diff --git a/app/controllers/idv/gpo_verify_controller.rb b/app/controllers/idv/gpo_verify_controller.rb index d39ad514cba..8d20615f032 100644 --- a/app/controllers/idv/gpo_verify_controller.rb +++ b/app/controllers/idv/gpo_verify_controller.rb @@ -31,43 +31,46 @@ def create throttle.increment! if throttle.throttled? render_throttled + return + end + + result = @gpo_verify_form.submit + analytics.idv_gpo_verification_submitted(**result.to_h) + irs_attempts_api_tracker.idv_gpo_verification_submitted( + success: result.success?, + failure_reason: irs_attempts_api_tracker.parse_failure_reason(result), + ) + + if !result.success? + flash[:error] = @gpo_verify_form.errors.first.message + redirect_to idv_gpo_verify_url + return + end + + if result.extra[:pending_in_person_enrollment] + redirect_to idv_in_person_ready_to_verify_url else - result = @gpo_verify_form.submit - analytics.idv_gpo_verification_submitted(**result.to_h) - irs_attempts_api_tracker.idv_gpo_verification_submitted( - success: result.success?, - failure_reason: irs_attempts_api_tracker.parse_failure_reason(result), - ) + prepare_for_personal_key - if result.success? - if result.extra[:pending_in_person_enrollment] - redirect_to idv_in_person_ready_to_verify_url - else - event, _disavowal_token = create_user_event(:account_verified) - - if !threatmetrix_check_failed?(result) - UserAlerts::AlertUserAboutAccountVerified.call( - user: current_user, - date_time: event.created_at, - sp_name: decorated_session.sp_name, - ) - flash[:success] = t('account.index.verification.success') - end - - redirect_to next_step - end - else - flash[:error] = @gpo_verify_form.errors.first.message - redirect_to idv_gpo_verify_url - end + redirect_to idv_personal_key_url end end private - def next_step + def prepare_for_personal_key + event, _disavowal_token = create_user_event(:account_verified) + + if !fraud_check_failed? + UserAlerts::AlertUserAboutAccountVerified.call( + user: current_user, + date_time: event.created_at, + sp_name: decorated_session.sp_name, + ) + flash[:success] = t('account.index.verification.success') + end + enable_personal_key_generation - idv_personal_key_url end def throttle @@ -104,8 +107,8 @@ def confirm_verification_needed redirect_to account_url end - def threatmetrix_check_failed?(result) - result.extra[:threatmetrix_check_failed] && threatmetrix_enabled? + def fraud_check_failed? + threatmetrix_enabled? && (current_user.fraud_review_pending? || current_user.fraud_rejection?) end def threatmetrix_enabled? diff --git a/app/forms/gpo_verify_form.rb b/app/forms/gpo_verify_form.rb index 3b7c71980e1..dbecf153599 100644 --- a/app/forms/gpo_verify_form.rb +++ b/app/forms/gpo_verify_form.rb @@ -21,7 +21,7 @@ def submit if pending_in_person_enrollment? UspsInPersonProofing::EnrollmentHelper.schedule_in_person_enrollment(user, pii) pending_profile&.deactivate(:in_person_verification_pending) - elsif threatmetrix_check_failed? && threatmetrix_enabled? + elsif fraud_check_failed? && threatmetrix_enabled? deactivate_for_fraud_review else activate_profile @@ -36,7 +36,7 @@ def submit enqueued_at: gpo_confirmation_code&.code_sent_at, pii_like_keypaths: [[:errors, :otp], [:error_details, :otp]], pending_in_person_enrollment: pending_in_person_enrollment?, - threatmetrix_check_failed: threatmetrix_check_failed?, + threatmetrix_check_failed: fraud_check_failed?, }, ) end @@ -89,9 +89,8 @@ def threatmetrix_enabled? FeatureManagement.proofing_device_profiling_decisioning_enabled? end - def threatmetrix_check_failed? - status = pending_profile&.proofing_components&.[]('threatmetrix_review_status') - !status.nil? && status != 'pass' + def fraud_check_failed? + user.fraud_review_pending? || user.fraud_rejection? end def activate_profile diff --git a/app/models/profile.rb b/app/models/profile.rb index c7050dc2005..ce914ecf753 100644 --- a/app/models/profile.rb +++ b/app/models/profile.rb @@ -81,7 +81,12 @@ def deactivate(reason) end def has_deactivation_reason? - fraud_review_pending? || fraud_rejection? || gpo_verification_pending? + has_fraud_deactivation_reason? || gpo_verification_pending? + end + + def has_fraud_deactivation_reason? + return false if !FeatureManagement.proofing_device_profiling_decisioning_enabled? + fraud_review_pending? || fraud_rejection? end def deactivate_for_gpo_verification diff --git a/spec/controllers/idv/gpo_verify_controller_spec.rb b/spec/controllers/idv/gpo_verify_controller_spec.rb index 620f4166726..11a3253dc97 100644 --- a/spec/controllers/idv/gpo_verify_controller_spec.rb +++ b/spec/controllers/idv/gpo_verify_controller_spec.rb @@ -5,6 +5,7 @@ let(:success) { true } let(:otp) { 'ABC123' } let(:submitted_otp) { otp } + let(:user) { create(:user) } let(:pending_profile) do create( :profile, @@ -14,7 +15,6 @@ ) end let(:proofing_components) { nil } - let(:user) { create(:user) } let(:threatmetrix_enabled) { false } before do @@ -172,10 +172,12 @@ context 'threatmetrix disabled' do context 