18F · aduth · Jul 27, 2022 · Jul 26, 2022 · Jul 27, 2022 · Jul 27, 2022
diff --git a/app/controllers/idv/doc_auth_controller.rb b/app/controllers/idv/doc_auth_controller.rb
@@ -3,6 +3,7 @@ class DocAuthController < ApplicationController
     before_action :confirm_two_factor_authenticated
     before_action :redirect_if_mail_bounced
     before_action :redirect_if_pending_profile
+    before_action :redirect_if_pending_in_person_enrollment
     before_action :extend_timeout_using_meta_refresh_for_select_paths
 
     include IdvSession # remove if we retire the non docauth LOA3 flow
@@ -36,6 +37,11 @@ def redirect_if_pending_profile
       redirect_to idv_gpo_verify_url if current_user.decorate.pending_profile_requires_verification?
     end
 
+    def redirect_if_pending_in_person_enrollment
+      return if !IdentityConfig.store.in_person_proofing_enabled
+      redirect_to idv_in_person_ready_to_verify_url if current_user.pending_in_person_enrollment
+    end
+
     def update_if_skipping_upload
       return if params[:step] != 'upload' || !flow_session || !flow_session[:skip_upload_step]
       track_step_visited

diff --git a/app/controllers/idv/gpo_verify_controller.rb b/app/controllers/idv/gpo_verify_controller.rb
@@ -36,8 +36,12 @@ def create
             sp_name: decorated_session.sp_name,
             disavowal_token: event.disavowal_token,
           )
-          flash[:success] = t('account.index.verification.success')
-          redirect_to sign_up_completed_url
+          if result.extra[:pending_in_person_enrollment]
+            redirect_to idv_in_person_ready_to_verify_url
+          else
+            flash[:success] = t('account.index.verification.success')
+            redirect_to sign_up_completed_url
+          end
         else
           flash[:error] = @gpo_verify_form.errors.first.message
           redirect_to idv_gpo_verify_url

diff --git a/app/controllers/idv/sessions_controller.rb b/app/controllers/idv/sessions_controller.rb
@@ -6,6 +6,7 @@ class SessionsController < ApplicationController
 
     def destroy
       cancel_verification_attempt_if_pending_profile
+      cancel_in_person_enrollment_if_exists
       analytics.idv_start_over(
         step: location_params[:step],
         location: location_params[:location],
@@ -19,10 +20,15 @@ def destroy
     private
 
     def cancel_verification_attempt_if_pending_profile
-      return if current_user.profiles.verification_pending.blank?
+      return if current_user.profiles.gpo_verification_pending.blank?
       Idv::CancelVerificationAttempt.new(user: current_user).call
     end
 
+    def cancel_in_person_enrollment_if_exists
+      return if !IdentityConfig.store.in_person_proofing_enabled
+      current_user.pending_in_person_enrollment&.update(status: :cancelled)
+    end
+
     def location_params
       params.permit(:step, :location).to_h.symbolize_keys
     end

diff --git a/app/forms/api/profile_creation_form.rb b/app/forms/api/profile_creation_form.rb
@@ -52,16 +52,29 @@ def cache_encrypted_pii
     end
 
     def complete_session
-      complete_profile if phone_confirmed?
-      create_gpo_entry if user_bundle.gpo_address_verification?
+      if user_bundle.gpo_address_verification?
+        profile.deactivate(:gpo_verification_pending)
+        create_gpo_entry
+      elsif phone_confirmed?
+        if pending_in_person_enrollment?
+          profile.deactivate(:in_person_verification_pending)
+        else
+          complete_profile
+        end
+      end
+    end
+
+    def pending_in_person_enrollment?
+      return false unless IdentityConfig.store.in_person_proofing_enabled
+      ProofingComponent.find_by(user: user)&.document_check == Idp::Constants::Vendors::USPS
     end
 
     def phone_confirmed?
       user_bundle.vendor_phone_confirmation? && user_bundle.user_phone_confirmation?
     end
 
     def complete_profile
-      user.pending_profile&.activate
+      profile.activate
       move_pii_to_user_session
     end
 
