18F · jmax-gsa · Nov 7, 2024 · Oct 30, 2024 · Oct 30, 2024 · Oct 30, 2024
diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb
@@ -50,6 +50,24 @@ def selfie_requirement_met?
         stored_result.selfie_check_performed?
     end
 
+    def redirect_to_correct_vendor(vendor, in_hybrid_mobile)
+      expected_doc_auth_vendor = doc_auth_vendor
+      return if vendor == expected_doc_auth_vendor
+      return if vendor == Idp::Constants::Vendors::LEXIS_NEXIS &&
+                expected_doc_auth_vendor == Idp::Constants::Vendors::MOCK
+
+      correct_path = case expected_doc_auth_vendor
+        when Idp::Constants::Vendors::SOCURE
+          in_hybrid_mobile ? idv_hybrid_mobile_socure_document_capture_path
+                           : idv_socure_document_capture_path
+        when Idp::Constants::Vendors::LEXIS_NEXIS, Idp::Constants::Vendors::MOCK
+          in_hybrid_mobile ? idv_hybrid_mobile_document_capture_path
+                           : idv_document_capture_path
+        end
+
+      redirect_to correct_path
+    end
+
     private
 
     def track_document_issuing_state(user, state)

diff --git a/app/controllers/idv/document_capture_controller.rb b/app/controllers/idv/document_capture_controller.rb
@@ -12,19 +12,15 @@ class DocumentCaptureController < ApplicationController
     before_action :confirm_step_allowed, unless: -> { allow_direct_ipp? }
     before_action :override_csp_to_allow_acuant
     before_action :set_usps_form_presenter
+    before_action -> { redirect_to_correct_vendor(Idp::Constants::Vendors::LEXIS_NEXIS, false) }
 
     def show
       analytics.idv_doc_auth_document_capture_visited(**analytics_arguments)
 
       Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
         call('document_capture', :view, true)
 
-      case doc_auth_vendor
-      when Idp::Constants::Vendors::SOCURE
-        redirect_to idv_socure_document_capture_url
-      when Idp::Constants::Vendors::LEXIS_NEXIS, Idp::Constants::Vendors::MOCK
-        render :show, locals: extra_view_variables
-      end
+      render :show, locals: extra_view_variables
     end
 
     def update

diff --git a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb
@@ -11,6 +11,7 @@ class DocumentCaptureController < ApplicationController
       before_action :override_csp_to_allow_acuant
       before_action :confirm_document_capture_needed, only: :show
       before_action :set_usps_form_presenter
+      before_action -> { redirect_to_correct_vendor(Idp::Constants::Vendors::LEXIS_NEXIS, true) }
 
       def show
         analytics.idv_doc_auth_document_capture_visited(**analytics_arguments)

diff --git a/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb
@@ -11,6 +11,7 @@ class DocumentCaptureController < ApplicationController
 
         check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
         before_action :check_valid_document_capture_session, except: [:update]
+        before_action -> { redirect_to_correct_vendor(Idp::Constants::Vendors::SOCURE, true) }
 
         def show
           Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer]).

diff --git a/app/controllers/idv/socure/document_capture_controller.rb b/app/controllers/idv/socure/document_capture_controller.rb
@@ -11,6 +11,7 @@ class DocumentCaptureController < ApplicationController
       check_or_render_not_found -> { IdentityConfig.store.socure_enabled }
       before_action :confirm_not_rate_limited
       before_action :confirm_step_allowed
+      before_action -> { redirect_to_correct_vendor(Idp::Constants::Vendors::SOCURE, false) }
 
       # reconsider and maybe remove these when implementing the real
       # update handler

diff --git a/spec/controllers/idv/document_capture_controller_spec.rb b/spec/controllers/idv/document_capture_controller_spec.rb
@@ -116,12 +116,14 @@
       }
     end
 
+    let(:idv_vendor) { Idp::Constants::Vendors::LEXIS_NEXIS }
+
     before do
       allow(IdentityConfig.store).to receive(:doc_auth_vendor).and_return(
-        Idp::Constants::Vendors::LEXIS_NEXIS,
+        idv_vendor,
       )
       allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(
-        Idp::Constants::Vendors::LEXIS_NEXIS,
+        idv_vendor,
       )
     end
 
@@ -130,6 +132,16 @@
       expect(assigns(:presenter)).to be_kind_of(Idv::InPerson::UspsFormPresenter)
     end
 
