Merge pull request #3359 from DFE-Digital/LUPEYALPHA-1171/identity-ta…

…sk-1

LUPEYALPHA 1171/identity task

app/controllers/admin/tasks_controller.rb

@@ -17,7 +17,7 @@ def show
     @notes = @claim.notes.automated.by_label(params[:name])
     @task_pagination = Admin::TaskPagination.new(claim: @claim, current_task_name:)
 
-    render @task.name
+    render task_view(@task)
   end
 
   def create
@@ -103,4 +103,16 @@ def set_banner_messages
 
     messages
   end
+
+  def task_view(task)
+    policy = task.claim.policy
+    policy_path = policy.to_s.underscore
+    policy_scoped_task_name = "#{policy_path}/#{task.name}"
+
+    if lookup_context.template_exists?(policy_scoped_task_name, [params[:controller]], false)
+      "admin/tasks/#{policy_scoped_task_name}"
+    else
+      task.name
+    end
+  end
 end

app/controllers/omniauth_callbacks_controller.rb

@@ -114,11 +114,17 @@ def process_one_login_identity_verification_callback(core_identity_jwt)
     )
   end
 
+  ONE_LOGIN_TEST_USER = {
+    first_name: "TEST",
+    last_name: "USER",
+    date_of_birth: Date.new(1970, 1, 1)
+  }
+
   def extract_data_from_jwt(jwt)
     if OneLoginSignIn.bypass?
-      first_name = "TEST"
-      last_name = "USER"
-      date_of_birth = Date.new(1970, 1, 1)
+      first_name = ONE_LOGIN_TEST_USER[:first_name]
+      last_name = ONE_LOGIN_TEST_USER[:last_name]
+      date_of_birth = ONE_LOGIN_TEST_USER[:date_of_birth]
     else
       validator = OneLogin::CoreIdentityValidator.new(jwt:)
       validator.call

app/jobs/claim_verifier_job.rb

@@ -1,8 +1,17 @@
 class ClaimVerifierJob < ApplicationJob
   def perform(claim)
-    dqt_teacher_status = if claim.policy == Policies::EarlyYearsPayments
-      nil
-    elsif claim.has_dqt_record?
+    AutomatedChecks::ClaimVerifier.new(
+      claim: claim,
+      dqt_teacher_status: dqt_teacher_status(claim)
+    ).perform
+  end
+
+  private
+
+  def dqt_teacher_status(claim)
+    return if claim.policy == Policies::EarlyYearsPayments
+
+    if claim.has_dqt_record?
       Dqt::Teacher.new(claim.dqt_teacher_status)
     else
       Dqt::Client.new.teacher.find(
@@ -11,10 +20,5 @@ def perform(claim)
         nino: claim.national_insurance_number
       )
     end
-
-    AutomatedChecks::ClaimVerifier.new(
-      claim:,
-      dqt_teacher_status:
-    ).perform
   end
 end

app/models/automated_checks/claim_verifiers/early_years_payments/identity.rb

@@ -0,0 +1,66 @@
+module AutomatedChecks
+  module ClaimVerifiers
+    module EarlyYearsPayments
+      class Identity < AutomatedChecks::ClaimVerifiers::Identity
+        def perform
+          return unless claim.eligibility.practitioner_journey_completed?
+          return unless awaiting_task?(TASK_NAME)
+
+          if one_login_idv_match?
+            create_task(match: nil, passed: true)
+          elsif one_login_idv_partial_match?
+            create_task(match: :any, passed: nil)
+
+            create_note(
+              body: <<-HTML
+              [GOV UK One Login Name] - Names partially match:
+              <pre>
+                Provider: "#{claim.eligibility.practitioner_name}"
+                GOV.UK One Login: "#{claim.onelogin_idv_full_name}"
+              </pre>
+              HTML
+            )
+          elsif claim.one_login_idv_match?
+            create_task(match: nil, passed: false)
+
+            create_note(
+              body: <<-HTML
+              [GOV UK One Login Name] - Names do not match:
+              <pre>
+                Provider: "#{claim.eligibility.practitioner_name}"
+                GOV.UK One Login: "#{claim.onelogin_idv_full_name}"
+              </pre>
+              HTML
+            )
+          else
+            create_task(match: :none, passed: false)
+
+            create_note(
+              body: <<-HTML
+              [GOV UK One Login] - IDV mismatch:
+              <pre>
+                GOV.UK One Login Name: "#{claim.onelogin_idv_full_name}"
+                GOV.UK One Login DOB: "#{claim.onelogin_idv_date_of_birth}"
+              </pre>
+              HTML
+            )
+          end
+        end
+
+        private
+
+        def one_login_idv_match?
+          return false unless claim.one_login_idv_match?
+
+          claim.eligibility.practitioner_and_provider_entered_names_match?
+        end
+
+        def one_login_idv_partial_match?
+          return false unless claim.one_login_idv_match?
+
+          claim.eligibility.practitioner_and_provider_entered_names_partial_match?
+        end
+      end
+    end
+  end
+end

