Deploy RC 374 to Production

Gemfile

@@ -23,7 +23,7 @@ gem 'caxlsx', require: false
 gem 'concurrent-ruby'
 gem 'connection_pool'
 gem 'csv'
-gem 'cssbundling-rails', '1.0.0'
+gem 'cssbundling-rails'
 gem 'devise', '~> 4.8'
 gem 'dotiw', '>= 4.0.1'
 gem 'faraday', '~> 2'
@@ -69,7 +69,7 @@ gem 'rqrcode'
 gem 'ruby-progressbar'
 gem 'ruby-saml'
 gem 'safe_target_blank', '>= 1.0.2'
-gem 'saml_idp', github: '18F/saml_idp', tag: '0.20.0-18f'
+gem 'saml_idp', github: '18F/saml_idp', tag: '0.20.2-18f'
 gem 'scrypt'
 gem 'simple_form', '>= 5.0.2'
 gem 'stringex', require: false

Gemfile.lock

@@ -34,10 +34,10 @@ GIT
 
 GIT
   remote: https://github.com/18F/saml_idp.git
-  revision: f86b4c5ef4281a53b3f13a1db2c2e5839fdf077d
-  tag: 0.20.0-18f
+  revision: dd8643b16c8214f7b791763538180d043af7ef65
+  tag: 0.20.2-18f
   specs:
-    saml_idp (0.19.3.pre.18f)
+    saml_idp (0.20.2.pre.18f)
       activesupport
       builder
       faraday
@@ -266,7 +266,7 @@ GEM
     crass (1.0.6)
     css_parser (1.14.0)
       addressable
-    cssbundling-rails (1.0.0)
+    cssbundling-rails (1.4.0)
       railties (>= 6.0.0)
     csv (3.2.8)
     date (3.3.4)
@@ -764,7 +764,7 @@ DEPENDENCIES
   caxlsx
   concurrent-ruby
   connection_pool
-  cssbundling-rails (= 1.0.0)
+  cssbundling-rails
   csv
   derailed_benchmarks
   devise (~> 4.8)

app/components/button_component.rb

@@ -1,10 +1,20 @@
 # frozen_string_literal: true
 
 class ButtonComponent < BaseComponent
-  attr_reader :action, :icon, :big, :wide, :full_width, :outline, :unstyled, :danger, :tag_options
+  attr_reader :url,
+              :method,
+              :icon,
+              :big,
+              :wide,
+              :full_width,
+              :outline,
+              :unstyled,
+              :danger,
+              :tag_options
 
   def initialize(
-    action: ->(**tag_options, &block) { button_tag(**tag_options, &block) },
+    url: nil,
+    method: nil,
     icon: nil,
     big: false,
     wide: false,
@@ -14,7 +24,8 @@ def initialize(
     danger: false,
     **tag_options
   )
-    @action = action
+    @url = url
+    @method = method
     @icon = icon
     @big = big
     @wide = wide
@@ -53,4 +64,20 @@ def content
       original_content
     end
   end
+
+  private
+
+  def action
+    @action ||= begin
+      if url
+        if method && method != :get
+          ->(**tag_options, &block) { button_to(url, method:, **tag_options, &block) }
+        else
+          ->(**tag_options, &block) { link_to(url, **tag_options, &block) }
+        end
+      else
+        ->(**tag_options, &block) { button_tag(**tag_options, &block) }
+      end
+    end
+  end
 end

app/components/captcha_submit_button_component.html.erb

@@ -1,11 +1,10 @@
 <%= content_tag(
       :'lg-captcha-submit-button',
       **tag_options,
-      'recaptcha-site-key': IdentityConfig.store.recaptcha_site_key_v3,
+      'recaptcha-site-key': IdentityConfig.store.recaptcha_site_key,
       'recaptcha-action': action,
       'recaptcha-enterprise': recaptcha_enterprise?,
     ) do %>
-  <%= f.error(:recaptcha_token) %>
   <% if show_mock_score_field? %>
     <%= f.input(:recaptcha_token, as: :hidden, input_html: { value: 'mock_token' }) %>
     <%= render AlertComponent.new(text_tag: :div, class: 'margin-top-0 margin-bottom-2') do %>

app/components/captcha_submit_button_component.rb

@@ -18,16 +18,15 @@ def show_mock_score_field?
 
   def recaptcha_script_src
     return @recaptcha_script_src if defined?(@recaptcha_script_src)
-    @recaptcha_script_src = begin
-      if IdentityConfig.store.recaptcha_site_key_v3.present?
+    @recaptcha_script_src =
+      if IdentityConfig.store.recaptcha_site_key.present?
         UriService.add_params(
           recaptcha_enterprise? ?
             'https://www.google.com/recaptcha/enterprise.js' :
             'https://www.google.com/recaptcha/api.js',
-          render: IdentityConfig.store.recaptcha_site_key_v3,
+          render: IdentityConfig.store.recaptcha_site_key,
         )
       end
-    end
   end
 
   def recaptcha_enterprise?

