From 56babf7ccf563b163c2aca46ba1ce743b7730624 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Thu, 19 Dec 2024 14:56:16 -0500 Subject: [PATCH 01/30] init relax vendor redirect if in test mode [skip changelog] --- app/controllers/concerns/idv/document_capture_concern.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb index 6445a77e82b..e78b6a27a8d 100644 --- a/app/controllers/concerns/idv/document_capture_concern.rb +++ b/app/controllers/concerns/idv/document_capture_concern.rb @@ -59,6 +59,8 @@ def selfie_requirement_met? end def redirect_to_correct_vendor(vendor, in_hybrid_mobile) + return if IdentityConfig.store.doc_auth_selfie_desktop_test_mode + expected_doc_auth_vendor = doc_auth_vendor return if vendor == expected_doc_auth_vendor return if vendor == Idp::Constants::Vendors::LEXIS_NEXIS && From f609ac70493c930b29c920e92aea54398ab47c38 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Thu, 19 Dec 2024 20:42:34 -0500 Subject: [PATCH 02/30] fix doc cap standard test --- .../idv/document_capture_controller_spec.rb | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/spec/controllers/idv/document_capture_controller_spec.rb b/spec/controllers/idv/document_capture_controller_spec.rb index b6592943583..9ec9bf48d81 100644 --- a/spec/controllers/idv/document_capture_controller_spec.rb +++ b/spec/controllers/idv/document_capture_controller_spec.rb @@ -20,6 +20,7 @@ # selfie related test flags let(:sp_selfie_enabled) { false } let(:flow_path) { 'standard' } + let(:doc_auth_selfie_desktop_test_mode) { false } before do stub_sign_in(user) @@ -41,6 +42,9 @@ allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return( Idp::Constants::Vendors::LEXIS_NEXIS, ) + + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(doc_auth_selfie_desktop_test_mode) end describe '#step_info' do @@ -64,11 +68,6 @@ describe 'with sp selfie enabled' do let(:sp_selfie_enabled) { true } - before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) - .and_return(false) - end - it 'does satisfy precondition' do expect(Idv::DocumentCaptureController.step_info.preconditions.is_a?(Proc)) expect(subject).not_to receive(:render).with(:show, locals: an_instance_of(Hash)) @@ -193,13 +192,8 @@ context 'when a selfie is requested' do let(:sp_selfie_enabled) { true } - let(:desktop_selfie_enabled) { false } - before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) - .and_return(desktop_selfie_enabled) - end + describe 'when desktop selfie disabled' do - let(:desktop_selfie_enabled) { false } it 'redirect back to handoff page' do expect(subject).not_to receive(:render).with( :show, @@ -216,7 +210,7 @@ end describe 'when desktop selfie enabled' do - let(:desktop_selfie_enabled) { true } + let(:doc_auth_selfie_desktop_test_mode) { true } it 'allows capture' do expect(subject).to receive(:render).with( :show, @@ -321,7 +315,6 @@ let(:sp_selfie_enabled) { true } before do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode).and_return(false) allow(Idv::InPersonConfig).to receive(:enabled_for_issuer?).with(anything).and_return(false) end From 0540593fcdf6d99c6372f8292389c88cf1897662 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Thu, 19 Dec 2024 20:45:14 -0500 Subject: [PATCH 03/30] fix doc cap socure hybrid test --- .../hybrid_mobile/socure/document_capture_controller_spec.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb index de12759de6f..2cd3cc1e3a0 100644 --- a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb @@ -29,6 +29,8 @@ allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(idv_vendor) allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled) .and_return(vendor_switching_enabled) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(false) allow(subject).to receive(:stored_result).and_return(stored_result) From 2348654fe8b2ee5882e2b3bcf3c87089d6aae3af Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Thu, 19 Dec 2024 20:46:44 -0500 Subject: [PATCH 04/30] fix doc cap hybrid test --- .../idv/hybrid_mobile/document_capture_controller_spec.rb | 1 + .../hybrid_mobile/socure/document_capture_controller_spec.rb | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb index d1a52c3b3df..a16f2d3520f 100644 --- a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb @@ -25,6 +25,7 @@ allow(IdentityConfig.store).to receive(:doc_auth_vendor).and_return(idv_vendor) allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(idv_vendor) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode).and_return(false) end describe 'before_actions' do diff --git a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb index 2cd3cc1e3a0..77b83a4f40c 100644 --- a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb @@ -29,8 +29,7 @@ allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(idv_vendor) allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled) .and_return(vendor_switching_enabled) - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) - .and_return(false) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode).and_return(false) allow(subject).to receive(:stored_result).and_return(stored_result) From 25fce5a87cdb26b09d3180b1d6c55ac468811746 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 20 Dec 2024 16:12:47 -0500 Subject: [PATCH 05/30] in test mode do not redirect except if socure and facial match req'd --- app/controllers/concerns/idv/document_capture_concern.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb index e78b6a27a8d..1f00b313581 100644 --- a/app/controllers/concerns/idv/document_capture_concern.rb +++ b/app/controllers/concerns/idv/document_capture_concern.rb @@ -59,7 +59,9 @@ def selfie_requirement_met? end def redirect_to_correct_vendor(vendor, in_hybrid_mobile) - return if IdentityConfig.store.doc_auth_selfie_desktop_test_mode + return if IdentityConfig.store.doc_auth_selfie_desktop_test_mode && + !