Allow multiple USPS confirmation codes

**Why**: So that when a user resends a letter, it does not invalidate
the USPS confirmation code in preceding letters. This means that if a
user resends a letter before receiving their first letter, the code in
the first letter can still be used to verify their account.

**How**: This commit adds a new model named `UspsConfirmationCode`. This
model is associated with a profile and has an asymmetrically encrypted
OTP. When the user enters an OTP, the record with the matching OTP
fingerprint is found. This is used to determine whether the entered OTP
is valid for verifying their account.

app/controllers/users/verify_account_controller.rb

@@ -9,7 +9,7 @@ def index
       @verify_account_form = VerifyAccountForm.new(user: current_user)
 
       return unless FeatureManagement.reveal_usps_code?
-      @code = JSON.parse(user_session[:decrypted_pii])['otp']['raw']
+      @code = session[:last_usps_confirmation_code]
     end
 
     def create
@@ -28,8 +28,7 @@ def create
     def build_verify_account_form
       VerifyAccountForm.new(
         user: current_user,
-        otp: params_otp,
-        pii_attributes: decrypted_pii
+        otp: params_otp
       )
     end
 
@@ -41,12 +40,5 @@ def confirm_verification_needed
       return if current_user.decorate.pending_profile_requires_verification?
       redirect_to account_url
     end
-
-    def decrypted_pii
-      @_decrypted_pii ||= begin
-        cacher = Pii::Cacher.new(current_user, user_session)
-        cacher.fetch
-      end
-    end
   end
 end

app/controllers/verify/come_back_later_controller.rb

@@ -2,19 +2,14 @@ module Verify
   class ComeBackLaterController < ApplicationController
     include IdvSession
 
-    before_action :confirm_idv_session_completed
-    before_action :confirm_usps_verification_method_chosen
+    before_action :confirm_user_needs_usps_confirmation
 
     def show; end
 
     private
 
-    def confirm_idv_session_completed
-      redirect_to account_path if idv_session.profile.blank?
-    end
-
-    def confirm_usps_verification_method_chosen
-      redirect_to account_path unless idv_session.address_verification_mechanism == 'usps'
+    def confirm_user_needs_usps_confirmation
+      redirect_to account_path unless current_user.decorate.needs_profile_usps_verification?
     end
   end
 end

app/controllers/verify/review_controller.rb

@@ -47,6 +47,9 @@ def create
       init_profile
       redirect_to verify_confirmations_path
       analytics.track_event(Analytics::IDV_REVIEW_COMPLETE)
+
+      return unless FeatureManagement.reveal_usps_code?
+      session[:last_usps_confirmation_code] = idv_session.usps_otp
     end
 
     private

app/controllers/verify/usps_controller.rb

@@ -13,7 +13,8 @@ def create
       idv_session.address_verification_mechanism = :usps
 
       if current_user.decorate.needs_profile_usps_verification?
-        redirect_to account_path
+        resend_letter
+        redirect_to verify_come_back_later_url
       else
         redirect_to verify_review_url
       end
@@ -29,5 +30,17 @@ def confirm_mail_not_spammed
       redirect_to verify_review_path if idv_session.address_mechanism_chosen? &&
                                         usps_mail_service.mail_spammed?
     end
+
+    def resend_letter
+      confirmation_maker = UspsConfirmationMaker.new(
+        pii: Pii::Cacher.new(current_user, user_session).fetch,
+        issuer: sp_session[:issuer],
+        profile: current_user.decorate.pending_profile
+      )
+      confirmation_maker.perform
+
+      return unless FeatureManagement.reveal_usps_code?
+      session[:last_usps_confirmation_code] = confirmation_maker.otp
+    end
   end
 end

app/forms/verify_account_form.rb

@@ -9,10 +9,9 @@ class VerifyAccountForm
   attr_accessor :otp, :pii_attributes
   attr_reader :user
 
-  def initialize(user:, otp: nil, pii_attributes: nil)
+  def initialize(user:, otp: nil)
     @user = user
     @otp = otp
-    @pii_attributes = pii_attributes
   end
 
   def submit
@@ -31,8 +30,14 @@ def pending_profile
     @_pending_profile ||= user.decorate.pending_profile
   end
 
+  def usps_confirmation_code
+    return if otp.blank? || pending_profile.blank?
+
+    pending_profile.usps_confirmation_codes.first_with_otp(otp)
+  end
+
   def validate_otp_not_expired
-    return unless Idv::UspsMail.new(user).most_recent_otp_expired?
+    return unless usps_confirmation_code.present? && usps_confirmation_code.expired?
 
     errors.add :otp, :usps_otp_expired
   end
@@ -47,9 +52,7 @@ def validate_otp
   end
 
   def valid_otp?
-    otp.present? && ActiveSupport::SecurityUtils.secure_compare(
-      Base32::Crockford.normalize(otp), Base32::Crockford.normalize(pii_attributes.otp.to_s)
-    )
+    otp.present? && usps_confirmation_code.present?
   end
 
   def reset_sensitive_fields

app/models/profile.rb

@@ -1,5 +1,6 @@
 class Profile < ApplicationRecord
   belongs_to :user
+  has_many :usps_confirmation_codes
 
   validates :active, uniqueness: { scope: :user_id, if: :active? }
   validates :ssn_signature, uniqueness: { scope: :active, if: :active? }

