New SSN Controller behind a feature flag

app/controllers/concerns/idv/step_utilities_concern.rb

@@ -0,0 +1,41 @@
+module Idv
+  module StepUtilitiesConcern
+    extend ActiveSupport::Concern
+
+    def flow_session
+      user_session['idv/doc_auth']
+    end
+
+    # copied from doc_auth_controller
+    def flow_path
+      flow_session[:flow_path]
+    end
+
+    def confirm_pii_from_doc
+      @pii = flow_session['pii_from_doc'] # hash with indifferent access
+      return if @pii.present?
+      flow_session.delete('Idv::Steps::DocumentCaptureStep')
+      redirect_to idv_doc_auth_url
+    end
+
+    # Copied from capture_doc_flow.rb
+    # and from doc_auth_flow.rb
+    def acuant_sdk_ab_test_analytics_args
+      capture_session_uuid = flow_session[:document_capture_session_uuid]
+      if capture_session_uuid
+        {
+          acuant_sdk_upgrade_ab_test_bucket:
+          AbTests::ACUANT_SDK.bucket(capture_session_uuid),
+        }
+      else
+        {}
+      end
+    end
+
+    def irs_reproofing?
+      effective_user&.decorate&.reproof_for_irs?(
+        service_provider: current_sp,
+      ).present?
+    end
+  end
+end

app/controllers/idv/ssn_controller.rb

@@ -0,0 +1,88 @@
+module Idv
+  class SsnController < ApplicationController
+    include IdvSession
+    include StepIndicatorConcern
+    include StepUtilitiesConcern
+    include Steps::ThreatMetrixStepHelper
+
+    before_action :render_404_if_ssn_controller_disabled
+    before_action :confirm_two_factor_authenticated
+    before_action :confirm_pii_from_doc
+
+    attr_accessor :error_message
+
+    def show
+      increment_step_counts
+
+      analytics.idv_doc_auth_redo_ssn_submitted(**analytics_arguments) if updating_ssn
+
+      analytics.idv_doc_auth_ssn_visited(**analytics_arguments)
+
+      render :show, locals: extra_view_variables
+    end
+
+    def update
+      @error_message = nil
+      form_response = form_submit
+
+      unless form_response.success?
+        @error_message = form_response.first_error_message
+        redirect_to idv_ssn_url
+      end
+
+      flow_session['pii_from_doc'][:ssn] = params[:doc_auth][:ssn]
+
+      analytics.idv_doc_auth_ssn_submitted(**analytics_arguments)
+
+      irs_attempts_api_tracker.idv_ssn_submitted(
+        ssn: params[:doc_auth][:ssn],
+      )
+
+      idv_session.ssn_updated!
+
+      redirect_to idv_verify_info_url
+    end
+
+    def extra_view_variables
+      {
+        updating_ssn: updating_ssn,
+        success_alert_enabled: !updating_ssn,
+        **threatmetrix_view_variables,
+      }
+    end
+
+    private
+
+    def render_404_if_ssn_controller_disabled
+      render_not_found unless IdentityConfig.store.doc_auth_ssn_controller_enabled
+    end
+
+    def analytics_arguments
+      {
+        flow_path: flow_path,
+        step: 'ssn',
+        step_count: current_flow_step_counts['Idv::Steps::SsnStep'],
+        analytics_id: 'Doc Auth',
+        irs_reproofing: irs_reproofing?,
+      }.merge(**acuant_sdk_ab_test_analytics_args)
+    end
+
+    def current_flow_step_counts
+      user_session['idv/doc_auth_flow_step_counts'] ||= {}
+      user_session['idv/doc_auth_flow_step_counts'].default = 0
+      user_session['idv/doc_auth_flow_step_counts']
+    end
+
+    def increment_step_counts
+      current_flow_step_counts['Idv::Steps::SsnStep'] += 1
+    end
+
+    def form_submit
+      Idv::SsnFormatForm.new(current_user).submit(params.require(:doc_auth).permit(:ssn))
+    end
+
+    def updating_ssn
+      flow_session.dig('pii_from_doc', :ssn).present?
+    end
+  end
+end

app/controllers/idv/verify_info_controller.rb

@@ -1,6 +1,7 @@
 module Idv
   class VerifyInfoController < ApplicationController
     include IdvSession
+    include StepUtilitiesConcern
 
     before_action :confirm_two_factor_authenticated
     before_action :confirm_ssn_step_complete
@@ -73,21 +74,6 @@ def update
 
     private
 
-    # copied from doc_auth_controller
-    def flow_session
-      user_session['idv/doc_auth']
-    end
-
-    def flow_path
-      flow_session[:flow_path]
-    end
-
-    def irs_reproofing?
-      effective_user&.decorate&.reproof_for_irs?(
-        service_provider: current_sp,
-      ).present?
-    end
-
     def analytics_arguments
       {
         flow_path: flow_path,
@@ -98,20 +84,6 @@ def analytics_arguments
       }.merge(**acuant_sdk_ab_test_analytics_args)
     end
 
