18F · eric-gade · Jun 2, 2023 · May 30, 2023 · May 30, 2023 · May 30, 2023
diff --git a/app/controllers/idv/review_controller.rb b/app/controllers/idv/review_controller.rb
@@ -11,6 +11,8 @@ class ReviewController < ApplicationController
     before_action :confirm_address_step_complete
     before_action :confirm_current_password, only: [:create]
 
+    helper_method :step_indicator_step
+
     rescue_from UspsInPersonProofing::Exception::RequestEnrollException,
                 with: :handle_request_enroll_exception
 
@@ -30,7 +32,6 @@ def confirm_current_password
     end
 
     def new
-      @applicant = idv_session.applicant
 @applicant = { 
   first_name: 'Some', 
   last_name: 'One', 
   ssn: '666-66-1234', 
   dob: dob, 
   address1: '123 Main St', 
   city: 'Somewhere', 
   state: 'MO', 
   zipcode: '12345', 
   phone: '+1 (213) 555-0000', 
 } 
 @applicant = { 
   first_name: 'Some', 
   last_name: 'One', 
   ssn: '666-66-1234', 
   dob: dob, 
   address1: '123 Main St', 
   city: 'Somewhere', 
   state: 'MO', 
   zipcode: '12345', 
   phone: '+1 (213) 555-0000', 
 } 
       Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer).
         call(:encrypt, :view, true)
       analytics.idv_review_info_visited(address_verification_method: address_verification_method)
@@ -41,6 +42,8 @@ def new
         flash_now[:error] = t('idv.errors.mail_limit_reached')
       elsif idv_session.phone_confirmed?
         flash_now[:success] = t('idv.messages.review.phone_verified')
+      elsif address_verification_method == 'gpo'
+        flash_now[:info] = t('idv.messages.review.gpo_pending')
       end
     end
 
@@ -74,10 +77,15 @@ def create
       session[:last_gpo_confirmation_code] = idv_session.gpo_otp
     end
 
+    def step_indicator_step
+      return :secure_account unless address_verification_method == 'gpo'
+      :get_a_letter
+    end
+
     private
 
     def address_verification_method
-      user_session.dig('idv', 'address_verification_mechanism')
+      user_session.with_indifferent_access.dig('idv', 'address_verification_mechanism')
     end
 
     def init_profile

diff --git a/app/views/idv/review/new.html.erb b/app/views/idv/review/new.html.erb
@@ -3,7 +3,7 @@
 <% content_for(:pre_flash_content) do %>
   <%= render StepIndicatorComponent.new(
         steps: step_indicator_steps,
-        current_step: :secure_account,
+        current_step: step_indicator_step,
         locale_scope: 'idv',
         class: 'margin-x-neg-2 margin-top-neg-4 tablet:margin-x-neg-6 tablet:margin-top-neg-4',
       ) %>
@@ -12,14 +12,9 @@
 <%= render PageHeadingComponent.new.with_content(t('idv.titles.session.review', app_name: APP_NAME)) %>
 
 <p>
-  <%= t('idv.messages.sessions.review_message', app_name: APP_NAME) %>
+  <%= t('idv.messages.review.message', app_name: APP_NAME) %>
 </p>
 
-<%= new_tab_link_to(
-      t('idv.messages.sessions.read_more_encrypt', app_name: APP_NAME),
-      MarketingSite.security_url,
-    ) %>
-
 <%= simple_form_for(
       current_user,
       url: idv_review_path,
@@ -35,14 +30,9 @@
           },
         },
       ) %>
-  <div class="text-right margin-top-neg-4 margin-bottom-4">
+  <div class="text-right margin-top-neg-4">
     <%= link_to(t('idv.forgot_password.link_text'), idv_forgot_password_url, class: 'margin-left-1') %>
   </div>
-  <%= render AccordionComponent.new do |c| %>
-    <% c.with_header { t('idv.messages.review.intro') } %>
-    <%= render 'shared/pii_review', pii: @applicant,
-                                    phone: PhoneFormatter.format(@applicant[:phone]) %>
-  <% end %>
 
