diff --git a/app/controllers/idv/phone_controller.rb b/app/controllers/idv/phone_controller.rb index f28608ae523..66daee77c37 100644 --- a/app/controllers/idv/phone_controller.rb +++ b/app/controllers/idv/phone_controller.rb @@ -66,7 +66,9 @@ def self.step_info controller: self, action: :new, next_steps: [:otp_verification], - preconditions: ->(idv_session:, user:) { idv_session.verify_info_step_complete? }, + preconditions: ->(idv_session:, user:) do + idv_session.verify_info_step_complete? && !idv_session.verify_by_mail? + end, undo_step: ->(idv_session:, user:) do idv_session.vendor_phone_confirmation = nil idv_session.address_verification_mechanism = nil diff --git a/app/controllers/idv/verify_info_controller.rb b/app/controllers/idv/verify_info_controller.rb index 59f43359b77..cb61fafbd07 100644 --- a/app/controllers/idv/verify_info_controller.rb +++ b/app/controllers/idv/verify_info_controller.rb @@ -42,7 +42,7 @@ def self.step_info Idv::StepInfo.new( key: :verify_info, controller: self, - next_steps: [:phone], + next_steps: [:phone, :request_letter], preconditions: ->(idv_session:, user:) do idv_session.ssn && idv_session.remote_document_capture_complete? end, diff --git a/app/services/idv/session.rb b/app/services/idv/session.rb index c268162f2bc..8dc6a45fa8b 100644 --- a/app/services/idv/session.rb +++ b/app/services/idv/session.rb @@ -133,7 +133,7 @@ def create_gpo_entry(pii) end def phone_otp_sent? - user_phone_confirmation_session.present? + vendor_phone_confirmation && address_verification_mechanism == 'phone' end def user_phone_confirmation_session @@ -211,7 +211,7 @@ def invalidate_verify_info_step! end def mark_phone_step_started! - session[:address_verification_mechanism] = :phone + session[:address_verification_mechanism] = 'phone' session[:vendor_phone_confirmation] = true session[:user_phone_confirmation] = false end diff --git a/spec/controllers/idv/enter_password_controller_spec.rb b/spec/controllers/idv/enter_password_controller_spec.rb index 0ffd596b141..bbc9eafc80f 100644 --- a/spec/controllers/idv/enter_password_controller_spec.rb +++ b/spec/controllers/idv/enter_password_controller_spec.rb @@ -263,7 +263,7 @@ def show end it 'redirects to phone step if the user has not completed it' do - subject.idv_session.user_phone_confirmation = nil + subject.idv_session.vendor_phone_confirmation = nil get :new diff --git a/spec/controllers/idv/otp_verification_controller_spec.rb b/spec/controllers/idv/otp_verification_controller_spec.rb index f9ea33666d2..0bd703989d6 100644 --- a/spec/controllers/idv/otp_verification_controller_spec.rb +++ b/spec/controllers/idv/otp_verification_controller_spec.rb @@ -4,6 +4,7 @@ let(:user) { create(:user) } let(:phone) { '2255555000' } + let(:vendor_phone_confirmation) { true } let(:user_phone_confirmation) { false } let(:phone_confirmation_otp_code) { '777777' } let(:phone_confirmation_otp_sent_at) { Time.zone.now } @@ -35,7 +36,8 @@ subject.idv_session.ssn = Idp::Constants::MOCK_IDV_APPLICANT_WITH_PHONE[:ssn] subject.idv_session.resolution_successful = true subject.idv_session.applicant[:phone] = phone - subject.idv_session.vendor_phone_confirmation = true + subject.idv_session.address_verification_mechanism = 'phone' + subject.idv_session.vendor_phone_confirmation = vendor_phone_confirmation subject.idv_session.user_phone_confirmation = user_phone_confirmation subject.idv_session.user_phone_confirmation_session = user_phone_confirmation_session end @@ -55,6 +57,7 @@ describe '#show' do context 'the user has not been sent an otp' do let(:user_phone_confirmation_session) { nil } + let(:vendor_phone_confirmation) { nil } it 'redirects to the delivery method path' do get :show @@ -85,6 +88,7 @@ let(:otp_code_param) { { code: phone_confirmation_otp_code } } context 'the user has not been sent an otp' do let(:user_phone_confirmation_session) { nil } + let(:vendor_phone_confirmation) { nil } it 'redirects to otp delivery method selection' do put :update, params: otp_code_param diff --git a/spec/policies/idv/flow_policy_spec.rb b/spec/policies/idv/flow_policy_spec.rb index 600efef59d3..4c51192fc7d 100644 --- a/spec/policies/idv/flow_policy_spec.rb +++ b/spec/policies/idv/flow_policy_spec.rb @@ -1,7 +1,9 @@ require 'rails_helper' +require 'support/flow_policy_helper' RSpec.describe 'Idv::FlowPolicy' do include Rails.application.routes.url_helpers + include FlowPolicyHelper let(:user) { create(:user) } @@ -159,7 +161,8 @@ context 'preconditions for agreement are present' do it 'returns agreement' do - idv_session.welcome_visited = true + stub_up_to(:welcome, idv_session: idv_session) + expect(subject.info_for_latest_step.key).to eq(:agreement) expect(subject.controller_allowed?(controller: Idv::AgreementController)).to be expect(subject.controller_allowed?(controller: Idv::HybridHandoffController)).not_to be @@ -168,8 +171,8 @@ context 'preconditions for hybrid_handoff are present' do it 'returns hybrid_handoff' do - idv_session.welcome_visited = true - idv_session.idv_consent_given = true + stub_up_to(:agreement, idv_session: idv_session) + expect(subject.info_for_latest_step.key).to eq(:hybrid_handoff) expect(subject.controller_allowed?(controller: Idv::HybridHandoffController)).to be expect(subject.controller_allowed?(controller: Idv::DocumentCaptureController)).not_to be @@ -178,9 +181,8 @@ context 'preconditions for document_capture are present' do it 'returns document_capture' do - idv_session.welcome_visited = true - idv_session.idv_consent_given = true - idv_session.flow_path = 'standard' + stub_up_to(:hybrid_handoff, idv_session: idv_session) + expect(subject.info_for_latest_step.key).to eq(:document_capture) expect(subject.controller_allowed?(controller: Idv::DocumentCaptureController)).to be expect(subject.controller_allowed?(controller: Idv::SsnController)).not_to be @@ -189,9 +191,9 @@ context 'preconditions for link_sent are present' do it 'returns link_sent' do - idv_session.welcome_visited = true - idv_session.idv_consent_given = true + stub_up_to(:hybrid_handoff, idv_session: idv_session) idv_session.flow_path = 'hybrid' + expect(subject.info_for_latest_step.key).to eq(:link_sent) expect(subject.controller_allowed?(controller: Idv::LinkSentController)).to be expect(subject.controller_allowed?(controller: Idv::SsnController)).not_to be @@ -200,10 +202,7 @@ context 'preconditions for ssn are present' do before do - idv_session.welcome_visited = true - idv_session.idv_consent_given = true - idv_session.flow_path = 'standard' - idv_session.pii_from_doc = { pii: 'value' } + stub_up_to(:document_capture, idv_session: idv_session) end it 'returns ssn for standard flow' do @@ -222,10 +221,8 @@ context 'preconditions for in_person ssn are present' do before do - idv_session.welcome_visited = true - idv_session.idv_consent_given = true - idv_session.flow_path = 'standard' - idv_session.send(:user_session)['idv/in_person'][:pii_from_user] = { pii: 'value' } + stub_up_to(:hybrid_handoff, idv_session: idv_session) + idv_session.send(:user_session)['idv/in_person'] = { pii_from_user: { pii: 'value' } } end it 'returns ipp_ssn' do @@ -238,12 +235,7 @@ context 'preconditions for verify_info are present' do it 'returns verify_info' do - idv_session.welcome_visited = true - idv_session.idv_consent_given = true - idv_session.flow_path = 'standard' - idv_session.pii_from_doc = { pii: 'value' } - idv_session.ssn = '666666666' - + stub_up_to(:ssn, idv_session: idv_session) expect(subject.info_for_latest_step.key).to eq(:verify_info) expect(subject.controller_allowed?