LG-9464 GPO Verify to use profile instead of proofing components

app/controllers/idv/gpo_verify_controller.rb

@@ -31,43 +31,46 @@ def create
       throttle.increment!
       if throttle.throttled?
         render_throttled
+        return
+      end
+
+      result = @gpo_verify_form.submit
+      analytics.idv_gpo_verification_submitted(**result.to_h)
+      irs_attempts_api_tracker.idv_gpo_verification_submitted(
+        success: result.success?,
+        failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
+      )
+
+      if !result.success?
+        flash[:error] = @gpo_verify_form.errors.first.message
+        redirect_to idv_gpo_verify_url
+        return
+      end
+
+      if result.extra[:pending_in_person_enrollment]
+        redirect_to idv_in_person_ready_to_verify_url
       else
-        result = @gpo_verify_form.submit
-        analytics.idv_gpo_verification_submitted(**result.to_h)
-        irs_attempts_api_tracker.idv_gpo_verification_submitted(
-          success: result.success?,
-          failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
-        )
+        prepare_for_personal_key
 
-        if result.success?
-          if result.extra[:pending_in_person_enrollment]
-            redirect_to idv_in_person_ready_to_verify_url
-          else
-            event, _disavowal_token = create_user_event(:account_verified)
-
-            if !threatmetrix_check_failed?(result)
-              UserAlerts::AlertUserAboutAccountVerified.call(
-                user: current_user,
-                date_time: event.created_at,
-                sp_name: decorated_session.sp_name,
-              )
-              flash[:success] = t('account.index.verification.success')
-            end
-
-            redirect_to next_step
-          end
-        else
-          flash[:error] = @gpo_verify_form.errors.first.message
-          redirect_to idv_gpo_verify_url
-        end
+        redirect_to idv_personal_key_url
       end
     end
 
     private
 
-    def next_step
+    def prepare_for_personal_key
+      event, _disavowal_token = create_user_event(:account_verified)
+
+      if !fraud_check_failed?
+        UserAlerts::AlertUserAboutAccountVerified.call(
+          user: current_user,
+          date_time: event.created_at,
+          sp_name: decorated_session.sp_name,
+        )
+        flash[:success] = t('account.index.verification.success')
+      end
+
       enable_personal_key_generation
-      idv_personal_key_url
     end
 
     def throttle
@@ -104,8 +107,8 @@ def confirm_verification_needed
       redirect_to account_url
     end
 
-    def threatmetrix_check_failed?(result)
-      result.extra[:threatmetrix_check_failed] && threatmetrix_enabled?
+    def fraud_check_failed?
+      threatmetrix_enabled? && (current_user.fraud_review_pending? || current_user.fraud_rejection?)
     end
 
     def threatmetrix_enabled?

app/forms/gpo_verify_form.rb

@@ -21,7 +21,7 @@ def submit
       if pending_in_person_enrollment?
         UspsInPersonProofing::EnrollmentHelper.schedule_in_person_enrollment(user, pii)
         pending_profile&.deactivate(:in_person_verification_pending)
-      elsif threatmetrix_check_failed? && threatmetrix_enabled?
+      elsif fraud_check_failed? && threatmetrix_enabled?
         deactivate_for_fraud_review
       else
         activate_profile
@@ -36,7 +36,7 @@ def submit
         enqueued_at: gpo_confirmation_code&.code_sent_at,
         pii_like_keypaths: [[:errors, :otp], [:error_details, :otp]],
         pending_in_person_enrollment: pending_in_person_enrollment?,
-        threatmetrix_check_failed: threatmetrix_check_failed?,
+        threatmetrix_check_failed: fraud_check_failed?,
       },
     )
   end
@@ -89,9 +89,8 @@ def threatmetrix_enabled?
     FeatureManagement.proofing_device_profiling_decisioning_enabled?
   end
 
-  def threatmetrix_check_failed?
-    status = pending_profile&.proofing_components&.[]('threatmetrix_review_status')
-    !status.nil? && status != 'pass'
+  def fraud_check_failed?
+    user.fraud_review_pending? || user.fraud_rejection?
   end
 
   def activate_profile

app/models/profile.rb

@@ -81,7 +81,12 @@ def deactivate(reason)
   end
 
   def has_deactivation_reason?
-    fraud_review_pending? || fraud_rejection? || gpo_verification_pending?
+    has_fraud_deactivation_reason? || gpo_verification_pending?
+  end
+
+  def has_fraud_deactivation_reason?
+    return false if !FeatureManagement.proofing_device_profiling_decisioning_enabled?
+    fraud_review_pending? || fraud_rejection?
   end
 
   def deactivate_for_gpo_verification

spec/controllers/idv/gpo_verify_controller_spec.rb

@@ -5,6 +5,7 @@
   let(:success) { true }
   let(:otp) { 'ABC123' }
   let(:submitted_otp) { otp }
+  let(:user) { create(:user) }
   let(:pending_profile) do
     create(
       :profile,
@@ -14,7 +15,6 @@
     )
   end
   let(:proofing_components) { nil }
-  let(:user) { create(:user) }
   let(:threatmetrix_enabled) { false }
 
   before do
@@ -172,10 +172,12 @@
 
       context 'threatmetrix disabled' do
         context 'with threatmetrix status of "reject"' do
-          let(:proofing_components) do
-            ProofingComponent.create(
-              user: user, threatmetrix: true,
-              threatmetrix_review_status: 'reject'
+          let(:pending_profile) do
+            create(
+              :profile,
+              :with_pii,
+              user: user,
+              fraud_review_pending_at: 1.day.ago,
             )
           end
 
