Deploy RC 381 to Production

.gitlab-ci.yml

@@ -469,6 +469,7 @@ trigger_devops:
     - >-
       helm upgrade --install --namespace review-apps
       --debug
+      --set env="reviewapps"
       --set idp.image.repository="${ECR_REGISTRY}/identity-idp/review"
       --set idp.image.tag="${CI_COMMIT_SHA}"
       --set worker.image.repository="${ECR_REGISTRY}/identity-idp/review"

Gemfile.lock

@@ -571,7 +571,8 @@ GEM
       actionpack (>= 5.0)
       railties (>= 5.0)
     retries (0.0.5)
-    rexml (3.2.6)
+    rexml (3.2.8)
+      strscan (>= 3.0.9)
     rotp (6.3.0)
     rouge (4.2.0)
     rqrcode (2.1.0)
@@ -675,6 +676,7 @@ GEM
     stringio (3.1.0)
     strong_migrations (1.6.4)
       activerecord (>= 5.2)
+    strscan (3.1.0)
     tableparser (1.0.1)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)

app/assets/stylesheets/design-system-waiting-room.scss

@@ -1,5 +1,7 @@
 // To be removed once design system incorporates styles included below.
 
+@use 'uswds-core' as *;
+
 // basscss-base-typography
 // ------------------------------------------------
 h1,
@@ -29,3 +31,9 @@ ul {
   text-overflow: ellipsis;
   white-space: nowrap;
 }
+
+.usa-input--wide {
+  @include at-media('tablet') {
+    max-width: 14rem;
+  }
+}

app/controllers/concerns/billable_event_trackable.rb

@@ -13,20 +13,16 @@ def track_billing_events
   private
 
   def create_sp_return_log(billable:)
-    user_ial_context = IalContext.new(
-      ial: ial_context.ial, service_provider: current_sp, user: current_user,
-    )
-
     SpReturnLog.create(
       request_id: request_id,
       user: current_user,
       billable: billable,
-      ial: user_ial_context.bill_for_ial_1_or_2,
+      ial: ial_context.bill_for_ial_1_or_2,
       issuer: current_sp.issuer,
-      profile_id: user_ial_context.bill_for_ial_1_or_2 > 1 ? current_user.active_profile&.id : nil,
-      profile_verified_at: user_ial_context.bill_for_ial_1_or_2 > 1 ?
+      profile_id: ial_context.bill_for_ial_1_or_2 > 1 ? current_user.active_profile&.id : nil,
+      profile_verified_at: ial_context.bill_for_ial_1_or_2 > 1 ?
         current_user.active_profile&.verified_at : nil,
-      profile_requested_issuer: user_ial_context.bill_for_ial_1_or_2 > 1 ?
+      profile_requested_issuer: ial_context.bill_for_ial_1_or_2 > 1 ?
         current_user.active_profile&.initiating_service_provider_issuer : nil,
       requested_at: session[:session_started_at],
       returned_at: Time.zone.now,

app/controllers/concerns/idv/verify_info_concern.rb

@@ -336,7 +336,7 @@ def track_aamva
     end
 
     def add_cost(token, transaction_id: nil)
-      Db::SpCost::AddSpCost.call(current_sp, 2, token, transaction_id: transaction_id)
+      Db::SpCost::AddSpCost.call(current_sp, token, transaction_id: transaction_id)
     end
   end
 end

app/controllers/idv/by_mail/letter_enqueued_controller.rb

@@ -12,6 +12,12 @@ class LetterEnqueuedController < ApplicationController
 
       def show
         analytics.idv_letter_enqueued_visit
+        @presenter = LetterEnqueuedPresenter.new(
+          idv_session:,
+          user_session:,
+          current_user:,
+          url_options:,
+        )
       end
 
       private

app/controllers/openid_connect/authorization_controller.rb

@@ -28,7 +28,7 @@ class AuthorizationController < ApplicationController
     before_action :prompt_for_password_if_ial2_request_and_pii_locked, only: [:index]
 
     def index
-      if @authorize_form.ial2_or_greater?
+      if resolved_authn_context_result.identity_proofing?
         return redirect_to reactivate_account_url if user_needs_to_reactivate_account?
         return redirect_to url_for_pending_profile_reason if user_has_pending_profile?
         return redirect_to idv_url if identity_needs_verification?
@@ -97,7 +97,11 @@ def link_identity_to_service_provider
     end
 
     def ial_context
-      @authorize_form.ial_context
+      IalContext.new(
+        ial: @authorize_form.ial,
+        service_provider: @authorize_form.service_provider,
+        user: current_user,
+      )
     end
 
     def handle_successful_handoff
@@ -122,7 +126,7 @@ def track_handoff_analytics(result, attributes = {})
     end
 
     def identity_needs_verification?
-      (@authorize_form.ial2_requested? &&
+      (resolved_authn_context_result.identity_proofing? &&
         (current_user.identity_not_verified? ||
         decorated_sp_session.requested_more_recent_verification?)) ||
         current_user.reproof_for_irs?(service_provider: current_sp)
@@ -211,14 +215,9 @@ def store_request
     end
 
