Stop merging things that aren't PII from the document into pii_from_doc

app/controllers/concerns/idv/document_capture_concern.rb

@@ -32,22 +32,15 @@ def failure(message, extra = nil)
     # @param [DocAuth::Response,
     #   DocumentCaptureSessionResult] response
     def extract_pii_from_doc(user, response, store_in_session: false)
-      pii_from_doc = response.pii_from_doc.merge(
-        uuid: user.uuid,
-        phone: user.phone_configurations.take&.phone,
-        uuid_prefix: ServiceProvider.find_by(issuer: sp_session[:issuer])&.app_id,
-      )
-
       if defined?(idv_session) # hybrid mobile does not have idv_session
         idv_session.had_barcode_read_failure = response.attention_with_barcode?
         if store_in_session
-          idv_session.pii_from_doc ||= {}
-          idv_session.pii_from_doc.merge!(pii_from_doc)
+          idv_session.pii_from_doc = response.pii_from_doc
           idv_session.selfie_check_performed = response.selfie_check_performed
         end
       end
 
-      track_document_issuing_state(user, pii_from_doc[:state])
+      track_document_issuing_state(user, response.pii_from_doc[:state])
     end
 
     def stored_result

app/controllers/concerns/idv/verify_info_concern.rb

@@ -23,11 +23,14 @@ def shared_update
       idv_session.verify_info_step_document_capture_session_uuid = document_capture_session.uuid
 
       # proof_resolution job expects these values
-      pii[:uuid_prefix] = ServiceProvider.find_by(issuer: sp_session[:issuer])&.app_id
-      pii[:ssn] = idv_session.ssn
-      Idv::Agent.new(pii).proof_resolution(
+      agent_pii = pii.merge(
+        uuid: current_user.uuid,
+        uuid_prefix: ServiceProvider.find_by(issuer: sp_session[:issuer])&.app_id,
+        ssn: idv_session.ssn,
+      )
+      Idv::Agent.new(agent_pii).proof_resolution(
         document_capture_session,
-        should_proof_state_id: aamva_state?(pii),
+        should_proof_state_id: aamva_state?,
         trace_id: amzn_trace_id,
         user_id: current_user.id,
         threatmetrix_session_id: idv_session.threatmetrix_session_id,
@@ -44,10 +47,8 @@ def ipp_enrollment_in_progress?
       current_user.has_in_person_enrollment?
     end
 
-    def aamva_state?(pii)
-      IdentityConfig.store.aamva_supported_jurisdictions.include?(
-        pii['state_id_jurisdiction'],
-      )
+    def aamva_state?
+      IdentityConfig.store.aamva_supported_jurisdictions.include?(pii['state_id_jurisdiction'])
     end
 
     def resolution_rate_limiter

spec/controllers/idv/in_person/verify_info_controller_spec.rb

@@ -293,9 +293,12 @@
       end
 
       it 'captures state id address fields in the pii' do
-        expect(Idv::Agent).to receive(:new).
-          with(Idp::Constants::MOCK_IDV_APPLICANT_STATE_ID_ADDRESS.merge(uuid_prefix: nil)).
-          and_call_original
+        expect(Idv::Agent).to receive(:new).with(
+          Idp::Constants::MOCK_IDV_APPLICANT_STATE_ID_ADDRESS.merge(
+            uuid_prefix: nil,
+            uuid: user.uuid,
+          ),
+        ).and_call_original
         put :update
       end
     end

spec/controllers/idv/verify_info_controller_spec.rb

@@ -391,9 +391,14 @@
       sp_session = { issuer: sp.issuer }
       allow(controller).to receive(:sp_session).and_return(sp_session)
 
-      put :update
+      expect(Idv::Agent).to receive(:new).with(
+        hash_including(
+          uuid_prefix: app_id,
+          uuid: user.uuid,
+        ),
+      ).and_call_original
 
-      expect(subject.idv_session.pii_from_doc[:uuid_prefix]).to eq app_id
+      put :update
     end
 
     it 'updates DocAuthLog verify_submit_count' do