Deploy RC 384 to Production

app/assets/stylesheets/_uswds.scss

@@ -14,4 +14,3 @@
 @forward 'usa-skipnav';
 @forward 'usa-tag';
 @forward 'uswds-form-controls';
-@forward 'uswds-utilities';

app/assets/stylesheets/application.css.scss

@@ -3,4 +3,5 @@
 @forward 'uswds';
 @forward 'design-system-waiting-room';
 @forward 'components';
+@forward 'uswds-utilities';
 @forward 'utilities';

app/assets/stylesheets/components/_profile-section.scss

@@ -1,17 +1,5 @@
 @use 'uswds-core' as *;
-@use '../variables/app' as *;
 
 .profile-info-box {
-  border: 0;
-  border-radius: 0;
-  margin-bottom: 0;
-  overflow: hidden;
   padding: units(4);
 }
-
-@include at-media('mobile') {
-  .profile-info-box {
-    border-radius: $border-radius-md;
-    margin-bottom: units(4);
-  }
-}

app/assets/stylesheets/variables/_app.scss

@@ -14,7 +14,6 @@ $sm-h4: 1rem !default;
 $sm-h5: 0.875rem !default;
 $sm-h6: 0.75rem !default;
 
-$border-radius-md: 6px !default;
 $border-radius-xl: 16px !default;
 
 $container-skinny-width: 620px !default;

app/components/countdown_alert_component.rb

@@ -1,20 +1,18 @@
 # frozen_string_literal: true
 
 class CountdownAlertComponent < BaseComponent
-  attr_reader :show_at_remaining, :alert_options, :countdown_options, :redirect_url, :tag_options
+  attr_reader :show_at_remaining, :alert_options, :countdown_options, :tag_options
 
   def initialize(
     show_at_remaining: nil,
     alert_options: {},
     countdown_options: {},
-    redirect_url: nil,
     **tag_options
   )
     @show_at_remaining = show_at_remaining
     @alert_options = alert_options
     @countdown_options = countdown_options
     @tag_options = tag_options
-    @redirect_url = redirect_url
   end
 
   def call
@@ -24,7 +22,6 @@ def call
       **tag_options,
       class: css_class,
       'show-at-remaining': show_at_remaining&.in_milliseconds,
-      'redirect-url': redirect_url,
     )
   end
 

app/controllers/idv/how_to_verify_controller.rb

@@ -12,19 +12,15 @@ class HowToVerifyController < ApplicationController
     check_or_render_not_found -> { self.class.enabled? }
 
     def show
-      @selection = if idv_session.skip_doc_auth == false
-                     Idv::HowToVerifyForm::REMOTE
-      elsif idv_session.skip_doc_auth == true
-        Idv::HowToVerifyForm::IPP
-      end
-
       analytics.idv_doc_auth_how_to_verify_visited(**analytics_arguments)
-      @idv_how_to_verify_form = Idv::HowToVerifyForm.new(selection: @selection)
+      @idv_how_to_verify_form = Idv::HowToVerifyForm.new
     end
 
     def update
       clear_future_steps!
-      result = Idv::HowToVerifyForm.new.submit(how_to_verify_form_params)
+      @idv_how_to_verify_form = Idv::HowToVerifyForm.new
+      result = @idv_how_to_verify_form.submit(how_to_verify_form_params)
+
       if how_to_verify_form_params[:selection] == []
         sendable_form_params = {}
       else
@@ -48,10 +44,8 @@ def update
           idv_session.skip_doc_auth_from_how_to_verify = true
           redirect_to idv_document_capture_url
         end
-
       else
-        flash[:error] = result.first_error_message
-        redirect_to idv_how_to_verify_url
+        render :show, locals: { error: result.first_error_message }
       end
     end
 

app/controllers/two_factor_authentication/backup_code_verification_controller.rb

@@ -22,9 +22,7 @@ def show
     def create
       @backup_code_form = BackupCodeVerificationForm.new(current_user)
       result = @backup_code_form.submit(backup_code_params)
-      analytics.track_mfa_submit_event(
-        result.to_h.merge(new_device: new_device?),
-      )
+      analytics.multi_factor_auth(**result.to_h.merge(new_device: new_device?))
       irs_attempts_api_tracker.mfa_login_backup_code(success: result.success?)
       handle_result(result)
     end

app/controllers/two_factor_authentication/otp_verification_controller.rb

@@ -136,7 +136,7 @@ def post_analytics(result)
       properties = result.to_h.merge(analytics_properties, new_device: new_device?)
       analytics.multi_factor_auth_setup(**properties) if context == 'confirmation'
 