@@ -206,10 +208,12 @@
         let(:threatmetrix_enabled) { true }
 
         context 'with threatmetrix status of "reject"' do
-          let(:proofing_components) do
-            ProofingComponent.create(
-              user: user, threatmetrix: true,
-              threatmetrix_review_status: 'reject'
+          let(:pending_profile) do
+            create(
+              :profile,
+              :with_pii,
+              user: user,
+              fraud_review_pending_at: 1.day.ago,
             )
           end
 
@@ -241,12 +245,15 @@
         end
 
         context 'with threatmetrix status of "review"' do
-          let(:proofing_components) do
-            ProofingComponent.create(
-              user: user, threatmetrix: true,
-              threatmetrix_review_status: 'review'
+          let(:pending_profile) do
+            create(
+              :profile,
+              :with_pii,
+              user: user,
+              fraud_review_pending_at: 1.day.ago,
             )
           end
+
           it 'is reflected in analytics' do
             expect(@analytics).to receive(:track_event).with(
               'IdV: GPO verification submitted',

spec/features/idv/steps/gpo_otp_verification_step_spec.rb

@@ -9,10 +9,8 @@
       :profile,
       deactivation_reason: :gpo_verification_pending,
       pii: { ssn: '123-45-6789', dob: '1970-01-01' },
-      proofing_components: {
-        threatmetrix: threatmetrix_enabled,
-        threatmetrix_review_status: threatmetrix_review_status,
-      },
+      fraud_review_pending_at: fraud_review_pending_timestamp,
+      fraud_rejection_at: fraud_rejection_timestamp,
     )
   end
   let(:gpo_confirmation_code) do
@@ -24,7 +22,8 @@
   end
   let(:user) { profile.user }
   let(:threatmetrix_enabled) { false }
-  let(:threatmetrix_review_status) { nil }
+  let(:fraud_review_pending_timestamp) { nil }
+  let(:fraud_rejection_timestamp) { nil }
   let(:redirect_after_verification) { nil }
   let(:profile_should_be_active) { true }
   let(:fraud_review_pending) { false }
@@ -38,34 +37,34 @@
 
   context 'ThreatMetrix disabled, but we have ThreatMetrix status on proofing component' do
     let(:threatmetrix_enabled) { false }
-    let(:threatmetrix_review_status) { 'review' }
+    let(:fraud_review_pending_timestamp) { 1.day.ago }
     it_behaves_like 'gpo otp verification'
   end
 
   context 'ThreatMetrix enabled' do
     let(:threatmetrix_enabled) { true }
 
     context 'ThreatMetrix says "pass"' do
-      let(:threatmetrix_review_status) { 'pass' }
+      let(:fraud_review_pending_timestamp) { nil }
       it_behaves_like 'gpo otp verification'
     end
 
     context 'ThreatMetrix says "review"' do
-      let(:threatmetrix_review_status) { 'review' }
+      let(:fraud_review_pending_timestamp) { 1.day.ago }
       let(:profile_should_be_active) { false }
       let(:fraud_review_pending) { true }
       it_behaves_like 'gpo otp verification'
     end
 
     context 'ThreatMetrix says "reject"' do
-      let(:threatmetrix_review_status) { 'reject' }
+      let(:fraud_rejection_timestamp) { 1.day.ago }
       let(:profile_should_be_active) { false }
       let(:fraud_review_pending) { true }
       it_behaves_like 'gpo otp verification'
     end
 
     context 'No ThreatMetrix result on proofing component' do
-      let(:threatmetrix_review_status) { nil }
+      let(:fraud_review_pending_timestamp) { nil }
       it_behaves_like 'gpo otp verification'
     end
   end

spec/forms/gpo_verify_form_spec.rb

@@ -149,10 +149,12 @@
       end
 
       context 'ThreatMetrix rejection' do
-        let(:proofing_components) do
-          ProofingComponent.create(
-            user: user, threatmetrix: true,
-            threatmetrix_review_status: threatmetrix_review_status
+        let(:pending_profile) do
+          create(
+            :profile,
+            user: user,
+            deactivation_reason: :gpo_verification_pending,
+            fraud_review_pending_at: 1.day.ago,
           )
         end
 

spec/models/profile_spec.rb

@@ -264,6 +264,12 @@
     end
 
     context 'activation guards against deactivation reasons' do
+      before do
+        allow(FeatureManagement).to receive(
+          :proofing_device_profiling_decisioning_enabled?,
+        ).and_return(true)
+      end
+
       it 'does not activate a profile with gpo verification pending' do
         profile.update(gpo_verification_pending_at: 1.day.ago)
         profile.activate

spec/support/controller_helper.rb

@@ -91,7 +91,6 @@ def stub_user_with_pending_profile(user)
     allow(user).to receive(:pending_profile).and_return(pending_profile)
     allow(user).to receive(:pending_profile_requires_verification?).
       and_return(has_pending_profile)
-    allow(user).to receive(:fraud_review_pending?).and_return(false)
     user
   end