(controller: Idv::VerifyInfoController)).to be expect(subject.controller_allowed?(controller: Idv::PhoneController)).not_to be @@ -252,11 +244,7 @@ context 'preconditions for in_person verify_info are present' do it 'returns ipp_verify_info' do - idv_session.welcome_visited = true - idv_session.idv_consent_given = true - idv_session.flow_path = 'standard' - idv_session.send(:user_session)['idv/in_person'][:pii_from_user] = { pii: 'value' } - idv_session.ssn = '666666666' + stub_up_to(:ipp_ssn, idv_session: idv_session) expect(subject.info_for_latest_step.key).to eq(:ipp_verify_info) expect(subject.controller_allowed?(controller: Idv::InPerson::VerifyInfoController)).to be @@ -266,13 +254,7 @@ context 'preconditions for phone are present' do it 'returns phone' do - idv_session.welcome_visited = true - idv_session.idv_consent_given = true - idv_session.flow_path = 'standard' - idv_session.pii_from_doc = { pii: 'value' } - idv_session.applicant = { pii: 'value' } - idv_session.ssn = '666666666' - idv_session.resolution_successful = true + stub_up_to(:verify_info, idv_session: idv_session) expect(subject.info_for_latest_step.key).to eq(:phone) expect(subject.controller_allowed?(controller: Idv::PhoneController)).to be @@ -284,13 +266,8 @@ let(:user_phone_confirmation_session) { { code: 'abcde' } } it 'returns otp_verification' do - idv_session.welcome_visited = true - idv_session.idv_consent_given = true - idv_session.flow_path = 'standard' - idv_session.pii_from_doc = { pii: 'value' } - idv_session.applicant = { pii: 'value' } - idv_session.ssn = '666666666' - idv_session.resolution_successful = true + stub_up_to(:phone, idv_session: idv_session) + idv_session.user_phone_confirmation_session = user_phone_confirmation_session expect(subject.info_for_latest_step.key).to eq(:otp_verification) @@ -300,14 +277,8 @@ end context 'preconditions for request_letter are present' do - it 'returns enter_password with gpo verification pending' do - idv_session.welcome_visited = true - idv_session.idv_consent_given = true - idv_session.flow_path = 'standard' - idv_session.pii_from_doc = { pii: 'value' } - idv_session.applicant = { pii: 'value' } - idv_session.ssn = '666666666' - idv_session.resolution_successful = true + it 'allows request_letter' do + stub_up_to(:verify_info, idv_session: idv_session) expect(subject.controller_allowed?(controller: Idv::ByMail::RequestLetterController)).to be expect(subject.controller_allowed?(controller: Idv::EnterPasswordController)).not_to be @@ -319,15 +290,7 @@ context 'user has a gpo address_verification_mechanism' do it 'returns enter_password with gpo verification pending' do - idv_session.welcome_visited = true - idv_session.idv_consent_given = true - idv_session.flow_path = 'standard' - idv_session.pii_from_doc = { pii: 'value' } - idv_session.applicant = { pii: 'value' } - idv_session.ssn = '666666666' - idv_session.resolution_successful = true - idv_session.user_phone_confirmation_session = user_phone_confirmation_session - idv_session.address_verification_mechanism = 'gpo' + stub_up_to(:request_letter, idv_session: idv_session) expect(subject.info_for_latest_step.key).to eq(:enter_password) expect(subject.controller_allowed?