Deploy RC 367 to Production

Gemfile

@@ -49,6 +49,7 @@ gem 'maxminddb'
 gem 'multiset'
 gem 'net-sftp'
 gem 'newrelic_rpm', '~> 9.0'
+gem 'prometheus_exporter'
 gem 'puma', '~> 6.0'
 gem 'pg'
 gem 'phonelib'

Gemfile.lock

@@ -254,7 +254,7 @@ GEM
       marcel (~> 1.0)
       nokogiri (~> 1.10, >= 1.10.4)
       rubyzip (>= 1.3.0, < 3)
-    cbor (0.5.9.6)
+    cbor (0.5.9.8)
     chunky_png (1.4.0)
     coderay (1.1.3)
     coercible (1.0.0)
@@ -473,6 +473,8 @@ GEM
       net-smtp
       premailer (~> 1.7, >= 1.7.9)
     profanity_filter (0.1.1)
+    prometheus_exporter (2.1.0)
+      webrick
     propshaft (0.7.0)
       actionpack (>= 7.0.0)
       activesupport (>= 7.0.0)
@@ -813,6 +815,7 @@ DEPENDENCIES
   phonelib
   premailer-rails (>= 1.12.0)
   profanity_filter
+  prometheus_exporter
   propshaft
   pry-byebug
   pry-doc

Makefile

@@ -126,7 +126,7 @@ lint_asset_bundle_size: ## Lints JavaScript and CSS compiled bundle size
 	@# and you have no options to split that from the common bundles. If you need to increase this
 	@# budget and accept the fact that this will force end-users to endure longer load times, you
 	@# should set the new budget to within a few thousand bytes of the production-compiled size.
-	find app/assets/builds/application.css -size -235000c | grep .
+	find app/assets/builds/application.css -size -220000c | grep .
 	find public/packs/js/application-*.digested.js -size -5000c | grep .
 
 lint_migrations:

app/assets/stylesheets/_uswds-core.scss

@@ -1,5 +1,6 @@
 @forward '@18f/identity-design-system/packages/uswds-core' with (
   $theme-body-font-size: 'sm',
+  $theme-button-icon-gap: 0.5,
   $theme-font-path: '',
   $theme-image-path: '',
   $theme-global-border-box-sizing: true,

app/assets/stylesheets/_uswds.scss

@@ -6,19 +6,15 @@
 @forward 'usa-alert';
 @forward 'usa-banner';
 @forward 'usa-button';
-@forward 'usa-collection';
 @forward 'usa-form';
 @forward 'usa-header';
 @forward 'usa-layout-grid';
 @forward 'usa-link';
 @forward 'usa-list';
 @forward 'usa-media-block';
 @forward 'usa-modal';
-@forward 'usa-nav';
 @forward 'usa-process-list';
-@forward 'usa-sidenav';
 @forward 'usa-skipnav';
-@forward 'usa-step-indicator';
 @forward 'usa-tag';
 @forward 'uswds-form-controls';
 @forward 'uswds-utilities';

app/assets/stylesheets/components/_header.scss

@@ -0,0 +1,12 @@
+@use 'uswds-core' as *;
+
+.page-header--basic {
+  @include u-flex('align-center', 'justify-center');
+  @include u-display('flex');
+  @include u-height(7);
+  @include u-bg('primary-lighter');
+
+  @include at-media('tablet') {
+    @include u-height(9);
+  }
+}

app/assets/stylesheets/components/_index.scss

@@ -13,7 +13,7 @@
 @forward 'hr';
 @forward 'language-picker';
 @forward 'modal';
-@forward 'nav';
+@forward 'header';
 @forward 'page-heading';
 @forward 'profile-section';
 @forward 'personal-key';

app/assets/stylesheets/components/_step-indicator.scss

@@ -109,7 +109,7 @@ lg-step-indicator {
 
 .step-indicator__step--complete::before {
   background-color: color('white');
-  background-image: url('/alert/success.svg');
+  background-image: url('/alerts/success.svg');
 }
 
 .step-indicator__step:not(:last-child)::after {

app/assets/stylesheets/components/_nav.scss → app/assets/stylesheets/navigation.css.scss

@@ -1,15 +1,7 @@
 @use 'uswds-core' as *;
 
-.page-header--basic {
-  @include u-flex('align-center', 'justify-center');
-  @include u-display('flex');
-  @include u-height(7);
-  @include u-bg('primary-lighter');
-
-  @include at-media('tablet') {
-    @include u-height(9);
-  }
-}
+@forward 'usa-nav/src/styles';
+@forward 'usa-sidenav/src/styles';
 
