diff --git a/app/controllers/api/verify/password_confirm_controller.rb b/app/controllers/api/verify/password_confirm_controller.rb index 0751f43cdc3..8f1d4a2fef7 100644 --- a/app/controllers/api/verify/password_confirm_controller.rb +++ b/app/controllers/api/verify/password_confirm_controller.rb @@ -4,16 +4,12 @@ class PasswordConfirmController < BaseController self.required_step = 'password_confirm' def create - result, personal_key = Api::ProfileCreationForm.new( - password: verify_params[:password], - jwt: verify_params[:user_bundle_token], - user_session: user_session, - service_provider: current_sp, - ).submit + result, personal_key = form.submit if result.success? user = User.find_by(uuid: result.extra[:user_uuid]) add_proofing_component(user) + store_session_last_gpo_code(form.gpo_code) render json: { personal_key: personal_key, completion_url: completion_url(result), @@ -25,6 +21,19 @@ def create private + def form + @form ||= Api::ProfileCreationForm.new( + password: verify_params[:password], + jwt: verify_params[:user_bundle_token], + user_session: user_session, + service_provider: current_sp, + ) + end + + def store_session_last_gpo_code(code) + session[:last_gpo_confirmation_code] = code if code && FeatureManagement.reveal_gpo_code? + end + def verify_params params.permit(:password, :user_bundle_token) end diff --git a/app/forms/api/profile_creation_form.rb b/app/forms/api/profile_creation_form.rb index 17406dbaace..9a84ceb3dd4 100644 --- a/app/forms/api/profile_creation_form.rb +++ b/app/forms/api/profile_creation_form.rb @@ -6,9 +6,7 @@ class ProfileCreationForm validate :valid_user validate :valid_password - attr_reader :password, :user_bundle - attr_reader :user_session, :service_provider - attr_reader :profile + attr_reader :password, :user_bundle, :user_session, :service_provider, :profile, :gpo_code def initialize(password:, jwt:, user_session:, service_provider: nil) @password = password @@ -80,6 +78,7 @@ def create_gpo_entry profile: profile, ) confirmation_maker.perform + @gpo_code = confirmation_maker.otp if FeatureManagement.reveal_gpo_code? end def build_profile_maker diff --git a/spec/controllers/api/verify/password_confirm_controller_spec.rb b/spec/controllers/api/verify/password_confirm_controller_spec.rb index 51e1db863c0..3ff27649da1 100644 --- a/spec/controllers/api/verify/password_confirm_controller_spec.rb +++ b/spec/controllers/api/verify/password_confirm_controller_spec.rb @@ -42,7 +42,7 @@ def stub_idv_session end it 'creates a profile and returns a key and completion url' do - post :create, params: { password: 'iambatman', user_bundle_token: jwt } + post :create, params: { password: password, user_bundle_token: jwt } parsed_body = JSON.parse(response.body) expect(parsed_body).to include( 'personal_key' => kind_of(String), @@ -65,7 +65,7 @@ def stub_idv_session end it 'creates a profile and returns completion url' do - post :create, params: { password: 'iambatman', user_bundle_token: jwt } + post :create, params: { password: password, user_bundle_token: jwt } expect(JSON.parse(response.body)['completion_url']).to eq(sign_up_completed_url) end @@ -75,11 +75,36 @@ def stub_idv_session let(:jwt_metadata) { { vendor_phone_confirmation: false, user_phone_confirmation: false } } it 'creates a profile and returns completion url' do - post :create, params: { password: 'iambatman', user_bundle_token: jwt } + post :create, params: { password: password, user_bundle_token: jwt } expect(JSON.parse(response.body)['completion_url']).to eq(idv_come_back_later_url) end end + + context 'with gpo_code returned from form submission and reveal gpo feature enabled' do + let(:gpo_code) { SecureRandom.hex } + + let(:form) do + Api::ProfileCreationForm.new( + password: password, + jwt: jwt, + user_session: {}, + service_provider: {}, + ) + end + + before do + allow(FeatureManagement).to receive(:reveal_gpo_code?).and_return(true) + allow(subject).to receive(:form).and_return(form) + allow(form).to receive(:gpo_code).and_return(gpo_code) + end + + it 'sets code into the session' do + post :create, params: { password: password, user_bundle_token: jwt } + + expect(session[:last_gpo_confirmation_code]).to eq(gpo_code) + end + end end context 'when the idv api is not enabled' do @@ -88,7 +113,7 @@ def stub_idv_session end it 'responds with not found' do - post :create, params: { password: 'iambatman', user_bundle_token: jwt }, as: :json + post :create, params: { password: password, user_bundle_token: jwt }, as: :json expect(response.status).to eq 404 expect(JSON.parse(response.body)['error']). to eq "The page you were looking for doesn't exist" diff --git a/spec/forms/api/profile_creation_form_spec.rb b/spec/forms/api/profile_creation_form_spec.rb index d627b5a059b..bc351f67790 100644 --- a/spec/forms/api/profile_creation_form_spec.rb +++ b/spec/forms/api/profile_creation_form_spec.rb @@ -108,6 +108,19 @@ expect(profile.gpo_confirmation_codes.first_with_otp(gpo_otp)).not_to be_nil end + + context 'with reveal_gpo_code? feature enabled' do + before do + allow(FeatureManagement).to receive(:reveal_gpo_code?).and_return(true) + end + + it 'assigns gpo code' do + subject.submit + gpo_code = GpoConfirmation.last.entry[:otp] + + expect(subject.gpo_code).to eq(gpo_code) + end + end end end