diff --git a/app/controllers/idv/in_person/address_controller.rb b/app/controllers/idv/in_person/address_controller.rb index 02043a87019..f2b2214bcbc 100644 --- a/app/controllers/idv/in_person/address_controller.rb +++ b/app/controllers/idv/in_person/address_controller.rb @@ -7,7 +7,6 @@ class AddressController < ApplicationController include IdvStepConcern before_action :confirm_step_allowed - before_action :confirm_in_person_address_step_needed, only: :show before_action :set_usps_form_presenter def show @@ -50,7 +49,9 @@ def self.step_info key: :ipp_address, controller: self, next_steps: [:ipp_ssn], - preconditions: ->(idv_session:, user:) { idv_session.ipp_state_id_complete? }, + preconditions: ->(idv_session:, user:) { + idv_session.ipp_state_id_complete? + }, undo_step: ->(idv_session:, user:) do idv_session.invalidate_in_person_address_step! end, @@ -96,13 +97,6 @@ def redirect_to_next_page end end - def confirm_in_person_address_step_needed - return if pii_from_user&.dig(:same_address_as_id) == 'false' && - !pii_from_user.has_key?(:address1) - return if request.referer == idv_in_person_verify_info_url - redirect_to idv_in_person_ssn_url - end - def set_usps_form_presenter @presenter = Idv::InPerson::UspsFormPresenter.new end diff --git a/app/controllers/idv/in_person/ssn_controller.rb b/app/controllers/idv/in_person/ssn_controller.rb index 62f8c7f02e3..f71774a767b 100644 --- a/app/controllers/idv/in_person/ssn_controller.rb +++ b/app/controllers/idv/in_person/ssn_controller.rb @@ -9,9 +9,8 @@ class SsnController < ApplicationController include Steps::ThreatMetrixStepHelper include ThreatMetrixConcern + before_action :confirm_step_allowed before_action :confirm_not_rate_limited_after_doc_auth - before_action :confirm_in_person_address_step_complete - before_action :confirm_repeat_ssn, only: :show before_action :override_csp_for_threat_metrix, if: -> { FeatureManagement.proofing_device_profiling_collecting_enabled? } @@ -66,23 +65,17 @@ def self.step_info key: :ipp_ssn, controller: self, next_steps: [:ipp_verify_info], - preconditions: ->(idv_session:, user:) { idv_session.ipp_document_capture_complete? }, - undo_step: ->(idv_session:, user:) { idv_session.ssn = nil }, + preconditions: ->(idv_session:, user:) { + idv_session.ipp_document_capture_complete? + }, + undo_step: ->(idv_session:, user:) { + idv_session.invalidate_ssn_step! + }, ) end private - def flow_session - user_session.fetch('idv/in_person', {}) - end - - def confirm_repeat_ssn - return if !idv_session.ssn - return if request.referer == idv_in_person_verify_info_url - redirect_to idv_in_person_verify_info_url - end - def next_url idv_in_person_verify_info_url end @@ -96,11 +89,6 @@ def analytics_arguments }.merge(ab_test_analytics_buckets) .merge(**extra_analytics_properties) end - - def confirm_in_person_address_step_complete - return if flow_session[:pii_from_user] && flow_session[:pii_from_user][:address1].present? - redirect_to idv_in_person_address_url - end end end end diff --git a/app/controllers/idv/in_person/verify_info_controller.rb b/app/controllers/idv/in_person/verify_info_controller.rb index c113293face..90d03756462 100644 --- a/app/controllers/idv/in_person/verify_info_controller.rb +++ b/app/controllers/idv/in_person/verify_info_controller.rb @@ -10,8 +10,7 @@ class VerifyInfoController < ApplicationController include VerifyInfoConcern before_action :confirm_not_rate_limited_after_doc_auth, except: [:show] - before_action :confirm_pii_data_present - before_action :confirm_ssn_step_complete + before_action :confirm_step_allowed def show @step_indicator_steps = step_indicator_steps @@ -40,7 +39,8 @@ def self.step_info controller: self, next_steps: [:phone], preconditions: ->(idv_session:, user:) do - idv_session.ssn && idv_session.ipp_document_capture_complete? + idv_session.ssn && idv_session.ipp_document_capture_complete? && + threatmetrix_session_id_present_or_not_required?