 .sidenav-mobile .usa-nav__close {
   @include u-display('flex');

app/components/icon_component.scss

@@ -7,23 +7,3 @@
   mask-size: 100%;
   background-color: currentColor;
 }
-
-$icon-min-padding: 2px;
-
-// Upstream: https://github.com/uswds/uswds/pull/4493
-.usa-icon {
-  .usa-button > &:first-child {
-    // Note: This diverges from the upstream pull request in a couple ways:
-    // 1. There should not be any margins offsetting to account for line height, since Login.gov
-    //    Design System normalizes button line height to 1.
-    // 2. Float is replaced by `vertical-align`, since otherwise it will have the effect of having
-    //    the icon appear to the far edge of the button, rather than next to the text.
-    vertical-align: bottom;
-    margin-right: 0.25rem;
-  }
-
-  .usa-button:not(.usa-button--unstyled) > &:first-child {
-    margin-left: -1 * $icon-min-padding;
-    margin-right: #{0.5rem - px-to-rem($icon-min-padding)};
-  }
-}

app/components/step_indicator_component.rb

@@ -1,6 +1,8 @@
 class StepIndicatorComponent < BaseComponent
   attr_reader :current_step, :locale_scope, :tag_options
 
+  ALL_STEPS_COMPLETE = :all_steps_complete
+
   def initialize(steps:, current_step:, locale_scope: nil, **tag_options)
     @steps = steps
     @current_step = current_step
@@ -19,6 +21,8 @@ def steps
   private
 
   def step_status(step)
+    return :complete if current_step == ALL_STEPS_COMPLETE
+
     if step[:name] == current_step
       :current
     elsif step_index(step[:name]) < step_index(current_step)

app/components/tab_navigation_component.scss

@@ -2,19 +2,6 @@
 
 @forward 'usa-button-group/src/styles';
 
-// Upstream: https://github.com/uswds/uswds/pull/5324
-.usa-button-group--segmented {
-  .usa-button {
-    @include u-display('flex');
-    @include u-flex('align-center', 'justify-center');
-  }
-
-  .usa-button-group__item {
-    @include u-display('flex');
-    @include grid-col('auto');
-  }
-}
-
 .tab-navigation .usa-button-group--segmented {
   .usa-button-group__item {
     flex-basis: 50%;

app/controllers/concerns/effective_user.rb

@@ -1,7 +1,15 @@
 module EffectiveUser
   def effective_user
     return current_user if effective_user_id == current_user&.id
-    return User.find_by(id: effective_user_id) if effective_user_id
+
+    user = User.find_by(id: effective_user_id) if effective_user_id
+
+    if user.nil?
+      session.delete(:doc_capture_user_id)
+      return current_user
+    end
+
+    user
   end
 
   private

app/controllers/concerns/verify_profile_concern.rb

@@ -9,7 +9,14 @@ def url_for_pending_profile_reason
   end
 
   def user_has_pending_profile?
-    return false if current_user.blank?
-    current_user.pending_profile?
+    pending_profile_policy.user_has_pending_profile?
+  end
+
+  def pending_profile_policy
+    @pending_profile_policy ||= PendingProfilePolicy.new(
+      user: current_user,
+      resolved_authn_context_result: resolved_authn_context_result,
+      biometric_comparison_requested: nil,
+    )
   end
 end

app/controllers/openid_connect/authorization_controller.rb

@@ -28,7 +28,7 @@ class AuthorizationController < ApplicationController
     def index
       if @authorize_form.ial2_or_greater?
         return redirect_to reactivate_account_url if user_needs_to_reactivate_account?
-        return redirect_to url_for_pending_profile_reason if user_has_usable_pending_profile?
+        return redirect_to url_for_pending_profile_reason if user_has_pending_profile?
         return redirect_to idv_url if identity_needs_verification?
         return redirect_to idv_url if selfie_needed?
       end
@@ -55,10 +55,6 @@ def pending_profile_policy
       )
     end
 
-    def user_has_usable_pending_profile?
-      pending_profile_policy.user_has_usable_pending_profile?
-    end
-
     def block_biometric_requests_in_production
       if biometric_comparison_requested? &&
          !FeatureManagement.idv_allow_selfie_check?

app/controllers/robots_controller.rb

@@ -0,0 +1,25 @@
+class RobotsController < ApplicationController
+  ALLOWED_ROUTES = %i[
+    new_user_session
+    forgot_password
+    sign_up_email
+  ].to_set.freeze
+
+  def index
+    render plain: [
+      'User-agent: *',
+      'Disallow: /',
+      *allowed_paths.map { |path| "Allow: #{path}$" },
+    ].join("\n")
+  end
+
+  private
+
+  def allowed_paths
+    I18n.available_locales.
+      map { |locale| locale == I18n.default_locale ? nil : locale }.
+      flat_map do |locale|
+        ALLOWED_ROUTES.map { |route| route_for(route, only_path: true, locale:) }
+      end
+  end
+end