(vendor == Idp::Constants::Vendors::SOCURE && + resolved_authn_context_result.facial_match?) expected_doc_auth_vendor = doc_auth_vendor return if vendor == expected_doc_auth_vendor From 04256f5b1142f13566b124f9f9eacc77bbcb9e0a Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 20 Dec 2024 22:04:17 -0500 Subject: [PATCH 06/30] fix specs to not allow socure to have flow in test mode for selfie capture --- .../idv/socure/document_capture_controller.rb | 3 +-- .../idv/socure/document_capture_controller_spec.rb | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/app/controllers/idv/socure/document_capture_controller.rb b/app/controllers/idv/socure/document_capture_controller.rb index f84854fe9df..c3dcdfc2ac3 100644 --- a/app/controllers/idv/socure/document_capture_controller.rb +++ b/app/controllers/idv/socure/document_capture_controller.rb @@ -98,8 +98,7 @@ def self.step_info idv_session.skip_doc_auth_from_handoff || idv_session.skip_hybrid_handoff || idv_session.skip_doc_auth_from_how_to_verify || - !idv_session.selfie_check_required || - idv_session.desktop_selfie_test_mode_enabled?) + !idv_session.selfie_check_required) }, undo_step: ->(idv_session:, user:) do idv_session.pii_from_doc = nil diff --git a/spec/controllers/idv/socure/document_capture_controller_spec.rb b/spec/controllers/idv/socure/document_capture_controller_spec.rb index 7557cadd21f..f0cbe3984ef 100644 --- a/spec/controllers/idv/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/socure/document_capture_controller_spec.rb @@ -28,6 +28,7 @@ end let(:socure_docv_verification_data_test_mode) { false } + let(:doc_auth_selfie_desktop_test_mode) { false } before do allow(IdentityConfig.store).to receive(:socure_docv_enabled) @@ -39,7 +40,8 @@ allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled) .and_return(vendor_switching_enabled) allow_any_instance_of(ApplicationController).to receive(:current_user).and_return(user) - + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(doc_auth_selfie_desktop_test_mode) allow(subject).to receive(:stored_result).and_return(stored_result) user_session = {} @@ -120,7 +122,15 @@ it 'redirects to the LN/mock controller' do get :show - expect(response).to redirect_to idv_document_capture_url + expect(response).to redirect_to idv_hybrid_handoff_url + end + + context 'when desktop test mode is enabled' do + let(:doc_auth_selfie_desktop_test_mode) { true } + it 'redirects to the LN/mock controller' do + get :show + expect(response).to redirect_to idv_document_capture_url + end end end end From 2a6562c775e23a9fb42d06571d2ee54fc4d2fddb Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Mon, 23 Dec 2024 11:24:24 -0500 Subject: [PATCH 07/30] update happy path specs to be able to upload links while enforcing doc cap redirects --- spec/features/idv/doc_auth/socure_document_capture_spec.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/spec/features/idv/doc_auth/socure_document_capture_spec.rb b/spec/features/idv/doc_auth/socure_document_capture_spec.rb index ed45c95437f..4b12ecb033c 100644 --- a/spec/features/idv/doc_auth/socure_document_capture_spec.rb +++ b/spec/features/idv/doc_auth/socure_document_capture_spec.rb @@ -25,6 +25,8 @@ .and_return(fake_socure_docv_document_request_endpoint) allow(IdentityConfig.store).to receive(:socure_docv_webhook_repeat_endpoints) .and_return(socure_docv_webhook_repeat_endpoints) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(true, false) socure_docv_webhook_repeat_endpoints.each { |endpoint| stub_request(:post, endpoint) } allow(IdentityConfig.store).to receive(:ruby_workers_idv_enabled).and_return(false) allow_any_instance_of(ApplicationController).to receive(:analytics).and_return(fake_analytics) @@ -248,6 +250,8 @@ before do allow_any_instance_of(Faraday::Connection).to receive(:post) .and_raise(Faraday::ConnectionFailed) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(true, false) end it 'shows the network error page', js: true do From 50318a6bbc41fb9ddd0b59d2f15cc5cad9aa5b16 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Mon, 23 Dec 2024 12:04:15 -0500 Subject: [PATCH 08/30] allow step without forcing doc cap redirect --- spec/features/idv/hybrid_mobile/entry_spec.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spec/features/idv/hybrid_mobile/entry_spec.rb b/spec/features/idv/hybrid_mobile/entry_spec.rb index 408c91908ca..96b9f12fb1a 100644 --- a/spec/features/idv/hybrid_mobile/entry_spec.rb +++ b/spec/features/idv/hybrid_mobile/entry_spec.rb @@ -24,6 +24,8 @@ context 'valid link' do before do allow(IdentityConfig.store).to receive(:socure_docv_enabled).and_return(true) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(true, false) end it 'puts the user on the document capture page' do From 66cdf8cc8e42336adf3efc6fec54345c304cfa00 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Mon, 23 Dec 2024 12:40:37 -0500 Subject: [PATCH 09/30] disable invalid test --- spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb index 6b61c0887a8..404e64c9c82 100644 --- a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb +++ b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb @@ -491,9 +491,12 @@ end end - context 'invalid request', allow_browser_log: true do + # this does not test the hybrid mobile flow + xcontext 'invalid request', allow_browser_log: true do context 'getting the capture path w wrong api key' do before do + # allow(IdentityConfig.store).to receive(:socure_docv_verification_data_test_mode) + # .and_return(true, false) user = user_with_2fa visit_idp_from_oidc_sp_with_ial2 sign_in_and_2fa_user(user) From 809028017bda64488effbb46dfd10026e8b5673e Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Thu, 2 Jan 2025 15:22:38 -0500 Subject: [PATCH 10/30] fix hybrid mobile spec --- spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb index c948d6e9dbf..fbb03562fc1 100644 --- a/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb +++ b/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb @@ -18,7 +18,10 @@ end.at_least(1).times end - it 'proofs and hands off to mobile', js: true do + it 'proofs and hands off to mobile', js: true, allow_browser_log: true do + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(true, false) + user = nil perform_in_browser(:desktop) do @@ -236,7 +239,7 @@ end end - context 'user is rate limited on mobile' do + context 'user is rate limited on mobile', allow_browser_log: true do let(:max_attempts) { IdentityConfig.store.doc_auth_max_attempts } before do @@ -248,6 +251,8 @@ errors: { network: I18n.t('doc_auth.errors.general.network_error') }, ), ) + allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + .and_return(true, false) end it 'shows capture complete on mobile and error page on desktop', js: true do @@ -286,7 +291,7 @@ end end - context 'barcode read error on mobile (redo document capture)' do + context 'barcode read error on mobile (redo document capture)', allow_browser_log: true do it 'continues to ssn on desktop when user selects Continue', js: true do user = nil From ed14dd50c08f2161ed77bfd0b4ef0fc10c3a2a05 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Thu, 2 Jan 2025 15:56:05 -0500 Subject: [PATCH 11/30] create flag for disable redirect_to_correct_vendor --- app/controllers/concerns/idv/document_capture_concern.rb | 2 +- config/application.yml.default | 2 ++ lib/identity_config.rb | 1 + .../idv/hybrid_mobile/document_capture_controller_spec.rb | 1 - .../socure/document_capture_controller_spec.rb | 1 - .../idv/socure/document_capture_controller_spec.rb | 3 --- spec/features/idv/doc_auth/socure_document_capture_spec.rb | 4 ---- spec/features/idv/hybrid_mobile/entry_spec.rb | 2 -- spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb | 6 ++---- .../features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb | 2 -- 10 files changed, 6 insertions(+), 18 deletions(-) diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb index 1f00b313581..4f0a56ac279 100644 --- a/app/controllers/concerns/idv/document_capture_concern.rb +++ b/app/controllers/concerns/idv/document_capture_concern.rb @@ -59,7 +59,7 @@ def selfie_requirement_met? end def redirect_to_correct_vendor(vendor, in_hybrid_mobile) - return if IdentityConfig.store.doc_auth_selfie_desktop_test_mode && + return if IdentityConfig.store.doc_auth_disable_redirect_to_correct_vendor && !(vendor == Idp::Constants::Vendors::SOCURE && resolved_authn_context_result.facial_match?) diff --git a/config/application.yml.default b/config/application.yml.default index 17cd144a0a6..79bd70d8fe8 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -100,6 +100,7 @@ doc_auth_attempt_window_in_minutes: 360 doc_auth_check_failed_image_resubmission_enabled: true doc_auth_client_glare_threshold: 50 doc_auth_client_sharpness_threshold: 50 +doc_auth_disable_redirect_to_correct_vendor: false doc_auth_error_dpi_threshold: 290 doc_auth_error_glare_threshold: 40 doc_auth_error_sharpness_threshold: 40 @@ -467,6 +468,7 @@ development: dashboard_api_token: test_token dashboard_url: http://localhost:3001/api/service_providers desktop_ft_unlock_setup_option_percent_tested: 100 + doc_auth_disable_redirect_to_correct_vendor: true doc_auth_selfie_desktop_test_mode: true domain_name: localhost:3000 enable_rate_limiting: false diff --git a/lib/identity_config.rb b/lib/identity_config.rb index 4e085294df9..963c310af94 100644 --- a/lib/identity_config.rb +++ b/lib/identity_config.rb @@ -118,6 +118,7 @@ def self.store config.add(:doc_auth_check_failed_image_resubmission_enabled, type: :boolean) config.add(:doc_auth_client_glare_threshold, type: :integer) config.add(:doc_auth_client_sharpness_threshold, type: :integer) + config.add(:doc_auth_disable_redirect_to_correct_vendor, type: :boolean) config.add(:doc_auth_error_dpi_threshold, type: :integer) config.add(:doc_auth_error_glare_threshold, type: :integer) config.add(:doc_auth_error_sharpness_threshold, type: :integer) diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb index a16f2d3520f..d1a52c3b3df 100644 --- a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb @@ -25,7 +25,6 @@ allow(IdentityConfig.store).to receive(:doc_auth_vendor).and_return(idv_vendor) allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(idv_vendor) - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode).and_return(false) end describe 'before_actions' do diff --git a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb index 77b83a4f40c..de12759de6f 100644 --- a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb @@ -29,7 +29,6 @@ allow(IdentityConfig.store).to receive(:doc_auth_vendor_default).and_return(idv_vendor) allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled) .and_return(vendor_switching_enabled) - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode).and_return(false) allow(subject).to receive(:stored_result).and_return(stored_result) diff --git a/spec/controllers/idv/socure/document_capture_controller_spec.rb b/spec/controllers/idv/socure/document_capture_controller_spec.rb index f0cbe3984ef..18a68cdb2f6 100644 --- a/spec/controllers/idv/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/socure/document_capture_controller_spec.rb @@ -28,7 +28,6 @@ end let(:socure_docv_verification_data_test_mode) { false } - let(:doc_auth_selfie_desktop_test_mode) { false } before do allow(IdentityConfig.store).to receive(:socure_docv_enabled) @@ -40,8 +39,6 @@ allow(IdentityConfig.store).to receive(:doc_auth_vendor_switching_enabled) .and_return(vendor_switching_enabled) allow_any_instance_of(ApplicationController).to receive(:current_user).and_return(user) - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) - .and_return(doc_auth_selfie_desktop_test_mode) allow(subject).to receive(:stored_result).and_return(stored_result) user_session = {} diff --git a/spec/features/idv/doc_auth/socure_document_capture_spec.rb b/spec/features/idv/doc_auth/socure_document_capture_spec.rb index 4b12ecb033c..ed45c95437f 100644 --- a/spec/features/idv/doc_auth/socure_document_capture_spec.rb +++ b/spec/features/idv/doc_auth/socure_document_capture_spec.rb @@ -25,8 +25,6 @@ .and_return(fake_socure_docv_document_request_endpoint) allow(IdentityConfig.store).to receive(:socure_docv_webhook_repeat_endpoints) .and_return(socure_docv_webhook_repeat_endpoints) - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) - .and_return(true, false) socure_docv_webhook_repeat_endpoints.each { |endpoint| stub_request(:post, endpoint) } allow(IdentityConfig.store).to receive(:ruby_workers_idv_enabled).and_return(false) allow_any_instance_of(ApplicationController).to receive(:analytics).and_return(fake_analytics) @@ -250,8 +248,6 @@ before do allow_any_instance_of(Faraday::Connection).to receive(:post) .and_raise(Faraday::ConnectionFailed) - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) - .and_return(true, false) end