LG-14734: socure document capture 404 when not enabled

app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb

@@ -7,7 +7,9 @@ class DocumentCaptureController < ApplicationController
         include Idv::AvailabilityConcern
         include DocumentCaptureConcern
         include Idv::HybridMobile::HybridMobileConcern
+        include RenderConditionConcern
 
+        check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
         before_action :check_valid_document_capture_session, except: [:update]
 
         def show

app/controllers/idv/socure/document_capture_controller.rb

@@ -6,7 +6,9 @@ class DocumentCaptureController < ApplicationController
       include Idv::AvailabilityConcern
       include IdvStepConcern
       include DocumentCaptureConcern
+      include RenderConditionConcern
 
+      check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
       before_action :confirm_not_rate_limited
       before_action :confirm_step_allowed
 

app/controllers/socure_webhook_controller.rb

@@ -4,7 +4,7 @@ class SocureWebhookController < ApplicationController
   include RenderConditionConcern
 
   skip_before_action :verify_authenticity_token
-  check_or_render_not_found -> { IdentityConfig.store.socure_webhook_enabled }
+  check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
   before_action :check_token
   before_action :check_socure_event
 

config/application.yml.default

@@ -347,6 +347,7 @@ sign_in_user_id_per_ip_attempt_window_in_minutes: 720
 sign_in_user_id_per_ip_attempt_window_max_minutes: 43_200
 sign_in_user_id_per_ip_max_attempts: 50
 socure_document_request_endpoint: ''
+socure_enabled: false
 socure_idplus_api_key: ''
 socure_idplus_base_url: ''
 socure_idplus_timeout_in_seconds: 5

lib/identity_config.rb

@@ -403,6 +403,7 @@ def self.store
     config.add(:socure_document_request_endpoint, type: :string)
     config.add(:socure_idplus_api_key, type: :string)
     config.add(:socure_webhook_enabled, type: :boolean)
+    config.add(:socure_enabled, type: :boolean)
     config.add(:socure_webhook_secret_key, type: :string)
     config.add(:socure_webhook_secret_key_queue, type: :json)
     config.add(:sp_handoff_bounce_max_seconds, type: :integer)

spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb

@@ -7,6 +7,7 @@
   let(:fake_socure_endpoint) { 'https://fake-socure.com' }
   let(:user) { create(:user) }
   let(:stored_result) { nil }
+  let(:socure_enabled) { true }
 
   let(:document_capture_session) do
     DocumentCaptureSession.create(
@@ -17,6 +18,8 @@
   let(:document_capture_session_uuid) { document_capture_session&.uuid }
 
   before do
+    allow(IdentityConfig.store).to receive(:socure_enabled).
+      and_return(socure_enabled)
     allow(IdentityConfig.store).to receive(:socure_document_request_endpoint).
       and_return(fake_socure_endpoint)
     allow(IdentityConfig.store).to receive(:doc_auth_vendor).and_return(idv_vendor)
@@ -162,6 +165,15 @@
         expect(controller.send(:instance_variable_get, :@url)).not_to be
       end
     end
+
+    context 'when socure is disabled' do
+      let(:socure_enabled) { false }
+      it 'the webhook route does not exist' do
+        get(:show)
+
+        expect(response).to be_not_found
+      end
+    end
   end
 
   describe '#update' do
@@ -170,5 +182,14 @@
 
       expect(response).to have_http_status(:ok)
     end
+
+    context 'when socure is disabled' do
+      let(:socure_enabled) { false }
+      it 'the webhook route does not exist' do
+        post(:update)
+
+        expect(response).to be_not_found
+      end
+    end
   end
 end

spec/controllers/idv/socure/document_capture_controller_spec.rb

@@ -7,6 +7,7 @@
   let(:fake_socure_endpoint) { 'https://fake-socure.com' }
   let(:user) { create(:user) }
   let(:stored_result) { nil }
+  let(:socure_enabled) { true }
 
   let(:document_capture_session) do
     DocumentCaptureSession.create(
@@ -16,6 +17,8 @@
   end
 
   before do
+    allow(IdentityConfig.store).to receive(:socure_enabled).
+      and_return(socure_enabled)
     allow(IdentityConfig.store).to receive(:socure_document_request_endpoint).
       and_return(fake_socure_endpoint)
     allow(IdentityConfig.store).to receive(:doc_auth_vendor).and_return(idv_vendor)
@@ -162,6 +165,15 @@
         expect(controller.send(:instance_variable_get, :@url)).not_to be
       end
     end
+
+    context 'when socure is disabled' do
+      let(:socure_enabled) { false }
+      it 'the webhook route does not exist' do
+        get(:show)
+
+        expect(response).to be_not_found
+      end
+    end
   end
 
   describe '#update' do
@@ -170,5 +182,14 @@
 
       expect(response).to have_http_status(:ok)
     end
+
+    context 'when socure is disabled' do
+      let(:socure_enabled) { false }
+      it 'the webhook route does not exist' do
+        post(:update)
+
+        expect(response).to be_not_found
+      end
+    end
   end
 end

spec/controllers/socure_webhook_controller_spec.rb

@@ -6,7 +6,7 @@
   describe 'POST /api/webhooks/socure/event' do
     let(:socure_secret_key) { 'this-is-a-secret' }
     let(:socure_secret_key_queue) { ['this-is-an-old-secret', 'this-is-an-older-secret'] }
-    let(:socure_webhook_enabled) { true }
+    let(:socure_enabled) { true }
     let(:webhook_body) do
       {
         event: {
@@ -31,8 +31,8 @@
         and_return(socure_secret_key)
       allow(IdentityConfig.store).to receive(:socure_webhook_secret_key_queue).
         and_return(socure_secret_key_queue)
-      allow(IdentityConfig.store).to receive(:socure_webhook_enabled).
-        and_return(socure_webhook_enabled)
+      allow(IdentityConfig.store).to receive(:socure_enabled).
+        and_return(socure_enabled)
       stub_analytics
     end
 
@@ -79,7 +79,7 @@
     end
 
     context 'when socure webhook disabled' do
-      let(:socure_webhook_enabled) { false }
+      let(:socure_enabled) { false }
       it 'the webhook route does not exist' do
         request.headers['Authorization'] = socure_secret_key
         post :create, params: webhook_body