Deploy RC 377 to Prod

.gitlab-ci.yml

@@ -372,16 +372,12 @@ trigger_devops:
         "postgres": {
           "sslmode": "prefer",
           "name": "idp",
-          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps",
-          "username": "postgres",
-          "password": "postgres"
+          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps"
         },
         "postgresWorker": {
           "sslmode": "prefer",
           "name": "idp",
-          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps",
-          "username": "postgres",
-          "password": "postgres"
+          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps"
         },
         "railsOffline": "true",
         "redis": {
@@ -409,16 +405,12 @@ trigger_devops:
         "postgres": {
           "sslmode": "prefer",
           "name": "idp",
-          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps",
-          "username": "postgres",
-          "password": "postgres"
+          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps"
         },
         "postgresWorker": {
           "sslmode": "prefer",
           "name": "idp",
-          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps",
-          "username": "postgres",
-          "password": "postgres"
+          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pg.review-apps"
         },
         "railsOffline": "true",
         "redis": {
@@ -446,9 +438,7 @@ trigger_devops:
         "postgres": {
           "sslmode": "prefer",
           "name": "idp",
-          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pivcac-pg.review-apps",
-          "username": "postgres",
-          "password": "pivcac"
+          "host": "$CI_ENVIRONMENT_SLUG-login-chart-pivcac-pg.review-apps"
         },
         "idpHost": "$CI_ENVIRONMENT_SLUG.review-app.identitysandbox.gov",
         "domainName": "$CI_ENVIRONMENT_SLUG.review-app.pivcac.identitysandbox.gov"
@@ -462,9 +452,7 @@ trigger_devops:
         "postgres": {
           "sslmode": "prefer",
           "name": "dashboard",
-          "host": "$CI_ENVIRONMENT_SLUG-login-chart-dashboard-pg.review-apps",
-          "username": "postgres",
-          "password": "postgres"
+          "host": "$CI_ENVIRONMENT_SLUG-login-chart-dashboard-pg.review-apps"
         },
         "newrelic": {
           "enabled": "false"
@@ -506,7 +494,7 @@ trigger_devops:
     - echo "Address of IDP review app:"
     - echo https://$CI_ENVIRONMENT_SLUG.review-app.identitysandbox.gov
     - echo "Address of PIVCAC review app:"
-    - echo https://$CI_ENVIRONMENT_SLUG-review-app.pivcac.identitysandbox.gov
+    - echo https://$CI_ENVIRONMENT_SLUG.review-app.pivcac.identitysandbox.gov
     - echo "Address of Dashboard review app:"
     - echo https://$CI_ENVIRONMENT_SLUG-review-app-dashboard.review-app.identitysandbox.gov
 

Gemfile

@@ -110,7 +110,7 @@ group :development, :test do
   gem 'pry-doc'
   gem 'pry-rails'
   gem 'psych'
-  gem 'rspec', '~> 3.12.0'
+  gem 'rspec', '~> 3.13.0'
   gem 'rspec-rails', '~> 6.0'
   gem 'rubocop', '~> 1.62.0', require: false
   gem 'rubocop-performance', '~> 1.20.2', require: false

Gemfile.lock

@@ -293,7 +293,7 @@ GEM
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
-    diff-lcs (1.5.0)
+    diff-lcs (1.5.1)
     docile (1.4.0)
     dotiw (5.3.2)
       activesupport
@@ -578,18 +578,18 @@ GEM
       chunky_png (~> 1.0)
       rqrcode_core (~> 1.0)
     rqrcode_core (1.2.0)
-    rspec (3.12.0)
-      rspec-core (~> 3.12.0)
-      rspec-expectations (~> 3.12.0)
-      rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.2)
-      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.3)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.6)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
+      rspec-support (~> 3.13.0)
     rspec-rails (6.0.3)
       actionpack (>= 6.1)
       activesupport (>= 6.1)
@@ -600,7 +600,7 @@ GEM
       rspec-support (~> 3.12)
     rspec-retry (0.6.2)
       rspec-core (> 3.3)
-    rspec-support (3.12.1)
+    rspec-support (3.13.1)
     rspec_junit_formatter (0.6.0)
       rspec-core (>= 2, < 4, != 2.12.0)
     rubocop (1.62.1)
@@ -827,7 +827,7 @@ DEPENDENCIES
   retries
   rotp (~> 6.3, >= 6.3.0)
   rqrcode
-  rspec (~> 3.12.0)
+  rspec (~> 3.13.0)
   rspec-rails (~> 6.0)
   rspec-retry
   rspec_junit_formatter

