diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c27d29f2798..7c6b8cab759 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -381,7 +381,6 @@ trigger_devops: }, "railsOffline": "true", "redis": { - "irsAttemptsApiUrl": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379/2", "throttleUrl": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379/1", "url": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379" }, @@ -414,7 +413,6 @@ trigger_devops: }, "railsOffline": "true", "redis": { - "irsAttemptsApiUrl": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379/2", "throttleUrl": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379/1", "url": "redis://$CI_ENVIRONMENT_SLUG-login-chart-redis.review-apps:6379" }, diff --git a/Gemfile.lock b/Gemfile.lock index 7f219b5e301..46020733157 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -79,35 +79,35 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (7.1.3.2) - actionpack (= 7.1.3.2) - activesupport (= 7.1.3.2) + actioncable (7.1.3.3) + actionpack (= 7.1.3.3) + activesupport (= 7.1.3.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.1.3.2) - actionpack (= 7.1.3.2) - activejob (= 7.1.3.2) - activerecord (= 7.1.3.2) - activestorage (= 7.1.3.2) - activesupport (= 7.1.3.2) + actionmailbox (7.1.3.3) + actionpack (= 7.1.3.3) + activejob (= 7.1.3.3) + activerecord (= 7.1.3.3) + activestorage (= 7.1.3.3) + activesupport (= 7.1.3.3) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.1.3.2) - actionpack (= 7.1.3.2) - actionview (= 7.1.3.2) - activejob (= 7.1.3.2) - activesupport (= 7.1.3.2) + actionmailer (7.1.3.3) + actionpack (= 7.1.3.3) + actionview (= 7.1.3.3) + activejob (= 7.1.3.3) + activesupport (= 7.1.3.3) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.2) - actionpack (7.1.3.2) - actionview (= 7.1.3.2) - activesupport (= 7.1.3.2) + actionpack (7.1.3.3) + actionview (= 7.1.3.3) + activesupport (= 7.1.3.3) nokogiri (>= 1.8.5) racc rack (>= 2.2.4) @@ -115,35 +115,35 @@ GEM rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - actiontext (7.1.3.2) - actionpack (= 7.1.3.2) - activerecord (= 7.1.3.2) - activestorage (= 7.1.3.2) - activesupport (= 7.1.3.2) + actiontext (7.1.3.3) + actionpack (= 7.1.3.3) + activerecord (= 7.1.3.3) + activestorage (= 7.1.3.3) + activesupport (= 7.1.3.3) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.1.3.2) - activesupport (= 7.1.3.2) + actionview (7.1.3.3) + activesupport (= 7.1.3.3) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.1.3.2) - activesupport (= 7.1.3.2) + activejob (7.1.3.3) + activesupport (= 7.1.3.3) globalid (>= 0.3.6) - activemodel (7.1.3.2) - activesupport (= 7.1.3.2) - activerecord (7.1.3.2) - activemodel (= 7.1.3.2) - activesupport (= 7.1.3.2) + activemodel (7.1.3.3) + activesupport (= 7.1.3.3) + activerecord (7.1.3.3) + activemodel (= 7.1.3.3) + activesupport (= 7.1.3.3) timeout (>= 0.4.0) - activestorage (7.1.3.2) - actionpack (= 7.1.3.2) - activejob (= 7.1.3.2) - activerecord (= 7.1.3.2) - activesupport (= 7.1.3.2) + activestorage (7.1.3.3) + actionpack (= 7.1.3.3) + activejob (= 7.1.3.3) + activerecord (= 7.1.3.3) + activesupport (= 7.1.3.3) marcel (~> 1.0) - activesupport (7.1.3.2) + activesupport (7.1.3.3) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) @@ -224,7 +224,7 @@ GEM erubi (~> 1.4) parser (>= 2.4) smart_properties - bigdecimal (3.1.7) + bigdecimal (3.1.8) bindata (2.4.15) bootsnap (1.18.3) msgpack (~> 1.2) @@ -257,7 +257,7 @@ GEM coderay (1.1.3) coercible (1.0.0) descendants_tracker (~> 0.0.1) - concurrent-ruby (1.2.3) + concurrent-ruby (1.3.1) connection_pool (2.4.1) cose (1.3.0) cbor (~> 0.5.9) @@ -356,7 +356,7 @@ GEM htmlbeautifier (1.4.2) htmlentities (4.3.4) http_accept_language (2.1.1) - i18n (1.14.4) + i18n (1.14.5) concurrent-ruby (~> 1.0) i18n-tasks (1.0.12) activesupport (>= 4.0.2) @@ -371,8 +371,8 @@ GEM terminal-table (>= 1.5.1) ice_nine (0.11.2) io-console (0.7.2) - irb (1.12.0) - rdoc + irb (1.13.1) + rdoc (>= 4.0.0) reline (>= 0.4.2) jmespath (1.6.2) jsbundling-rails (1.1.2) @@ -416,21 +416,21 @@ GEM net-imap net-pop net-smtp - marcel (1.0.2) + marcel (1.0.4) matrix (0.4.2) maxminddb (0.1.22) memory_profiler (1.0.1) method_source (1.0.0) mini_histogram (0.3.1) mini_mime (1.1.5) - mini_portile2 (2.8.6) - minitest (5.22.3) + mini_portile2 (2.8.7) + minitest (5.23.1) msgpack (1.7.2) multiset (0.5.3) mutex_m (0.2.0) net-http-persistent (4.0.2) connection_pool (~> 2.2) - net-imap (0.4.10) + net-imap (0.4.12) date net-protocol net-pop (0.1.2) @@ -439,11 +439,11 @@ GEM timeout net-sftp (3.0.0) net-ssh (>= 5.0.0, < 7.0.0) - net-smtp (0.4.0.1) + net-smtp (0.5.0) net-protocol net-ssh (6.1.0) newrelic_rpm (9.7.0) - nio4r (2.7.0) + nio4r (2.7.3) nokogiri (1.16.5) mini_portile2 (~> 2.8.2) racc (~> 1.4) @@ -493,7 +493,7 @@ GEM puma (6.4.2) nio4r (~> 2.0) raabro (1.4.0) - racc (1.7.3) + racc (1.8.0) rack (3.0.11) rack-cors (2.0.2) rack (>= 2.0.0) @@ -513,20 +513,20 @@ GEM rackup (2.1.0) rack (>= 3) webrick (~> 1.8) - rails (7.1.3.2) - actioncable (= 7.1.3.2) - actionmailbox (= 7.1.3.2) - actionmailer (= 7.1.3.2) - actionpack (= 7.1.3.2) - actiontext (= 7.1.3.2) - actionview (= 7.1.3.2) - activejob (= 7.1.3.2) - activemodel (= 7.1.3.2) - activerecord (= 7.1.3.2) - activestorage (= 7.1.3.2) - activesupport (= 7.1.3.2) + rails (7.1.3.3) + actioncable (= 7.1.3.3) + actionmailbox (= 7.1.3.3) + actionmailer (= 7.1.3.3) + actionpack (= 7.1.3.3) + actiontext (= 7.1.3.3) + actionview (= 7.1.3.3) + activejob (= 7.1.3.3) + activemodel (= 7.1.3.3) + activerecord (= 7.1.3.3) + activestorage (= 7.1.3.3) + activesupport (= 7.1.3.3) bundler (>= 1.15.0) - railties (= 7.1.3.2) + railties (= 7.1.3.3) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -541,9 +541,9 @@ GEM rails-i18n (7.0.6) i18n (>= 0.7, < 2) railties (>= 6.0.0, < 8) - railties (7.1.3.2) - actionpack (= 7.1.3.2) - activesupport (= 7.1.3.2) + railties (7.1.3.3) + actionpack (= 7.1.3.3) + activesupport (= 7.1.3.3) irb rackup (>= 1.0.0) rake (>= 12.2) @@ -554,7 +554,7 @@ GEM rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - rdoc (6.6.3.1) + rdoc (6.7.0) psych (>= 4.0.0) redacted_struct (2.0.0) redcarpet (3.6.0) @@ -563,7 +563,7 @@ GEM redis-client (0.22.0) connection_pool regexp_parser (2.9.1) - reline (0.5.1) + reline (0.5.8) io-console (~> 0.5) request_store (1.5.1) rack (>= 1.4) @@ -734,7 +734,7 @@ GEM xpath (3.2.0) nokogiri (~> 1.8) yard (0.9.36) - zeitwerk (2.6.13) + zeitwerk (2.6.15) zlib (3.0.0) zonebie (0.6.1) zxcvbn (0.1.9) diff --git a/Makefile b/Makefile index 6137cb4b5d5..dd275d8babb 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,6 @@ ARTIFACT_DESTINATION_FILE ?= ./tmp/idp.tar.gz lint_lockfiles \ lint_new_typescript_files \ lint_optimized_assets \ - lint_tracker_events \ lint_yaml \ lint_yarn_workspaces \ lint_asset_bundle_size \ @@ -72,7 +71,6 @@ else endif @echo "--- analytics_events ---" make lint_analytics_events - make lint_tracker_events make lint_analytics_events_sorted @echo "--- brakeman ---" make brakeman @@ -290,14 +288,11 @@ lint_analytics_events_sorted: @test "$(shell grep '^ def ' app/services/analytics_events.rb)" = "$(shell grep '^ def ' app/services/analytics_events.rb | sort)" \ || (echo '\033[1;31mError: methods in analytics_events.rb are not sorted alphabetically\033[0m' && exit 1) -lint_tracker_events: .yardoc ## Checks that all methods on AnalyticsEvents are documented - bundle exec ruby lib/analytics_events_documenter.rb --class-name="IrsAttemptsApi::TrackerEvents" --check --skip-extra-params $< - public/api/_analytics-events.json: .yardoc .yardoc/objects/root.dat mkdir -p public/api bundle exec ruby lib/analytics_events_documenter.rb --class-name="AnalyticsEvents" --json $< > $@ -.yardoc .yardoc/objects/root.dat: app/services/analytics_events.rb app/services/irs_attempts_api/tracker_events.rb +.yardoc .yardoc/objects/root.dat: app/services/analytics_events.rb bundle exec yard doc \ --fail-on-warning \ --type-tag identity.idp.previous_event_name:"Previous Event Name" \ diff --git a/app/assets/stylesheets/components/_footer.scss b/app/assets/stylesheets/components/_footer.scss index e00be9a86db..993b5081ed6 100644 --- a/app/assets/stylesheets/components/_footer.scss +++ b/app/assets/stylesheets/components/_footer.scss @@ -18,7 +18,7 @@ body { flex-direction: column; font-size: 0.75rem; - @include at-media('tablet') { + @include at-media('desktop') { @include u-bg('primary-darker'); flex-direction: row; } @@ -27,7 +27,7 @@ body { @include u-padding-y(1); text-decoration: none; - @include at-media('tablet') { + @include at-media('desktop') { @include u-padding-y(0); &, &:visited { @@ -39,6 +39,23 @@ body { } } } + + > .footer__agency-logo:first-child { + display: none; + + @include at-media('desktop') { + display: inline-flex; + } + } +} + +.footer__agency-logo { + display: inline-flex; + align-items: center; + + &.usa-link--external::after { + margin-top: 0; + } } .site-wrap { @@ -47,26 +64,49 @@ body { .footer__language-picker { @include at-media-max('tablet') { - @include u-border-bottom(1px, 'primary-light'); - &.language-picker { width: 100%; } } @include at-media('tablet') { + @include u-margin-y(1); + } + + @include at-media('desktop') { @include u-margin-x(2); - @include u-margin-y(0.5); } } .footer__links { - @include u-padding-x(1); + @include u-border-top(1px, 'primary-light'); display: flex; flex-wrap: wrap; + width: 100%; + justify-content: center; - @include at-media('tablet') { + @include at-media('desktop') { @include u-padding-y(1); - @include u-padding-x(0); + @include u-margin-top(0); + @include u-border-top(0); + width: auto; + } + + & + .footer__links { + @include u-border-top(0); + } + + a:not(:last-child) { + @include u-margin-right(1); + + @include at-media('tablet') { + @include u-margin-right(2); + } + } + + .footer__agency-logo { + @include at-media('desktop') { + display: none; + } } } diff --git a/app/assets/stylesheets/components/_language-picker.scss b/app/assets/stylesheets/components/_language-picker.scss index 2b58f3d680c..d0dd141aa71 100644 --- a/app/assets/stylesheets/components/_language-picker.scss +++ b/app/assets/stylesheets/components/_language-picker.scss @@ -8,7 +8,6 @@ .usa-accordion__content { @include u-bg('primary'); @include u-border(1px, 'primary-darker'); - margin: 0.25rem 0 0; overflow: visible; padding: 0; position: absolute; @@ -16,6 +15,11 @@ width: 100%; z-index: 10; bottom: 100%; + + @include at-media('tablet') { + @include u-border(0); + margin: 0 0 units(0.5); + } } } @@ -24,6 +28,7 @@ display: flex; padding: units(0.5) units(1); border-color: transparent; + border-radius: units(0.5); @include at-media-max('tablet') { justify-content: center; @@ -32,7 +37,9 @@ @include at-media('tablet') { border-color: color('primary'); + } + @include at-media('desktop') { &, &:hover { color: color('white'); @@ -76,6 +83,10 @@ .language-picker__list { @include list-reset; + @include at-media('tablet') { + border-radius: units(0.5); + } + a { @include u-padding-y(1.5); display: block; diff --git a/app/controllers/account_reset/cancel_controller.rb b/app/controllers/account_reset/cancel_controller.rb index c5757406f9a..66df8081df5 100644 --- a/app/controllers/account_reset/cancel_controller.rb +++ b/app/controllers/account_reset/cancel_controller.rb @@ -19,7 +19,6 @@ def create result = AccountReset::Cancel.new(session[:cancel_token]).call analytics.account_reset_cancel(**result.to_h) - irs_attempts_api_tracker.account_reset_cancel_request if result.success? handle_success diff --git a/app/controllers/account_reset/pending_controller.rb b/app/controllers/account_reset/pending_controller.rb index 6bc19edcad2..8216687c82b 100644 --- a/app/controllers/account_reset/pending_controller.rb +++ b/app/controllers/account_reset/pending_controller.rb @@ -19,7 +19,6 @@ def confirm def cancel analytics.pending_account_reset_cancelled - irs_attempts_api_tracker.account_reset_cancel_request AccountReset::CancelRequestForUser.new(current_user).call end diff --git a/app/controllers/account_reset/request_controller.rb b/app/controllers/account_reset/request_controller.rb index f279405ad81..904716a59c2 100644 --- a/app/controllers/account_reset/request_controller.rb +++ b/app/controllers/account_reset/request_controller.rb @@ -23,9 +23,6 @@ def create def create_account_reset_request response = AccountReset::CreateRequest.new(current_user, sp_session[:issuer]).call - irs_attempts_api_tracker.account_reset_request_submitted( - success: response.success?, - ) analytics.account_reset_request(**response.to_h, **analytics_attributes) end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b83acd71750..14ece152c6a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -75,10 +75,6 @@ def analytics_user current_user || AnonymousUser.new end - def irs_attempts_api_tracker - @irs_attempts_api_tracker ||= IrsAttemptsApi::Tracker.new - end - def user_event_creator @user_event_creator ||= UserEventCreator.new(request: request, current_user: current_user) end diff --git a/app/controllers/concerns/idv/ab_test_analytics_concern.rb b/app/controllers/concerns/idv/ab_test_analytics_concern.rb index 714eeb895da..241218c681c 100644 --- a/app/controllers/concerns/idv/ab_test_analytics_concern.rb +++ b/app/controllers/concerns/idv/ab_test_analytics_concern.rb @@ -6,36 +6,14 @@ module AbTestAnalyticsConcern include OptInHelper def ab_test_analytics_buckets - buckets = { ab_tests: {} } + buckets = {} if defined?(idv_session) buckets[:skip_hybrid_handoff] = idv_session&.skip_hybrid_handoff buckets = buckets.merge(opt_in_analytics_properties) end - if defined?(document_capture_session_uuid) - lniv_args = LexisNexisInstantVerify.new(document_capture_session_uuid). - workflow_ab_test_analytics_args - buckets = buckets.merge(lniv_args) - end - - if defined?(idv_session) - phone_confirmation_session = idv_session.user_phone_confirmation_session || - PhoneConfirmationSession.new( - code: nil, - phone: nil, - sent_at: nil, - delivery_method: :sms, - user: current_user, - ) - buckets[:ab_tests].merge!( - phone_confirmation_session.ab_test_analytics_args, - ) - end - - buckets.merge!(acuant_sdk_ab_test_analytics_args) - buckets.delete(:ab_tests) if buckets[:ab_tests].blank? - buckets + buckets.merge(acuant_sdk_ab_test_analytics_args) end end end diff --git a/app/controllers/concerns/idv/hybrid_mobile/hybrid_mobile_concern.rb b/app/controllers/concerns/idv/hybrid_mobile/hybrid_mobile_concern.rb index 0768109ef2a..75cd805aa7c 100644 --- a/app/controllers/concerns/idv/hybrid_mobile/hybrid_mobile_concern.rb +++ b/app/controllers/concerns/idv/hybrid_mobile/hybrid_mobile_concern.rb @@ -58,12 +58,6 @@ def handle_invalid_document_capture_session flash[:error] = t('errors.capture_doc.invalid_link') redirect_to root_url end - - def irs_reproofing? - document_capture_user.reproof_for_irs?( - service_provider: current_sp, - ).present? - end end end end diff --git a/app/controllers/concerns/idv/phone_otp_rate_limitable.rb b/app/controllers/concerns/idv/phone_otp_rate_limitable.rb index a6f8869631f..9ee9a529eb8 100644 --- a/app/controllers/concerns/idv/phone_otp_rate_limitable.rb +++ b/app/controllers/concerns/idv/phone_otp_rate_limitable.rb @@ -27,7 +27,6 @@ def reset_attempt_count_if_user_no_longer_locked_out def handle_too_many_otp_sends analytics.idv_phone_confirmation_otp_rate_limit_sends - irs_attempts_api_tracker.idv_phone_otp_sent_rate_limited handle_max_attempts('otp_requests') end diff --git a/app/controllers/concerns/idv/verify_info_concern.rb b/app/controllers/concerns/idv/verify_info_concern.rb index f1770be8e92..61a7d444d84 100644 --- a/app/controllers/concerns/idv/verify_info_concern.rb +++ b/app/controllers/concerns/idv/verify_info_concern.rb @@ -97,13 +97,11 @@ def idv_failure(result) def idv_failure_log_rate_limited(rate_limit_type) if rate_limit_type == :proof_ssn - irs_attempts_api_tracker.idv_verification_rate_limited(limiter_context: 'multi-session') analytics.rate_limit_reached( limiter_type: :proof_ssn, step_name: STEP_NAME, ) elsif rate_limit_type == :idv_resolution - irs_attempts_api_tracker.idv_verification_rate_limited(limiter_context: 'single-session') analytics.rate_limit_reached( limiter_type: :idv_resolution, step_name: STEP_NAME, @@ -162,15 +160,14 @@ def process_async_state(current_async_state) render :show delete_async - - log_idv_verification_submitted_event( - success: false, - ) end end def async_state_done(current_async_state) add_proofing_costs(current_async_state.result) + + create_fraud_review_request_if_needed(current_async_state.result) + form_response = idv_result_to_form_response( result: current_async_state.result, state: pii[:state], @@ -190,9 +187,6 @@ def async_state_done(current_async_state) ], }, ) - log_idv_verification_submitted_event( - success: form_response.success?, - ) form_response.extra[:ssn_is_unique] = DuplicateSsnFinder.new( ssn: idv_session.ssn, @@ -281,19 +275,17 @@ def idv_result_to_form_response( ) end - def log_idv_verification_submitted_event(success: false) - pii_from_doc = pii || {} - irs_attempts_api_tracker.idv_verification_submitted( - success: success, - document_state: pii_from_doc[:state], - document_number: pii_from_doc[:state_id_number], - document_issued: pii_from_doc[:state_id_issued], - document_expiration: pii_from_doc[:state_id_expiration], - first_name: pii_from_doc[:first_name], - last_name: pii_from_doc[:last_name], - date_of_birth: pii_from_doc[:dob], - address: pii_from_doc[:address1], - ssn: idv_session.ssn, + def create_fraud_review_request_if_needed(result) + return unless FeatureManagement.proofing_device_profiling_collecting_enabled? + + threatmetrix_result = result.dig(:context, :stages, :threatmetrix) + return unless threatmetrix_result + + return if threatmetrix_result[:review_status] == 'pass' + + FraudReviewRequest.create( + user: current_user, + login_session_id: Digest::SHA1.hexdigest(current_user.unique_session_id.to_s), ) end @@ -317,24 +309,18 @@ def add_proofing_costs(results) next if hash[:vendor_name] == 'UnsupportedJurisdiction' # transaction_id comes from TransactionLocatorId add_cost(:aamva, transaction_id: hash[:transaction_id]) - track_aamva elsif stage == :threatmetrix # transaction_id comes from request_id - tmx_id = hash[:transaction_id] - log_irs_tmx_fraud_check_event(hash, current_user) if tmx_id - add_cost(:threatmetrix, transaction_id: tmx_id) if tmx_id + if hash[:transaction_id] + add_cost( + :threatmetrix, + transaction_id: hash[:transaction_id], + ) + end end end end - def track_aamva - return unless IdentityConfig.store.state_tracking_enabled - doc_auth_log = DocAuthLog.find_by(user_id: current_user.id) - return unless doc_auth_log - doc_auth_log.aamva = true - doc_auth_log.save! - end - def add_cost(token, transaction_id: nil) Db::SpCost::AddSpCost.call(current_sp, token, transaction_id: transaction_id) end diff --git a/app/controllers/concerns/idv_session_concern.rb b/app/controllers/concerns/idv_session_concern.rb index 87a715c14d3..2099b070e3b 100644 --- a/app/controllers/concerns/idv_session_concern.rb +++ b/app/controllers/concerns/idv_session_concern.rb @@ -19,8 +19,7 @@ def hybrid_session? def idv_needed? user_needs_biometric_comparison? || idv_session_user.active_profile.blank? || - decorated_sp_session.requested_more_recent_verification? || - idv_session_user.reproof_for_irs?(service_provider: current_sp) + decorated_sp_session.requested_more_recent_verification? end def idv_session @@ -31,12 +30,6 @@ def idv_session ) end - def irs_reproofing? - current_user&.reproof_for_irs?( - service_provider: current_sp, - ).present? - end - def document_capture_session_uuid idv_session.document_capture_session_uuid end diff --git a/app/controllers/concerns/new_device_concern.rb b/app/controllers/concerns/new_device_concern.rb index b96b1f64d05..2c1257e5551 100644 --- a/app/controllers/concerns/new_device_concern.rb +++ b/app/controllers/concerns/new_device_concern.rb @@ -1,8 +1,12 @@ # frozen_string_literal: true module NewDeviceConcern - def set_new_device_session - user_session[:new_device] = !current_user.authenticated_device?(cookie_uuid: cookies[:device]) + def set_new_device_session(new_device) + if new_device.nil? + new_device = !current_user.authenticated_device?(cookie_uuid: cookies[:device]) + end + + user_session[:new_device] = new_device end def new_device? diff --git a/app/controllers/concerns/rate_limit_concern.rb b/app/controllers/concerns/rate_limit_concern.rb index 6bca04be9cc..f2202b56b9b 100644 --- a/app/controllers/concerns/rate_limit_concern.rb +++ b/app/controllers/concerns/rate_limit_concern.rb @@ -37,20 +37,12 @@ def confirm_not_rate_limited_for_phone_and_letter_address_verification def rate_limit_redirect!(rate_limit_type) if idv_attempter_rate_limited?(rate_limit_type) - track_rate_limited_event(rate_limit_type) + analytics.rate_limit_reached(limiter_type: rate_limit_type) rate_limited_redirect(rate_limit_type) return true end end - def track_rate_limited_event(rate_limit_type) - analytics_args = { limiter_type: rate_limit_type } - limiter_context = rate_limit_type == :proof_ssn ? 'multi-session' : 'single-session' - - irs_attempts_api_tracker.idv_verification_rate_limited(limiter_context: limiter_context) - analytics.rate_limit_reached(**analytics_args) - end - def rate_limited_redirect(rate_limit_type) case rate_limit_type when :idv_resolution diff --git a/app/controllers/concerns/saml_idp_auth_concern.rb b/app/controllers/concerns/saml_idp_auth_concern.rb index ed7b993576a..cb96960883d 100644 --- a/app/controllers/concerns/saml_idp_auth_concern.rb +++ b/app/controllers/concerns/saml_idp_auth_concern.rb @@ -152,9 +152,7 @@ def link_identity_from_session_data end def identity_needs_verification? - resolved_authn_context_result.identity_proofing? && - (current_user.identity_not_verified? || - current_user.reproof_for_irs?(service_provider: current_sp)) + resolved_authn_context_result.identity_proofing? && current_user.identity_not_verified? end def active_identity diff --git a/app/controllers/concerns/saml_idp_logout_concern.rb b/app/controllers/concerns/saml_idp_logout_concern.rb index 20b8a6bd54c..ef3fb9f7d2e 100644 --- a/app/controllers/concerns/saml_idp_logout_concern.rb +++ b/app/controllers/concerns/saml_idp_logout_concern.rb @@ -66,9 +66,6 @@ def track_logout_event oidc: false, saml_request_valid: sp_initiated ? valid_saml_request? : true, ) - irs_attempts_api_tracker.logout_initiated( - success: true, - ) end def track_remote_logout_event(issuer) diff --git a/app/controllers/concerns/two_factor_authenticatable.rb b/app/controllers/concerns/two_factor_authenticatable.rb index 31ae84c059c..c56d60cf028 100644 --- a/app/controllers/concerns/two_factor_authenticatable.rb +++ b/app/controllers/concerns/two_factor_authenticatable.rb @@ -7,7 +7,8 @@ module TwoFactorAuthenticatable NEED_AUTHENTICATION = 'need_two_factor_authentication' OTP_LENGTH = 6 DIRECT_OTP_LENGTH = 6 - PROOFING_DIRECT_OTP_LENGTH = 6 + PROOFING_SMS_DIRECT_OTP_LENGTH = 6 + PROOFING_VOICE_DIRECT_OTP_LENGTH = 10 ALLOWED_OTP_DRIFT_SECONDS = 30 DIRECT_OTP_VALID_FOR_MINUTES = IdentityConfig.store.otp_valid_for.freeze DIRECT_OTP_VALID_FOR_SECONDS = DIRECT_OTP_VALID_FOR_MINUTES * 60 diff --git a/app/controllers/concerns/two_factor_authenticatable_methods.rb b/app/controllers/concerns/two_factor_authenticatable_methods.rb index c4eea88da74..3f322cfa340 100644 --- a/app/controllers/concerns/two_factor_authenticatable_methods.rb +++ b/app/controllers/concerns/two_factor_authenticatable_methods.rb @@ -27,6 +27,7 @@ def handle_valid_verification_for_authentication_context(auth_method:) ) end + set_new_device_session(false) reset_second_factor_attempts_count end @@ -36,37 +37,15 @@ def authenticate_user authenticate_user!(force: true) end - def handle_second_factor_locked_user(type:, context: nil) + def handle_second_factor_locked_user(type:) analytics.multi_factor_auth_max_attempts event = PushNotification::MfaLimitAccountLockedEvent.new(user: current_user) PushNotification::HttpPush.deliver(event) - - if context && type - if UserSessionContext.authentication_or_reauthentication_context?(context) - irs_attempts_api_tracker.mfa_login_rate_limited(mfa_device_type: type) - elsif UserSessionContext.confirmation_context?(context) - irs_attempts_api_tracker.mfa_enroll_rate_limited(mfa_device_type: type) - end - end - handle_max_attempts(type + '_login_attempts') end - def handle_too_many_otp_sends(phone: nil, context: nil) + def handle_too_many_otp_sends analytics.multi_factor_auth_max_sends - - if context && phone - if UserSessionContext.authentication_or_reauthentication_context?(context) - irs_attempts_api_tracker.mfa_login_phone_otp_sent_rate_limited( - phone_number: phone, - ) - elsif UserSessionContext.confirmation_context?