LG -7015 Redirect user to "Sorry" page on TMX verification failure#6827
LG -7015 Redirect user to "Sorry" page on TMX verification failure#6827
Conversation
changelog: Upcoming Features, Device Profiling, Redirect to come back later URL upon threatmetrix profiling failing.
| def device_profiling_failed? | ||
| return false unless IdentityConfig.store.proofing_device_profiling_collecting_enabled | ||
| proofing_component = ProofingComponent.find_by(user: current_user) | ||
| proofing_component.threatmetrix_review_status != 'pass' |
There was a problem hiding this comment.
I think we need to make sure it's also not nil
| end | ||
|
|
||
| it 'when device profiling fails redirect to come back later path' do | ||
| ProofingComponent.find_by(user: user).update(threatmetrix_review_status: 'fail') |
There was a problem hiding this comment.
can we get some tests with statuses like pass or nil?
| elsif in_person_enrollment? | ||
| idv_in_person_ready_to_verify_url | ||
| elsif device_profiling_failed? | ||
| idv_come_back_later_url |
There was a problem hiding this comment.
we'll change this once we have real content, right?
There was a problem hiding this comment.
I feel like this PR should also include a new stub page like /verify/setup_error that we'll use for the failure messaging (it can just say something like "Please contact support to continue account setup" or something)
| end | ||
|
|
||
| def device_profiling_failed? | ||
| return false unless IdentityConfig.store.proofing_device_profiling_collecting_enabled |
There was a problem hiding this comment.
This should be proofing_device_profiling_decisioning_enabled, yes?
| return false unless IdentityConfig.store.proofing_device_profiling_collecting_enabled | |
| return false unless IdentityConfig.store.proofing_device_profiling_decisioning_enabled |
| idv_come_back_later_url | ||
| elsif in_person_enrollment? | ||
| idv_in_person_ready_to_verify_url | ||
| elsif device_profiling_failed? |
There was a problem hiding this comment.
Note that there are currently two implementations of the personal key step, controlled by the idv_api_enabled_steps feature flag. I'd expect we'd update both to keep the behaviors in sync.
The other:
| def device_profiling_failed?(user) | ||
| return false unless IdentityConfig.store.proofing_device_profiling_decisioning_enabled | ||
| proofing_component = ProofingComponent.find_by(user: user) | ||
| proofing_component.threatmetrix_review_status != 'pass' |
There was a problem hiding this comment.
ditto about checking if this is nil?
There was a problem hiding this comment.
Do you mean checking if proofing_component is nil or if threatmetrix_review_status is nil?
There was a problem hiding this comment.
I meant threatmetrix_review_status is nil
There was a problem hiding this comment.
I have a test for review status being nil and it returns true . I feel like an extra line checking for nil is unnecessary unless we change threatmetrix_review_status from 'pass' or 'fail' to a boolean in the future.
There was a problem hiding this comment.
ah I see, so my expectation is that review status being nil is not a failure, that this method should return falsy in that case? Becaue we don't know that it's a for sure negative? and there may be users who fit into a gap of "the feature flag was enabled but we didn't run the check for them" so they don't have data
There was a problem hiding this comment.
ah so if it is nil let them pass?
There was a problem hiding this comment.
yeah that's my expectation of how we could ensure the safest/smoothest launch
There was a problem hiding this comment.
I'd like to add my support to the idea that a missing review_status in the API response (which I assume is what a nil value for proofing_component.threatmetrix_review_status indicates) should have (for now) the same behavior as pass.
zachmargolis
left a comment
zachmargolis
left a comment
There was a problem hiding this comment.
LGTM assuming we'll follow up with a new URL/page
| ProofingComponent.find_by(user: user)&.document_check == Idp::Constants::Vendors::USPS | ||
| end | ||
|
|
||
| def device_profiling_failed?(user) |
There was a problem hiding this comment.
To me it feels like a confusing double negative to say that the user passes the test if device_profiling_failed is false. It could be named device_profiling_passed? and return true when the user passes. Or, I would also find the name blocked_by_device_profiling? clearer if you still want it to return false on a pass.
5 participants
Why?
If a user fails threatmetrix verification we want to redirect them to a come back later page.