diff --git a/app/controllers/concerns/rate_limit_concern.rb b/app/controllers/concerns/rate_limit_concern.rb index adb79de6fc7..150689e5648 100644 --- a/app/controllers/concerns/rate_limit_concern.rb +++ b/app/controllers/concerns/rate_limit_concern.rb @@ -5,9 +5,9 @@ module RateLimitConcern ALL_IDV_RATE_LIMITERS = [:idv_resolution, :idv_doc_auth, :proof_ssn].freeze - def confirm_not_rate_limited(rate_limiters = ALL_IDV_RATE_LIMITERS) + def confirm_not_rate_limited(rate_limiters = ALL_IDV_RATE_LIMITERS, check_last_submission: false) exceeded_rate_limits = check_for_exceeded_rate_limits(rate_limiters) - if exceeded_rate_limits.any? && !final_hybrid_submission_passed? + if exceeded_rate_limits.any? && !(check_last_submission && final_submission_passed?) rate_limit_redirect!(exceeded_rate_limits.first) return true end @@ -28,18 +28,13 @@ def confirm_not_rate_limited_for_phone_address_verification private - def final_hybrid_submission_passed? + def final_submission_passed? doc_session_idv = user_session.to_h['idv'] return false if doc_session_idv.blank? doc_session_uuid = doc_session_idv['document_capture_session_uuid'] return false if doc_session_uuid.blank? - flow_path = doc_session_idv['flow_path'] - return false if flow_path.blank? - - return false if flow_path != 'hybrid' - document_capture_session = DocumentCaptureSession.find_by(uuid: doc_session_uuid) return false if document_capture_session.nil? diff --git a/app/controllers/idv/link_sent_controller.rb b/app/controllers/idv/link_sent_controller.rb index b1519981276..0b67e3b78aa 100644 --- a/app/controllers/idv/link_sent_controller.rb +++ b/app/controllers/idv/link_sent_controller.rb @@ -7,7 +7,10 @@ class LinkSentController < ApplicationController include IdvStepConcern include StepIndicatorConcern - before_action :confirm_not_rate_limited + before_action -> do + confirm_not_rate_limited(check_last_submission: true) + end + before_action :confirm_step_allowed def show diff --git a/app/controllers/idv/socure/document_capture_controller.rb b/app/controllers/idv/socure/document_capture_controller.rb index 3af25fad09d..65b28a5dd0d 100644 --- a/app/controllers/idv/socure/document_capture_controller.rb +++ b/app/controllers/idv/socure/document_capture_controller.rb @@ -9,21 +9,18 @@ class DocumentCaptureController < ApplicationController include RenderConditionConcern check_or_render_not_found -> { IdentityConfig.store.socure_docv_enabled } - before_action :confirm_not_rate_limited + + before_action :confirm_not_rate_limited, except: :update + before_action -> do + confirm_not_rate_limited(check_last_submission: true) + end, only: :update + before_action :confirm_step_allowed before_action -> do redirect_to_correct_vendor(Idp::Constants::Vendors::SOCURE, in_hybrid_mobile: false) end, only: :show before_action :fetch_test_verification_data, only: [:update] - # reconsider and maybe remove these when implementing the real - # update handler - skip_before_action :redirect_unless_idv_session_user, only: [:update] - skip_before_action :confirm_two_factor_authenticated, only: [:update] - skip_before_action :confirm_idv_needed, only: [:update] - skip_before_action :confirm_not_rate_limited, only: [:update] - skip_before_action :confirm_step_allowed, only: [:update] - def show idv_session.socure_docv_wait_polling_started_at = nil diff --git a/spec/controllers/idv/socure/document_capture_controller_spec.rb b/spec/controllers/idv/socure/document_capture_controller_spec.rb index 042a53d75f2..b7365415ab7 100644 --- a/spec/controllers/idv/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/socure/document_capture_controller_spec.rb @@ -390,6 +390,8 @@ describe '#update' do before do + stub_sign_in(user) + subject.idv_session.flow_path = 'standard' get :update end diff --git a/spec/features/idv/doc_auth/socure_document_capture_spec.rb b/spec/features/idv/doc_auth/socure_document_capture_spec.rb index e591091fa0a..b52ed3d39f2 100644 --- a/spec/features/idv/doc_auth/socure_document_capture_spec.rb +++ b/spec/features/idv/doc_auth/socure_document_capture_spec.rb @@ -114,25 +114,29 @@ end end - it 'redirects to the rate limited error page' do - # recovers when fails to repeat webhook to an endpoint - allow_any_instance_of(DocAuth::Socure::WebhookRepeater) - .to receive(:send_http_post_request).and_raise('doh') - expect(page).to have_current_path(fake_socure_document_capture_app_url) - visit idv_socure_document_capture_path - expect(page).to have_current_path(idv_socure_document_capture_path) - socure_docv_upload_documents( - docv_transaction_token: @docv_transaction_token, - ) - visit idv_socure_document_capture_path - expect(page).to have_current_path(idv_session_errors_rate_limited_path) - expect(fake_analytics).to have_logged_event( - 'Rate Limit Reached', - limiter_type: :idv_doc_auth, - ) - expect(fake_analytics).to have_logged_event( - :idv_socure_document_request_submitted, - ) + context 'when we fail on the last attempt' do + before do + allow_any_instance_of(DocAuth::Socure::WebhookRepeater) + .to receive(:send_http_post_request).and_raise('doh') + end + + it 'redirects to the rate limited error page' do + expect(page).to have_current_path(fake_socure_document_capture_app_url) + visit idv_socure_document_capture_path + expect(page).to have_current_path(idv_socure_document_capture_path) + socure_docv_upload_documents( + docv_transaction_token: @docv_transaction_token, + ) + visit idv_socure_document_capture_path + expect(page).to have_current_path(idv_session_errors_rate_limited_path) + expect(fake_analytics).to have_logged_event( + 'Rate Limit Reached', + limiter_type: :idv_doc_auth, + ) + expect(fake_analytics).to have_logged_event( + :idv_socure_document_request_submitted, + ) + end end context 'successfully processes image on last attempt' do @@ -147,6 +151,9 @@ socure_docv_upload_documents( docv_transaction_token: @docv_transaction_token, ) + DocumentCaptureSession.find_by(user_id: @user.id).update( + last_doc_auth_result: 'Passed', + ) visit idv_socure_document_capture_update_path expect(page).to have_current_path(idv_ssn_url)