Deploy RC 353 to Production

Gemfile.lock

@@ -436,7 +436,7 @@ GEM
     net-ssh (6.1.0)
     newrelic_rpm (9.7.0)
     nio4r (2.7.0)
-    nokogiri (1.16.0)
+    nokogiri (1.16.2)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     openssl (3.0.2)

app/components/base_component.rb

@@ -5,7 +5,7 @@ def before_render
 
   def self.scripts
     @scripts ||= begin
-      scripts = sidecar_files_basenames(['js', 'ts'])
+      scripts = sidecar_files_basenames(['ts'])
       scripts.concat superclass.scripts if superclass.respond_to?(:scripts)
       scripts
     end

app/controllers/account_reset/pending_controller.rb

@@ -1,6 +1,7 @@
 module AccountReset
   class PendingController < ApplicationController
     include UserAuthenticator
+    include ActionView::Helpers::DateHelper
 
     before_action :authenticate_user
     before_action :confirm_account_reset_request_exists
@@ -10,7 +11,9 @@ def show
       @pending_presenter = AccountReset::PendingPresenter.new(pending_account_reset_request)
     end
 
-    def confirm; end
+    def confirm
+      @account_reset_deletion_period_interval = account_reset_deletion_period_interval
+    end
 
     def cancel
       analytics.pending_account_reset_cancelled
@@ -29,5 +32,16 @@ def pending_account_reset_request
         current_user,
       ).call
     end
+
+    def account_reset_deletion_period_interval
+      current_time = Time.zone.now
+
+      distance_of_time_in_words(
+        current_time,
+        current_time + IdentityConfig.store.account_reset_wait_period_days.days,
+        true,
+        accumulate_on: :hours,
+      )
+    end
   end
 end

app/controllers/account_reset/request_controller.rb

@@ -1,11 +1,13 @@
 module AccountReset
   class RequestController < ApplicationController
     include TwoFactorAuthenticatable
+    include ActionView::Helpers::DateHelper
 
     before_action :confirm_two_factor_enabled
 
     def show
       analytics.account_reset_visit
+      @account_reset_deletion_period_interval = account_reset_deletion_period_interval
     end
 
     def create
@@ -39,5 +41,16 @@ def analytics_attributes
         email_addresses: current_user.email_addresses.count,
       }
     end
+
+    def account_reset_deletion_period_interval
+      current_time = Time.zone.now
+
+      distance_of_time_in_words(
+        current_time,
+        current_time + IdentityConfig.store.account_reset_wait_period_days.days,
+        true,
+        accumulate_on: :hours,
+      )
+    end
   end
 end

app/controllers/concerns/idv/document_capture_concern.rb

@@ -36,7 +36,7 @@ def extract_pii_from_doc(user, response, store_in_session: false)
         idv_session.had_barcode_read_failure = response.attention_with_barcode?
         if store_in_session
           idv_session.pii_from_doc = response.pii_from_doc
-          idv_session.selfie_check_performed = response.selfie_check_performed
+          idv_session.selfie_check_performed = response.selfie_check_performed?
         end
       end
 
@@ -49,7 +49,7 @@ def stored_result
     end
 
     def selfie_requirement_met?
-      !decorated_sp_session.selfie_required? || stored_result.selfie_check_performed
+      !decorated_sp_session.selfie_required? || stored_result.selfie_check_performed?
     end
 
     private

app/controllers/concerns/idv/verify_info_concern.rb

@@ -112,14 +112,14 @@ def idv_failure_log_rate_limited(rate_limit_type)
     def idv_failure_log_error
       analytics.idv_doc_auth_exception_visited(
         step_name: STEP_NAME,
-        remaining_attempts: resolution_rate_limiter.remaining_count,
+        remaining_submit_attempts: resolution_rate_limiter.remaining_count,
       )
     end
 
