From eb2319f8a86632edca2fcded497d976b27b6be26 Mon Sep 17 00:00:00 2001
From: Sonia Connolly <sonia.connolly@gsa.gov>
Date: Fri, 23 Jun 2023 16:02:25 -0700
Subject: [PATCH 1/4] Initialize flow_session when it is first used

[skip changelog]
---
 app/controllers/concerns/idv_step_concern.rb | 2 +-
 app/controllers/idv/address_controller.rb    | 4 ++--
 app/controllers/idv_controller.rb            | 1 -
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/app/controllers/concerns/idv_step_concern.rb b/app/controllers/concerns/idv_step_concern.rb
index 399dc401209..b26218bdde4 100644
--- a/app/controllers/concerns/idv_step_concern.rb
+++ b/app/controllers/concerns/idv_step_concern.rb
@@ -26,7 +26,7 @@ def confirm_no_pending_in_person_enrollment
   end
 
   def flow_session
-    user_session['idv/doc_auth'] || {}
+    user_session['idv/doc_auth'] ||= {}
   end
 
   def pii_from_doc
diff --git a/app/controllers/idv/address_controller.rb b/app/controllers/idv/address_controller.rb
index 2fb02a17d75..dbfe257da8c 100644
--- a/app/controllers/idv/address_controller.rb
+++ b/app/controllers/idv/address_controller.rb
@@ -29,7 +29,7 @@ def idv_form
 
     def success
       profile_params.each do |key, value|
-        user_session['idv/doc_auth']['pii_from_doc'][key] = value
+        flow_session['pii_from_doc'][key] = value
       end
       redirect_to idv_verify_info_url
     end
@@ -44,7 +44,7 @@ def profile_params
 
     def capture_address_edited(result)
       address_edited = result.to_h[:address_edited]
-      user_session['idv/doc_auth']['address_edited'] = address_edited if address_edited
+      flow_session['address_edited'] = address_edited if address_edited
     end
   end
 end
diff --git a/app/controllers/idv_controller.rb b/app/controllers/idv_controller.rb
index 6372f4a2838..9878475d035 100644
--- a/app/controllers/idv_controller.rb
+++ b/app/controllers/idv_controller.rb
@@ -30,7 +30,6 @@ def activated
   def verify_identity
     analytics.idv_intro_visit
     if IdentityConfig.store.doc_auth_welcome_controller_enabled
-      user_session['idv/doc_auth'] ||= {}
       redirect_to idv_welcome_url
     else
       redirect_to idv_doc_auth_url

From 96c1c5fdc5b60443e16789356ce06031d2bc01d8 Mon Sep 17 00:00:00 2001
From: Sonia Connolly <sonia.connolly@gsa.gov>
Date: Mon, 26 Jun 2023 09:19:19 -0700
Subject: [PATCH 2/4] Use flow_session method so it will be initialized

---
 app/controllers/concerns/idv/outage_concern.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/concerns/idv/outage_concern.rb b/app/controllers/concerns/idv/outage_concern.rb
index 73893f96ddb..17130084550 100644
--- a/app/controllers/concerns/idv/outage_concern.rb
+++ b/app/controllers/concerns/idv/outage_concern.rb
@@ -3,7 +3,7 @@ module OutageConcern
     extend ActiveSupport::Concern
 
     def check_for_outage
-      return if user_session.fetch('idv/doc_auth', {})[:skip_vendor_outage]
+      return if flow_session[:skip_vendor_outage]
 
       return redirect_for_gpo_only if FeatureManagement.idv_gpo_only?
     end
@@ -14,7 +14,7 @@ def redirect_for_gpo_only
       # During a phone outage, skip the hybrid handoff
       # step and go straight to document upload
       unless FeatureManagement.idv_allow_hybrid_flow?
-        user_session.fetch('idv/doc_auth', {})[:skip_upload_step] = true
+        flow_session[:skip_upload_step] = true
       end
 
       redirect_to idv_mail_only_warning_url

From b3c87c9f6cbc54dc534eb8e1fdbdc9bc5b8af451 Mon Sep 17 00:00:00 2001
From: Sonia Connolly <sonia.connolly@gsa.gov>
Date: Mon, 26 Jun 2023 10:40:41 -0700
Subject: [PATCH 3/4] Use flow_session method everywhere, move it to
 IdvSessionConcern

