18F · shanechesnutt-ft · Jun 10, 2025 · May 30, 2025 · amirbey · Jun 4, 2025
diff --git a/app/jobs/resolution_proofing_job.rb b/app/jobs/resolution_proofing_job.rb
@@ -122,7 +122,6 @@ def make_vendor_proofing_requests(
   )
     result = progressive_proofer(user:, proofing_vendor:).proof(
       applicant_pii: applicant_pii,
-      user_email: user_email_for_proofing(user),
       threatmetrix_session_id: threatmetrix_session_id,
       request_ip: request_ip,
       ipp_enrollment_in_progress: ipp_enrollment_in_progress,
@@ -161,7 +160,7 @@ def logger_info_hash(hash)
 
   def progressive_proofer(user:, proofing_vendor:)
     @progressive_proofer ||= Proofing::Resolution::ProgressiveProofer.new(
-      user_uuid: user.uuid, proofing_vendor:,
+      user_uuid: user.uuid, proofing_vendor:, user_email: user_email_for_proofing(user),
     )
   end
 

diff --git a/app/jobs/socure_docv_results_job.rb b/app/jobs/socure_docv_results_job.rb
@@ -88,6 +88,7 @@ def socure_document_verification_result
       customer_user_id: document_capture_session&.user&.uuid,
       document_capture_session_uuid:,
       docv_transaction_token_override:,
+      user_email: document_capture_session&.user&.last_sign_in_email_address&.email,
     ).fetch
   end
 

diff --git a/app/services/doc_auth/socure/requests/docv_result_request.rb b/app/services/doc_auth/socure/requests/docv_result_request.rb
@@ -9,22 +9,25 @@ class DocvResultRequest < DocAuth::Socure::Request
         def initialize(
           customer_user_id:,
           document_capture_session_uuid:,
+          user_email:,
           docv_transaction_token_override: nil
         )
           @customer_user_id = customer_user_id
+          @user_email = user_email
           @document_capture_session_uuid = document_capture_session_uuid
           @docv_transaction_token_override = docv_transaction_token_override
         end
 
         private
 
-        attr_reader :customer_user_id, :docv_transaction_token_override
+        attr_reader :customer_user_id, :docv_transaction_token_override, :user_email
 
         def body
           {
             modules: ['documentverification'],
             docvTransactionToken: docv_transaction_token,
             customerUserId: customer_user_id,
+            email: user_email,
           }.to_json
         end
 

diff --git a/app/services/proofing/resolution/plugins/residential_address_plugin.rb b/app/services/proofing/resolution/plugins/residential_address_plugin.rb
@@ -14,12 +14,7 @@ def initialize(
           @sp_cost_token = sp_cost_token
         end
 
-        def call(
-          applicant_pii:,
-          current_sp:,
-          ipp_enrollment_in_progress:,
-          timer:
-        )
+        def call(applicant_pii:, current_sp:, ipp_enrollment_in_progress:, timer:)
           return residential_address_unnecessary_result unless ipp_enrollment_in_progress
 
           timer.time('residential address') do

diff --git a/app/services/proofing/resolution/progressive_proofer.rb b/app/services/proofing/resolution/progressive_proofer.rb
@@ -11,6 +11,7 @@ class ProgressiveProofer
       class InvalidProofingVendorError; end
 
       attr_reader :user_uuid,
+                  :user_email,
                   :aamva_plugin,
                   :threatmetrix_plugin,
                   :phone_finder_plugin,
@@ -22,8 +23,9 @@ class InvalidProofingVendorError; end
         socure_kyc: :socure_resolution,
       }.freeze
 