'with threatmetrix status of "reject"' do - let(:proofing_components) do - ProofingComponent.create( - user: user, threatmetrix: true, - threatmetrix_review_status: 'reject' + let(:pending_profile) do + create( + :profile, + :with_pii, + user: user, + fraud_review_pending_at: 1.day.ago, ) end @@ -206,10 +208,12 @@ let(:threatmetrix_enabled) { true } context 'with threatmetrix status of "reject"' do - let(:proofing_components) do - ProofingComponent.create( - user: user, threatmetrix: true, - threatmetrix_review_status: 'reject' + let(:pending_profile) do + create( + :profile, + :with_pii, + user: user, + fraud_review_pending_at: 1.day.ago, ) end @@ -241,12 +245,15 @@ end context 'with threatmetrix status of "review"' do - let(:proofing_components) do - ProofingComponent.create( - user: user, threatmetrix: true, - threatmetrix_review_status: 'review' + let(:pending_profile) do + create( + :profile, + :with_pii, + user: user, + fraud_review_pending_at: 1.day.ago, ) end + it 'is reflected in analytics' do expect(@analytics).to receive(:track_event).with( 'IdV: GPO verification submitted', diff --git a/spec/features/idv/steps/gpo_otp_verification_step_spec.rb b/spec/features/idv/steps/gpo_otp_verification_step_spec.rb index 1af1b258a1e..675615f3884 100644 --- a/spec/features/idv/steps/gpo_otp_verification_step_spec.rb +++ b/spec/features/idv/steps/gpo_otp_verification_step_spec.rb @@ -9,10 +9,8 @@ :profile, deactivation_reason: :gpo_verification_pending, pii: { ssn: '123-45-6789', dob: '1970-01-01' }, - proofing_components: { - threatmetrix: threatmetrix_enabled, - threatmetrix_review_status: threatmetrix_review_status, - }, + fraud_review_pending_at: fraud_review_pending_timestamp, + fraud_rejection_at: fraud_rejection_timestamp, ) end let(:gpo_confirmation_code) do @@ -24,7 +22,8 @@ end let(:user) { profile.user } let(:threatmetrix_enabled) { false } - let(:threatmetrix_review_status) { nil } + let(:fraud_review_pending_timestamp) { nil } + let(:fraud_rejection_timestamp) { nil } let(:redirect_after_verification) { nil } let(:profile_should_be_active) { true } let(:fraud_review_pending) { false } @@ -38,7 +37,7 @@ context 'ThreatMetrix disabled, but we have ThreatMetrix status on proofing component' do let(:threatmetrix_enabled) { false } - let(:threatmetrix_review_status) { 'review' } + let(:fraud_review_pending_timestamp) { 1.day.ago } it_behaves_like 'gpo otp verification' end @@ -46,26 +45,26 @@ let(:threatmetrix_enabled) { true } context 'ThreatMetrix says "pass"' do - let(:threatmetrix_review_status) { 'pass' } + let(:fraud_review_pending_timestamp) { nil } it_behaves_like 'gpo otp verification' end context 'ThreatMetrix says "review"' do - let(:threatmetrix_review_status) { 'review' } + let(:fraud_review_pending_timestamp) { 1.day.ago } let(:profile_should_be_active) { false } let(:fraud_review_pending) { true } it_behaves_like 'gpo otp verification' end context 'ThreatMetrix says "reject"' do - let(:threatmetrix_review_status) { 'reject' } + let(:fraud_rejection_timestamp) { 1.day.ago } let(:profile_should_be_active) { false } let(:fraud_review_pending) { true } it_behaves_like 'gpo otp verification' end context 'No ThreatMetrix result on proofing component' do - let(:threatmetrix_review_status) { nil } + let(:fraud_review_pending_timestamp) { nil } it_behaves_like 'gpo otp verification' end end diff --git a/spec/forms/gpo_verify_form_spec.rb b/spec/forms/gpo_verify_form_spec.rb index e6bc27efd59..2819a87fd2f 100644 --- a/spec/forms/gpo_verify_form_spec.rb +++ b/spec/forms/gpo_verify_form_spec.rb @@ -149,10 +149,12 @@ end context 'ThreatMetrix rejection' do - let(:proofing_components) do - ProofingComponent.create( - user: user, threatmetrix: true, - threatmetrix_review_status: threatmetrix_review_status + let(:pending_profile) do + create( + :profile, + user: user, + deactivation_reason: :gpo_verification_pending, + fraud_review_pending_at: 1.day.ago, ) end diff --git a/spec/models/profile_spec.rb b/spec/models/profile_spec.rb index f72987772d1..6f26cdc6446 100644 --- a/spec/models/profile_spec.rb +++ b/spec/models/profile_spec.rb @@ -264,6 +264,12 @@ end context 'activation guards against deactivation reasons' do + before do + allow(FeatureManagement).to receive( + :proofing_device_profiling_decisioning_enabled?, + ).and_return(true) + end + it 'does not activate a profile with gpo verification pending' do profile.update(gpo_verification_pending_at: 1.day.ago) profile.activate diff --git a/spec/support/controller_helper.rb b/spec/support/controller_helper.rb index 644446babbd..73a8d91456c 100644 --- a/spec/support/controller_helper.rb +++ b/spec/support/controller_helper.rb @@ -91,7 +91,6 @@ def stub_user_with_pending_profile(user) allow(user).to receive(:pending_profile).and_return(pending_profile) allow(user).to receive(:pending_profile_requires_verification?). and_return(has_pending_profile) - allow(user).to receive(:fraud_review_pending?).and_return(false) user end