app/controllers/component_preview_controller.rb

@@ -12,5 +12,11 @@ class ComponentPreviewController < ViewComponentsController
 
     helper_method :enqueue_component_stylesheets
     alias_method :enqueue_component_stylesheets, :stylesheet_tag_once
+
+    before_action :set_locale
+
+    def set_locale
+      I18n.locale = LocaleChooser.new(params[:locale], request).locale
+    end
   end
 end

app/controllers/concerns/idv/ab_test_analytics_concern.rb

@@ -6,7 +6,8 @@ module AbTestAnalyticsConcern
     include OptInHelper
 
     def ab_test_analytics_buckets
-      buckets = {}
+      buckets = { ab_tests: {} }
+
       if defined?(idv_session)
         buckets[:skip_hybrid_handoff] = idv_session&.skip_hybrid_handoff
         buckets = buckets.merge(opt_in_analytics_properties)
@@ -18,7 +19,23 @@ def ab_test_analytics_buckets
         buckets = buckets.merge(lniv_args)
       end
 
-      buckets.merge(acuant_sdk_ab_test_analytics_args)
+      if defined?(idv_session)
+        phone_confirmation_session = idv_session.user_phone_confirmation_session ||
+                                     PhoneConfirmationSession.new(
+                                       code: nil,
+                                       phone: nil,
+                                       sent_at: nil,
+                                       delivery_method: :sms,
+                                       user: current_user,
+                                     )
+        buckets[:ab_tests].merge!(
+          phone_confirmation_session.ab_test_analytics_args,
+        )
+      end
+
+      buckets.merge!(acuant_sdk_ab_test_analytics_args)
+      buckets.delete(:ab_tests) if buckets[:ab_tests].blank?
+      buckets
     end
   end
 end

app/controllers/idv/address_controller.rb

@@ -49,11 +49,11 @@ def build_address_form
 
     def address_from_document
       Pii::Address.new(
-        address1: idv_session.pii_from_doc[:address1],
-        address2: idv_session.pii_from_doc[:address2],
-        city: idv_session.pii_from_doc[:city],
-        state: idv_session.pii_from_doc[:state],
-        zipcode: idv_session.pii_from_doc[:zipcode],
+        address1: idv_session.pii_from_doc.address1,
+        address2: idv_session.pii_from_doc.address2,
+        city: idv_session.pii_from_doc.city,
+        state: idv_session.pii_from_doc.state,
+        zipcode: idv_session.pii_from_doc.zipcode,
       )
     end
 

app/controllers/idv/otp_verification_controller.rb

@@ -16,6 +16,7 @@ def show
       # memoize the form so the ivar is available to the view
       phone_confirmation_otp_verification_form
       analytics.idv_phone_confirmation_otp_visit
+      @otp_code_length = code_length
     end
 
     def update
@@ -34,6 +35,7 @@ def update
         flash[:success] = t('idv.messages.enter_password.phone_verified')
         redirect_to idv_enter_password_url
       else
+        @otp_code_length = code_length
         handle_otp_confirmation_failure
       end
     end
@@ -96,5 +98,18 @@ def phone_confirmation_otp_verification_form
         irs_attempts_api_tracker: irs_attempts_api_tracker,
       )
     end
+
+    def code_length
+      if ten_digit_otp?
+        10
+      else
+        TwoFactorAuthenticatable::PROOFING_DIRECT_OTP_LENGTH
+      end
+    end
+
+    def ten_digit_otp?
+      AbTests::IDV_TEN_DIGIT_OTP.bucket(current_user.uuid) == :ten_digit_otp &&
+        idv_session.user_phone_confirmation_session.delivery_method == :voice
+    end
   end
 end

app/controllers/idv/phone_controller.rb

@@ -257,6 +257,7 @@ def save_delivery_preference
         phone: original_session.phone,
         sent_at: original_session.sent_at,
         delivery_method: original_session.delivery_method,
+        user: current_user,
       )
     end
   end

app/controllers/idv/ssn_controller.rb

@@ -75,7 +75,7 @@ def self.step_info
     private
 
     def next_url
-      if idv_session.pii_from_doc[:state] == 'PR' && !ssn_presenter.updating_ssn?
+      if idv_session.pii_from_doc.state == 'PR' && !ssn_presenter.updating_ssn?
         idv_address_url
       else
         idv_verify_info_url

app/controllers/idv/verify_info_controller.rb

@@ -79,7 +79,9 @@ def analytics_arguments
     end
 
     def pii
-      idv_session.pii_from_doc.merge(idv_session.updated_user_address.to_h)
+      idv_session.pii_from_doc.to_h.merge(
+        idv_session.updated_user_address.to_h,
+      ).with_indifferent_access
     end
   end
 end

app/controllers/users/two_factor_authentication_controller.rb

@@ -312,10 +312,16 @@ def send_user_otp(method)
       if UserSessionContext.authentication_or_reauthentication_context?(context)
         Telephony.send_authentication_otp(**otp_params)
       else
-        Telephony.send_confirmation_otp(**otp_params)
+        Telephony.send_confirmation_otp(**otp_params, otp_length: otp_length)
       end
     end
 