-      def initialize(user_uuid:, proofing_vendor:)
+      def initialize(user_uuid:, proofing_vendor:, user_email:)
         @user_uuid = user_uuid
+        @user_email = user_email
         @aamva_plugin = Plugins::AamvaPlugin.new
         @threatmetrix_plugin = Plugins::ThreatMetrixPlugin.new
         @phone_finder_plugin = Plugins::PhoneFinderPlugin.new
@@ -36,7 +38,6 @@ def initialize(user_uuid:, proofing_vendor:)
       # @param [String] request_ip IP address for request
       # @param [String] threatmetrix_session_id identifies the threatmetrix session
       # @param [JobHelpers::Timer] timer indicates time elapsed to obtain results
-      # @param [String] user_email email address for applicant
       # @param [String] user_uuid user uuid for applicant
       # @param [String] workflow user is in idv or auth workflow
       # @return [ResultAdjudicator] object which contains the logic to determine proofing's result
@@ -45,7 +46,6 @@ def proof(
         request_ip:,
         threatmetrix_session_id:,
         timer:,
-        user_email:,
         ipp_enrollment_in_progress:,
         current_sp:,
         workflow:
@@ -154,6 +154,7 @@ def create_socure_proofer
         Proofing::Socure::IdPlus::Proofer.new(
           Proofing::Socure::IdPlus::Config.new(
             user_uuid:,
+            user_email:,
             api_key: IdentityConfig.store.socure_idplus_api_key,
             base_url: IdentityConfig.store.socure_idplus_base_url,
             timeout: IdentityConfig.store.socure_idplus_timeout_in_seconds,

diff --git a/app/services/proofing/socure/id_plus/config.rb b/app/services/proofing/socure/id_plus/config.rb
@@ -8,12 +8,13 @@ module IdPlus
         :base_url,
         :timeout,
         :user_uuid,
+        :user_email,
         keyword_init: true,
         allowed_members: [
           :base_url,
           :timeout,
         ],
       ).freeze
+    end
   end
 end
-end
diff --git a/app/services/proofing/socure/id_plus/request.rb b/app/services/proofing/socure/id_plus/request.rb
@@ -99,7 +99,7 @@ def body
             userConsent: true,
             consentTimestamp: input.consent_given_at&.to_time&.iso8601,
 
-            email: input.email,
+            email: config.user_email,
             mobileNumber: input.phone,
 
             # > The country or jurisdiction from where the transaction originates,

diff --git a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb
@@ -487,6 +487,7 @@
             modules: ['documentverification'],
             docvTransactionToken: test_token,
             customerUserId: user.uuid,
+            email: user.email,
           }
             .to_json)
           .to_return(

diff --git a/spec/controllers/idv/socure/document_capture_controller_spec.rb b/spec/controllers/idv/socure/document_capture_controller_spec.rb
@@ -475,6 +475,7 @@
               modules: ['documentverification'],
               docvTransactionToken: test_token,
               customerUserId: user.uuid,
+              email: user.email,
             }
               .to_json)
             .to_return(

diff --git a/spec/jobs/socure_docv_results_job_spec.rb b/spec/jobs/socure_docv_results_job_spec.rb
@@ -96,7 +96,13 @@
       end
 
       before do
-        stub_request(:post, 'https://example.com/api/3.0/EmailAuthScore')
+        stub_request(:post, "#{socure_idplus_base_url}/api/3.0/EmailAuthScore")
+          .with(body: {
+            modules: ['documentverification'],
+            docvTransactionToken: nil,
+            customerUserId: user.uuid,
+            email: user.last_sign_in_email_address.email,
+          })
           .to_return(
             headers: {
               'Content-Type' => 'application/json',

diff --git a/spec/jobs/socure_shadow_mode_proofing_job_spec.rb b/spec/jobs/socure_shadow_mode_proofing_job_spec.rb
@@ -505,6 +505,7 @@
 
       expect(job.proofer(user:).config.to_h).to eql(
         user_uuid: user.uuid,
+        user_email: nil,
         api_key: 'an-api-key',
         base_url: 'https://example.org',
         timeout: 6,

diff --git a/spec/services/doc_auth/socure/requests/docv_result_request_spec.rb b/spec/services/doc_auth/socure/requests/docv_result_request_spec.rb
@@ -2,13 +2,16 @@
 
 RSpec.describe DocAuth::Socure::Requests::DocvResultRequest do
   let(:user) { create(:user) }
+  let(:customer_user_id) { user.uuid }
+  let(:user_email) { Faker::Internet.email }
   let(:document_capture_session_uuid) { 'fake uuid' }
   let(:fake_analytics) { FakeAnalytics.new }
 
   subject(:docv_result_request) do
     described_class.new(
-      customer_user_id: user.uuid,
+      customer_user_id:,
       document_capture_session_uuid:,
+      user_email:,
     )
   end
 