     def idv_failure_log_warning
       analytics.idv_doc_auth_warning_visited(
         step_name: STEP_NAME,
-        remaining_attempts: resolution_rate_limiter.remaining_count,
+        remaining_submit_attempts: resolution_rate_limiter.remaining_count,
       )
     end
 

app/controllers/concerns/idv_session_concern.rb

@@ -7,17 +7,20 @@ module IdvSessionConcern
   end
 
   def confirm_idv_needed
-    return if idv_session_user.active_profile.blank? ||
-              decorated_sp_session.requested_more_recent_verification? ||
-              idv_session_user.reproof_for_irs?(service_provider: current_sp)
-
-    redirect_to idv_activated_url
+    redirect_to idv_activated_url unless idv_needed?
   end
 
   def hybrid_session?
     session[:doc_capture_user_id].present?
   end
 
+  def idv_needed?
+    user_needs_selfie? ||
+      idv_session_user.active_profile.blank? ||
+      decorated_sp_session.requested_more_recent_verification? ||
+      idv_session_user.reproof_for_irs?(service_provider: current_sp)
+  end
+
   def idv_session
     @idv_session ||= Idv::Session.new(
       user_session: user_session,
@@ -66,4 +69,8 @@ def idv_session_user
 
     current_user
   end
+
+  def user_needs_selfie?
+    decorated_sp_session.selfie_required? && !current_user.identity_verified_with_selfie?
+  end
 end

app/controllers/idv/how_to_verify_controller.rb

@@ -61,7 +61,9 @@ def self.step_info
         controller: self,
         next_steps: [:hybrid_handoff, :document_capture],
         preconditions: ->(idv_session:, user:) do
-          self.enabled? && idv_session.idv_consent_given
+          self.enabled? &&
+          idv_session.idv_consent_given &&
+          idv_session.service_provider&.in_person_proofing_enabled
         end,
         undo_step: ->(idv_session:, user:) { idv_session.skip_doc_auth = nil },
       )

app/controllers/idv/phone_errors_controller.rb

@@ -10,7 +10,7 @@ class PhoneErrorsController < ApplicationController
     before_action :ignore_form_step_wait_requests
 
     def warning
-      @remaining_attempts = rate_limiter.remaining_count
+      @remaining_submit_attempts = rate_limiter.remaining_count
 
       if idv_session.previous_phone_step_params
         @phone = idv_session.previous_phone_step_params[:phone]
@@ -21,12 +21,12 @@ def warning
     end
 
     def timeout
-      @remaining_step_attempts = rate_limiter.remaining_count
+      @remaining_submit_attempts = rate_limiter.remaining_count
       track_event(type: :timeout)
     end
 
     def jobfail
-      @remaining_attempts = rate_limiter.remaining_count
+      @remaining_submit_attempts = rate_limiter.remaining_count
       track_event(type: :jobfail)
     end
 
@@ -63,7 +63,7 @@ def track_event(type:)
       if type == :failure
         attributes[:limiter_expires_at] = @expires_at
       else
-        attributes[:remaining_attempts] = @remaining_attempts
+        attributes[:remaining_submit_attempts] = @remaining_submit_attempts
       end
 
       analytics.idv_phone_error_visited(**attributes)

app/controllers/idv/session_errors_controller.rb

@@ -20,7 +20,7 @@ def warning
       )
 
       @step_indicator_steps = step_indicator_steps
-      @remaining_attempts = rate_limiter.remaining_count
+      @remaining_submit_attempts = rate_limiter.remaining_count
       log_event(based_on_limiter: rate_limiter)
     end
 
@@ -93,7 +93,7 @@ def log_event(based_on_limiter: nil)
         type: params[:action],
       }
 