(context) - irs_attempts_api_tracker.mfa_enroll_phone_otp_sent_rate_limited( - phone_number: phone, - ) - end - end - handle_max_attempts('otp_requests') end @@ -126,7 +105,7 @@ def handle_invalid_otp(type:, context: nil) flash.now[:error] = invalid_otp_error(type) if current_user.locked_out? - handle_second_factor_locked_user(context: context, type: type) + handle_second_factor_locked_user(type:) else render_show_after_invalid end diff --git a/app/controllers/concerns/unconfirmed_user_concern.rb b/app/controllers/concerns/unconfirmed_user_concern.rb index 7bdfb0b1ac0..95ee8755bab 100644 --- a/app/controllers/concerns/unconfirmed_user_concern.rb +++ b/app/controllers/concerns/unconfirmed_user_concern.rb @@ -27,20 +27,12 @@ def track_user_already_confirmed_event errors: { email: [t('errors.messages.already_confirmed')] }, user_id: @user.uuid, ) - irs_attempts_api_tracker.user_registration_email_confirmation( - email: @email_address.email, - success: false, - ) end def stop_if_invalid_token result = email_confirmation_token_validator.submit analytics.user_registration_email_confirmation(**result.to_h) return if result.success? - irs_attempts_api_tracker.user_registration_email_confirmation( - email: @email_address&.email, - success: false, - ) process_unsuccessful_confirmation end diff --git a/app/controllers/idv/agreement_controller.rb b/app/controllers/idv/agreement_controller.rb index f18bd4492b9..17786243597 100644 --- a/app/controllers/idv/agreement_controller.rb +++ b/app/controllers/idv/agreement_controller.rb @@ -69,7 +69,6 @@ def analytics_arguments step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: idv_session.skip_hybrid_handoff, - irs_reproofing: irs_reproofing?, }.merge(ab_test_analytics_buckets) end diff --git a/app/controllers/idv/by_mail/enter_code_controller.rb b/app/controllers/idv/by_mail/enter_code_controller.rb index 12cc3f1a5a6..e9a3f230d49 100644 --- a/app/controllers/idv/by_mail/enter_code_controller.rb +++ b/app/controllers/idv/by_mail/enter_code_controller.rb @@ -47,9 +47,6 @@ def create result = @gpo_verify_form.submit analytics.idv_verify_by_mail_enter_code_submitted(**result.to_h) - irs_attempts_api_tracker.idv_gpo_verification_submitted( - success: result.success?, - ) if !result.success? if rate_limiter.limited? diff --git a/app/controllers/idv/by_mail/enter_code_rate_limited_controller.rb b/app/controllers/idv/by_mail/enter_code_rate_limited_controller.rb index 200792223d3..d43c524e62a 100644 --- a/app/controllers/idv/by_mail/enter_code_rate_limited_controller.rb +++ b/app/controllers/idv/by_mail/enter_code_rate_limited_controller.rb @@ -11,7 +11,6 @@ class EnterCodeRateLimitedController < ApplicationController before_action :confirm_verification_needed def index - irs_attempts_api_tracker.idv_gpo_verification_rate_limited analytics.rate_limit_reached( limiter_type: :verify_gpo_key, ) diff --git a/app/controllers/idv/by_mail/request_letter_controller.rb b/app/controllers/idv/by_mail/request_letter_controller.rb index 2b6e0b53afb..4ed84020b46 100644 --- a/app/controllers/idv/by_mail/request_letter_controller.rb +++ b/app/controllers/idv/by_mail/request_letter_controller.rb @@ -74,7 +74,6 @@ def update_tracking phone_step_attempts: gpo_mail_service.phone_step_attempts, **ab_test_analytics_buckets, ) - irs_attempts_api_tracker.idv_gpo_letter_requested(resend: resend_requested?) create_user_event(:gpo_mail_sent, current_user) ProofingComponent.find_or_create_by(user: current_user).update(address_check: 'gpo_letter') diff --git a/app/controllers/idv/document_capture_controller.rb b/app/controllers/idv/document_capture_controller.rb index d7a98770153..11b6515996c 100644 --- a/app/controllers/idv/document_capture_controller.rb +++ b/app/controllers/idv/document_capture_controller.rb @@ -104,7 +104,6 @@ def analytics_arguments flow_path: flow_path, step: 'document_capture', analytics_id: 'Doc Auth', - irs_reproofing: irs_reproofing?, redo_document_capture: idv_session.redo_document_capture, skip_hybrid_handoff: idv_session.skip_hybrid_handoff, liveness_checking_required:, diff --git a/app/controllers/idv/enter_password_controller.rb b/app/controllers/idv/enter_password_controller.rb index 6508f4a7cc2..22d5af84833 100644 --- a/app/controllers/idv/enter_password_controller.rb +++ b/app/controllers/idv/enter_password_controller.rb @@ -31,7 +31,6 @@ def new def create clear_future_steps! - irs_attempts_api_tracker.idv_password_entered(success: true) init_profile @@ -115,7 +114,6 @@ def confirm_current_password fraud_rejection: fraud_rejection?, **ab_test_analytics_buckets, ) - irs_attempts_api_tracker.idv_password_entered(success: false) flash[:error] = t('idv.errors.incorrect_password') redirect_to idv_enter_password_url diff --git a/app/controllers/idv/forgot_password_controller.rb b/app/controllers/idv/forgot_password_controller.rb index 10d404ff951..aa3041b13ff 100644 --- a/app/controllers/idv/forgot_password_controller.rb +++ b/app/controllers/idv/forgot_password_controller.rb @@ -27,7 +27,6 @@ def reset_password(email, request_id) email: email, request_id: request_id, analytics: analytics, - irs_attempts_api_tracker: irs_attempts_api_tracker, ).perform # The user/email is always found so... session[:email] = email diff --git a/app/controllers/idv/how_to_verify_controller.rb b/app/controllers/idv/how_to_verify_controller.rb index 2c05bdef304..2e1bb568966 100644 --- a/app/controllers/idv/how_to_verify_controller.rb +++ b/app/controllers/idv/how_to_verify_controller.rb @@ -79,7 +79,6 @@ def analytics_arguments step: 'how_to_verify', analytics_id: 'Doc Auth', skip_hybrid_handoff: idv_session.skip_hybrid_handoff, - irs_reproofing: irs_reproofing?, }.merge(ab_test_analytics_buckets) end diff --git a/app/controllers/idv/hybrid_handoff_controller.rb b/app/controllers/idv/hybrid_handoff_controller.rb index 3ccf028c36e..94780a731ac 100644 --- a/app/controllers/idv/hybrid_handoff_controller.rb +++ b/app/controllers/idv/hybrid_handoff_controller.rb @@ -36,9 +36,6 @@ def show def update clear_future_steps! - irs_attempts_api_tracker.idv_document_upload_method_selected( - upload_method: params[:type], - ) if params[:type] == 'mobile' handle_phone_submission @@ -87,10 +84,6 @@ def handle_phone_submission if !telephony_result.success? failure(telephony_form_response.errors[:message]) end - irs_attempts_api_tracker.idv_phone_upload_link_sent( - success: telephony_result.success?, - phone_number: formatted_destination_phone, - ) if telephony_result.success? redirect_to idv_link_sent_url @@ -182,7 +175,6 @@ def analytics_arguments { step: 'hybrid_handoff', analytics_id: 'Doc Auth', - irs_reproofing: irs_reproofing?, redo_document_capture: params[:redo] ? true : nil, skip_hybrid_handoff: idv_session.skip_hybrid_handoff, selfie_check_required: idv_session.selfie_check_required, @@ -213,10 +205,6 @@ def rate_limited_failure ), ) - irs_attempts_api_tracker.idv_phone_send_link_rate_limited( - phone_number: formatted_destination_phone, - ) - failure(message) redirect_to idv_hybrid_handoff_url end diff --git a/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb b/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb index 4ed8ece9efd..2ff1c00e77d 100644 --- a/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb +++ b/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb @@ -28,7 +28,6 @@ def analytics_arguments flow_path: 'hybrid', step: 'capture_complete', analytics_id: 'Doc Auth', - irs_reproofing: irs_reproofing?, liveness_checking_required:, }.merge(ab_test_analytics_buckets) end diff --git a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb index 0efbef1595d..9c021801dc2 100644 --- a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb +++ b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb @@ -63,7 +63,6 @@ def analytics_arguments flow_path: 'hybrid', step: 'document_capture', analytics_id: 'Doc Auth', - irs_reproofing: irs_reproofing?, liveness_checking_required: biometric_comparison_required, selfie_check_required: biometric_comparison_required, }.merge( diff --git a/app/controllers/idv/hybrid_mobile/entry_controller.rb b/app/controllers/idv/hybrid_mobile/entry_controller.rb index 50543a02ef9..ecb93db2cce 100644 --- a/app/controllers/idv/hybrid_mobile/entry_controller.rb +++ b/app/controllers/idv/hybrid_mobile/entry_controller.rb @@ -9,8 +9,6 @@ class EntryController < ApplicationController include HybridMobileConcern def show - track_document_capture_session_id_usage - return handle_invalid_document_capture_session if !validate_document_capture_session_id return handle_invalid_document_capture_session if !validate_document_capture_user_id @@ -35,10 +33,6 @@ def request_id params.fetch(:request_id, '') end - def track_document_capture_session_id_usage - irs_attempts_api_tracker.idv_phone_upload_link_used - end - def update_sp_session return if sp_session[:issuer] || request_id.blank? StoreSpMetadataInSession.new(session: session, request_id: request_id).call diff --git a/app/controllers/idv/image_uploads_controller.rb b/app/controllers/idv/image_uploads_controller.rb index 76bcf175e29..1cfc7aeb8d1 100644 --- a/app/controllers/idv/image_uploads_controller.rb +++ b/app/controllers/idv/image_uploads_controller.rb @@ -23,7 +23,6 @@ def image_upload_form service_provider: current_sp, analytics: analytics, uuid_prefix: current_sp&.app_id, - irs_attempts_api_tracker: irs_attempts_api_tracker, liveness_checking_required: resolved_authn_context_result.biometric_comparison?, ) end diff --git a/app/controllers/idv/in_person/address_controller.rb b/app/controllers/idv/in_person/address_controller.rb index 91eed3491e8..9c28badb5a8 100644 --- a/app/controllers/idv/in_person/address_controller.rb +++ b/app/controllers/idv/in_person/address_controller.rb @@ -94,7 +94,6 @@ def analytics_arguments flow_path: idv_session.flow_path, step: 'address', analytics_id: 'In Person Proofing', - irs_reproofing: irs_reproofing?, }.merge(ab_test_analytics_buckets). merge(extra_analytics_properties) end diff --git a/app/controllers/idv/in_person/ssn_controller.rb b/app/controllers/idv/in_person/ssn_controller.rb index 5e56352d9f3..c78c53a4de5 100644 --- a/app/controllers/idv/in_person/ssn_controller.rb +++ b/app/controllers/idv/in_person/ssn_controller.rb @@ -48,10 +48,6 @@ def update analytics.idv_doc_auth_ssn_submitted( **analytics_arguments.merge(form_response.to_h), ) - # This event is not currently logging but should be kept as decided in LG-10110 - irs_attempts_api_tracker.idv_ssn_submitted( - ssn: params[:doc_auth][:ssn], - ) if form_response.success? idv_session.ssn = params[:doc_auth][:ssn] @@ -96,7 +92,6 @@ def analytics_arguments flow_path: idv_session.flow_path, step: 'ssn', analytics_id: 'In Person Proofing', - irs_reproofing: irs_reproofing?, }.merge(ab_test_analytics_buckets). merge(**extra_analytics_properties) end diff --git a/app/controllers/idv/in_person/state_id_controller.rb b/app/controllers/idv/in_person/state_id_controller.rb index dc70b8e02aa..92ddce2bece 100644 --- a/app/controllers/idv/in_person/state_id_controller.rb +++ b/app/controllers/idv/in_person/state_id_controller.rb @@ -109,7 +109,6 @@ def analytics_arguments flow_path: idv_session.flow_path, step: 'state_id', analytics_id: 'In Person Proofing', - irs_reproofing: irs_reproofing?, }.merge(ab_test_analytics_buckets). merge(extra_analytics_properties) end diff --git a/app/controllers/idv/in_person/verify_info_controller.rb b/app/controllers/idv/in_person/verify_info_controller.rb index 48e1752342a..3cc2d49ec90 100644 --- a/app/controllers/idv/in_person/verify_info_controller.rb +++ b/app/controllers/idv/in_person/verify_info_controller.rb @@ -87,7 +87,6 @@ def analytics_arguments flow_path: idv_session.flow_path, step: 'verify', analytics_id: 'In Person Proofing', - irs_reproofing: irs_reproofing?, }.merge(ab_test_analytics_buckets). merge(**extra_analytics_properties) end diff --git a/app/controllers/idv/link_sent_controller.rb b/app/controllers/idv/link_sent_controller.rb index 15bc80e766e..b6a34a99b7c 100644 --- a/app/controllers/idv/link_sent_controller.rb +++ b/app/controllers/idv/link_sent_controller.rb @@ -61,7 +61,6 @@ def analytics_arguments step: 'link_sent', analytics_id: 'Doc Auth', flow_path: 'hybrid', - irs_reproofing: irs_reproofing?, }.merge(ab_test_analytics_buckets) end diff --git a/app/controllers/idv/otp_verification_controller.rb b/app/controllers/idv/otp_verification_controller.rb index 4253e861938..8132aff6da8 100644 --- a/app/controllers/idv/otp_verification_controller.rb +++ b/app/controllers/idv/otp_verification_controller.rb @@ -24,11 +24,6 @@ def update result = phone_confirmation_otp_verification_form.submit(code: params[:code]) analytics.idv_phone_confirmation_otp_submitted(**result.to_h, **ab_test_analytics_buckets) - irs_attempts_api_tracker.idv_phone_otp_submitted( - success: result.success?, - phone_number: idv_session.user_phone_confirmation_session.phone, - ) - if result.success? idv_session.mark_phone_step_complete! save_in_person_notification_phone @@ -95,21 +90,15 @@ def phone_confirmation_otp_verification_form @phone_confirmation_otp_verification_form ||= PhoneConfirmationOtpVerificationForm.new( user: current_user, user_phone_confirmation_session: idv_session.user_phone_confirmation_session, - irs_attempts_api_tracker: irs_attempts_api_tracker, ) end def code_length - if ten_digit_otp? - 10 + if idv_session.user_phone_confirmation_session.delivery_method == :voice + TwoFactorAuthenticatable::PROOFING_VOICE_DIRECT_OTP_LENGTH else - TwoFactorAuthenticatable::PROOFING_DIRECT_OTP_LENGTH + TwoFactorAuthenticatable::PROOFING_SMS_DIRECT_OTP_LENGTH end end - - def ten_digit_otp? - AbTests::IDV_TEN_DIGIT_OTP.bucket(current_user.uuid) == :ten_digit_otp && - idv_session.user_phone_confirmation_session.delivery_method == :voice - end end end diff --git a/app/controllers/idv/personal_key_controller.rb b/app/controllers/idv/personal_key_controller.rb index 310d335f15f..4d18dcbc6b1 100644 --- a/app/controllers/idv/personal_key_controller.rb +++ b/app/controllers/idv/personal_key_controller.rb @@ -88,8 +88,6 @@ def finish_idv_session @personal_key_generated_at = current_user.personal_key_generated_at idv_session.personal_key = @code - - irs_attempts_api_tracker.idv_personal_key_generated end def personal_key diff --git a/app/controllers/idv/phone_controller.rb b/app/controllers/idv/phone_controller.rb index e8972f9197c..1ba7c799603 100644 --- a/app/controllers/idv/phone_controller.rb +++ b/app/controllers/idv/phone_controller.rb @@ -51,10 +51,6 @@ def create call(:verify_phone, :update, result.success?) analytics.idv_phone_confirmation_form_submitted(**result.to_h, **ab_test_analytics_buckets) - irs_attempts_api_tracker.idv_phone_submitted( - success: result.success?, - phone_number: step_params[:phone], - ) if result.success? submit_proofing_attempt redirect_to idv_phone_path @@ -115,12 +111,6 @@ def send_phone_confirmation_otp_and_handle_result analytics.idv_phone_confirmation_otp_sent( **result.to_h.merge(adapter: Telephony.config.adapter), ) - - irs_attempts_api_tracker.idv_phone_otp_sent( - phone_number: @idv_phone, - success: result.success?, - otp_delivery_method: idv_session.previous_phone_step_params[:otp_delivery_preference], - ) if result.success? redirect_to idv_otp_verification_url else @@ -149,7 +139,6 @@ def step idv_session: idv_session, trace_id: amzn_trace_id, analytics: analytics, - attempts_tracker: irs_attempts_api_tracker, ) end diff --git a/app/controllers/idv/ssn_controller.rb b/app/controllers/idv/ssn_controller.rb index ecb1a7a954f..4c7934c54d7 100644 --- a/app/controllers/idv/ssn_controller.rb +++ b/app/controllers/idv/ssn_controller.rb @@ -46,9 +46,6 @@ def update analytics.idv_doc_auth_ssn_submitted( **analytics_arguments.merge(form_response.to_h), ) - irs_attempts_api_tracker.idv_ssn_submitted( - ssn: params[:doc_auth][:ssn], - ) if form_response.success? idv_session.ssn = params[:doc_auth][:ssn] @@ -87,7 +84,6 @@ def analytics_arguments flow_path: idv_session.flow_path, step: 'ssn', analytics_id: 'Doc Auth', - irs_reproofing: irs_reproofing?, }.merge(ab_test_analytics_buckets) end end diff --git a/app/controllers/idv/verify_info_controller.rb b/app/controllers/idv/verify_info_controller.rb index e7c0388f7d2..b9990d401d5 100644 --- a/app/controllers/idv/verify_info_controller.rb +++ b/app/controllers/idv/verify_info_controller.rb @@ -74,7 +74,6 @@ def analytics_arguments flow_path: flow_path, step: 'verify', analytics_id: 'Doc Auth', - irs_reproofing: irs_reproofing?, }.merge(ab_test_analytics_buckets) end diff --git a/app/controllers/idv/welcome_controller.rb b/app/controllers/idv/welcome_controller.rb index 74699676cce..c2928c47884 100644 --- a/app/controllers/idv/welcome_controller.rb +++ b/app/controllers/idv/welcome_controller.rb @@ -48,7 +48,6 @@ def analytics_arguments { step: 'welcome', analytics_id: 'Doc Auth', - irs_reproofing: irs_reproofing?, }.merge(ab_test_analytics_buckets) end diff --git a/app/controllers/openid_connect/authorization_controller.rb b/app/controllers/openid_connect/authorization_controller.rb index 76bfbada3a2..d6afe6f0108 100644 --- a/app/controllers/openid_connect/authorization_controller.rb +++ b/app/controllers/openid_connect/authorization_controller.rb @@ -140,10 +140,9 @@ def track_handoff_analytics(result, attributes = {}) end def identity_needs_verification? - (resolved_authn_context_result.identity_proofing? && + resolved_authn_context_result.identity_proofing? && (current_user.identity_not_verified? || - decorated_sp_session.requested_more_recent_verification?)) || - current_user.reproof_for_irs?(service_provider: current_sp) + decorated_sp_session.requested_more_recent_verification?) end def biometric_comparison_needed? diff --git a/app/controllers/openid_connect/logout_controller.rb b/app/controllers/openid_connect/logout_controller.rb index bceb0fc2217..16f042142d2 100644 --- a/app/controllers/openid_connect/logout_controller.rb +++ b/app/controllers/openid_connect/logout_controller.rb @@ -7,16 +7,21 @@ class LogoutController < ApplicationController include OpenidConnectRedirectConcern before_action :set_devise_failure_redirect_for_concurrent_session_logout, - only: [:logout] + only: [:show, :create] before_action :confirm_two_factor_authenticated, only: [:delete] + skip_before_action :verify_authenticity_token, only: [:create] - # Handle logout (with confirmation if initiated by relying partner) - def logout + # +GET+ Handle logout (with confirmation if initiated by relying partner) + # @see {OpenID Connect RP-Initiated Logout 1.0 Specification}[https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout] # rubocop:disable Layout/LineLength + def show @logout_form = build_logout_form result = @logout_form.submit redirect_uri = result.extra[:redirect_uri] - - analytics.oidc_logout_requested(**to_event(result)) + analytics.oidc_logout_requested( + **to_event(result), + method: request.method.to_s, + original_method: session[:original_method], + ) if result.success? && redirect_uri handle_successful_logout_request(result, redirect_uri) @@ -25,6 +30,13 @@ def logout end end + # +POST+ Handle logout request (with confirmation if initiated by relying partner) + # @see {OpenID Connect RP-Initiated Logout 1.0 Specification}[https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout] # rubocop:disable Layout/LineLength + def create + session[:original_method] = request.method.to_s + redirect_to action: :show, **logout_params + end + # Sign out without confirmation def delete @logout_form = build_logout_form @@ -89,6 +101,7 @@ def require_logout_confirmation? current_user end + # @return [OpenidConnectLogoutForm] def build_logout_form OpenidConnectLogoutForm.new( params: logout_params, @@ -96,6 +109,8 @@ def build_logout_form ) end + # @param result [FormResponse] Response from submitting @logout_form + # @param redirect_uri [String] The URL to redirect the user to after logout def handle_successful_logout_request(result, redirect_uri) apply_logout_secure_headers_override(redirect_uri, @logout_form.service_provider) if require_logout_confirmation? @@ -117,7 +132,6 @@ def handle_successful_logout_request(result, redirect_uri) def handle_logout(result, redirect_uri) analytics.logout_initiated(**to_event(result)) - irs_attempts_api_tracker.logout_initiated(success: result.success?) sign_out diff --git a/app/controllers/sign_out_controller.rb b/app/controllers/sign_out_controller.rb index 9f10b5df728..038f7a7a924 100644 --- a/app/controllers/sign_out_controller.rb +++ b/app/controllers/sign_out_controller.rb @@ -5,9 +5,6 @@ class SignOutController < ApplicationController def destroy analytics.logout_initiated(method: 'cancel link') - irs_attempts_api_tracker.logout_initiated( - success: true, - ) url_after_cancellation = decorated_sp_session.cancel_link_url sign_out flash[:success] = t('devise.sessions.signed_out') diff --git a/app/controllers/sign_up/completions_controller.rb b/app/controllers/sign_up/completions_controller.rb index ae83a189aaf..f665f0d85fc 100644 --- a/app/controllers/sign_up/completions_controller.rb +++ b/app/controllers/sign_up/completions_controller.rb @@ -84,7 +84,6 @@ def analytics_attributes(page_occurence) ialmax: resolved_authn_context_result.ialmax?, service_provider_name: decorated_sp_session.sp_name, sp_session_requested_attributes: sp_session[:requested_attributes], - sp_request_requested_attributes: service_provider_request.requested_attributes, page_occurence: page_occurence, in_account_creation_flow: user_session[:in_account_creation_flow] || false, needs_completion_screen_reason: needs_completion_screen_reason, diff --git a/app/controllers/sign_up/email_confirmations_controller.rb b/app/controllers/sign_up/email_confirmations_controller.rb index c34e52b8f31..545be42ee5d 100644 --- a/app/controllers/sign_up/email_confirmations_controller.rb +++ b/app/controllers/sign_up/email_confirmations_controller.rb @@ -25,10 +25,6 @@ def clear_setup_piv_cac_from_sign_in def process_successful_confirmation process_valid_confirmation_token - irs_attempts_api_tracker.user_registration_email_confirmation( - email: @email_address&.email, - success: true, - ) redirect_to sign_up_enter_password_url(confirmation_token: @confirmation_token) end diff --git a/app/controllers/sign_up/passwords_controller.rb b/app/controllers/sign_up/passwords_controller.rb index 10892ad3b03..bc46df04310 100644 --- a/app/controllers/sign_up/passwords_controller.rb +++ b/app/controllers/sign_up/passwords_controller.rb @@ -42,9 +42,6 @@ def render_page def track_analytics(result) analytics.password_creation(**result.to_h) - irs_attempts_api_tracker.user_registration_password_submitted( - success: result.success?, - ) end def permitted_params diff --git a/app/controllers/sign_up/registrations_controller.rb b/app/controllers/sign_up/registrations_controller.rb index 83e420643e7..0c02b4cbf99 100644 --- a/app/controllers/sign_up/registrations_controller.rb +++ b/app/controllers/sign_up/registrations_controller.rb @@ -11,27 +11,17 @@ class RegistrationsController < ApplicationController CREATE_ACCOUNT = 'create_account' def new - @register_user_email_form = RegisterUserEmailForm.new( - analytics: analytics, - attempts_tracker: irs_attempts_api_tracker, - ) + @register_user_email_form = RegisterUserEmailForm.new(analytics:) analytics.user_registration_enter_email_visit render :new, formats: :html end def create - @register_user_email_form = RegisterUserEmailForm.new( - analytics: analytics, - attempts_tracker: irs_attempts_api_tracker, - ) + @register_user_email_form = RegisterUserEmailForm.new(analytics:) result = @register_user_email_form.submit(permitted_params.merge(request_id:)) analytics.user_registration_email(**result.to_h) - irs_attempts_api_tracker.user_registration_email_submitted( - email: permitted_params[:email], - success: result.success?, - ) if result.success? process_successful_creation diff --git a/app/controllers/two_factor_authentication/backup_code_verification_controller.rb b/app/controllers/two_factor_authentication/backup_code_verification_controller.rb index 7c5831edf57..33a459e5a96 100644 --- a/app/controllers/two_factor_authentication/backup_code_verification_controller.rb +++ b/app/controllers/two_factor_authentication/backup_code_verification_controller.rb @@ -23,7 +23,6 @@ def create @backup_code_form = BackupCodeVerificationForm.new(current_user) result = @backup_code_form.submit(backup_code_params) analytics.multi_factor_auth(**result.to_h.merge(new_device: new_device?)) - irs_attempts_api_tracker.mfa_login_backup_code(success: result.success?) handle_result(result) end @@ -55,7 +54,7 @@ def handle_invalid_backup_code flash.now[:error] = t('two_factor_authentication.invalid_backup_code') if current_user.locked_out? - handle_second_factor_locked_user(context: context, type: 'backup_code') + handle_second_factor_locked_user(type: 'backup_code') else render_show_after_invalid end diff --git a/app/controllers/two_factor_authentication/otp_verification_controller.rb b/app/controllers/two_factor_authentication/otp_verification_controller.rb index f3ca89a228f..6a8bb4cbc17 100644 --- a/app/controllers/two_factor_authentication/otp_verification_controller.rb +++ b/app/controllers/two_factor_authentication/otp_verification_controller.rb @@ -137,22 +137,6 @@ def post_analytics(result) analytics.multi_factor_auth_setup(**properties) if context == 'confirmation' analytics.multi_factor_auth(**properties) - - if UserSessionContext.reauthentication_context?(context) - irs_attempts_api_tracker.mfa_login_phone_otp_submitted( - reauthentication: true, - success: properties[:success], - ) - elsif UserSessionContext.authentication_or_reauthentication_context?(context) - irs_attempts_api_tracker.mfa_login_phone_otp_submitted( - reauthentication: false, - success: properties[:success], - ) - elsif UserSessionContext.confirmation_context?