LG-7012 LG-7010 Add/Integrate new DDP Proofer

app/controllers/idv/gpo_controller.rb

@@ -222,6 +222,8 @@ def enqueue_job
         document_capture_session,
         should_proof_state_id: false,
         trace_id: amzn_trace_id,
+        user_id: current_user.id,
+        threatmetrix_session_id: nil,
       )
     end
 

app/jobs/resolution_proofing_job.rb

@@ -13,7 +13,7 @@ class ResolutionProofingJob < ApplicationJob
   )
 
   def perform(result_id:, encrypted_arguments:, trace_id:, should_proof_state_id:,
-              dob_year_only:)
+              dob_year_only:, user_id: nil, threatmetrix_session_id: nil)
     timer = JobHelpers::Timer.new
 
     raise_stale_job! if stale_job?(enqueued_at)
@@ -25,6 +25,15 @@ def perform(result_id:, encrypted_arguments:, trace_id:, should_proof_state_id:,
 
     applicant_pii = decrypted_args[:applicant_pii]
 
+    threatmetrix_result = nil
+    if use_lexisnexis_ddp_threatmetrix_before_rdp_instant_verify?
+      user = User.find_by(id: user_id)
+      threatmetrix_result = proof_lexisnexis_ddp_with_threatmetrix(
+        applicant_pii, user, threatmetrix_session_id
+      )
+      log_threatmetrix_info(threatmetrix_result, user)
+    end
+
     callback_log_data = if dob_year_only && should_proof_state_id
                           proof_aamva_then_lexisnexis_dob_only(
                             timer: timer,
@@ -39,22 +48,48 @@ def perform(result_id:, encrypted_arguments:, trace_id:, should_proof_state_id:,
                           )
                         end
 
+    add_threatmetrix_result_to_callback_result(callback_log_data.result, threatmetrix_result)
+
     document_capture_session = DocumentCaptureSession.new(result_id: result_id)
     document_capture_session.store_proofing_result(callback_log_data.result)
   ensure
-    logger.info(
-      {
-        name: 'ProofResolution',
-        trace_id: trace_id,
-        resolution_success: callback_log_data&.resolution_success,
-        state_id_success: callback_log_data&.state_id_success,
-        timing: timer.results,
-      }.to_json,
+    logger_info_hash(
+      name: 'ProofResolution',
+      trace_id: trace_id,
+      resolution_success: callback_log_data&.resolution_success,
+      state_id_success: callback_log_data&.state_id_success,
+      timing: timer.results,
     )
   end
 
   private
 
+  def log_threatmetrix_info(threatmetrix_result, user)
+    logger_info_hash(
+      name: 'ThreatMetrix',
+      user_id: user&.uuid,
+      threatmetrix_request_id: threatmetrix_result.transaction_id,
+      threatmetrix_success: threatmetrix_result.success?,
+    )
+  end
+
+  def logger_info_hash(hash)
+    logger.info(hash.to_json)
+  end
+
+  def add_threatmetrix_result_to_callback_result(callback_log_data_result, threatmetrix_result)
+    callback_log_data_result[:threatmetrix_success] = threatmetrix_result.success?
+    callback_log_data_result[:threatmetrix_request_id] = threatmetrix_result.transaction_id
+  end
+
+  def proof_lexisnexis_ddp_with_threatmetrix(applicant_pii, user, threatmetrix_session_id)
+    return unless applicant_pii
+    ddp_pii = applicant_pii.dup
+    ddp_pii[:threatmetrix_session_id] = threatmetrix_session_id
+    ddp_pii[:email] = user&.confirmed_email_addresses&.first&.email
+    lexisnexis_ddp_proofer.proof(ddp_pii)
+  end
+
   # @return [CallbackLogData]
   def proof_lexisnexis_then_aamva(timer:, applicant_pii:, should_proof_state_id:)
     proofer_result = timer.time('resolution') do
@@ -202,6 +237,19 @@ def resolution_proofer
       end
   end
 
