
 
       def confirm_profile_not_too_old
-        redirect_to idv_path if gpo_mail_service.profile_too_old?
+        redirect_to idv_path if gpo_mail_policy.profile_too_old?
       end
 
       def update_tracking
@@ -96,7 +96,7 @@ def hours_since_first_letter(first_letter_requested_at)
       end
 
       def confirm_mail_not_rate_limited
-        redirect_to idv_enter_password_url if gpo_mail_service.rate_limited?
+        redirect_to idv_enter_password_url if gpo_mail_policy.rate_limited?
       end
 
       def resend_letter

app/controllers/idv/by_mail/resend_letter_controller.rb

@@ -9,8 +9,7 @@ class ResendLetterController < ApplicationController
 
       before_action :confirm_two_factor_authenticated
       before_action :confirm_verification_needed
-      before_action :confirm_mail_not_rate_limited
-      before_action :confirm_profile_not_too_old
+      before_action :confirm_resend_letter_available
 
       def new
         analytics.idv_resend_letter_visited
@@ -28,8 +27,8 @@ def create
         end
       end
 
-      def gpo_mail_service
-        @gpo_mail_service ||= Idv::GpoMail.new(current_user)
+      def gpo_mail_policy
+        @gpo_mail_policy ||= Idv::GpoVerifyByMailPolicy.new(current_user)
       end
 
       private
@@ -39,12 +38,10 @@ def confirm_verification_needed
         redirect_to account_url
       end
 
-      def confirm_profile_not_too_old
-        redirect_to idv_verify_by_mail_enter_code_path if gpo_mail_service.profile_too_old?
-      end
-
-      def confirm_mail_not_rate_limited
-        redirect_to idv_verify_by_mail_enter_code_path if gpo_mail_service.rate_limited?
+      def confirm_resend_letter_available
+        unless gpo_mail_policy.resend_letter_available?
+          redirect_to idv_verify_by_mail_enter_code_path
+        end
       end
 
       def update_tracking

app/controllers/idv/phone_controller.rb

@@ -225,8 +225,8 @@ def formatted_previous_phone_step_params_phone
 
     def gpo_letter_available
       return @gpo_letter_available if defined?(@gpo_letter_available)
-      @gpo_letter_available ||= FeatureManagement.gpo_verification_enabled? &&
-                                !Idv::GpoMail.new(current_user).rate_limited?
+      policy = Idv::GpoVerifyByMailPolicy.new(current_user)
+      @gpo_letter_available = policy.send_letter_available?
     end
 
     # Migrated from otp_delivery_method_controller

app/controllers/idv/phone_errors_controller.rb

@@ -74,8 +74,8 @@ def track_event(type:)
     # rubocop:disable Naming/MemoizedInstanceVariableName
     def set_gpo_letter_available
       return @gpo_letter_available if defined?(@gpo_letter_available)
-      @gpo_letter_available ||= FeatureManagement.gpo_verification_enabled? &&
-                                !Idv::GpoMail.new(current_user).rate_limited?
+      policy = Idv::GpoVerifyByMailPolicy.new(current_user)
+      @gpo_letter_available = policy.send_letter_available?
     end
     # rubocop:enable Naming/MemoizedInstanceVariableName
   end

app/controllers/vendor_outage_controller.rb

@@ -16,8 +16,8 @@ def from_idv_phone?
   end
 
   def gpo_letter_available?
-    FeatureManagement.gpo_verification_enabled? &&
-      current_user &&
-      !Idv::GpoMail.new(current_user).rate_limited?
+    return false unless current_user
+    policy = Idv::GpoVerifyByMailPolicy.new(current_user)
+    policy.send_letter_available?
   end
 end

app/forms/gpo_verify_form.rb

@@ -127,6 +127,7 @@ def activate_profile
   end
 
   def user_can_request_another_letter?
-    !Idv::GpoMail.new(user).rate_limited?
+    policy = Idv::GpoVerifyByMailPolicy.new(user)
+    policy.resend_letter_available?
   end
 end

app/services/idv/gpo_mail.rb → app/policies/idv/gpo_verify_by_mail_policy.rb

@@ -1,24 +1,35 @@
 # frozen_string_literal: true
 
 module Idv
-  class GpoMail
-    attr_reader :current_user
+  class GpoVerifyByMailPolicy
+    attr_reader :user
 
-    def initialize(current_user)
-      @current_user = current_user
+    def initialize(user)
+      @user = user
+    end
+
+    def resend_letter_available?
+      FeatureManagement.gpo_verification_enabled? &&
+        !rate_limited? &&
+        !profile_too_old?
+    end
+
+    def send_letter_available?
+      FeatureManagement.gpo_verification_enabled? &&
+        !rate_limited?
     end
 
     def rate_limited?
       too_many_letter_requests_within_window? || last_letter_request_too_recent?
     end
 
     def profile_too_old?
-      return false if !current_user.pending_profile
+      return false if !user.pending_profile
 
       min_creation_date = IdentityConfig.store.
         gpo_max_profile_age_to_send_letter_in_days.days.ago
 
-      current_user.pending_profile.created_at < min_creation_date
+      user.pending_profile.created_at < min_creation_date
     end
 
     private
@@ -34,16 +45,16 @@ def last_not_too_recent_enabled?
 
     def too_many_letter_requests_within_window?
       return false unless window_limit_enabled?
-      current_user.gpo_confirmation_codes.where(
+      user.gpo_confirmation_codes.where(
         created_at: IdentityConfig.store.max_mail_events_window_in_days.days.ago..Time.zone.now,
       ).count >= IdentityConfig.store.max_mail_events
     end
 
     def last_letter_request_too_recent?
       return false unless last_not_too_recent_enabled?
-      return false unless current_user.gpo_verification_pending_profile?
+      return false unless user.gpo_verification_pending_profile?
 
