diff --git a/app/controllers/concerns/idv_step_concern.rb b/app/controllers/concerns/idv_step_concern.rb index d9fa8721075..09154a7d5b5 100644 --- a/app/controllers/concerns/idv_step_concern.rb +++ b/app/controllers/concerns/idv_step_concern.rb @@ -77,4 +77,16 @@ def confirm_address_step_complete redirect_to idv_otp_verification_url end + + def extra_analytics_properties + extra = { + pii_like_keypaths: [[:same_address_as_id], [:state_id, :state_id_jurisdiction]], + } + + unless flow_session.dig(:pii_from_user, :same_address_as_id).nil? + extra[:same_address_as_id] = + flow_session[:pii_from_user][:same_address_as_id].to_s == 'true' + end + extra + end end diff --git a/app/controllers/idv/in_person/ssn_controller.rb b/app/controllers/idv/in_person/ssn_controller.rb index e59145adf4b..1f2a6a5aecb 100644 --- a/app/controllers/idv/in_person/ssn_controller.rb +++ b/app/controllers/idv/in_person/ssn_controller.rb @@ -41,7 +41,7 @@ def update ) if form_response.success? - flow_session['pii_from_user'][:ssn] = params[:doc_auth][:ssn] + flow_session[:pii_from_user][:ssn] = params[:doc_auth][:ssn] idv_session.invalidate_steps_after_ssn! redirect_to idv_in_person_verify_info_url else @@ -79,7 +79,8 @@ def analytics_arguments step: 'ssn', analytics_id: 'In Person Proofing', irs_reproofing: irs_reproofing?, - }.merge(ab_test_analytics_buckets) + }.merge(ab_test_analytics_buckets). + merge(**extra_analytics_properties) end def updating_ssn? diff --git a/app/controllers/idv/in_person/verify_info_controller.rb b/app/controllers/idv/in_person/verify_info_controller.rb index 54c9d7a3910..250dee4772a 100644 --- a/app/controllers/idv/in_person/verify_info_controller.rb +++ b/app/controllers/idv/in_person/verify_info_controller.rb @@ -76,17 +76,6 @@ def analytics_arguments }.merge(ab_test_analytics_buckets). merge(**extra_analytics_properties) end - - def extra_analytics_properties - extra = { - pii_like_keypaths: [[:same_address_as_id], [:state_id, :state_id_jurisdiction]], - } - unless flow_session.dig(:pii_from_user, :same_address_as_id).nil? - extra[:same_address_as_id] = - flow_session[:pii_from_user][:same_address_as_id].to_s == 'true' - end - extra - end end end end diff --git a/app/forms/idv/ssn_format_form.rb b/app/forms/idv/ssn_format_form.rb index ae0c6a06b8e..2e3e8617d1a 100644 --- a/app/forms/idv/ssn_format_form.rb +++ b/app/forms/idv/ssn_format_form.rb @@ -23,7 +23,8 @@ def submit(params) FormResponse.new( success: valid?, errors: errors, - extra: { pii_like_keypaths: [[:errors, :ssn], [:error_details, :ssn]] }, + extra: { pii_like_keypaths: [[:same_address_as_id], [:errors, :ssn], + [:error_details, :ssn]] }, ) end diff --git a/spec/controllers/idv/in_person/ssn_controller_spec.rb b/spec/controllers/idv/in_person/ssn_controller_spec.rb index c393733e1ca..ecbf9bbb294 100644 --- a/spec/controllers/idv/in_person/ssn_controller_spec.rb +++ b/spec/controllers/idv/in_person/ssn_controller_spec.rb @@ -3,9 +3,11 @@ RSpec.describe Idv::InPerson::SsnController do include IdvHelper + let(:pii_from_user) { Idp::Constants::MOCK_IDV_APPLICANT_SAME_ADDRESS_AS_ID_WITH_NO_SSN.dup } + let(:flow_session) do { 'document_capture_session_uuid' => 'fd14e181-6fb1-4cdc-92e0-ef66dad0df4e', - 'pii_from_user' => Idp::Constants::MOCK_IDV_APPLICANT_SAME_ADDRESS_AS_ID_WITH_NO_SSN.dup, + :pii_from_user => pii_from_user, :threatmetrix_session_id => 'c90ae7a5-6629-4e77-b97c-f1987c2df7d0', :flow_path => 'standard' } end @@ -19,11 +21,10 @@ end before do + allow(subject).to receive(:pii_from_user).and_return(pii_from_user) + allow(subject).to receive(:flow_session).and_return(flow_session) stub_sign_in(user) subject.user_session['idv/in_person'] = flow_session - stub_analytics - stub_attempts_tracker - allow(@analytics).to receive(:track_event) allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args) end @@ -74,11 +75,11 @@ context('#confirm_in_person_address_step_complete') do it 'redirects if the user hasn\'t completed the address page' do # delete address attributes on session - flow_session['pii_from_user'].delete(:address1) - flow_session['pii_from_user'].delete(:address2) - flow_session['pii_from_user'].delete(:city) - flow_session['pii_from_user'].delete(:state) - flow_session['pii_from_user'].delete(:zipcode) + flow_session[:pii_from_user].delete(:address1) + flow_session[:pii_from_user].delete(:address2) + flow_session[:pii_from_user].delete(:city) + flow_session[:pii_from_user].delete(:state) + flow_session[:pii_from_user].delete(:zipcode) get :show expect(response).to redirect_to idv_in_person_step_url(step: :address) @@ -87,64 +88,72 @@ end end + before do + stub_analytics + stub_attempts_tracker + allow(@analytics).to receive(:track_event) + allow(IdentityConfig.store).to receive(:in_person_ssn_info_controller_enabled).and_return(true) + end + describe '#show' do - context 'when in_person_ssn_info_controller_enabled