LG-10828 rate limit doc auth when credentials validation fails

app/forms/idv/api_image_upload_form.rb

@@ -32,7 +32,6 @@ def submit
 
         if client_response.success?
           doc_pii_response = validate_pii_from_doc(client_response)
-          rate_limiter.reset!
         end
       end
 
@@ -114,7 +113,10 @@ def validate_pii_from_doc(client_response)
 
       analytics.idv_doc_auth_submitted_pii_validation(**response.to_h)
 
-      store_pii(client_response) if client_response.success? && response.success?
+      if client_response.success? && response.success?
+        store_pii(client_response)
+        rate_limiter.reset!
+      end
 
       response
     end

spec/features/idv/doc_auth/test_credentials_spec.rb

@@ -6,6 +6,7 @@
 
   before do
     sign_in_and_2fa_user
+    complete_doc_auth_steps_before_document_capture_step
   end
 
   around do |example|
@@ -17,7 +18,6 @@
   end
 
   it 'allows proofing with test credentials' do
-    complete_doc_auth_steps_before_document_capture_step
     complete_document_capture_step_with_yml('spec/fixtures/ial2_test_credential.yml')
 
     expect(page).to have_current_path(idv_ssn_path)
@@ -28,24 +28,53 @@
     expect(page).to have_content('Jane')
   end
 
-  it 'triggers an error if the test credentials have a friendly error', allow_browser_log: true do
-    complete_doc_auth_steps_before_document_capture_step
+  context 'displays credential errors' do
+    it 'triggers an error if the test credentials have a friendly error', allow_browser_log: true do
+      triggers_error_test_credentials_missing(
+        'spec/fixtures/ial2_test_credential_forces_error.yml',
+        I18n.t('doc_auth.errors.alerts.barcode_content_check').tr(
+          ' ', ' '
+        ),
+      )
+    end
 
-    attach_file(
-      'Front of your ID',
-      File.expand_path('spec/fixtures/ial2_test_credential_forces_error.yml'),
-    )
-    attach_file(
-      'Back of your ID',
-      File.expand_path('spec/fixtures/ial2_test_credential_forces_error.yml'),
-    )
-    click_on I18n.t('forms.buttons.submit.default')
+    it 'triggers an error if the test credentials missing required address',
+       allow_browser_log: true do
+      triggers_error_test_credentials_missing(
+        'spec/fixtures/ial2_test_credential_no_address.yml',
+        I18n.t('doc_auth.errors.alerts.address_check').tr(
+          ' ', ' '
+        ),
+      )
+    end
 
-    expect(page).to have_content(
-      I18n.t(
-        'doc_auth.errors.alerts.barcode_content_check',
-      ).tr(' ', ' '),
+    def triggers_error_test_credentials_missing(credential_file, alert_message)
+      complete_document_capture_step_with_yml(
+        credential_file,
+        expected_path: idv_document_capture_url,
+      )
+
+      expect(page).to have_content(alert_message)
+      expect(page).to have_current_path(idv_document_capture_url)
+    end
+  end
+
+  it 'rate limits the user if invalid credentials submitted for max allowed attempts',
+     allow_browser_log: true do
+    max_attempts = IdentityConfig.store.doc_auth_max_attempts
+    (max_attempts - 1).times do
+      complete_document_capture_step_with_yml(
+        'spec/fixtures/ial2_test_credential_no_address.yml',
+        expected_path: idv_document_capture_url,
+      )
+      click_on t('idv.failure.button.warning')
+    end
+
+    complete_document_capture_step_with_yml(
+      'spec/fixtures/ial2_test_credential_no_address.yml',
+      expected_path: idv_document_capture_url,
     )
-    expect(page).to have_current_path(idv_document_capture_url)
+
+    expect(page).to have_current_path(idv_session_errors_rate_limited_path)
   end
 end

spec/fixtures/ial2_test_credential_no_address.yml

@@ -0,0 +1,10 @@
+document:
+  first_name: Jane
+  last_name: Doe
+  middle_name: Q
+  city: Bayside
+  state: NY
+  zipcode: '11364'
+  dob: 10/06/1938
+  phone: +1 314-555-1212
+  state_id_jurisdiction: 'ND'

spec/support/features/doc_auth_helper.rb

@@ -96,11 +96,11 @@ def complete_document_capture_step
   end
 
   # yml_file example: 'spec/fixtures/puerto_rico_resident.yml'
-  def complete_document_capture_step_with_yml(proofing_yml)
+  def complete_document_capture_step_with_yml(proofing_yml, expected_path: idv_ssn_url)
     attach_file I18n.t('doc_auth.headings.document_capture_front'), File.expand_path(proofing_yml)
     attach_file I18n.t('doc_auth.headings.document_capture_back'), File.expand_path(proofing_yml)
     click_on I18n.t('forms.buttons.submit.default')
-    expect(page).to have_current_path(idv_ssn_url, wait: 10)
+    expect(page).to have_current_path(expected_path, wait: 10)
   end
 
   def complete_doc_auth_steps_before_phone_otp_step(expect_accessible: false)