Test that a fraud rejected user cannot enter the IdV flow

spec/factories/users.rb

@@ -227,7 +227,7 @@
       end
     end
 
-    trait :deactivated_fraud_profile do
+    trait :fraud_review_pending do
       fully_registered
 
       after :build do |user|
@@ -241,6 +241,20 @@
       end
     end
 
+    trait :fraud_rejection do
+      fully_registered
+
+      after :build do |user|
+        create(
+          :profile,
+          :fraud_rejection,
+          :verified,
+          :with_pii,
+          user: user,
+        )
+      end
+    end
+
     trait :deactivated_password_reset_profile do
       fully_registered
 

spec/features/idv/threat_metrix_pending_spec.rb

@@ -69,6 +69,31 @@
     expect(current_path).to eq('/auth/result')
   end
 
+  scenario 'users rejected from fraud review cannot perform idv' do
+    user = create(:user, :fraud_rejection)
+
+    start_idv_from_sp
+    sign_in_live_with_2fa(user)
+
+    # User is redirected on IdV sign in
+    expect(page).to have_content(t('idv.failure.verify.heading'))
+    expect(page).to have_current_path(idv_not_verified_path)
+
+    visit idv_url
+
+    # User cannot enter IdV flow
+    expect(page).to have_content(t('idv.failure.verify.heading'))
+    expect(page).to have_current_path(idv_not_verified_path)
+
+    # User able to sign for IAL1
+    set_new_browser_session
+    visit_idp_from_sp_with_ial1(:oidc)
+    sign_in_live_with_2fa(user)
+    click_agree_and_continue
+
+    expect(current_path).to eq('/auth/result')
+  end
+
   scenario 'users ThreatMetrix Pass, it logs idv_tmx_fraud_check event' do
     freeze_time do
       complete_all_idv_steps_with(threatmetrix: 'Pass')

spec/lib/tasks/review_profile_spec.rb

@@ -2,7 +2,7 @@
 require 'rake'
 
 describe 'review_profile' do
-  let(:user) { create(:user, :deactivated_fraud_profile) }
+  let(:user) { create(:user, :fraud_review_pending) }
   let(:uuid) { user.uuid }
   let(:task_name) { nil }