@@ -28,35 +31,73 @@
       allow(DocumentCaptureSession).to receive(:find_by).and_return(document_capture_session)
     end
 
-    context 'with socure failures' do
+    context 'when the docv request is successful' do
+      let(:response)  { docv_result_request.fetch }
+
+      before do
+        stub_request(:post, fake_socure_api_endpoint)
+          .with(body: {
+            modules: ['documentverification'],
+            docvTransactionToken: docv_transaction_token,
+            customerUserId: customer_user_id,
+            email: user_email,
+          })
+          .to_return(
+            status: 200,
+            body: {}.to_json,
+          )
+      end
+
+      it 'returns a DocvResultResponse' do
+        expect(response).to be_instance_of(DocAuth::Socure::Responses::DocvResultResponse)
+      end
+    end
+
+    context 'when the docv request fails' do
+      let(:response)  { docv_result_request.fetch }
       let(:status) { 'Error' }
-      let(:referenceId) { '360ae43f-123f-47ab-8e05-6af79752e76c' }
+      let(:reference_id) { '360ae43f-123f-47ab-8e05-6af79752e76c' }
       let(:msg) { 'InternalServerException' }
-      let(:fake_socure_response) { { status:, referenceId:, msg: } }
+      let(:fake_socure_response) { { status:, referenceId: reference_id, msg: } }
       let(:fake_socure_status) { 500 }
 
-      it 'expect correct doc auth response during a connection failure' do
-        stub_request(:post, fake_socure_api_endpoint).to_raise(Faraday::ConnectionFailed)
-        response_hash = docv_result_request.fetch.to_h
-        expect(response_hash[:success]).to eq(false)
-        expect(response_hash[:errors]).to eq({ network: true })
-        expect(response_hash[:vendor]).to eq('Socure')
-        expect(response_hash[:exception]).to be_a(Faraday::ConnectionFailed)
+      context 'when the failure is connection failed' do
+        before do
+          stub_request(:post, fake_socure_api_endpoint).to_raise(Faraday::ConnectionFailed)
+        end
+
+        it 'returns a DocAuth::Response failure' do
+          expect(response.to_h).to include(
+            success: false,
+            errors: {
+              network: true,
+            },
+            vendor: 'Socure',
+            exception: an_instance_of(Faraday::ConnectionFailed),
+          )
+        end
       end
 
-      it 'expect correct doc auth response for a socure fail response' do
-        stub_request(:post, fake_socure_api_endpoint)
-          .to_return(
-            status: fake_socure_status,
-            body: JSON.generate(fake_socure_response),
+      context 'when the failure is a socure failure' do
+        before do
+          stub_request(:post, fake_socure_api_endpoint)
+            .to_return(
+              status: fake_socure_status,
+              body: JSON.generate(fake_socure_response),
+            )
+        end
+
+        it 'returns a DocAuth::Response failure' do
+          expect(response.to_h).to include(
+            success: false,
+            errors: {
+              network: true,
+            },
+            vendor: 'Socure',
+            reference_id: reference_id,
+            exception: an_instance_of(DocAuth::RequestError),
           )
-        response_hash = docv_result_request.fetch.to_h
-        expect(response_hash[:success]).to eq(false)
-        expect(response_hash[:errors]).to eq({ network: true })
-        expect(response_hash[:vendor]).to eq('Socure')
-        expect(response_hash[:reference_id]).to eq(referenceId)
-        expect(response_hash[:exception]).to be_a(DocAuth::RequestError)
-        expect(response_hash[:exception].message).to include('Unexpected HTTP response 500')
+        end
       end
     end
   end

diff --git a/spec/services/proofing/resolution/plugins/state_id_address_plugin_spec.rb b/spec/services/proofing/resolution/plugins/state_id_address_plugin_spec.rb
@@ -64,9 +64,7 @@
       end
 
       it 'passes state id address to proofer' do
-        expect(plugin.proofer)
-          .to receive(:proof)
-          .with(hash_including(state_id_address))
+        expect(plugin.proofer).to receive(:proof).with(applicant_pii)
 
