LG-5079: Create separate throttle for address verification

app/controllers/idv/gpo_controller.rb

@@ -145,7 +145,7 @@ def form_response(result, success)
     def idv_throttle_params
       {
         user: idv_session.current_user,
-        throttle_type: :idv_resolution,
+        throttle_type: :proof_address,
       }
     end
 
@@ -171,7 +171,7 @@ def max_attempts_reached
       if idv_attempter_throttled?
         analytics.track_event(
           Analytics::THROTTLER_RATE_LIMIT_TRIGGERED,
-          throttle_type: :idv_resolution,
+          throttle_type: :proof_address,
           step_name: :gpo,
         )
         flash_error

app/controllers/idv/phone_controller.rb

@@ -8,7 +8,7 @@ class PhoneController < ApplicationController
     before_action :set_idv_form
 
     def new
-      redirect_to failure_url(:fail) and return if idv_attempter_throttled?
+      redirect_to failure_url(:fail) and return if throttle.throttled?
 
       async_state = step.async_state
       if async_state.none?
@@ -35,10 +35,14 @@ def create
 
     private
 
+    def throttle
+      @throttle ||= Throttle.for(user: current_user, throttle_type: :proof_address)
+    end
+
     def max_attempts_reached
       analytics.track_event(
         Analytics::THROTTLER_RATE_LIMIT_TRIGGERED,
-        throttle_type: :idv_resolution,
+        throttle_type: :proof_address,
         step_name: step_name,
       )
     end

app/controllers/idv/phone_errors_controller.rb

@@ -24,7 +24,7 @@ def failure
     private
 
     def throttle
-      Throttle.for(user: idv_session.current_user, throttle_type: :idv_resolution)
+      Throttle.for(user: idv_session.current_user, throttle_type: :proof_address)
     end
 
     def confirm_idv_phone_step_needed

app/models/throttle.rb

@@ -13,6 +13,7 @@ class Throttle < ApplicationRecord
     verify_personal_key: 7,
     verify_gpo_key: 8,
     proof_ssn: 9,
+    proof_address: 10,
   }
 
   THROTTLE_CONFIG = {
@@ -52,6 +53,10 @@ class Throttle < ApplicationRecord
       max_attempts: IdentityConfig.store.proof_ssn_max_attempts,
       attempt_window: IdentityConfig.store.proof_ssn_max_attempt_window_in_minutes,
     },
+    proof_address: {
+      max_attempts: IdentityConfig.store.proof_address_max_attempts,
+      attempt_window: IdentityConfig.store.proof_address_max_attempt_window_in_minutes,
+    },
   }.with_indifferent_access.freeze
 
   # Either target or user must be supplied

app/services/idv/phone_step.rb

@@ -95,7 +95,7 @@ def phone_param
     end
 
     def throttle
-      @throttle ||= Throttle.for(user: idv_session.current_user, throttle_type: :idv_resolution)
+      @throttle ||= Throttle.for(user: idv_session.current_user, throttle_type: :proof_address)
     end
 
     def failed_due_to_timeout_or_exception?

config/application.yml.default

@@ -158,6 +158,8 @@ proofing_allow_expired_license: 'false'
 proofing_expired_license_after: '2020-03-01'
 proofing_expired_license_reproof_at: '2023-03-01'
 proofing_send_partial_dob: 'false'
+proof_address_max_attempts: '5'
+proof_address_max_attempt_window_in_minutes: '360'
 proof_ssn_max_attempts: '10'
 proof_ssn_max_attempt_window_in_minutes: '60'
 push_notifications_enabled: 'false'

lib/identity_config.rb

@@ -227,6 +227,8 @@ def self.build_store(config_map)
     config.add(:proofing_expired_license_after, type: :date)
     config.add(:proofing_expired_license_reproof_at, type: :date)
     config.add(:proofing_send_partial_dob, type: :boolean)
+    config.add(:proof_address_max_attempts, type: :integer)
+    config.add(:proof_address_max_attempt_window_in_minutes, type: :integer)
     config.add(:proof_ssn_max_attempts, type: :integer)
     config.add(:proof_ssn_max_attempt_window_in_minutes, type: :integer)
     config.add(:push_notifications_enabled, type: :boolean)

spec/controllers/idv/phone_controller_spec.rb

@@ -3,7 +3,7 @@
 describe Idv::PhoneController do
   include IdvHelper
 
-  let(:max_attempts) { idv_max_attempts }
+  let(:max_attempts) { Throttle.max_attempts(:proof_address) }
   let(:good_phone) { '+1 (703) 555-0000' }
   let(:bad_phone) do
     Proofing::Mock::AddressMockClient::UNVERIFIABLE_PHONE_NUMBER
@@ -68,7 +68,7 @@
 
     context 'when the user is throttled' do
       before do
-        create(:throttle, :with_throttled, user: user, throttle_type: :idv_resolution)
+        create(:throttle, :with_throttled, user: user, throttle_type: :proof_address)
       end
 
       it 'redirects to fail' do
@@ -327,8 +327,8 @@
           create(
             :throttle,
             user: user,
-            throttle_type: :idv_resolution,
-            attempts: max_attempts_less_one,
+            throttle_type: :proof_address,
+            attempts: max_attempts - 1,
           )
         end
 
