FlowPolicy spec helpers for idv_session setup

app/controllers/idv/phone_controller.rb

@@ -66,7 +66,9 @@ def self.step_info
         controller: self,
         action: :new,
         next_steps: [:otp_verification],
-        preconditions: ->(idv_session:, user:) { idv_session.verify_info_step_complete? },
+        preconditions: ->(idv_session:, user:) do
+          idv_session.verify_info_step_complete? && !idv_session.verify_by_mail?
+        end,
         undo_step: ->(idv_session:, user:) do
           idv_session.vendor_phone_confirmation = nil
           idv_session.address_verification_mechanism = nil

app/controllers/idv/verify_info_controller.rb

@@ -42,7 +42,7 @@ def self.step_info
       Idv::StepInfo.new(
         key: :verify_info,
         controller: self,
-        next_steps: [:phone],
+        next_steps: [:phone, :request_letter],
         preconditions: ->(idv_session:, user:) do
           idv_session.ssn && idv_session.remote_document_capture_complete?
         end,

app/services/idv/session.rb

@@ -133,7 +133,7 @@ def create_gpo_entry(pii)
     end
 
     def phone_otp_sent?
-      user_phone_confirmation_session.present?
+      vendor_phone_confirmation && address_verification_mechanism == 'phone'
     end
 
     def user_phone_confirmation_session
@@ -211,7 +211,7 @@ def invalidate_verify_info_step!
     end
 
     def mark_phone_step_started!
-      session[:address_verification_mechanism] = :phone
+      session[:address_verification_mechanism] = 'phone'
       session[:vendor_phone_confirmation] = true
       session[:user_phone_confirmation] = false
     end

spec/controllers/idv/enter_password_controller_spec.rb

@@ -263,7 +263,7 @@ def show
     end
 
     it 'redirects to phone step if the user has not completed it' do
-      subject.idv_session.user_phone_confirmation = nil
+      subject.idv_session.vendor_phone_confirmation = nil
 
       get :new
 

spec/controllers/idv/otp_verification_controller_spec.rb

@@ -4,6 +4,7 @@
   let(:user) { create(:user) }
 
   let(:phone) { '2255555000' }
+  let(:vendor_phone_confirmation) { true }
   let(:user_phone_confirmation) { false }
   let(:phone_confirmation_otp_code) { '777777' }
   let(:phone_confirmation_otp_sent_at) { Time.zone.now }
@@ -35,7 +36,8 @@
     subject.idv_session.ssn = Idp::Constants::MOCK_IDV_APPLICANT_WITH_PHONE[:ssn]
     subject.idv_session.resolution_successful = true
     subject.idv_session.applicant[:phone] = phone
-    subject.idv_session.vendor_phone_confirmation = true
+    subject.idv_session.address_verification_mechanism = 'phone'
+    subject.idv_session.vendor_phone_confirmation = vendor_phone_confirmation
     subject.idv_session.user_phone_confirmation = user_phone_confirmation
     subject.idv_session.user_phone_confirmation_session = user_phone_confirmation_session
   end
@@ -55,6 +57,7 @@
   describe '#show' do
     context 'the user has not been sent an otp' do
       let(:user_phone_confirmation_session) { nil }
+      let(:vendor_phone_confirmation) { nil }
 
       it 'redirects to the delivery method path' do
         get :show
@@ -85,6 +88,7 @@
     let(:otp_code_param) { { code: phone_confirmation_otp_code } }
     context 'the user has not been sent an otp' do
       let(:user_phone_confirmation_session) { nil }
+      let(:vendor_phone_confirmation) { nil }
 
       it 'redirects to otp delivery method selection' do
         put :update, params: otp_code_param

spec/policies/idv/flow_policy_spec.rb

@@ -1,7 +1,9 @@
 require 'rails_helper'
+require 'support/flow_policy_helper'
 