app/models/claim.rb

@@ -447,6 +447,10 @@ def one_login_idv_mismatch?
     !one_login_idv_name_match? || !one_login_idv_dob_match?
   end
 
+  def one_login_idv_match?
+    one_login_idv_name_match? && one_login_idv_dob_match?
+  end
+
   def awaiting_provider_verification?
     return false unless has_further_education_policy?
 

app/models/policies/early_years_payments.rb

@@ -7,7 +7,8 @@ module EarlyYearsPayments
     MIN_QA_THRESHOLD = 10
 
     VERIFIERS = [
-      AutomatedChecks::ClaimVerifiers::StudentLoanPlan
+      AutomatedChecks::ClaimVerifiers::StudentLoanPlan,
+      AutomatedChecks::ClaimVerifiers::EarlyYearsPayments::Identity
     ]
 
     # Attributes to delete from claims submitted before the current academic

app/models/policies/early_years_payments/admin_tasks_presenter.rb

@@ -15,6 +15,32 @@ def employment
           ["Start date", l(claim.eligibility.start_date)]
         ]
       end
+
+      def identity_confirmation
+        []
+      end
+
+      def provider_entered_claimant_name
+        claim.eligibility.practitioner_name
+      end
+
+      def one_login_claimant_name
+        claim.onelogin_idv_full_name
+      end
+
+      def practitioner_journey_completed?
+        claim.eligibility.practitioner_journey_completed?
+      end
+
+      def qualifications
+        []
+      end
+
+      def student_loan_plan
+        [
+          ["Student loan plan", claim.student_loan_plan&.humanize]
+        ]
+      end
     end
   end
 end

app/models/policies/early_years_payments/claim_checking_tasks.rb

@@ -14,6 +14,7 @@ def initialize(claim)
       def applicable_task_names
         tasks = []
 
+        tasks << "identity_confirmation"
         tasks << "student_loan_plan" if claim.submitted_without_slc_data?
 
         tasks

app/models/policies/early_years_payments/eligibility.rb

@@ -37,6 +37,20 @@ def employment_task_available?
       def practitioner_name
         [practitioner_first_name, practitioner_surname].join(" ")
       end
+
+      def practitioner_and_provider_entered_names_match?
+        practitioner_first_name.downcase == claim.onelogin_idv_first_name.downcase &&
+          practitioner_surname.downcase == claim.onelogin_idv_last_name.downcase
+      end
+
+      def practitioner_and_provider_entered_names_partial_match?
+        practitioner_first_name.downcase == claim.onelogin_idv_first_name.downcase ||
+          practitioner_surname.downcase == claim.onelogin_idv_last_name.downcase
+      end
+
+      def practitioner_journey_completed?
+        claim.submitted_at.present?
+      end
     end
   end
 end

