diff --git a/app/controllers/idv/review_controller.rb b/app/controllers/idv/review_controller.rb index 200e6758708..de9a83f6c5c 100644 --- a/app/controllers/idv/review_controller.rb +++ b/app/controllers/idv/review_controller.rb @@ -126,10 +126,11 @@ def password end def confirm_verify_info_complete - if IdentityConfig.store.doc_auth_verify_info_controller_enabled && - !idv_session.resolution_successful - redirect_to idv_verify_info_url - end + return unless IdentityConfig.store.doc_auth_verify_info_controller_enabled + return unless user_fully_authenticated? + return if idv_session.resolution_successful + + redirect_to idv_verify_info_url end def personal_key_confirmed diff --git a/spec/controllers/idv/review_controller_spec.rb b/spec/controllers/idv/review_controller_spec.rb index 710ee00625b..e8343696ff0 100644 --- a/spec/controllers/idv/review_controller_spec.rb +++ b/spec/controllers/idv/review_controller_spec.rb @@ -251,6 +251,32 @@ def show expect(flash.now[:success]).to be_nil end end + + context 'doc_auth_verify_info_controller_enabled is set to true' do + before do + allow(IdentityConfig.store).to receive(:doc_auth_verify_info_controller_enabled). + and_return(true) + end + + it 'redirects to the verify info controller if the user has not completed it' do + controller.idv_session.resolution_successful = nil + + get :new + + expect(response).to redirect_to(idv_verify_info_url) + end + + it 'redirects to the root if the user is not authenticated' do + allow(controller).to receive(:user_fully_authenticated?).and_return(false) + allow(controller).to receive(:user_session).and_call_original + allow(controller).to receive(:confirm_two_factor_authenticated).and_call_original + allow(controller).to receive(:current_user).and_call_original + + get :new + + expect(response).to redirect_to(root_url) + end + end end describe '#create' do