is true' do - before do - allow(IdentityConfig.store).to receive(:in_person_ssn_info_controller_enabled). - and_return(true) - end - let(:analytics_name) { 'IdV: doc auth ssn visited' } - let(:analytics_args) do - { - analytics_id: 'In Person Proofing', - flow_path: 'standard', - irs_reproofing: false, - step: 'ssn', - }.merge(ab_test_args) - end + let(:analytics_name) { 'IdV: doc auth ssn visited' } + let(:analytics_args) do + { + analytics_id: 'In Person Proofing', + flow_path: 'standard', + irs_reproofing: false, + step: 'ssn', + same_address_as_id: true, + pii_like_keypaths: [[:same_address_as_id], [:state_id, :state_id_jurisdiction]], + }.merge(ab_test_args) + end - it 'renders the show template' do - get :show + it 'renders the show template' do + get :show - expect(response).to render_template :show - end + expect(response).to render_template :show + end - it 'sends analytics_visited event' do - get :show + it 'sends analytics_visited event' do + get :show - expect(@analytics).to have_received(:track_event).with(analytics_name, analytics_args) - end + expect(@analytics).to have_received(:track_event).with(analytics_name, analytics_args) + end - it 'updates DocAuthLog ssn_view_count' do - doc_auth_log = DocAuthLog.create(user_id: user.id) + it 'updates DocAuthLog ssn_view_count' do + doc_auth_log = DocAuthLog.create(user_id: user.id) - expect { get :show }.to( - change { doc_auth_log.reload.ssn_view_count }.from(0).to(1), - ) - end + expect { get :show }.to( + change { doc_auth_log.reload.ssn_view_count }.from(0).to(1), + ) + end - context 'with an ssn in session' do - let(:referer) { idv_document_capture_url } - before do - flow_session['pii_from_user'][:ssn] = ssn - request.env['HTTP_REFERER'] = referer - end + it 'adds a session id to flow session' do + get :show + expect(flow_session[:threatmetrix_session_id]).to_not eq(nil) + end - context 'referer is not verify_info' do - it 'redirects to verify_info' do - get :show + context 'with an ssn in session' do + let(:referer) { idv_in_person_step_url(step: :address) } + before do + flow_session[:pii_from_user][:ssn] = ssn + request.env['HTTP_REFERER'] = referer + end + + context 'referer is not verify_info' do + it 'redirects to verify_info' do + get :show - expect(response).to redirect_to(idv_in_person_verify_info_url) - end + expect(response).to redirect_to(idv_in_person_verify_info_url) end + end - context 'referer is verify_info' do - let(:referer) { idv_in_person_verify_info_url } - it 'does not redirect' do - get :show + context 'referer is verify_info' do + let(:referer) { idv_in_person_verify_info_url } + it 'does not redirect' do + get :show - expect(response).to render_template :show - end + expect(response).to render_template :show end end end @@ -152,11 +161,6 @@ describe '#update' do context 'when in_person_ssn_info_controller_enabled is true' do - before do - allow(IdentityConfig.store).to receive(:in_person_ssn_info_controller_enabled). - and_return(true) - end - context 'valid ssn' do let(:params) { { doc_auth: { ssn: ssn } } } let(:analytics_name) { 'IdV: doc auth ssn submitted' } @@ -168,7 +172,8 @@ step: 'ssn', success: true, errors: {}, - pii_like_keypaths: [[:errors, :ssn], [:error_details, :ssn]], + same_address_as_id: true, + pii_like_keypaths: [[:same_address_as_id], [:errors, :ssn], [:error_details, :ssn]], }.merge(ab_test_args) end @@ -199,7 +204,7 @@ it 'merges ssn into pii session value' do put :update, params: params - expect(flow_session['pii_from_user'][:ssn]).to eq(ssn) + expect(flow_session[:pii_from_user][:ssn]).to eq(ssn) end it 'invalidates steps after ssn' do @@ -217,6 +222,14 @@ expect(response).to redirect_to idv_in_person_verify_info_url end + + it 'does not change threatmetrix_session_id when updating ssn' do + flow_session[:pii_from_user][:ssn] = ssn + put :update, params: params + session_id = flow_session[:threatmetrix_session_id] + subject.threatmetrix_view_variables + expect(flow_session[:threatmetrix_session_id]).to eq(session_id) + end end context 'invalid ssn' do @@ -233,7 +246,8 @@ ssn: ['Enter a nine-digit Social Security number'], }, error_details: { ssn: [:invalid] }, - pii_like_keypaths: [[:errors, :ssn], [:error_details, :ssn]], + same_address_as_id: true, + pii_like_keypaths: [[:same_address_as_id], [:errors, :ssn], [:error_details, :ssn]], }.merge(ab_test_args) end diff --git a/spec/controllers/idv/ssn_controller_spec.rb b/spec/controllers/idv/ssn_controller_spec.rb index 3ee13eee5af..5fb49b9fbed 100644 --- a/spec/controllers/idv/ssn_controller_spec.rb +++ b/spec/controllers/idv/ssn_controller_spec.rb @@ -246,7 +246,7 @@ ssn: [t('idv.errors.pattern_mismatch.ssn')], }, error_details: { ssn: [:invalid] }, - pii_like_keypaths: [[:errors, :ssn], [:error_details, :ssn]], + pii_like_keypaths: [[:same_address_as_id], [:errors, :ssn], [:error_details, :ssn]], }.merge(ab_test_args) end