(context) - irs_attempts_api_tracker.mfa_enroll_phone_otp_submitted( - success: properties[:success], - ) - end end def analytics_properties diff --git a/app/controllers/two_factor_authentication/piv_cac_verification_controller.rb b/app/controllers/two_factor_authentication/piv_cac_verification_controller.rb index ccd783d158e..de12c333a0d 100644 --- a/app/controllers/two_factor_authentication/piv_cac_verification_controller.rb +++ b/app/controllers/two_factor_authentication/piv_cac_verification_controller.rb @@ -31,10 +31,6 @@ def redirect_to_piv_cac_service def process_token result = piv_cac_verification_form.submit analytics.multi_factor_auth(**result.to_h.merge(analytics_properties)) - irs_attempts_api_tracker.mfa_login_piv_cac( - success: result.success?, - subject_dn: piv_cac_verification_form.x509_dn, - ) session[:sign_in_flow] = :sign_in if result.success? handle_valid_piv_cac diff --git a/app/controllers/two_factor_authentication/totp_verification_controller.rb b/app/controllers/two_factor_authentication/totp_verification_controller.rb index 28c50c48444..fb3644a589c 100644 --- a/app/controllers/two_factor_authentication/totp_verification_controller.rb +++ b/app/controllers/two_factor_authentication/totp_verification_controller.rb @@ -22,7 +22,6 @@ def show def create result = TotpVerificationForm.new(current_user, params.require(:code).strip).submit analytics.multi_factor_auth(**result.to_h.merge(new_device: new_device?)) - irs_attempts_api_tracker.mfa_login_totp(success: result.success?) if result.success? handle_valid_verification_for_authentication_context( diff --git a/app/controllers/two_factor_authentication/webauthn_verification_controller.rb b/app/controllers/two_factor_authentication/webauthn_verification_controller.rb index 75f8e6255a3..66c20807202 100644 --- a/app/controllers/two_factor_authentication/webauthn_verification_controller.rb +++ b/app/controllers/two_factor_authentication/webauthn_verification_controller.rb @@ -26,12 +26,6 @@ def confirm new_device: new_device?, ) - if analytics_properties[:multi_factor_auth_method] == 'webauthn_platform' - irs_attempts_api_tracker.mfa_login_webauthn_platform(success: result.success?) - elsif analytics_properties[:multi_factor_auth_method] == 'webauthn' - irs_attempts_api_tracker.mfa_login_webauthn_roaming(success: result.success?) - end - handle_webauthn_result(result) end diff --git a/app/controllers/users/backup_code_setup_controller.rb b/app/controllers/users/backup_code_setup_controller.rb index 0de1097304b..f5d8cc9f696 100644 --- a/app/controllers/users/backup_code_setup_controller.rb +++ b/app/controllers/users/backup_code_setup_controller.rb @@ -22,7 +22,6 @@ def index result = BackupCodeSetupForm.new(current_user).submit visit_result = result.to_h.merge(analytics_properties_for_visit) analytics.backup_code_setup_visit(**visit_result) - irs_attempts_api_tracker.mfa_enroll_backup_code(success: result.success?) generate_codes track_backup_codes_created @@ -35,7 +34,6 @@ def create result = BackupCodeSetupForm.new(current_user).submit visit_result = result.to_h.merge(analytics_properties_for_visit) analytics.backup_code_setup_visit(**visit_result) - irs_attempts_api_tracker.mfa_enroll_backup_code(success: result.success?) generate_codes track_backup_codes_created diff --git a/app/controllers/users/delete_controller.rb b/app/controllers/users/delete_controller.rb index 7ad65cab568..a58e6cbb72f 100644 --- a/app/controllers/users/delete_controller.rb +++ b/app/controllers/users/delete_controller.rb @@ -13,7 +13,6 @@ def show end def delete - irs_attempts_api_tracker.logged_in_account_purged(success: true) send_push_notifications notify_user_via_email_of_deletion notify_user_via_sms_of_deletion @@ -38,7 +37,6 @@ def confirm_current_password flash.now[:error] = t('idv.errors.incorrect_password') analytics.account_delete_submitted(success: false) - irs_attempts_api_tracker.logged_in_account_purged(success: false) render :show end diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb index a7d2cad33c7..f921cd995e3 100644 --- a/app/controllers/users/passwords_controller.rb +++ b/app/controllers/users/passwords_controller.rb @@ -22,9 +22,6 @@ def update result = @update_user_password_form.submit(user_params) analytics.password_changed(**result.to_h) - irs_attempts_api_tracker.logged_in_password_change( - success: result.success?, - ) if result.success? handle_valid_password diff --git a/app/controllers/users/piv_cac_authentication_setup_controller.rb b/app/controllers/users/piv_cac_authentication_setup_controller.rb index f2d1986940d..9b32434f741 100644 --- a/app/controllers/users/piv_cac_authentication_setup_controller.rb +++ b/app/controllers/users/piv_cac_authentication_setup_controller.rb @@ -69,10 +69,6 @@ def process_piv_cac_setup result = user_piv_cac_form.submit properties = result.to_h.merge(analytics_properties) analytics.multi_factor_auth_setup(**properties) - irs_attempts_api_tracker.mfa_enroll_piv_cac( - success: result.success?, - subject_dn: user_piv_cac_form.x509_dn, - ) if result.success? process_valid_submission else diff --git a/app/controllers/users/piv_cac_login_controller.rb b/app/controllers/users/piv_cac_login_controller.rb index 19a2181ef2a..37fe97e3806 100644 --- a/app/controllers/users/piv_cac_login_controller.rb +++ b/app/controllers/users/piv_cac_login_controller.rb @@ -75,7 +75,7 @@ def process_valid_submission presented: true, ) - set_new_device_session + set_new_device_session(nil) handle_valid_verification_for_authentication_context( auth_method: TwoFactorAuthenticatable::AuthMethod::PIV_CAC, ) diff --git a/app/controllers/users/piv_cac_setup_from_sign_in_controller.rb b/app/controllers/users/piv_cac_setup_from_sign_in_controller.rb index 75a03214dcf..16c6733047f 100644 --- a/app/controllers/users/piv_cac_setup_from_sign_in_controller.rb +++ b/app/controllers/users/piv_cac_setup_from_sign_in_controller.rb @@ -42,10 +42,6 @@ def process_piv_cac_setup result = user_piv_cac_form.submit properties = result.to_h.merge(analytics_properties) analytics.multi_factor_auth_setup(**properties) - irs_attempts_api_tracker.mfa_enroll_piv_cac( - success: result.success?, - subject_dn: user_piv_cac_form.x509_dn, - ) if result.success? process_valid_submission else diff --git a/app/controllers/users/reset_passwords_controller.rb b/app/controllers/users/reset_passwords_controller.rb index 47b11696dc5..6735cf17fb8 100644 --- a/app/controllers/users/reset_passwords_controller.rb +++ b/app/controllers/users/reset_passwords_controller.rb @@ -31,9 +31,6 @@ def edit result = PasswordResetTokenValidator.new(token_user).submit analytics.password_reset_token(**result.to_h) - irs_attempts_api_tracker.forgot_password_email_confirmed( - success: result.success?, - ) if result.success? @reset_password_form = ResetPasswordForm.new(build_user) @forbidden_passwords = forbidden_passwords(token_user.email_addresses) @@ -51,9 +48,6 @@ def update result = @reset_password_form.submit(user_params) analytics.password_reset_password(**result.to_h) - irs_attempts_api_tracker.forgot_password_new_password_submitted( - success: result.success?, - ) if result.success? session.delete(:reset_password_token) @@ -94,7 +88,6 @@ def handle_valid_email email: email, request_id: request_id, analytics: analytics, - irs_attempts_api_tracker: irs_attempts_api_tracker, ).perform session[:email] = email diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb index b6015b46228..315af26fffa 100644 --- a/app/controllers/users/sessions_controller.rb +++ b/app/controllers/users/sessions_controller.rb @@ -47,9 +47,6 @@ def destroy redirect_to root_path else analytics.logout_initiated(sp_initiated: false, oidc: false) - irs_attempts_api_tracker.logout_initiated( - success: true, - ) super end end @@ -74,7 +71,6 @@ def increment_session_bad_password_count end def process_locked_out_session - irs_attempts_api_tracker.login_rate_limited(email: auth_params[:email]) warden.logout(:user) warden.lock! flash[:error] = t('errors.sign_in.bad_password_limit') @@ -113,7 +109,7 @@ def process_locked_out_user def handle_valid_authentication sign_in(resource_name, resource) cache_profiles(auth_params[:password]) - set_new_device_session + set_new_device_session(nil) event, = create_user_event(:sign_in_before_2fa) UserAlerts::AlertUserAboutNewDevice.schedule_alert(event:) if new_device? EmailAddress.update_last_sign_in_at_on_user_id_and_email( @@ -138,10 +134,6 @@ def track_authentication_attempt(email) sp_request_url_present: sp_session[:request_url].present?, remember_device: remember_device_cookie.present?, ) - irs_attempts_api_tracker.login_email_and_password_auth( - email: email, - success: success, - ) end def user_signed_in_and_not_locked_out?(user) diff --git a/app/controllers/users/totp_setup_controller.rb b/app/controllers/users/totp_setup_controller.rb index ade7c281565..fb9524a8be1 100644 --- a/app/controllers/users/totp_setup_controller.rb +++ b/app/controllers/users/totp_setup_controller.rb @@ -30,10 +30,6 @@ def confirm properties = result.to_h.merge(analytics_properties) analytics.multi_factor_auth_setup(**properties) - irs_attempts_api_tracker.mfa_enroll_totp( - success: result.success?, - ) - if result.success? process_valid_code else diff --git a/app/controllers/users/two_factor_authentication_controller.rb b/app/controllers/users/two_factor_authentication_controller.rb index 79bcb6135ac..b56ccf6524b 100644 --- a/app/controllers/users/two_factor_authentication_controller.rb +++ b/app/controllers/users/two_factor_authentication_controller.rb @@ -176,17 +176,11 @@ def handle_valid_otp_params(otp_delivery_selection_result, method, default = nil otp_rate_limiter.reset_count_and_otp_last_sent_at if current_user.no_longer_locked_out? if exceeded_otp_send_limit? - return handle_too_many_otp_sends( - phone: parsed_phone.e164, - context: context, - ) + return handle_too_many_otp_sends end otp_rate_limiter.increment if exceeded_otp_send_limit? - return handle_too_many_otp_sends( - phone: parsed_phone.e164, - context: context, - ) + return handle_too_many_otp_sends end if exceeded_short_term_otp_rate_limit? @@ -236,28 +230,6 @@ def track_events(otp_delivery_preference:, otp_delivery_selection_result:) reason: RecaptchaAnnotator::AnnotationReasons::INITIATED_TWO_FACTOR, ), ) - - if UserSessionContext.reauthentication_context?(context) - irs_attempts_api_tracker.mfa_login_phone_otp_sent( - success: @telephony_result.success?, - reauthentication: true, - phone_number: parsed_phone.e164, - otp_delivery_method: otp_delivery_preference, - ) - elsif UserSessionContext.authentication_or_reauthentication_context?(context) - irs_attempts_api_tracker.mfa_login_phone_otp_sent( - success: @telephony_result.success?, - reauthentication: false, - phone_number: parsed_phone.e164, - otp_delivery_method: otp_delivery_preference, - ) - elsif UserSessionContext.confirmation_context?(context) - irs_attempts_api_tracker.mfa_enroll_phone_otp_sent( - success: @telephony_result.success?, - phone_number: parsed_phone.e164, - otp_delivery_method: otp_delivery_preference, - ) - end end def exceeded_otp_send_limit? diff --git a/app/controllers/users/two_factor_authentication_setup_controller.rb b/app/controllers/users/two_factor_authentication_setup_controller.rb index 492acb4bcee..c6c16fd86fe 100644 --- a/app/controllers/users/two_factor_authentication_setup_controller.rb +++ b/app/controllers/users/two_factor_authentication_setup_controller.rb @@ -23,10 +23,6 @@ def index def create result = submit_form analytics.user_registration_2fa_setup(**result.to_h) - irs_attempts_api_tracker.mfa_enroll_options_selected( - success: result.success?, - mfa_device_types: @two_factor_options_form.selection, - ) if result.success? process_valid_form diff --git a/app/controllers/users/verify_password_controller.rb b/app/controllers/users/verify_password_controller.rb index a75f6b6a0c9..e592d396eab 100644 --- a/app/controllers/users/verify_password_controller.rb +++ b/app/controllers/users/verify_password_controller.rb @@ -15,10 +15,6 @@ def new def update result = verify_password_form.submit - irs_attempts_api_tracker.logged_in_profile_change_reauthentication_submitted( - success: result.success?, - ) - analytics.reactivate_account_verify_password_submitted(success: result.success?) if result.success? @@ -38,7 +34,6 @@ def confirm_personal_key def handle_success(result) user_session[:personal_key] = result.extra[:personal_key] - irs_attempts_api_tracker.idv_personal_key_generated reactivate_account_session.clear redirect_to manage_personal_key_url end diff --git a/app/controllers/users/verify_personal_key_controller.rb b/app/controllers/users/verify_personal_key_controller.rb index d92815acac7..30914e01b6e 100644 --- a/app/controllers/users/verify_personal_key_controller.rb +++ b/app/controllers/users/verify_personal_key_controller.rb @@ -37,9 +37,6 @@ def create [:error_details, :personal_key, :personal_key], ], ) - irs_attempts_api_tracker.personal_key_reactivation_submitted( - success: result.success?, - ) if result.success? handle_success(decrypted_pii: personal_key_form.decrypted_pii) else @@ -62,8 +59,6 @@ def render_rate_limited limiter_type: :verify_personal_key, ) - irs_attempts_api_tracker.personal_key_reactivation_rate_limited - @expires_at = rate_limiter.expires_at render :rate_limited end diff --git a/app/controllers/users/webauthn_setup_controller.rb b/app/controllers/users/webauthn_setup_controller.rb index 4f633ead285..b87f260439a 100644 --- a/app/controllers/users/webauthn_setup_controller.rb +++ b/app/controllers/users/webauthn_setup_controller.rb @@ -41,13 +41,6 @@ def new save_challenge_in_session @exclude_credentials = exclude_credentials @need_to_set_up_additional_mfa = need_to_set_up_additional_mfa? - if !result.success? - if @platform_authenticator - irs_attempts_api_tracker.mfa_enroll_webauthn_platform(success: false) - else - irs_attempts_api_tracker.mfa_enroll_webauthn_roaming(success: false) - end - end if result.errors.present? analytics.webauthn_setup_submitted( @@ -79,12 +72,6 @@ def confirm properties = result.to_h.merge(analytics_properties) analytics.multi_factor_auth_setup(**properties) - if @platform_authenticator - irs_attempts_api_tracker.mfa_enroll_webauthn_platform(success: result.success?) - else - irs_attempts_api_tracker.mfa_enroll_webauthn_roaming(success: result.success?) - end - if result.success? process_valid_webauthn(form) else diff --git a/app/forms/idv/api_image_upload_form.rb b/app/forms/idv/api_image_upload_form.rb index cb97b7314da..5e53082199d 100644 --- a/app/forms/idv/api_image_upload_form.rb +++ b/app/forms/idv/api_image_upload_form.rb @@ -14,15 +14,18 @@ class ApiImageUploadForm validate :validate_duplicate_images, if: :image_resubmission_check? validate :limit_if_rate_limited - def initialize(params, service_provider:, analytics: nil, - uuid_prefix: nil, irs_attempts_api_tracker: nil, - liveness_checking_required: false) + def initialize( + params, + service_provider:, + analytics: nil, + uuid_prefix: nil, + liveness_checking_required: false + ) @params = params @service_provider = service_provider @analytics = analytics @readable = {} @uuid_prefix = uuid_prefix - @irs_attempts_api_tracker = irs_attempts_api_tracker @liveness_checking_required = liveness_checking_required end @@ -48,14 +51,13 @@ def submit failed_fingerprints = store_failed_images(client_response, doc_pii_response) response.extra[:failed_image_fingerprints] = failed_fingerprints - track_event(response) response end private attr_reader :params, :analytics, :service_provider, :form_response, :uuid_prefix, - :irs_attempts_api_tracker, :liveness_checking_required + :liveness_checking_required def increment_rate_limiter! return unless document_capture_session @@ -301,7 +303,6 @@ def limit_if_rate_limited def track_rate_limited analytics.rate_limit_reached(limiter_type: :idv_doc_auth) - irs_attempts_api_tracker.idv_document_upload_rate_limited end def document_capture_session_uuid @@ -435,25 +436,6 @@ def rate_limited? rate_limiter.limited? if document_capture_session end - def track_event(response) - pii_from_doc = response.pii_from_doc.to_h || {} - - irs_attempts_api_tracker.idv_document_upload_submitted( - success: response.success?, - document_state: pii_from_doc[:state], - document_number: pii_from_doc[:state_id_number], - document_issued: pii_from_doc[:state_id_issued], - document_expiration: pii_from_doc[:state_id_expiration], - document_front_image_filename: nil, - document_back_image_filename: nil, - document_image_encryption_key: nil, - first_name: pii_from_doc[:first_name], - last_name: pii_from_doc[:last_name], - date_of_birth: pii_from_doc[:dob], - address: pii_from_doc[:address1], - ) - end - ## # Store failed image fingerprints in document_capture_session_result # when client_response is not successful and not a network error diff --git a/app/forms/idv/phone_confirmation_otp_verification_form.rb b/app/forms/idv/phone_confirmation_otp_verification_form.rb index 25b9f7c3325..447b97101ec 100644 --- a/app/forms/idv/phone_confirmation_otp_verification_form.rb +++ b/app/forms/idv/phone_confirmation_otp_verification_form.rb @@ -2,12 +2,11 @@ module Idv class PhoneConfirmationOtpVerificationForm - attr_reader :user, :user_phone_confirmation_session, :irs_attempts_api_tracker, :code + attr_reader :user, :user_phone_confirmation_session, :code - def initialize(user:, user_phone_confirmation_session:, irs_attempts_api_tracker:) + def initialize(user:, user_phone_confirmation_session:) @user = user @user_phone_confirmation_session = user_phone_confirmation_session - @irs_attempts_api_tracker = irs_attempts_api_tracker end def submit(code:) @@ -34,10 +33,6 @@ def clear_second_factor_attempts def increment_second_factor_attempts user.increment_second_factor_attempts_count! - - if user.max_login_attempts? - irs_attempts_api_tracker.idv_phone_otp_submitted_rate_limited(phone_number: user_phone) - end end def user_phone diff --git a/app/forms/openid_connect_logout_form.rb b/app/forms/openid_connect_logout_form.rb index 6dbf8734518..582906342a2 100644 --- a/app/forms/openid_connect_logout_form.rb +++ b/app/forms/openid_connect_logout_form.rb @@ -46,6 +46,7 @@ def initialize(params:, current_user:) @identity = load_identity end + # @return [FormResponse] def submit @success = valid? diff --git a/app/forms/register_user_email_form.rb b/app/forms/register_user_email_form.rb index e01c85f04b5..6baaed9f4a0 100644 --- a/app/forms/register_user_email_form.rb +++ b/app/forms/register_user_email_form.rb @@ -15,10 +15,9 @@ def self.model_name ActiveModel::Name.new(self, nil, 'User') end - def initialize(analytics:, attempts_tracker:) + def initialize(analytics:) @rate_limited = false @analytics = analytics - @attempts_tracker = attempts_tracker end def user @@ -141,9 +140,6 @@ def send_sign_up_email(request_id) @analytics.rate_limit_reached( limiter_type: :reg_unconfirmed_email, ) - @attempts_tracker.user_registration_email_submission_rate_limited( - email: email, email_already_registered: false, - ) else user.accepted_terms_at = Time.zone.now user.save! @@ -159,9 +155,6 @@ def send_sign_up_unconfirmed_email(request_id) @analytics.rate_limit_reached( limiter_type: :reg_unconfirmed_email, ) - @attempts_tracker.user_registration_email_submission_rate_limited( - email: email, email_already_registered: false, - ) else SendSignUpEmailConfirmation.new(existing_user).call(request_id: request_id) end @@ -174,9 +167,6 @@ def send_sign_up_confirmed_email @analytics.rate_limit_reached( limiter_type: :reg_confirmed_email, ) - @attempts_tracker.user_registration_email_submission_rate_limited( - email: email, email_already_registered: true, - ) else UserMailer.with(user: existing_user, email_address: email_address_record). signup_with_your_email.deliver_now_or_later diff --git a/app/jobs/resolution_proofing_job.rb b/app/jobs/resolution_proofing_job.rb index 9a7372d61df..d62ff8278e1 100644 --- a/app/jobs/resolution_proofing_job.rb +++ b/app/jobs/resolution_proofing_job.rb @@ -26,7 +26,7 @@ def perform( service_provider_issuer: nil, # rubocop:disable Lint/UnusedMethodArgument threatmetrix_session_id: nil, request_ip: nil, - instant_verify_ab_test_discriminator: nil + instant_verify_ab_test_discriminator: nil # rubocop:disable Lint/UnusedMethodArgument ) timer = JobHelpers::Timer.new @@ -49,7 +49,6 @@ def perform( request_ip: request_ip, should_proof_state_id: should_proof_state_id, ipp_enrollment_in_progress: ipp_enrollment_in_progress, - instant_verify_ab_test_discriminator: instant_verify_ab_test_discriminator, ) document_capture_session = DocumentCaptureSession.new(result_id: result_id) @@ -76,10 +75,9 @@ def make_vendor_proofing_requests( threatmetrix_session_id:, request_ip:, should_proof_state_id:, - ipp_enrollment_in_progress:, - instant_verify_ab_test_discriminator: + ipp_enrollment_in_progress: ) - result = resolution_proofer(instant_verify_ab_test_discriminator).proof( + result = resolution_proofer.proof( applicant_pii: applicant_pii, user_email: user&.confirmed_email_addresses&.first&.email, threatmetrix_session_id: threatmetrix_session_id, @@ -114,9 +112,8 @@ def logger_info_hash(hash) logger.info(hash.to_json) end - def resolution_proofer(instant_verify_ab_test_discriminator) - @resolution_proofer ||= Proofing::Resolution::ProgressiveProofer. - new(instant_verify_ab_test_discriminator) + def resolution_proofer + @resolution_proofer ||= Proofing::Resolution::ProgressiveProofer.new end def add_threatmetrix_proofing_component(user_id, threatmetrix_result) diff --git a/app/models/account_reset_request.rb b/app/models/account_reset_request.rb index 0e4cd85d53a..7977ae354c3 100644 --- a/app/models/account_reset_request.rb +++ b/app/models/account_reset_request.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class AccountResetRequest < ApplicationRecord - self.ignored_columns = %w[reported_fraud_at] - belongs_to :user # rubocop:disable Rails/InverseOf belongs_to :requesting_service_provider, diff --git a/app/models/doc_auth_log.rb b/app/models/doc_auth_log.rb index 498147064e9..468f95a4705 100644 --- a/app/models/doc_auth_log.rb +++ b/app/models/doc_auth_log.rb @@ -11,6 +11,7 @@ class DocAuthLog < ApplicationRecord # rubocop:disable Rails/UnusedIgnoredColumns self.ignored_columns = [ + :aamva, :email_sent_view_at, :email_sent_view_count, :send_link_view_at, diff --git a/app/models/profile.rb b/app/models/profile.rb index 3bf0af2240b..1b7b2caeb44 100644 --- a/app/models/profile.rb +++ b/app/models/profile.rb @@ -138,8 +138,6 @@ def activate_after_passing_review ) activate end - - track_fraud_review_adjudication(decision: 'pass') if active? end def activate_after_fraud_review_unnecessary @@ -229,9 +227,6 @@ def reject_for_fraud(notify_user:) fraud_review_pending_at: nil, fraud_rejection_at: Time.zone.now, ) - track_fraud_review_adjudication( - decision: notify_user ? 'manual_reject' : 'automatic_reject', - ) UserAlerts::AlertUserAboutAccountRejected.call(user) if notify_user end @@ -299,25 +294,12 @@ def self.build_compound_pii(pii) values.join(':') end - def irs_attempts_api_tracker - @irs_attempts_api_tracker ||= IrsAttemptsApi::Tracker.new - end - private def confirm_that_profile_can_be_activated! raise reason_not_to_activate if reason_not_to_activate end - def track_fraud_review_adjudication(decision:) - fraud_review_request = user.fraud_review_requests.last - irs_attempts_api_tracker.fraud_review_adjudicated( - decision: decision, - cached_irs_session_id: fraud_review_request&.irs_session_id, - cached_login_session_id: fraud_review_request&.login_session_id, - ) - end - def personal_key_generator @personal_key_generator ||= PersonalKeyGenerator.new(user) end diff --git a/app/models/user.rb b/app/models/user.rb index 843d990fc2b..97a88772a90 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -366,20 +366,14 @@ def identity_not_verified? !identity_verified? end - def identity_verified?(service_provider: nil) - active_profile.present? && !reproof_for_irs?(service_provider: service_provider) + def identity_verified? + active_profile.present? end def identity_verified_with_biometric_comparison? BIOMETRIC_COMPARISON_IDV_LEVELS.include?(active_profile&.idv_level) end - def reproof_for_irs?(service_provider:) - return false unless service_provider&.irs_attempts_api_enabled - return false unless active_profile.present? - !active_profile.initiating_service_provider&.irs_attempts_api_enabled - end - # This user's most recently activated profile that has also been deactivated # due to a password reset, or nil if there is no such profile def password_reset_profile diff --git a/app/services/account_reset/delete_account.rb b/app/services/account_reset/delete_account.rb index 332dc98133e..1fa187682aa 100644 --- a/app/services/account_reset/delete_account.rb +++ b/app/services/account_reset/delete_account.rb @@ -4,7 +4,6 @@ module AccountReset class DeleteAccount include ActiveModel::Model include GrantedTokenValidator - include TrackIrsEvent def initialize(token, request, analytics) @token = token @@ -17,7 +16,6 @@ def call track_account_age track_mfa_method_counts - track_irs_event if sp extra = extra_analytics_attributes diff --git a/app/services/account_reset/track_irs_event.rb b/app/services/account_reset/track_irs_event.rb deleted file mode 100644 index d0bd8fde275..00000000000 --- a/app/services/account_reset/track_irs_event.rb +++ /dev/null @@ -1,24 +0,0 @@ -# frozen_string_literal: true - -# Mixin for account reset event tracking -# Assumes these methods exist on the including class: -# - sp -# - success -# - errors -# - request -# - analytics -module AccountReset::TrackIrsEvent - def track_irs_event - irs_attempts_api_tracker.account_reset_account_deleted( - success: success, - ) - end - - def irs_attempts_api_tracker - @irs_attempts_api_tracker ||= IrsAttemptsApi::Tracker.new - end - - def cookies - request.cookie_jar - end -end diff --git a/app/services/account_reset/validate_granted_token.rb b/app/services/account_reset/validate_granted_token.rb index a3d66de8bc6..161d4996e3e 100644 --- a/app/services/account_reset/validate_granted_token.rb +++ b/app/services/account_reset/validate_granted_token.rb @@ -4,7 +4,6 @@ module AccountReset class ValidateGrantedToken include ActiveModel::Model include GrantedTokenValidator - include TrackIrsEvent def initialize(token, request, analytics) @token = token @@ -14,7 +13,6 @@ def initialize(token, request, analytics) def call @success = valid? - track_irs_event if !success && sp FormResponse.new(success: success, errors: errors, extra: extra_analytics_attributes) end diff --git a/app/services/analytics_events.rb b/app/services/analytics_events.rb index d3c37ff3486..da01005b8a1 100644 --- a/app/services/analytics_events.rb +++ b/app/services/analytics_events.rb @@ -1363,8 +1363,8 @@ def idv_enter_password_visited( # @param [String, nil] deactivation_reason Reason user's profile was deactivated, if any. # @param [Boolean] fraud_review_pending Profile is under review for fraud # @param [Boolean] fraud_rejection Profile is rejected due to fraud - # @param [Boolean] gpo_verification_pending Profile is awaiting gpo verificaiton - # @param [Boolean] in_person_verification_pending Profile is awaiting in person verificaiton + # @param [Boolean] gpo_verification_pending Profile is awaiting gpo verification + # @param [Boolean] in_person_verification_pending Profile is awaiting in person verification # @param [Idv::ProofingComponentsLogging] proofing_components User's current proofing components # @param [String,nil] active_profile_idv_level ID verification level of user's active profile. # @param [String,nil] pending_profile_idv_level ID verification level of user's pending profile. @@ -1843,14 +1843,12 @@ def idv_in_person_prepare_visited(flow_path:, opted_in_to_in_person_proofing:, * # @param [String] flow_path # @param [String] step # @param [String] analytics_id - # @param [Boolean] irs_reproofing # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing # address page visited def idv_in_person_proofing_address_visited( flow_path: nil, step: nil, analytics_id: nil, - irs_reproofing: nil, opted_in_to_in_person_proofing: nil, **extra ) @@ -1859,7 +1857,6 @@ def idv_in_person_proofing_address_visited( flow_path: flow_path, step: step, analytics_id: analytics_id, - irs_reproofing: irs_reproofing, opted_in_to_in_person_proofing: opted_in_to_in_person_proofing, **extra, ) @@ -1868,7 +1865,6 @@ def idv_in_person_proofing_address_visited( # @param [String] flow_path # @param [String] step # @param [String] analytics_id - # @param [Boolean] irs_reproofing # @param [Boolean] success # @param [Hash] errors # @param [Boolean] same_address_as_id @@ -1877,7 +1873,6 @@ def idv_in_person_proofing_cancel_update_state_id( flow_path: nil, step: nil, analytics_id: nil, - irs_reproofing: nil, success: nil, errors: nil, same_address_as_id: nil, @@ -1888,7 +1883,6 @@ def idv_in_person_proofing_cancel_update_state_id( flow_path: flow_path, step: step, analytics_id: analytics_id, - irs_reproofing: irs_reproofing, success: success, errors: errors, same_address_as_id: same_address_as_id, @@ -1968,7 +1962,6 @@ def idv_in_person_proofing_nontransliterable_characters_submitted( # @param [String] flow_path # @param [String] step # @param [String] analytics_id - # @param [Boolean] irs_reproofing # @param [Boolean] success # @param [Hash] errors # @param [Boolean] same_address_as_id @@ -1977,7 +1970,6 @@ def idv_in_person_proofing_redo_state_id_submitted( flow_path: nil, step: nil, analytics_id: nil, - irs_reproofing: nil, success: nil, errors: nil, same_address_as_id: nil, @@ -1988,7 +1980,6 @@ def idv_in_person_proofing_redo_state_id_submitted( flow_path: flow_path, step: step, analytics_id: analytics_id, - irs_reproofing: irs_reproofing, success: success, errors: errors, same_address_as_id: same_address_as_id, @@ -2003,7 +1994,6 @@ def idv_in_person_proofing_residential_address_submitted(**extra) # @param [String] flow_path # @param [String] step # @param [String] analytics_id - # @param [Boolean] irs_reproofing # @param [Boolean] success # @param [Hash] errors # @param [Boolean, nil] same_address_as_id @@ -2013,7 +2003,6 @@ def idv_in_person_proofing_state_id_submitted( flow_path: nil, step: nil, analytics_id: nil, - irs_reproofing: nil, success: nil, errors: nil, same_address_as_id: nil, @@ -2025,7 +2014,6 @@ def idv_in_person_proofing_state_id_submitted( flow_path: flow_path, step: step, analytics_id: analytics_id, - irs_reproofing: irs_reproofing, success: success, errors: errors, same_address_as_id: same_address_as_id, @@ -2037,14 +2025,12 @@ def idv_in_person_proofing_state_id_submitted( # @param [String] flow_path # @param [String] step # @param [String] analytics_id - # @param [Boolean] irs_reproofing # @param [Boolean] opted_in_to_in_person_proofing User opted into in person proofing # State id page visited def idv_in_person_proofing_state_id_visited( flow_path: nil, step: nil, analytics_id: nil, - irs_reproofing: nil, opted_in_to_in_person_proofing: nil, **extra ) @@ -2053,7 +2039,6 @@ def idv_in_person_proofing_state_id_visited( flow_path: flow_path, step: step, analytics_id: analytics_id, - irs_reproofing: irs_reproofing, opted_in_to_in_person_proofing: opted_in_to_in_person_proofing, **extra, ) @@ -3639,20 +3624,22 @@ def logout_initiated( # @param [Boolean] success Whether authentication was successful # @param [Hash] errors Authentication error reasons, if unsuccessful # @param [Hash] error_details Details for error that occurred in unsuccessful submission - # @param [String] context - # @param [Boolean] new_device - # @param [String] multi_factor_auth_method + # @param ["authentication","reauthentication","confirmation"] context User session context + # @param [Boolean] new_device Whether the user is authenticating from a new device + # @param [String] multi_factor_auth_method Authentication method used # @param [DateTime] multi_factor_auth_method_created_at time auth method was created - # @param [Integer] auth_app_configuration_id - # @param [Integer] piv_cac_configuration_id - # @param [Integer] key_id - # @param [Integer] webauthn_configuration_id - # @param [Integer] phone_configuration_id - # @param [Boolean] confirmation_for_add_phone - # @param [String] area_code - # @param [String] country_code + # @param [Integer] auth_app_configuration_id Database ID of authentication app configuration + # @param [Integer] piv_cac_configuration_id Database ID of PIV/CAC configuration + # @param [Integer] key_id PIV/CAC key_id + # @param [Integer] webauthn_configuration_id Database ID of WebAuthn configuration + # @param [Integer] phone_configuration_id Database ID of phone configuration + # @param [Boolean] confirmation_for_add_phone Whether authenticating while adding phone + # @param [String] area_code Area code of phone number + # @param [String] country_code Country code associated with phone number # @param [String] phone_fingerprint the hmac fingerprint of the phone number formatted as e164 # @param [String] frontend_error Name of error that occurred in frontend during submission + # @param [Boolean] in_account_creation_flow Whether user is going through account creation flow + # @param [Integer] enabled_mfa_methods_count Number of MFAs associated with user # Multi-Factor Authentication def multi_factor_auth( success:, @@ -3673,6 +3660,8 @@ def multi_factor_auth( country_code: nil, phone_fingerprint: nil, frontend_error: nil, + in_account_creation_flow: nil, + enabled_mfa_methods_count: nil, **extra ) track_event( @@ -3696,6 +3685,8 @@ def multi_factor_auth( country_code: country_code, phone_fingerprint: phone_fingerprint, frontend_error:, + in_account_creation_flow:, + enabled_mfa_methods_count:, **extra, }.compact, ) @@ -3764,24 +3755,39 @@ def multi_factor_auth_enter_backup_code_visit(context:, **extra) ) end - # @param [String] context + # @param ["authentication","reauthentication","confirmation"] context User session context # @param [String] multi_factor_auth_method # @param [Boolean] confirmation_for_add_phone # @param [Integer] phone_configuration_id + # @param [String] area_code Area code of phone number + # @param [String] country_code Abbreviated 2-letter country code associated with phone number + # @param [String] phone_fingerprint Fingerprint hash of phone number + # @param [Boolean] in_account_creation_flow Whether user is going through account creation flow + # @param [Integer] enabled_mfa_methods_count Number of MFAs associated with user # Multi-Factor Authentication enter OTP visited def multi_factor_auth_enter_otp_visit( context:, multi_factor_auth_method:, confirmation_for_add_phone:, phone_configuration_id:, + area_code:, + country_code:, + phone_fingerprint:, + in_account_creation_flow:, + enabled_mfa_methods_count:, **extra ) track_event( 'Multi-Factor Authentication: enter OTP visited', - context: context, - multi_factor_auth_method: multi_factor_auth_method, - confirmation_for_add_phone: confirmation_for_add_phone, - phone_configuration_id: phone_configuration_id, + context:, + multi_factor_auth_method:, + confirmation_for_add_phone:, + phone_configuration_id:, + area_code:, + country_code:, + phone_fingerprint:, + in_account_creation_flow:, + enabled_mfa_methods_count:, **extra, ) end @@ -3945,6 +3951,7 @@ def no_js_detect_stylesheet_loaded(location:, **extra) # @param [Hash] errors # @param [Hash] error_details # @param [String] method + # @param [String] original_method Method of referring request # OIDC Logout Requested def oidc_logout_requested( success: nil, @@ -3957,6 +3964,7 @@ def oidc_logout_requested( errors: nil, error_details: nil, method: nil, + original_method: nil, **extra ) track_event( @@ -3971,6 +3979,7 @@ def oidc_logout_requested( oidc: oidc, saml_request_valid: saml_request_valid, method: method, + original_method: original_method, **extra, ) end @@ -4056,17 +4065,23 @@ def oidc_logout_visited( end # Tracks when a sucessful openid authorization request is returned + # @param [Boolean] success Whether form validations were succcessful + # @param [Boolean] user_sp_authorized Whether user granted consent during this authorization # @param [String] client_id # @param [String] code_digest hash of returned "code" param def openid_connect_authorization_handoff( + success:, + user_sp_authorized:, client_id:, code_digest:, **extra ) track_event( 'OpenID Connect: authorization request handoff', - client_id: client_id, - code_digest: code_digest, + success:, + user_sp_authorized:, + client_id:, + code_digest:, **extra, ) end @@ -4158,29 +4173,32 @@ def openid_connect_token(client_id:, user_id:, code_digest:, expires_in:, ial:, end # Tracks when user makes an otp delivery selection + # @param [Boolean] success Whether the form was submitted successfully. + # @param [Hash] errors Errors resulting from form validation + # @param ["authentication","reauthentication","confirmation"] context User session context # @param [String] otp_delivery_preference (sms or voice) - # @param [Boolean] resend - # @param [String] country_code - # @param [String] area_code - # @param ["authentication","reauthentication","confirmation"] context user session context - # @param [Hash] pii_like_keypaths + # @param [Boolean] resend True if the user re-requested a code + # @param [String] country_code Country code associated with phone number + # @param [String] area_code Area code of phone number def otp_delivery_selection( + success:, + errors:, + context:, otp_delivery_preference:, resend:, country_code:, area_code:, - context:, - pii_like_keypaths:, **extra ) track_event( 'OTP: Delivery Selection', - otp_delivery_preference: otp_delivery_preference, - resend: resend, - country_code: country_code, - area_code: area_code, - context: context, - pii_like_keypaths: pii_like_keypaths, + success:, + errors:, + context:, + otp_delivery_preference:, + resend:, + country_code:, + area_code:, **extra, ) end @@ -5179,14 +5197,14 @@ def user_registration_2fa_setup_visit( end # User registration has been handed off to agency page - # @param [Boolean] ial2 - # @param [Integer] ialmax - # @param [String] service_provider_name - # @param [String] page_occurence - # @param [String] needs_completion_screen_reason + # @param [Boolean] ial2 Whether the user registration was for a verified identity + # @param [Integer] ialmax Whether the user registration was for an IALMax request + # @param [String] service_provider_name The friendly name of the service provider + # @param ['account-page','agency-page'] page_occurence Where the user concluded registration + # @param ['new_sp','new_attributes','reverified_after_consent'] needs_completion_screen_reason The + # reason for the consent screen being shown # @param [Boolean] in_account_creation_flow Whether user is going through account creation - # @param [Array] sp_request_requested_attributes - # @param [Array] sp_session_requested_attributes + # @param [Array] sp_session_requested_attributes Attributes requested by the service provider def user_registration_agency_handoff_page_visit( ial2:, service_provider_name:, @@ -5194,7 +5212,6 @@ def user_registration_agency_handoff_page_visit( needs_completion_screen_reason:, in_account_creation_flow:, sp_session_requested_attributes:, - sp_request_requested_attributes: nil, ialmax: nil, **extra ) @@ -5206,7 +5223,6 @@ def user_registration_agency_handoff_page_visit( page_occurence:, needs_completion_screen_reason:, in_account_creation_flow:, - sp_request_requested_attributes:, sp_session_requested_attributes:, **extra, ) @@ -5223,35 +5239,36 @@ def user_registration_cancellation(request_came_from:, **extra) end # Tracks when user completes registration - # @param [Boolean] ial2 - # @param [Boolean] ialmax - # @param [String] service_provider_name - # @param [String] page_occurence - # @param [String] needs_completion_screen_reason - # @param [Array] sp_request_requested_attributes - # @param [Array] sp_session_requested_attributes + # @param [Boolean] ial2 Whether the user registration was for a verified identity + # @param [Boolean] ialmax Whether the user registration was for an IALMax request + # @param [String] service_provider_name The friendly name of the service provider + # @param ['account-page','agency-page'] page_occurence Where the user concluded registration + # @param ['new_sp','new_attributes','reverified_after_consent'] needs_completion_screen_reason The + # reason for the consent screen being shown + # @param [Array] sp_session_requested_attributes Attributes requested by the service provider + # @param [Boolean] in_account_creation_flow Whether user is going through account creation flow # @param [String, nil] disposable_email_domain Disposable email domain used for registration def user_registration_complete( ial2:, service_provider_name:, page_occurence:, + in_account_creation_flow:, needs_completion_screen_reason:, sp_session_requested_attributes:, - sp_request_requested_attributes: nil, ialmax: nil, disposable_email_domain: nil, **extra ) track_event( 'User registration: complete', - ial2: ial2, - ialmax: ialmax, - service_provider_name: service_provider_name, - page_occurence: page_occurence, - needs_completion_screen_reason: needs_completion_screen_reason, - sp_request_requested_attributes: sp_request_requested_attributes, - sp_session_requested_attributes: sp_session_requested_attributes, - disposable_email_domain: disposable_email_domain, + ial2:, + ialmax:, + service_provider_name:, + page_occurence:, + in_account_creation_flow:, + needs_completion_screen_reason:, + sp_session_requested_attributes:, + disposable_email_domain:, **extra, ) end diff --git a/app/services/flow/base_flow.rb b/app/services/flow/base_flow.rb index 4f9ca188018..2abf1843902 100644 --- a/app/services/flow/base_flow.rb +++ b/app/services/flow/base_flow.rb @@ -82,6 +82,6 @@ def successful_response end delegate :flash, :session, :current_user, :current_sp, :params, :request, - :poll_with_meta_refresh, :analytics, :irs_attempts_api_tracker, to: :@controller + :poll_with_meta_refresh, :analytics, to: :@controller end end diff --git a/app/services/flow/flow_state_machine.rb b/app/services/flow/flow_state_machine.rb index d00569774a2..c2add6ff2e1 100644 --- a/app/services/flow/flow_state_machine.rb +++ b/app/services/flow/flow_state_machine.rb @@ -190,9 +190,6 @@ def analytics_properties step: current_step, step_count: current_flow_step_counts[current_step_name], analytics_id: @analytics_id, - irs_reproofing: current_user&.reproof_for_irs?( - service_provider: current_sp, - ).present?, }.merge(flow.extra_analytics_properties). merge(**opt_in_analytics_properties) end diff --git a/app/services/idv/agent.rb b/app/services/idv/agent.rb index 02d4e2792b0..83733a59295 100644 --- a/app/services/idv/agent.rb +++ b/app/services/idv/agent.rb @@ -26,8 +26,8 @@ def proof_resolution( should_proof_state_id: should_proof_state_id, trace_id: trace_id, result_id: document_capture_session.result_id, - instant_verify_ab_test_discriminator: document_capture_session.uuid, user_id: user_id, + service_provider_issuer: document_capture_session.issuer, threatmetrix_session_id: threatmetrix_session_id, request_ip: request_ip, ipp_enrollment_in_progress: ipp_enrollment_in_progress, diff --git a/app/services/idv/lexis_nexis_instant_verify.rb b/app/services/idv/lexis_nexis_instant_verify.rb deleted file mode 100644 index b4558b03087..00000000000 --- a/app/services/idv/lexis_nexis_instant_verify.rb +++ /dev/null @@ -1,36 +0,0 @@ -# frozen_string_literal: true - -module Idv - class LexisNexisInstantVerify - attr_reader :document_capture_session_uuid - - def initialize(document_capture_session_uuid) - @document_capture_session_uuid = document_capture_session_uuid - end - - def workflow_ab_test_analytics_args - { - lexisnexis_instant_verify_workflow_ab_test_bucket: - AbTests::LEXISNEXIS_INSTANT_VERIFY_WORKFLOW.bucket(document_capture_session_uuid), - } - end - - def workflow_ab_testing_variables - bucket = AbTests::LEXISNEXIS_INSTANT_VERIFY_WORKFLOW.bucket(document_capture_session_uuid) - testing_enabled = IdentityConfig.store.lexisnexis_instant_verify_workflow_ab_testing_enabled - use_alternate_workflow = (bucket == :use_alternate_workflow) - - if use_alternate_workflow - instant_verify_workflow = IdentityConfig.store.lexisnexis_instant_verify_workflow_alternate - else - instant_verify_workflow = IdentityConfig.store.lexisnexis_instant_verify_workflow - end - - { - ab_testing_enabled: testing_enabled, - use_alternate_workflow: use_alternate_workflow, - instant_verify_workflow: instant_verify_workflow, - } - end - end -end diff --git a/app/services/idv/phone_confirmation_session.rb b/app/services/idv/phone_confirmation_session.rb index fa269c829a1..8c58074aaf1 100644 --- a/app/services/idv/phone_confirmation_session.rb +++ b/app/services/idv/phone_confirmation_session.rb @@ -4,13 +4,14 @@ module Idv class PhoneConfirmationSession attr_reader :code, :phone, :sent_at, :delivery_method, :user - def self.generate_code(user:, delivery_method:) - bucket = AbTests::IDV_TEN_DIGIT_OTP.bucket(user&.uuid) - if delivery_method == :voice && bucket == :ten_digit_otp - OtpCodeGenerator.generate_digits(10) - else # original, bucket defaults to :six_alphanumeric_otp + def self.generate_code(delivery_method:) + if delivery_method == :voice + OtpCodeGenerator.generate_digits( + TwoFactorAuthenticatable::PROOFING_VOICE_DIRECT_OTP_LENGTH, + ) + else OtpCodeGenerator.generate_alphanumeric_digits( - TwoFactorAuthenticatable::PROOFING_DIRECT_OTP_LENGTH, + TwoFactorAuthenticatable::PROOFING_SMS_DIRECT_OTP_LENGTH, ) end end @@ -25,7 +26,7 @@ def initialize(code:, phone:, sent_at:, delivery_method:, user:) def self.start(phone:, delivery_method:, user:) new( - code: generate_code(user: user, delivery_method: delivery_method), + code: generate_code(delivery_method: delivery_method), phone: phone, sent_at: Time.zone.now, delivery_method: delivery_method, @@ -33,19 +34,9 @@ def self.start(phone:, delivery_method:, user:) ) end - def ab_test_analytics_args - return {} unless IdentityConfig.store.ab_testing_idv_ten_digit_otp_enabled - - { - AbTests::IDV_TEN_DIGIT_OTP.experiment_name => { - bucket: AbTests::IDV_TEN_DIGIT_OTP.bucket(user.uuid), - }, - } - end - def regenerate_otp self.class.new( - code: self.class.generate_code(user: user, delivery_method: delivery_method), + code: self.class.generate_code(delivery_method: delivery_method), phone: phone, sent_at: Time.zone.now, delivery_method: delivery_method, diff --git a/app/services/idv/phone_step.rb b/app/services/idv/phone_step.rb index b12946bcf77..0ed264ffefd 100644 --- a/app/services/idv/phone_step.rb +++ b/app/services/idv/phone_step.rb @@ -2,11 +2,10 @@ module Idv class PhoneStep - def initialize(idv_session:, trace_id:, analytics:, attempts_tracker:) + def initialize(idv_session:, trace_id:, analytics:) self.idv_session = idv_session @trace_id = trace_id @analytics = analytics - @attempts_tracker = attempts_tracker end def submit(step_params) @@ -122,7 +121,6 @@ def rate_limiter end def rate_limited_result - @attempts_tracker.idv_phone_otp_sent_rate_limited @analytics.rate_limit_reached(limiter_type: :proof_address, step_name: :phone) FormResponse.new(success: false) end diff --git a/app/services/idv/send_phone_confirmation_otp.rb b/app/services/idv/send_phone_confirmation_otp.rb index 1770541eaba..191cf73cacb 100644 --- a/app/services/idv/send_phone_confirmation_otp.rb +++ b/app/services/idv/send_phone_confirmation_otp.rb @@ -61,6 +61,13 @@ def otp_rate_limiter end def send_otp + length, format = case delivery_method + when :voice + ['ten', 'digit'] + else + ['six', 'character'] + end + idv_session.user_phone_confirmation_session = user_phone_confirmation_session.regenerate_otp @telephony_response = Telephony.send_confirmation_otp( otp: code, @@ -80,24 +87,6 @@ def send_otp otp_sent_response end - def bucket - @bucket ||= AbTests::IDV_TEN_DIGIT_OTP.bucket( - idv_session.user_phone_confirmation_session.user.uuid, - ) - end - - def format - return 'digit' if delivery_method == :voice && bucket == :ten_digit_otp - - 'character' - end - - def length - return 'ten' if delivery_method == :voice && bucket == :ten_digit_otp - - 'six' - end - def otp_sent_response FormResponse.new( success: telephony_response.success?, extra: extra_analytics_attributes, @@ -105,7 +94,7 @@ def otp_sent_response end def extra_analytics_attributes - attributes = { + { otp_delivery_preference: delivery_method, country_code: parsed_phone.country, area_code: parsed_phone.area_code, @@ -113,15 +102,6 @@ def extra_analytics_attributes rate_limit_exceeded: rate_limit_exceeded?, telephony_response: @telephony_response, } - if IdentityConfig.store.ab_testing_idv_ten_digit_otp_enabled - attributes[:ab_tests] = { - AbTests::IDV_TEN_DIGIT_OTP.experiment_name => { - bucket: bucket, - }, - } - end - - attributes end def parsed_phone diff --git a/app/services/idv/steps/doc_auth_base_step.rb b/app/services/idv/steps/doc_auth_base_step.rb index f0db538a151..1c8ef2ade1b 100644 --- a/app/services/idv/steps/doc_auth_base_step.rb +++ b/app/services/idv/steps/doc_auth_base_step.rb @@ -36,7 +36,6 @@ def rate_limited_response @flow.analytics.rate_limit_reached( limiter_type: :idv_doc_auth, ) - @flow.irs_attempts_api_tracker.idv_document_upload_rate_limited redirect_to rate_limited_url DocAuth::Response.new( success: false, diff --git a/app/services/idv/steps/threat_metrix_step_helper.rb b/app/services/idv/steps/threat_metrix_step_helper.rb index 95c719ab2d8..cb4bbab8eea 100644 --- a/app/services/idv/steps/threat_metrix_step_helper.rb +++ b/app/services/idv/steps/threat_metrix_step_helper.rb @@ -48,23 +48,6 @@ def threatmetrix_iframe_url(session_id) session_id: session_id, ) end - - def log_irs_tmx_fraud_check_event(result, user) - return unless FeatureManagement.proofing_device_profiling_collecting_enabled? - - success = result[:review_status] == 'pass' - - unless success - FraudReviewRequest.create( - user: user, - login_session_id: Digest::SHA1.hexdigest(user.unique_session_id.to_s), - ) - end - - irs_attempts_api_tracker.idv_tmx_fraud_check( - success: success, - ) - end end end end diff --git a/app/services/irs_attempts_api/attempt_event.rb b/app/services/irs_attempts_api/attempt_event.rb deleted file mode 100644 index 37ae548c1ac..00000000000 --- a/app/services/irs_attempts_api/attempt_event.rb +++ /dev/null @@ -1,6 +0,0 @@ -# frozen_string_literal: true - -module IrsAttemptsApi - class AttemptEvent - end -end diff --git a/app/services/irs_attempts_api/tracker.rb b/app/services/irs_attempts_api/tracker.rb deleted file mode 100644 index 5d9959076ec..00000000000 --- a/app/services/irs_attempts_api/tracker.rb +++ /dev/null @@ -1,10 +0,0 @@ -# frozen_string_literal: true - -module IrsAttemptsApi - class Tracker - include TrackerEvents - - def track_event(event_type, metadata = {}) - end - end -end diff --git a/app/services/irs_attempts_api/tracker_events.rb b/app/services/irs_attempts_api/tracker_events.rb deleted file mode 100644 index fa43c36cb42..00000000000 --- a/app/services/irs_attempts_api/tracker_events.rb +++ /dev/null @@ -1,651 +0,0 @@ -# frozen_string_literal: true - -module IrsAttemptsApi - module TrackerEvents - # @param [Boolean] success True if Account Successfully Deleted - # A User confirms and deletes their Login.gov account after 24 hour period - def account_reset_account_deleted(success:) - track_event( - :account_reset_account_deleted, - success: success, - ) - end - - # A user cancels the request to delete their account before 24 hour period - def account_reset_cancel_request - track_event( - :account_reset_cancel_request, - ) - end - - # @param [Boolean] success True if Account Reset Deletion submitted successful - # account Reset Deletion Requested - def account_reset_request_submitted(success:) - track_event( - :account_reset_request_submitted, - success: success, - ) - end - - # @param [Boolean] success - def forgot_password_email_confirmed(success:) - track_event( - :forgot_password_email_confirmed, - success: success, - ) - end - - # The user has exceeded the rate limit for password reset emails - # @param [String] email The user's email address - def forgot_password_email_rate_limited(email:) - track_event( - :forgot_password_email_rate_limited, - email: email, - ) - end - - # Tracks when the user has requested a forgot password email - # @param [String] email The submitted email address - def forgot_password_email_sent(email:) - track_event( - :forgot_password_email_sent, - email: email, - ) - end - - # @param [Boolean] success - def forgot_password_new_password_submitted(success:) - track_event( - :forgot_password_new_password_submitted, - success: success, - ) - end - - # @param [String] decision One of 'pass', 'manual_reject', or 'automated_reject' - # @param [String] cached_irs_session_id The IRS session id ('tid') the user had when flagged - # @param [String] cached_login_session_id The Login.gov session id the user had when flagged - # A profile offlined for review has been approved or rejected. - def fraud_review_adjudicated(decision:, cached_irs_session_id:, cached_login_session_id:) - track_event( - :fraud_review_adjudicated, - decision: decision, - cached_irs_session_id: cached_irs_session_id, - cached_login_session_id: cached_login_session_id, - ) - end - - # @param ["mobile", "desktop"] upload_method method chosen for uploading id verification - # A user has selected id document upload method - def idv_document_upload_method_selected(upload_method:) - track_event( - :idv_document_upload_method_selected, - upload_method: upload_method, - ) - end - - # The user has exceeded the rate limit during idv document upload - def idv_document_upload_rate_limited - track_event( - :idv_document_upload_rate_limited, - ) - end - - # @param [Boolean] success - # @param [String] document_state - # @param [String] document_number - # @param [String] document_issued - # @param [String] document_expiration - # @param [String] document_front_image_filename Filename in S3 w/ encrypted data for the front. - # @param [String] document_back_image_filename Filename in S3 w/ encrypted data for the back. - # @param [String] document_image_encryption_key Base64-encoded AES key used for images. - # @param [String] first_name - # @param [String] last_name - # @param [String] date_of_birth - # @param [String] address - # The document was uploaded during the IDV process - def idv_document_upload_submitted( - success:, - document_state: nil, - document_number: nil, - document_issued: nil, - document_expiration: nil, - document_front_image_filename: nil, - document_back_image_filename: nil, - document_image_encryption_key: nil, - first_name: nil, - last_name: nil, - date_of_birth: nil, - address: nil - ) - track_event( - :idv_document_upload_submitted, - success: success, - document_state: document_state, - document_number: document_number, - document_issued: document_issued, - document_expiration: document_expiration, - document_front_image_filename: document_front_image_filename, - document_back_image_filename: document_back_image_filename, - document_image_encryption_key: document_image_encryption_key, - first_name: first_name, - last_name: last_name, - date_of_birth: date_of_birth, - address: address, - ) - end - - # @param [String] resend - # The Address validation letter has been requested by user - def idv_gpo_letter_requested(resend:) - track_event( - :idv_gpo_letter_requested, - resend: resend, - ) - end - - # GPO verification submission rate limited, user entered in too many invalid gpo letter codes - def idv_gpo_verification_rate_limited - track_event( - :idv_gpo_verification_rate_limited, - ) - end - - # @param [Boolean] success - # GPO verification submitted from Letter sent to verify address - def idv_gpo_verification_submitted(success:) - track_event( - :idv_gpo_verification_submitted, - success: success, - ) - end - - # Tracks when the user submits a password for identity proofing - # @param [Boolean] success - def idv_password_entered(success:) - track_event( - :idv_password_entered, - success: success, - ) - end - - # Personal Key got generated for user - def idv_personal_key_generated - track_event( - :idv_personal_key_generated, - ) - end - - # @param [Boolean] success - # @param [String] phone_number - # @param [String] otp_delivery_method - Either SMS or Voice - # Track when OTP is sent and what method chosen during idv flow. - def idv_phone_otp_sent(success:, phone_number:, otp_delivery_method:) - track_event( - :idv_phone_otp_sent, - success: success, - phone_number: phone_number, - otp_delivery_method: otp_delivery_method, - ) - end - - # Tracks Idv phone OTP sent rate limits - def idv_phone_otp_sent_rate_limited - track_event( - :idv_phone_otp_sent_rate_limited, - ) - end - - # Tracks when a user submits OTP code sent to their phone - # @param [Boolean] success - # @param [String] phone_number - def idv_phone_otp_submitted(success:, phone_number:) - track_event( - :idv_phone_otp_submitted, - success: success, - phone_number: phone_number, - ) - end - - # The user reached the rate limit for Idv phone OTP submitted - # @param [String] phone_number - def idv_phone_otp_submitted_rate_limited(phone_number:) - track_event( - :idv_phone_otp_submitted_rate_limited, - phone_number: phone_number, - ) - end - - # Tracks when sending a link to a phone is rate limited during idv flow - # @param [String] phone_number - def idv_phone_send_link_rate_limited(phone_number:) - track_event( - :idv_phone_send_link_rate_limited, - phone_number: phone_number, - ) - end - - # Tracks when the user submits their idv phone number - # @param [Boolean] success - # @param [String] phone_number - def idv_phone_submitted(success:, phone_number:) - track_event( - :idv_phone_submitted, - success: success, - phone_number: phone_number, - ) - end - - # @param [Boolean] success - # @param [String] phone_number - # The phone number that the link was sent to during the IDV process - def idv_phone_upload_link_sent( - success:, - phone_number: - ) - track_event( - :idv_phone_upload_link_sent, - success: success, - phone_number: phone_number, - ) - end - - # The user has used a phone_upload_link to upload docs on their mobile device - def idv_phone_upload_link_used - track_event( - :idv_phone_upload_link_used, - ) - end - - # @param [String] ssn - # User entered in SSN number during Identity verification - def idv_ssn_submitted(ssn:) - track_event( - :idv_ssn_submitted, - ssn: ssn, - ) - end - - # @param [Boolean] success - # This event will capture the result of the TMX fraud check - # during Identity Verification - def idv_tmx_fraud_check(success:) - track_event( - :idv_tmx_fraud_check, - success: success, - ) - end - - # @param [String] limiter_context - Either single-session or multi-session - # Track when idv verification is rate limited during idv flow - def idv_verification_rate_limited(limiter_context:) - track_event( - :idv_verification_rate_limited, - limiter_context: limiter_context, - ) - end - - # @param [Boolean] success - # @param [String] document_state - # @param [String] document_number - # @param [String] document_issued - # @param [String] document_expiration - # @param [String] first_name - # @param [String] last_name - # @param [String] date_of_birth - # @param [String] address - # @param [String] ssn - # The verification was submitted during the IDV process - def idv_verification_submitted( - success:, - document_state: nil, - document_number: nil, - document_issued: nil, - document_expiration: nil, - first_name: nil, - last_name: nil, - date_of_birth: nil, - address: nil, - ssn: nil - ) - track_event( - :idv_verification_submitted, - success: success, - document_state: document_state, - document_number: document_number, - document_issued: document_issued, - document_expiration: document_expiration, - first_name: first_name, - last_name: last_name, - date_of_birth: date_of_birth, - address: address, - ssn: ssn, - ) - end - - # @param [Boolean] success True if Account Successfully Deleted - # A User deletes their Login.gov account - def logged_in_account_purged(success:) - track_event( - :logged_in_account_purged, - success: success, - ) - end - - # @param [Boolean] success True if the password was successfully changed - # A logged-in user has attempted to change their password - def logged_in_password_change(success:) - track_event( - :logged_in_password_change, - success: success, - ) - end - - # @param [Boolean] success True if the password submitted for reauthentication matches the - # current password - # A logged-in user has submitted a password to reauthenticate prior to changing their profile - def logged_in_profile_change_reauthentication_submitted(success:) - track_event( - :logged_in_profile_change_reauthentication_submitted, - success: success, - ) - end - - # @param [String] email The submitted email address - # @param [Boolean] success True if the email and password matched - # A user has submitted an email address and password for authentication - def login_email_and_password_auth(email:, success:) - track_event( - :login_email_and_password_auth, - email: email, - success: success, - ) - end - - # @param [String] email - # A login attempt was rejected due to too many incorrect attempts - def login_rate_limited(email:) - track_event( - :login_rate_limited, - email: email, - ) - end - - # @param [Boolean] success True if the email and password matched - # A user has initiated a logout event - def logout_initiated(success:) - track_event( - :logout_initiated, - success: success, - ) - end - - # Tracks when the user has attempted to enroll the Backup Codes MFA method to their account - # @param [Boolean] success - def mfa_enroll_backup_code(success:) - track_event( - :mfa_enroll_backup_code, - success: success, - ) - end - - # @param [Boolean] success True if selection was valid - # @param [Array] mfa_device_types List of MFA options users selected on account creation - # A user has selected MFA options - def mfa_enroll_options_selected(success:, mfa_device_types:) - track_event( - :mfa_enroll_options_selected, - success: success, - mfa_device_types: mfa_device_types, - ) - end - - # @param [Boolean] success - True if the OTP Verification was sent - # @param [String] phone_number - The user's phone_number used for multi-factor authentication - # @param [String] otp_delivery_method - Either SMS or Voice - # Relevant only when the user is enrolling a phone as their MFA. - # The user has been sent an OTP and by SMS or Voice during the MFA enrollment process. - def mfa_enroll_phone_otp_sent(success:, phone_number:, otp_delivery_method:) - track_event( - :mfa_enroll_phone_otp_sent, - success: success, - phone_number: phone_number, - otp_delivery_method: otp_delivery_method, - ) - end - - # @param [String] phone_number - The user's phone number used for multi-factor authentication - # The user has exceeded the rate limit for SMS OTP sends. - def mfa_enroll_phone_otp_sent_rate_limited(phone_number:) - track_event( - :mfa_enroll_phone_otp_sent_rate_limited, - phone_number: phone_number, - ) - end - - # @param [Boolean] success - True if the sms otp submitted matched what was sent - # The user, after having previously been sent an OTP code during phone enrollment - # has been asked to submit that code. - def mfa_enroll_phone_otp_submitted(success:) - track_event( - :mfa_enroll_phone_otp_submitted, - success: success, - ) - end - - # Tracks when the user has attempted to enroll the piv cac MFA method to their account - # @param [Boolean] success - # @param [String] subject_dn - def mfa_enroll_piv_cac( - success:, - subject_dn: nil - ) - track_event( - :mfa_enroll_piv_cac, - success: success, - subject_dn: subject_dn, - ) - end - - # @param [String] mfa_device_type - the type of multi-factor authentication used - # The user has exceeded the rate limit during enrollment - # and account has been locked - def mfa_enroll_rate_limited(mfa_device_type:) - track_event( - :mfa_enroll_rate_limited, - mfa_device_type: mfa_device_type, - ) - end - - # Tracks when the user has attempted to enroll the TOTP MFA method to their account - # @param [Boolean] success - def mfa_enroll_totp(success:) - track_event( - :mfa_enroll_totp, - success: success, - ) - end - - # Tracks when the user has attempted to enroll the WebAuthn-Platform MFA method to their account - # @param [Boolean] success - def mfa_enroll_webauthn_platform(success:) - track_event( - :mfa_enroll_webauthn_platform, - success: success, - ) - end - - # Tracks when the user has attempted to enroll the WebAuthn MFA method to their account - # @param [Boolean] success - def mfa_enroll_webauthn_roaming(success:) - track_event( - :mfa_enroll_webauthn_roaming, - success: success, - ) - end - - # Tracks when the user has attempted to log in with the Backup Codes MFA method to their account - # @param [Boolean] success - def mfa_login_backup_code(success:) - track_event( - :mfa_login_backup_code, - success: success, - ) - end - - # @param [Boolean] success - True if the OTP Verification was sent - # @param [Boolean] reauthentication - True if the user was already logged in - # @param [String] phone_number - The user's phone_number used for multi-factor authentication - # @param [String] otp_delivery_method - Either SMS or Voice - # During a login attempt, an OTP code has been sent via SMS or Voice. - def mfa_login_phone_otp_sent( - success:, - reauthentication:, - phone_number:, - otp_delivery_method: - ) - track_event( - :mfa_login_phone_otp_sent, - success: success, - reauthentication: reauthentication, - phone_number: phone_number, - otp_delivery_method: otp_delivery_method, - ) - end - - # @param [String] phone_number - The user's phone number used for multi-factor authentication - # The user has exceeded the rate limit for SMS OTP sends. - def mfa_login_phone_otp_sent_rate_limited(phone_number:) - track_event( - :mfa_login_phone_otp_sent_rate_limited, - phone_number: phone_number, - ) - end - - # @param [Boolean] reauthentication if the user was already logged in - # @param [Boolean] success True if the sms otp submitted matched what was sent - # During a login attempt, the user, having previously been sent an OTP code via SMS - # has entered an OTP code. - def mfa_login_phone_otp_submitted(reauthentication:, success:) - track_event( - :mfa_login_phone_otp_submitted, - reauthentication: reauthentication, - success: success, - ) - end - - # Tracks when the user has attempted to log in with the piv cac MFA method to their account - # @param [Boolean] success - # @param [String] subject_dn - def mfa_login_piv_cac( - success:, - subject_dn: nil - ) - track_event( - :mfa_login_piv_cac, - success: success, - subject_dn: subject_dn, - ) - end - - # @param [String] mfa_device_type - the type of multi-factor authentication used - # The user has exceeded the rate limit during verification - # and account has been locked - def mfa_login_rate_limited(mfa_device_type:) - track_event( - :mfa_login_rate_limited, - mfa_device_type: mfa_device_type, - ) - end - - # Tracks when the user has attempted to log in with the TOTP MFA method to access their account - # @param [Boolean] success - def mfa_login_totp(success:) - track_event( - :mfa_login_totp, - success: success, - ) - end - - # Tracks when user has attempted to log in with WebAuthn-Platform MFA method to their account - # @param [Boolean] success - def mfa_login_webauthn_platform(success:) - track_event( - :mfa_login_webauthn_platform, - success: success, - ) - end - - # Tracks when the user has attempted to log in with the WebAuthn MFA method to their account - # @param [Boolean] success - def mfa_login_webauthn_roaming(success:) - track_event( - :mfa_login_webauthn_roaming, - success: success, - ) - end - - # Tracks when User personal key has been rate limited by too many attempts - def personal_key_reactivation_rate_limited - track_event( - :personal_key_reactivation_rate_limited, - ) - end - - # Tracks when user has entered personal key after forgot password steps - # @param [Boolean] success - def personal_key_reactivation_submitted(success:) - track_event( - :personal_key_reactivation_submitted, - success: success, - ) - end - - # Tracks when user confirms registration email - # @param [Boolean] success - # @param [String] email - def user_registration_email_confirmation( - success:, - email: nil - ) - track_event( - :user_registration_email_confirmation, - success: success, - email: email, - ) - end - - # Tracks when user is rate limited for submitting registration email - # @param [String] email - # @param [Boolean] email_already_registered - def user_registration_email_submission_rate_limited( - email:, - email_already_registered: - ) - track_event( - :user_registration_email_submission_rate_limited, - email: email, - email_already_registered: email_already_registered, - ) - end - - # Tracks when user submits registration email - # @param [Boolean] success - # @param [String] email - def user_registration_email_submitted(success:, email:) - track_event( - :user_registration_email_submitted, - success: success, - email: email, - ) - end - - # Tracks when user submits registration password - # @param [Boolean] success - def user_registration_password_submitted(success:) - track_event( - :user_registration_password_submitted, - success: success, - ) - end - end -end diff --git a/app/services/marketing_site.rb b/app/services/marketing_site.rb index 894cdc02e46..08ad301235c 100644 --- a/app/services/marketing_site.rb +++ b/app/services/marketing_site.rb @@ -64,6 +64,10 @@ def self.security_url URI.join(BASE_URL, locale_segment, 'security/').to_s end + def self.accessibility_statement_url + URI.join(BASE_URL, locale_segment, 'accessibility/').to_s + end + def self.help_center_article_url(category:, article:, article_anchor: '') if !HELP_CENTER_ARTICLES.include?("#{category}/#{article}") raise UnknownArticleException, "Unknown help center article category #{category}/#{article}" diff --git a/app/services/proofing/resolution/progressive_proofer.rb b/app/services/proofing/resolution/progressive_proofer.rb index 4e901768540..a2a339bb1f0 100644 --- a/app/services/proofing/resolution/progressive_proofer.rb +++ b/app/services/proofing/resolution/progressive_proofer.rb @@ -8,12 +8,6 @@ module Resolution # 2. The user has only provided one address for their residential and identity document # address or separate residential and identity document addresses class ProgressiveProofer - attr_reader :instant_verify_ab_test_discriminator - - def initialize(instant_verify_ab_test_discriminator = nil) - @instant_verify_ab_test_discriminator = instant_verify_ab_test_discriminator - end - # @param [Hash] applicant_pii keys are symbols and values are strings, confidential user info # @param [Boolean] ipp_enrollment_in_progress flag that indicates if user will have # both state id address and current residential address verified @@ -245,7 +239,7 @@ def resolution_proofer Proofing::Mock::ResolutionMockClient.new else Proofing::LexisNexis::InstantVerify::Proofer.new( - instant_verify_workflow: lexisnexis_instant_verify_workflow, + instant_verify_workflow: IdentityConfig.store.lexisnexis_instant_verify_workflow, account_id: IdentityConfig.store.lexisnexis_account_id, base_url: IdentityConfig.store.lexisnexis_base_url, username: IdentityConfig.store.lexisnexis_username, @@ -257,12 +251,6 @@ def resolution_proofer end end - def lexisnexis_instant_verify_workflow - ab_test_variables = Idv::LexisNexisInstantVerify.new(instant_verify_ab_test_discriminator). - workflow_ab_testing_variables - ab_test_variables[:instant_verify_workflow] - end - def state_id_proofer @state_id_proofer ||= if IdentityConfig.store.proofer_mock_fallback diff --git a/app/services/request_password_reset.rb b/app/services/request_password_reset.rb index 5dddff998c9..54cf607f63c 100644 --- a/app/services/request_password_reset.rb +++ b/app/services/request_password_reset.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true RequestPasswordReset = RedactedStruct.new( - :email, :request_id, :analytics, :irs_attempts_api_tracker, + :email, :request_id, :analytics, keyword_init: true, allowed_members: [:request_id] ) do @@ -10,7 +10,6 @@ def perform rate_limiter.increment! if rate_limiter.limited? analytics.rate_limit_reached(limiter_type: :reset_password_email) - irs_attempts_api_tracker.forgot_password_email_rate_limited(email: email) elsif user.blank? AnonymousMailer.with(email:).password_reset_missing_user(request_id:).deliver_now elsif user.suspended? @@ -27,8 +26,6 @@ def perform event = PushNotification::RecoveryActivatedEvent.new(user: user) PushNotification::HttpPush.deliver(event) - - irs_attempts_api_tracker.forgot_password_email_sent(email: email) end end diff --git a/app/views/shared/_footer_lite.html.erb b/app/views/shared/_footer_lite.html.erb index 9576aa184e0..0229d88350d 100644 --- a/app/views/shared/_footer_lite.html.erb +++ b/app/views/shared/_footer_lite.html.erb @@ -1,15 +1,19 @@ diff --git a/app/views/shared/_personal_key_input.html.erb b/app/views/shared/_personal_key_input.html.erb index 249f1ad8638..f448af4626e 100644 --- a/app/views/shared/_personal_key_input.html.erb +++ b/app/views/shared/_personal_key_input.html.erb @@ -8,10 +8,9 @@ locals: error_messages: { patternMismatch: t('users.personal_key.confirmation_error'), }, - label: false, + label: t('forms.personal_key.confirmation_label'), required: true, input_html: { - aria: { label: t('forms.personal_key.confirmation_label') }, autocomplete: 'off', spellcheck: 'false', class: 'personal-key text-uppercase', diff --git a/config/application.yml.default b/config/application.yml.default index c5bea42e9fa..73721099236 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -20,8 +20,6 @@ aamva_cert_enabled: true aamva_supported_jurisdictions: '["AL","AR","AZ","CO","CT","DC","DE","FL","GA","HI","IA","ID","IL","IN","KS","KY","MA","MD","ME","MI","MO","MS","MT","NC","ND","NE","NJ","NM","NV","OH","OR","PA","RI","SC","SD","TN","TX","VA","VT","WA","WI","WV","WY"]' aamva_verification_request_timeout: 5.0 aamva_verification_url: https://example.org:12345/verification/url -ab_testing_idv_ten_digit_otp_enabled: false -ab_testing_idv_ten_digit_otp_percent: 0 all_redirect_uris_cache_duration_minutes: 2 allowed_ialmax_providers: '[]' allowed_verified_within_providers: '[]' @@ -30,19 +28,9 @@ account_reset_token_valid_for_days: 1 account_reset_fraud_user_wait_period_days: account_reset_wait_period_days: 1 account_suspended_support_code: EFGHI -acuant_assure_id_password: '' -acuant_assure_id_subscription_id: '' -acuant_assure_id_url: '' -acuant_assure_id_username: '' -acuant_facial_match_url: '' -acuant_passlive_url: '' # These are publicly available credentials used to initialize the client-side Acuant SDK acuant_sdk_initialization_creds: 'aWRzY2FuZ293ZWJAYWN1YW50Y29ycC5jb206NVZLcm81Z0JEc1hrdFh2NA==' acuant_sdk_initialization_endpoint: 'https://us.acas.acuant.net' -acuant_timeout: 45.0 -acuant_upload_image_timeout: 1.0 -acuant_get_results_timeout: 1.0 -acuant_create_document_timeout: 1.0 add_email_link_valid_for_hours: 24 address_identity_proofing_supported_country_codes: '["AS", "GU", "MP", "PR", "US", "VI"]' asset_host: '' @@ -84,8 +72,6 @@ doc_capture_polling_enabled: true doc_auth_check_failed_image_resubmission_enabled: true doc_auth_client_glare_threshold: 50 doc_auth_client_sharpness_threshold: 50 -doc_auth_custom_ui_enabled: false -doc_auth_s3_request_timeout: 5 doc_auth_error_dpi_threshold: 290 doc_auth_error_glare_threshold: 40 doc_auth_error_sharpness_threshold: 40 @@ -94,7 +80,6 @@ doc_auth_max_capture_attempts_before_native_camera: 3 doc_auth_max_submission_attempts_before_native_camera: 3 doc_auth_selfie_capture_enabled: false doc_auth_selfie_desktop_test_mode: false -doc_auth_sdk_capture_orientation: '{"horizontal": 100, "vertical": 0}' doc_auth_supported_country_codes: '["US", "GU", "VI", "AS", "MP", "PR", "USA" ,"GUM", "VIR", "ASM", "MNP", "PRI"]' doc_capture_request_valid_for_minutes: 15 drop_off_report_config: '[{"emails":["ursula@example.com"],"issuers":"urn:gov:gsa:openidconnect.profiles:sp:sso:agency_name:app_name"}]' @@ -176,9 +161,6 @@ lexisnexis_phone_finder_timeout: 1.0 lexisnexis_phone_finder_workflow: customers.gsa2.phonefinder.workflow lexisnexis_instant_verify_timeout: 1.0 lexisnexis_instant_verify_workflow: gsa2.chk32.test.wf -lexisnexis_instant_verify_workflow_ab_testing_enabled: false -lexisnexis_instant_verify_workflow_ab_testing_percent: 5 -lexisnexis_instant_verify_workflow_alternate: gsa2.chk14.test.wf # TrueID DocAuth Integration lexisnexis_trueid_account_id: '12345' lexisnexis_trueid_username: test_username @@ -334,7 +316,6 @@ unauthorized_scope_enabled: false usps_upload_enabled: false usps_upload_sftp_timeout: 5 valid_authn_contexts: '["http://idmanagement.gov/ns/assurance/loa/1", "http://idmanagement.gov/ns/assurance/loa/3", "http://idmanagement.gov/ns/assurance/ial/1", "http://idmanagement.gov/ns/assurance/ial/2", "http://idmanagement.gov/ns/assurance/ial/0", "http://idmanagement.gov/ns/assurance/ial/2?strict=true", "urn:gov:gsa:ac:classes:sp:PasswordProtectedTransport:duo", "http://idmanagement.gov/ns/assurance/aal/2", "http://idmanagement.gov/ns/assurance/aal/3", "http://idmanagement.gov/ns/assurance/aal/3?hspd12=true","http://idmanagement.gov/ns/assurance/aal/2?phishing_resistant=true","http://idmanagement.gov/ns/assurance/aal/2?hspd12=true"]' -vendor_status_acuant: 'operational' vendor_status_lexisnexis_instant_verify: 'operational' vendor_status_lexisnexis_phone_finder: 'operational' vendor_status_lexisnexis_trueid: 'operational' @@ -521,9 +502,6 @@ test: aamva_private_key: 123abc aamva_public_key: 123abc account_reset_fraud_user_wait_period_days: 30 - acuant_assure_id_url: https://example.com - acuant_facial_match_url: https://facial_match.example.com - acuant_passlive_url: https://liveness.example.com attribute_encryption_key: 2086dfbd15f5b0c584f3664422a1d3409a0d2aa6084f65b6ba57d64d4257431c124158670c7655e45cabe64194f7f7b6c7970153c285bdb8287ec0c4f7553e25 attribute_encryption_key_queue: '[{ "key": "11111111111111111111111111111111" }, { "key": "22222222222222222222222222222222" }]' dashboard_api_token: 123ABC diff --git a/config/initializers/ab_tests.rb b/config/initializers/ab_tests.rb index feb9607c48c..883a4c1de96 100644 --- a/config/initializers/ab_tests.rb +++ b/config/initializers/ab_tests.rb @@ -20,25 +20,4 @@ module AbTests 0, }, ).freeze - - LEXISNEXIS_INSTANT_VERIFY_WORKFLOW = AbTestBucket.new( - experiment_name: 'LexisNexis Instant Verify Workflow', - buckets: { - use_alternate_workflow: - IdentityConfig.store.lexisnexis_instant_verify_workflow_ab_testing_enabled ? - IdentityConfig.store.lexisnexis_instant_verify_workflow_ab_testing_percent : - 0, - }, - ).freeze - - IDV_TEN_DIGIT_OTP = AbTestBucket.new( - experiment_name: 'idv_ten_digit_otp', - default_bucket: :six_alphanumeric_otp, - buckets: { - ten_digit_otp: - IdentityConfig.store.ab_testing_idv_ten_digit_otp_enabled ? - IdentityConfig.store.ab_testing_idv_ten_digit_otp_percent : - 0, - }, - ).freeze end diff --git a/config/locales/en.yml b/config/locales/en.yml index 0cfa2cba1aa..214d058a6a2 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1313,6 +1313,7 @@ instructions.password.strength.4: Great instructions.password.strength.intro: 'Password strength:' instructions.sp_handoff_bounced: Your sign in was successful, but %{sp_name} sent you back to %{app_name}. Please contact %{sp_link} for help. instructions.sp_handoff_bounced_with_no_sp: your service provider +links.accessibility_statement: Accessibility statement links.account.reactivate.with_key: I have my key links.account.reactivate.without_key: I don’t have my key links.back_to_sp: Back to %{sp} diff --git a/config/locales/es.yml b/config/locales/es.yml index 06b649c170a..487df428305 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -1312,6 +1312,7 @@ instructions.password.strength.4: Muy buena instructions.password.strength.intro: 'Seguridad de la contraseña:' instructions.sp_handoff_bounced: Logró iniciar sesión, pero %{sp_name} lo envió de nuevo a %{app_name}. Contacte con %{sp_link} para obtener ayuda. instructions.sp_handoff_bounced_with_no_sp: su proveedor de servicios +links.accessibility_statement: Declaración de accesibilidad links.account.reactivate.with_key: Tengo mi clave links.account.reactivate.without_key: No tengo mi clave links.back_to_sp: Volver a %{sp} diff --git a/config/locales/fr.yml b/config/locales/fr.yml index 45cb378907e..3bd01af3c4e 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -1313,6 +1313,7 @@ instructions.password.strength.4: Excellente instructions.password.strength.intro: 'Force du mot de passe :' instructions.sp_handoff_bounced: Votre connexion a réussi, mais %{sp_name} vous a renvoyé à %{app_name}. Veuillez contacter %{sp_link} pour obtenir de l’aide. instructions.sp_handoff_bounced_with_no_sp: votre fournisseur de service +links.accessibility_statement: Déclaration sur l’accessibilité links.account.reactivate.with_key: J’ai ma clé links.account.reactivate.without_key: Je n’ai pas ma clé links.back_to_sp: Retour à %{sp} diff --git a/config/locales/zh.yml b/config/locales/zh.yml index 8081fbf134e..5d0aebd7d42 100644 --- a/config/locales/zh.yml +++ b/config/locales/zh.yml @@ -1318,6 +1318,7 @@ instructions.password.strength.4: 棒! instructions.password.strength.intro: '密码强度:' instructions.sp_handoff_bounced: 你登录成功了,但 %{sp_name} 将你送回到 %{app_name}。请联系 %{sp_link} 寻求帮助。 instructions.sp_handoff_bounced_with_no_sp: 你的服务提供商 +links.accessibility_statement: 无障碍声明 links.account.reactivate.with_key: 我有密钥 links.account.reactivate.without_key: 我没有密钥 links.back_to_sp: 返回 %{sp} diff --git a/config/routes.rb b/config/routes.rb index 6680e102702..478efd2cd7e 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -55,7 +55,8 @@ post '/api/logger' => 'frontend_log#create' get '/openid_connect/authorize' => 'openid_connect/authorization#index' - match '/openid_connect/logout' => 'openid_connect/logout#logout', via: %i[get post] + get '/openid_connect/logout' => 'openid_connect/logout#show' + post '/openid_connect/logout' => 'openid_connect/logout#create' delete '/openid_connect/logout' => 'openid_connect/logout#delete' get '/robots.txt' => 'robots#index' @@ -159,7 +160,7 @@ post '/saml/decode_slo_request' => 'saml_test#decode_slo_request' get '/oidc/login' => 'oidc_test#index' - get '/oidc' => 'oidc_test#start' + get '/oidc' => redirect('/test/oidc/auth_request', status: 302) get '/oidc/auth_request' => 'oidc_test#auth_request' get '/oidc/auth_result' => 'oidc_test#auth_result' get '/oidc/logout' => 'oidc_test#logout' diff --git a/config/service_providers.localdev.yml b/config/service_providers.localdev.yml index 23a75d0a838..362e0111672 100644 --- a/config/service_providers.localdev.yml +++ b/config/service_providers.localdev.yml @@ -450,67 +450,6 @@ development: friendly_name: 'Example Sinatra App' in_person_proofing_enabled: true - 'urn:gov:gsa:openidconnect:sp:mock_irs': - agency_id: 1 - ial: 2 - irs_attempts_api_enabled: true - redirect_uris: - - 'http://localhost:9292/' - - 'http://localhost:9292/auth/result' - - 'http://localhost:9292/logout' - certs: - - 'sp_sinatra_demo' - friendly_name: 'Login Mock IRS' - help_text: - sign_in: - en:

- This is a U.S. government service. You consent to the monitoring, recording, - and reviewing of your activity using this service. - Learn more about our privacy policies. -

- es:

- Este es un servicio del gobierno de EE. UU. Usted acepta que su actividad sea monitoreada, - registrada y revisada al utilizar este servicio. - Obtenga más información sobre nuestras políticas de privacidad. -

- fr:

- Il s’agit d’un service du gouvernement américain. Vous consentez à la surveillance, - à l’enregistrement et à l’examen de votre activité en utilisant ce service. - En savoir plus sur nos politiques de confidentialité. -

- sign_up: - en:

- This is a U.S. government service. You consent to the monitoring, recording, - and reviewing of your activity using this service. - Learn more about our privacy policies. -

- es:

- Este es un servicio del gobierno de EE. UU. Usted acepta que su actividad sea monitoreada, - registrada y revisada al utilizar este servicio. - Obtenga más información sobre nuestras políticas de privacidad. -

- fr:

- Il s’agit d’un service du gouvernement américain. Vous consentez à la surveillance, - à l’enregistrement et à l’examen de votre activité en utilisant ce service. - En savoir plus sur nos politiques de confidentialité. -

- forgot_password: - en:

- This is a U.S. government service. You consent to the monitoring, recording, - and reviewing of your activity using this service. - Learn more about our privacy policies. -

- es:

- Este es un servicio del gobierno de EE. UU. Usted acepta que su actividad sea monitoreada, - registrada y revisada al utilizar este servicio. - Obtenga más información sobre nuestras políticas de privacidad. -

- fr:

- Il s’agit d’un service du gouvernement américain. Vous consentez à la surveillance, - à l’enregistrement et à l’examen de votre activité en utilisant ce service. - En savoir plus sur nos politiques de confidentialité. -

