diff --git a/app/controllers/api/verify/document_capture_controller.rb b/app/controllers/api/verify/document_capture_controller.rb index 32803e8915d..9af779eab05 100644 --- a/app/controllers/api/verify/document_capture_controller.rb +++ b/app/controllers/api/verify/document_capture_controller.rb @@ -10,6 +10,7 @@ def create verify_params, liveness_checking_enabled: liveness_checking_enabled?, analytics: analytics, + irs_attempts_api_tracker: irs_attempts_api_tracker, ).submit if result.success? diff --git a/app/forms/idv/api_document_verification_form.rb b/app/forms/idv/api_document_verification_form.rb index a083d71f79e..a37ab2faf95 100644 --- a/app/forms/idv/api_document_verification_form.rb +++ b/app/forms/idv/api_document_verification_form.rb @@ -12,10 +12,17 @@ class ApiDocumentVerificationForm validate :throttle_if_rate_limited - def initialize(params, liveness_checking_enabled:, analytics:, flow_path: nil) + def initialize( + params, + liveness_checking_enabled:, + analytics:, + irs_attempts_api_tracker:, + flow_path: nil + ) @params = params @liveness_checking_enabled = liveness_checking_enabled @analytics = analytics + @irs_attempts_api_tracker = irs_attempts_api_tracker @flow_path = flow_path end @@ -88,6 +95,7 @@ def valid_url?(key) def throttle_if_rate_limited return unless @throttled @analytics.throttler_rate_limit_triggered(throttle_type: :idv_doc_auth) + @irs_attempts_api_tracker.idv_document_upload_rate_limited errors.add(:limit, t('errors.doc_auth.throttled_heading'), type: :throttled) end diff --git a/app/forms/idv/api_image_upload_form.rb b/app/forms/idv/api_image_upload_form.rb index ffb21186483..fd9cc443ea8 100644 --- a/app/forms/idv/api_image_upload_form.rb +++ b/app/forms/idv/api_image_upload_form.rb @@ -179,6 +179,7 @@ def validate_images def throttle_if_rate_limited return unless @throttled analytics.throttler_rate_limit_triggered(throttle_type: :idv_doc_auth) + irs_attempts_api_tracker.idv_document_upload_rate_limited errors.add(:limit, t('errors.doc_auth.throttled_heading'), type: :throttled) end diff --git a/app/services/idv/steps/doc_auth_base_step.rb b/app/services/idv/steps/doc_auth_base_step.rb index bff17dfa24f..04733adbebe 100644 --- a/app/services/idv/steps/doc_auth_base_step.rb +++ b/app/services/idv/steps/doc_auth_base_step.rb @@ -53,6 +53,7 @@ def throttled_response @flow.analytics.throttler_rate_limit_triggered( throttle_type: :idv_doc_auth, ) + @flow.irs_attempts_api_tracker.idv_document_upload_rate_limited redirect_to throttled_url DocAuth::Response.new( success: false, diff --git a/app/services/irs_attempts_api/tracker_events.rb b/app/services/irs_attempts_api/tracker_events.rb index 9ca7e8f69bc..5ea358c6eed 100644 --- a/app/services/irs_attempts_api/tracker_events.rb +++ b/app/services/irs_attempts_api/tracker_events.rb @@ -120,6 +120,13 @@ def idv_document_upload_submitted( ) end + # The user has exceeded the rate limit during idv document upload + def idv_document_upload_rate_limited + track_event( + :idv_document_upload_rate_limited, + ) + end + # @param [Boolean] success # @param [String] phone_number # The phone upload link was sent during the IDV process diff --git a/spec/features/idv/doc_auth/document_capture_step_spec.rb b/spec/features/idv/doc_auth/document_capture_step_spec.rb index 3b8459a960a..5c8a118b052 100644 --- a/spec/features/idv/doc_auth/document_capture_step_spec.rb +++ b/spec/features/idv/doc_auth/document_capture_step_spec.rb @@ -10,6 +10,7 @@ let(:liveness_enabled) { false } let(:doc_auth_enable_presigned_s3_urls) { false } let(:fake_analytics) { FakeAnalytics.new } + let(:fake_attempts_tracker) { IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new } let(:sp_name) { 'Test SP' } before do allow(IdentityConfig.store).to receive(:liveness_checking_enabled). @@ -74,6 +75,7 @@ # 'Throttler Rate Limit Triggered', # throttle_type: :idv_doc_auth, # ) + # expect(fake_attempts_tracker).to receive(:idv_document_upload_rate_limited) end it 'catches network connection errors on post_front_image', allow_browser_log: true do diff --git a/spec/forms/idv/api_document_verification_form_spec.rb b/spec/forms/idv/api_document_verification_form_spec.rb index b9d1ca3cc10..50db08ef951 100644 --- a/spec/forms/idv/api_document_verification_form_spec.rb +++ b/spec/forms/idv/api_document_verification_form_spec.rb @@ -15,6 +15,7 @@ }, liveness_checking_enabled: liveness_checking_enabled?, analytics: analytics, + irs_attempts_api_tracker: irs_attempts_api_tracker, ) end @@ -28,6 +29,7 @@ let!(:document_capture_session) { DocumentCaptureSession.create!(user: create(:user)) } let(:document_capture_session_uuid) { document_capture_session.uuid } let(:analytics) { FakeAnalytics.new } + let(:irs_attempts_api_tracker) { IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new } let(:liveness_checking_enabled?) { true } describe '#valid?' do @@ -121,6 +123,7 @@ end it 'is not valid' do + expect(irs_attempts_api_tracker).to receive(:idv_document_upload_rate_limited) expect(form.valid?).to eq(false) expect(form.errors.attribute_names).to eq([:limit]) expect(form.errors[:limit]).to eq([I18n.t('errors.doc_auth.throttled_heading')]) diff --git a/spec/forms/idv/api_image_upload_form_spec.rb b/spec/forms/idv/api_image_upload_form_spec.rb index c22e8c87b01..ac1de432b5f 100644 --- a/spec/forms/idv/api_image_upload_form_spec.rb +++ b/spec/forms/idv/api_image_upload_form_spec.rb @@ -93,6 +93,7 @@ end it 'is not valid' do + expect(irs_attempts_api_tracker).to receive(:idv_document_upload_rate_limited) expect(form.valid?).to eq(false) expect(form.errors[:limit]).to eq([I18n.t('errors.doc_auth.throttled_heading')]) end