-      analytics.track_mfa_submit_event(properties)
+      analytics.multi_factor_auth(**properties)
 
       if UserSessionContext.reauthentication_context?(context)
         irs_attempts_api_tracker.mfa_login_phone_otp_submitted(

app/controllers/two_factor_authentication/personal_key_verification_controller.rb

@@ -32,7 +32,10 @@ def track_analytics(result)
         new_device: new_device?,
       )
 
-      analytics.track_mfa_submit_event(analytics_hash)
+      analytics.multi_factor_auth(
+        **analytics_hash,
+        pii_like_keypaths: [[:errors, :personal_key], [:error_details, :personal_key]],
+      )
     end
 
     def check_personal_key_enabled

app/controllers/two_factor_authentication/piv_cac_verification_controller.rb

@@ -30,9 +30,7 @@ def redirect_to_piv_cac_service
 
     def process_token
       result = piv_cac_verification_form.submit
-      analytics.track_mfa_submit_event(
-        result.to_h.merge(analytics_properties),
-      )
+      analytics.multi_factor_auth(**result.to_h.merge(analytics_properties))
       irs_attempts_api_tracker.mfa_login_piv_cac(
         success: result.success?,
         subject_dn: piv_cac_verification_form.x509_dn,

app/controllers/two_factor_authentication/totp_verification_controller.rb

@@ -21,7 +21,7 @@ def show
 
     def create
       result = TotpVerificationForm.new(current_user, params.require(:code).strip).submit
-      analytics.track_mfa_submit_event(result.to_h.merge(new_device: new_device?))
+      analytics.multi_factor_auth(**result.to_h.merge(new_device: new_device?))
       irs_attempts_api_tracker.mfa_login_totp(success: result.success?)
 
       if result.success?

app/controllers/two_factor_authentication/webauthn_verification_controller.rb

@@ -18,7 +18,7 @@ def show
 
     def confirm
       result = form.submit
-      analytics.track_mfa_submit_event(
+      analytics.multi_factor_auth(
         **result.to_h,
         **analytics_properties,
         multi_factor_auth_method_created_at:

app/controllers/users/backup_code_setup_controller.rb

@@ -80,16 +80,7 @@ def confirm_backup_codes; end
     private
 
     def validate_multi_mfa_selection
-      if IdentityConfig.store.backup_code_confirm_setup_screen_enabled
-        redirect_to backup_code_confirm_setup_url unless in_multi_mfa_selection_flow?
-      else
-        redirect_to root_url unless internal_referrer?
-      end
-    end
-
-    def internal_referrer?
-      UserSessionContext.reauthentication_context?(context) ||
-        session[:account_redirect_path] || in_multi_mfa_selection_flow?
+      redirect_to backup_code_confirm_setup_url unless in_multi_mfa_selection_flow?
     end
 
     def analytics_properties_for_visit

app/controllers/users/two_factor_authentication_controller.rb

@@ -321,9 +321,14 @@ def send_user_otp(method)
     end
 
     def otp_length
-      bucket = AbTests::IDV_TEN_DIGIT_OTP.bucket(current_user.uuid)
-      length = bucket == :ten_digit_otp ? 'ten' : 'six'
-      I18n.t("telephony.format_length.#{length}")
+      configured_length = TwoFactorAuthenticatable::DIRECT_OTP_LENGTH
+      if configured_length == 6
+        I18n.t('telephony.format_length.six')
+      elsif configured_length == 10
+        I18n.t('telephony.format_length.ten')
+      else
+        raise "Missing translation for OTP length: #{configured_length}"
+      end
     end
 
     def user_selected_default_number

app/forms/idv/api_image_upload_form.rb

@@ -342,13 +342,15 @@ def update_analytics(client_response:, vendor_request_time_in_ms:)
       add_costs(client_response)
       update_funnel(client_response)
       birth_year = client_response.pii_from_doc&.dob&.to_date&.year
+      zip_code = client_response.pii_from_doc&.zipcode&.to_s&.strip&.slice(0, 5)
       analytics.idv_doc_auth_submitted_image_upload_vendor(
         **client_response.to_h.merge(
           birth_year: birth_year,
           client_image_metrics: image_metadata,
           async: false,
           flow_path: params[:flow_path],
           vendor_request_time_in_ms: vendor_request_time_in_ms,
+          zip_code: zip_code,
         ).except(:classification_info).
         merge(acuant_sdk_upgrade_ab_test_data),
       )

