diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb index 558226afbbc..aa0fda3665f 100644 --- a/app/controllers/concerns/idv/document_capture_concern.rb +++ b/app/controllers/concerns/idv/document_capture_concern.rb @@ -55,6 +55,10 @@ def stored_result @stored_result = document_capture_session&.load_result end + def selfie_requirement_met? + !decorated_sp_session.selfie_required? || stored_result.selfie_check_performed + end + private def track_document_issuing_state(user, state) diff --git a/app/controllers/idv/document_capture_controller.rb b/app/controllers/idv/document_capture_controller.rb index e8c6103f2cc..0611a352902 100644 --- a/app/controllers/idv/document_capture_controller.rb +++ b/app/controllers/idv/document_capture_controller.rb @@ -89,7 +89,7 @@ def analytics_arguments end def handle_stored_result - if stored_result&.success? + if stored_result&.success? && selfie_requirement_met? save_proofing_components(current_user) extract_pii_from_doc(current_user, stored_result, store_in_session: true) flash[:success] = t('doc_auth.headings.capture_complete') diff --git a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb index 4a35965aeea..d31d675c30f 100644 --- a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb +++ b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb @@ -61,7 +61,7 @@ def analytics_arguments end def handle_stored_result - if stored_result&.success? + if stored_result&.success? && selfie_requirement_met? save_proofing_components(document_capture_user) extract_pii_from_doc(document_capture_user, stored_result) successful_response diff --git a/app/controllers/idv/link_sent_controller.rb b/app/controllers/idv/link_sent_controller.rb index 65fc191297e..282fdfff6fc 100644 --- a/app/controllers/idv/link_sent_controller.rb +++ b/app/controllers/idv/link_sent_controller.rb @@ -80,7 +80,8 @@ def render_step_incomplete_error end def take_photo_with_phone_successful? - document_capture_session_result.present? && document_capture_session_result.success? + document_capture_session_result.present? && document_capture_session_result.success? && + selfie_requirement_met? end def document_capture_session_result diff --git a/spec/controllers/concerns/idv/document_capture_concern_spec.rb b/spec/controllers/concerns/idv/document_capture_concern_spec.rb new file mode 100644 index 00000000000..67fbae4b89c --- /dev/null +++ b/spec/controllers/concerns/idv/document_capture_concern_spec.rb @@ -0,0 +1,67 @@ +require 'rails_helper' + +RSpec.describe Idv::DocumentCaptureConcern, :controller do + idv_document_capture_controller_class = Class.new(ApplicationController) do + def self.name + 'AnonymousController' + end + + include Idv::DocumentCaptureConcern + + def show + render plain: 'Hello' + end + end + + describe '#selfie_requirement_met?' do + controller(idv_document_capture_controller_class) do + end + + context 'selfie checks enabled' do + before do + decorated_sp_session = instance_double(ServiceProviderSession) + allow(decorated_sp_session).to receive(:selfie_required?).and_return(selfie_required) + allow(controller).to receive(:decorated_sp_session).and_return(decorated_sp_session) + stored_result = instance_double(DocumentCaptureSessionResult) + allow(stored_result).to receive(:selfie_check_performed).and_return(selfie_check_performed) + allow(controller).to receive(:stored_result).and_return(stored_result) + end + + context 'SP requires biometric_comparison' do + let(:selfie_required) { true } + + context 'selfie check performed' do + let(:selfie_check_performed) { true } + it 'returns true' do + expect(controller.selfie_requirement_met?).to eq(true) + end + end + + context 'selfie check not performed' do + let(:selfie_check_performed) { false } + it 'returns false' do + expect(controller.selfie_requirement_met?).to eq(false) + end + end + end + + context 'SP does not require biometric_comparison' do + let(:selfie_required) { false } + + context 'selfie check performed' do + let(:selfie_check_performed) { true } + it 'returns true' do + expect(controller.selfie_requirement_met?).to eq(true) + end + end + + context 'selfie check not performed' do + let(:selfie_check_performed) { false } + it 'returns true' do + expect(controller.selfie_requirement_met?).to eq(true) + end + end + end + end + end +end diff --git a/spec/controllers/idv/document_capture_controller_spec.rb b/spec/controllers/idv/document_capture_controller_spec.rb index a4948cc0cde..11e96483dc6 100644 --- a/spec/controllers/idv/document_capture_controller_spec.rb +++ b/spec/controllers/idv/document_capture_controller_spec.rb @@ -211,6 +211,34 @@ ) end + context 'selfie checks' do + before do + expect(controller).to receive(:selfie_requirement_met?). + and_return(performed_if_needed) + allow(result).to receive(:success?).and_return(true) + allow(subject).to receive(:stored_result).and_return(result) + allow(subject).to receive(:extract_pii_from_doc) + end + + context 'not performed' do + let(:performed_if_needed) { false } + + it 'stays on document capture' do + put :update + expect(response).to redirect_to idv_document_capture_url + end + end + + context 'performed' do + let(:performed_if_needed) { true } + + it 'redirects to ssn' do + put :update + expect(response).to redirect_to idv_ssn_url + end + end + end + context 'user has an establishing in-person enrollment' do let!(:enrollment) { create(:in_person_enrollment, :establishing, user: user, profile: nil) } diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb index 1642ddb67cc..207063208db 100644 --- a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb @@ -216,6 +216,31 @@ expect(subject.document_capture_session.ocr_confirmation_pending).to be_falsey end end + + context 'selfie checks' do + before do + expect(controller).to receive(:selfie_requirement_met?). + and_return(performed_if_needed) + end + + context 'not performed' do + let(:performed_if_needed) { false } + + it 'stays on hybrid mobile document capture' do + put :update + expect(response).to redirect_to idv_hybrid_mobile_document_capture_url + end + end + + context 'performed' do + let(:performed_if_needed) { true } + + it 'redirects to capture complete' do + put :update + expect(response).to redirect_to idv_hybrid_mobile_capture_complete_url + end + end + end end end diff --git a/spec/controllers/idv/link_sent_controller_spec.rb b/spec/controllers/idv/link_sent_controller_spec.rb index a9bddd6a685..d84960dd502 100644 --- a/spec/controllers/idv/link_sent_controller_spec.rb +++ b/spec/controllers/idv/link_sent_controller_spec.rb @@ -175,6 +175,34 @@ expect(subject.idv_session.redo_document_capture).to be_nil end end + + context 'selfie checks' do + before do + expect(controller).to receive(:selfie_requirement_met?). + and_return(performed_if_needed) + end + + context 'not performed' do + let(:performed_if_needed) { false } + + it 'flashes an error and does not redirect' do + put :update + + expect(flash[:error]).to eq t('errors.doc_auth.phone_step_incomplete') + expect(response.status).to eq(204) + end + end + + context 'performed' do + let(:performed_if_needed) { true } + + it 'redirects to ssn' do + put :update + expect(flash[:error]).to eq nil + expect(response).to redirect_to idv_ssn_url + end + end + end end context 'document capture session canceled' do