app/models/usps_confirmation_code.rb

@@ -0,0 +1,16 @@
+class UspsConfirmationCode < ApplicationRecord
+  belongs_to :profile
+
+  def self.first_with_otp(otp)
+    find do |usps_confirmation_code|
+      Pii::Fingerprinter.verify(
+        Base32::Crockford.normalize(otp),
+        usps_confirmation_code.otp_fingerprint
+      )
+    end
+  end
+
+  def expired?
+    code_sent_at < Figaro.env.usps_confirmation_max_days.to_i.days.ago
+  end
+end

app/services/idv/profile_maker.rb

@@ -40,15 +40,9 @@ def pii_from_applicant(appl, norm_appl)
         zipcode: Pii::Attribute.new(raw: appl.zipcode, norm: norm_appl.zipcode),
         dob: Pii::Attribute.new(raw: appl.dob, norm: norm_appl.dob),
         ssn: Pii::Attribute.new(raw: appl.ssn, norm: norm_appl.ssn),
-        phone: Pii::Attribute.new(raw: appl.phone, norm: norm_appl.phone),
-        otp: generate_otp
+        phone: Pii::Attribute.new(raw: appl.phone, norm: norm_appl.phone)
       )
     end
     # rubocop:enable MethodLength, AbcSize
-
-    def generate_otp(length: 10)
-      # Crockford encoding is 5 bits per character
-      Base32::Crockford.encode(SecureRandom.random_number(2**(5 * length)), length: length)
-    end
   end
 end

app/services/idv/session.rb

@@ -20,7 +20,7 @@ class Session
       vendor_session_id
     ].freeze
 
-    attr_reader :current_user
+    attr_reader :current_user, :usps_otp
 
     def initialize(user_session:, current_user:, issuer:)
       @user_session = user_session
@@ -91,8 +91,10 @@ def create_usps_entry
       if pii.is_a?(String)
         self.pii = Pii::Attributes.new_from_json(user_session[:decrypted_pii])
       end
+      confirmation_maker = UspsConfirmationMaker.new(pii: pii, issuer: issuer, profile: profile)
+      confirmation_maker.perform
 
-      UspsConfirmationMaker.new(pii: pii, issuer: issuer).perform
+      @usps_otp = confirmation_maker.otp
     end
 
     def alive?

app/services/idv/usps_mail.rb

@@ -2,7 +2,6 @@ module Idv
   class UspsMail
     MAX_MAIL_EVENTS = Figaro.env.max_mail_events.to_i
     MAIL_EVENTS_WINDOW_DAYS = Figaro.env.max_mail_events_window_in_days.to_i
-    USPS_CONFIRMATION_WINDOW_DAYS = Figaro.env.usps_confirmation_max_days.to_i
 
     def initialize(current_user)
       @current_user = current_user
@@ -17,12 +16,6 @@ def any_mail_sent?
       user_mail_events.any?
     end
 
-    def most_recent_otp_expired?
-      return false unless any_mail_sent?
-
-      user_mail_events.first.updated_at < USPS_CONFIRMATION_WINDOW_DAYS.days.ago
-    end
-
     private
 
     attr_reader :current_user

app/services/pii/attributes.rb

@@ -2,7 +2,7 @@ module Pii
   Attributes = Struct.new(
     :first_name, :middle_name, :last_name,
     :address1, :address2, :city, :state, :zipcode,
-    :ssn, :dob, :phone, :otp,
+    :ssn, :dob, :phone,
     :prev_address1, :prev_address2, :prev_city, :prev_state, :prev_zipcode
   ) do
     def self.new_from_hash(hash)

app/services/usps_confirmation_maker.rb

@@ -1,17 +1,26 @@
 class UspsConfirmationMaker
-  def initialize(pii:, issuer:)
+  def initialize(pii:, issuer:, profile:)
     @pii = pii
     @issuer = issuer
+    @profile = profile
+  end
+
+  def otp
+    @otp ||= generate_otp
   end
 
   def perform
     entry = UspsConfirmationEntry.new_from_hash(attributes)
     UspsConfirmation.create!(entry: entry.encrypted)
+    UspsConfirmationCode.create!(
+      profile: profile,
+      otp_fingerprint: Pii::Fingerprinter.fingerprint(otp)
+    )
   end
 
   private
 
-  attr_reader :pii, :issuer
+  attr_reader :pii, :issuer, :profile
 
   # rubocop:disable AbcSize, MethodLength
   # This method is single statement spread across many lines for readability
@@ -20,7 +29,7 @@ def attributes
       address1: pii[:address1].norm,
       address2: pii[:address2].norm,
       city: pii[:city].norm,
-      otp: pii[:otp].norm,
+      otp: otp,
       first_name: pii[:first_name].norm,
       last_name: pii[:last_name].norm,
       state: pii[:state].norm,
@@ -29,4 +38,9 @@ def attributes
     }
   end
   # rubocop:enable AbcSize, MethodLength
+
+  def generate_otp
+    # Crockford encoding is 5 bits per character
+    Base32::Crockford.encode(SecureRandom.random_number(2**(5 * 10)), length: 10)
+  end
 end

db/migrate/20170905144239_create_usps_confirmation_codes.rb

@@ -0,0 +1,12 @@
+class CreateUspsConfirmationCodes < ActiveRecord::Migration[5.1]
+  def change
+    create_table :usps_confirmation_codes do |t|
+      t.integer :profile_id, null: false
+      t.string :otp_fingerprint, null: false
+      t.datetime :code_sent_at, null: false, default: ->{ 'CURRENT_TIMESTAMP' }
+      t.index :profile_id, using: :btree
+
+      t.timestamps
+    end
+  end
+end