it 'shows the network error page', js: true do diff --git a/spec/features/idv/hybrid_mobile/entry_spec.rb b/spec/features/idv/hybrid_mobile/entry_spec.rb index 96b9f12fb1a..408c91908ca 100644 --- a/spec/features/idv/hybrid_mobile/entry_spec.rb +++ b/spec/features/idv/hybrid_mobile/entry_spec.rb @@ -24,8 +24,6 @@ context 'valid link' do before do allow(IdentityConfig.store).to receive(:socure_docv_enabled).and_return(true) - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) - .and_return(true, false) end it 'puts the user on the document capture page' do diff --git a/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb index fbb03562fc1..2e7c7653e3e 100644 --- a/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb +++ b/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb @@ -19,8 +19,8 @@ end it 'proofs and hands off to mobile', js: true, allow_browser_log: true do - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) - .and_return(true, false) + # allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) + # .and_return(true, false) user = nil @@ -251,8 +251,6 @@ errors: { network: I18n.t('doc_auth.errors.general.network_error') }, ), ) - allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) - .and_return(true, false) end it 'shows capture complete on mobile and error page on desktop', js: true do diff --git a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb index 404e64c9c82..359d626d7c4 100644 --- a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb +++ b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb @@ -495,8 +495,6 @@ xcontext 'invalid request', allow_browser_log: true do context 'getting the capture path w wrong api key' do before do - # allow(IdentityConfig.store).to receive(:socure_docv_verification_data_test_mode) - # .and_return(true, false) user = user_with_2fa visit_idp_from_oidc_sp_with_ial2 sign_in_and_2fa_user(user) From d6d733e54c62f586b9f0f357b44355608cb7ffa7 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Thu, 2 Jan 2025 16:07:05 -0500 Subject: [PATCH 12/30] undo spec changes --- spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb index 2e7c7653e3e..c948d6e9dbf 100644 --- a/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb +++ b/spec/features/idv/hybrid_mobile/hybrid_mobile_spec.rb @@ -18,10 +18,7 @@ end.at_least(1).times end - it 'proofs and hands off to mobile', js: true, allow_browser_log: true do - # allow(IdentityConfig.store).to receive(:doc_auth_selfie_desktop_test_mode) - # .and_return(true, false) - + it 'proofs and hands off to mobile', js: true do user = nil perform_in_browser(:desktop) do @@ -239,7 +236,7 @@ end end - context 'user is rate limited on mobile', allow_browser_log: true do + context 'user is rate limited on mobile' do let(:max_attempts) { IdentityConfig.store.doc_auth_max_attempts } before do @@ -289,7 +286,7 @@ end end - context 'barcode read error on mobile (redo document capture)', allow_browser_log: true do + context 'barcode read error on mobile (redo document capture)' do it 'continues to ssn on desktop when user selects Continue', js: true do user = nil From bd87c2e1e576d8d59695eea3405fd5a2926c635f Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Thu, 2 Jan 2025 17:01:03 -0500 Subject: [PATCH 13/30] add redirect spec --- .../idv/document_capture_controller_spec.rb | 12 ++++++++++++ .../document_capture_controller_spec.rb | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/spec/controllers/idv/document_capture_controller_spec.rb b/spec/controllers/idv/document_capture_controller_spec.rb index 9ec9bf48d81..402c441c29d 100644 --- a/spec/controllers/idv/document_capture_controller_spec.rb +++ b/spec/controllers/idv/document_capture_controller_spec.rb @@ -171,6 +171,18 @@ expect(response).to redirect_to idv_socure_document_capture_url end + + context 'when redirect to correct vendor is disabled' do + before do + allow(IdentityConfig.store).to receive(:doc_auth_disable_redirect_to_correct_vendor).and_return(true) + end + + it 'redirects to the Socure controller' do + get :show + + expect(response).to render_template :show + end + end end context 'socure is the default vendor but facial match is required' do diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb index d1a52c3b3df..a8d7c420e01 100644 --- a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb @@ -67,6 +67,18 @@ expect(response).to redirect_to idv_hybrid_mobile_socure_document_capture_url end + + context 'when redirect to correct vendor is disabled' do + before do + allow(IdentityConfig.store).to receive(:doc_auth_disable_redirect_to_correct_vendor).and_return(true) + end + + it 'redirects to the Socure controller' do + get :show + + expect(response).to render_template :show + end + end end it 'renders the show template' do From cf90e59a4597884654da85291d898419c3a24fef Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Thu, 2 Jan 2025 17:16:55 -0500 Subject: [PATCH 14/30] when redirect to correct vendor is disabled on hybrid mobile spec --- .../socure/document_capture_controller_spec.rb | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb index de12759de6f..3761703cfbe 100644 --- a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb @@ -211,6 +211,23 @@ expect(document_capture_session.socure_docv_transaction_token) .to eq(docv_transaction_token) end + + context 'when we try to use this controller but we should be using the LN/mock version' do + context 'when redirect to correct vendor is disabled' do + let(:idv_vendor) { Idp::Constants::Vendors::LEXIS_NEXIS } + before do + allow(IdentityConfig.store) + .to receive(:doc_auth_disable_redirect_to_correct_vendor).and_return(true) + end + + it 'redirects to the Socure controller' do + get :show + + expect(response).to have_http_status 200 + expect(response.body).to have_link(href: socure_capture_app_url) + end + end + end end end From 68c6905ec3aaf909d2cdd3868e90588dfbc48dcf Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Thu, 2 Jan 2025 17:48:13 -0500 Subject: [PATCH 15/30] undo spec preconditions change --- app/controllers/idv/socure/document_capture_controller.rb | 3 ++- .../controllers/idv/socure/document_capture_controller_spec.rb | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/app/controllers/idv/socure/document_capture_controller.rb b/app/controllers/idv/socure/document_capture_controller.rb index c3dcdfc2ac3..f84854fe9df 100644 --- a/app/controllers/idv/socure/document_capture_controller.rb +++ b/app/controllers/idv/socure/document_capture_controller.rb @@ -98,7 +98,8 @@ def self.step_info idv_session.skip_doc_auth_from_handoff || idv_session.skip_hybrid_handoff || idv_session.skip_doc_auth_from_how_to_verify || - !idv_session.selfie_check_required) + !idv_session.selfie_check_required || + idv_session.desktop_selfie_test_mode_enabled?) }, undo_step: ->(idv_session:, user:) do idv_session.pii_from_doc = nil diff --git a/spec/controllers/idv/socure/document_capture_controller_spec.rb b/spec/controllers/idv/socure/document_capture_controller_spec.rb index 18a68cdb2f6..5c0776f8ad1 100644 --- a/spec/controllers/idv/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/socure/document_capture_controller_spec.rb @@ -119,7 +119,7 @@ it 'redirects to the LN/mock controller' do get :show - expect(response).to redirect_to idv_hybrid_handoff_url + expect(response).to redirect_to idv_document_capture_url end context 'when desktop test mode is enabled' do From ce52e967aba0803601dbc277dc804e52769f342b Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 11:04:55 -0500 Subject: [PATCH 16/30] use default redirect to correct vendor in dev --- config/application.yml.default | 1 - 1 file changed, 1 deletion(-) diff --git a/config/application.yml.default b/config/application.yml.default index 79bd70d8fe8..e1919b6022c 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -468,7 +468,6 @@ development: dashboard_api_token: test_token dashboard_url: http://localhost:3001/api/service_providers desktop_ft_unlock_setup_option_percent_tested: 100 - doc_auth_disable_redirect_to_correct_vendor: true doc_auth_selfie_desktop_test_mode: true domain_name: localhost:3000 enable_rate_limiting: false From 02910a837d2af8e85f867df8eb881d29f6df28f0 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 12:55:21 -0500 Subject: [PATCH 17/30] only bypass redirect correct vendor if disabled --- app/controllers/concerns/idv/document_capture_concern.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb index 4f0a56ac279..89cefaa5534 100644 --- a/app/controllers/concerns/idv/document_capture_concern.rb +++ b/app/controllers/concerns/idv/document_capture_concern.rb @@ -59,9 +59,9 @@ def selfie_requirement_met? end def redirect_to_correct_vendor(vendor, in_hybrid_mobile) - return if IdentityConfig.store.doc_auth_disable_redirect_to_correct_vendor && - !(vendor == Idp::Constants::Vendors::SOCURE && - resolved_authn_context_result.facial_match?) + return if IdentityConfig.store.doc_auth_disable_redirect_to_correct_vendor # && + # !(vendor == Idp::Constants::Vendors::SOCURE && + # resolved_authn_context_result.facial_match?) expected_doc_auth_vendor = doc_auth_vendor return if vendor == expected_doc_auth_vendor From 1e5bbfd8d2ad330e39712653ebf10f01f8bd5541 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 12:58:07 -0500 Subject: [PATCH 18/30] only bypass redirect correct vendor if disabled - remove spec --- .../idv/socure/document_capture_controller_spec.rb | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/spec/controllers/idv/socure/document_capture_controller_spec.rb b/spec/controllers/idv/socure/document_capture_controller_spec.rb index 5c0776f8ad1..6bc7b2f5b9f 100644 --- a/spec/controllers/idv/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/socure/document_capture_controller_spec.rb @@ -122,13 +122,13 @@ expect(response).to redirect_to idv_document_capture_url end - context 'when desktop test mode is enabled' do - let(:doc_auth_selfie_desktop_test_mode) { true } - it 'redirects to the LN/mock controller' do - get :show - expect(response).to redirect_to idv_document_capture_url - end - end + # context 'when desktop test mode is enabled' do + # let(:doc_auth_selfie_desktop_test_mode) { true } + # it 'redirects to the LN/mock controller' do + # get :show + # expect(response).to redirect_to idv_document_capture_url + # end + # end end end From 4a48c23d0d10ff802a06dd02b1ce04ee5c458ea6 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 13:28:05 -0500 Subject: [PATCH 19/30] test disable vendor redirect for socure standard controller --- .../document_capture_controller_spec.rb | 30 ++++++++++++++----- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/spec/controllers/idv/socure/document_capture_controller_spec.rb b/spec/controllers/idv/socure/document_capture_controller_spec.rb index 6bc7b2f5b9f..41bb70419bb 100644 --- a/spec/controllers/idv/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/socure/document_capture_controller_spec.rb @@ -97,6 +97,28 @@ get :show expect(response).to redirect_to idv_document_capture_url end + + context 'when redirect to correct vendor is disabled' do + let(:socure_capture_app_url) { 'https://verify.socure.test/' } + let(:response_body) do + { + data: { + docvTransactionToken: SecureRandom.hex(6), + url: socure_capture_app_url, + }, + } + end + before do + allow(IdentityConfig.store) + .to receive(:doc_auth_disable_redirect_to_correct_vendor).and_return(true) + end + + it 'redirects to the Socure controller' do + get :show + + expect(response).to have_http_status 200 + end + end end context 'when facial match is required' do @@ -121,14 +143,6 @@ get :show expect(response).to redirect_to idv_document_capture_url end - - # context 'when desktop test mode is enabled' do - # let(:doc_auth_selfie_desktop_test_mode) { true } - # it 'redirects to the LN/mock controller' do - # get :show - # expect(response).to redirect_to idv_document_capture_url - # end - # end end end From 1ea142b13fff37c629e0cadfc70aaa3cb6e3fba9 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 14:44:00 -0500 Subject: [PATCH 20/30] test redirect correct vendor in socure doc auth controllers --- spec/features/idv/doc_auth/socure_document_capture_spec.rb | 5 +++++ .../features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/spec/features/idv/doc_auth/socure_document_capture_spec.rb b/spec/features/idv/doc_auth/socure_document_capture_spec.rb index ed45c95437f..a479ec5f309 100644 --- a/spec/features/idv/doc_auth/socure_document_capture_spec.rb +++ b/spec/features/idv/doc_auth/socure_document_capture_spec.rb @@ -293,6 +293,11 @@ docv_transaction_token: @docv_transaction_token, ) + # Confirm that we end up on the LN / Mock page even if we try to + # go to the Socure one. + visit idv_document_capture_url + expect(page).to have_current_path(idv_socure_document_capture_url) + visit idv_socure_document_capture_update_path expect(DocAuthLog.find_by(user_id: @user.id).state).to be_nil end diff --git a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb index 359d626d7c4..cf8562c267c 100644 --- a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb +++ b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb @@ -68,9 +68,9 @@ visit idv_link_sent_url expect(page).to have_current_path(root_url) - # Confirm that we end up on the LN / Mock page even if we try to - # go to the Socure one. - visit idv_hybrid_mobile_socure_document_capture_url + # Confirm that we end up on the Socure page even if we try to + # go to the LN / Mock one. + visit idv_hybrid_mobile_document_capture_url expect(page).to have_current_path(idv_hybrid_mobile_socure_document_capture_url) # Confirm that clicking cancel and then coming back doesn't cause errors From 7fc03f2e747b6bc40d06acbcc661072e2a7ed7b6 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 14:52:20 -0500 Subject: [PATCH 21/30] test redirect correct vendor in standard doc auth controllers --- .../idv/doc_auth/document_capture_spec.rb | 18 ++++++++++++++---- .../doc_auth/socure_document_capture_spec.rb | 4 ++-- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/spec/features/idv/doc_auth/document_capture_spec.rb b/spec/features/idv/doc_auth/document_capture_spec.rb index 4d7cabfa5ce..825c5a700a8 100644 --- a/spec/features/idv/doc_auth/document_capture_spec.rb +++ b/spec/features/idv/doc_auth/document_capture_spec.rb @@ -96,11 +96,21 @@ expect(page).to have_content(I18n.t('doc_auth.errors.general.network_error')) end - it 'does not track state if state tracking is disabled' do - allow(IdentityConfig.store).to receive(:state_tracking_enabled).and_return(false) - attach_and_submit_images + context 'state tracking is disabled' do + before do + allow(IdentityConfig.store).to receive(:state_tracking_enabled).and_return(false) + allow(IdentityConfig.store).to receive(:socure_docv_enabled).and_return(true) + end + it 'does not track state' do + # Confirm that we end up on the LN / Mock page even if we try to + # go to the Socure one. + visit idv_socure_document_capture_url + expect(page).to have_current_path(idv_document_capture_url) - expect(DocAuthLog.find_by(user_id: @user.id).state).to be_nil + attach_and_submit_images + + expect(DocAuthLog.find_by(user_id: @user.id).state).to be_nil + end end end diff --git a/spec/features/idv/doc_auth/socure_document_capture_spec.rb b/spec/features/idv/doc_auth/socure_document_capture_spec.rb index a479ec5f309..ede7b13c5f5 100644 --- a/spec/features/idv/doc_auth/socure_document_capture_spec.rb +++ b/spec/features/idv/doc_auth/socure_document_capture_spec.rb @@ -293,8 +293,8 @@ docv_transaction_token: @docv_transaction_token, ) - # Confirm that we end up on the LN / Mock page even if we try to - # go to the Socure one. + # Confirm that we end up on the Socure page even if we try to + # go to the LN / Mock one. visit idv_document_capture_url expect(page).to have_current_path(idv_socure_document_capture_url) From 97b41c74f9eca1cd4588be662cf6ec7122f93253 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 14:53:50 -0500 Subject: [PATCH 22/30] happy linting --- app/controllers/concerns/idv/document_capture_concern.rb | 4 +--- spec/controllers/idv/document_capture_controller_spec.rb | 3 ++- .../idv/hybrid_mobile/document_capture_controller_spec.rb | 3 ++- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb index 89cefaa5534..4eb68632b86 100644 --- a/app/controllers/concerns/idv/document_capture_concern.rb +++ b/app/controllers/concerns/idv/document_capture_concern.rb @@ -59,9 +59,7 @@ def selfie_requirement_met? end def redirect_to_correct_vendor(vendor, in_hybrid_mobile) - return if IdentityConfig.store.doc_auth_disable_redirect_to_correct_vendor # && - # !(vendor == Idp::Constants::Vendors::SOCURE && - # resolved_authn_context_result.facial_match?) + return if IdentityConfig.store.doc_auth_disable_redirect_to_correct_vendor expected_doc_auth_vendor = doc_auth_vendor return if vendor == expected_doc_auth_vendor diff --git a/spec/controllers/idv/document_capture_controller_spec.rb b/spec/controllers/idv/document_capture_controller_spec.rb index 402c441c29d..3dadf39dff8 100644 --- a/spec/controllers/idv/document_capture_controller_spec.rb +++ b/spec/controllers/idv/document_capture_controller_spec.rb @@ -174,7 +174,8 @@ context 'when redirect to correct vendor is disabled' do before do - allow(IdentityConfig.store).to receive(:doc_auth_disable_redirect_to_correct_vendor).and_return(true) + allow(IdentityConfig.store) + .to receive(:doc_auth_disable_redirect_to_correct_vendor).and_return(true) end it 'redirects to the Socure controller' do diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb index a8d7c420e01..b0302c89406 100644 --- a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb @@ -70,7 +70,8 @@ context 'when redirect to correct vendor is disabled' do before do - allow(IdentityConfig.store).to receive(:doc_auth_disable_redirect_to_correct_vendor).and_return(true) + allow(IdentityConfig.store) + .to receive(:doc_auth_disable_redirect_to_correct_vendor).and_return(true) end it 'redirects to the Socure controller' do From 6e767efbdfa65c4ccf4576b6e665ef496fea1f3f Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 15:12:08 -0500 Subject: [PATCH 23/30] rename env var doc_auth_disable_redirect_to_correct_vendor to doc_auth_redirect_to_correct_vendor_disabled --- app/controllers/concerns/idv/document_capture_concern.rb | 2 +- config/application.yml.default | 2 +- lib/identity_config.