From 160f32006a80b4195185fe432e3194a79167d823 Mon Sep 17 00:00:00 2001
From: Alex Bradley <alexander.bradley@gsa.gov>
Date: Tue, 23 Aug 2022 13:42:53 -0400
Subject: [PATCH 1/5] initial setup of redirect on device profiling failed

---
 app/controllers/idv/personal_key_controller.rb      |  7 +++++++
 .../controllers/idv/personal_key_controller_spec.rb | 13 +++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/app/controllers/idv/personal_key_controller.rb b/app/controllers/idv/personal_key_controller.rb
index 8251bd612b2..1f130a775c6 100644
--- a/app/controllers/idv/personal_key_controller.rb
+++ b/app/controllers/idv/personal_key_controller.rb
@@ -37,6 +37,8 @@ def next_step
         idv_come_back_later_url
       elsif in_person_enrollment?
         idv_in_person_ready_to_verify_url
+      elsif device_profiling_failed?
+        idv_come_back_later_url
       elsif session[:sp] && !pending_profile?
         sign_up_completed_url
       else
@@ -82,5 +84,10 @@ def in_person_enrollment?
     def pending_profile?
       current_user.pending_profile?
     end
+
+    def device_profiling_failed?
+      return false unless IdentityConfig.store.proofing_device_profiling_collecting_enabled
+      true
+    end
   end
 end
diff --git a/spec/controllers/idv/personal_key_controller_spec.rb b/spec/controllers/idv/personal_key_controller_spec.rb
index 6c8aafb4e2d..58fcef8f39d 100644
--- a/spec/controllers/idv/personal_key_controller_spec.rb
+++ b/spec/controllers/idv/personal_key_controller_spec.rb
@@ -204,5 +204,18 @@ def index
         expect(response).to redirect_to idv_in_person_ready_to_verify_url
       end
     end
+
+    context 'with device profiling collecting enabled' do
+      before do
+        allow(IdentityConfig.store).
+          to receive(:proofing_device_profiling_collecting_enabled).and_return(true)
+      end
+
+      it 'device profiling failed' do
+        patch :update
+
+        expect(response).to redirect_to idv_come_back_later_path
+      end
+    end
   end
 end

From f88db8b195d2519d4afe68343c47b276379d1bb4 Mon Sep 17 00:00:00 2001
From: Alex Bradley <alexander.bradley@gsa.gov>
Date: Tue, 23 Aug 2022 14:43:26 -0400
Subject: [PATCH 2/5] Redirect upon threatmetrix profiling failing

changelog: Upcoming Features, Device Profiling, Redirect to come back
later URL upon threatmetrix profiling failing.
---
 app/controllers/idv/personal_key_controller.rb       | 3 ++-
 spec/controllers/idv/personal_key_controller_spec.rb | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/controllers/idv/personal_key_controller.rb b/app/controllers/idv/personal_key_controller.rb
index 1f130a775c6..858ffb05dc9 100644
--- a/app/controllers/idv/personal_key_controller.rb
+++ b/app/controllers/idv/personal_key_controller.rb
@@ -87,7 +87,8 @@ def pending_profile?
 
     def device_profiling_failed?
       return false unless IdentityConfig.store.proofing_device_profiling_collecting_enabled
-      true
+      proofing_component = ProofingComponent.find_by(user: current_user)
+      proofing_component.threatmetrix_review_status != 'pass'
     end
   end
 end
diff --git a/spec/controllers/idv/personal_key_controller_spec.rb b/spec/controllers/idv/personal_key_controller_spec.rb
index 58fcef8f39d..98b7244c108 100644
--- a/spec/controllers/idv/personal_key_controller_spec.rb
+++ b/spec/controllers/idv/personal_key_controller_spec.rb
@@ -207,11 +207,13 @@ def index
 
     context 'with device profiling collecting enabled' do
       before do
+        ProofingComponent.create(user: user, threatmetrix: true)
         allow(IdentityConfig.store).
           to receive(:proofing_device_profiling_collecting_enabled).and_return(true)
       end
 
-      it 'device profiling failed' do
+      it 'when device profiling fails redirect to come back later path' do
+        ProofingComponent.find_by(user: user).update(threatmetrix_review_status: 'fail')
         patch :update
 
         expect(response).to redirect_to idv_come_back_later_path

From 71f9d239c90db6211b2cce27ff18dc3bd09c3490 Mon Sep 17 00:00:00 2001
From: Alex Bradley <alexander.bradley@gsa.gov>
Date: Tue, 23 Aug 2022 17:46:09 -0400
Subject: [PATCH 3/5] added tests for nil check and passing check