 RSpec.describe 'Idv::FlowPolicy' do
   include Rails.application.routes.url_helpers
+  include FlowPolicyHelper
 
   let(:user) { create(:user) }
 
@@ -159,7 +161,8 @@
 
     context 'preconditions for agreement are present' do
       it 'returns agreement' do
-        idv_session.welcome_visited = true
+        stub_up_to(:welcome, idv_session: idv_session)
+
         expect(subject.info_for_latest_step.key).to eq(:agreement)
         expect(subject.controller_allowed?(controller: Idv::AgreementController)).to be
         expect(subject.controller_allowed?(controller: Idv::HybridHandoffController)).not_to be
@@ -168,8 +171,8 @@
 
     context 'preconditions for hybrid_handoff are present' do
       it 'returns hybrid_handoff' do
-        idv_session.welcome_visited = true
-        idv_session.idv_consent_given = true
+        stub_up_to(:agreement, idv_session: idv_session)
+
         expect(subject.info_for_latest_step.key).to eq(:hybrid_handoff)
         expect(subject.controller_allowed?(controller: Idv::HybridHandoffController)).to be
         expect(subject.controller_allowed?(controller: Idv::DocumentCaptureController)).not_to be
@@ -178,9 +181,8 @@
 
     context 'preconditions for document_capture are present' do
       it 'returns document_capture' do
-        idv_session.welcome_visited = true
-        idv_session.idv_consent_given = true
-        idv_session.flow_path = 'standard'
+        stub_up_to(:hybrid_handoff, idv_session: idv_session)
+
         expect(subject.info_for_latest_step.key).to eq(:document_capture)
         expect(subject.controller_allowed?(controller: Idv::DocumentCaptureController)).to be
         expect(subject.controller_allowed?(controller: Idv::SsnController)).not_to be
@@ -189,9 +191,9 @@
 
     context 'preconditions for link_sent are present' do
       it 'returns link_sent' do
-        idv_session.welcome_visited = true
-        idv_session.idv_consent_given = true
+        stub_up_to(:hybrid_handoff, idv_session: idv_session)
         idv_session.flow_path = 'hybrid'
+
         expect(subject.info_for_latest_step.key).to eq(:link_sent)
         expect(subject.controller_allowed?(controller: Idv::LinkSentController)).to be
         expect(subject.controller_allowed?(controller: Idv::SsnController)).not_to be
@@ -200,10 +202,7 @@
 
     context 'preconditions for ssn are present' do
       before do
-        idv_session.welcome_visited = true
-        idv_session.idv_consent_given = true
-        idv_session.flow_path = 'standard'
-        idv_session.pii_from_doc = { pii: 'value' }
+        stub_up_to(:document_capture, idv_session: idv_session)
       end
 
       it 'returns ssn for standard flow' do
@@ -222,10 +221,8 @@
 
     context 'preconditions for in_person ssn are present' do
       before do
-        idv_session.welcome_visited = true
-        idv_session.idv_consent_given = true
-        idv_session.flow_path = 'standard'
-        idv_session.send(:user_session)['idv/in_person'][:pii_from_user] = { pii: 'value' }
+        stub_up_to(:hybrid_handoff, idv_session: idv_session)
+        idv_session.send(:user_session)['idv/in_person'] = { pii_from_user: { pii: 'value' } }
       end
 
       it 'returns ipp_ssn' do
@@ -238,12 +235,7 @@
 
     context 'preconditions for verify_info are present' do
       it 'returns verify_info' do
-        idv_session.welcome_visited = true
-        idv_session.idv_consent_given = true
-        idv_session.flow_path = 'standard'
-        idv_session.pii_from_doc = { pii: 'value' }
-        idv_session.ssn = '666666666'
-
+        stub_up_to(:ssn, idv_session: idv_session)
         expect(subject.info_for_latest_step.key).to eq(:verify_info)
         expect(subject.controller_allowed?(controller: Idv::VerifyInfoController)).to be
         expect(subject.controller_allowed?(controller: Idv::PhoneController)).not_to be
@@ -252,11 +244,7 @@
 