---
 app/controllers/concerns/idv/outage_concern.rb           | 4 +---
 app/controllers/concerns/idv_session.rb                  | 4 ++++
 app/controllers/concerns/idv_step_concern.rb             | 4 ----
 app/controllers/idv/gpo_only_warning_controller.rb       | 2 +-
 spec/controllers/idv/gpo_only_warning_controller_spec.rb | 3 ++-
 5 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/app/controllers/concerns/idv/outage_concern.rb b/app/controllers/concerns/idv/outage_concern.rb
index 17130084550..5798d47a116 100644
--- a/app/controllers/concerns/idv/outage_concern.rb
+++ b/app/controllers/concerns/idv/outage_concern.rb
@@ -13,9 +13,7 @@ def redirect_for_gpo_only
 
       # During a phone outage, skip the hybrid handoff
       # step and go straight to document upload
-      unless FeatureManagement.idv_allow_hybrid_flow?
-        flow_session[:skip_upload_step] = true
-      end
+      flow_session[:skip_upload_step] = true unless FeatureManagement.idv_allow_hybrid_flow?
 
       redirect_to idv_mail_only_warning_url
     end
diff --git a/app/controllers/concerns/idv_session.rb b/app/controllers/concerns/idv_session.rb
index 75f1d59df5c..d8546a9e171 100644
--- a/app/controllers/concerns/idv_session.rb
+++ b/app/controllers/concerns/idv_session.rb
@@ -33,6 +33,10 @@ def idv_session
     )
   end
 
+  def flow_session
+    user_session['idv/doc_auth'] ||= {}
+  end
+
   def redirect_unless_idv_session_user
     redirect_to root_url if !idv_session_user
   end
diff --git a/app/controllers/concerns/idv_step_concern.rb b/app/controllers/concerns/idv_step_concern.rb
index b26218bdde4..50d044a60fd 100644
--- a/app/controllers/concerns/idv_step_concern.rb
+++ b/app/controllers/concerns/idv_step_concern.rb
@@ -25,10 +25,6 @@ def confirm_no_pending_in_person_enrollment
     redirect_to idv_in_person_ready_to_verify_url if current_user&.pending_in_person_enrollment
   end
 
-  def flow_session
-    user_session['idv/doc_auth'] ||= {}
-  end
-
   def pii_from_doc
     flow_session['pii_from_doc']
   end
diff --git a/app/controllers/idv/gpo_only_warning_controller.rb b/app/controllers/idv/gpo_only_warning_controller.rb
index 8f3475aa489..768dab4cc4d 100644
--- a/app/controllers/idv/gpo_only_warning_controller.rb
+++ b/app/controllers/idv/gpo_only_warning_controller.rb
@@ -8,7 +8,7 @@ class GpoOnlyWarningController < ApplicationController
     def show
       analytics.idv_mail_only_warning_visited(analytics_id: 'Doc Auth')
 
-      user_session.fetch('idv/doc_auth', {})[:skip_vendor_outage] = true
+      flow_session[:skip_vendor_outage] = true
       render :show, locals: { current_sp:, exit_url: }
     end
 
diff --git a/spec/controllers/idv/gpo_only_warning_controller_spec.rb b/spec/controllers/idv/gpo_only_warning_controller_spec.rb
index 4528f871000..cb0c9f095f9 100644
--- a/spec/controllers/idv/gpo_only_warning_controller_spec.rb
+++ b/spec/controllers/idv/gpo_only_warning_controller_spec.rb
@@ -39,12 +39,13 @@
     end
 
     context 'flow_session is nil' do
-      it 'renders the show template' do
+      it 'renders the show template and initializes flow session' do
         subject.user_session.delete('idv/doc_auth')
 
         get :show
 
         expect(response).to render_template :show
+        expect(subject.user_session['idv/doc_auth'][:skip_vendor_outage]).to eq(true)
       end
     end
   end

From 49ad4f34ae66568882ca66056de3970adb0ab601 Mon Sep 17 00:00:00 2001
From: Sonia Connolly <sonia.connolly@gsa.gov>
Date: Mon, 26 Jun 2023 11:06:39 -0700
Subject: [PATCH 4/4] changelog

changelog Internal, Identity Verification, initialize flow_session when it is first used