18F · theabrad · Mar 29, 2023 · Mar 15, 2023 · Mar 16, 2023 · Mar 20, 2023
diff --git a/app/controllers/concerns/fraud_review_concern.rb b/app/controllers/concerns/fraud_review_concern.rb
@@ -1,16 +1,34 @@
 module FraudReviewConcern
   extend ActiveSupport::Concern
 
+  def handle_fraud
+    handle_pending_fraud_review
+    handle_fraud_rejection
+  end
+
   def handle_pending_fraud_review
     redirect_to_fraud_review if fraud_review_pending?
   end
 
+  def handle_fraud_rejection
+    redirect_to_fraud_rejection if fraud_rejection?
+  end
+
   def redirect_to_fraud_review
     redirect_to idv_setup_errors_url
   end
 
+  def redirect_to_fraud_rejection
+    redirect_to idv_not_verified_url
+  end
+
   def fraud_review_pending?
     return false unless user_fully_authenticated?
     current_user.fraud_review_pending?
   end
+
+  def fraud_rejection?
+    return false unless user_fully_authenticated?
+    current_user.fraud_rejection?
+  end
 end
diff --git a/app/controllers/idv/doc_auth_controller.rb b/app/controllers/idv/doc_auth_controller.rb
@@ -2,7 +2,6 @@ module Idv
   class DocAuthController < ApplicationController
     before_action :confirm_two_factor_authenticated
     before_action :redirect_if_pending_in_person_enrollment
-    before_action :handle_pending_fraud_review
     before_action :redirect_if_pending_profile
     before_action :extend_timeout_using_meta_refresh_for_select_paths
 
@@ -13,6 +12,7 @@ class DocAuthController < ApplicationController
     include FraudReviewConcern
 
     before_action :redirect_if_flow_completed
+    before_action :handle_fraud
     before_action :override_document_capture_step_csp
     before_action :update_if_skipping_upload
     # rubocop:disable Rails/LexicallyScopedActionFilter

diff --git a/app/controllers/idv/not_verified_controller.rb b/app/controllers/idv/not_verified_controller.rb
@@ -0,0 +1,9 @@
+module Idv
+  class NotVerifiedController < ApplicationController
+    before_action :confirm_two_factor_authenticated
+
+    def show
+      analytics.idv_not_verified_visited
+    end
+  end
+end
diff --git a/app/controllers/idv_controller.rb b/app/controllers/idv_controller.rb
@@ -4,8 +4,8 @@ class IdvController < ApplicationController
   include FraudReviewConcern
 
   before_action :confirm_two_factor_authenticated
-  before_action :handle_pending_fraud_review
   before_action :profile_needs_reactivation?, only: [:index]
+  before_action :handle_fraud
 
   def index
     if decorated_session.requested_more_recent_verification? ||

diff --git a/app/controllers/openid_connect/authorization_controller.rb b/app/controllers/openid_connect/authorization_controller.rb
@@ -21,6 +21,7 @@ class AuthorizationController < ApplicationController
 
     def index
       return redirect_to_fraud_review if fraud_review_pending_for_ial2_request?
+      return redirect_to_fraud_rejection if fraud_rejection_for_ial2_request?
       return redirect_to_account_or_verify_profile_url if profile_or_identity_needs_verification?
       return redirect_to(sign_up_completed_url) if needs_completion_screen_reason
       link_identity_to_service_provider
@@ -90,6 +91,11 @@ def fraud_review_pending_for_ial2_request?
       fraud_review_pending?
     end
 
+    def fraud_rejection_for_ial2_request?
+      return false unless @authorize_form.ial2_or_greater?
+      fraud_rejection?
+    end
+
     def profile_or_identity_needs_verification?
       return false unless @authorize_form.ial2_or_greater?
       profile_needs_verification? || identity_needs_verification?

diff --git a/app/controllers/saml_idp_controller.rb b/app/controllers/saml_idp_controller.rb
@@ -25,6 +25,7 @@ class SamlIdpController < ApplicationController
   def auth
     capture_analytics
     return redirect_to_fraud_review if fraud_review_pending? && ial2_requested?
+    return redirect_to_fraud_rejection if fraud_rejection? && ial2_requested?
     return redirect_to_verification_url if profile_or_identity_needs_verification_or_decryption?
     return redirect_to(sign_up_completed_url) if needs_completion_screen_reason
     if auth_count == 1 && first_visit_for_sp?

diff --git a/app/services/analytics_events.rb b/app/services/analytics_events.rb
@@ -3488,6 +3488,11 @@ def idv_setup_errors_visited(proofing_components: nil, **extra)
     )
   end
 
