LG-15783: store doc auth vendor in document capture session

app/controllers/concerns/idv/doc_auth_vendor_concern.rb

@@ -6,18 +6,23 @@ module DocAuthVendorConcern
 
     # @returns[String] String identifying the vendor to use for doc auth.
     def doc_auth_vendor
-      if resolved_authn_context_result.facial_match? || socure_user_set.maxed_users?
-        bucket = choose_non_socure_bucket
-      else
-        bucket = ab_test_bucket(:DOC_AUTH_VENDOR)
-      end
+      document_capture_session.doc_auth_vendor || begin
+        if resolved_authn_context_result.facial_match? || socure_user_set.maxed_users?
+          bucket = choose_non_socure_bucket
+        else
+          bucket = ab_test_bucket(:DOC_AUTH_VENDOR)
+        end
 
-      if bucket == :socure
-        if !add_user_to_socure_set
-          bucket = choose_non_socure_bucket # force to lexis_nexis if max user reached
+        if bucket == :socure
+          if !add_user_to_socure_set
+            bucket = choose_non_socure_bucket # force to lexis_nexis if max user reached
+          end
         end
+
+        doc_auth_vendor_for_bucket = DocAuthRouter.doc_auth_vendor_for_bucket(bucket)
+        document_capture_session.update!(doc_auth_vendor: doc_auth_vendor_for_bucket)
+        doc_auth_vendor_for_bucket
       end
-      DocAuthRouter.doc_auth_vendor_for_bucket(bucket)
     end
 
     def doc_auth_vendor_enabled?(vendor)

app/controllers/idv/how_to_verify_controller.rb

@@ -98,5 +98,12 @@ def set_how_to_verify_presenter
     def mobile_required?
       idv_session.selfie_check_required || doc_auth_vendor == Idp::Constants::Vendors::SOCURE
     end
+
+    def document_capture_session
+      return @document_capture_session if defined?(@document_capture_session)
+      @document_capture_session = DocumentCaptureSession.find_by(
+        uuid: idv_session.document_capture_session_uuid,
+      )
+    end
   end
 end

app/controllers/idv/hybrid_mobile/entry_controller.rb

@@ -45,12 +45,6 @@ def update_sp_session
       end
 
       def validate_document_capture_session_id
-        if document_capture_session_uuid.blank?
-          # If we've already gotten a document capture user id previously, just continue
-          # processing and (eventually) redirect the user where they're supposed to be.
-          return true if document_capture_user_id
-        end
-
         result = Idv::DocumentCaptureSessionForm.new(document_capture_session_uuid).submit
 
         if result.success?

app/controllers/idv/image_uploads_controller.rb

@@ -2,8 +2,6 @@
 
 module Idv
   class ImageUploadsController < ApplicationController
-    include DocAuthVendorConcern
-
     respond_to :json
 
     def create
@@ -22,7 +20,6 @@ def create
     def image_upload_form
       @image_upload_form ||= Idv::ApiImageUploadForm.new(
         params,
-        doc_auth_vendor:,
         acuant_sdk_upgrade_ab_test_bucket: ab_test_bucket(:ACUANT_SDK),
         service_provider: current_sp,
         analytics: analytics,

app/forms/idv/api_image_upload_form.rb

@@ -17,15 +17,13 @@ class ApiImageUploadForm
     def initialize(
       params,
       service_provider:,
-      doc_auth_vendor:,
       acuant_sdk_upgrade_ab_test_bucket:,
       analytics: nil,
       uuid_prefix: nil,
       liveness_checking_required: false
     )
       @params = params
       @service_provider = service_provider
-      @doc_auth_vendor = doc_auth_vendor
       @acuant_sdk_upgrade_ab_test_bucket = acuant_sdk_upgrade_ab_test_bucket
       @analytics = analytics
       @readable = {}
@@ -328,7 +326,7 @@ def document_capture_session_uuid
 
     def doc_auth_client
       @doc_auth_client ||= DocAuthRouter.client(
-        vendor: @doc_auth_vendor,
+        vendor: document_capture_session.doc_auth_vendor,
         warn_notifier: proc do |attrs|
           analytics&.doc_auth_warning(
             **attrs,

db/primary_migrate/20250219164618_add_doc_auth_vendor_to_document_capture_sessions_w_comment.rb