     def track_events
-      event_ial_context = IalContext.new(
-        ial: @authorize_form.ial,
-        service_provider: @authorize_form.service_provider,
-        user: current_user,
-      )
       analytics.sp_redirect_initiated(
-        ial: event_ial_context.ial,
-        billed_ial: event_ial_context.bill_for_ial_1_or_2,
+        ial: ial_context.ial,
+        billed_ial: ial_context.bill_for_ial_1_or_2,
         sign_in_flow: session[:sign_in_flow],
         vtr: sp_session[:vtr],
         acr_values: sp_session[:acr_values],

app/forms/openid_connect_authorize_form.rb

@@ -96,7 +96,7 @@ def link_identity_to_service_provider(current_user, rails_session_id)
     @identity = identity_linker.link_identity(
       nonce: nonce,
       rails_session_id: rails_session_id,
-      ial: ial_context.ial,
+      ial: ial,
       aal: aal,
       acr_values: acr_values&.join(' '),
       vtr: vtr,
@@ -117,10 +117,6 @@ def ial_values
     acr_values.filter { |acr| acr.include?('ial') || acr.include?('loa') }
   end
 
-  def ial_context
-    @ial_context ||= IalContext.new(ial: ial, service_provider: service_provider)
-  end
-
   def ial
     if parsed_vector_of_trust&.identity_proofing?
       2
@@ -150,10 +146,6 @@ def requested_aal_value
       Saml::Idp::Constants::DEFAULT_AAL_AUTHN_CONTEXT_CLASSREF
   end
 
-  def_delegators :ial_context,
-                 :ial2_or_greater?,
-                 :ial2_requested?
-
   def biometric_comparison_required?
     parsed_vector_of_trust&.biometric_comparison?
   end
@@ -180,8 +172,8 @@ def code
 
   def check_for_unauthorized_scope(params)
     param_value = params[:scope]
-    return false if ial2_or_greater? || param_value.blank?
-    return true if verified_at_requested? && !ial_context.ial2_service_provider?
+    return false if identity_proofing_requested_or_default? || param_value.blank?
+    return true if verified_at_requested? && !identity_proofing_service_provider?
     @scope != param_value.split(' ').compact
   end
 
@@ -317,23 +309,48 @@ def error_redirect_uri
   end
 
   def scopes
-    if ial_context.ialmax_requested? || ial2_or_greater?
+    if identity_proofing_requested_or_default?
       return OpenidConnectAttributeScoper::VALID_SCOPES
     end
     OpenidConnectAttributeScoper::VALID_IAL1_SCOPES
   end
 
   def validate_privileges
-    if (ial2_requested? && !ial_context.ial2_service_provider?) ||
-       (ial_context.ialmax_requested? &&
-        !IdentityConfig.store.allowed_ialmax_providers.include?(client_id))
+    if (identity_proofing_requested? && !identity_proofing_service_provider?) ||
+       (ialmax_requested? && !ialmax_allowed_for_sp?)
       errors.add(
         :acr_values, t('openid_connect.authorization.errors.no_auth'),
         type: :no_auth
       )
     end
   end
 
+  def identity_proofing_requested_or_default?
+    identity_proofing_requested? ||
+      ialmax_requested? ||
+      sp_defaults_to_identity_proofing?
+  end
+
+  def sp_defaults_to_identity_proofing?
+    vtr.blank? && ial_values.blank? && identity_proofing_service_provider?
+  end
+
+  def identity_proofing_requested?
+    ial == 2
+  end
+
+  def identity_proofing_service_provider?
+    service_provider&.ial.to_i >= 2
+  end
+
+  def ialmax_allowed_for_sp?
+    IdentityConfig.store.allowed_ialmax_providers.include?(client_id)
+  end
+
+  def ialmax_requested?
+    ial == 0
+  end
+
   def highest_level_aal(aal_values)
     AALS_BY_PRIORITY.find { |aal| aal_values.include?(aal) }
   end

app/javascript/packages/document-capture/components/document-capture-review-issues.tsx

@@ -2,7 +2,7 @@ import { useContext } from 'react';
 import { PageHeading } from '@18f/identity-components';
 import { FormStepsButton } from '@18f/identity-form-steps';
 import { Cancel } from '@18f/identity-verify-flow';
-import { useI18n } from '@18f/identity-react-i18n';
+import { useI18n, HtmlTextWithStrongNoWrap } from '@18f/identity-react-i18n';
 import type { FormStepComponentProps } from '@18f/identity-form-steps';
 import UnknownError from './unknown-error';
 import TipList from './tip-list';
@@ -55,14 +55,18 @@ function DocumentCaptureReviewIssues({
       )}
       <UnknownError
         unknownFieldErrors={unknownFieldErrors}
-        remainingSubmitAttempts={remainingSubmitAttempts}
         isFailedDocType={isFailedDocType}
         isFailedSelfie={isFailedSelfie}
         isFailedSelfieLivenessOrQuality={isFailedSelfieLivenessOrQuality}
         altIsFailedSelfieDontIncludeAttempts
         altFailedDocTypeMsg={isFailedDocType ? t('doc_auth.errors.doc.wrong_id_type_html') : null}
         hasDismissed={hasDismissed}
       />
+      <p>
+        <HtmlTextWithStrongNoWrap
+          text={t('idv.failure.attempts_html', { count: remainingSubmitAttempts })}
+        />
+      </p>
       {!isFailedDocType && captureHints && (
         <TipList
           titleClassName="margin-bottom-0 margin-top-2"

app/javascript/packages/document-capture/components/document-capture-troubleshooting-options.spec.tsx

