LG-8768 Clarify idv_verification rate limiting

app/controllers/idv/verify_info_controller.rb

@@ -14,11 +14,13 @@ def show
         call('verify', :view, true)
 
       if ssn_throttle.throttled?
+        idv_failure_log_throttled(:proof_ssn)
         redirect_to idv_session_errors_ssn_failure_url
         return
       end
 
       if resolution_throttle.throttled?
+        idv_failure_log_throttled(:idv_resolution)
         redirect_to throttled_url
         return
       end
@@ -37,6 +39,7 @@ def update
 
       ssn_throttle.increment!
       if ssn_throttle.throttled?
+        idv_failure_log_throttled(:proof_ssn)
         analytics.throttler_rate_limit_triggered(
           throttle_type: :proof_ssn,
           step_name: 'verify_info',
@@ -46,6 +49,7 @@ def update
       end
 
       if resolution_throttle.throttled?
+        idv_failure_log_throttled(:idv_resolution)
         redirect_to throttled_url
         return
       end
@@ -155,7 +159,7 @@ def idv_failure(result)
 
       resolution_throttle.increment! if proofing_results_exception.blank?
       if resolution_throttle.throttled?
-        idv_failure_log_throttled
+        idv_failure_log_throttled(:idv_resolution)
         redirect_to throttled_url
       elsif proofing_results_exception.present?
         idv_failure_log_error
@@ -166,12 +170,16 @@ def idv_failure(result)
       end
     end
 
-    def idv_failure_log_throttled
-      irs_attempts_api_tracker.idv_verification_rate_limited
-      analytics.throttler_rate_limit_triggered(
-        throttle_type: :idv_resolution,
-        step_name: self.class.name,
-      )
+    def idv_failure_log_throttled(throttle_type)
+      if throttle_type == :idv_resolution
+        irs_attempts_api_tracker.idv_verification_rate_limited(throttle_context: 'single-session')
+        analytics.throttler_rate_limit_triggered(
+          throttle_type: :idv_resolution,
+          step_name: self.class.name,
+        )
+      elsif throttle_type == :proof_ssn
+        irs_attempts_api_tracker.idv_verification_rate_limited(throttle_context: 'multi-session')
+      end
     end
 
     def idv_failure_log_error

app/controllers/idv_controller.rb

@@ -15,7 +15,7 @@ def index
     elsif active_profile?
       redirect_to idv_activated_url
     elsif idv_attempter_throttled?
-      irs_attempts_api_tracker.idv_verification_rate_limited
+      irs_attempts_api_tracker.idv_verification_rate_limited(throttle_context: 'single-session')
       analytics.throttler_rate_limit_triggered(
         throttle_type: :idv_resolution,
       )

app/services/idv/steps/verify_base_step.rb

@@ -90,7 +90,9 @@ def idv_failure(result)
       end
 
       def idv_failure_log_throttled
-        @flow.irs_attempts_api_tracker.idv_verification_rate_limited
+        @flow.irs_attempts_api_tracker.idv_verification_rate_limited(
+          throttle_context: 'single-session',
+        )
         @flow.analytics.throttler_rate_limit_triggered(
           throttle_type: :idv_resolution,
           step_name: self.class.name,
@@ -179,6 +181,9 @@ def enqueue_job
 
           throttle.increment!
           if throttle.throttled?
+            @flow.irs_attempts_api_tracker.idv_verification_rate_limited(
+              throttle_context: 'multi-session',
+            )
             @flow.analytics.throttler_rate_limit_triggered(
               throttle_type: :proof_ssn,
               step_name: self.class,

app/services/irs_attempts_api/tracker_events.rb

@@ -282,10 +282,12 @@ def idv_ssn_submitted(ssn:)
       )
     end
 
+    # @param [String] throttle_context - Either single-session or multi-session
     # Track when idv verification is rate limited during idv flow
-    def idv_verification_rate_limited
+    def idv_verification_rate_limited(throttle_context:)
       track_event(
         :idv_verification_rate_limited,
+        throttle_context: throttle_context,
       )
     end
 

spec/controllers/idv/verify_info_controller_spec.rb

@@ -12,6 +12,16 @@
   end
 
   let(:user) { create(:user) }
+  let(:analytics_hash) do
+    {
+      analytics_id: 'Doc Auth',
+      flow_path: 'standard',
+      irs_reproofing: false,
+      step: 'verify',
+    }
+  end
+  let(:ssn_throttle_hash) { { throttle_context: 'multi-session' } }
+  let(:proofing_throttle_hash) { { throttle_context: 'single-session' } }
 
   before do
     allow(subject).to receive(:flow_session).and_return(flow_session)
@@ -38,10 +48,7 @@
     let(:analytics_name) { 'IdV: doc auth verify visited' }
     let(:analytics_args) do
       {
-        analytics_id: 'Doc Auth',
-        flow_path: 'standard',
-        irs_reproofing: false,
-        step: 'verify',
+        **analytics_hash,
         step_count: 1,
       }
     end
@@ -115,21 +122,17 @@
         end
       end
 
-      context 'when the user is ssn throttled' do
-        before do
-          Throttle.new(
-            target: Pii::Fingerprinter.fingerprint(
-              Idp::Constants::MOCK_IDV_APPLICANT_WITH_SSN[:ssn],
-            ),
-            throttle_type: :proof_ssn,
-          ).increment_to_throttled!
-        end
+      it 'redirects to ssn failure url' do
+        get :show
 
