Skip to content

Redirect to TM sad screen after GPO verification#7508

Merged
matthinz merged 18 commits intomainfrom
matthinz/8351-gpo-threatmetrix
Dec 27, 2022
Merged

Redirect to TM sad screen after GPO verification#7508
matthinz merged 18 commits intomainfrom
matthinz/8351-gpo-threatmetrix

Conversation

@matthinz
Copy link
Copy Markdown
Contributor

@matthinz matthinz commented Dec 16, 2022
edited
Loading

🎫 Ticket

LG-8351

🛠 Summary of changes

Updates GPO OTP verification such that if the user failed a ThreatMetrix check before verifying their OTP, their account is verified, but created in the threatmetrix_review_pending state.

📜 Testing Plan

  • Verify, selecting "Reject" from the "Mock device profiling behavior" box on the SSN screen
  • When prompted to verify using a phone number, select "Verify your address by mail" instead
  • After you enter the GPO verification code, you should be redirected to the "sad screen" ("Please give us a call")
  • You should not receive the "Your identity has been verified" email

@matthinz matthinz force-pushed the matthinz/8351-gpo-threatmetrix branch 2 times, most recently from 0cfb16d to e325207 Compare December 21, 2022 21:11
matthinz
matthinz commented Dec 21, 2022
View reviewed changes
matthinz
matthinz commented Dec 21, 2022
View reviewed changes
spec/features/idv/steps/gpo_otp_verification_step_spec.rb Outdated
Copy link
Copy Markdown
Contributor Author

@matthinz matthinz Dec 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I pulled these out into a shared example:

  • prompts for one-time code at sign in
  • renders an error for an expired GPO OTP
  • allows a user to resend a letter

The idea is that all the standard GPO OTP verification stuff should be unaffected by ThreatMetrix status: if you fail ThreatMetrix, you can still verify your account, but afterwards you'll have to take steps to fully activate.

@matthinz matthinz changed the title WIP: Redirect to TM sad screen after GPO verification Redirect to TM sad screen after GPO verification Dec 22, 2022
matthinz
matthinz commented Dec 22, 2022
View reviewed changes
@matthinz matthinz force-pushed the matthinz/8351-gpo-threatmetrix branch from 931be29 to 0c5689b Compare December 22, 2022 18:02
@matthinz matthinz marked this pull request as ready for review December 22, 2022 20:34
@matthinz matthinz requested a review from a team December 22, 2022 20:45
matthinz
matthinz commented Dec 22, 2022
View reviewed changes
spec/controllers/idv/gpo_verify_controller_spec.rb Outdated
Comment on lines 209 to 245
Copy link
Copy Markdown
Contributor Author

@matthinz matthinz Dec 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Relevant Slack thread discussing this: https://gsa-tts.slack.com/archives/CNCGEHG1G/p1671730304506409

eric-gade
eric-gade approved these changes Dec 23, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@eric-gade eric-gade left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 👍

theabrad
theabrad requested changes Dec 23, 2022
View reviewed changes
@matthinz matthinz force-pushed the matthinz/8351-gpo-threatmetrix branch from 2a9c296 to 476aec9 Compare December 23, 2022 22:27
theabrad
theabrad approved these changes Dec 23, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@theabrad theabrad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@matthinz
Add failing GPO ThreatMetrix tests
08f92cd
@matthinz
Redirect to sad screen after GPO verify
cba54cf 
If ThreatMetrix check had previously failed, redirect user to the "sad screen" after they enter their OTP
@matthinz
changelog: Internal, ThreatMetrix, Interpret ThreatMetrix result afte…
b57657f 
…r GPO OTP verification
@matthinz
lint
e64de63
@matthinz
Redirect after OTP verification
be1648c
@matthinz
Add ThreatMetrix to GpoVerifyForm spec
f27a288
@matthinz
Update GpoVerifyController spec
f75ddfb
@matthinz
Clean up diff a little
283f716
@matthinz
Refactor OTP ThreatMetrix stuff to use shared example
d1ae092
@matthinz
Mark account verified after GPO even if TM says not to
4fc51b5
@matthinz
Lint
7c01979
@matthinz
Use ThreatMetrixReviewConcern in GpoVerifyController
cbc2dd1
@matthinz
Remove stray user.reload
4ec5baa
@matthinz
Test that GPO verification leaves account in good state
a2dfac2 
Check that accoutn is verified if it should be, that the deactivation_reason is set, etc.
@matthinz
Don't alert after GPO verification on TM failure
38cee1c 
Idea being that, even though account is technically "verified", the messaging to the user will need to come through the TM appeal process.
@matthinz
Clean up let / options stuff in shared_example
c941007
@matthinz matthinz force-pushed the matthinz/8351-gpo-threatmetrix branch from 476aec9 to 49b0563 Compare December 27, 2022 18:56
@matthinz matthinz merged commit c3e67d5 into main Dec 27, 2022
@matthinz matthinz deleted the matthinz/8351-gpo-threatmetrix branch December 27, 2022 19:18
@mitchellhenke mitchellhenke mentioned this pull request Dec 29, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theabrad theabrad theabrad approved these changes

+2 more reviewers

@aduth aduth aduth left review comments

@eric-gade eric-gade eric-gade approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@matthinz @theabrad @aduth @eric-gade