From 12c2be58141eac0c3137d236f8dc072e6cbbb38e Mon Sep 17 00:00:00 2001
From: Andrew Duthie <andrew.duthie@gsa.gov>
Date: Thu, 28 Jul 2022 12:53:49 -0400
Subject: [PATCH] LG-7063: Avoid sending account verified email for in-person
 proofing

**Why**: The user's profile is not verified until they finish proofing in person.

changelog: Upcoming Features, In-person proofing, Avoid sending account verified email for in-person proofing
---
 app/controllers/idv/gpo_verify_controller.rb  | 14 ++++++------
 app/controllers/idv/review_controller.rb      |  2 +-
 .../idv/gpo_verify_controller_spec.rb         | 12 ++++++++++
 .../controllers/idv/review_controller_spec.rb | 22 +++++++++++++++++++
 4 files changed, 42 insertions(+), 8 deletions(-)

diff --git a/app/controllers/idv/gpo_verify_controller.rb b/app/controllers/idv/gpo_verify_controller.rb
index a20128efa97..eed5efd069f 100644
--- a/app/controllers/idv/gpo_verify_controller.rb
+++ b/app/controllers/idv/gpo_verify_controller.rb
@@ -33,16 +33,16 @@ def create
         analytics.idv_gpo_verification_submitted(**result.to_h)
 
         if result.success?
-          event = create_user_event_with_disavowal(:account_verified)
-          UserAlerts::AlertUserAboutAccountVerified.call(
-            user: current_user,
-            date_time: event.created_at,
-            sp_name: decorated_session.sp_name,
-            disavowal_token: event.disavowal_token,
-          )
           if result.extra[:pending_in_person_enrollment]
             redirect_to idv_in_person_ready_to_verify_url
           else
+            event = create_user_event_with_disavowal(:account_verified)
+            UserAlerts::AlertUserAboutAccountVerified.call(
+              user: current_user,
+              date_time: event.created_at,
+              sp_name: decorated_session.sp_name,
+              disavowal_token: event.disavowal_token,
+            )
             flash[:success] = t('account.index.verification.success')
             redirect_to sign_up_completed_url
           end
diff --git a/app/controllers/idv/review_controller.rb b/app/controllers/idv/review_controller.rb
index 78fa290f07a..2f1c0e457cb 100644
--- a/app/controllers/idv/review_controller.rb
+++ b/app/controllers/idv/review_controller.rb
@@ -90,7 +90,7 @@ def init_profile
       idv_session.cache_encrypted_pii(password)
       idv_session.complete_session
 
-      if idv_session.phone_confirmed?
+      if idv_session.profile.active?
         event = create_user_event_with_disavowal(:account_verified)
         UserAlerts::AlertUserAboutAccountVerified.call(
           user: current_user,
diff --git a/spec/controllers/idv/gpo_verify_controller_spec.rb b/spec/controllers/idv/gpo_verify_controller_spec.rb
index 3922114725b..f92d6e19fd1 100644
--- a/spec/controllers/idv/gpo_verify_controller_spec.rb
+++ b/spec/controllers/idv/gpo_verify_controller_spec.rb
@@ -116,6 +116,12 @@
         expect(response).to redirect_to(sign_up_completed_url)
       end
 
+      it 'dispatches account verified alert' do
+        expect(UserAlerts::AlertUserAboutAccountVerified).to receive(:call)
+
+        action
+      end
+
       context 'with pending in person enrollment' do
         let(:proofing_components) {
           ProofingComponent.create(user: user, document_check: Idp::Constants::Vendors::USPS)
@@ -140,6 +146,12 @@
 
           expect(response).to redirect_to(idv_in_person_ready_to_verify_url)
         end
+
+        it 'does not dispatch account verified alert' do
+          expect(UserAlerts::AlertUserAboutAccountVerified).not_to receive(:call)
+
+          action
+        end
       end
     end
 
diff --git a/spec/controllers/idv/review_controller_spec.rb b/spec/controllers/idv/review_controller_spec.rb
index 89b39740096..bc3a856c817 100644
--- a/spec/controllers/idv/review_controller_spec.rb
+++ b/spec/controllers/idv/review_controller_spec.rb
@@ -358,6 +358,12 @@ def show
           expect(profile).to be_active
         end
 
+        it 'dispatches account verified alert' do
+          expect(UserAlerts::AlertUserAboutAccountVerified).to receive(:call)
+
+          put :create, params: { user: { password: ControllerHelper::VALID_PASSWORD } }
+        end
+
         it 'creates an `account_verified` event once per confirmation' do
           put :create, params: { user: { password: ControllerHelper::VALID_PASSWORD } }
           disavowal_event_count = user.events.where(event_type: :account_verified, ip: '0.0.0.0').
@@ -377,6 +383,22 @@ def show
             expect(response).to redirect_to idv_app_url
           end
         end
+
+        context 'with in person enrollment' do
+          before do
+            ProofingComponent.create(user: user, document_check: Idp::Constants::Vendors::USPS)
+            allow(IdentityConfig.store).to receive(:in_person_proofing_enabled).and_return(true)
+            idv_session.applicant = Idp::Constants::MOCK_IDV_APPLICANT_WITH_PHONE.merge(
+              same_address_as_id: true,
+            ).as_json
+          end
+
+          it 'does not dispatch account verified alert' do
+            expect(UserAlerts::AlertUserAboutAccountVerified).not_to receive(:call)
+
+            put :create, params: { user: { password: ControllerHelper::VALID_PASSWORD } }
+          end
+        end
       end
 
       context 'user picked GPO confirmation' do