@@ -127,7 +140,7 @@ def form_valid?
     def extra_attributes
       if user.present?
         @extra_attributes ||= {
-          profile_pending: user.pending_profile?,
+          profile_pending: user_bundle.gpo_address_verification?,
           user_uuid: user.uuid,
         }
       else

diff --git a/app/forms/gpo_verify_form.rb b/app/forms/gpo_verify_form.rb
@@ -17,7 +17,11 @@ def initialize(user:, otp: nil)
   def submit
     result = valid?
     if result
-      activate_profile
+      if pending_in_person_enrollment?
+        user.pending_profile&.deactivate(:in_person_verification_pending)
+      else
+        activate_profile
+      end
     else
       reset_sensitive_fields
     end
@@ -26,6 +30,7 @@ def submit
       errors: errors,
       extra: {
         pii_like_keypaths: [[:errors, :otp], [:error_details, :otp]],
+        pending_in_person_enrollment: pending_in_person_enrollment?,
       },
     )
   end
@@ -65,6 +70,11 @@ def reset_sensitive_fields
     self.otp = nil
   end
 
+  def pending_in_person_enrollment?
+    return false unless IdentityConfig.store.in_person_proofing_enabled
+    user.pending_in_person_enrollment.present?
+  end
+
   def activate_profile
     user.pending_profile&.activate
   end

diff --git a/app/models/in_person_enrollment.rb b/app/models/in_person_enrollment.rb
@@ -9,7 +9,7 @@ class InPersonEnrollment < ApplicationRecord
     passed: 2,
     failed: 3,
     expired: 4,
-    canceled: 5,
+    cancelled: 5,
   }
 
   validate :profile_belongs_to_user

diff --git a/app/models/profile.rb b/app/models/profile.rb
@@ -13,8 +13,9 @@ class Profile < ApplicationRecord
   enum deactivation_reason: {
     password_reset: 1,
     encryption_error: 2,
-    verification_pending: 3,
+    gpo_verification_pending: 3,
     verification_cancelled: 4,
+    in_person_verification_pending: 5,
 idv_session.create_profile_from_applicant_with_password(password) 
 idv_session.cache_encrypted_pii(password) 
 idv_session.complete_session 
 idv_session.create_profile_from_applicant_with_password(password) 
 idv_session.cache_encrypted_pii(password) 
 idv_session.complete_session 
   }
 
   attr_reader :personal_key

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -92,7 +92,7 @@ def pending_profile?
   end
 
   def pending_profile
-    profiles.verification_pending.order(created_at: :desc).first
+    profiles.gpo_verification_pending.order(created_at: :desc).first
   end
 
   def default_phone_configuration

diff --git a/app/services/idv/cancel_verification_attempt.rb b/app/services/idv/cancel_verification_attempt.rb
@@ -7,7 +7,7 @@ def initialize(user:)
     end
 
     def call
-      user.profiles.verification_pending.each do |profile|
+      user.profiles.gpo_verification_pending.each do |profile|
         profile.update!(
           active: false,
           deactivation_reason: :verification_cancelled,

diff --git a/app/services/idv/profile_maker.rb b/app/services/idv/profile_maker.rb
@@ -9,10 +9,7 @@ def initialize(applicant:, user:, user_password:)
     end
 
     def save_profile
-      profile = Profile.new(
-        deactivation_reason: :verification_pending,
-        user: user,
-      )
+      profile = Profile.new(user: user, active: false)
       profile.encrypt_pii(pii_attributes, user_password)
       profile.proofing_components = current_proofing_components
       profile.save!

diff --git a/app/services/idv/session.rb b/app/services/idv/session.rb
@@ -72,17 +72,30 @@ def clear
       user_session.delete(:idv)
     end
 
+    def pending_in_person_enrollment?
+      return false unless IdentityConfig.store.in_person_proofing_enabled
+      ProofingComponent.find_by(user: current_user)&.document_check == Idp::Constants::Vendors::USPS
+    end
+
     def phone_confirmed?
       vendor_phone_confirmation == true && user_phone_confirmation == true
     end
 
     def complete_session
-      complete_profile if phone_confirmed?
-      create_gpo_entry if address_verification_mechanism == 'gpo'
+      if address_verification_mechanism == 'gpo'
+        profile.deactivate(:gpo_verification_pending)
+        create_gpo_entry
+      elsif phone_confirmed?
+        if pending_in_person_enrollment?
+          profile.deactivate(:in_person_verification_pending)
+        else
+          complete_profile
+        end
+      end
     end
 