+    context 'when we try to use this controller but we should be using the Socure version' do
+      let(:idv_vendor) { Idp::Constants::Vendors::SOCURE }
+
+      it 'redirects to the Socure controller' do
+        get :show
+
+        expect(response).to redirect_to idv_socure_document_capture_url
+      end
+    end
+
     it 'renders the show template' do
       expect(subject).to receive(:render).with(
         :show,

diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb
@@ -15,12 +15,16 @@
   let(:document_capture_session_requested_at) { Time.zone.now }
   let(:document_capture_session_result_captured_at) { Time.zone.now + 1.second }
   let(:document_capture_session_result_success) { true }
+  let(:idv_vendor) { Idp::Constants::Vendors::MOCK }
 
   before do
     stub_analytics
 
     session[:doc_capture_user_id] = user&.id
     session[:document_capture_session_uuid] = document_capture_session_uuid
+
+    allow(IdentityConfig.store).to receive(:doc_auth_vendor).and_return(idv_vendor)
+    allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(idv_vendor)
   end
 
   describe 'before_actions' do
@@ -55,6 +59,16 @@
         }
       end
 
+      context 'when we try to use this controller but we should be using the Socure version' do
+        let(:idv_vendor) { Idp::Constants::Vendors::SOCURE }
+
+        it 'redirects to the Socure controller' do
+          get :show
+
+          expect(response).to redirect_to idv_hybrid_mobile_socure_document_capture_url
+        end
+      end
+
       it 'renders the show template' do
         expect(subject).to receive(:render).with(
           :show,

diff --git a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb
@@ -63,6 +63,15 @@
       end
     end
 
+    context 'when we try to use this controller but we should be using the LN/mock version' do
+      let(:idv_vendor) { Idp::Constants::Vendors::LEXIS_NEXIS }
+
+      it 'redirects to the LN/mock controller' do
+        get :show
+        expect(response).to redirect_to idv_hybrid_mobile_document_capture_url
+      end
+    end
+
     context 'happy path' do
       let(:response_redirect_url) { 'https://idv.test/dance' }
       let(:docv_transaction_token) { '176dnc45d-2e34-46f3-82217-6f540ae90673' }

diff --git a/spec/controllers/idv/socure/document_capture_controller_spec.rb b/spec/controllers/idv/socure/document_capture_controller_spec.rb
@@ -65,6 +65,15 @@
       subject.idv_session.document_capture_session_uuid = expected_uuid
     end
 
+    context 'when we try to use this controller but we should be using the LN/mock version' do
+      let(:idv_vendor) { Idp::Constants::Vendors::LEXIS_NEXIS }
+
+      it 'redirects to the LN/mock controller' do
+        get :show
+        expect(response).to redirect_to idv_document_capture_url
+      end
+    end
+
     context 'happy path' do
       let(:response_redirect_url) { 'https://idv.test/dance' }
       let(:docv_transaction_token) { '176dnc45d-2e34-46f3-82217-6f540ae90673' }

diff --git a/spec/features/idv/hybrid_mobile/entry_spec.rb b/spec/features/idv/hybrid_mobile/entry_spec.rb
@@ -22,13 +22,22 @@
   let(:link_to_visit) { link_sent_via_sms }
 
   context 'valid link' do
+    before do
+      allow(IdentityConfig.store).to receive(:socure_enabled).and_return(true)
+    end
+
     it 'puts the user on the document capture page' do
       expect(link_to_visit).to be
 
       Capybara.using_session('mobile') do
         visit link_to_visit
         # Should have redirected to the actual doc capture url
         expect(current_url).to eql(idv_hybrid_mobile_document_capture_url)
+
+        # Confirm that we end up on the LN / Mock page even if we try to
+        # go to the Socure one.
+        visit idv_hybrid_mobile_socure_document_capture_url
+        expect(page).to have_current_path(idv_hybrid_mobile_document_capture_url)
       end
     end
   end

diff --git a/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb
@@ -10,6 +10,7 @@
 
   before do
     allow(FeatureManagement).to receive(:doc_capture_polling_enabled?).and_return(true)
+    allow(IdentityConfig.store).to receive(:socure_enabled).and_return(true)
     allow(IdentityConfig.store).to receive(:use_vot_in_sp_requests).and_return(true)
     allow(Telephony).to receive(:send_doc_auth_link).and_wrap_original do |impl, config|
       @sms_link = config[:link]
@@ -44,7 +45,11 @@
       # Confirm that jumping to LinkSent page does not cause errors
       visit idv_link_sent_url
       expect(page).to have_current_path(root_url)
-      visit idv_hybrid_mobile_document_capture_url
+
+      # Confirm that we end up on the LN / Mock page even if we try to
+      # go to the Socure one.
+      visit idv_hybrid_mobile_socure_document_capture_url
+      expect(page).to have_current_path(idv_hybrid_mobile_document_capture_url)
 
       # Confirm that clicking cancel and then coming back doesn't cause errors
       click_link 'Cancel'