-      options[:attempts_remaining] = based_on_limiter.remaining_count if based_on_limiter
+      options[:submit_attempts_remaining] = based_on_limiter.remaining_count if based_on_limiter
 
       analytics.idv_session_error_visited(**options)
     end

app/controllers/idv_controller.rb

@@ -10,10 +10,7 @@ class IdvController < ApplicationController
   before_action :confirm_not_rate_limited
 
   def index
-    if decorated_sp_session.requested_more_recent_verification? ||
-       current_user.reproof_for_irs?(service_provider: current_sp)
-      verify_identity
-    elsif active_profile?
+    if already_verified?
       redirect_to idv_activated_url
     else
       verify_identity
@@ -32,6 +29,14 @@ def activated
 
   private
 
+  def already_verified?
+    if decorated_sp_session.selfie_required?
+      return current_user.identity_verified_with_selfie?
+    end
+
+    return current_user.active_profile.present?
+  end
+
   def verify_identity
     analytics.idv_intro_visit
     redirect_to idv_welcome_url

app/controllers/users/webauthn_setup_controller.rb

@@ -90,28 +90,6 @@ def confirm
       end
     end
 
-    def delete
-      if MfaPolicy.new(current_user).multiple_factors_enabled?
-        handle_successful_delete
-      else
-        handle_failed_delete
-      end
-      redirect_to account_two_factor_authentication_path
-    end
-
-    def show_delete
-      @webauthn = WebauthnConfiguration.where(
-        user_id: current_user.id, id: delete_params[:id],
-      ).first
-
-      if @webauthn
-        render 'users/webauthn_setup/delete'
-      else
-        flash[:error] = t('errors.general')
-        redirect_back fallback_location: new_user_session_url, allow_other_host: false
-      end
-    end
-
     private
 
     def validate_existing_platform_authenticator
@@ -142,35 +120,6 @@ def exclude_credentials
       current_user.webauthn_configurations.map(&:credential_id)
     end
 
-    def handle_successful_delete
-      webauthn = WebauthnConfiguration.find_by(user_id: current_user.id, id: delete_params[:id])
-      return unless webauthn
-
-      create_user_event(:webauthn_key_removed)
-      webauthn.destroy
-      revoke_remember_device(current_user)
-      event = PushNotification::RecoveryInformationChangedEvent.new(user: current_user)
-      PushNotification::HttpPush.deliver(event)
-      if webauthn.platform_authenticator
-        flash[:success] = t('notices.webauthn_platform_deleted')
-      else
-        flash[:success] = t('notices.webauthn_deleted')
-      end
-      track_delete(success: true, platform_authenticator: webauthn.platform_authenticator?)
-    end
-
-    def handle_failed_delete
-      track_delete(success: false, platform_authenticator: nil)
-    end
-
-    def track_delete(success:, platform_authenticator:)
-      analytics.webauthn_delete_submitted(
-        success:,
-        configuration_id: delete_params[:id],
-        platform_authenticator:,
-      )
-    end
-
     def save_challenge_in_session
       credential_creation_options = WebAuthn::Credential.options_for_create(user: current_user)
       user_session[:webauthn_challenge] = credential_creation_options.challenge.bytes.to_a
@@ -224,9 +173,5 @@ def confirm_params
         :transports,
       )
     end
-
-    def delete_params
-      params.permit(:id)
-    end
   end
 end

app/forms/gpo_verify_form.rb

@@ -41,7 +41,7 @@ def submit
         enqueued_at: gpo_confirmation_code&.code_sent_at,
         which_letter: which_letter,
         letter_count: letter_count,
-        attempts: attempts,
+        submit_attempts: submit_attempts,
         pii_like_keypaths: [[:errors, :otp], [:error_details, :otp]],
         pending_in_person_enrollment: !!pending_profile&.in_person_enrollment&.pending?,
         fraud_check_failed: fraud_check_failed,
@@ -76,7 +76,7 @@ def letter_count
     pending_profile&.gpo_confirmation_codes&.count
   end
 
-  def attempts
+  def submit_attempts
     RateLimiter.new(user: user, rate_limit_type: :verify_gpo_key).attempts
   end