   <%= f.submit t('forms.buttons.continue'), class: 'margin-top-5' %>
 <% end %>

diff --git a/config/locales/idv/en.yml b/config/locales/idv/en.yml
@@ -215,7 +215,11 @@ en:
           - Your primary number (the one you use the most often)
       return_to_profile: '‹ Return to your %{app_name} profile'
       review:
+        gpo_pending: We’ll send your letter once you re-enter your password.
         intro: Your verified information
+        message: '%{app_name} will encrypt your information with your password. This
+          means that your information is secure and only you will be able to
+          access or change it.'
         phone_verified: We verified your phone number
       select_verification_with_sp: To protect you from identity fraud, we will contact
         you to confirm that this %{sp_name} account is legitimate.
@@ -224,7 +228,6 @@ en:
       sessions:
         no_pii: TEST SITE - Do not use real personal information (demo purposes only) -
           TEST SITE
-        read_more_encrypt: Read more about how %{app_name} protects your personal information
         review_message: When you re-enter your password, %{app_name} will protect the
           information you’ve given us, so that only you can access it.
       verifying: Verifying…
@@ -242,7 +245,7 @@ en:
       otp_delivery_method: How should we send a code?
       review: Review and submit
       session:
-        review: Re-enter your %{app_name} password to protect your data
+        review: Re-enter your %{app_name} password
       unavailable: 'We are working to resolve an error'
     troubleshooting:
       headings:

diff --git a/config/locales/idv/es.yml b/config/locales/idv/es.yml
@@ -229,7 +229,11 @@ es:
           - Su número principal (el que utiliza con más frecuencia)
       return_to_profile: '‹ Volver a tu perfil de %{app_name}'
       review:
+        gpo_pending: Enviaremos tu carta una vez que hayas ingresado tu contraseña.
         intro: Su información verificada
+        message: '%{app_name} encriptará tu información con tu contraseña. Esto
+          significa que tu información estará segura y solo tú podrás
+          consultarla o modificarla.'
         phone_verified: Verificamos su número de teléfono
       select_verification_with_sp: Para protegerlo de robo de identidad, no puede
         utilizar su cuenta en %{sp_name} hasta que la active ingresando un
@@ -239,7 +243,6 @@ es:
       sessions:
         no_pii: SITIO DE PRUEBA - No utilice información personal real (sólo para
           propósitos de demostración) - SITIO DE PRUEBA
-        read_more_encrypt: Lea más sobre cómo %{app_name} protege su información personal
         review_message: Cuando vuelva a ingresar su contraseña, %{app_name} cifrará sus
           datos para asegurarse de que nadie más pueda acceder a ellos.
       verifying: Verificando…
@@ -257,7 +260,7 @@ es:
       otp_delivery_method: '¿Cómo debemos enviar un código?'
       review: Revise y envíe
       session:
-        review: Vuelve a ingresar tu contraseña de %{app_name} para encriptar tus datos
+        review: 'Vuelve a ingresar tu contraseña de %{app_name}'
       unavailable: Estamos trabajando para resolver un error
     troubleshooting:
       headings:

diff --git a/config/locales/idv/fr.yml b/config/locales/idv/fr.yml
@@ -243,7 +243,12 @@ fr:
           - Votre numéro principal (celui que vous utilisez le plus souvent)
       return_to_profile: '‹ Revenir à votre profil %{app_name}'
       review:
+        gpo_pending: Nous vous enverrons votre lettre une fois que vous aurez
+          réintroduit votre mot de passe.
         intro: Vos informations vérifiées
+        message: '%{app_name} crypte vos informations avec votre mot de passe. Cela
+          signifie que vos informations sont sécurisées et que vous seul pourrez
+          y accéder ou les modifier.'
         phone_verified: Nous avons vérifié votre numéro de téléphone
       select_verification_with_sp: Afin de vous protéger des fraudes d’identité, vous
         ne pouvez pas utiliser votre compte au %{sp_name} tant que vous ne
@@ -254,8 +259,6 @@ fr:
       sessions:
         no_pii: SITE DE TEST - N’utilisez pas de véritables données personnelles (il
           s’agit d’une démonstration seulement) - SITE DE TEST
-        read_more_encrypt: En savoir plus sur la façon dont %{app_name} protège vos
-          informations personnelles
         review_message: Lorsque vous entrez à nouveau votre mot de passe, %{app_name}
           crypte vos données pour vous assurer que personne ne peut y accéder.
       verifying: Vérification…
@@ -273,7 +276,7 @@ fr:
       otp_delivery_method: Comment envoyer un code?
       review: Réviser et soumettre
       session:
-        review: Entrez à nouveau votre mot de passe %{app_name} pour crypter vos données
+        review: 'Saisissez à nouveau votre mot de passe %{app_name}'
       unavailable: Nous travaillons à la résolution d’une erreur
     troubleshooting:
       headings:

diff --git a/spec/controllers/idv/review_controller_spec.rb b/spec/controllers/idv/review_controller_spec.rb
@@ -159,14 +159,31 @@ def show
         )
       end
 