---
 .../idv/personal_key_controller.rb            |  2 +-
 .../idv/personal_key_controller_spec.rb       | 19 ++++++++++++++++---
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/app/controllers/idv/personal_key_controller.rb b/app/controllers/idv/personal_key_controller.rb
index 858ffb05dc9..659ef899095 100644
--- a/app/controllers/idv/personal_key_controller.rb
+++ b/app/controllers/idv/personal_key_controller.rb
@@ -86,7 +86,7 @@ def pending_profile?
     end
 
     def device_profiling_failed?
-      return false unless IdentityConfig.store.proofing_device_profiling_collecting_enabled
+      return false unless IdentityConfig.store.proofing_device_profiling_decisioning_enabled
       proofing_component = ProofingComponent.find_by(user: current_user)
       proofing_component.threatmetrix_review_status != 'pass'
     end
diff --git a/spec/controllers/idv/personal_key_controller_spec.rb b/spec/controllers/idv/personal_key_controller_spec.rb
index 98b7244c108..c869b37f6fe 100644
--- a/spec/controllers/idv/personal_key_controller_spec.rb
+++ b/spec/controllers/idv/personal_key_controller_spec.rb
@@ -207,12 +207,25 @@ def index
 
     context 'with device profiling collecting enabled' do
       before do
-        ProofingComponent.create(user: user, threatmetrix: true)
+        ProofingComponent.create(user: user, threatmetrix: true, threatmetrix_review_status: nil)
         allow(IdentityConfig.store).
-          to receive(:proofing_device_profiling_collecting_enabled).and_return(true)
+          to receive(:proofing_device_profiling_decisioning_enabled).and_return(true)
       end
 
-      it 'when device profiling fails redirect to come back later path' do
+      it 'redirects to come back later path when threatmetrix review status is nil' do
+        patch :update
+
+        expect(response).to redirect_to idv_come_back_later_path
+      end
+
+      it 'redirects to account path when device profiling passes' do
+        ProofingComponent.find_by(user: user).update(threatmetrix_review_status: 'pass')
+        patch :update
+
+        expect(response).to redirect_to account_path
+      end
+
+      it 'redirects to come back later path when device profiling fails' do
         ProofingComponent.find_by(user: user).update(threatmetrix_review_status: 'fail')
         patch :update
 

From 2f818c8b3b476a988a076dc203ffe9b0ad01c86d Mon Sep 17 00:00:00 2001
From: Alex Bradley <alexander.bradley@gsa.gov>
Date: Wed, 24 Aug 2022 13:44:19 -0400
Subject: [PATCH 4/5] Added device profiling pass check to password confirm
 controller

---
 .../api/verify/password_confirm_controller.rb |  8 +++++
 .../password_confirm_controller_spec.rb       | 29 +++++++++++++++++++
 .../idv/personal_key_controller_spec.rb       |  2 +-
 3 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/verify/password_confirm_controller.rb b/app/controllers/api/verify/password_confirm_controller.rb
index 77777aaaed3..6cd7b195259 100644
--- a/app/controllers/api/verify/password_confirm_controller.rb
+++ b/app/controllers/api/verify/password_confirm_controller.rb
@@ -51,6 +51,8 @@ def completion_url(result, user)
           idv_come_back_later_url
         elsif in_person_enrollment?(user)
           idv_in_person_ready_to_verify_url
+        elsif device_profiling_failed?(user)
+          idv_come_back_later_url
         elsif current_sp
           sign_up_completed_url
         else
@@ -63,6 +65,12 @@ def in_person_enrollment?(user)
         ProofingComponent.find_by(user: user)&.document_check == Idp::Constants::Vendors::USPS
       end
 
+      def device_profiling_failed?(user)
+        return false unless IdentityConfig.store.proofing_device_profiling_decisioning_enabled
+        proofing_component = ProofingComponent.find_by(user: user)
+        proofing_component.threatmetrix_review_status != 'pass'
+      end
+
       def handle_request_enroll_exception(err)
         analytics.idv_in_person_usps_request_enroll_exception(
           context: context,
diff --git a/spec/controllers/api/verify/password_confirm_controller_spec.rb b/spec/controllers/api/verify/password_confirm_controller_spec.rb
index 79141f15f41..0e6b95f37f3 100644
--- a/spec/controllers/api/verify/password_confirm_controller_spec.rb
+++ b/spec/controllers/api/verify/password_confirm_controller_spec.rb
@@ -315,6 +315,35 @@ def stub_idv_session
         end
       end
 
+      context 'with device profiling decisioning enabled' do
+        before do
+          ProofingComponent.create(user: user, threatmetrix: true, threatmetrix_review_status: nil)
+          allow(IdentityConfig.store).
+            to receive(:proofing_device_profiling_decisioning_enabled).
+            and_return(true)
+        end
+
+        it 'redirects to come back later path when threatmetrix review status is nil' do
+          post :create, params: { password: password, user_bundle_token: jwt }
+
+          expect(JSON.parse(response.body)['completion_url']).to eq(idv_come_back_later_url)
+        end
+
+        it 'redirects to account path when device profiling passes' do
+          ProofingComponent.find_by(user: user).update(threatmetrix_review_status: 'pass')
+          post :create, params: { password: password, user_bundle_token: jwt }
+
+          expect(JSON.parse(response.body)['completion_url']).to eq(account_url)
+        end
+
+        it 'redirects to come back later path when device profiling fails' do
+          ProofingComponent.find_by(user: user).update(threatmetrix_review_status: 'fail')
+          post :create, params: { password: password, user_bundle_token: jwt }
+
+          expect(JSON.parse(response.body)['completion_url']).to eq(idv_come_back_later_url)
+        end
+      end
+
       context 'with gpo_code returned from form submission and reveal gpo feature enabled' do
         let(:gpo_code) { SecureRandom.hex }
 
