18F · soniaconnolly · Apr 11, 2023 · Apr 7, 2023 · Apr 7, 2023 · Apr 7, 2023
diff --git a/app/controllers/idv/gpo_verify_controller.rb b/app/controllers/idv/gpo_verify_controller.rb
@@ -45,17 +45,16 @@ def create
           else
             event, _disavowal_token = create_user_event(:account_verified)
 
-            if result.extra[:threatmetrix_check_failed] && threatmetrix_enabled?
-              redirect_to_fraud_review
-            else
+            if !threatmetrix_check_failed?(result)
               UserAlerts::AlertUserAboutAccountVerified.call(
                 user: current_user,
                 date_time: event.created_at,
                 sp_name: decorated_session.sp_name,
               )
               flash[:success] = t('account.index.verification.success')
-              redirect_to next_step
             end
+
+            redirect_to next_step
           end
         else
           flash[:error] = @gpo_verify_form.errors.first.message
@@ -105,6 +104,10 @@ def confirm_verification_needed
       redirect_to account_url
     end
 
+    def threatmetrix_check_failed?(result)
+      result.extra[:threatmetrix_check_failed] && threatmetrix_enabled?
+    end
+
     def threatmetrix_enabled?
       FeatureManagement.proofing_device_profiling_decisioning_enabled?
     end

diff --git a/app/controllers/idv/personal_key_controller.rb b/app/controllers/idv/personal_key_controller.rb
@@ -35,9 +35,7 @@ def address_verification_method
     end
 
     def next_step
-      if pending_profile? && idv_session.address_verification_mechanism == 'gpo'
-        idv_come_back_later_url
-      elsif in_person_enrollment?
+      if in_person_enrollment?
         idv_in_person_ready_to_verify_url
       elsif blocked_by_device_profiling?
         idv_please_call_url

diff --git a/app/forms/gpo_verify_form.rb b/app/forms/gpo_verify_form.rb
@@ -22,8 +22,7 @@ def submit
         UspsInPersonProofing::EnrollmentHelper.schedule_in_person_enrollment(user, pii)
         pending_profile&.deactivate(:in_person_verification_pending)
       elsif threatmetrix_check_failed? && threatmetrix_enabled?
-        pending_profile&.deactivate_for_fraud_review
-        pending_profile&.update!(verified_at: Time.zone.now)
+        deactivate_for_fraud_review
       else
         activate_profile
       end
@@ -54,6 +53,11 @@ def gpo_confirmation_code
     pending_profile.gpo_confirmation_codes.first_with_otp(otp)
   end
 
+  def deactivate_for_fraud_review
+    pending_profile&.deactivate_for_fraud_review
+    pending_profile&.update!(deactivation_reason: nil, verified_at: Time.zone.now)
+  end
+
   def validate_otp_not_expired
     return unless gpo_confirmation_code.present? && gpo_confirmation_code.expired?
 

diff --git a/spec/controllers/idv/gpo_verify_controller_spec.rb b/spec/controllers/idv/gpo_verify_controller_spec.rb
@@ -213,7 +213,7 @@
             )
           end
 
-          it 'redirects to the sad face screen' do
+          it 'is reflected in analytics' do
             expect(@analytics).to receive(:track_event).with(
               'IdV: GPO verification submitted',
               success: true,
@@ -226,7 +226,7 @@
 
             action
 
-            expect(response).to redirect_to(idv_please_call_url)
+            expect(response).to redirect_to(idv_personal_key_url)
           end
 
           it 'does not show a flash message' do
@@ -247,7 +247,7 @@
               threatmetrix_review_status: 'review'
             )
           end
-          it 'redirects to the sad face screen' do
+          it 'is reflected in analytics' do
             expect(@analytics).to receive(:track_event).with(
               'IdV: GPO verification submitted',
               success: true,
@@ -260,7 +260,7 @@
 
             action
 
-            expect(response).to redirect_to(idv_please_call_url)
+            expect(response).to redirect_to(idv_personal_key_url)
           end
         end
       end

diff --git a/spec/controllers/idv/personal_key_controller_spec.rb b/spec/controllers/idv/personal_key_controller_spec.rb
@@ -191,12 +191,6 @@ def index
         subject.idv_session.create_profile_from_applicant_with_password(password)
       end
 
-      it 'redirects to come back later path' do
-        patch :update
-
-        expect(response).to redirect_to idv_come_back_later_path
-      end
-
       context 'with gpo personal key after verification' do
         it 'redirects to sign up completed_url for a sp' do
           allow(subject).to receive(:pending_profile?).and_return(false)
@@ -208,18 +202,6 @@ def index
         end
       end
 
-      context 'with in person profile' do
-        before do
-          ProofingComponent.create(user: user, document_check: Idp::Constants::Vendors::USPS)
-          allow(IdentityConfig.store).to receive(:in_person_proofing_enabled).and_return(true)
-        end
-
-        it 'creates a profile and returns completion url' do
-          patch :update
-
-          expect(response).to redirect_to idv_come_back_later_path
-        end
-      end
       it 'logs key submitted event' do
         patch :update
 

diff --git a/spec/features/idv/steps/gpo_otp_verification_step_spec.rb b/spec/features/idv/steps/gpo_otp_verification_step_spec.rb
@@ -52,15 +52,13 @@
 
     context 'ThreatMetrix says "review"' do
       let(:threatmetrix_review_status) { 'review' }
-      let(:redirect_after_verification) { idv_please_call_path }
       let(:profile_should_be_active) { false }
       let(:fraud_review_pending) { true }
       it_behaves_like 'gpo otp verification'
     end
 
     context 'ThreatMetrix says "reject"' do
       let(:threatmetrix_review_status) { 'reject' }
-      let(:redirect_after_verification) { idv_please_call_path }
       let(:profile_should_be_active) { false }
       let(:fraud_review_pending) { true }
       it_behaves_like 'gpo otp verification'

diff --git a/spec/support/idv_examples/gpo_otp_verification.rb b/spec/support/idv_examples/gpo_otp_verification.rb
@@ -11,8 +11,6 @@
     fill_in t('forms.verify_profile.name'), with: otp
     click_button t('forms.verify_profile.submit')
 
-    expect(page).to have_current_path(redirect_after_verification) if redirect_after_verification
-
     profile.reload
 
     if profile_should_be_active
@@ -22,6 +20,7 @@
       expect(profile.active).to be(false)
       expect(profile.fraud_review_pending?).to eq(fraud_review_pending) if fraud_review_pending
       expect(profile.verified_at).to_not eq(nil) if fraud_review_pending
+      expect(profile.deactivation_reason).to eq(nil) if fraud_review_pending
     end
 
     expect(user.events.account_verified.size).to eq 1