+      it 'uses the correct step indicator step' do
+        indicator_step = subject.step_indicator_step
+
+        expect(indicator_step).to eq(:secure_account)
+      end
+
       context 'user is in gpo flow' do
-        it 'does not display success message' do
+        before do
           idv_session.vendor_phone_confirmation = false
           idv_session.address_verification_mechanism = 'gpo'
+        end
 
+        it 'displays info message about sending letter' do
           get :new
 
           expect(flash.now[:success]).to be_nil
+          expect(flash.now[:info]).to eq(
+            t('idv.messages.review.gpo_pending'),
+          )
+        end
+
+        it 'uses the correct step indicator step' do
+          indicator_step = subject.step_indicator_step
+
+          expect(indicator_step).to eq(:get_a_letter)
         end
       end
 

diff --git a/spec/features/idv/in_person_spec.rb b/spec/features/idv/in_person_spec.rb
@@ -388,7 +388,7 @@
         t('step_indicator.flows.idv.verify_phone_or_address'),
       )
       click_on t('idv.buttons.mail.send')
-      expect_in_person_gpo_step_indicator_current_step(t('step_indicator.flows.idv.secure_account'))
+      expect_in_person_gpo_step_indicator_current_step(t('step_indicator.flows.idv.get_a_letter'))
       complete_review_step
 
       expect_in_person_gpo_step_indicator_current_step(t('step_indicator.flows.idv.get_a_letter'))

diff --git a/spec/features/idv/steps/review_step_spec.rb b/spec/features/idv/steps/review_step_spec.rb
@@ -13,15 +13,7 @@
     start_idv_from_sp
     complete_idv_steps_before_review_step
 
-    click_on t('idv.messages.review.intro')
-
-    expect(page).to have_content('FAKEY')
-    expect(page).to have_content('MCFAKERSON')
-    expect(page).to have_content('1 FAKE RD')
-    expect(page).to have_content('GREAT FALLS, MT 59010')
-    expect(page).to have_content('October 06, 1938')
-    expect(page).to have_content(DocAuthHelper::GOOD_SSN)
-    expect(page).to have_content('+1 202-555-1212')
+    expect(page).to have_content(t('idv.messages.review.message', app_name: APP_NAME))
 
     fill_in 'Password', with: 'this is not the right password'
     click_idv_continue

diff --git a/spec/views/idv/review/new.html.erb_spec.rb b/spec/views/idv/review/new.html.erb_spec.rb
@@ -11,58 +11,20 @@
       allow(view).to receive(:current_user).and_return(user)
       allow(view).to receive(:step_indicator_steps).
         and_return(Idv::Flows::DocAuthFlow::STEP_INDICATOR_STEPS)
-      @applicant = {
-        first_name: 'Some',
-        last_name: 'One',
-        ssn: '666-66-1234',
-        dob: dob,
-        address1: '123 Main St',
-        city: 'Somewhere',
-        state: 'MO',
-        zipcode: '12345',
-        phone: '+1 (213) 555-0000',
-      }
+      allow(view).to receive(:step_indicator_step).and_return(:secure_account)
 
       render
     end
 
-    it 'renders all steps' do
-      expect(rendered).to have_content('Some One')
-      expect(rendered).to have_content('123 Main St')
-      expect(rendered).to have_content('Somewhere')
-      expect(rendered).to have_content('MO')
-      expect(rendered).to have_content('12345')
-      expect(rendered).to have_content('666-66-1234')
-      expect(rendered).to have_content('+1 213-555-0000')
-      expect(rendered).to have_content('March 29, 1972')
-    end
-
     it 'renders the correct content heading' do
       expect(rendered).to have_content t('idv.titles.session.review', app_name: APP_NAME)
     end
 
-    it 'contains an accordion with verified user information' do
-      accordion_selector = generate_class_selector('usa-accordion')
-      expect(rendered).to have_xpath("//#{accordion_selector}")
-    end
-
-    it 'renders the correct header for the accordion' do
-      expect(rendered).to have_content(t('idv.messages.review.intro'))
-    end
-
     it 'shows the step indicator' do
       expect(view.content_for(:pre_flash_content)).to have_css(
         '.step-indicator__step--current',
         text: t('step_indicator.flows.idv.secure_account'),
       )
     end
-
-    context 'with an american-style dob' do
-      let(:dob) { '12/31/1970' }
-
-      it 'renders correctly' do
-        expect(rendered).to have_selector('.h4.text-bold', text: 'December 31, 1970')
-      end
-    end
   end
 end