diff --git a/spec/controllers/idv/personal_key_controller_spec.rb b/spec/controllers/idv/personal_key_controller_spec.rb
index c869b37f6fe..674e45a70cd 100644
--- a/spec/controllers/idv/personal_key_controller_spec.rb
+++ b/spec/controllers/idv/personal_key_controller_spec.rb
@@ -205,7 +205,7 @@ def index
       end
     end
 
-    context 'with device profiling collecting enabled' do
+    context 'with device profiling decisioning enabled' do
       before do
         ProofingComponent.create(user: user, threatmetrix: true, threatmetrix_review_status: nil)
         allow(IdentityConfig.store).

From d71b9d9b9c333ceb1ac09c8bcfefc49efb5b7991 Mon Sep 17 00:00:00 2001
From: Alex Bradley <alexander.bradley@gsa.gov>
Date: Wed, 24 Aug 2022 17:24:52 -0400
Subject: [PATCH 5/5] pass users who's device profiling returns nil

---
 app/controllers/api/verify/password_confirm_controller.rb     | 2 ++
 app/controllers/idv/personal_key_controller.rb                | 2 ++
 .../api/verify/password_confirm_controller_spec.rb            | 2 +-
 spec/controllers/idv/personal_key_controller_spec.rb          | 4 ++--
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/verify/password_confirm_controller.rb b/app/controllers/api/verify/password_confirm_controller.rb
index 6cd7b195259..67986381054 100644
--- a/app/controllers/api/verify/password_confirm_controller.rb
+++ b/app/controllers/api/verify/password_confirm_controller.rb
@@ -68,6 +68,8 @@ def in_person_enrollment?(user)
       def device_profiling_failed?(user)
         return false unless IdentityConfig.store.proofing_device_profiling_decisioning_enabled
         proofing_component = ProofingComponent.find_by(user: user)
+        # pass users who are inbetween feature flag being enabled and have not had a check run.
+        return false if proofing_component.threatmetrix_review_status.nil?
         proofing_component.threatmetrix_review_status != 'pass'
       end
 
diff --git a/app/controllers/idv/personal_key_controller.rb b/app/controllers/idv/personal_key_controller.rb
index 659ef899095..6ad76b1dc73 100644
--- a/app/controllers/idv/personal_key_controller.rb
+++ b/app/controllers/idv/personal_key_controller.rb
@@ -88,6 +88,8 @@ def pending_profile?
     def device_profiling_failed?
       return false unless IdentityConfig.store.proofing_device_profiling_decisioning_enabled
       proofing_component = ProofingComponent.find_by(user: current_user)
+      # pass users who are inbetween feature flag being enabled and have not had a check run.
+      return false if proofing_component.threatmetrix_review_status.nil?
       proofing_component.threatmetrix_review_status != 'pass'
     end
   end
diff --git a/spec/controllers/api/verify/password_confirm_controller_spec.rb b/spec/controllers/api/verify/password_confirm_controller_spec.rb
index 0e6b95f37f3..6f5dea8e334 100644
--- a/spec/controllers/api/verify/password_confirm_controller_spec.rb
+++ b/spec/controllers/api/verify/password_confirm_controller_spec.rb
@@ -326,7 +326,7 @@ def stub_idv_session
         it 'redirects to come back later path when threatmetrix review status is nil' do
           post :create, params: { password: password, user_bundle_token: jwt }
 
-          expect(JSON.parse(response.body)['completion_url']).to eq(idv_come_back_later_url)
+          expect(JSON.parse(response.body)['completion_url']).to eq(account_url)
         end
 
         it 'redirects to account path when device profiling passes' do
diff --git a/spec/controllers/idv/personal_key_controller_spec.rb b/spec/controllers/idv/personal_key_controller_spec.rb
index 674e45a70cd..a6c7190f45d 100644
--- a/spec/controllers/idv/personal_key_controller_spec.rb
+++ b/spec/controllers/idv/personal_key_controller_spec.rb
@@ -212,10 +212,10 @@ def index
           to receive(:proofing_device_profiling_decisioning_enabled).and_return(true)
       end
 
-      it 'redirects to come back later path when threatmetrix review status is nil' do
+      it 'redirects to account path when threatmetrix review status is nil' do
         patch :update
 
-        expect(response).to redirect_to idv_come_back_later_path
+        expect(response).to redirect_to account_path
       end
 
       it 'redirects to account path when device profiling passes' do