-      current_user.gpo_verification_pending_profile.gpo_confirmation_codes.exists?(
+      user.gpo_verification_pending_profile.gpo_confirmation_codes.exists?(
         [
           'created_at > ?',
           IdentityConfig.store.minimum_wait_before_another_usps_letter_in_hours.hours.ago,

app/services/vot/parser.rb

@@ -11,6 +11,7 @@ class ParseException < StandardError; end
       :hspd12?,
       :identity_proofing?,
       :biometric_comparison?,
+      :two_pieces_of_fair_evidence?,
       :ialmax?,
       :enhanced_ipp?,
     ) do
@@ -22,6 +23,7 @@ def self.no_sp_result
           hspd12?: false,
           identity_proofing?: false,
           biometric_comparison?: false,
+          two_pieces_of_fair_evidence?: false,
           ialmax?: false,
           enhanced_ipp?: false,
         )
@@ -59,6 +61,7 @@ def parse
         hspd12?: requirement_list.include?(:hspd12),
         identity_proofing?: requirement_list.include?(:identity_proofing),
         biometric_comparison?: requirement_list.include?(:biometric_comparison),
+        two_pieces_of_fair_evidence?: requirement_list.include?(:two_pieces_of_fair_evidence),
         ialmax?: requirement_list.include?(:ialmax),
         enhanced_ipp?: requirement_list.include?(:enhanced_ipp),
       )

app/services/vot/supported_component_values.rb

@@ -36,7 +36,7 @@ module SupportedComponentValues
       name: 'Pb',
       description: 'A biometric comparison is required as part of identity proofing',
       implied_component_values: ['P1'],
-      requirements: [:biometric_comparison],
+      requirements: [:biometric_comparison, :two_pieces_of_fair_evidence],
     ).freeze
     Pe = ComponentValue.new(
       name: 'Pe',

app/views/idv/by_mail/enter_code/_did_not_receive_letter.html.erb

@@ -42,7 +42,7 @@
 </p>
 
 <% if @can_request_another_letter %>
-  <%= link_to t('idv.messages.gpo.resend'), idv_request_letter_path, class: 'display-block margin-top-4' %>
+  <%= link_to t('idv.messages.gpo.resend'), idv_resend_letter_path, class: 'display-block margin-top-4' %>
 <% end %>
 
 <hr class="margin-y-4" />

app/views/idv/by_mail/enter_code/_enter_code.html.erb

@@ -44,7 +44,7 @@
 </p>
 
 <% if @can_request_another_letter %>
-  <%= link_to t('idv.messages.gpo.resend'), idv_request_letter_path, class: 'display-block margin-top-4' %>
+  <%= link_to t('idv.messages.gpo.resend'), idv_resend_letter_path, class: 'display-block margin-top-4' %>
 <% end %>
 
 <hr class="margin-y-4" />

spec/controllers/idv/by_mail/request_letter_controller_spec.rb

@@ -60,7 +60,7 @@
     end
 
     it 'redirects if the user has sent too much mail' do
-      allow(controller.gpo_mail_service).to receive(:rate_limited?).and_return(true)
+      allow(controller.gpo_mail_policy).to receive(:rate_limited?).and_return(true)
       allow(subject.idv_session).to receive(:address_mechanism_chosen?).
         and_return(true)
       get :index
@@ -69,7 +69,7 @@
     end
 
     it 'allows a user to request another letter' do
-      allow(controller.gpo_mail_service).to receive(:rate_limited?).and_return(false)
+      allow(controller.gpo_mail_policy).to receive(:rate_limited?).and_return(false)
       get :index
 
       expect(response).to be_ok

spec/features/idv/steps/request_letter_step_spec.rb

@@ -93,11 +93,11 @@
 
         # Confirm that user cannot visit other IdV pages while unverified
         visit idv_agreement_path
-        expect(page).to have_current_path(idv_letter_enqueued_path)
+        expect(page).to have_current_path(idv_verify_by_mail_enter_code_path)
         visit idv_ssn_url
-        expect(page).to have_current_path(idv_letter_enqueued_path)
+        expect(page).to have_current_path(idv_verify_by_mail_enter_code_path)
         visit idv_verify_info_url
-        expect(page).to have_current_path(idv_letter_enqueued_path)
+        expect(page).to have_current_path(idv_verify_by_mail_enter_code_path)
 
         # complete verification: end to end gpo test
         sign_out

spec/features/saml/ial2_sso_spec.rb

@@ -137,7 +137,7 @@ def sign_out_user
         click_link(t('idv.messages.gpo.resend'))
 
         expect(user.events.account_verified.size).to be(0)
-        expect(current_path).to eq(idv_request_letter_path)
+        expect(current_path).to eq(idv_resend_letter_path)
 
         click_button(t('idv.gpo.request_another_letter.button'))