+    def otp_length
+      bucket = AbTests::IDV_TEN_DIGIT_OTP.bucket(current_user.uuid)
+      length = bucket == :ten_digit_otp ? 'ten' : 'six'
+      I18n.t("telephony.format_length.#{length}")
+    end
+
     def user_selected_default_number
       delivery_params[:otp_make_default_number]
     end

app/decorators/null_service_provider_session.rb

@@ -9,10 +9,6 @@ def new_session_heading
     I18n.t('headings.sign_in_without_sp')
   end
 
-  def verification_method_choice
-    I18n.t('idv.messages.select_verification_without_sp')
-  end
-
   def cancel_link_url
     view_context.root_url
   end

app/decorators/service_provider_session.rb

@@ -52,10 +52,6 @@ def new_session_heading
     I18n.t('headings.sign_in_with_sp', sp: sp_name)
   end
 
-  def verification_method_choice
-    I18n.t('idv.messages.select_verification_with_sp', sp_name: sp_name)
-  end
-
   def requested_attributes
     (sp_session[:requested_attributes] || service_provider_request.requested_attributes).sort
   end

app/forms/concerns/piv_cac_form_helpers.rb

@@ -13,14 +13,14 @@ def valid_token?
 
   def token_decoded
     @data = PivCacService.decode_token(token)
+    @key_id = @data['key_id']
     true
   end
 
   def not_error_token
     possible_error = @data['error']
     if possible_error
       self.error_type = possible_error
-      self.key_id = @data['key_id']
       false
     else
       self.x509_dn_uuid = @data['uuid']
@@ -35,7 +35,6 @@ def token_has_correct_nonce
       true
     else
       self.error_type = 'token.invalid'
-      self.key_id = @data['key_id']
       false
     end
   end

app/forms/gpo_verify_form.rb

@@ -85,7 +85,11 @@ def submit_attempts
   def validate_otp_not_expired
     return unless gpo_confirmation_code.present? && gpo_confirmation_code.expired?
 
-    errors.add :otp, :gpo_otp_expired, type: :gpo_otp_expired
+    if user_can_request_another_letter?
+      errors.add :otp, :gpo_otp_expired
+    else
+      errors.add :otp, :gpo_otp_expired_and_cannot_request_another
+    end
   end
 
   def validate_pending_profile
@@ -117,4 +121,8 @@ def activate_profile
     pending_profile&.remove_gpo_deactivation_reason
     pending_profile&.activate
   end
+
+  def user_can_request_another_letter?
+    !Idv::GpoMail.new(user).rate_limited?
+  end
 end

app/forms/new_phone_form.rb

@@ -130,24 +130,21 @@ def validate_not_premium_rate
   end
 
   def validate_recaptcha_token
-    return if !validate_recaptcha_token? || recaptcha_validator.valid?(recaptcha_token)
-    errors.add(
-      :recaptcha_token,
-      I18n.t('errors.messages.invalid_recaptcha_token'),
-      type: :invalid_recaptcha_token,
-    )
+    return if !validate_recaptcha_token?
+    recaptcha_form.submit(recaptcha_token)
+    errors.merge!(recaptcha_form)
   end
 
-  def recaptcha_validator
-    @recaptcha_validator ||= PhoneRecaptchaValidator.new(parsed_phone:, **recaptcha_validator_args)
+  def recaptcha_form
+    @recaptcha_form ||= PhoneRecaptchaForm.new(parsed_phone:, **recaptcha_form_args)
   end
 
-  def recaptcha_validator_args
+  def recaptcha_form_args
     args = { analytics: }
     if IdentityConfig.store.phone_recaptcha_mock_validator
-      args.merge(validator_class: RecaptchaMockValidator, score: recaptcha_mock_score)
+      args.merge(form_class: RecaptchaMockForm, score: recaptcha_mock_score)
     elsif FeatureManagement.recaptcha_enterprise?
-      args.merge(validator_class: RecaptchaEnterpriseValidator)
+      args.merge(form_class: RecaptchaEnterpriseForm)
     else
       args
     end