LG-16389 MRZ validation only performed if passport is requested and submitted

app/forms/idv/api_image_upload_form.rb

@@ -47,7 +47,8 @@ def submit
 
         if client_response.success?
           doc_pii_response = validate_pii_from_doc(client_response)
-          if doc_pii_response.success? && passport_submittal
+
+          if doc_pii_response.success? && passport_requested? && passport_submittal
             mrz_response = validate_mrz(client_response)
           end
         end
@@ -185,7 +186,7 @@ def post_images_to_client
     def document_type
       return nil if document_capture_session.nil?
 
-      @document_type ||= document_capture_session.passport_requested? \
+      @document_type ||= passport_requested? \
         ? 'Passport' : 'DriversLicense'
     end
 
@@ -289,6 +290,7 @@ def determine_response(form_response:, client_response:, doc_pii_response:, mrz_
       # doc_pii validation failed
       return doc_pii_response if doc_pii_response.present? && !doc_pii_response.success?
 
+      # mrz validation failed
       return mrz_response if mrz_response.present? && !mrz_response.success?
 
       client_response
@@ -507,6 +509,10 @@ def user_uuid
       document_capture_session&.user&.uuid
     end
 
+    def passport_requested?
+      !!document_capture_session&.passport_requested?
+    end
+
     def rate_limiter
       @rate_limiter ||= RateLimiter.new(
         user: document_capture_session.user,

spec/forms/idv/api_image_upload_form_spec.rb

@@ -30,6 +30,7 @@
   let(:front_image) { DocAuthImageFixtures.document_front_image_multipart }
   let(:back_image) { DocAuthImageFixtures.document_back_image_multipart }
   let(:passport_image) { nil }
+  let(:passport_requested) { false }
   let(:selfie_image) { nil }
   let(:liveness_checking_required) { false }
   let(:front_image_file_name) { 'front.jpg' }
@@ -89,6 +90,8 @@
   before do
     allow(IdentityConfig.store).to receive(:doc_escrow_enabled).and_return doc_escrow_enabled
     allow(writer).to receive(:write).and_return result
+    allow_any_instance_of(DocumentCaptureSession).to receive(:passport_requested?)
+      .and_return(passport_requested)
   end
 
   describe '#valid?' do
@@ -899,6 +902,7 @@
         )
       end
       let(:response) { form.submit }
+      let(:passport_requested) { true }
 
       before do
         allow_any_instance_of(described_class)
@@ -919,6 +923,7 @@
             },
           )
         end
+        let(:document_type) { 'Passport' }
 
         before do
           allow_any_instance_of(DocAuth::Mock::DosPassportApiClient)
@@ -955,6 +960,7 @@
 
       context 'Passport MRZ validation succeeds' do
         let(:passport_image) { DocAuthImageFixtures.passport_passed_yaml }
+        let(:document_type) { 'Passport' }
 
         let(:successful_passport_mrz_response) do
           DocAuth::Response.new(
@@ -1019,6 +1025,25 @@
         end
       end
 
+      context 'User submits passport but passport is not requested' do
+        let(:passport_requested) { false }
+        let(:passport_image) { DocAuthImageFixtures.passport_passed_yaml }
+
+        it 'does not do MRZ validation' do
+          expect_any_instance_of(DocAuth::Mock::DosPassportApiClient).to_not receive(:fetch)
+
+          response
+        end
+
+        it 'does not call the MRZ analytics event' do
+          response
+
+          expect(fake_analytics).to_not have_logged_event(
+            :idv_dos_passport_verification,
+          )
+        end
+      end
+
       context 'Passport doc auth succeeds but PII validation fails' do
         let(:passport_image) { DocAuthImageFixtures.passport_passed_yaml }
         let(:successful_doc_auth_response) do