     def complete_profile
-      current_user.pending_profile&.activate
+      profile.activate
       move_pii_to_user_session
     end
 

diff --git a/spec/controllers/accounts_controller_spec.rb b/spec/controllers/accounts_controller_spec.rb
@@ -63,7 +63,7 @@
         user = create(
           :user,
           :signed_up,
-          profiles: [build(:profile, deactivation_reason: :verification_pending)],
+          profiles: [build(:profile, deactivation_reason: :gpo_verification_pending)],
         )
 
         sign_in user

diff --git a/spec/controllers/api/verify/password_confirm_controller_spec.rb b/spec/controllers/api/verify/password_confirm_controller_spec.rb
@@ -146,7 +146,13 @@ def stub_idv_session
       end
 
       context 'with pending profile' do
-        let(:jwt_metadata) { { vendor_phone_confirmation: false, user_phone_confirmation: false } }
+        let(:jwt_metadata) do
+          {
+            vendor_phone_confirmation: false,
+            user_phone_confirmation: false,
+            address_verification_mechanism: 'gpo',
+          }
+        end
 
         it 'creates a profile and returns completion url' do
           post :create, params: { password: password, user_bundle_token: jwt }

diff --git a/spec/controllers/idv/gpo_verify_controller_spec.rb b/spec/controllers/idv/gpo_verify_controller_spec.rb
@@ -96,6 +96,7 @@
           'IdV: GPO verification submitted',
           success: true,
           errors: {},
+          pending_in_person_enrollment: false,
           pii_like_keypaths: [[:errors, :otp], [:error_details, :otp]],
         )
 
@@ -106,6 +107,28 @@
         expect(disavowal_event_count).to eq 1
         expect(response).to redirect_to(sign_up_completed_url)
       end
+
+      context 'with pending in person enrollment' do
+        let(:user) { create(:user, :with_pending_in_person_enrollment) }
+
+        before do
+          allow(IdentityConfig.store).to receive(:in_person_proofing_enabled).and_return(true)
+        end
+
+        it 'redirects to ready to verify screen' do
+          expect(@analytics).to receive(:track_event).with(
+            'IdV: GPO verification submitted',
+            success: true,
+            errors: {},
+            pending_in_person_enrollment: true,
+            pii_like_keypaths: [[:errors, :otp], [:error_details, :otp]],
+          )
+
+          action
+
+          expect(response).to redirect_to(idv_in_person_ready_to_verify_url)
+        end
+      end
     end
 
     context 'with an invalid form' do
@@ -116,6 +139,7 @@
           'IdV: GPO verification submitted',
           success: false,
           errors: { otp: [t('errors.messages.confirmation_code_incorrect')] },
+          pending_in_person_enrollment: false,
           error_details: { otp: [:confirmation_code_incorrect] },
           pii_like_keypaths: [[:errors, :otp], [:error_details, :otp]],
         )
@@ -142,6 +166,7 @@
           'IdV: GPO verification submitted',
           success: false,
           errors: { otp: [t('errors.messages.confirmation_code_incorrect')] },
+          pending_in_person_enrollment: false,
           error_details: { otp: [:confirmation_code_incorrect] },
           pii_like_keypaths: [[:errors, :otp], [:error_details, :otp]],
         ).exactly(max_attempts).times

diff --git a/spec/controllers/idv/sessions_controller_spec.rb b/spec/controllers/idv/sessions_controller_spec.rb
@@ -49,7 +49,7 @@
       let(:user) do
         create(
           :user,
-          profiles: [create(:profile, deactivation_reason: :verification_pending)],
+          profiles: [create(:profile, deactivation_reason: :gpo_verification_pending)],
         )
       end
 

diff --git a/spec/controllers/users/sessions_controller_spec.rb b/spec/controllers/users/sessions_controller_spec.rb
@@ -316,7 +316,7 @@
         user = create(:user, :signed_up)
         create(
           :profile,
-          deactivation_reason: :verification_pending,
+          deactivation_reason: :gpo_verification_pending,
           user: user, pii: { ssn: '1234' }
         )
 