app/forms/idv/how_to_verify_form.rb

@@ -9,8 +9,13 @@ class HowToVerifyForm
 
     attr_reader :selection
 
-    validates :selection,
-              presence: { message: proc { I18n.t('errors.doc_auth.how_to_verify_form') } }
+    validates :selection, presence: {
+      message: proc { I18n.t('errors.doc_auth.how_to_verify_form') },
+    }
+    validates :selection, inclusion: {
+      in: [REMOTE, IPP],
+      message: proc { I18n.t('errors.doc_auth.how_to_verify_form') },
+    }
 
     def initialize(selection: nil)
       @selection = selection

app/javascript/packages/countdown/countdown-alert-element.spec.ts

@@ -5,14 +5,9 @@ import './countdown-element';
 describe('CountdownAlertElement', () => {
   const sandbox = useSandbox({ useFakeTimers: true });
 
-  function createElement({
-    showAtRemaining,
-    redirectURL,
-  }: { showAtRemaining?: number; redirectURL?: string } = {}) {
+  function createElement({ showAtRemaining }: { showAtRemaining?: number } = {}) {
     document.body.innerHTML = `
-      <lg-countdown-alert
-        ${showAtRemaining ? `show-at-remaining="${showAtRemaining}"` : ''}
-        ${redirectURL ? `redirect-url="${redirectURL}"` : ''}>
+      <lg-countdown-alert ${showAtRemaining ? `show-at-remaining="${showAtRemaining}"` : ''}>
         <div class="usa-alert usa-alert--info margin-bottom-4 usa-alert--info-time" role="status">
           <div class="usa-alert__body">
             <p class="usa-alert__text">
@@ -46,13 +41,4 @@ describe('CountdownAlertElement', () => {
       expect(element.show).to.have.been.called();
     });
   });
-
-  it('redirects when time has expired', () => {
-    createElement({ redirectURL: '#teapot' });
-
-    sandbox.clock.tick(91000);
-    expect(window.location.hash).to.equal('');
-    sandbox.clock.tick(1000);
-    expect(window.location.hash).to.equal('#teapot');
-  });
 });

app/javascript/packages/countdown/countdown-alert-element.ts

@@ -1,25 +1,16 @@
-import { trackEvent } from '@18f/identity-analytics';
 import type { CountdownElement } from './countdown-element';
 
 export class CountdownAlertElement extends HTMLElement {
   connectedCallback() {
     if (this.showAtRemaining) {
       this.addEventListener('lg:countdown:tick', this.handleShowAtRemainingTick);
     }
-
-    if (this.redirectURL) {
-      this.addEventListener('lg:countdown:tick', this.handleRedirectTick);
-    }
   }
 
   get showAtRemaining(): number | null {
     return Number(this.getAttribute('show-at-remaining')) || null;
   }
 
-  get redirectURL(): string | null {
-    return this.getAttribute('redirect-url') || null;
-  }
-
   get countdown(): CountdownElement {
     return this.querySelector('lg-countdown')!;
   }
@@ -31,18 +22,6 @@ export class CountdownAlertElement extends HTMLElement {
     }
   };
 
-  handleRedirectTick = () => {
-    if (this.countdown.timeRemaining <= 0) {
-      trackEvent('Countdown timeout redirect', {
-        path: this.redirectURL,
-        expiration: this.countdown.expiration,
-        timeRemaining: this.countdown.timeRemaining,
-      });
-      window.location.href = this.redirectURL!;
-      this.removeEventListener('lg:countdown:tick', this.handleRedirectTick);
-    }
-  };
-
   show() {
     this.classList.remove('display-none');
   }

app/javascript/packages/phone-input/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.0",
   "dependencies": {
     "intl-tel-input": "^17.0.19",
-    "libphonenumber-js": "^1.11.1"
+    "libphonenumber-js": "^1.11.2"
   },
   "sideEffects": [
     "./index.ts"

app/models/user.rb

@@ -428,10 +428,6 @@ def has_devices?
     !recent_devices.empty?
   end
 
-  def new_device?(cookie_uuid:)
-    !cookie_uuid || !devices.exists?(cookie_uuid:)
-  end
-
   def authenticated_device?(cookie_uuid:)
     return false if cookie_uuid.blank?
     devices.joins(:events).exists?(cookie_uuid:, events: { event_type: :sign_in_after_2fa })

app/services/analytics.rb

@@ -52,13 +52,6 @@ def first_event_this_session?
     session[:first_event]
   end
 
-  def track_mfa_submit_event(attributes)
-    multi_factor_auth(
-      **attributes,
-      pii_like_keypaths: [[:errors, :personal_key], [:error_details, :personal_key]],
-    )
-  end
-
   def request_attributes
     attributes = {
       user_ip: request.remote_ip,