+  def lexisnexis_ddp_proofer
+    @lexisnexis_ddp_proofer ||=
+      if IdentityConfig.store.proofer_mock_fallback
+        Proofing::Mock::DdpMockClient.new
+      else
+        Proofing::LexisNexis::Ddp::Proofer.new(
+          api_key: IdentityConfig.store.lexisnexis_threatmetrix_api_key,
+          org_id: IdentityConfig.store.lexisnexis_threatmetrix_org_id,
+          base_url: IdentityConfig.store.lexisnexis_threatmetrix_base_url,
+        )
+      end
+  end
+
   def state_id_proofer
     @state_id_proofer ||=
       if IdentityConfig.store.proofer_mock_fallback
@@ -218,4 +266,8 @@ def state_id_proofer
         )
       end
   end
+
+  def use_lexisnexis_ddp_threatmetrix_before_rdp_instant_verify?
+    IdentityConfig.store.lexisnexis_threatmetrix_enabled
+  end
 end

app/services/idv/agent.rb

@@ -5,7 +5,11 @@ def initialize(applicant)
     end
 
     def proof_resolution(
-      document_capture_session, should_proof_state_id:, trace_id:
+      document_capture_session,
+      should_proof_state_id:,
+      trace_id:,
+      user_id:,
+      threatmetrix_session_id:
     )
       document_capture_session.create_proofing_session
 
@@ -19,6 +23,8 @@ def proof_resolution(
         dob_year_only: IdentityConfig.store.proofing_send_partial_dob,
         trace_id: trace_id,
         result_id: document_capture_session.result_id,
+        user_id: user_id,
+        threatmetrix_session_id: threatmetrix_session_id,
       }
 
       if IdentityConfig.store.ruby_workers_idv_enabled

app/services/idv/steps/verify_base_step.rb

@@ -49,6 +49,8 @@ def add_proofing_costs(results)
           if stage == :resolution
             # transaction_id comes from ConversationId
             add_cost(:lexis_nexis_resolution, transaction_id: hash[:transaction_id])
+            tmx_id = hash[:threatmetrix_request_id]
+            add_cost(:threatmetrix, transaction_id: tmx_id) if tmx_id
           elsif stage == :state_id
             process_aamva(hash[:transaction_id])
           end
@@ -176,6 +178,8 @@ def enqueue_job
           document_capture_session,
           should_proof_state_id: should_use_aamva?(pii),
           trace_id: amzn_trace_id,
+          user_id: user_id,
+          threatmetrix_session_id: flow_session[:threatmetrix_session_id],
         )
       end
 

app/services/proofing/lexis_nexis/ddp/proofer.rb

@@ -0,0 +1,49 @@
+module Proofing
+  module LexisNexis
+    module Ddp
+      class Proofer < LexisNexis::Proofer
+        vendor_name 'lexisnexis:ddp'
+
+        required_attributes :state_id_number,
+                            :threatmetrix_session_id,
+                            :state_id_number,
+                            :first_name,
+                            :last_name,
+                            :dob,
+                            :ssn,
+                            :address1,
+                            :city,
+                            :state,
+                            :zipcode
+
+        optional_attributes :address2, :phone, :email
+
+        stage :resolution
+
+        proof do |applicant, result|
+          proof_applicant(applicant, result)
+        end
+
+        def send_verification_request(applicant)
+          VerificationRequest.new(config: config, applicant: applicant).send
+        end
+
+        def proof_applicant(applicant, result)
+          response = send_verification_request(applicant)
+          process_response(response, result)
+        end
+
+        private
+
+        def process_response(response, result)
+          body = response.response_body
+          result.transaction_id = body['request_id']
+          request_result = body['request_result']
+          review_status = body['review_status']
+          result.add_error(:request_result, request_result) unless request_result == 'success'
+          result.add_error(:review_status, review_status) unless review_status == 'pass'
+        end
+      end
+    end
+  end
+end