     context 'preconditions for in_person verify_info are present' do
       it 'returns ipp_verify_info' do
-        idv_session.welcome_visited = true
-        idv_session.idv_consent_given = true
-        idv_session.flow_path = 'standard'
-        idv_session.send(:user_session)['idv/in_person'][:pii_from_user] = { pii: 'value' }
-        idv_session.ssn = '666666666'
+        stub_up_to(:ipp_ssn, idv_session: idv_session)
 
         expect(subject.info_for_latest_step.key).to eq(:ipp_verify_info)
         expect(subject.controller_allowed?(controller: Idv::InPerson::VerifyInfoController)).to be
@@ -266,13 +254,7 @@
 
     context 'preconditions for phone are present' do
       it 'returns phone' do
-        idv_session.welcome_visited = true
-        idv_session.idv_consent_given = true
-        idv_session.flow_path = 'standard'
-        idv_session.pii_from_doc = { pii: 'value' }
-        idv_session.applicant = { pii: 'value' }
-        idv_session.ssn = '666666666'
-        idv_session.resolution_successful = true
+        stub_up_to(:verify_info, idv_session: idv_session)
 
         expect(subject.info_for_latest_step.key).to eq(:phone)
         expect(subject.controller_allowed?(controller: Idv::PhoneController)).to be
@@ -284,13 +266,8 @@
       let(:user_phone_confirmation_session) { { code: 'abcde' } }
 
       it 'returns otp_verification' do
-        idv_session.welcome_visited = true
-        idv_session.idv_consent_given = true
-        idv_session.flow_path = 'standard'
-        idv_session.pii_from_doc = { pii: 'value' }
-        idv_session.applicant = { pii: 'value' }
-        idv_session.ssn = '666666666'
-        idv_session.resolution_successful = true
+        stub_up_to(:phone, idv_session: idv_session)
+
         idv_session.user_phone_confirmation_session = user_phone_confirmation_session
 
         expect(subject.info_for_latest_step.key).to eq(:otp_verification)
@@ -300,14 +277,8 @@
     end
 
     context 'preconditions for request_letter are present' do
-      it 'returns enter_password with gpo verification pending' do
-        idv_session.welcome_visited = true
-        idv_session.idv_consent_given = true
-        idv_session.flow_path = 'standard'
-        idv_session.pii_from_doc = { pii: 'value' }
-        idv_session.applicant = { pii: 'value' }
-        idv_session.ssn = '666666666'
-        idv_session.resolution_successful = true
+      it 'allows request_letter' do
+        stub_up_to(:verify_info, idv_session: idv_session)
 
         expect(subject.controller_allowed?(controller: Idv::ByMail::RequestLetterController)).to be
         expect(subject.controller_allowed?(controller: Idv::EnterPasswordController)).not_to be
@@ -319,15 +290,7 @@
 
       context 'user has a gpo address_verification_mechanism' do
         it 'returns enter_password with gpo verification pending' do
-          idv_session.welcome_visited = true
-          idv_session.idv_consent_given = true
-          idv_session.flow_path = 'standard'
-          idv_session.pii_from_doc = { pii: 'value' }
-          idv_session.applicant = { pii: 'value' }
-          idv_session.ssn = '666666666'
-          idv_session.resolution_successful = true
-          idv_session.user_phone_confirmation_session = user_phone_confirmation_session
-          idv_session.address_verification_mechanism = 'gpo'
+          stub_up_to(:request_letter, idv_session: idv_session)
 
           expect(subject.info_for_latest_step.key).to eq(:enter_password)
           expect(subject.controller_allowed?(controller: Idv::EnterPasswordController)).to be
@@ -337,16 +300,7 @@
 
       context 'user passed phone step' do
         it 'returns enter_password' do
-          idv_session.welcome_visited = true
-          idv_session.idv_consent_given = true
-          idv_session.flow_path = 'standard'
-          idv_session.pii_from_doc = { pii: 'value' }
-          idv_session.applicant = { pii: 'value' }
-          idv_session.ssn = '666666666'
-          idv_session.resolution_successful = true
-          idv_session.user_phone_confirmation_session = user_phone_confirmation_session
-          idv_session.vendor_phone_confirmation = true
-          idv_session.user_phone_confirmation = true
+          stub_up_to(:otp_verification, idv_session: idv_session)
 