app/decorators/mfa_context.rb

@@ -81,10 +81,10 @@ def two_factor_configurations
 
   def two_factor_enabled?
     return true if phone_configurations.any?(&:mfa_enabled?)
-    return true if piv_cac_configurations.any?(&:mfa_enabled?)
-    return true if auth_app_configurations.any?(&:mfa_enabled?)
-    return true if backup_code_configurations.any?(&:mfa_enabled?)
     return true if webauthn_configurations.any?(&:mfa_enabled?)
+    return true if backup_code_configurations.any?(&:mfa_enabled?)
+    return true if auth_app_configurations.any?(&:mfa_enabled?)
+    return true if piv_cac_configurations.any?(&:mfa_enabled?)
     return false
   end
 

app/helpers/script_helper.rb

@@ -2,10 +2,6 @@
 
 # rubocop:disable Rails/HelperInstanceVariable
 module ScriptHelper
-  def javascript_include_tag_without_preload(...)
-    without_preload_links_header { javascript_include_tag(...) }
-  end
-
   def javascript_packs_tag_once(*names, **attributes)
     @scripts = @scripts.to_h.merge(names.index_with(attributes))
     nil
@@ -19,12 +15,12 @@ def render_javascript_pack_once_tags(...)
       return if @scripts.blank?
       concat javascript_assets_tag
       @scripts.each do |name, attributes|
-        AssetSources.get_sources(name).each do |source|
+        asset_sources.get_sources(name).each do |source|
           concat javascript_include_tag(
             source,
             **attributes,
             crossorigin: local_crossorigin_sources? ? true : nil,
-            integrity: AssetSources.get_integrity(source),
+            integrity: asset_sources.get_integrity(source),
           )
         end
       end
@@ -37,12 +33,17 @@ def render_javascript_pack_once_tags(...)
     sprite.svg
   ].to_set.freeze
 
+  def asset_sources
+    Rails.application.config.asset_sources
+  end
+
   def local_crossorigin_sources?
     Rails.env.development? && ENV['WEBPACK_PORT'].present?
   end
 
   def javascript_assets_tag
-    assets = AssetSources.get_assets(*@scripts.keys)
+    assets = asset_sources.get_assets(*@scripts.keys)
+
     if assets.present?
       asset_map = assets.index_with { |path| asset_path(path, host: asset_host(path)) }
       content_tag(
@@ -54,14 +55,6 @@ def javascript_assets_tag
     end
   end
 
-  def without_preload_links_header
-    original_preload_links_header = ActionView::Helpers::AssetTagHelper.preload_links_header
-    ActionView::Helpers::AssetTagHelper.preload_links_header = false
-    result = yield
-    ActionView::Helpers::AssetTagHelper.preload_links_header = original_preload_links_header
-    result
-  end
-
   def asset_host(path)
     if IdentityConfig.store.asset_host.present?
       if SAME_ORIGIN_ASSETS.include?(path)

app/javascript/packages/clipboard-button/package.json

@@ -3,7 +3,7 @@
   "version": "1.0.0",
   "private": true,
   "dependencies": {
-    "@18f/identity-design-system": "^9.0.0"
+    "@18f/identity-design-system": "^9.1.0"
   },
   "sideEffects": [
     "./clipboard-button-element.ts"

app/javascript/packages/document-capture/components/acuant-capture.tsx

@@ -72,6 +72,11 @@ interface ImageAnalyticsPayload {
    *
    */
   failedImageResubmission: boolean;
+
+  /**
+   * Image file name
+   */
+  fileName?: string;
 }
 
 interface AcuantImageAnalyticsPayload extends ImageAnalyticsPayload {
@@ -408,8 +413,8 @@ function AcuantCapture(
         source: 'upload',
         size: nextValue.size,
         failedImageResubmission: hasFailed,
+        fileName: nextValue.name,
       });
-
       trackEvent(
         name === 'selfie' ? 'idv_selfie_image_added' : `IdV: ${name} image added`,
         analyticsPayload,

app/javascript/packages/document-capture/components/acuant-selfie-capture-canvas.jsx

@@ -25,8 +25,10 @@ function AcuantSelfieCaptureCanvas({ imageCaptureText, onSelfieCaptureClosed })
     <>
       {!isReady && <LoadingSpinner />}
       <div id={acuantCaptureContainerId} />
-      <p aria-live="assertive" className="document-capture-selfie-feedback">
-        {imageCaptureText}
+      <p aria-live="assertive">
+        {imageCaptureText && (
+          <span className="document-capture-selfie-feedback">{imageCaptureText}</span>
+        )}
       </p>
       <button type="button" onClick={onSelfieCaptureClosed} className="usa-sr-only">
         {t('doc_auth.buttons.close')}