diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb index 6445a77e82b..5cd9eb2ea57 100644 --- a/app/controllers/concerns/idv/document_capture_concern.rb +++ b/app/controllers/concerns/idv/document_capture_concern.rb @@ -59,6 +59,8 @@ def selfie_requirement_met? end def redirect_to_correct_vendor(vendor, in_hybrid_mobile) + return if IdentityConfig.store.doc_auth_redirect_to_correct_vendor_disabled + expected_doc_auth_vendor = doc_auth_vendor return if vendor == expected_doc_auth_vendor return if vendor == Idp::Constants::Vendors::LEXIS_NEXIS && diff --git a/config/application.yml.default b/config/application.yml.default index 17cd144a0a6..2759c4ed6d4 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -107,6 +107,7 @@ doc_auth_max_attempts: 5 doc_auth_max_capture_attempts_before_native_camera: 3 doc_auth_max_submission_attempts_before_native_camera: 3 doc_auth_read_additional_pii_attributes_enabled: false +doc_auth_redirect_to_correct_vendor_disabled: false doc_auth_selfie_desktop_test_mode: false doc_auth_socure_wait_polling_refresh_max_seconds: 15 doc_auth_socure_wait_polling_timeout_minutes: 2 diff --git a/lib/identity_config.rb b/lib/identity_config.rb index 4e085294df9..525866d8151 100644 --- a/lib/identity_config.rb +++ b/lib/identity_config.rb @@ -118,6 +118,7 @@ def self.store config.add(:doc_auth_check_failed_image_resubmission_enabled, type: :boolean) config.add(:doc_auth_client_glare_threshold, type: :integer) config.add(:doc_auth_client_sharpness_threshold, type: :integer) + config.add(:doc_auth_redirect_to_correct_vendor_disabled, type: :boolean) config.add(:doc_auth_error_dpi_threshold, type: :integer) config.add(:doc_auth_error_glare_threshold, type: :integer) config.add(:doc_auth_error_sharpness_threshold, type: :integer) diff --git a/spec/controllers/idv/document_capture_controller_spec.rb b/spec/controllers/idv/document_capture_controller_spec.rb index b6592943583..4a0d945b92e 100644 --- a/spec/controllers/idv/document_capture_controller_spec.rb +++ b/spec/controllers/idv/document_capture_controller_spec.rb @@ -20,6 +20,7 @@ # selfie related test flags let(:sp_selfie_enabled) { false } let(:flow_path) { 'standard' } + let(:doc_auth_selfie_desktop_test_mode) { false } before do stub_sign_in(user) @@ -41,6 +42,9 @@ allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return( Idp::Constants::Vendors::LEXIS_NEXIS, ) + + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(doc_auth_selfie_desktop_test_mode) end describe '#step_info' do @@ -64,11 +68,6 @@ describe 'with sp selfie enabled' do let(:sp_selfie_enabled) { true } - before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) - .and_return(false) - end - it 'does satisfy precondition' do expect(Idv::DocumentCaptureController.step_info.preconditions.is_a?(Proc)) expect(subject).not_to receive(:render).with(:show, locals: an_instance_of(Hash)) @@ -172,6 +171,19 @@ expect(response).to redirect_to idv_socure_document_capture_url end + + context 'when redirect to correct vendor is disabled' do + before do + allow(IdentityConfig.store) + .to receive(:doc_auth_redirect_to_correct_vendor_disabled).and_return(true) + end + + it 'redirects to the Socure controller' do + get :show + + expect(response).to render_template :show + end + end end context 'socure is the default vendor but facial match is required' do @@ -193,13 +205,8 @@ context 'when a selfie is requested' do let(:sp_selfie_enabled) { true } - let(:desktop_selfie_enabled) { false } - before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) - .and_return(desktop_selfie_enabled) - end + describe 'when desktop selfie disabled' do - let(:desktop_selfie_enabled) { false } it 'redirect back to handoff page' do expect(subject).not_to receive(:render).with( :show, @@ -216,7 +223,7 @@ end describe 'when desktop selfie enabled' do - let(:desktop_selfie_enabled) { true } + let(:doc_auth_selfie_desktop_test_mode) { true } it 'allows capture' do expect(subject).to receive(:render).with( :show, @@ -321,7 +328,6 @@ let(:sp_selfie_enabled) { true } before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode).and_return(false) allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).with(anything).and_return(false) end diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb index d1a52c3b3df..f6d744dbc67 100644 --- a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb @@ -67,6 +67,19 @@ expect(response).to redirect_to idv_hybrid_mobile_socure_document_capture_url end + + context 'when redirect to correct vendor is disabled' do + before do + allow(IdentityConfig.store) + .to receive(:doc_auth_redirect_to_correct_vendor_disabled).and_return(true) + end + + it 'allows the user to use this controller' do + get :show + + expect(response).to render_template :show + end + end end it 'renders the show template' do diff --git a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb index de12759de6f..c05ef0408b3 100644 --- a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb @@ -211,6 +211,30 @@ expect(document_capture_session.socure_docv_transaction_token) .to eq(docv_transaction_token) end + + context 'when we try to use this controller but we should be using the LN/mock version' do + let(:idv_vendor) { Idp::Constants::Vendors::LEXIS_NEXIS } + + it 'redirects to the LN/Mock controller' do + get :show + + expect(response).to redirect_to(idv_hybrid_mobile_document_capture_url) + end + + context 'when redirect to correct vendor is disabled' do + before do + allow(IdentityConfig.store) + .to receive(:doc_auth_redirect_to_correct_vendor_disabled).and_return(true) + end + + it 'renders to the Socure controller' do + get :show + + expect(response).to have_http_status 200 + expect(response.body).to have_link(href: socure_capture_app_url) + end + end + end end end diff --git a/spec/controllers/idv/socure/document_capture_controller_spec.rb b/spec/controllers/idv/socure/document_capture_controller_spec.rb index 7557cadd21f..d663103604c 100644 --- a/spec/controllers/idv/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/socure/document_capture_controller_spec.rb @@ -39,7 +39,6 @@ allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled) .and_return(vendor_switching_enabled) allow_any_instance_of(ApplicationController).to receive(:current_user).and_return(user) - allow(subject).to receive(:stored_result).and_return(stored_result) user_session = {} @@ -98,6 +97,28 @@ get :show expect(response).to redirect_to idv_document_capture_url end + + context 'when redirect to correct vendor is disabled' do + let(:socure_capture_app_url) { 'https://verify.socure.test/' } + let(:response_body) do + { + data: { + docvTransactionToken: SecureRandom.hex(6), + url: socure_capture_app_url, + }, + } + end + before do + allow(IdentityConfig.store) + .to receive(:doc_auth_redirect_to_correct_vendor_disabled).and_return(true) + end + + it 'redirects to the Socure controller' do + get :show + + expect(response).to have_http_status 200 + end + end end context 'when facial match is required' do diff --git a/spec/features/idv/doc_auth/document_capture_spec.rb b/spec/features/idv/doc_auth/document_capture_spec.rb index 4d7cabfa5ce..825c5a700a8 100644 --- a/spec/features/idv/doc_auth/document_capture_spec.rb +++ b/spec/features/idv/doc_auth/document_capture_spec.rb @@ -96,11 +96,21 @@ expect(page).to have_content(I18n.t('doc_auth.errors.general.network_error')) end - it 'does not track state if state tracking is disabled' do - allow(IdentityConfig.store).to receive(:state_tracking_enabled).and_return(false) - attach_and_submit_images + context 'state tracking is disabled' do + before do + allow(IdentityConfig.store).to receive(:state_tracking_enabled).and_return(false) + allow(IdentityConfig.store).to receive(:socure_docv_enabled).and_return(true) + end + it 'does not track state' do + # Confirm that we end up on the LN / Mock page even if we try to + # go to the Socure one. + visit idv_socure_document_capture_url + expect(page).to have_current_path(idv_document_capture_url) - expect(DocAuthLog.find_by(user_id: @user.id).state).to be_nil + attach_and_submit_images + + expect(DocAuthLog.find_by(user_id: @user.id).state).to be_nil + end end end diff --git a/spec/features/idv/doc_auth/socure_document_capture_spec.rb b/spec/features/idv/doc_auth/socure_document_capture_spec.rb index ed45c95437f..ede7b13c5f5 100644 --- a/spec/features/idv/doc_auth/socure_document_capture_spec.rb +++ b/spec/features/idv/doc_auth/socure_document_capture_spec.rb @@ -293,6 +293,11 @@ docv_transaction_token: @docv_transaction_token, ) + # Confirm that we end up on the Socure page even if we try to + # go to the LN / Mock one. + visit idv_document_capture_url + expect(page).to have_current_path(idv_socure_document_capture_url) + visit idv_socure_document_capture_update_path expect(DocAuthLog.find_by(user_id: @user.id).state).to be_nil end diff --git a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb index 6b61c0887a8..94e870126ee 100644 --- a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb +++ b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb @@ -68,9 +68,9 @@ visit idv_link_sent_url expect(page).to have_current_path(root_url) - # Confirm that we end up on the LN / Mock page even if we try to - # go to the Socure one. - visit idv_hybrid_mobile_socure_document_capture_url + # Confirm that we end up on the Socure page even if we try to + # go to the LN / Mock one. + visit idv_hybrid_mobile_document_capture_url expect(page).to have_current_path(idv_hybrid_mobile_socure_document_capture_url) # Confirm that clicking cancel and then coming back doesn't cause errors @@ -459,56 +459,48 @@ end context 'with a network error requesting the capture app url' do - before do - allow_any_instance_of(Faraday::Connection).to receive(:post) - .and_raise(Faraday::ConnectionFailed) - end - - it 'shows the network error page on the phone and the link sent page on the desktop', - js: true do - user = nil + shared_examples 'document request API failure' do + it 'shows the network error page on the phone and the link sent page on the desktop', + js: true do + perform_in_browser(:desktop) do + visit_idp_from_sp_with_ial2(sp) + sign_up_and_2fa_ial1_user - perform_in_browser(:desktop) do - visit_idp_from_sp_with_ial2(sp) - user = sign_up_and_2fa_ial1_user + complete_doc_auth_steps_before_hybrid_handoff_step + clear_and_fill_in(:doc_auth_phone, phone_number) + click_send_link + end - complete_doc_auth_steps_before_hybrid_handoff_step - clear_and_fill_in(:doc_auth_phone, phone_number) - click_send_link - end + perform_in_browser(:mobile) do + visit @sms_link - perform_in_browser(:mobile) do - visit @sms_link + expect(page).to have_text(t('doc_auth.headers.general.network_error')) + expect(page).to have_text(t('doc_auth.errors.general.new_network_error')) + expect(@analytics).to have_logged_event(:idv_socure_document_request_submitted) + end - expect(page).to have_text(t('doc_auth.headers.general.network_error')) - expect(page).to have_text(t('doc_auth.errors.general.new_network_error')) - expect(@analytics).to have_logged_event(:idv_socure_document_request_submitted) + perform_in_browser(:desktop) do + expect(page).to have_current_path(idv_link_sent_path) + end end + end - perform_in_browser(:desktop) do - expect(page).to have_current_path(idv_link_sent_path) + context 'Faraday connection error' do + before do + allow_any_instance_of(Faraday::Connection).to receive(:post) + .and_raise(Faraday::ConnectionFailed) end + + it_behaves_like 'document request API failure' end - end - context 'invalid request', allow_browser_log: true do - context 'getting the capture path w wrong api key' do + context 'invalid request (ie: wrong api key)', allow_browser_log: true do before do - user = user_with_2fa - visit_idp_from_oidc_sp_with_ial2 - sign_in_and_2fa_user(user) - complete_doc_auth_steps_before_document_capture_step - click_idv_continue DocAuth::Mock::DocAuthMockClient.reset! stub_docv_document_request(status: 401) end - it 'correctly logs event', js: true do - visit idv_socure_document_capture_path - expect(@analytics).to have_logged_event( - :idv_socure_document_request_submitted, - ) - end + it_behaves_like 'document request API failure' end end end