@@ -0,0 +1,9 @@
+class AddDocAuthVendorToDocumentCaptureSessionsWComment < ActiveRecord::Migration[7.2]
+  def up
+    add_column :document_capture_sessions, :doc_auth_vendor, :string, comment: 'sensitive=false'
+  end
+
+  def down
+    remove_column :document_capture_sessions, :doc_auth_vendor
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[8.0].define(version: 2025_02_07_144037) do
+ActiveRecord::Schema[8.0].define(version: 2025_02_19_164618) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "citext"
   enable_extension "pg_catalog.plpgsql"
@@ -200,6 +200,7 @@
     t.string "last_doc_auth_result", comment: "sensitive=false"
     t.string "socure_docv_transaction_token", comment: "sensitive=false"
     t.string "socure_docv_capture_app_url", comment: "sensitive=false"
+    t.string "doc_auth_vendor", comment: "sensitive=false"
     t.index ["result_id"], name: "index_document_capture_sessions_on_result_id"
     t.index ["socure_docv_transaction_token"], name: "index_socure_docv_transaction_token", unique: true
     t.index ["user_id"], name: "index_document_capture_sessions_on_user_id"

spec/controllers/concerns/idv/doc_auth_vendor_concern_spec.rb

@@ -2,9 +2,6 @@
 
 RSpec.describe Idv::DocAuthVendorConcern, :controller do
   let(:user) { create(:user) }
-  let(:document_capture_session) do
-    create(:document_capture_session, user: user)
-  end
   let(:socure_user_set) { Idv::SocureUserSet.new }
   let(:bucket) { :mock }
 
@@ -24,13 +21,17 @@
       allow(controller).to receive(:ab_test_bucket)
         .with(:DOC_AUTH_VENDOR)
         .and_return(bucket)
+      allow(controller).to receive(:document_capture_session)
+        .and_return(create(:document_capture_session, user:))
     end
 
     context 'bucket is LexisNexis' do
       let(:bucket) { :lexis_nexis }
 
       it 'returns lexis nexis as the vendor' do
         expect(controller.doc_auth_vendor).to eq(Idp::Constants::Vendors::LEXIS_NEXIS)
+        expect(controller.document_capture_session.doc_auth_vendor)
+          .to eq(Idp::Constants::Vendors::LEXIS_NEXIS)
       end
     end
 
@@ -39,6 +40,8 @@
 
       it 'returns mock as the vendor' do
         expect(controller.doc_auth_vendor).to eq(Idp::Constants::Vendors::MOCK)
+        expect(controller.document_capture_session.doc_auth_vendor)
+          .to eq(Idp::Constants::Vendors::MOCK)
       end
     end
 
@@ -47,14 +50,14 @@
 
       context 'current user is undefined so use document_capture_session user' do
         before do
-          allow(DocumentCaptureSession).to receive(:find_by).and_return(document_capture_session)
-          allow(User).to receive(:find_by).and_return(user)
           allow(controller).to receive(:current_user).and_return(nil)
           allow(controller).to receive(:document_capture_user).and_return(user)
         end
 
         it 'returns socure as the vendor' do
           expect(controller.doc_auth_vendor).to eq(Idp::Constants::Vendors::SOCURE)
+          expect(controller.document_capture_session.doc_auth_vendor)
+            .to eq(Idp::Constants::Vendors::SOCURE)
         end
 
         it 'adds a user to the socure redis set' do
@@ -151,6 +154,23 @@
       it 'returns false' do
         expect(controller.doc_auth_vendor_enabled?(vendor)).to eq false
       end
+
+      context 'session already assigned LexisNexis doc auth vendor' do
+        before do
+          allow(controller).to receive(:document_capture_session)
+            .and_return(create(:document_capture_session, user:))
+          allow(IdentityConfig.store).to receive(:doc_auth_vendor_default)
+            .and_return(Idp::Constants::Vendors::MOCK)
+          controller.document_capture_session
+            .update!(doc_auth_vendor: Idp::Constants::Vendors::LEXIS_NEXIS)
+        end
+        it 'lexis_nexis is still docauth vendor' do
+          expect(DocAuthRouter).not_to receive(:doc_auth_vendor_for_bucket)
+          expect(controller.doc_auth_vendor).to eq(Idp::Constants::Vendors::LEXIS_NEXIS)
+          expect(controller.document_capture_session.doc_auth_vendor)
+            .to eq(Idp::Constants::Vendors::LEXIS_NEXIS)
+        end
+      end
     end
   end
 end