@@ -564,7 +564,7 @@
       it 'redirects to the verify profile page' do
         profile = create(
           :profile,
-          deactivation_reason: :verification_pending,
+          deactivation_reason: :gpo_verification_pending,
           pii: { ssn: '6666', dob: '1920-01-01' },
         )
         user = profile.user

diff --git a/spec/features/idv/in_person_spec.rb b/spec/features/idv/in_person_spec.rb
@@ -95,9 +95,18 @@
     expect(page).to have_content(t('in_person_proofing.headings.barcode'))
     expect(page).to have_content(Idv::InPerson::EnrollmentCodeFormatter.format(enrollment_code))
     expect(page).to have_content(t('in_person_proofing.body.barcode.deadline', deadline: deadline))
+
+    # signing in again before completing in-person proofing at a post office
+    sign_in_and_2fa_user(user)
+    complete_doc_auth_steps_before_welcome_step
+    expect(page).to have_current_path(idv_in_person_ready_to_verify_path)
   end
 
   context 'verify address by mail (GPO letter)' do
+    before do
+      allow(FeatureManagement).to receive(:reveal_gpo_code?).and_return(true)
+    end
+
     it 'requires address verification before showing instructions', allow_browser_log: true do
       begin_in_person_proofing
       complete_all_in_person_proofing_steps
@@ -109,7 +118,28 @@
       expect(page).to have_content(t('idv.titles.come_back_later'))
       expect(page).to have_current_path(idv_come_back_later_path)
 
-      # WILLFIX: After LG-6897, assert that "Ready to Verify" content is shown after code entry.
+      click_idv_continue
+      expect(page).to have_current_path(account_path)
+      expect(page).not_to have_content(t('headings.account.verified_account'))
+      click_on t('account.index.verification.reactivate_button')
+      click_button t('forms.verify_profile.submit')
+
+      expect(page).to have_current_path(idv_in_person_ready_to_verify_path)
+      expect(page).not_to have_content(t('account.index.verification.success'))
+    end
+
+    it 'lets the user clear and start over from gpo confirmation', allow_browser_log: true do
+      begin_in_person_proofing
+      complete_all_in_person_proofing_steps
+      click_on t('idv.troubleshooting.options.verify_by_mail')
+      click_on t('idv.buttons.mail.send')
+      complete_review_step
+      acknowledge_and_confirm_personal_key
+      click_idv_continue
+      click_on t('account.index.verification.reactivate_button')
+      click_on t('idv.messages.clear_and_start_over')
+
+      expect(page).to have_current_path(idv_doc_auth_welcome_step)
     end
   end
 end
diff --git a/spec/features/idv/steps/gpo_step_spec.rb b/spec/features/idv/steps/gpo_step_spec.rb
@@ -64,7 +64,7 @@ def expect_user_to_be_unverified(user)
       profile = user.profiles.first
 
       expect(profile.active?).to eq false
-      expect(profile.deactivation_reason).to eq 'verification_pending'
+      expect(profile.deactivation_reason).to eq 'gpo_verification_pending'
     end
   end
 end
diff --git a/spec/features/idv/strict_ial2/usps_upload_disallowed_spec.rb b/spec/features/idv/strict_ial2/usps_upload_disallowed_spec.rb
@@ -51,7 +51,7 @@
   it 'does not prompt a pending user for a mailed code' do
     user = create(
       :profile,
-      deactivation_reason: :verification_pending,
+      deactivation_reason: :gpo_verification_pending,
       pii: { first_name: 'John', ssn: '111223333' },
     ).user
 

diff --git a/spec/features/saml/ial2_sso_spec.rb b/spec/features/saml/ial2_sso_spec.rb
@@ -85,7 +85,7 @@ def sign_out_user
     let(:profile) do
       create(
         :profile,
-        deactivation_reason: :verification_pending,
+        deactivation_reason: :gpo_verification_pending,
         pii: { ssn: '6666', dob: '1920-01-01' },
       )
     end
-Original file line number
+Diff line change
@@ Expand Up / @@ -49,7 +49,7 @@ @@
           let(:user) do
             create(
               :user,
-              profiles: [create(:profile, deactivation_reason: :verification_pending)],
+              profiles: [create(:profile, deactivation_reason: :gpo_verification_pending)],
             )
           end
@@ Expand Down @@