@@ -340,7 +340,7 @@
 
           expect(@analytics).to receive(:track_event).with(
             Analytics::THROTTLER_RATE_LIMIT_TRIGGERED,
-            throttle_type: :idv_resolution,
+            throttle_type: :proof_address,
             step_name: a_kind_of(Symbol),
           )
 

spec/controllers/idv/phone_errors_controller_spec.rb

@@ -61,7 +61,7 @@
       let(:user) { create(:user) }
 
       before do
-        create(:throttle, user: user, throttle_type: :idv_resolution, attempts: 1)
+        create(:throttle, user: user, throttle_type: :proof_address, attempts: 1)
       end
 
       it 'assigns remaining count' do
@@ -82,7 +82,7 @@
       let(:user) { create(:user) }
 
       before do
-        create(:throttle, user: user, throttle_type: :idv_resolution, attempts: 1)
+        create(:throttle, user: user, throttle_type: :proof_address, attempts: 1)
       end
 
       it 'assigns remaining count' do
@@ -103,7 +103,7 @@
       let(:user) { create(:user) }
 
       before do
-        create(:throttle, user: user, throttle_type: :idv_resolution, attempts: 1)
+        create(:throttle, user: user, throttle_type: :proof_address, attempts: 1)
       end
 
       it 'assigns remaining count' do
@@ -124,7 +124,7 @@
       let(:user) { create(:user) }
 
       before do
-        create(:throttle, :with_throttled, user: user, throttle_type: :idv_resolution)
+        create(:throttle, :with_throttled, user: user, throttle_type: :proof_address)
       end
 
       it 'assigns expiration time' do

spec/controllers/idv/session_errors_controller_spec.rb

@@ -69,7 +69,7 @@
       before do
         user = create(:user)
         stub_sign_in(user)
-        create(:throttle, user: user, throttle_type: :idv_resolution, attempts: 1)
+        create(:throttle, user: user, throttle_type: :proof_address, attempts: 1)
       end
 
       it 'assigns remaining count' do
@@ -90,7 +90,7 @@
       before do
         user = create(:user)
         stub_sign_in(user)
-        create(:throttle, :with_throttled, user: user, throttle_type: :idv_resolution)
+        create(:throttle, :with_throttled, user: user, throttle_type: :proof_address)
       end
 
       it 'assigns expiration time' do
@@ -110,10 +110,15 @@
     context 'while throttled' do
       let(:ssn) { '666666666' }
 
+      around do |ex|
+        freeze_time { ex.run }
+      end
+
       before do
         stub_sign_in
         create(
           :throttle,
+          :with_throttled,
           target: Pii::Fingerprinter.fingerprint(ssn),
           throttle_type: :proof_ssn,
         )
@@ -123,7 +128,7 @@
       it 'assigns expiration time' do
         get action
 
-        expect(assigns(:expires_at)).to be_kind_of(Time)
+        expect(assigns(:expires_at)).not_to eq(Time.zone.now)
       end
     end
   end

spec/features/idv/doc_auth/verify_step_spec.rb

@@ -5,7 +5,7 @@
   include DocAuthHelper
 
   let(:skip_step_completion) { false }
-  let(:max_attempts) { idv_max_attempts }
+  let(:max_attempts) { Throttle.max_attempts(:idv_resolution) }
   let(:fake_analytics) { FakeAnalytics.new }
   let(:user) { create(:user, :signed_up) }
   before do

spec/services/idv/phone_step_spec.rb

@@ -40,7 +40,7 @@
   }
 
   describe '#submit' do
-    let(:throttle) { create(:throttle, user: user, throttle_type: :idv_resolution) }
+    let(:throttle) { create(:throttle, user: user, throttle_type: :proof_address) }
 
     it 'succeeds with good params' do
       context = { stages: [{ address: 'AddressMock' }] }
@@ -172,8 +172,8 @@
         create(
           :throttle,
           user: user,
-          throttle_type: :idv_resolution,
-          attempts: max_attempts_less_one,
+          throttle_type: :proof_address,
+          attempts: Throttle.max_attempts(:proof_address) - 1,
         )
 
         subject.submit(phone: bad_phone)

spec/support/features/idv_helper.rb

@@ -5,14 +5,6 @@ def self.included(base)
     base.class_eval { include JavascriptDriverHelper }
   end
 
-  def max_attempts_less_one
-    idv_max_attempts - 1
-  end
-
-  def idv_max_attempts
-    Throttle::THROTTLE_CONFIG[:idv_resolution][:max_attempts]
-  end
-
   def user_password
     Features::SessionHelper::VALID_PASSWORD
   end

spec/support/idv_examples/max_attempts.rb

@@ -71,7 +71,7 @@
 
   context 'after completing one less than the max attempts' do
     it 'allows the user to continue if their last attempt is successful' do
-      max_attempts_less_one.times do
+      (Throttle.max_attempts(:proof_address) - 1).times do
         fill_out_phone_form_fail
         click_continue
         click_on t('idv.failure.button.warning')
@@ -86,7 +86,7 @@
   end
 
   def perfom_maximum_allowed_idv_step_attempts
-    max_attempts_less_one.times do
+    (Throttle.max_attempts(:proof_address) - 1).times do
       yield
       click_idv_continue
       click_on t('idv.failure.button.warning')