18F · olatifflexion · Aug 26, 2022 · Aug 26, 2022
diff --git a/app/controllers/api/verify/document_capture_controller.rb b/app/controllers/api/verify/document_capture_controller.rb
@@ -10,6 +10,7 @@ def create
           verify_params,
           liveness_checking_enabled: liveness_checking_enabled?,
           analytics: analytics,
+          irs_attempts_api_tracker: irs_attempts_api_tracker,
         ).submit
 
         if result.success?

diff --git a/app/forms/idv/api_document_verification_form.rb b/app/forms/idv/api_document_verification_form.rb
@@ -12,10 +12,17 @@ class ApiDocumentVerificationForm
 
     validate :throttle_if_rate_limited
 
-    def initialize(params, liveness_checking_enabled:, analytics:, flow_path: nil)
+    def initialize(
+      params,
+      liveness_checking_enabled:,
+      analytics:,
+      irs_attempts_api_tracker:,
+      flow_path: nil
+    )
       @params = params
       @liveness_checking_enabled = liveness_checking_enabled
       @analytics = analytics
+      @irs_attempts_api_tracker = irs_attempts_api_tracker
       @flow_path = flow_path
     end
 
@@ -88,6 +95,7 @@ def valid_url?(key)
     def throttle_if_rate_limited
       return unless @throttled
       @analytics.throttler_rate_limit_triggered(throttle_type: :idv_doc_auth)
+      @irs_attempts_api_tracker.idv_document_upload_rate_limited
       errors.add(:limit, t('errors.doc_auth.throttled_heading'), type: :throttled)
     end
 

diff --git a/app/forms/idv/api_image_upload_form.rb b/app/forms/idv/api_image_upload_form.rb
@@ -179,6 +179,7 @@ def validate_images
     def throttle_if_rate_limited
       return unless @throttled
       analytics.throttler_rate_limit_triggered(throttle_type: :idv_doc_auth)
+      irs_attempts_api_tracker.idv_document_upload_rate_limited
       errors.add(:limit, t('errors.doc_auth.throttled_heading'), type: :throttled)
     end
 

diff --git a/app/services/idv/steps/doc_auth_base_step.rb b/app/services/idv/steps/doc_auth_base_step.rb
@@ -53,6 +53,7 @@ def throttled_response
         @flow.analytics.throttler_rate_limit_triggered(
           throttle_type: :idv_doc_auth,
         )
+        @flow.irs_attempts_api_tracker.idv_document_upload_rate_limited
         redirect_to throttled_url
         DocAuth::Response.new(
           success: false,

diff --git a/app/services/irs_attempts_api/tracker_events.rb b/app/services/irs_attempts_api/tracker_events.rb
@@ -120,6 +120,13 @@ def idv_document_upload_submitted(
       )
     end
 
+    # The user has exceeded the rate limit during idv document upload
+    def idv_document_upload_rate_limited
+      track_event(
+        :idv_document_upload_rate_limited,
+      )
+    end
+
     # @param [Boolean] success
     # @param [String] phone_number
     # The phone upload link was sent during the IDV process

diff --git a/spec/features/idv/doc_auth/document_capture_step_spec.rb b/spec/features/idv/doc_auth/document_capture_step_spec.rb
@@ -10,6 +10,7 @@
   let(:liveness_enabled) { false }
   let(:doc_auth_enable_presigned_s3_urls) { false }
   let(:fake_analytics) { FakeAnalytics.new }
+  let(:fake_attempts_tracker) { IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new }
   let(:sp_name) { 'Test SP' }
   before do
     allow(IdentityConfig.store).to receive(:liveness_checking_enabled).
@@ -74,6 +75,7 @@
     #   'Throttler Rate Limit Triggered',
     #   throttle_type: :idv_doc_auth,
     # )
+    # expect(fake_attempts_tracker).to receive(:idv_document_upload_rate_limited)
   end
 
   it 'catches network connection errors on post_front_image', allow_browser_log: true do

diff --git a/spec/forms/idv/api_document_verification_form_spec.rb b/spec/forms/idv/api_document_verification_form_spec.rb
@@ -15,6 +15,7 @@
       },
       liveness_checking_enabled: liveness_checking_enabled?,
       analytics: analytics,
+      irs_attempts_api_tracker: irs_attempts_api_tracker,
     )
   end
 
@@ -28,6 +29,7 @@
   let!(:document_capture_session) { DocumentCaptureSession.create!(user: create(:user)) }
   let(:document_capture_session_uuid) { document_capture_session.uuid }
   let(:analytics) { FakeAnalytics.new }
+  let(:irs_attempts_api_tracker) { IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new }
   let(:liveness_checking_enabled?) { true }
 
   describe '#valid?' do
@@ -121,6 +123,7 @@
       end
 
       it 'is not valid' do
+        expect(irs_attempts_api_tracker).to receive(:idv_document_upload_rate_limited)
         expect(form.valid?).to eq(false)
         expect(form.errors.attribute_names).to eq([:limit])
         expect(form.errors[:limit]).to eq([I18n.t('errors.doc_auth.throttled_heading')])

diff --git a/spec/forms/idv/api_image_upload_form_spec.rb b/spec/forms/idv/api_image_upload_form_spec.rb
@@ -93,6 +93,7 @@
       end
 
       it 'is not valid' do
+        expect(irs_attempts_api_tracker).to receive(:idv_document_upload_rate_limited)
         expect(form.valid?).to eq(false)
         expect(form.errors[:limit]).to eq([I18n.t('errors.doc_auth.throttled_heading')])
       end