app/components/download_button_component.rb

@@ -6,14 +6,8 @@ class DownloadButtonComponent < ButtonComponent
   def initialize(file_data:, file_name:, **tag_options)
     super(
       icon: :file_download,
-      action: ->(**tag_options, &block) do
-        link_to(
-          "data:text/plain;charset=utf-8,#{ERB::Util.url_encode(file_data)}",
-          download: file_name,
-          **tag_options,
-          &block
-        )
-      end,
+      url: "data:text/plain;charset=utf-8,#{ERB::Util.url_encode(file_data)}",
+      download: file_name,
       **tag_options,
     )
 

app/components/manageable_authenticator_component.html.erb

@@ -91,7 +91,7 @@
     <div class="manageable-authenticator__name manageable-authenticator__summary-name"><%= configuration.name %></div>
     <div class="manageable-authenticator__actions">
       <%= render ButtonComponent.new(
-            action: ->(**tag_options, &block) { link_to(manage_url, **tag_options, &block) },
+            url: manage_url,
             type: :button,
             unstyled: true,
             class: 'no-js',

app/components/tab_navigation_component.html.erb

@@ -3,7 +3,7 @@
     <% routes.each do |route| %>
       <li class="usa-button-group__item">
         <%= render ButtonComponent.new(
-              action: ->(**tag_options, &block) { link_to(route[:path], **tag_options, &block) },
+              url: route[:path],
               big: true,
               outline: !is_current_path?(route[:path]),
               aria: { current: is_current_path?(route[:path]) ? 'page' : nil },

app/controllers/application_controller.rb

@@ -229,6 +229,7 @@ def fix_broken_personal_key_url
   def after_sign_in_path_for(_user)
     return rules_of_use_path if !current_user.accepted_rules_of_use_still_valid?
     return user_please_call_url if current_user.suspended?
+    return user_password_compromised_url if session[:redirect_to_password_compromised].present?
     return authentication_methods_setup_url if user_needs_sp_auth_method_setup?
     return login_add_piv_cac_prompt_url if session[:needs_to_setup_piv_cac_after_sign_in].present?
     return fix_broken_personal_key_url if current_user.broken_personal_key?

app/controllers/concerns/idv/phone_otp_rate_limitable.rb

@@ -19,13 +19,10 @@ def handle_locked_out_user
     def reset_attempt_count_if_user_no_longer_locked_out
       return unless current_user.no_longer_locked_out?
 
-      UpdateUser.new(
-        user: current_user,
-        attributes: {
-          second_factor_attempts_count: 0,
-          second_factor_locked_at: nil,
-        },
-      ).call
+      current_user.update!(
+        second_factor_attempts_count: 0,
+        second_factor_locked_at: nil,
+      )
     end
 
     def handle_too_many_otp_sends

app/controllers/concerns/recaptcha_concern.rb

@@ -11,10 +11,6 @@ module RecaptchaConcern
     'https://recaptcha.google.com/recaptcha/',
   ].freeze
 
-  def recoverable_recaptcha_error?(result)
-    result.errors.keys == [:recaptcha_token]
-  end
-
   def allow_csp_recaptcha_src
     policy = current_content_security_policy
     policy.script_src(*policy.script_src, *RECAPTCHA_SCRIPT_SRC)

app/controllers/concerns/remember_device_concern.rb

@@ -48,10 +48,9 @@ def pii_locked_for_session?(user)
   end
 
   def revoke_remember_device(user)
-    UpdateUser.new(
-      user: user,
-      attributes: { remember_device_revoked_at: Time.zone.now },
-    ).call
+    user.update!(
+      remember_device_revoked_at: Time.zone.now,
+    )
   end
 
   private

app/controllers/concerns/two_factor_authenticatable_methods.rb

@@ -102,13 +102,10 @@ def check_sp_required_mfa_bypass(auth_method:)
   def reset_attempt_count_if_user_no_longer_locked_out
     return unless current_user.no_longer_locked_out?
 
-    UpdateUser.new(
-      user: current_user,
-      attributes: {
-        second_factor_attempts_count: 0,
-        second_factor_locked_at: nil,
-      },
-    ).call
+    current_user.update!(
+      second_factor_attempts_count: 0,
+      second_factor_locked_at: nil,
+    )
   end
 
   def handle_remember_device_preference(remember_device_preference)
@@ -184,7 +181,7 @@ def handle_valid_verification_for_confirmation_context(auth_method:)
   end
 
   def reset_second_factor_attempts_count
-    UpdateUser.new(user: current_user, attributes: { second_factor_attempts_count: 0 }).call
+    current_user.update!(second_factor_attempts_count: 0)
   end
 
   def mark_user_session_authenticated(auth_method:, authentication_type:)