(idv_session:) end, undo_step: ->(idv_session:, user:) do idv_session.residential_resolution_vendor = nil @@ -89,17 +89,6 @@ def analytics_arguments }.merge(ab_test_analytics_buckets) .merge(**extra_analytics_properties) end - - def confirm_ssn_step_complete - return if pii.present? && idv_session.ssn.present? - redirect_to prev_url - end - - def confirm_pii_data_present - unless user_session.dig('idv/in_person').present? - redirect_to idv_path - end - end end end end diff --git a/app/controllers/idv/ssn_controller.rb b/app/controllers/idv/ssn_controller.rb index 04c7dcb8e9c..05af8c453f5 100644 --- a/app/controllers/idv/ssn_controller.rb +++ b/app/controllers/idv/ssn_controller.rb @@ -65,7 +65,9 @@ def self.step_info controller: self, next_steps: [:verify_info], preconditions: ->(idv_session:, user:) { idv_session.remote_document_capture_complete? }, - undo_step: ->(idv_session:, user:) { idv_session.ssn = nil }, + undo_step: ->(idv_session:, user:) { + idv_session.invalidate_ssn_step! + }, ) end diff --git a/app/services/idv/session.rb b/app/services/idv/session.rb index 196b2e3b9a5..70435fb86c8 100644 --- a/app/services/idv/session.rb +++ b/app/services/idv/session.rb @@ -302,6 +302,12 @@ def ssn_step_complete? ssn.present? end + def invalidate_ssn_step! + if user_session[:idv].has_key?(:ssn) + user_session[:idv].delete(:ssn) + end + end + def verify_info_step_complete? resolution_successful end diff --git a/spec/controllers/idv/in_person/address_controller_spec.rb b/spec/controllers/idv/in_person/address_controller_spec.rb index a20a89be12b..a05ea29cd7b 100644 --- a/spec/controllers/idv/in_person/address_controller_spec.rb +++ b/spec/controllers/idv/in_person/address_controller_spec.rb @@ -14,12 +14,11 @@ allow(IdentityConfig.store).to receive(:usps_ipp_transliteration_enabled) .and_return(true) stub_sign_in(user) - stub_up_to(:hybrid_handoff, idv_session: subject.idv_session) + stub_up_to(:ipp_state_id, idv_session: subject.idv_session) allow(user).to receive(:establishing_in_person_enrollment).and_return(enrollment) subject.user_session['idv/in_person'] = { pii_from_user: pii_from_user, } - subject.idv_session.ssn = nil stub_analytics end @@ -97,17 +96,6 @@ expect(response).to render_template :show end - context 'when address1 present' do - before do - subject.user_session['idv/in_person'][:pii_from_user][:address1] = '123 Main St' - end - it 'redirects to ssn page' do - get :show - - expect(response).to redirect_to idv_in_person_ssn_url - end - end - it 'logs idv_in_person_proofing_address_visited' do get :show @@ -170,6 +158,12 @@ ) end + it 'enables the user to navigate to the ssn page after entering their residential address' do + put :update, params: params + + expect(response).to redirect_to(idv_in_person_ssn_url) + end + it 'logs idv_in_person_proofing_address_submitted with 5-digit zipcode' do put :update, params: params @@ -178,6 +172,7 @@ context 'when updating the residential address' do before do + stub_up_to(:ipp_verify_info, idv_session: subject.idv_session) subject.user_session['idv/in_person'][:pii_from_user][:address1] = '123 New Residential Ave' end diff --git a/spec/controllers/idv/in_person/ssn_controller_spec.rb b/spec/controllers/idv/in_person/ssn_controller_spec.rb index da9ea25d4ef..989d067d941 100644 --- a/spec/controllers/idv/in_person/ssn_controller_spec.rb +++ b/spec/controllers/idv/in_person/ssn_controller_spec.rb @@ -1,6 +1,8 @@ require 'rails_helper' RSpec.describe Idv::InPerson::SsnController do + include FlowPolicyHelper + let(:pii_from_user) { Idp::Constants::MOCK_IDV_APPLICANT_SAME_ADDRESS_AS_ID_WITH_NO_SSN.dup } let(:flow_session) do @@ -25,13 +27,22 @@ end describe 'before_actions' do - context '#confirm_in_person_address_step_complete' do - it 'redirects if address page not completed' do - subject.user_session['idv/in_person'][:pii_from_user].delete(:address1) - get :show + before do + stub_up_to(:ipp_state_id, idv_session: subject.idv_session) + subject.user_session['idv/in_person'][:pii_from_user].delete(:address1) + allow(user).to receive(:has_establishing_in_person_enrollment?).and_return(true) + end + it 'redirects if address page not completed' do + get :show - expect(response).to redirect_to idv_in_person_address_url - end + expect(response).to redirect_to idv_in_person_address_url + end + + it 'checks that step is allowed' do + expect(subject).to have_actions( + :before, + :confirm_step_allowed, + ) end end @@ -67,37 +78,24 @@ ) end - it 'adds a threatmetrix session id to idv_session' do - expect { get :show }.to change { controller.idv_session.threatmetrix_session_id }.from(nil) - end - - it 'does not change threatmetrix_session_id when updating ssn' do - controller.idv_session.ssn = ssn - expect { get :show }.not_to change { controller.idv_session.threatmetrix_session_id } - end + context 'threatmetrix_session_id is nil' do + it 'adds a threatmetrix session id to idv_session' do + expect { get :show }.to change { controller.idv_session.threatmetrix_session_id }.from(nil) + end - context 'with an ssn in idv_session' do - let(:referer) { idv_in_person_address_url } - before do + it 'sets a threatmetrix_session_id when updating ssn' do controller.idv_session.ssn = ssn - request.env['HTTP_REFERER'] = referer + expect { get :show }.to change { controller.idv_session.threatmetrix_session_id }.from(nil) end + end - context 'referer is not verify_info' do - it 'redirects to verify_info' do - get :show - - expect(response).to redirect_to(idv_in_person_verify_info_url) - end + context 'threatmetrix_session_id is not nil' do + before do + stub_up_to(:ipp_ssn, idv_session: controller.idv_session) end - - context 'referer is verify_info' do - let(:referer) { idv_in_person_verify_info_url } - it 'does not redirect' do - get :show - - expect(response).to render_template 'idv/shared/ssn' - end + it 'does not change threatmetrix_session_id when updating ssn' do + controller.idv_session.ssn = ssn + expect { get :show }.not_to change { controller.idv_session.threatmetrix_session_id } end end diff --git a/spec/controllers/idv/in_person/verify_info_controller_spec.rb b/spec/controllers/idv/in_person/verify_info_controller_spec.rb index 7ba8e8e4ae5..b62ba461327 100644 --- a/spec/controllers/idv/in_person/verify_info_controller_spec.rb +++ b/spec/controllers/idv/in_person/verify_info_controller_spec.rb @@ -1,6 +1,8 @@ require 'rails_helper' RSpec.describe Idv::InPerson::VerifyInfoController do + include FlowPolicyHelper + let(:pii_from_user) { Idp::Constants::MOCK_IDV_APPLICANT_SAME_ADDRESS_AS_ID.dup } let(:flow_session) do { pii_from_user: pii_from_user } @@ -8,13 +10,16 @@ let(:user) { create(:user, :with_phone, with: { phone: '+1 (415) 555-0130' }) } let(:service_provider) { create(:service_provider) } + let(:enrollment) { InPersonEnrollment.new } before do + stub_analytics stub_sign_in(user) subject.idv_session.flow_path = 