         call
       end
@@ -159,30 +157,26 @@
 
       context 'residential address and id address are diferent' do
         let(:applicant_pii) { Idp::Constants::MOCK_IDV_APPLICANT_STATE_ID_ADDRESS }
-        let(:residential_address) do
-          {
-            address1: applicant_pii[:address1],
-            address2: applicant_pii[:address2],
-            city: applicant_pii[:city],
-            state: applicant_pii[:state],
-            state_id_jurisdiction: applicant_pii[:state_id_jurisdiction],
-            zipcode: applicant_pii[:zipcode],
-          }
-        end
-        let(:state_id_address) do
+        let(:expected_applicant) do
           {
+            **applicant_pii.except(
+              :identity_doc_address1,
+              :identity_doc_address2,
+              :identity_doc_city,
+              :identity_doc_address_state,
+              :identity_doc_zipcode,
+            ),
             address1: applicant_pii[:identity_doc_address1],
             address2: applicant_pii[:identity_doc_address2],
             city: applicant_pii[:identity_doc_city],
             state: applicant_pii[:identity_doc_address_state],
-            state_id_jurisdiction: applicant_pii[:state_id_jurisdiction],
             zipcode: applicant_pii[:identity_doc_zipcode],
           }
         end
 
         context 'LexisNexis vendor passes for residential address' do
           it 'calls the vendor Proofer with state id address' do
-            expect(plugin.proofer).to receive(:proof).with(hash_including(state_id_address))
+            expect(plugin.proofer).to receive(:proof).with(expected_applicant)
 
             call
           end

diff --git a/spec/services/proofing/resolution/progressive_proofer_spec.rb b/spec/services/proofing/resolution/progressive_proofer_spec.rb
@@ -2,18 +2,24 @@
 
 RSpec.describe Proofing::Resolution::ProgressiveProofer do
   let(:user) { build(:user) }
+  let(:user_uuid) { user.uuid }
+  let(:user_email) { user.email }
   let(:proofing_vendor) { :mock }
 
-  subject(:progressive_proofer) { described_class.new(user_uuid: user.uuid, proofing_vendor:) }
+  subject(:progressive_proofer) { described_class.new(user_uuid:, proofing_vendor:, user_email:) }
 
   it 'assigns aamva_plugin' do
-    expect(described_class.new(user_uuid: user.uuid, proofing_vendor:).aamva_plugin).to be_a(
+    expect(
+      described_class.new(user_uuid:, proofing_vendor:, user_email:).aamva_plugin,
+    ).to be_a(
       Proofing::Resolution::Plugins::AamvaPlugin,
     )
   end
 
   it 'assigns threatmetrix_plugin' do
-    expect(described_class.new(user_uuid: user.uuid, proofing_vendor:).threatmetrix_plugin).to be_a(
+    expect(
+      described_class.new(user_uuid:, proofing_vendor:, user_email:).threatmetrix_plugin,
+    ).to be_a(
       Proofing::Resolution::Plugins::ThreatMetrixPlugin,
     )
   end
@@ -23,9 +29,7 @@
     let(:ipp_enrollment_in_progress) { false }
     let(:request_ip) { Faker::Internet.ip_v4_address }
     let(:threatmetrix_session_id) { SecureRandom.uuid }
-    let(:user_email) { Faker::Internet.email }
     let(:current_sp) { build(:service_provider) }
-    let(:user_uuid) { user.uuid }
     let(:workflow) { :auth }
 
     let(:residential_address_resolution_result) do
@@ -97,7 +101,6 @@
         request_ip:,
         threatmetrix_session_id:,
         timer: JobHelpers::Timer.new,
-        user_email:,
         current_sp:,
         workflow:,
       )

diff --git a/spec/services/proofing/socure/id_plus/request_spec.rb b/spec/services/proofing/socure/id_plus/request_spec.rb
@@ -4,6 +4,7 @@
   let(:config) do
     Proofing::Socure::IdPlus::Config.new(
       user_uuid: user.uuid,
+      user_email: user.email,
       api_key:,
       base_url:,
       timeout:,
@@ -15,7 +16,6 @@
   let(:user) { build(:user) }
   let(:input) do
     Proofing::Socure::IdPlus::Input.new(
-      email: user.email,
       **Idp::Constants::MOCK_IDV_APPLICANT_WITH_PHONE.merge(
         consent_given_at: '2024-09-01T00:00:00Z',
       ).slice(