18F · solipet · Jul 2, 2025 · Jul 1, 2025 · Jul 2, 2025 · Jul 2, 2025
diff --git a/app/forms/idv/doc_pii_form.rb b/app/forms/idv/doc_pii_form.rb
@@ -42,7 +42,7 @@ def submit
 
     def self.pii_like_keypaths(document_type:)
       keypaths = [[:pii]]
-      document_attrs = document_type&.downcase == 'passport' ?
+      document_attrs = document_type&.downcase&.include?('passport') ?
         DocPiiPassport.pii_like_keypaths :
         DocPiiStateId.pii_like_keypaths
 
@@ -106,7 +106,7 @@ def id_doc_type_valid?
       when *STATE_ID_TYPES
         state_id_validation = DocPiiStateId.new(pii: pii_from_doc)
         state_id_validation.valid? || errors.merge!(state_id_validation.errors)
-      when 'passport'
+      when 'passport', 'passport_card'
         passport_validation = DocPiiPassport.new(pii: pii_from_doc)
         passport_validation.valid? || errors.merge!(passport_validation.errors)
       else

diff --git a/app/forms/idv/doc_pii_passport.rb b/app/forms/idv/doc_pii_passport.rb
@@ -12,7 +12,8 @@ class DocPiiPassport
                 in: 'USA', message: proc { I18n.t('doc_auth.errors.general.no_liveness') }
               }
 
-    validate :passport_expired?
+    validate :passport_not_expired?
+    validate :passport_book? # we don't support passport cards
 
     attr_reader :passport_expiration, :issuing_country_code, :mrz
 
@@ -35,10 +36,18 @@ def generic_error
       I18n.t('doc_auth.errors.general.no_liveness')
     end
 
-    def passport_expired?
-      if passport_expiration && DateParser.parse_legacy(passport_expiration).past?
-        errors.add(:passport_expiration, generic_error, type: :passport_expiration)
-      end
+    def passport_not_expired?
+      return true unless passport_expiration && DateParser.parse_legacy(passport_expiration).past?
+
+      errors.add(:passport_expiration, generic_error, type: :passport_expiration)
+      false
+    end
+
+    def passport_book?
+      return true if pii_from_doc[:id_doc_type] == 'passport'
+
+      errors.add(:id_doc_type, generic_error, type: :id_doc_type)
+      false
     end
   end
 end
diff --git a/app/services/doc_auth/lexis_nexis/doc_pii_reader.rb b/app/services/doc_auth/lexis_nexis/doc_pii_reader.rb
@@ -26,13 +26,16 @@ def read_pii(true_id_product)
         return nil unless id_auth_field_data.present?
 
         id_doc_type_slug = id_auth_field_data['Fields_DocumentClassName']
-        @id_doc_type = IdentityConfig.store.doc_auth_passports_enabled ?
-          DocAuth::Response::ID_TYPE_SLUGS[id_doc_type_slug] :
-          DocAuth::Response::STATE_ID_TYPE_SLUGS[id_doc_type_slug]
+        id_doc_issue_type = authentication_result_field_data['DocIssueType']
+
+        @id_doc_type = determine_id_doc_type(
+          doc_class_name: id_doc_type_slug,
+          doc_issue_type: id_doc_issue_type,
+        )
 
         if id_doc_type == 'drivers_license' || id_doc_type == 'state_id_card'
           generate_state_id_pii
-        elsif id_doc_type == 'passport'
+        elsif id_doc_type == 'passport' || id_doc_type == 'passport_card'
           generate_passport_pii
         end
       end
@@ -179,6 +182,22 @@ def generate_passport_pii
           mrz: id_auth_field_data['Fields_MRZ'],
         )
       end
+
+      def determine_id_doc_type(doc_class_name:, doc_issue_type:)
+        val = if IdentityConfig.store.doc_auth_passports_enabled
+                DocAuth::Response::ID_TYPE_SLUGS[doc_class_name]
+              else
+                DocAuth::Response::STATE_ID_TYPE_SLUGS[doc_class_name]
+              end
+
+        # If the DocIssueType is 'Passport Card',
+        # LN is returning 'Identification Card' as the DocClassName so we need to differentiate
+        # between a passport card and a state-issued identification card.
+        if doc_issue_type == 'Passport Card'
+          val = 'passport_card'
+        end
+        val
+      end
     end
   end
 end
diff --git a/app/services/doc_auth/lexis_nexis/responses/true_id_response.rb b/app/services/doc_auth/lexis_nexis/responses/true_id_response.rb
@@ -40,6 +40,9 @@ def initialize(http_response, config, liveness_checking_enabled = false,
         ## returns full check success status, considering all checks:
         #    vendor (document and selfie if requested)
         def successful_result?
+          return false if passport_detected_but_not_allowed?
+          return false if passport_card_detected?
+
           doc_auth_success? &&
             (@liveness_checking_enabled ? selfie_passed? : true)
         end
@@ -55,7 +58,11 @@ def doc_auth_success?
         def error_messages
           return {} if successful_result?
 
-          if with_authentication_result?
+          if passport_detected_but_not_allowed?
+            { passport: true }
+          elsif passport_card_detected?
+            { passport_card: true }
+          elsif with_authentication_result?
             ErrorGenerator.new(config).generate_doc_auth_errors(response_info)
           elsif true_id_product.present?
             ErrorGenerator.wrapped_general_error
@@ -122,7 +129,10 @@ def parsed_response_body
         end
 
         def passport_pii?
-          @passport_pii ||= pii_from_doc&.id_doc_type == 'passport'
+          @passport_pii ||= begin
+            pii_from_doc&.id_doc_type == 'passport' ||
+              pii_from_doc&.id_doc_type == 'passport_card'
+          end
         end
 
         def transaction_status
@@ -228,6 +238,19 @@ def doc_issuer_type
           true_id_product&.dig(:AUTHENTICATION_RESULT, :DocIssuerType)
         end
 
+        def doc_issue_type
+          true_id_product&.dig(:AUTHENTICATION_RESULT, :DocIssueType)
+        end
+
+        def passport_detected_but_not_allowed?
+          passport_detected = doc_class_name == 'Passport' || passport_card_detected?
+          !IdentityConfig.store.doc_auth_passports_enabled && passport_detected
+        end
+
+        def passport_card_detected?
+          doc_issue_type == 'Passport Card'
+        end
+
         def classification_info
           # Acuant response has both sides info, here simulate that
           doc_class = doc_class_name

diff --git a/spec/fixtures/proofing/lexis_nexis/true_id/true_id_response_passport_tampering_failure.json b/spec/fixtures/proofing/lexis_nexis/true_id/true_id_response_passport_tampering_failure.json
@@ -49,7 +49,7 @@
           {
             "Group": "AUTHENTICATION_RESULT",
             "Name": "DocIssuerType",
-            "Values": [{ "Value": "StateProvince" }]
+            "Values": [{ "Value": "Country" }]
           },
           {
             "Group": "AUTHENTICATION_RESULT",

diff --git a/spec/fixtures/proofing/lexis_nexis/true_id/true_id_response_success_passport.json b/spec/fixtures/proofing/lexis_nexis/true_id/true_id_response_success_passport.json
@@ -49,7 +49,7 @@
           {
             "Group": "AUTHENTICATION_RESULT",
             "Name": "DocIssuerType",
-            "Values": [{ "Value": "StateProvince" }]
+            "Values": [{ "Value": "Country" }]
           },
           {
             "Group": "AUTHENTICATION_RESULT",
@@ -1044,4 +1044,3 @@
       }
     ]
   }
-