app/controllers/frontend_log_controller.rb

@@ -53,6 +53,7 @@ class FrontendLogController < ApplicationController
     idv_sdk_selfie_image_capture_closed_without_photo
     idv_sdk_selfie_image_capture_failed
     idv_sdk_selfie_image_capture_opened
+    idv_sdk_selfie_image_re_taken
     idv_selfie_image_added
     idv_selfie_image_clicked
     phone_input_country_changed

app/controllers/idv/in_person/address_controller.rb

@@ -109,7 +109,11 @@ def redirect_to_next_page
 
       def confirm_in_person_state_id_step_complete
         return if pii_from_user&.has_key?(:identity_doc_address1)
-        redirect_to idv_in_person_step_url(step: :state_id)
+        if IdentityConfig.store.in_person_state_id_controller_enabled
+          redirect_to idv_in_person_proofing_state_id_url
+        else
+          redirect_to idv_in_person_step_url(step: :state_id)
+        end
       end
 
       def confirm_in_person_address_step_needed

app/controllers/idv/in_person/ssn_controller.rb

@@ -103,7 +103,7 @@ def analytics_arguments
 
       def confirm_in_person_address_step_complete
         return if flow_session[:pii_from_user] && flow_session[:pii_from_user][:address1].present?
-        redirect_to idv_in_person_proofing_address_url
+        redirect_to idv_in_person_address_url
       end
     end
   end

app/controllers/idv/in_person/state_id_controller.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+module Idv
+  module InPerson
+    class StateIdController < ApplicationController
+      include Idv::AvailabilityConcern
+      include IdvStepConcern
+
+      before_action :render_404_if_controller_not_enabled
+      before_action :redirect_unless_enrollment # confirm previous step is complete
+
+      def show
+        flow_session[:pii_from_user] ||= {}
+        analytics.idv_in_person_proofing_state_id_visited(**analytics_arguments)
+
+        render :show, locals: extra_view_variables
+      end
+
+      def extra_view_variables
+        {
+          form:,
+          pii:,
+          parsed_dob:,
+          updating_state_id: updating_state_id?,
+        }
+      end
+
+      private
+
+      def render_404_if_controller_not_enabled
+        render_not_found unless
+            IdentityConfig.store.in_person_state_id_controller_enabled
+      end
+
+      def redirect_unless_enrollment
+        redirect_to idv_document_capture_url unless current_user.establishing_in_person_enrollment
+      end
+
+      def flow_session
+        user_session.fetch('idv/in_person', {})
+      end
+
+      def analytics_arguments
+        {
+          flow_path: idv_session.flow_path,
+          step: 'state_id',
+          analytics_id: 'In Person Proofing',
+          irs_reproofing: irs_reproofing?,
+        }.merge(ab_test_analytics_buckets).
+          merge(extra_analytics_properties)
+      end
+
+      def updating_state_id?
+        flow_session[:pii_from_user].has_key?(:first_name)
+      end
+
+      def parsed_dob
+        form_dob = pii[:dob]
+        if form_dob.instance_of?(String)
+          dob_str = form_dob
+        elsif form_dob.instance_of?(Hash)
+          dob_str = MemorableDateComponent.extract_date_param(form_dob)
+        end
+        Date.parse(dob_str) unless dob_str.nil?
+      rescue StandardError
+        # Catch date parsing errors
+      end
+
+      def pii
+        data = flow_session[:pii_from_user]
+        data = data.merge(flow_params) if params.has_key?(:state_id)
+        data.deep_symbolize_keys
+      end
+
+      def flow_params
+        params.require(:state_id).permit(
+          *Idv::StateIdForm::ATTRIBUTES,
+          dob: [
+            :month,
+            :day,
+            :year,
+          ],
+        )
+      end
+
+      def form
+        @form ||= Idv::StateIdForm.new(current_user)
+      end
+    end
+  end
+  end

app/controllers/idv/in_person_controller.rb

@@ -18,7 +18,7 @@ class InPersonController < ApplicationController
 
     FLOW_STATE_MACHINE_SETTINGS = {
       step_url: :idv_in_person_step_url,
-      final_url: :idv_in_person_proofing_address_url,
+      final_url: :idv_in_person_address_url,
       flow: Idv::Flows::InPersonFlow,
       analytics_id: 'In Person Proofing',
     }.freeze

app/controllers/sign_up/passwords_controller.rb

@@ -56,10 +56,10 @@ def permitted_params
     def process_successful_password_creation
       password = permitted_params[:password]
       now = Time.zone.now
-      UpdateUser.new(
-        user: @user,
-        attributes: { password: password, confirmed_at: now },
-      ).call
+      @user.update!(
+        password: password,
+        confirmed_at: now,
+      )
       @user.email_addresses.take.update(confirmed_at: now)
 
       sign_in_and_redirect_user