-        it 'redirects to ssn failure url' do
-          get :show
+        expect(response).to redirect_to idv_session_errors_ssn_failure_url
+      end
 
-          expect(response).to redirect_to idv_session_errors_ssn_failure_url
-        end
+      it 'logs the correct attempts event' do
+        expect(@irs_attempts_api_tracker).to receive(:idv_verification_rate_limited).
+          with(ssn_throttle_hash)
+
+        get :show
       end
     end
 
@@ -146,23 +149,30 @@
 
         expect(response).to redirect_to idv_session_errors_failure_url
       end
+
+      it 'logs the correct attempts event' do
+        expect(@irs_attempts_api_tracker).to receive(:idv_verification_rate_limited).
+          with(proofing_throttle_hash)
+
+        get :show
+      end
     end
   end
 
   describe '#update' do
+    before do
+      stub_attempts_tracker
+    end
+
     it 'logs the correct analytics event' do
       stub_analytics
-      stub_attempts_tracker
 
       put :update
 
       expect(@analytics).to have_logged_event(
         'IdV: doc auth verify submitted',
         {
-          analytics_id: 'Doc Auth',
-          flow_path: 'standard',
-          irs_reproofing: false,
-          step: 'verify',
+          **analytics_hash,
           step_count: 0,
         },
       )
@@ -191,6 +201,13 @@
 
         expect(response).to redirect_to idv_session_errors_ssn_failure_url
       end
+
+      it 'logs the correct attempts event' do
+        expect(@irs_attempts_api_tracker).to receive(:idv_verification_rate_limited).
+          with(ssn_throttle_hash)
+
+        put :update
+      end
     end
 
     context 'when the user is proofing throttled' do
@@ -206,6 +223,13 @@
 
         expect(response).to redirect_to idv_session_errors_failure_url
       end
+
+      it 'logs the correct attempts event' do
+        expect(@irs_attempts_api_tracker).to receive(:idv_verification_rate_limited).
+          with(proofing_throttle_hash)
+
+        put :update
+      end
     end
   end
 end

spec/controllers/idv_controller_spec.rb

@@ -1,12 +1,18 @@
 require 'rails_helper'
 
 describe IdvController do
+  before do
+    stub_sign_in
+  end
+
   describe '#index' do
-    it 'tracks page visit' do
-      stub_sign_in
+    let(:analytics_name) { 'IdV: intro visited' }
+    before do
       stub_analytics
+    end
 
-      expect(@analytics).to receive(:track_event).with('IdV: intro visited')
+    it 'tracks page visit' do
+      expect(@analytics).to receive(:track_event).with(analytics_name)
 
       get :index
     end
@@ -15,29 +21,37 @@
       profile = create(:profile, :active, :verified)
 
       stub_sign_in(profile.user)
-      stub_analytics
 
-      expect(@analytics).to_not receive(:track_event).with('IdV: intro visited')
+      expect(@analytics).to_not receive(:track_event).with(analytics_name)
 
       get :index
     end
 
-    it 'redirects to failure page if number of attempts has been exceeded' do
-      stub_attempts_tracker
-      expect(@irs_attempts_api_tracker).to receive(:track_event).
-        with(:idv_verification_rate_limited)
-      user = create(:user)
-      profile = create(
-        :profile,
-        user: user,
-      )
-      Throttle.new(throttle_type: :idv_resolution, user: user).increment_to_throttled!
+    context 'if number of attempts has been exceeded' do
+      before do
+        user = create(:user)
+        profile = create(
+          :profile,
+          user: user,
+        )
+        Throttle.new(throttle_type: :idv_resolution, user: user).increment_to_throttled!
 
-      stub_sign_in(profile.user)
+        stub_sign_in(profile.user)
+      end
 
-      get :index
+      it 'redirects to failure page' do
+        get :index
 
-      expect(response).to redirect_to idv_session_errors_failure_url
+        expect(response).to redirect_to idv_session_errors_failure_url
+      end
+
+      it 'logs appropriate attempts event' do
+        stub_attempts_tracker
+        expect(@irs_attempts_api_tracker).to receive(:idv_verification_rate_limited).
+          with({ throttle_context: 'single-session' })
+
+        get :index
+      end
     end
 
     it 'redirects to account recovery if user has a password reset profile' do
@@ -51,28 +65,20 @@
     end
 
     it 'redirects to doc auth if doc auth is enabled and exclusive' do
-      stub_sign_in
-
       get :index
 
       expect(response).to redirect_to idv_doc_auth_path
     end
 
-    context 'with a VA inherited proofing session' do
-      before do
-        stub_sign_in
-        allow(controller).to receive(:va_inherited_proofing?).and_return(true)
-      end
+    it 'redirects to inherited proofing with a VA inherited proofing session' do
+      allow(controller).to receive(:va_inherited_proofing?).and_return(true)
 
-      it 'redirects to inherited proofing' do
-        get :index
-        expect(response).to redirect_to idv_inherited_proofing_path
-      end
+      get :index
+      expect(response).to redirect_to idv_inherited_proofing_path
     end
 
     context 'no SP context' do
       let(:user) { build(:user, password: ControllerHelper::VALID_PASSWORD) }
-      let(:idv_sp_required) { false }
 
       before do
         stub_sign_in(user)
@@ -131,8 +137,6 @@
 
     context 'user does not have an active profile' do
       it 'does not allow direct access' do
-        stub_sign_in
-
         get :activated
 
         expect(response).to redirect_to idv_url