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/concerns/idv/document_capture_concern.rb b/app/controllers/concerns/idv/document_capture_concern.rb index 4eb68632b86..5cd9eb2ea57 100644 --- a/app/controllers/concerns/idv/document_capture_concern.rb +++ b/app/controllers/concerns/idv/document_capture_concern.rb @@ -59,7 +59,7 @@ def selfie_requirement_met? end def redirect_to_correct_vendor(vendor, in_hybrid_mobile) - return if IdentityConfig.store.doc_auth_disable_redirect_to_correct_vendor + return if IdentityConfig.store.doc_auth_redirect_to_correct_vendor_disabled expected_doc_auth_vendor = doc_auth_vendor return if vendor == expected_doc_auth_vendor diff --git a/config/application.yml.default b/config/application.yml.default index e1919b6022c..178b2e731d7 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -100,7 +100,7 @@ doc_auth_attempt_window_in_minutes: 360 doc_auth_check_failed_image_resubmission_enabled: true doc_auth_client_glare_threshold: 50 doc_auth_client_sharpness_threshold: 50 -doc_auth_disable_redirect_to_correct_vendor: false +doc_auth_redirect_to_correct_vendor_disabled: false doc_auth_error_dpi_threshold: 290 doc_auth_error_glare_threshold: 40 doc_auth_error_sharpness_threshold: 40 diff --git a/lib/identity_config.rb b/lib/identity_config.rb index 963c310af94..525866d8151 100644 --- a/lib/identity_config.rb +++ b/lib/identity_config.rb @@ -118,7 +118,7 @@ def self.store config.add(:doc_auth_check_failed_image_resubmission_enabled, type: :boolean) config.add(:doc_auth_client_glare_threshold, type: :integer) config.add(:doc_auth_client_sharpness_threshold, type: :integer) - config.add(:doc_auth_disable_redirect_to_correct_vendor, type: :boolean) + config.add(:doc_auth_redirect_to_correct_vendor_disabled, type: :boolean) config.add(:doc_auth_error_dpi_threshold, type: :integer) config.add(:doc_auth_error_glare_threshold, type: :integer) config.add(:doc_auth_error_sharpness_threshold, type: :integer) From 63ea14fbfc0069a050629443fc3f0b06dd3ad059 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 15:34:01 -0500 Subject: [PATCH 24/30] rename env var doc_auth_disable_redirect_to_correct_vendor to doc_auth_redirect_to_correct_vendor_disabled in specs --- spec/controllers/idv/document_capture_controller_spec.rb | 2 +- .../idv/hybrid_mobile/document_capture_controller_spec.rb | 2 +- .../hybrid_mobile/socure/document_capture_controller_spec.rb | 2 +- spec/controllers/idv/socure/document_capture_controller_spec.rb | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/controllers/idv/document_capture_controller_spec.rb b/spec/controllers/idv/document_capture_controller_spec.rb index 3dadf39dff8..4a0d945b92e 100644 --- a/spec/controllers/idv/document_capture_controller_spec.rb +++ b/spec/controllers/idv/document_capture_controller_spec.rb @@ -175,7 +175,7 @@ context 'when redirect to correct vendor is disabled' do before do allow(IdentityConfig.store) - .to receive(:doc_auth_disable_redirect_to_correct_vendor).and_return(true) + .to receive(:doc_auth_redirect_to_correct_vendor_disabled).and_return(true) end it 'redirects to the Socure controller' do diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb index b0302c89406..71691b237e2 100644 --- a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb @@ -71,7 +71,7 @@ context 'when redirect to correct vendor is disabled' do before do allow(IdentityConfig.store) - .to receive(:doc_auth_disable_redirect_to_correct_vendor).and_return(true) + .to receive(:doc_auth_redirect_to_correct_vendor_disabled).and_return(true) end it 'redirects to the Socure controller' do diff --git a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb index 3761703cfbe..5326a6918b2 100644 --- a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb @@ -217,7 +217,7 @@ let(:idv_vendor) { Idp::Constants::Vendors::LEXIS_NEXIS } before do allow(IdentityConfig.store) - .to receive(:doc_auth_disable_redirect_to_correct_vendor).and_return(true) + .to receive(:doc_auth_redirect_to_correct_vendor_disabled).and_return(true) end it 'redirects to the Socure controller' do diff --git a/spec/controllers/idv/socure/document_capture_controller_spec.rb b/spec/controllers/idv/socure/document_capture_controller_spec.rb index 41bb70419bb..d663103604c 100644 --- a/spec/controllers/idv/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/socure/document_capture_controller_spec.rb @@ -110,7 +110,7 @@ end before do allow(IdentityConfig.store) - .to receive(:doc_auth_disable_redirect_to_correct_vendor).and_return(true) + .to receive(:doc_auth_redirect_to_correct_vendor_disabled).and_return(true) end it 'redirects to the Socure controller' do From c37a578e4614e467cc41c14343739462174e7005 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 15:57:04 -0500 Subject: [PATCH 25/30] lint config file --- config/application.yml.default | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/application.yml.default b/config/application.yml.default index 178b2e731d7..2759c4ed6d4 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -100,7 +100,6 @@ doc_auth_attempt_window_in_minutes: 360 doc_auth_check_failed_image_resubmission_enabled: true doc_auth_client_glare_threshold: 50 doc_auth_client_sharpness_threshold: 50 -doc_auth_redirect_to_correct_vendor_disabled: false doc_auth_error_dpi_threshold: 290 doc_auth_error_glare_threshold: 40 doc_auth_error_sharpness_threshold: 40 @@ -108,6 +107,7 @@ doc_auth_max_attempts: 5 doc_auth_max_capture_attempts_before_native_camera: 3 doc_auth_max_submission_attempts_before_native_camera: 3 doc_auth_read_additional_pii_attributes_enabled: false +doc_auth_redirect_to_correct_vendor_disabled: false doc_auth_selfie_desktop_test_mode: false doc_auth_socure_wait_polling_refresh_max_seconds: 15 doc_auth_socure_wait_polling_timeout_minutes: 2 From ba163f7199931f76668eedb09f37e0f660c30d7f Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 16:51:47 -0500 Subject: [PATCH 26/30] remove unused variable --- spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb index cf8562c267c..02491fd4191 100644 --- a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb +++ b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb @@ -466,11 +466,10 @@ it 'shows the network error page on the phone and the link sent page on the desktop', js: true do - user = nil perform_in_browser(:desktop) do visit_idp_from_sp_with_ial2(sp) - user = sign_up_and_2fa_ial1_user + sign_up_and_2fa_ial1_user complete_doc_auth_steps_before_hybrid_handoff_step