LG-10652: A user who is rate limited can password secure account in IDV review step

app/controllers/idv/review_controller.rb

@@ -10,6 +10,7 @@ class ReviewController < ApplicationController
     before_action :confirm_verify_info_step_complete
     before_action :confirm_address_step_complete
     before_action :confirm_current_password, only: [:create]
+    skip_before_action :confirm_not_rate_limited
 
     helper_method :step_indicator_step
 

spec/controllers/idv/review_controller_spec.rb

@@ -694,6 +694,26 @@ def show
           )
         end
 
+        context 'when user is rate limited' do
+          it 'logs USPS address letter enqueued event with phone_step_attempts', :freeze_time do
+            rate_limit_type = :proof_address
+            rate_limiter = RateLimiter.new(user: user, rate_limit_type: rate_limit_type)
+            rate_limiter.increment_to_limited!
+            put :create, params: { user: { password: ControllerHelper::VALID_PASSWORD } }
+
+            expect(@analytics).to have_logged_event(
+              'IdV: USPS address letter enqueued',
+              resend: false,
+              enqueued_at: Time.zone.now,
+              phone_step_attempts: RateLimiter.max_attempts(rate_limit_type),
+              first_letter_requested_at: idv_session.profile.gpo_verification_pending_at,
+              hours_since_first_letter: 0,
+              proofing_components: nil,
+              **ab_test_args,
+            )
+          end
+        end
+
         it 'redirects to come back later page' do
           put :create, params: { user: { password: ControllerHelper::VALID_PASSWORD } }
 

spec/features/idv/steps/review_step_spec.rb

@@ -13,22 +13,17 @@
     end
 
     it 'sends a letter, creates an unverified profile, and sends an email' do
-      fill_in 'Password', with: user_password
-
-      email_count_before_continue = ActionMailer::Base.deliveries.count
-
-      expect { click_continue }.
-        to change { GpoConfirmation.count }.from(0).to(1)
-
-      expect_delivered_email_count(email_count_before_continue + 1)
-      expect(last_email.subject).to eq(t('user_mailer.letter_reminder.subject'))
-
-      expect(user.events.account_verified.size).to be(0)
-      expect(user.profiles.count).to eq 1
+      sends_letter_creates_unverified_profile_sends_email
+    end
 
-      profile = user.profiles.first
+    context 'user is rate-limited' do
+      before do
+        RateLimiter.new(user: user, rate_limit_type: :proof_address).increment_to_limited!
+      end
 
-      expect(profile.active?).to eq false
+      it 'sends a letter, creates an unverified profile, and sends an email' do
+        sends_letter_creates_unverified_profile_sends_email
+      end
     end
 
     it 'sends you to the come_back_later page after review step' do
@@ -68,5 +63,24 @@
         expect(gpo_confirmation_entry[:issuer]).to eq(nil)
       end
     end
+
+    def sends_letter_creates_unverified_profile_sends_email
+      fill_in 'Password', with: user_password
+
+      email_count_before_continue = ActionMailer::Base.deliveries.count
+
+      expect { click_continue }.
+        to change { GpoConfirmation.count }.by(1)
+
+      expect_delivered_email_count(email_count_before_continue + 1)
+      expect(last_email.subject).to eq(t('user_mailer.letter_reminder.subject'))
+
+      expect(user.events.account_verified.size).to be(0)
+      expect(user.profiles.count).to eq 1
+
+      profile = user.profiles.first
+
+      expect(profile.active?).to eq false
+    end
   end
 end