spec/controllers/idv/how_to_verify_controller_spec.rb

@@ -6,6 +6,7 @@
   let(:service_provider) do
     create(:service_provider, :active, :in_person_proofing_enabled)
   end
+  let(:document_capture_session) { create(:document_capture_session, user:) }
 
   before do
     allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled) { true }
@@ -15,6 +16,7 @@
     allow(subject.idv_session).to receive(:service_provider).and_return(service_provider)
     subject.idv_session.welcome_visited = true
     subject.idv_session.idv_consent_given_at = Time.zone.now
+    subject.idv_session.document_capture_session_uuid = document_capture_session.uuid
   end
 
   describe 'before_actions' do

spec/controllers/idv/hybrid_handoff_controller_spec.rb

@@ -11,6 +11,8 @@
   let(:in_person_proofing) { false }
   let(:ipp_opt_in_enabled) { false }
   let(:sp_selfie_enabled) { false }
+  let(:document_capture_session) { create(:document_capture_session) }
+  let(:document_capture_session_uuid) { document_capture_session.uuid }
 
   before do
     allow(controller).to receive(:current_sp)
@@ -31,6 +33,8 @@
     allow(IdentityConfig.store).to receive(:in_person_proofing_opt_in_enabled) {
                                      ipp_opt_in_enabled
                                    }
+
+    subject.idv_session.document_capture_session_uuid = document_capture_session_uuid
   end
 
   describe '#step_info' do
@@ -308,12 +312,6 @@
         }
       end
 
-      let(:document_capture_session_uuid) { '09228b6d-dd39-4925-bf82-b69104095517' }
-
-      before do
-        subject.idv_session.document_capture_session_uuid = document_capture_session_uuid
-      end
-
       it 'invalidates future steps' do
         expect(subject).to receive(:clear_future_steps!)
 

spec/controllers/idv/hybrid_mobile/entry_controller_spec.rb

@@ -230,28 +230,5 @@
         end
       end
     end
-
-    context 'with a user id in session and no session uuid' do
-      let(:user) { create(:user) }
-
-      before do
-        session[:doc_capture_user_id] = user.id
-        get :show
-      end
-
-      context 'doc auth vendor is socure' do
-        let(:idv_vendor) { Idp::Constants::Vendors::SOCURE }
-
-        it 'redirects to the first step' do
-          expect(response).to redirect_to idv_hybrid_mobile_socure_document_capture_url
-        end
-      end
-
-      context 'doc auth vendor is lexis nexis' do
-        it 'redirects to the first step' do
-          expect(response).to redirect_to idv_hybrid_mobile_document_capture_url
-        end
-      end
-    end
   end
 end

spec/controllers/idv/image_uploads_controller_spec.rb

@@ -19,7 +19,9 @@
       post :create, params: params
     end
 
-    let!(:document_capture_session) { user.document_capture_sessions.create!(user: user) }
+    let!(:document_capture_session) do
+      create(:document_capture_session, user:, doc_auth_vendor: 'mock')
+    end
     let(:flow_path) { 'standard' }
     let(:params) do
       {

spec/forms/idv/api_image_upload_form_spec.rb

@@ -19,7 +19,6 @@
       service_provider: build(:service_provider, issuer: 'test_issuer'),
       analytics: fake_analytics,
       liveness_checking_required: liveness_checking_required,
-      doc_auth_vendor: 'mock',
       acuant_sdk_upgrade_ab_test_bucket:,
     )
   end
@@ -51,7 +50,7 @@
     }
   end
   let(:selfie_image_metadata) { nil }
-  let!(:document_capture_session) { DocumentCaptureSession.create!(user: create(:user)) }
+  let!(:document_capture_session) { create(:document_capture_session, doc_auth_vendor: 'mock') }
   let(:document_capture_session_uuid) { document_capture_session.uuid }
   let(:fake_analytics) { FakeAnalytics.new }
   let(:acuant_sdk_upgrade_ab_test_bucket) {}