-    # Copied from capture_doc_flow.rb
-    # and from doc_auth_flow.rb
-    def acuant_sdk_ab_test_analytics_args
-      capture_session_uuid = flow_session[:document_capture_session_uuid]
-      if capture_session_uuid
-        {
-          acuant_sdk_upgrade_ab_test_bucket:
-          AbTests::ACUANT_SDK.bucket(capture_session_uuid),
-        }
-      else
-        {}
-      end
-    end
-
     # copied from verify_step
     def pii
       @pii = flow_session[:pii_from_doc] if flow_session
@@ -125,7 +97,11 @@ def delete_pii
     # copied from address_controller
     def confirm_ssn_step_complete
       return if pii.present? && pii[:ssn].present?
-      redirect_to idv_doc_auth_url
+      if IdentityConfig.store.doc_auth_ssn_controller_enabled
+        redirect_to idv_ssn_url
+      else
+        redirect_to idv_doc_auth_url
+      end
     end
 
     def confirm_profile_not_already_confirmed

app/services/idv/session.rb

@@ -136,6 +136,24 @@ def user_phone_confirmation_session=(new_user_phone_confirmation_session)
       session[:user_phone_confirmation_session] = new_user_phone_confirmation_session.to_h
     end
 
+    def ssn_updated!
+      # Guard against unvalidated attributes from in-person flow in review controller
+      session[:applicant] = nil
+
+      invalidate_verify_info_step!
+      invalidate_phone_step!
+    end
+
+    def invalidate_verify_info_step!
+      session[:resolution_successful] = nil
+      session[:profile_confirmation] = nil
+    end
+
+    def invalidate_phone_step!
+      session[:vendor_phone_confirmation] = nil
+      session[:user_phone_confirmation] = nil
+    end
+
     private
 
     attr_accessor :user_session

app/services/idv/steps/document_capture_step.rb

@@ -15,6 +15,8 @@ def self.analytics_submitted_event
 
       def call
         handle_stored_result if !FeatureManagement.document_capture_async_uploads_enabled?
+
+        exit_flow_state_machine if IdentityConfig.store.doc_auth_ssn_controller_enabled
       end
 
       def extra_view_variables
@@ -38,6 +40,11 @@ def extra_view_variables
 
       private
 
+      def exit_flow_state_machine
+        flow_session[:flow_path] = @flow.flow_path
+        redirect_to idv_ssn_url
+      end
+
       def native_camera_ab_testing_variables
         {
           acuant_sdk_upgrade_ab_test_bucket:

app/views/idv/ssn/show.html.erb

@@ -0,0 +1,91 @@
+<%#
+Renders a page asking the user to enter their SSN or update their SSN if they had previously entered it.
+
+locals:
+* success_alert_enabled: whether or not to display a "We've successfully verified your ID" success alert
+* updating_ssn: true if the user is updating their SSN instead of providing it for the first time. This
+                will render a different page heading and different navigation buttons in the page footer
+%>
+<% content_for(:pre_flash_content) do %>
+  <%= render StepIndicatorComponent.new(
+        steps: Idv::Flows::DocAuthFlow::STEP_INDICATOR_STEPS,
+        current_step: :verify_info,
+        locale_scope: 'idv',
+        class: 'margin-x-neg-2 margin-top-neg-4 tablet:margin-x-neg-6 tablet:margin-top-neg-4',
+      ) %>
+<% end %>
+
+<% title t('titles.doc_auth.ssn') %>
+
+<% if success_alert_enabled %>
+  <%= render AlertComponent.new(
+        type: :success,
+        class: 'margin-bottom-4',
+      ) do %>
+    <%= t('doc_auth.headings.capture_complete') %>
+  <% end %>
+<% end %>
+
+<% if updating_ssn %>
+  <%= render PageHeadingComponent.new.with_content(t('doc_auth.headings.ssn_update')) %>
+<% else %>
+  <%= render PageHeadingComponent.new.with_content(t('doc_auth.headings.ssn')) %>
+<% end %>
+
+<p>
+  <%= t('doc_auth.info.ssn') %>
+  <%= new_window_link_to(t('doc_auth.instructions.learn_more'), MarketingSite.security_and_privacy_practices_url) %>
+</p>
+
+<% if FeatureManagement.proofing_device_profiling_collecting_enabled? %>
+  <% if threatmetrix_session_id.present? %>
+    <% threatmetrix_javascript_urls.each do |threatmetrix_javascript_url| %>
+      <%= javascript_include_tag threatmetrix_javascript_url, nonce: true %>
+    <% end %>
+    <noscript>
+      <%= content_tag(
+            :iframe,
+            '',
+            src: threatmetrix_iframe_url,
+            style: 'width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;',
+          ) %>
+    </noscript>
+  <% end %>
+<% end %>
+
+<% if IdentityConfig.store.proofer_mock_fallback %>
+  <div class="usa-alert usa-alert--info margin-bottom-4" role="status">
+    <div class="usa-alert__body">
+      <p class="usa-alert__text">
+        <%= t('doc_auth.instructions.test_ssn') %>
+      </p>
+    </div>
+  </div>
+<% end %>
+
+<%= simple_form_for(
+      :doc_auth,
+      url: idv_ssn_url,
+      method: :put,
+      html: { autocomplete: 'off' },
+    ) do |f| %>
+  <div class="tablet:grid-col-8">
+    <%= render 'shared/ssn_field', f: f %>
+  </div>
+
+  <p><%= @error_message %></p>
+
+  <%= f.submit class: 'display-block margin-y-5' do %>
+    <% if updating_ssn %>
+      <%= t('forms.buttons.submit.update') %>
+    <% else %>
+      <%= t('forms.buttons.continue') %>
+    <% end %>
+  <% end %>
+<% end %>
+
+<% if updating_ssn %>
+  <%= render 'idv/shared/back', action: 'cancel_update_ssn' %>
+<% else %>
+  <%= render 'idv/doc_auth/cancel', step: 'ssn' %>
+<% end %>

app/views/idv/verify_info/show.html.erb

@@ -102,6 +102,16 @@ locals:
             toggle_label: t('forms.ssn.show'),
           ) %>
     </div>
+<% if IdentityConfig.store.doc_auth_ssn_controller_enabled %>
+    <div class='grid-auto'>
+      <%= button_to(
+            idv_ssn_url,
+            method: :get,
+            class: 'usa-button usa-button--unstyled',
+            'aria-label': t('idv.buttons.change_ssn_label'),
+          ) { t('idv.buttons.change_label') } %>
+    </div>
+<% else %>
     <div class='grid-auto'>
       <%= button_to(
             idv_doc_auth_step_url(step: :redo_ssn),
@@ -110,6 +120,7 @@ locals:
             'aria-label': t('idv.buttons.change_ssn_label'),
           ) { t('idv.buttons.change_label') } %>
     </div>
+<% end %>
   </div>
   <div class="margin-top-5">
       <%= render SpinnerButtonComponent.new(

config/application.yml.default

@@ -70,6 +70,7 @@ country_phone_number_overrides: '{}'
 doc_auth_error_dpi_threshold: 290
 doc_auth_error_sharpness_threshold: 40
 doc_auth_error_glare_threshold: 40
+doc_auth_ssn_controller_enabled: false
 database_pool_extra_connections_for_worker: 4
 database_pool_idp: 5
 database_statement_timeout: 2_500

config/routes.rb

@@ -308,6 +308,8 @@
       post '/forgot_password' => 'forgot_password#update'
       get '/otp_delivery_method' => 'otp_delivery_method#new'
       put '/otp_delivery_method' => 'otp_delivery_method#create'
+      get '/ssn' => 'ssn#show'
+      put '/ssn' => 'ssn#update'
       get '/verify_info' => 'verify_info#show'
       put '/verify_info' => 'verify_info#update'
       get '/phone' => 'phone#new'

lib/identity_config.rb

@@ -166,6 +166,7 @@ def self.build_store(config_map)
     config.add(:doc_auth_max_submission_attempts_before_native_camera, type: :integer)
     config.add(:doc_auth_max_capture_attempts_before_tips, type: :integer)
     config.add(:doc_auth_s3_request_timeout, type: :integer)
+    config.add(:doc_auth_ssn_controller_enabled, type: :boolean)
     config.add(:doc_auth_vendor, type: :string)
     config.add(:doc_auth_vendor_randomize, type: :boolean)
     config.add(:doc_auth_vendor_randomize_percent, type: :integer)