app/services/proofing/lexis_nexis/ddp/verification_request.rb

@@ -0,0 +1,46 @@
+module Proofing
+  module LexisNexis
+    module Ddp
+      class VerificationRequest < Request
+        private
+
+        def build_request_body
+          {
+            api_key: config.api_key,
+            org_id: config.org_id,
+            account_address_street1: applicant[:address1],
+            account_address_street2: applicant[:address2] || '',
+            account_address_city: applicant[:city],
+            account_address_state: applicant[:state],
+            account_address_country: 'US',
+            account_address_zip: applicant[:zipcode],
+            account_date_of_birth: applicant[:dob] ?
+              Date.parse(applicant[:dob]).strftime('%Y%m%d') : '',
+            account_email: applicant[:email],
+            account_first_name: applicant[:first_name],
+            account_last_name: applicant[:last_name],
+            account_telephone: '', # applicant[:phone], decision was made not to send phone
+            drivers_license_number_hash: applicant[:state_id_number] ?
+              OpenSSL::Digest::SHA256.hexdigest(applicant[:state_id_number].gsub(/\W/, '')) : '',
+            event_type: 'ACCOUNT_CREATION',
+            service_type: 'all',
+            session_id: applicant[:threatmetrix_session_id],
+            ssn_hash: OpenSSL::Digest::SHA256.hexdigest(applicant[:ssn].gsub(/\D/, '')),
+          }.to_json
+        end
+
+        def metric_name
+          'lexis_nexis_ddp'
+        end
+
+        def url_request_path
+          '/api/session-query'
+        end
+
+        def timeout
+          IdentityConfig.store.lexisnexis_threatmetrix_timeout
+        end
+      end
+    end
+  end
+end

app/services/proofing/lexis_nexis/proofer.rb

@@ -12,6 +12,8 @@ class Proofer < Proofing::Base
         :password,
         :request_mode,
         :request_timeout,
+        :org_id,
+        :api_key,
         keyword_init: true,
         allowed_members: [
           :instant_verify_workflow,

app/services/proofing/mock/ddp_mock_client.rb

@@ -0,0 +1,28 @@
+module Proofing
+  module Mock
+    class DdpMockClient < Proofing::Base
+      vendor_name 'DdpMock'
+
+      required_attributes :threatmetrix_session_id,
+                          :state_id_number,
+                          :first_name,
+                          :last_name,
+                          :dob,
+                          :ssn,
+                          :address1,
+                          :city,
+                          :state,
+                          :zipcode
+
+      optional_attributes :address2, :phone, :email
+
+      stage :resolution
+
+      TRANSACTION_ID = 'ddp-mock-transaction-id-123'
+
+      proof do |applicant, result|
+        result.transaction_id = TRANSACTION_ID
+      end
+    end
+  end
+end

config/application.yml.default

@@ -139,14 +139,12 @@ lexisnexis_trueid_liveness_nocropping_workflow: customers.gsa.trueid.workflow
 lexisnexis_trueid_noliveness_cropping_workflow: customers.gsa.trueid.workflow
 lexisnexis_trueid_noliveness_nocropping_workflow: customers.gsa.trueid.workflow
 ###################################################################
-# LexisNexis ThreatMetrix ##########################################
+# LexisNexis DDP/ThreatMetrix #####################################
+lexisnexis_threatmetrix_api_key: test_api_key
 lexisnexis_threatmetrix_base_url: https://www.example.com
-lexisnexis_threatmetrix_request_mode: testing
 lexisnexis_threatmetrix_org_id: test_account
-lexisnexis_threatmetrix_username: test_username
-lexisnexis_threatmetrix_password: test_password
-lexisnexis_threatmetrix_instant_verify_timeout: 1.0
-lexisnexis_threatmetrix_instant_verify_workflow: customers.gsa.instant.verify.workflow
+lexisnexis_threatmetrix_timeout: 1.0
+lexisnexis_threatmetrix_enabled: false
 ###################################################################
 lockout_period_in_minutes: 10
 log_to_stdout: false