app/views/admin/tasks/early_years_payments/identity_confirmation.html.erb

@@ -0,0 +1,60 @@
+<% content_for(:page_title) { page_title("Claim #{@claim.reference} identity confirmation check for #{@claim.policy.short_name}") } %>
+
+<% content_for :back_link do %>
+  <%= govuk_back_link href: admin_claim_tasks_path(@claim) %>
+<% end %>
+
+<%= render "shared/error_summary", instance: @task, errored_field_id_overrides: { "passed": "task_passed_true" } if @task.errors.any? %>
+
+<div class="govuk-grid-row">
+  <%= render claim_summary_view, claim: @claim, heading: "Identity confirmation" %>
+
+  <div class="govuk-grid-column-two-thirds">
+    <h2 class="govuk-heading-l"><%= @current_task_name.humanize %></h2>
+  </div>
+
+  <div class="govuk-grid-column-two-thirds">
+    <h3 class="govuk-heading-m">
+      <%= I18n.t(
+        "admin.tasks.identity_confirmation.title",
+        claim_full_name: @claim.full_name
+      ) %>
+    </h3>
+
+    <table class="govuk-table">
+      <tbody class="govuk-table__body">
+        <tr class="govuk-table__row">
+          <th scope="row" class="govuk-table__header">
+            Provider entered claimant name
+          </th>
+          <td class="govuk-table__cell">
+            <%= @tasks_presenter.provider_entered_claimant_name %>
+          </td>
+        </tr>
+        <tr class="govuk-table__row">
+          <th scope="row" class="govuk-table__header">
+            Claimant name from One login
+          </th>
+          <td class="govuk-table__cell">
+            <%= @tasks_presenter.one_login_claimant_name %>
+          </td>
+        </tr>
+      </tbody>
+    </table>
+
+    <% if @tasks_presenter.practitioner_journey_completed? %>
+      <% if @task.claim_verifier_match_any? && @task.passed.nil? %>
+        <%= render "form", task_name: "identity_confirmation", claim: @claim %>
+      <% else %>
+        <%= render "task_outcome", task: @task %>
+      <% end %>
+    <% else %>
+      <div class="govuk-inset-text">
+        This task is not available until the claimant has submitted their
+        claim.
+      </div>
+    <% end %>
+
+    <%= render partial: "admin/task_pagination", locals: { task_pagination: @task_pagination } %>
+  </div>
+</div>

config/brakeman.ignore

@@ -46,29 +46,6 @@
       ],
       "note": "Create and update should be flagged but change is not different from existing behaviour, raising issue."
     },
-    {
-      "warning_type": "Dynamic Render Path",
-      "warning_code": 15,
-      "fingerprint": "2e15a7fa4c8b8254b7724a1c5b8553cf4f7372f62b9401e1f5cbda1abe8c62ef",
-      "check_name": "Render",
-      "message": "Render path contains parameter value",
-      "file": "app/controllers/admin/tasks_controller.rb",
-      "line": 20,
-      "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
-      "code": "render(action => Claim.includes(:tasks).find(params[:claim_id]).tasks.find_or_initialize_by(:name => params[:name]).name, {})",
-      "render_path": null,
-      "location": {
-        "type": "method",
-        "class": "Admin::TasksController",
-        "method": "show"
-      },
-      "user_input": "params[:name]",
-      "confidence": "Weak",
-      "cwe_id": [
-        22
-      ],
-      "note": "Constrained to valid input by routes"
-    },
     {
       "warning_type": "SQL Injection",
       "warning_code": 0,
@@ -115,6 +92,29 @@
       ],
       "note": ""
     },
+    {
+      "warning_type": "Dynamic Render Path",
+      "warning_code": 15,
+      "fingerprint": "9e2cf5f527443878fab8807fc6ca1af5a8f27690f312694489183624ab98d66d",
+      "check_name": "Render",
+      "message": "Render path contains parameter value",
+      "file": "app/controllers/admin/tasks_controller.rb",
+      "line": 20,
+      "link": "https://brakemanscanner.org/docs/warning_types/dynamic_render_path/",
+      "code": "render(action => task_view(Claim.includes(:tasks).find(params[:claim_id]).tasks.find_or_initialize_by(:name => params[:name])), {})",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "Admin::TasksController",
+        "method": "show"
+      },
+      "user_input": "params[:name]",
+      "confidence": "Weak",
+      "cwe_id": [
+        22
+      ],
+      "note": ""
+    },
     {
       "warning_type": "SQL Injection",
       "warning_code": 0,
@@ -139,6 +139,6 @@
       "note": ""
     }
   ],
-  "updated": "2024-10-23 16:53:59 +0100",
+  "updated": "2024-10-30 16:55:54 +0000",
   "brakeman_version": "6.2.1"
 }

config/locales/en.yml

@@ -1462,6 +1462,8 @@ en:
       task_questions:
         employment:
           title: Is the claimant still working at the current nursery above?
+        identity_confirmation:
+          title: "Do these names match?"
   early_years_payment_practitioner:
     journey_name: Claim an early years financial incentive payment - practitioner
     feedback_email: "[email protected]"