+  # Tracks when user reaches verify errors due to being rejected due to fraud
+  def idv_not_verified_visited
+    track_event('IdV: Not verified visited')
+  end
+
   # @param [String] redirect_url URL user was directed to
   # @param [String, nil] step which step
   # @param [String, nil] location which part of a step, if applicable

diff --git a/app/views/idv/not_verified/show.html.erb b/app/views/idv/not_verified/show.html.erb
@@ -0,0 +1,23 @@
+<%= render(
+      'idv/shared/error',
+      title: t('titles.failure.information_not_verified'),
+      heading: t('idv.failure.verify.heading'),
+    ) do %>
+    <p>
+      <% if decorated_session.sp_name.present? %>
+        <%= link_to(
+              t('idv.failure.verify.fail_link_html', sp_name: decorated_session.sp_name),
+              return_to_sp_failure_to_proof_path(
+                step: 'verify_info',
+                location: request.params[:action],
+              ),
+            ) %>
+      <% else %>
+        <%= link_to(
+              t('idv.failure.verify.fail_link_html', sp_name: APP_NAME),
+              account_path,
+            ) %>
+      <% end %>
+      <%= t('idv.failure.verify.fail_text') %>
+    </p>
+<% end %>
diff --git a/config/locales/idv/en.yml b/config/locales/idv/en.yml
@@ -99,6 +99,10 @@ en:
         heading: Please give us a call
       timeout: We are experiencing higher than usual wait time processing your
         request. Please try again.
+      verify:
+        fail_link_html: Get help at <strong>%{sp_name}</strong>
+        fail_text: to access services.
+        heading: We couldn’t verify your identity
     forgot_password:
       link_text: Forgot password?
       modal_header: Are you sure you can’t remember your password?

diff --git a/config/locales/idv/es.yml b/config/locales/idv/es.yml
@@ -109,6 +109,10 @@ es:
         heading: Llámenos
       timeout: Estamos experimentando un tiempo de espera superior al habitual al
         procesar su solicitud. Inténtalo de nuevo.
+      verify:
+        fail_link_html: Obtenga ayuda en <strong>%{sp_name}</strong>
+        fail_text: para acceder a los servicios.
+        heading: No hemos podido verificar su identidad
     forgot_password:
       link_text: '¿Se te olvidó tu contraseña?'
       modal_header: '¿Estás seguro de que no puedes recordar tu contraseña?'

diff --git a/config/locales/idv/fr.yml b/config/locales/idv/fr.yml
@@ -113,6 +113,10 @@ fr:
         heading: S’il vous plaît, appelez-nous
       timeout: Le temps d’attente pour le traitement de votre demande est plus long
         que d’habitude Veuillez réessayer.
+      verify:
+        fail_link_html: Obtenez de l’aide auprès de <strong>%{sp_name}</strong>
+        fail_text: pour accéder aux services.
+        heading: Nous n’avons pas pu vérifier votre identité
     forgot_password:
       link_text: Mot de passe oublié?
       modal_header: Êtes-vous sûr de ne pas pouvoir vous souvenir de votre mot de passe?

diff --git a/config/routes.rb b/config/routes.rb
@@ -328,6 +328,7 @@
       get '/session/errors/exception' => 'session_errors#exception'
       get '/session/errors/throttled' => 'session_errors#throttled'
       get '/setup_errors' => 'setup_errors#show'
+      get '/not_verified' => 'not_verified#show'
       delete '/session' => 'sessions#destroy'
       get '/cancel/' => 'cancellations#new', as: :cancel
       put '/cancel' => 'cancellations#update'

diff --git a/spec/controllers/idv/not_verified_controller_spec.rb b/spec/controllers/idv/not_verified_controller_spec.rb
@@ -0,0 +1,21 @@
+require 'rails_helper'
+
+describe Idv::NotVerifiedController do
+  let(:user) { build_stubbed(:user, :signed_up) }
+
+  before do
+    stub_sign_in(user)
+  end
+
+  it 'renders the show template' do
+    stub_analytics
+
+    expect(@analytics).to receive(:track_event).with(
+      'IdV: Not verified visited',
+    )
+
+    get :show
+
+    expect(response).to render_template :show
+  end
+end
diff --git a/spec/controllers/idv_controller_spec.rb b/spec/controllers/idv_controller_spec.rb
@@ -27,6 +27,26 @@
       get :index
     end
 
+    it 'redirects to sad face page if fraud review is pending' do
+      profile = create(:profile, fraud_review_pending: true)
+
+      stub_sign_in(profile.user)
+
+      get :index
+
+      expect(response).to redirect_to(idv_setup_errors_url)
+    end
+
+    it 'redirects to fraud rejection page if profile is rejected' do
+      profile = create(:profile, fraud_rejection: true)
+
+      stub_sign_in(profile.user)
+
+      get :index
+
+      expect(response).to redirect_to(idv_not_verified_url)
+    end
+
     context 'if number of attempts has been exceeded' do
       before do
         user = create(:user)

diff --git a/spec/controllers/openid_connect/authorization_controller_spec.rb b/spec/controllers/openid_connect/authorization_controller_spec.rb
@@ -143,6 +143,24 @@
               action
               expect(controller).to redirect_to(idv_url)
             end
+
+            context 'user is under fraud review' do
+              let(:user) { create(:profile, fraud_review_pending: true).user }
+
+              it 'redirects to fraud review page if fraud review is pending' do
+                action
+                expect(controller).to redirect_to(idv_setup_errors_url)
+              end
+            end
+
+            context 'user is rejected due to fraud' do
+              let(:user) { create(:profile, fraud_rejection: true).user }
+
+              it 'redirects to fraud rejection page if user is fraud rejected ' do
+                action
+                expect(controller).to redirect_to(idv_not_verified_url)
+              end
+            end
           end
 
           context 'profile is reset' do