lib/identity_config.rb

@@ -208,13 +208,11 @@ def self.build_store(config_map)
     config.add(:lexisnexis_trueid_noliveness_cropping_workflow, type: :string)
     config.add(:lexisnexis_trueid_noliveness_nocropping_workflow, type: :string)
     config.add(:lexisnexis_trueid_timeout, type: :float)
+    config.add(:lexisnexis_threatmetrix_api_key, type: :string)
     config.add(:lexisnexis_threatmetrix_base_url, type: :string)
-    config.add(:lexisnexis_threatmetrix_request_mode, type: :string)
+    config.add(:lexisnexis_threatmetrix_enabled, type: :string)
     config.add(:lexisnexis_threatmetrix_org_id, type: :string)
-    config.add(:lexisnexis_threatmetrix_username, type: :string)
-    config.add(:lexisnexis_threatmetrix_password, type: :string)
-    config.add(:lexisnexis_threatmetrix_instant_verify_timeout, type: :float)
-    config.add(:lexisnexis_threatmetrix_instant_verify_workflow, type: :string)
+    config.add(:lexisnexis_threatmetrix_timeout, type: :float)
     config.add(:liveness_checking_enabled, type: :boolean)
     config.add(:lockout_period_in_minutes, type: :integer)
     config.add(:log_to_stdout, type: :boolean)

spec/features/idv/doc_auth/verify_step_spec.rb

@@ -157,16 +157,18 @@
       allow(IdentityConfig.store).to receive(:aamva_supported_jurisdictions).and_return(
         [Idp::Constants::MOCK_IDV_APPLICANT[:state_id_jurisdiction]],
       )
+      user = create(:user, :signed_up)
       expect_any_instance_of(Idv::Agent).
         to receive(:proof_resolution).
         with(
           anything,
           should_proof_state_id: true,
           trace_id: anything,
+          threatmetrix_session_id: nil,
+          user_id: user.id,
         ).
         and_call_original
 
-      user = create(:user, :signed_up)
       sign_in_and_2fa_user(user)
       complete_doc_auth_steps_before_verify_step
       click_idv_continue
@@ -181,16 +183,18 @@
         IdentityConfig.store.aamva_supported_jurisdictions -
           [Idp::Constants::MOCK_IDV_APPLICANT[:state_id_jurisdiction]],
       )
+      user = create(:user, :signed_up)
       expect_any_instance_of(Idv::Agent).
         to receive(:proof_resolution).
         with(
           anything,
           should_proof_state_id: false,
           trace_id: anything,
+          threatmetrix_session_id: nil,
+          user_id: user.id,
         ).
         and_call_original
 
-      user = create(:user, :signed_up)
       sign_in_and_2fa_user(user)
       complete_doc_auth_steps_before_verify_step
       click_idv_continue
@@ -203,17 +207,19 @@
     it 'does not perform the state ID check' do
       allow(IdentityConfig.store).to receive(:aamva_sp_banlist_issuers).
         and_return('["urn:gov:gsa:openidconnect:sp:server"]')
+      user = create(:user, :signed_up)
       expect_any_instance_of(Idv::Agent).
         to receive(:proof_resolution).
         with(
           anything,
           should_proof_state_id: false,
           trace_id: anything,
+          threatmetrix_session_id: nil,
+          user_id: user.id,
         ).
         and_call_original
 
       visit_idp_from_sp_with_ial1(:oidc)
-      user = create(:user, :signed_up)
       sign_in_and_2fa_user(user)
       complete_doc_auth_steps_before_verify_step
       click_idv_continue

spec/fixtures/proofing/lexis_nexis/ddp/error_response.json

@@ -0,0 +1,5 @@
+{
+  "error_detail": "service_type",
+  "request_id":"1234-abcd",
+  "request_result":"fail_invalid_parameter"
+}