From 5977099edd9512a5cceac3305cf89cb7af6606bb Mon Sep 17 00:00:00 2001
From: Jonathan Hooper <jonathan.hooper@gsa.gov>
Date: Fri, 7 Apr 2023 12:29:40 -0400
Subject: [PATCH 1/2] Return an empty hash from `#flow_session` if it has not
 been created

We have observed a number of 500 errors that are the result of the flow session being nil. There is a new one present in the document capture controller.

This commit fixes all of these issues and hopefully prevents new ones by modifying the non-FSM implementaitons of `#flow_session` to return an empty hash when the flow session has not been constructed yet.

[skip changelog]
---
 app/controllers/concerns/idv_step_concern.rb            | 8 ++++----
 app/controllers/idv/in_person/verify_info_controller.rb | 4 ++--
 app/controllers/idv/verify_info_controller.rb           | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/app/controllers/concerns/idv_step_concern.rb b/app/controllers/concerns/idv_step_concern.rb
index fd12ca56b90..51c488346bd 100644
--- a/app/controllers/concerns/idv_step_concern.rb
+++ b/app/controllers/concerns/idv_step_concern.rb
@@ -9,16 +9,16 @@ module IdvStepConcern
   end
 
   def flow_session
-    user_session['idv/doc_auth']
+    user_session.fetch('idv/doc_auth', {})
   end
 
   def pii_from_doc
-    flow_session&.[]('pii_from_doc')
+    flow_session['pii_from_doc']
   end
 
   # copied from doc_auth_controller
   def flow_path
-    flow_session&.[](:flow_path)
+    flow_session[:flow_path]
   end
 
   def confirm_document_capture_complete
@@ -28,7 +28,7 @@ def confirm_document_capture_complete
        flow_path == 'standard'
       redirect_to idv_document_capture_url
     else
-      flow_session&.delete('Idv::Steps::DocumentCaptureStep')
+      flow_session.delete('Idv::Steps::DocumentCaptureStep')
       redirect_to idv_doc_auth_url
     end
   end
diff --git a/app/controllers/idv/in_person/verify_info_controller.rb b/app/controllers/idv/in_person/verify_info_controller.rb
index 0443352c507..ff1c146bffe 100644
--- a/app/controllers/idv/in_person/verify_info_controller.rb
+++ b/app/controllers/idv/in_person/verify_info_controller.rb
@@ -106,7 +106,7 @@ def confirm_verify_info_step_needed
       end
 
       def pii
-        @pii = flow_session[:pii_from_user] if flow_session
+        @pii = flow_session[:pii_from_user]
       end
 
       def delete_pii
@@ -126,7 +126,7 @@ def increment_step_counts
 
       # override StepUtilitiesConcern
       def flow_session
-        user_session['idv/in_person']
+        user_session.fetch('idv/in_person', {})
       end
 
       def analytics_arguments
diff --git a/app/controllers/idv/verify_info_controller.rb b/app/controllers/idv/verify_info_controller.rb
index 494ca2257e8..9112bb531af 100644
--- a/app/controllers/idv/verify_info_controller.rb
+++ b/app/controllers/idv/verify_info_controller.rb
@@ -98,7 +98,7 @@ def analytics_arguments
 
     # copied from verify_step
     def pii
-      @pii = flow_session[:pii_from_doc] if flow_session
+      @pii = flow_session[:pii_from_doc]
     end
 
     def delete_pii

From 3730754142dcd205c474a68b5e984c92c9213c35 Mon Sep 17 00:00:00 2001
From: Jonathan Hooper <jonathan.hooper@gsa.gov>
Date: Fri, 7 Apr 2023 13:05:37 -0400
Subject: [PATCH 2/2] fix a test

---
 app/controllers/concerns/idv_step_concern.rb       | 2 +-
 app/controllers/idv/document_capture_controller.rb | 2 +-
 spec/controllers/idv/ssn_controller_spec.rb        | 3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/controllers/concerns/idv_step_concern.rb b/app/controllers/concerns/idv_step_concern.rb
index 51c488346bd..c43372e04cb 100644
--- a/app/controllers/concerns/idv_step_concern.rb
+++ b/app/controllers/concerns/idv_step_concern.rb
@@ -9,7 +9,7 @@ module IdvStepConcern
   end
 
   def flow_session
-    user_session.fetch('idv/doc_auth', {})
+    user_session['idv/doc_auth'] || {}
   end
 
   def pii_from_doc
diff --git a/app/controllers/idv/document_capture_controller.rb b/app/controllers/idv/document_capture_controller.rb
index bdebd9e710f..3cdd9a6640f 100644
--- a/app/controllers/idv/document_capture_controller.rb
+++ b/app/controllers/idv/document_capture_controller.rb
@@ -65,7 +65,7 @@ def confirm_upload_step_complete
     end
 
     def confirm_document_capture_needed
-      pii = flow_session&.[]('pii_from_doc') # hash with indifferent access
+      pii = flow_session['pii_from_doc'] # hash with indifferent access
       return if pii.blank? && !idv_session.verify_info_step_complete?
 
       redirect_to idv_ssn_url
diff --git a/spec/controllers/idv/ssn_controller_spec.rb b/spec/controllers/idv/ssn_controller_spec.rb
index 113330ea835..442d7eb48f9 100644
--- a/spec/controllers/idv/ssn_controller_spec.rb
+++ b/spec/controllers/idv/ssn_controller_spec.rb
@@ -13,8 +13,8 @@
   let(:user) { create(:user) }
 
   before do
-    allow(subject).to receive(:flow_session).and_return(flow_session)
     stub_sign_in(user)
+    subject.user_session['idv/doc_auth'] = flow_session
     stub_analytics
     stub_attempts_tracker
     allow(@analytics).to receive(:track_event)
@@ -78,6 +78,7 @@
 
     context 'without a flow session' do
       let(:flow_session) { nil }
+
       it 'redirects to doc_auth' do
         get :show