(controller: Idv::EnterPasswordController)).to be @@ -337,16 +300,7 @@ context 'user passed phone step' do it 'returns enter_password' do - idv_session.welcome_visited = true - idv_session.idv_consent_given = true - idv_session.flow_path = 'standard' - idv_session.pii_from_doc = { pii: 'value' } - idv_session.applicant = { pii: 'value' } - idv_session.ssn = '666666666' - idv_session.resolution_successful = true - idv_session.user_phone_confirmation_session = user_phone_confirmation_session - idv_session.vendor_phone_confirmation = true - idv_session.user_phone_confirmation = true + stub_up_to(:otp_verification, idv_session: idv_session) expect(subject.info_for_latest_step.key).to eq(:enter_password) expect(subject.controller_allowed?(controller: Idv::EnterPasswordController)).to be diff --git a/spec/support/flow_policy_helper.rb b/spec/support/flow_policy_helper.rb new file mode 100644 index 00000000000..6c413d9b20c --- /dev/null +++ b/spec/support/flow_policy_helper.rb @@ -0,0 +1,82 @@ +module FlowPolicyHelper + def stub_up_to(key, idv_session:) + keys = keys_up_to(key: key) + + keys.each do |key| + stub_step(key: key, idv_session: idv_session) + end + end + + def stub_step(key:, idv_session:) + case key + when :welcome + idv_session.welcome_visited = true + when :agreement + idv_session.idv_consent_given = true + when :hybrid_handoff + idv_session.flow_path = 'standard' + when :link_sent + idv_session.flow_path = 'hybrid' + idv_session.pii_from_doc = Idp::Constants::MOCK_IDV_APPLICANT.dup + when :document_capture + idv_session.pii_from_doc = Idp::Constants::MOCK_IDV_APPLICANT.dup + when :ssn + idv_session.ssn = Idp::Constants::MOCK_IDV_APPLICANT_WITH_SSN[:ssn] + when :ipp_ssn + idv_session.send(:user_session)['idv/in_person'] = { + pii_from_user: Idp::Constants::MOCK_IDV_APPLICANT_SAME_ADDRESS_AS_ID.dup, + } + idv_session.ssn = Idp::Constants::MOCK_IDV_APPLICANT_WITH_SSN[:ssn] + when :verify_info + idv_session.mark_verify_info_step_complete! + idv_session.applicant = Idp::Constants::MOCK_IDV_APPLICANT_WITH_SSN.dup + when :ipp_verify_info + idv_session.mark_verify_info_step_complete! + idv_session.applicant = Idp::Constants::MOCK_IDV_APPLICANT_WITH_SSN.dup + when :phone + idv_session.mark_phone_step_started! + when :otp_verification + idv_session.mark_phone_step_complete! + when :request_letter + idv_session.address_verification_mechanism = 'gpo' + idv_session.vendor_phone_confirmation = false + idv_session.user_phone_confirmation = false + when :enter_password + # FINAL! + end + end + + def keys_up_to(key:) + case key + when :welcome + %i[welcome] + when :agreement + %i[welcome agreement] + when :hybrid_handoff + %i[welcome agreement hybrid_handoff] + when :link_sent + %i[welcome agreement hybrid_handoff link_sent] + when :document_capture + %i[welcome agreement hybrid_handoff document_capture] + when :ssn + %i[welcome agreement hybrid_handoff document_capture ssn] + when :ipp_ssn + %i[welcome agreement hybrid_handoff ipp_ssn] + when :verify_info + %i[welcome agreement hybrid_handoff document_capture ssn verify_info] + when :ipp_verify_info + %i[welcome agreement hybrid_handoff ipp_ssn ipp_verify_info] + when :phone + %i[welcome agreement hybrid_handoff document_capture ssn verify_info phone] + when :otp_verification + %i[welcome agreement hybrid_handoff document_capture ssn verify_info phone otp_verification] + when :request_letter + %i[welcome agreement hybrid_handoff document_capture ssn verify_info request_letter] + when :enter_password + %i[welcome agreement hybrid_handoff document_capture ssn verify_info phone otp_verification + enter_password] + else + [] + end + end +end