18F · soniaconnolly · Jan 12, 2024 · Jan 5, 2024 · Jan 5, 2024 · Jan 6, 2024
diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb
@@ -55,6 +55,10 @@ def stored_result
       @stored_result = document_capture_session&.load_result
     end
 
+    def selfie_requirement_met?
+      !decorated_sp_session.selfie_required? || stored_result.selfie_check_performed
+    end
+
     private
 
     def track_document_issuing_state(user, state)

diff --git a/app/controllers/idv/document_capture_controller.rb b/app/controllers/idv/document_capture_controller.rb
@@ -89,7 +89,7 @@ def analytics_arguments
     end
 
     def handle_stored_result
-      if stored_result&.success?
+      if stored_result&.success? && selfie_requirement_met?
         save_proofing_components(current_user)
         extract_pii_from_doc(current_user, stored_result, store_in_session: true)
         flash[:success] = t('doc_auth.headings.capture_complete')

diff --git a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb
@@ -61,7 +61,7 @@ def analytics_arguments
       end
 
       def handle_stored_result
-        if stored_result&.success?
+        if stored_result&.success? && selfie_requirement_met?
           save_proofing_components(document_capture_user)
           extract_pii_from_doc(document_capture_user, stored_result)
           successful_response

diff --git a/app/controllers/idv/link_sent_controller.rb b/app/controllers/idv/link_sent_controller.rb
@@ -80,7 +80,8 @@ def render_step_incomplete_error
     end
 
     def take_photo_with_phone_successful?
-      document_capture_session_result.present? && document_capture_session_result.success?
+      document_capture_session_result.present? && document_capture_session_result.success? &&
+        selfie_requirement_met?
     end
 
     def document_capture_session_result

diff --git a/spec/controllers/concerns/idv/document_capture_concern_spec.rb b/spec/controllers/concerns/idv/document_capture_concern_spec.rb
@@ -0,0 +1,67 @@
+require 'rails_helper'
+
+RSpec.describe Idv::DocumentCaptureConcern, :controller do
+  idv_document_capture_controller_class = Class.new(ApplicationController) do
+    def self.name
+      'AnonymousController'
+    end
+
+    include Idv::DocumentCaptureConcern
+
+    def show
+      render plain: 'Hello'
+    end
+  end
+
+  describe '#selfie_requirement_met?' do
+    controller(idv_document_capture_controller_class) do
+    end
+
+    context 'selfie checks enabled' do
+      before do
+        decorated_sp_session = instance_double(ServiceProviderSession)
+        allow(decorated_sp_session).to receive(:selfie_required?).and_return(selfie_required)
+        allow(controller).to receive(:decorated_sp_session).and_return(decorated_sp_session)
+        stored_result = instance_double(DocumentCaptureSessionResult)
+        allow(stored_result).to receive(:selfie_check_performed).and_return(selfie_check_performed)
+        allow(controller).to receive(:stored_result).and_return(stored_result)
+      end
+
+      context 'SP requires biometric_comparison' do
+        let(:selfie_required) { true }
+
+        context 'selfie check performed' do
+          let(:selfie_check_performed) { true }
+          it 'returns true' do
+            expect(controller.selfie_requirement_met?).to eq(true)
+          end
+        end
+
+        context 'selfie check not performed' do
+          let(:selfie_check_performed) { false }
+          it 'returns false' do
+            expect(controller.selfie_requirement_met?).to eq(false)
+          end
+        end
+      end
+
+      context 'SP does not require biometric_comparison' do
+        let(:selfie_required) { false }
+
+        context 'selfie check performed' do
+          let(:selfie_check_performed) { true }
+          it 'returns true' do
+            expect(controller.selfie_requirement_met?).to eq(true)
+          end
+        end
+
+        context 'selfie check not performed' do
+          let(:selfie_check_performed) { false }
+          it 'returns true' do
+            expect(controller.selfie_requirement_met?).to eq(true)
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/spec/controllers/idv/document_capture_controller_spec.rb b/spec/controllers/idv/document_capture_controller_spec.rb
@@ -211,6 +211,34 @@
       )
     end
 
+    context 'selfie checks' do
+      before do
+        expect(controller).to receive(:selfie_requirement_met?).
+          and_return(performed_if_needed)
+        allow(result).to receive(:success?).and_return(true)
+        allow(subject).to receive(:stored_result).and_return(result)
+        allow(subject).to receive(:extract_pii_from_doc)
+      end
+
+      context 'not performed' do
+        let(:performed_if_needed) { false }
+
+        it 'stays on document capture' do
+          put :update
+          expect(response).to redirect_to idv_document_capture_url
+        end
+      end
+
+      context 'performed' do
+        let(:performed_if_needed) { true }
+
+        it 'redirects to ssn' do
+          put :update
+          expect(response).to redirect_to idv_ssn_url
+        end
+      end
+    end
+
     context 'user has an establishing in-person enrollment' do
       let!(:enrollment) { create(:in_person_enrollment, :establishing, user: user, profile: nil) }
 

diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb
@@ -216,6 +216,31 @@
           expect(subject.document_capture_session.ocr_confirmation_pending).to be_falsey
         end
       end
+
+      context 'selfie checks' do
+        before do
+          expect(controller).to receive(:selfie_requirement_met?).
+            and_return(performed_if_needed)
+        end
+
+        context 'not performed' do
+          let(:performed_if_needed) { false }
+
+          it 'stays on hybrid mobile document capture' do
+            put :update
+            expect(response).to redirect_to idv_hybrid_mobile_document_capture_url
+          end
+        end
+
+        context 'performed' do
+          let(:performed_if_needed) { true }
+
+          it 'redirects to capture complete' do
+            put :update
+            expect(response).to redirect_to idv_hybrid_mobile_capture_complete_url
+          end
+        end
+      end
     end
   end
 

diff --git a/spec/controllers/idv/link_sent_controller_spec.rb b/spec/controllers/idv/link_sent_controller_spec.rb
@@ -175,6 +175,34 @@
             expect(subject.idv_session.redo_document_capture).to be_nil
           end
         end
+
+        context 'selfie checks' do
+          before do
+            expect(controller).to receive(:selfie_requirement_met?).
+              and_return(performed_if_needed)
+          end
+
+          context 'not performed' do
+            let(:performed_if_needed) { false }
+
+            it 'flashes an error and does not redirect' do
+              put :update
+
+              expect(flash[:error]).to eq t('errors.doc_auth.phone_step_incomplete')
+              expect(response.status).to eq(204)
+            end
+          end
+
+          context 'performed' do
+            let(:performed_if_needed) { true }
+
+            it 'redirects to ssn' do
+              put :update
+              expect(flash[:error]).to eq nil
+              expect(response).to redirect_to idv_ssn_url
+            end
+          end
+        end
       end
 
       context 'document capture session canceled' do