           expect(subject.info_for_latest_step.key).to eq(:enter_password)
           expect(subject.controller_allowed?(controller: Idv::EnterPasswordController)).to be

spec/support/flow_policy_helper.rb

@@ -0,0 +1,82 @@
+module FlowPolicyHelper
+  def stub_up_to(key, idv_session:)
+    keys = keys_up_to(key: key)
+
+    keys.each do |key|
+      stub_step(key: key, idv_session: idv_session)
+    end
+  end
+
+  def stub_step(key:, idv_session:)
+    case key
+    when :welcome
+      idv_session.welcome_visited = true
+    when :agreement
+      idv_session.idv_consent_given = true
+    when :hybrid_handoff
+      idv_session.flow_path = 'standard'
+    when :link_sent
+      idv_session.flow_path = 'hybrid'
+      idv_session.pii_from_doc = Idp::Constants::MOCK_IDV_APPLICANT.dup
+    when :document_capture
+      idv_session.pii_from_doc = Idp::Constants::MOCK_IDV_APPLICANT.dup
+    when :ssn
+      idv_session.ssn = Idp::Constants::MOCK_IDV_APPLICANT_WITH_SSN[:ssn]
+    when :ipp_ssn
+      idv_session.send(:user_session)['idv/in_person'] = {
+        pii_from_user: Idp::Constants::MOCK_IDV_APPLICANT_SAME_ADDRESS_AS_ID.dup,
+      }
+      idv_session.ssn = Idp::Constants::MOCK_IDV_APPLICANT_WITH_SSN[:ssn]
+    when :verify_info
+      idv_session.mark_verify_info_step_complete!
+      idv_session.applicant = Idp::Constants::MOCK_IDV_APPLICANT_WITH_SSN.dup
+    when :ipp_verify_info
+      idv_session.mark_verify_info_step_complete!
+      idv_session.applicant = Idp::Constants::MOCK_IDV_APPLICANT_WITH_SSN.dup
+    when :phone
+      idv_session.mark_phone_step_started!
+    when :otp_verification
+      idv_session.mark_phone_step_complete!
+    when :request_letter
+      idv_session.address_verification_mechanism = 'gpo'
+      idv_session.vendor_phone_confirmation = false
+      idv_session.user_phone_confirmation = false
+    when :enter_password
+      # FINAL!
+    end
+  end
+
+  def keys_up_to(key:)
+    case key
+    when :welcome
+      %i[welcome]
+    when :agreement
+      %i[welcome agreement]
+    when :hybrid_handoff
+      %i[welcome agreement hybrid_handoff]
+    when :link_sent
+      %i[welcome agreement hybrid_handoff link_sent]
+    when :document_capture
+      %i[welcome agreement hybrid_handoff document_capture]
+    when :ssn
+      %i[welcome agreement hybrid_handoff document_capture ssn]
+    when :ipp_ssn
+      %i[welcome agreement hybrid_handoff ipp_ssn]
+    when :verify_info
+      %i[welcome agreement hybrid_handoff document_capture ssn verify_info]
+    when :ipp_verify_info
+      %i[welcome agreement hybrid_handoff ipp_ssn ipp_verify_info]
+    when :phone
+      %i[welcome agreement hybrid_handoff document_capture ssn verify_info phone]
+    when :otp_verification
+      %i[welcome agreement hybrid_handoff document_capture ssn verify_info phone otp_verification]
+    when :request_letter
+      %i[welcome agreement hybrid_handoff document_capture ssn verify_info request_letter]
+    when :enter_password
+      %i[welcome agreement hybrid_handoff document_capture ssn verify_info phone otp_verification
+         enter_password]
+    else
+      []
+    end
+  end
+end