'standard' subject.idv_session.ssn = Idp::Constants::MOCK_IDV_APPLICANT_SAME_ADDRESS_AS_ID[:ssn] subject.idv_session.idv_consent_given_at = Time.zone.now.to_s subject.user_session['idv/in_person'] = flow_session + stub_up_to(:ipp_ssn, idv_session: subject.idv_session) end describe '#step_info' do @@ -69,25 +74,14 @@ ) end - it 'confirms ssn step complete' do - expect(subject).to have_actions( - :before, - :confirm_ssn_step_complete, - ) - end - - it 'confirms idv/in_person data is present' do + it 'confirms the verify info step is allowed' do expect(subject).to have_actions( :before, - :confirm_pii_data_present, + :confirm_step_allowed, ) end end - before do - stub_analytics - end - describe '#show' do it 'renders the show template' do get :show @@ -242,12 +236,14 @@ context 'when idv/in_person data is missing' do before do + stub_up_to(:ipp_verify_info, idv_session: subject.idv_session) + allow(user).to receive(:has_establishing_in_person_enrollment?).and_return(true) subject.user_session['idv/in_person'] = {} end - it 'redirects to idv_path' do + it 'redirects to the in person state id page' do get :show - expect(response).to redirect_to(idv_path) + expect(response).to redirect_to(idv_in_person_state_id_path) end end @@ -319,7 +315,6 @@ end let(:pii_from_user) { Idp::Constants::MOCK_IDV_APPLICANT_STATE_ID_ADDRESS.dup } - let(:enrollment) { InPersonEnrollment.new } before do allow(user).to receive(:establishing_in_person_enrollment).and_return(enrollment) end @@ -345,7 +340,7 @@ .with( kind_of(DocumentCaptureSession), trace_id: subject.send(:amzn_trace_id), - threatmetrix_session_id: nil, + threatmetrix_session_id: 'a-random-session-id', user_id: anything, request_ip: request.remote_ip, ipp_enrollment_in_progress: false, @@ -357,6 +352,11 @@ end context 'a user does have an establishing in person enrollment associated with them' do + before do + subject.idv_session.send(:user_session)['idv/in_person'] = { + pii_from_user: Idp::Constants::MOCK_IDV_APPLICANT_STATE_ID_ADDRESS, + } + end it 'indicates to the IDV agent that ipp_enrollment_in_progress is enabled' do expect_any_instance_of(Idv::Agent).to receive(:proof_resolution).with( kind_of(DocumentCaptureSession), @@ -390,7 +390,7 @@ .with( kind_of(DocumentCaptureSession), trace_id: subject.send(:amzn_trace_id), - threatmetrix_session_id: nil, + threatmetrix_session_id: 'a-random-session-id', user_id: anything, request_ip: request.remote_ip, ipp_enrollment_in_progress: true, @@ -448,4 +448,22 @@ put :update end end + + context 'when proofing_device_profiling is enabled' do + before do + allow(user).to receive(:establishing_in_person_enrollment).and_return(enrollment) + allow(IdentityConfig.store).to receive(:proofing_device_profiling).and_return(:enabled) + end + + context 'when idv_session is missing threatmetrix_session_id' do + before do + subject.idv_session.threatmetrix_session_id = nil + end + + it 'redirects back to the SSN step' do + get :show + expect(response).to redirect_to(idv_in_person_ssn_url) + end + end + end end diff --git a/spec/support/flow_policy_helper.rb b/spec/support/flow_policy_helper.rb index cc555129a10..e99ad069d12 100644 --- a/spec/support/flow_policy_helper.rb +++ b/spec/support/flow_policy_helper.rb @@ -38,6 +38,7 @@ def stub_step(key:, idv_session:) pii_from_user: Idp::Constants::MOCK_IDV_APPLICANT_SAME_ADDRESS_AS_ID.dup, } idv_session.ssn = Idp::Constants::MOCK_IDV_APPLICANT_WITH_SSN[:ssn] + idv_session.threatmetrix_session_id = 'a-random-session-id' when :verify_info idv_session.mark_verify_info_step_complete! idv_session.applicant = Idp::Constants::MOCK_IDV_APPLICANT_WITH_SSN.dup