clear_and_fill_in(:doc_auth_phone, phone_number) From 58b949e05160d31a8ad67e776103e351c155a2f5 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 17:11:46 -0500 Subject: [PATCH 27/30] fix spec for document request api calls to test hybrid flow --- .../hybrid_socure_mobile_spec.rb | 72 +++++++++---------- 1 file changed, 32 insertions(+), 40 deletions(-) diff --git a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb index 02491fd4191..ae0ede63a16 100644 --- a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb +++ b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb @@ -459,56 +459,48 @@ end context 'with a network error requesting the capture app url' do - before do - allow_any_instance_of(Faraday::Connection).to receive(:post) - .and_raise(Faraday::ConnectionFailed) - end - - it 'shows the network error page on the phone and the link sent page on the desktop', - js: true do - - perform_in_browser(:desktop) do - visit_idp_from_sp_with_ial2(sp) - sign_up_and_2fa_ial1_user - - complete_doc_auth_steps_before_hybrid_handoff_step - clear_and_fill_in(:doc_auth_phone, phone_number) - click_send_link + shared_examples 'document request API failure' do + it 'shows the network error page on the phone and the link sent page on the desktop', + js: true do + perform_in_browser(:desktop) do + visit_idp_from_sp_with_ial2(sp) + sign_up_and_2fa_ial1_user + + complete_doc_auth_steps_before_hybrid_handoff_step + clear_and_fill_in(:doc_auth_phone, phone_number) + click_send_link + end + + perform_in_browser(:mobile) do + visit @sms_link + + expect(page).to have_text(t('doc_auth.headers.general.network_error')) + expect(page).to have_text(t('doc_auth.errors.general.new_network_error')) + expect(@analytics).to have_logged_event(:idv_socure_document_request_submitted) + end + + perform_in_browser(:desktop) do + expect(page).to have_current_path(idv_link_sent_path) + end end + end - perform_in_browser(:mobile) do - visit @sms_link - - expect(page).to have_text(t('doc_auth.headers.general.network_error')) - expect(page).to have_text(t('doc_auth.errors.general.new_network_error')) - expect(@analytics).to have_logged_event(:idv_socure_document_request_submitted) + context 'Faraday connection error' do + before do + allow_any_instance_of(Faraday::Connection).to receive(:post) + .and_raise(Faraday::ConnectionFailed) end - perform_in_browser(:desktop) do - expect(page).to have_current_path(idv_link_sent_path) - end + it_behaves_like 'document request API failure' end - end - # this does not test the hybrid mobile flow - xcontext 'invalid request', allow_browser_log: true do - context 'getting the capture path w wrong api key' do + context 'invalid request (ie: wrong api key)', allow_browser_log: true do before do - user = user_with_2fa - visit_idp_from_oidc_sp_with_ial2 - sign_in_and_2fa_user(user) - complete_doc_auth_steps_before_document_capture_step - click_idv_continue DocAuth::Mock::DocAuthMockClient.reset! stub_docv_document_request(status: 401) end - - it 'correctly logs event', js: true do - visit idv_socure_document_capture_path - expect(@analytics).to have_logged_event( - :idv_socure_document_request_submitted, - ) - end + + it_behaves_like 'document request API failure' end end end From 22e643b38c1503b61188c1a2e6eb61e67f6ec3a0 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 3 Jan 2025 17:15:03 -0500 Subject: [PATCH 28/30] happy linting --- .../idv/hybrid_mobile/hybrid_socure_mobile_spec.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb index ae0ede63a16..94e870126ee 100644 --- a/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb +++ b/spec/features/idv/hybrid_mobile/hybrid_socure_mobile_spec.rb @@ -465,20 +465,20 @@ perform_in_browser(:desktop) do visit_idp_from_sp_with_ial2(sp) sign_up_and_2fa_ial1_user - + complete_doc_auth_steps_before_hybrid_handoff_step clear_and_fill_in(:doc_auth_phone, phone_number) click_send_link end - + perform_in_browser(:mobile) do visit @sms_link - + expect(page).to have_text(t('doc_auth.headers.general.network_error')) expect(page).to have_text(t('doc_auth.errors.general.new_network_error')) expect(@analytics).to have_logged_event(:idv_socure_document_request_submitted) end - + perform_in_browser(:desktop) do expect(page).to have_current_path(idv_link_sent_path) end @@ -499,7 +499,7 @@ DocAuth::Mock::DocAuthMockClient.reset! stub_docv_document_request(status: 401) end - + it_behaves_like 'document request API failure' end end From e2fdc7e5e7014c3dc151f510436c254e89448df1 Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 10 Jan 2025 16:42:27 -0500 Subject: [PATCH 29/30] add spec to test when socure hybrid mobile when redirect is enforced --- .../socure/document_capture_controller_spec.rb | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb index 5326a6918b2..c05ef0408b3 100644 --- a/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/socure/document_capture_controller_spec.rb @@ -213,14 +213,21 @@ end context 'when we try to use this controller but we should be using the LN/mock version' do + let(:idv_vendor) { Idp::Constants::Vendors::LEXIS_NEXIS } + + it 'redirects to the LN/Mock controller' do + get :show + + expect(response).to redirect_to(idv_hybrid_mobile_document_capture_url) + end + context 'when redirect to correct vendor is disabled' do - let(:idv_vendor) { Idp::Constants::Vendors::LEXIS_NEXIS } before do allow(IdentityConfig.store) .to receive(:doc_auth_redirect_to_correct_vendor_disabled).and_return(true) end - it 'redirects to the Socure controller' do + it 'renders to the Socure controller' do get :show expect(response).to have_http_status 200 From 4c00cf0468d4e6289b3ccea4fa2732ea9c5a3b6a Mon Sep 17 00:00:00 2001 From: Amir Reavis-Bey Date: Fri, 10 Jan 2025 16:46:23 -0500 Subject: [PATCH 30/30] update spec desc --- .../idv/hybrid_mobile/document_capture_controller_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb index 71691b237e2..f6d744dbc67 100644 --- a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb @@ -74,7 +74,7 @@ .to receive(:doc_auth_redirect_to_correct_vendor_disabled).and_return(true) end - it 'redirects to the Socure controller' do + it 'allows the user to use this controller' do get :show expect(response).to render_template :show