@@ -14,7 +14,6 @@ describe('DocumentCaptureTroubleshootingOptions', () => {
   const serviceProviderContext: ServiceProviderContextType = {
     name: 'Example SP',
     failureToProofURL: 'http://example.test/url/to/failure-to-proof',
-    getFailureToProofURL: () => '',
   };
   const wrappers: Record<string, ComponentType> = {
     MarketingSiteContext: ({ children }: { children?: ReactNode }) => (
@@ -55,62 +54,6 @@ describe('DocumentCaptureTroubleshootingOptions', () => {
     expect(links[1].target).to.equal('_blank');
   });
 
-  context('with associated service provider', () => {
-    it('renders troubleshooting options', () => {
-      const { getAllByRole } = render(<DocumentCaptureTroubleshootingOptions />, {
-        wrapper: wrappers.helpCenterAndServiceProviderContext,
-      });
-
-      const links = getAllByRole('link') as HTMLAnchorElement[];
-
-      expect(links).to.have.lengthOf(3);
-      expect(links[0].textContent).to.equal(
-        'idv.troubleshooting.options.doc_capture_tipslinks.new_tab',
-      );
-      expect(links[0].getAttribute('href')).to.equal(
-        'https://example.com/redirect/?category=verify-your-identity&article=how-to-add-images-of-your-state-issued-id&location=document_capture_troubleshooting_options',
-      );
-      expect(links[0].target).to.equal('_blank');
-      expect(links[1].textContent).to.equal(
-        'idv.troubleshooting.options.supported_documentslinks.new_tab',
-      );
-      expect(links[1].getAttribute('href')).to.equal(
-        'https://example.com/redirect/?category=verify-your-identity&article=accepted-state-issued-identification&location=document_capture_troubleshooting_options',
-      );
-      expect(links[1].target).to.equal('_blank');
-      expect(links[2].textContent).to.equal(
-        'idv.troubleshooting.options.get_help_at_splinks.new_tab',
-      );
-      expect(links[2].href).to.equal(
-        'http://example.test/url/to/failure-to-proof?location=document_capture_troubleshooting_options',
-      );
-      expect(links[2].target).to.equal('_blank');
-    });
-
-    context('with location prop', () => {
-      it('appends location to links', () => {
-        const { getAllByRole } = render(
-          <DocumentCaptureTroubleshootingOptions location="custom" />,
-          {
-            wrapper: wrappers.helpCenterAndServiceProviderContext,
-          },
-        );
-
-        const links = getAllByRole('link') as HTMLAnchorElement[];
-
-        expect(links[0].href).to.equal(
-          'https://example.com/redirect/?category=verify-your-identity&article=how-to-add-images-of-your-state-issued-id&location=custom',
-        );
-        expect(links[1].href).to.equal(
-          'https://example.com/redirect/?category=verify-your-identity&article=accepted-state-issued-identification&location=custom',
-        );
-        expect(links[2].href).to.equal(
-          'http://example.test/url/to/failure-to-proof?location=custom',
-        );
-      });
-    });
-  });
-
   context('with heading prop', () => {
     it('shows heading text', () => {
       const { getByRole } = render(
@@ -174,20 +117,6 @@ describe('DocumentCaptureTroubleshootingOptions', () => {
     });
   });
 
-  context('with sp option turned off', () => {
-    it('does not display the SP troubleshooting option', () => {
-      const { queryByRole } = render(
-        <DocumentCaptureTroubleshootingOptions showSPOption={false} />,
-      );
-
-      expect(
-        queryByRole('link', {
-          name: 'idv.troubleshooting.options.get_help_at_sp links.new_tab',
-        }),
-      ).to.not.exist();
-    });
-  });
-
   context('with document tips hidden', () => {
     it('renders nothing', () => {
       const { container } = render(
@@ -196,23 +125,5 @@ describe('DocumentCaptureTroubleshootingOptions', () => {
 
       expect(container.innerHTML).to.be.empty();
     });
-
-    context('with associated service provider', () => {
-      it('renders troubleshooting options', () => {
-        const { getAllByRole } = render(
-          <DocumentCaptureTroubleshootingOptions showDocumentTips={false} />,
-          {
-            wrapper: wrappers.helpCenterAndServiceProviderContext,
-          },
-        );
-
-        const links = getAllByRole('link') as HTMLAnchorElement[];
-
-        expect(links).to.have.lengthOf(1);
-        expect(links[0].getAttribute('href')).to.equal(
-          'http://example.test/url/to/failure-to-proof?location=document_capture_troubleshooting_options',
-        );
-      });
-    });
   });
 });