- 'urn:gov:gsa:openidconnect:sp:expressjs': agency: 'GSA' certs: diff --git a/db/primary_migrate/20240531175935_drop_reported_fraud_at_from_account_reset_requests.rb b/db/primary_migrate/20240531175935_drop_reported_fraud_at_from_account_reset_requests.rb new file mode 100644 index 00000000000..099be64a58e --- /dev/null +++ b/db/primary_migrate/20240531175935_drop_reported_fraud_at_from_account_reset_requests.rb @@ -0,0 +1,7 @@ +class DropReportedFraudAtFromAccountResetRequests < ActiveRecord::Migration[7.1] + def change + safety_assured do + remove_column :account_reset_requests, :reported_fraud_at, :datetime, precision: nil + end + end +end diff --git a/db/schema.rb b/db/schema.rb index 4dce387db66..479d2fdd5d3 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.1].define(version: 2024_05_02_192930) do +ActiveRecord::Schema[7.1].define(version: 2024_05_31_175935) do # These are extensions that must be enabled in order to support this database enable_extension "citext" enable_extension "pg_stat_statements" @@ -22,7 +22,6 @@ t.datetime "requested_at", precision: nil t.string "request_token" t.datetime "cancelled_at", precision: nil - t.datetime "reported_fraud_at", precision: nil t.datetime "granted_at", precision: nil t.string "granted_token" t.datetime "created_at", precision: nil, null: false diff --git a/dockerfiles/idp_review_app.Dockerfile b/dockerfiles/idp_review_app.Dockerfile index 95f4ea9399e..18ff905b4c4 100644 --- a/dockerfiles/idp_review_app.Dockerfile +++ b/dockerfiles/idp_review_app.Dockerfile @@ -22,7 +22,6 @@ ENV POSTGRES_WORKER_NAME idp-worker-jobs ENV POSTGRES_WORKER_HOST postgres-worker ENV POSTGRES_WORKER_USERNAME postgres ENV POSTGRES_WORKER_PASSWORD postgres -ENV REDIS_IRS_ATTEMPTS_API_URL redis://redis:6379/2 ENV REDIS_THROTTLE_URL redis://redis:6379/1 ENV REDIS_URL redis://redis:6379 ENV ASSET_HOST http://localhost:3000 diff --git a/lib/identity_config.rb b/lib/identity_config.rb index 6a9cdfa5281..e1a616a849c 100644 --- a/lib/identity_config.rb +++ b/lib/identity_config.rb @@ -35,24 +35,12 @@ def self.store config.add(:aamva_supported_jurisdictions, type: :json) config.add(:aamva_verification_request_timeout, type: :float) config.add(:aamva_verification_url) - config.add(:ab_testing_idv_ten_digit_otp_enabled, type: :boolean) - config.add(:ab_testing_idv_ten_digit_otp_percent, type: :integer) config.add(:account_reset_token_valid_for_days, type: :integer) config.add(:account_reset_wait_period_days, type: :integer) config.add(:account_reset_fraud_user_wait_period_days, type: :integer, allow_nil: true) config.add(:account_suspended_support_code, type: :string) - config.add(:acuant_assure_id_password) - config.add(:acuant_assure_id_subscription_id) - config.add(:acuant_assure_id_url) - config.add(:acuant_assure_id_username) - config.add(:acuant_create_document_timeout, type: :float) - config.add(:acuant_facial_match_url) - config.add(:acuant_get_results_timeout, type: :float) - config.add(:acuant_passlive_url) config.add(:acuant_sdk_initialization_creds) config.add(:acuant_sdk_initialization_endpoint) - config.add(:acuant_timeout, type: :float) - config.add(:acuant_upload_image_timeout, type: :float) config.add(:add_email_link_valid_for_hours, type: :integer) config.add(:address_identity_proofing_supported_country_codes, type: :json) config.add(:all_redirect_uris_cache_duration_minutes, type: :integer) @@ -112,17 +100,14 @@ def self.store config.add(:doc_auth_check_failed_image_resubmission_enabled, type: :boolean) config.add(:doc_auth_client_glare_threshold, type: :integer) config.add(:doc_auth_client_sharpness_threshold, type: :integer) - config.add(:doc_auth_custom_ui_enabled, type: :boolean) config.add(:doc_auth_error_dpi_threshold, type: :integer) config.add(:doc_auth_error_glare_threshold, type: :integer) config.add(:doc_auth_error_sharpness_threshold, type: :integer) config.add(:doc_auth_max_attempts, type: :integer) config.add(:doc_auth_max_capture_attempts_before_native_camera, type: :integer) config.add(:doc_auth_max_submission_attempts_before_native_camera, type: :integer) - config.add(:doc_auth_s3_request_timeout, type: :integer) config.add(:doc_auth_selfie_capture_enabled, type: :boolean) config.add(:doc_auth_selfie_desktop_test_mode, type: :boolean) - config.add(:doc_auth_sdk_capture_orientation, type: :json, options: { symbolize_names: true }) config.add(:doc_auth_supported_country_codes, type: :json) config.add(:doc_auth_vendor, type: :string) config.add(:doc_auth_vendor_randomize, type: :boolean) @@ -207,9 +192,6 @@ def self.store config.add(:lexisnexis_hmac_secret_key, type: :string) config.add(:lexisnexis_instant_verify_timeout, type: :float) config.add(:lexisnexis_instant_verify_workflow, type: :string) - config.add(:lexisnexis_instant_verify_workflow_ab_testing_enabled, type: :boolean) - config.add(:lexisnexis_instant_verify_workflow_ab_testing_percent, type: :integer) - config.add(:lexisnexis_instant_verify_workflow_alternate, type: :string) config.add(:lexisnexis_password, type: :string) config.add(:lexisnexis_phone_finder_timeout, type: :float) config.add(:lexisnexis_phone_finder_workflow, type: :string) @@ -421,7 +403,6 @@ def self.store config.add(:usps_upload_sftp_timeout, type: :integer) config.add(:usps_upload_sftp_username, type: :string) config.add(:valid_authn_contexts, type: :json) - config.add(:vendor_status_acuant, type: :symbol, enum: VENDOR_STATUS_OPTIONS) config.add(:vendor_status_lexisnexis_instant_verify, type: :symbol, enum: VENDOR_STATUS_OPTIONS) config.add(:vendor_status_lexisnexis_phone_finder, type: :symbol, enum: VENDOR_STATUS_OPTIONS) config.add(:vendor_status_lexisnexis_trueid, type: :symbol, enum: VENDOR_STATUS_OPTIONS) diff --git a/lib/reporting/identity_verification_report.rb b/lib/reporting/identity_verification_report.rb index a7b703073d9..0c6171a63e0 100644 --- a/lib/reporting/identity_verification_report.rb +++ b/lib/reporting/identity_verification_report.rb @@ -107,6 +107,7 @@ def as_csv csv << ['Workflow completed - In-Person Pending', idv_final_resolution_in_person] csv << ['Workflow completed - Fraud Review Pending', idv_final_resolution_fraud_review] csv << [] + csv << ['Fraud review rejected', idv_fraud_rejected] csv << ['Successfully Verified', successfully_verified_users] csv << ['Successfully Verified - With phone number', idv_final_resolution_verified] csv << ['Successfully Verified - With mailed code', gpo_verification_submitted] diff --git a/spec/controllers/account_reset/cancel_controller_spec.rb b/spec/controllers/account_reset/cancel_controller_spec.rb index 9818f7502ec..e8134818676 100644 --- a/spec/controllers/account_reset/cancel_controller_spec.rb +++ b/spec/controllers/account_reset/cancel_controller_spec.rb @@ -6,15 +6,6 @@ let(:user) { create(:user, :fully_registered) } describe '#create' do - it 'tracks IRS attempts event account_reset_cancel_request' do - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:account_reset_cancel_request) - - post :create - end - it 'logs a good token to the analytics' do token = create_account_reset_request_for(user) session[:cancel_token] = token diff --git a/spec/controllers/account_reset/pending_controller_spec.rb b/spec/controllers/account_reset/pending_controller_spec.rb index 3155f6f56a2..ca02b49d59d 100644 --- a/spec/controllers/account_reset/pending_controller_spec.rb +++ b/spec/controllers/account_reset/pending_controller_spec.rb @@ -81,14 +81,9 @@ end describe '#cancel' do - it 'cancels the account reset request and logs the cancellation event' do - stub_attempts_tracker - + it 'cancels the account reset request' do account_reset_request = AccountResetRequest.create(user: user, requested_at: 1.hour.ago) - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:account_reset_cancel_request) - post :cancel expect(account_reset_request.reload.cancelled_at).to_not be_nil diff --git a/spec/controllers/account_reset/request_controller_spec.rb b/spec/controllers/account_reset/request_controller_spec.rb index 5077481222c..3362a37df14 100644 --- a/spec/controllers/account_reset/request_controller_spec.rb +++ b/spec/controllers/account_reset/request_controller_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.describe AccountReset::RequestController, allowed_extra_analytics: [:*] do +RSpec.describe AccountReset::RequestController do include ActionView::Helpers::DateHelper let(:user) { create(:user, :with_authentication_app) } describe '#show' do @@ -149,17 +149,6 @@ post :create end - it 'logs the visit to attempts api' do - user = create(:user, :with_piv_or_cac, :with_backup_code) - stub_sign_in_before_2fa(user) - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:account_reset_request_submitted, success: true) - - get :create - end - it 'redirects to root if user not signed in' do post :create diff --git a/spec/controllers/concerns/idv/ab_test_analytics_concern_spec.rb b/spec/controllers/concerns/idv/ab_test_analytics_concern_spec.rb index 2efdccc5fde..30b0a20c078 100644 --- a/spec/controllers/concerns/idv/ab_test_analytics_concern_spec.rb +++ b/spec/controllers/concerns/idv/ab_test_analytics_concern_spec.rb @@ -16,17 +16,11 @@ def document_capture_session_uuid end let(:acuant_sdk_args) { { as_bucket: :as_value } } - let(:instant_verify_sdk_args) { { iv_bucket: :iv_value } } - let(:lniv) { Idv::LexisNexisInstantVerify.new(controller.document_capture_session_uuid) } before do allow(subject).to receive(:current_user).and_return(user) expect(subject).to receive(:acuant_sdk_ab_test_analytics_args). and_return(acuant_sdk_args) - allow(Idv::LexisNexisInstantVerify).to receive(:new). - and_return(lniv) - expect(lniv).to receive(:workflow_ab_test_analytics_args). - and_return(instant_verify_sdk_args) end context 'idv_session is available' do @@ -39,10 +33,6 @@ def document_capture_session_uuid expect(controller.ab_test_analytics_buckets).to include(acuant_sdk_args) end - it 'includes lexisnexis_instant_verify_sdk_ab_test_analytics_args' do - expect(controller.ab_test_analytics_buckets).to include(instant_verify_sdk_args) - end - it 'includes skip_hybrid_handoff' do idv_session.skip_hybrid_handoff = :shh_value expect(controller.ab_test_analytics_buckets).to include({ skip_hybrid_handoff: :shh_value }) @@ -71,10 +61,6 @@ def document_capture_session_uuid it 'still includes acuant_sdk_ab_test_analytics_args' do expect(controller.ab_test_analytics_buckets).to include(acuant_sdk_args) end - - it 'still includes lexisnexis_instant_verify_sdk_ab_test_analytics_args' do - expect(controller.ab_test_analytics_buckets).to include(instant_verify_sdk_args) - end end end end diff --git a/spec/controllers/concerns/idv/phone_otp_rate_limitable_spec.rb b/spec/controllers/concerns/idv/phone_otp_rate_limitable_spec.rb index 2b5fe151111..765aa87b1d2 100644 --- a/spec/controllers/concerns/idv/phone_otp_rate_limitable_spec.rb +++ b/spec/controllers/concerns/idv/phone_otp_rate_limitable_spec.rb @@ -12,8 +12,6 @@ def handle_max_attempts(_arg = nil) describe '#handle_too_many_otp_sends' do before do stub_analytics - stub_attempts_tracker - allow(@irs_attempts_api_tracker).to receive(:track_event) end it 'calls analytics tracking event' do @@ -21,13 +19,5 @@ def handle_max_attempts(_arg = nil) expect(@analytics).to have_logged_event('Idv: Phone OTP sends rate limited') end - - it 'calls irs tracking event idv_phone_otp_sent_rate_limited' do - subject.handle_too_many_otp_sends - - expect(@irs_attempts_api_tracker).to have_received(:track_event).with( - :idv_phone_otp_sent_rate_limited, - ) - end end end diff --git a/spec/controllers/concerns/new_device_concern_spec.rb b/spec/controllers/concerns/new_device_concern_spec.rb index 1cb413cdf45..a28fb64effd 100644 --- a/spec/controllers/concerns/new_device_concern_spec.rb +++ b/spec/controllers/concerns/new_device_concern_spec.rb @@ -23,10 +23,18 @@ def initialize(current_user:, user_session:, cookies:) describe '#set_new_device_session' do context 'with new device' do it 'sets user session value to true' do - instance.set_new_device_session + instance.set_new_device_session(nil) expect(user_session[:new_device]).to eq(true) end + + context 'with explicitly false parameter value' do + it 'sets user session value to the value provided' do + instance.set_new_device_session(false) + + expect(user_session[:new_device]).to eq(false) + end + end end context 'with authenticated device' do @@ -34,10 +42,18 @@ def initialize(current_user:, user_session:, cookies:) let(:cookies) { { device: current_user.devices.last.cookie_uuid } } it 'sets user session value to false' do - instance.set_new_device_session + instance.set_new_device_session(nil) expect(user_session[:new_device]).to eq(false) end + + context 'with explicitly true parameter value' do + it 'sets user session value to the value provided' do + instance.set_new_device_session(true) + + expect(user_session[:new_device]).to eq(true) + end + end end end diff --git a/spec/controllers/idv/agreement_controller_spec.rb b/spec/controllers/idv/agreement_controller_spec.rb index 9c3cb7434d9..cab1fb15355 100644 --- a/spec/controllers/idv/agreement_controller_spec.rb +++ b/spec/controllers/idv/agreement_controller_spec.rb @@ -45,7 +45,6 @@ step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, - irs_reproofing: false, }.merge(ab_test_args) end @@ -111,7 +110,6 @@ step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, - irs_reproofing: false, }.merge(ab_test_args) end diff --git a/spec/controllers/idv/by_mail/enter_code_controller_spec.rb b/spec/controllers/idv/by_mail/enter_code_controller_spec.rb index 9f46288b5c1..afc63cc6d7e 100644 --- a/spec/controllers/idv/by_mail/enter_code_controller_spec.rb +++ b/spec/controllers/idv/by_mail/enter_code_controller_spec.rb @@ -10,13 +10,11 @@ before do stub_analytics - stub_attempts_tracker stub_sign_in(user) allow(Pii::Cacher).to receive(:new).and_return(pii_cacher) allow(pii_cacher).to receive(:fetch).and_call_original allow(UserAlerts::AlertUserAboutAccountVerified).to receive(:call) - allow(@irs_attempts_api_tracker).to receive(:idv_gpo_verification_submitted) allow(IdentityConfig.store).to receive(:proofing_device_profiling). and_return(threatmetrix_enabled ? :enabled : :disabled) allow(IdentityConfig.store).to receive(:enable_usps_verification).and_return(gpo_enabled) @@ -199,9 +197,6 @@ it 'redirects to the sign_up/completions page' do action - expect(@irs_attempts_api_tracker).to have_received(:idv_gpo_verification_submitted). - with(success_properties) - expect(@analytics).to have_logged_event( 'IdV: enter verify by mail code submitted', success: true, @@ -244,9 +239,6 @@ it 'redirects to personal key page' do action - expect(@irs_attempts_api_tracker).to have_received(:idv_gpo_verification_submitted). - with(success_properties) - expect(@analytics).to have_logged_event( 'IdV: enter verify by mail code submitted', success: true, @@ -275,9 +267,6 @@ it 'redirects to the sign_up/completions page' do action - expect(@irs_attempts_api_tracker).to have_received(:idv_gpo_verification_submitted). - with(success_properties) - expect(@analytics).to have_logged_event( 'IdV: enter verify by mail code submitted', success: true, @@ -367,9 +356,6 @@ it 'renders to the index page to show errors' do action - expect(@irs_attempts_api_tracker).to have_received(:idv_gpo_verification_submitted). - with(success: false) - expect(@analytics).to have_logged_event( 'IdV: enter verify by mail code submitted', success: false, @@ -441,9 +427,6 @@ it 'redirects to personal key page' do post(:create, params: { gpo_verify_form: { otp: good_otp } }) - expect(@irs_attempts_api_tracker).to have_received(:idv_gpo_verification_submitted). - exactly(max_attempts).times - failed_gpo_submission_events = @analytics.events['IdV: enter verify by mail code submitted']. reject { |event_attributes| event_attributes[:errors].empty? } diff --git a/spec/controllers/idv/by_mail/enter_code_rate_limited_controller_spec.rb b/spec/controllers/idv/by_mail/enter_code_rate_limited_controller_spec.rb index 1c2fac38e6e..e1d9a5bf871 100644 --- a/spec/controllers/idv/by_mail/enter_code_rate_limited_controller_spec.rb +++ b/spec/controllers/idv/by_mail/enter_code_rate_limited_controller_spec.rb @@ -14,7 +14,6 @@ stub_sign_in(user) stub_user_with_pending_profile(user) stub_analytics - stub_attempts_tracker RateLimiter.new(rate_limit_type: :verify_gpo_key, user: user).increment_to_limited! end @@ -25,8 +24,6 @@ limiter_type: :verify_gpo_key, ).once - expect(@irs_attempts_api_tracker).to receive(:idv_gpo_verification_rate_limited).once - get :index expect(response).to render_template :index diff --git a/spec/controllers/idv/by_mail/request_letter_controller_spec.rb b/spec/controllers/idv/by_mail/request_letter_controller_spec.rb index a4bed8bbea9..1d24cc311a0 100644 --- a/spec/controllers/idv/by_mail/request_letter_controller_spec.rb +++ b/spec/controllers/idv/by_mail/request_letter_controller_spec.rb @@ -10,7 +10,6 @@ before do stub_analytics - stub_attempts_tracker allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args) end @@ -158,13 +157,6 @@ ) end - it 'logs attempts api tracking' do - expect(@irs_attempts_api_tracker).to receive(:idv_gpo_letter_requested). - with(resend: false) - - put :create - end - it 'updates the doc auth log for the user for the usps_letter_sent event' do unstub_analytics doc_auth_log = DocAuthLog.create(user_id: user.id) @@ -228,13 +220,6 @@ ) end - it 'logs attempts api tracking' do - expect(@irs_attempts_api_tracker).to receive(:idv_gpo_letter_requested). - with(resend: true) - - put :create - end - it 'redirects to capture password if pii is locked' do pii_cacher = instance_double(Pii::Cacher) allow(pii_cacher).to receive(:fetch).and_return(nil) diff --git a/spec/controllers/idv/document_capture_controller_spec.rb b/spec/controllers/idv/document_capture_controller_spec.rb index 6d04ae0305c..0e5355dc6ce 100644 --- a/spec/controllers/idv/document_capture_controller_spec.rb +++ b/spec/controllers/idv/document_capture_controller_spec.rb @@ -107,7 +107,6 @@ flow_path: 'standard', redo_document_capture: nil, skip_hybrid_handoff: nil, - irs_reproofing: false, step: 'document_capture', liveness_checking_required: false, selfie_check_required: sp_selfie_enabled && doc_auth_selfie_capture_enabled, @@ -299,7 +298,6 @@ flow_path: 'standard', redo_document_capture: nil, skip_hybrid_handoff: nil, - irs_reproofing: false, step: 'document_capture', liveness_checking_required: false, selfie_check_required: sp_selfie_enabled && doc_auth_selfie_capture_enabled, diff --git a/spec/controllers/idv/enter_password_controller_spec.rb b/spec/controllers/idv/enter_password_controller_spec.rb index 4b5058ced49..33f10acad3b 100644 --- a/spec/controllers/idv/enter_password_controller_spec.rb +++ b/spec/controllers/idv/enter_password_controller_spec.rb @@ -24,8 +24,6 @@ before do stub_analytics stub_sign_in(user) - stub_attempts_tracker - allow(@irs_attempts_api_tracker).to receive(:track_event) allow(IdentityConfig.store).to receive(:usps_mock_fallback).and_return(false) allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args) subject.idv_session.welcome_visited = true @@ -103,13 +101,6 @@ def show expect(flash[:error]).to eq t('idv.errors.incorrect_password') expect(response).to redirect_to idv_enter_password_path end - - it 'tracks irs password entered event (idv_password_entered)' do - expect(@irs_attempts_api_tracker).to have_received(:track_event).with( - :idv_password_entered, - success: false, - ) - end end context 'user provides correct password' do @@ -322,15 +313,6 @@ def show expect(response).to redirect_to idv_personal_key_path end - it 'tracks irs password entered event (idv_password_entered)' do - put :create, params: { user: { password: ControllerHelper::VALID_PASSWORD } } - - expect(@irs_attempts_api_tracker).to have_received(:track_event).with( - :idv_password_entered, - success: true, - ) - end - it 'creates Profile with applicant attributes' do put :create, params: { user: { password: ControllerHelper::VALID_PASSWORD } } diff --git a/spec/controllers/idv/forgot_password_controller_spec.rb b/spec/controllers/idv/forgot_password_controller_spec.rb index 14be1ba59de..bbb5efd8066 100644 --- a/spec/controllers/idv/forgot_password_controller_spec.rb +++ b/spec/controllers/idv/forgot_password_controller_spec.rb @@ -26,14 +26,9 @@ before do stub_sign_in(user) stub_analytics - stub_attempts_tracker end it 'tracks appropriate events' do - expect(@irs_attempts_api_tracker).to receive(:forgot_password_email_sent).with( - email: user.email, - ) - post :update expect(@analytics).to have_logged_event('IdV: forgot password confirmed') diff --git a/spec/controllers/idv/how_to_verify_controller_spec.rb b/spec/controllers/idv/how_to_verify_controller_spec.rb index 4fe227bb666..291b8ed64e2 100644 --- a/spec/controllers/idv/how_to_verify_controller_spec.rb +++ b/spec/controllers/idv/how_to_verify_controller_spec.rb @@ -116,7 +116,6 @@ step: 'how_to_verify', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, - irs_reproofing: false, }.merge(ab_test_args) end @@ -184,7 +183,6 @@ step: 'how_to_verify', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, - irs_reproofing: false, error_details: { selection: { blank: true } }, errors: { selection: ['Select a way to verify your identity.'] }, success: false, @@ -206,7 +204,6 @@ analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, 'selection' => selection, - irs_reproofing: false, error_details: { selection: { inclusion: true } }, errors: { selection: ['Select a way to verify your identity.'] }, success: false, @@ -223,7 +220,6 @@ analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, step: 'how_to_verify', - irs_reproofing: false, errors: {}, success: true, 'selection' => selection, @@ -251,7 +247,6 @@ analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, step: 'how_to_verify', - irs_reproofing: false, errors: {}, success: true, 'selection' => selection, diff --git a/spec/controllers/idv/hybrid_handoff_controller_spec.rb b/spec/controllers/idv/hybrid_handoff_controller_spec.rb index f48970971e0..3644d49d67d 100644 --- a/spec/controllers/idv/hybrid_handoff_controller_spec.rb +++ b/spec/controllers/idv/hybrid_handoff_controller_spec.rb @@ -22,7 +22,6 @@ stub_sign_in(user) stub_up_to(:agreement, idv_session: subject.idv_session) stub_analytics - stub_attempts_tracker allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args) allow(subject.idv_session).to receive(:service_provider).and_return(service_provider) @@ -71,7 +70,6 @@ analytics_id: 'Doc Auth', redo_document_capture: nil, skip_hybrid_handoff: nil, - irs_reproofing: false, selfie_check_required: sp_selfie_enabled && doc_auth_selfie_capture_enabled, }.merge(ab_test_args) end @@ -310,7 +308,6 @@ redo_document_capture: nil, skip_hybrid_handoff: nil, selfie_check_required: sp_selfie_enabled && doc_auth_selfie_capture_enabled, - irs_reproofing: false, telephony_response: { errors: {}, message_id: 'fake-message-id', @@ -368,7 +365,6 @@ analytics_id: 'Doc Auth', redo_document_capture: nil, skip_hybrid_handoff: nil, - irs_reproofing: false, selfie_check_required: doc_auth_selfie_capture_enabled && sp_selfie_enabled, }.merge(ab_test_args) end @@ -384,14 +380,6 @@ expect(@analytics).to have_logged_event(analytics_name, analytics_args) end - - it 'sends irs_attempts_api_tracking' do - expect(@irs_attempts_api_tracker).to receive( - :idv_document_upload_method_selected, - ).with({ upload_method: 'desktop' }) - - put :update, params: { type: 'desktop' } - end end end end diff --git a/spec/controllers/idv/hybrid_mobile/capture_complete_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/capture_complete_controller_spec.rb index 9aeb83c60a8..40400215875 100644 --- a/spec/controllers/idv/hybrid_mobile/capture_complete_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/capture_complete_controller_spec.rb @@ -49,7 +49,6 @@ { analytics_id: 'Doc Auth', flow_path: 'hybrid', - irs_reproofing: false, step: 'capture_complete', liveness_checking_required: false, }.merge(ab_test_args) diff --git a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb index 035cf5527c7..ac92171aa12 100644 --- a/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/document_capture_controller_spec.rb @@ -22,7 +22,6 @@ before do stub_analytics - stub_attempts_tracker session[:doc_capture_user_id] = user&.id session[:document_capture_session_uuid] = document_capture_session_uuid @@ -56,7 +55,6 @@ { analytics_id: 'Doc Auth', flow_path: 'hybrid', - irs_reproofing: false, step: 'document_capture', selfie_check_required: false, liveness_checking_required: boolean, @@ -182,7 +180,6 @@ errors: {}, analytics_id: 'Doc Auth', flow_path: 'hybrid', - irs_reproofing: false, step: 'document_capture', liveness_checking_required: false, selfie_check_required: boolean, diff --git a/spec/controllers/idv/hybrid_mobile/entry_controller_spec.rb b/spec/controllers/idv/hybrid_mobile/entry_controller_spec.rb index 9a0bd48211f..bc70f6378d4 100644 --- a/spec/controllers/idv/hybrid_mobile/entry_controller_spec.rb +++ b/spec/controllers/idv/hybrid_mobile/entry_controller_spec.rb @@ -15,16 +15,13 @@ before do stub_analytics - stub_attempts_tracker end context 'with no session' do before do get :show end - it 'logs that phone upload link was used' do - expect(@irs_attempts_api_tracker.events).to have_key(:idv_phone_upload_link_used) - end + it 'redirects to the root url' do expect(response).to redirect_to root_url end @@ -34,9 +31,7 @@ before do get :show, params: { 'document-capture-session': 'foo' } end - it 'logs that phone upload link was used' do - expect(@irs_attempts_api_tracker.events).to have_key(:idv_phone_upload_link_used) - end + it 'logs an analytics event' do expect(@analytics).to have_logged_event( 'Doc Auth', @@ -58,10 +53,6 @@ end end - it 'logs that phone upload link was used' do - expect(@irs_attempts_api_tracker.events).to have_key(:idv_phone_upload_link_used) - end - it 'redirects to the root url' do expect(response).to redirect_to root_url end @@ -77,10 +68,6 @@ get :show, params: { 'document-capture-session': session_uuid } end - it 'logs that phone upload link was used' do - expect(@irs_attempts_api_tracker.events).to have_key(:idv_phone_upload_link_used) - end - it 'redirects to the first step' do expect(response).to redirect_to idv_hybrid_mobile_document_capture_url end @@ -138,10 +125,6 @@ get :show end - it 'logs that phone upload link was used' do - expect(@irs_attempts_api_tracker.events).to have_key(:idv_phone_upload_link_used) - end - it 'redirects to the first step' do expect(response).to redirect_to idv_hybrid_mobile_document_capture_url end diff --git a/spec/controllers/idv/image_uploads_controller_spec.rb b/spec/controllers/idv/image_uploads_controller_spec.rb index b004ad3f587..e83986cf62f 100644 --- a/spec/controllers/idv/image_uploads_controller_spec.rb +++ b/spec/controllers/idv/image_uploads_controller_spec.rb @@ -51,12 +51,6 @@ it 'tracks events' do stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :idv_document_upload_submitted, - any_args, - ) action @@ -99,23 +93,6 @@ it 'tracks events' do stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :idv_document_upload_submitted, - { address: nil, - date_of_birth: nil, - document_back_image_filename: nil, - document_expiration: nil, - document_front_image_filename: nil, - document_image_encryption_key: nil, - document_issued: nil, - document_number: nil, - document_state: nil, - first_name: nil, - last_name: nil, - success: false }, - ) action @@ -232,29 +209,6 @@ RateLimiter.new(rate_limit_type: :idv_doc_auth, user: user).increment_to_limited! stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :idv_document_upload_rate_limited, - ) - - # This is the last upload which triggers the rate limit, apparently. - # I do find this moderately confusing. - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :idv_document_upload_submitted, - { address: nil, - date_of_birth: nil, - document_back_image_filename: nil, - document_expiration: nil, - document_front_image_filename: nil, - document_image_encryption_key: nil, - document_issued: nil, - document_number: nil, - document_state: nil, - first_name: nil, - last_name: nil, - success: false }, - ) action @@ -383,23 +337,6 @@ it 'tracks events' do stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :idv_document_upload_submitted, - success: true, - document_back_image_filename: nil, - document_front_image_filename: nil, - document_image_encryption_key: nil, - document_state: 'MT', - document_number: '1111111111111', - document_issued: '2019-12-31', - document_expiration: '2099-12-31', - first_name: 'FAKEY', - last_name: 'MCFAKERSON', - date_of_birth: '1938-10-06', - address: '1 FAKE RD', - ) action @@ -539,54 +476,11 @@ ) end - context 'encrypted document storage is enabled' do - let(:first_name) { nil } - - it 'includes image references in attempts api' do - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :idv_document_upload_submitted, - success: false, - document_state: 'ND', - document_number: state_id_number, - document_issued: nil, - document_expiration: nil, - first_name: nil, - last_name: 'MCFAKERSON', - date_of_birth: '10/06/1938', - address: address1, - document_back_image_filename: nil, - document_front_image_filename: nil, - document_image_encryption_key: nil, - ) - - action - end - end - context 'due to invalid Name' do let(:first_name) { nil } it 'tracks name validation errors in analytics' do stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :idv_document_upload_submitted, - success: false, - document_state: 'ND', - document_number: state_id_number, - document_issued: nil, - document_expiration: nil, - first_name: nil, - last_name: 'MCFAKERSON', - date_of_birth: '10/06/1938', - address: address1, - document_back_image_filename: nil, - document_front_image_filename: nil, - document_image_encryption_key: nil, - ) action @@ -684,23 +578,6 @@ it 'tracks state validation errors in analytics' do stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :idv_document_upload_submitted, - success: false, - document_state: 'Maryland', - document_number: state_id_number, - document_issued: nil, - document_expiration: nil, - first_name: 'FAKEY', - last_name: 'MCFAKERSON', - date_of_birth: '10/06/1938', - address: address1, - document_back_image_filename: nil, - document_front_image_filename: nil, - document_image_encryption_key: nil, - ) action @@ -798,23 +675,6 @@ it 'tracks state_id_number validation errors in analytics' do stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :idv_document_upload_submitted, - success: false, - document_back_image_filename: nil, - document_front_image_filename: nil, - document_image_encryption_key: nil, - document_state: 'ND', - document_number: state_id_number, - document_issued: nil, - document_expiration: nil, - first_name: 'FAKEY', - last_name: 'MCFAKERSON', - date_of_birth: '10/06/1938', - address: address1, - ) action @@ -909,23 +769,6 @@ it 'tracks dob validation errors in analytics' do stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :idv_document_upload_submitted, - success: false, - document_back_image_filename: nil, - document_front_image_filename: nil, - document_image_encryption_key: nil, - document_state: 'ND', - document_number: state_id_number, - document_issued: nil, - document_expiration: nil, - first_name: 'FAKEY', - last_name: 'MCFAKERSON', - date_of_birth: nil, - address: address1, - ) action diff --git a/spec/controllers/idv/in_person/address_controller_spec.rb b/spec/controllers/idv/in_person/address_controller_spec.rb index df06ee89e2f..88477e3c5f1 100644 --- a/spec/controllers/idv/in_person/address_controller_spec.rb +++ b/spec/controllers/idv/in_person/address_controller_spec.rb @@ -68,10 +68,8 @@ { analytics_id: 'In Person Proofing', flow_path: 'standard', - irs_reproofing: false, opted_in_to_in_person_proofing: nil, step: 'address', - lexisnexis_instant_verify_workflow_ab_test_bucket: :default, pii_like_keypaths: [[:same_address_as_id], [:proofing_results, :context, :stages, :state_id, :state_id_jurisdiction]], @@ -137,9 +135,7 @@ errors: {}, analytics_id: 'In Person Proofing', flow_path: 'standard', - irs_reproofing: false, step: 'address', - lexisnexis_instant_verify_workflow_ab_test_bucket: :default, pii_like_keypaths: [[:same_address_as_id], [:proofing_results, :context, :stages, :state_id, :state_id_jurisdiction]], @@ -226,9 +222,7 @@ errors: {}, analytics_id: 'In Person Proofing', flow_path: 'standard', - irs_reproofing: false, step: 'address', - lexisnexis_instant_verify_workflow_ab_test_bucket: :default, pii_like_keypaths: [[:same_address_as_id], [:proofing_results, :context, :stages, :state_id, :state_id_jurisdiction]], diff --git a/spec/controllers/idv/in_person/ssn_controller_spec.rb b/spec/controllers/idv/in_person/ssn_controller_spec.rb index 895efa29d16..818e11061d2 100644 --- a/spec/controllers/idv/in_person/ssn_controller_spec.rb +++ b/spec/controllers/idv/in_person/ssn_controller_spec.rb @@ -19,7 +19,6 @@ stub_sign_in(user) subject.user_session['idv/in_person'] = flow_session stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args) subject.idv_session.flow_path = 'standard' @@ -48,7 +47,6 @@ { analytics_id: 'In Person Proofing', flow_path: 'standard', - irs_reproofing: false, step: 'ssn', same_address_as_id: true, pii_like_keypaths: [ @@ -121,7 +119,6 @@ { analytics_id: 'In Person Proofing', flow_path: 'standard', - irs_reproofing: false, step: 'ssn', success: true, errors: {}, @@ -136,14 +133,6 @@ expect(@analytics).to have_received(:track_event).with(analytics_name, analytics_args) end - it 'logs attempts api event' do - expect(@irs_attempts_api_tracker).to receive(:idv_ssn_submitted).with( - ssn: ssn, - ) - - put :update, params: params - end - it 'adds ssn to idv_session' do put :update, params: params @@ -172,7 +161,6 @@ { analytics_id: 'In Person Proofing', flow_path: 'standard', - irs_reproofing: false, step: 'ssn', success: false, errors: { diff --git a/spec/controllers/idv/in_person/state_id_controller_spec.rb b/spec/controllers/idv/in_person/state_id_controller_spec.rb index 4c985736cb2..eb6ec940606 100644 --- a/spec/controllers/idv/in_person/state_id_controller_spec.rb +++ b/spec/controllers/idv/in_person/state_id_controller_spec.rb @@ -69,7 +69,6 @@ { analytics_id: 'In Person Proofing', flow_path: 'standard', - irs_reproofing: false, opted_in_to_in_person_proofing: nil, step: 'state_id', pii_like_keypaths: [[:same_address_as_id], @@ -169,7 +168,6 @@ errors: {}, analytics_id: 'In Person Proofing', flow_path: 'standard', - irs_reproofing: false, step: 'state_id', opted_in_to_in_person_proofing: nil, pii_like_keypaths: [[:same_address_as_id], diff --git a/spec/controllers/idv/in_person/verify_info_controller_spec.rb b/spec/controllers/idv/in_person/verify_info_controller_spec.rb index 23f0a584cdf..7b090f67b9a 100644 --- a/spec/controllers/idv/in_person/verify_info_controller_spec.rb +++ b/spec/controllers/idv/in_person/verify_info_controller_spec.rb @@ -52,7 +52,6 @@ before do stub_analytics - stub_attempts_tracker end describe '#show' do @@ -61,7 +60,6 @@ { analytics_id: 'In Person Proofing', flow_path: 'standard', - irs_reproofing: false, step: 'verify', }.merge(ab_test_args) end diff --git a/spec/controllers/idv/link_sent_controller_spec.rb b/spec/controllers/idv/link_sent_controller_spec.rb index 753f6b05c2c..6cd1f023328 100644 --- a/spec/controllers/idv/link_sent_controller_spec.rb +++ b/spec/controllers/idv/link_sent_controller_spec.rb @@ -13,7 +13,6 @@ subject.idv_session.idv_consent_given = true subject.idv_session.flow_path = 'hybrid' stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args) end @@ -53,7 +52,6 @@ { analytics_id: 'Doc Auth', flow_path: 'hybrid', - irs_reproofing: false, step: 'link_sent', }.merge(ab_test_args) end @@ -116,7 +114,6 @@ { analytics_id: 'Doc Auth', flow_path: 'hybrid', - irs_reproofing: false, step: 'link_sent', }.merge(ab_test_args) end diff --git a/spec/controllers/idv/otp_verification_controller_spec.rb b/spec/controllers/idv/otp_verification_controller_spec.rb index b4834386c63..775ce466c22 100644 --- a/spec/controllers/idv/otp_verification_controller_spec.rb +++ b/spec/controllers/idv/otp_verification_controller_spec.rb @@ -25,7 +25,6 @@ before do stub_analytics - stub_attempts_tracker allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args) sign_in(user) @@ -177,47 +176,5 @@ hash_including(expected_result), ) end - - describe 'track irs analytics event' do - let(:phone_property) { { phone_number: phone } } - context 'when the phone otp code is valid' do - it 'captures success event' do - expect(@irs_attempts_api_tracker).to receive(:idv_phone_otp_submitted).with( - success: true, - **phone_property, - ) - - put :update, params: otp_code_param - end - end - - context 'when the phone otp code is invalid' do - let(:invalid_otp_code_param) { { code: '000' } } - it 'captures failure event' do - expect(@irs_attempts_api_tracker).to receive(:idv_phone_otp_submitted).with( - success: false, - **phone_property, - ) - - put :update, params: invalid_otp_code_param - end - end - - context 'when the phone otp code has expired' do - let(:phone_confirmation_otp_sent_at) do - # Set time to a long time ago - Time.zone.now - 900000000 - end - - it 'captures failure event' do - expect(@irs_attempts_api_tracker).to receive(:idv_phone_otp_submitted).with( - success: false, - **phone_property, - ) - - put :update, params: otp_code_param - end - end - end end end diff --git a/spec/controllers/idv/personal_key_controller_spec.rb b/spec/controllers/idv/personal_key_controller_spec.rb index 492b12376fb..49c87cf6fcb 100644 --- a/spec/controllers/idv/personal_key_controller_spec.rb +++ b/spec/controllers/idv/personal_key_controller_spec.rb @@ -50,7 +50,6 @@ def assert_personal_key_generated_for_profiles(*profile_pii_pairs) before do stub_analytics - stub_attempts_tracker stub_sign_in(user) @@ -296,11 +295,6 @@ def assert_personal_key_generated_for_profiles(*profile_pii_pairs) ) end - it 'logs when user generates personal key' do - expect(@irs_attempts_api_tracker).to receive(:idv_personal_key_generated) - get :show - end - context 'user selected gpo verification' do let(:address_verification_mechanism) { 'gpo' } diff --git a/spec/controllers/idv/phone_controller_spec.rb b/spec/controllers/idv/phone_controller_spec.rb index b8da5f24074..79cd0969e2c 100644 --- a/spec/controllers/idv/phone_controller_spec.rb +++ b/spec/controllers/idv/phone_controller_spec.rb @@ -52,7 +52,6 @@ stub_sign_in(user) stub_up_to(:verify_info, idv_session: subject.idv_session) stub_analytics - stub_attempts_tracker end describe '#new' do @@ -293,11 +292,6 @@ it 'tracks form error events and does not make a vendor API call' do expect_any_instance_of(Idv::Agent).to_not receive(:proof_address) - expect(@irs_attempts_api_tracker).to receive(:idv_phone_submitted).with( - success: false, - phone_number: improbable_phone_number, - ) - put :create, params: improbable_phone_form result = { @@ -349,11 +343,6 @@ end it 'tracks events with valid phone' do - expect(@irs_attempts_api_tracker).to receive(:idv_phone_submitted).with( - success: true, - phone_number: good_phone, - ) - put :create, params: phone_params result = { diff --git a/spec/controllers/idv/ssn_controller_spec.rb b/spec/controllers/idv/ssn_controller_spec.rb index a0a1c8bec40..4762cddec7e 100644 --- a/spec/controllers/idv/ssn_controller_spec.rb +++ b/spec/controllers/idv/ssn_controller_spec.rb @@ -15,7 +15,6 @@ stub_sign_in(user) stub_up_to(:document_capture, idv_session: subject.idv_session) stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args) end @@ -55,7 +54,6 @@ { analytics_id: 'Doc Auth', flow_path: 'standard', - irs_reproofing: false, step: 'ssn', }.merge(ab_test_args) end @@ -131,7 +129,6 @@ { analytics_id: 'Doc Auth', flow_path: 'standard', - irs_reproofing: false, step: 'ssn', success: true, errors: {}, @@ -169,13 +166,6 @@ put :update, params: params end - it 'logs attempts api event' do - expect(@irs_attempts_api_tracker).to receive(:idv_ssn_submitted).with( - ssn: ssn, - ) - put :update, params: params - end - context 'with existing session applicant' do it 'clears applicant' do subject.idv_session.applicant = Idp::Constants::MOCK_IDV_APPLICANT @@ -195,7 +185,6 @@ { analytics_id: 'Doc Auth', flow_path: 'standard', - irs_reproofing: false, step: 'ssn', success: false, errors: { diff --git a/spec/controllers/idv/verify_info_controller_spec.rb b/spec/controllers/idv/verify_info_controller_spec.rb index ec3c449fe43..8d71d73ce0f 100644 --- a/spec/controllers/idv/verify_info_controller_spec.rb +++ b/spec/controllers/idv/verify_info_controller_spec.rb @@ -8,7 +8,6 @@ { analytics_id: 'Doc Auth', flow_path: 'standard', - irs_reproofing: false, step: 'verify', }.merge(ab_test_args) end @@ -21,7 +20,6 @@ stub_sign_in(user) stub_up_to(:ssn, idv_session: subject.idv_session) stub_analytics - stub_attempts_tracker allow(subject).to receive(:ab_test_analytics_buckets).and_return(ab_test_args) end @@ -53,7 +51,6 @@ { analytics_id: 'Doc Auth', flow_path: 'standard', - irs_reproofing: false, step: 'verify', }.merge(ab_test_args) end @@ -130,13 +127,6 @@ expect(response).to redirect_to idv_session_errors_ssn_failure_url end - - it 'logs the correct attempts event' do - expect(@irs_attempts_api_tracker).to receive(:idv_verification_rate_limited). - with({ limiter_context: 'multi-session' }) - - get :show - end end context 'when the user is proofing rate limited' do @@ -152,13 +142,6 @@ expect(response).to redirect_to idv_session_errors_failure_url end - - it 'logs the correct attempts event' do - expect(@irs_attempts_api_tracker).to receive(:idv_verification_rate_limited). - with({ limiter_context: 'single-session' }) - - get :show - end end context 'when proofing_device_profiling is enabled' do @@ -206,13 +189,6 @@ expect(controller.idv_session.threatmetrix_review_status).to eq('pass') end - it 'it logs IRS idv_tmx_fraud_check event' do - expect(@irs_attempts_api_tracker).to receive(:idv_tmx_fraud_check).with( - success: true, - ) - get :show - end - # we use the client name for some error tracking, so make sure # it gets through to the analytics event log. it 'logs the analytics event, including the client' do @@ -244,13 +220,6 @@ get :show expect(controller.idv_session.threatmetrix_review_status).to be_nil end - - it 'it logs IRS idv_tmx_fraud_check event' do - expect(@irs_attempts_api_tracker).to receive(:idv_tmx_fraud_check).with( - success: false, - ) - get :show - end end context 'when threatmetrix response is Reject' do @@ -260,13 +229,6 @@ get :show expect(controller.idv_session.threatmetrix_review_status).to eq('reject') end - - it 'it logs IRS idv_tmx_fraud_check event' do - expect(@irs_attempts_api_tracker).to receive(:idv_tmx_fraud_check).with( - success: false, - ) - get :show - end end context 'when threatmetrix response is Review' do @@ -276,13 +238,6 @@ get :show expect(controller.idv_session.threatmetrix_review_status).to eq('review') end - - it 'it logs IRS idv_tmx_fraud_check event' do - expect(@irs_attempts_api_tracker).to receive(:idv_tmx_fraud_check).with( - success: false, - ) - get :show - end end end @@ -450,13 +405,6 @@ expect(response).to redirect_to idv_session_errors_ssn_failure_url end - - it 'logs the correct attempts event' do - expect(@irs_attempts_api_tracker).to receive(:idv_verification_rate_limited). - with({ limiter_context: 'multi-session' }) - - put :update - end end context 'when the user is proofing rate limited' do @@ -472,13 +420,6 @@ expect(response).to redirect_to idv_session_errors_failure_url end - - it 'logs the correct attempts event' do - expect(@irs_attempts_api_tracker).to receive(:idv_verification_rate_limited). - with({ limiter_context: 'single-session' }) - - put :update - end end end end diff --git a/spec/controllers/idv/welcome_controller_spec.rb b/spec/controllers/idv/welcome_controller_spec.rb index 0bd35db8a2d..bd32fefbc61 100644 --- a/spec/controllers/idv/welcome_controller_spec.rb +++ b/spec/controllers/idv/welcome_controller_spec.rb @@ -41,7 +41,6 @@ { step: 'welcome', analytics_id: 'Doc Auth', - irs_reproofing: false, }.merge(ab_test_args) end @@ -107,7 +106,6 @@ { step: 'welcome', analytics_id: 'Doc Auth', - irs_reproofing: false, }.merge(ab_test_args) end diff --git a/spec/controllers/idv_controller_spec.rb b/spec/controllers/idv_controller_spec.rb index e12238f6b31..c2311efa29a 100644 --- a/spec/controllers/idv_controller_spec.rb +++ b/spec/controllers/idv_controller_spec.rb @@ -89,14 +89,6 @@ expect(response).to redirect_to idv_session_errors_failure_url end - - it 'logs appropriate attempts event' do - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:idv_verification_rate_limited). - with({ limiter_context: 'single-session' }) - - get :index - end end context 'if number of document capture attempts has been exceeded' do diff --git a/spec/controllers/openid_connect/logout_controller_spec.rb b/spec/controllers/openid_connect/logout_controller_spec.rb index 6f70f9fc845..f2af7c2f285 100644 --- a/spec/controllers/openid_connect/logout_controller_spec.rb +++ b/spec/controllers/openid_connect/logout_controller_spec.rb @@ -33,21 +33,20 @@ ).id_token end - shared_examples 'set redirect URL for concurrent session logout' do |req_method| + shared_examples 'set redirect URL for concurrent session logout' do |req_action, req_method| it "#{req_method}: assigns devise session limited failure redirect url" do - process :logout, - method: req_method + process(req_action, method: req_method) expect(request.env['devise_session_limited_failure_redirect_url']).to eq(request.url) end end - shared_examples 'logout allows id_token_hint' do |req_method| + shared_examples 'when allowing id_token_hint' do |req_action, req_method| let(:id_token_hint) { valid_id_token_hint } context 'when sending id_token_hint' do subject(:action) do - process :logout, + process req_action, method: req_method, params: { id_token_hint: id_token_hint, @@ -177,11 +176,6 @@ ), ) - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:logout_initiated). - with( - success: true, - ) action end end @@ -210,16 +204,17 @@ expect(@analytics).to receive(:track_event). with( 'OIDC Logout Requested', - success: false, - client_id: service_provider.issuer, - client_id_parameter_present: false, - id_token_hint_parameter_present: true, - errors: errors, - error_details: hash_including(*errors.keys), - sp_initiated: true, - oidc: true, - method: nil, - saml_request_valid: nil, + hash_including( + success: false, + client_id: service_provider.issuer, + client_id_parameter_present: false, + id_token_hint_parameter_present: true, + errors: errors, + error_details: hash_including(*errors.keys), + sp_initiated: true, + oidc: true, + saml_request_valid: nil, + ), ) action @@ -235,18 +230,18 @@ expect(@analytics).to receive(:track_event). with( 'OIDC Logout Requested', - success: false, - client_id: nil, - client_id_parameter_present: false, - id_token_hint_parameter_present: true, - errors: hash_including(*errors_keys), - error_details: hash_including(*errors_keys), - sp_initiated: true, - oidc: true, - method: nil, - saml_request_valid: nil, + hash_including( + success: false, + client_id: nil, + client_id_parameter_present: false, + id_token_hint_parameter_present: true, + errors: hash_including(*errors_keys), + error_details: hash_including(*errors_keys), + sp_initiated: true, + oidc: true, + saml_request_valid: nil, + ), ) - action end end @@ -283,7 +278,7 @@ context 'when sending client_id' do subject(:action) do - process :logout, + process req_action, method: req_method, params: { client_id: service_provider.issuer, @@ -366,7 +361,6 @@ error_details: hash_including(*errors.keys), sp_initiated: true, oidc: true, - method: nil, saml_request_valid: nil, ), ) @@ -406,10 +400,10 @@ end end - shared_examples 'logout rejects id_token_hint' do |req_method| + shared_examples 'when rejecting id_token_hint' do |req_action, req_method| let(:id_token_hint) { nil } subject(:action) do - process :logout, + process req_action, method: req_method, params: { client_id: service_provider.issuer, @@ -487,16 +481,17 @@ expect(@analytics).to receive(:track_event). with( 'OIDC Logout Requested', - success: false, - client_id: service_provider.issuer, - client_id_parameter_present: true, - id_token_hint_parameter_present: true, - errors: errors, - error_details: hash_including(*errors.keys), - sp_initiated: true, - oidc: true, - method: nil, - saml_request_valid: nil, + hash_including( + success: false, + client_id: service_provider.issuer, + client_id_parameter_present: true, + id_token_hint_parameter_present: true, + errors: errors, + error_details: hash_including(*errors.keys), + sp_initiated: true, + oidc: true, + saml_request_valid: nil, + ), ) action @@ -527,16 +522,17 @@ expect(@analytics).to receive(:track_event). with( 'OIDC Logout Requested', - success: false, - client_id: service_provider.issuer, - client_id_parameter_present: true, - id_token_hint_parameter_present: false, - errors: errors, - error_details: hash_including(*errors.keys), - sp_initiated: true, - oidc: true, - method: nil, - saml_request_valid: nil, + hash_including( + success: false, + client_id: service_provider.issuer, + client_id_parameter_present: true, + id_token_hint_parameter_present: false, + errors: errors, + error_details: hash_including(*errors.keys), + sp_initiated: true, + oidc: true, + saml_request_valid: nil, + ), ) action @@ -576,9 +572,9 @@ end end - describe '#logout' do - it_behaves_like 'set redirect URL for concurrent session logout', 'GET' - it_behaves_like 'set redirect URL for concurrent session logout', 'POST' + describe 'concurrent session management' do + it_behaves_like 'set redirect URL for concurrent session logout', :show, 'GET' + it_behaves_like 'set redirect URL for concurrent session logout', :create, 'POST' end context 'when accepting id_token_hint and client_id' do @@ -587,12 +583,8 @@ and_return(false) end - describe 'GET /openid_connect/logout' do - it_behaves_like 'logout allows id_token_hint', 'GET' - end - - describe 'POST /openid_connect/logout' do - it_behaves_like 'logout allows id_token_hint', 'POST' + describe '#logout[GET]' do + it_behaves_like 'when allowing id_token_hint', :show, 'GET' end describe '#delete' do @@ -746,12 +738,8 @@ and_return(true) end - describe 'GET /openid_connect/logout' do - it_behaves_like 'logout rejects id_token_hint', 'GET' - end - - describe 'POST /openid_connect/logout' do - it_behaves_like 'logout rejects id_token_hint', 'POST' + describe '#logout[GET]' do + it_behaves_like 'when rejecting id_token_hint', :show, 'GET' end describe '#delete' do @@ -827,11 +815,6 @@ method: nil, saml_request_valid: nil, ) - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:logout_initiated). - with( - success: true, - ) action end diff --git a/spec/controllers/saml_idp_controller_spec.rb b/spec/controllers/saml_idp_controller_spec.rb index d877c33d893..ad69564b0b7 100644 --- a/spec/controllers/saml_idp_controller_spec.rb +++ b/spec/controllers/saml_idp_controller_spec.rb @@ -16,13 +16,9 @@ it 'tracks the event when idp initiated' do stub_analytics - stub_attempts_tracker result = { sp_initiated: false, oidc: false, saml_request_valid: true } expect(@analytics).to receive(:track_event).with('Logout Initiated', hash_including(result)) - expect(@irs_attempts_api_tracker).to receive(:logout_initiated).with( - success: true, - ) delete :logout, params: { path_year: path_year } end @@ -30,26 +26,18 @@ it 'tracks the event when sp initiated' do allow(controller).to receive(:saml_request).and_return(FakeSamlLogoutRequest.new) stub_analytics - stub_attempts_tracker result = { sp_initiated: true, oidc: false, saml_request_valid: true } expect(@analytics).to receive(:track_event).with('Logout Initiated', hash_including(result)) - expect(@irs_attempts_api_tracker).to receive(:logout_initiated).with( - success: true, - ) delete :logout, params: { SAMLRequest: 'foo', path_year: path_year } end it 'tracks the event when the saml request is invalid' do stub_analytics - stub_attempts_tracker result = { sp_initiated: true, oidc: false, saml_request_valid: false } expect(@analytics).to receive(:track_event).with('Logout Initiated', hash_including(result)) - expect(@irs_attempts_api_tracker).to receive(:logout_initiated).with( - success: true, - ) delete :logout, params: { SAMLRequest: 'foo', path_year: path_year } end diff --git a/spec/controllers/sign_out_controller_spec.rb b/spec/controllers/sign_out_controller_spec.rb index 32a1764884e..0d2dc340132 100644 --- a/spec/controllers/sign_out_controller_spec.rb +++ b/spec/controllers/sign_out_controller_spec.rb @@ -22,16 +22,11 @@ it 'tracks the event' do stub_sign_in_before_2fa stub_analytics - stub_attempts_tracker allow(controller.decorated_sp_session).to receive(:cancel_link_url).and_return('foo') expect(@analytics). to receive(:track_event).with('Logout Initiated', hash_including(method: 'cancel link')) - expect(@irs_attempts_api_tracker).to receive(:logout_initiated).with( - success: true, - ) - get :destroy end end diff --git a/spec/controllers/sign_up/completions_controller_spec.rb b/spec/controllers/sign_up/completions_controller_spec.rb index 6f0b9990838..41a4ea46018 100644 --- a/spec/controllers/sign_up/completions_controller_spec.rb +++ b/spec/controllers/sign_up/completions_controller_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.describe SignUp::CompletionsController, allowed_extra_analytics: [:*] do +RSpec.describe SignUp::CompletionsController do let(:temporary_email) { 'name@temporary.com' } describe '#show' do @@ -47,7 +47,6 @@ service_provider_name: subject.decorated_sp_session.sp_name, page_occurence: '', needs_completion_screen_reason: :new_sp, - sp_request_requested_attributes: nil, sp_session_requested_attributes: [:email], in_account_creation_flow: false, ) @@ -85,7 +84,6 @@ service_provider_name: subject.decorated_sp_session.sp_name, page_occurence: '', needs_completion_screen_reason: :new_sp, - sp_request_requested_attributes: nil, sp_session_requested_attributes: [:email], in_account_creation_flow: false, ) @@ -132,7 +130,6 @@ service_provider_name: subject.decorated_sp_session.sp_name, page_occurence: '', needs_completion_screen_reason: :new_sp, - sp_request_requested_attributes: nil, sp_session_requested_attributes: [:email], in_account_creation_flow: false, ) @@ -236,7 +233,6 @@ service_provider_name: subject.decorated_sp_session.sp_name, page_occurence: 'agency-page', needs_completion_screen_reason: :new_sp, - sp_request_requested_attributes: nil, sp_session_requested_attributes: nil, in_account_creation_flow: true, disposable_email_domain: nil, @@ -297,7 +293,6 @@ service_provider_name: subject.decorated_sp_session.sp_name, page_occurence: 'agency-page', needs_completion_screen_reason: :new_sp, - sp_request_requested_attributes: nil, sp_session_requested_attributes: nil, in_account_creation_flow: true, disposable_email_domain: 'temporary.com', @@ -334,7 +329,6 @@ service_provider_name: subject.decorated_sp_session.sp_name, page_occurence: 'agency-page', needs_completion_screen_reason: :new_sp, - sp_request_requested_attributes: nil, sp_session_requested_attributes: ['email'], in_account_creation_flow: true, disposable_email_domain: 'temporary.com', @@ -392,11 +386,6 @@ context 'when the user goes through reproofing' do let!(:user) { create(:user, profiles: [create(:profile, :active)]) } - before do - stub_attempts_tracker - allow(@irs_attempts_api_tracker).to receive(:track_event) - end - xit 'does not log a reproofing event during initial proofing' do stub_sign_in(user) subject.session[:sp] = { diff --git a/spec/controllers/sign_up/email_confirmations_controller_spec.rb b/spec/controllers/sign_up/email_confirmations_controller_spec.rb index 36bcd7dc276..0adb05d8600 100644 --- a/spec/controllers/sign_up/email_confirmations_controller_spec.rb +++ b/spec/controllers/sign_up/email_confirmations_controller_spec.rb @@ -10,26 +10,15 @@ user_id: nil, } end - let(:attempts_tracker_error_hash) do - { - email: nil, - success: false, - } - end before do stub_analytics - stub_attempts_tracker end it 'tracks nil email confirmation token' do expect(@analytics).to receive(:track_event). with('User Registration: Email Confirmation', analytics_token_error_hash) - expect(@irs_attempts_api_tracker).to receive(:user_registration_email_confirmation).with( - **attempts_tracker_error_hash, - ) - get :create, params: { confirmation_token: nil } expect(flash[:error]).to eq t('errors.messages.confirmation_invalid_token') @@ -40,10 +29,6 @@ expect(@analytics).to receive(:track_event). with('User Registration: Email Confirmation', analytics_token_error_hash) - expect(@irs_attempts_api_tracker).to receive(:user_registration_email_confirmation).with( - **attempts_tracker_error_hash, - ) - get :create, params: { confirmation_token: '' } expect(flash[:error]).to eq t('errors.messages.confirmation_invalid_token') @@ -54,10 +39,6 @@ expect(@analytics).to receive(:track_event). with('User Registration: Email Confirmation', analytics_token_error_hash) - expect(@irs_attempts_api_tracker).to receive(:user_registration_email_confirmation).with( - **attempts_tracker_error_hash, - ) - get :create, params: { confirmation_token: "''" } expect(flash[:error]).to eq t('errors.messages.confirmation_invalid_token') @@ -68,10 +49,6 @@ expect(@analytics).to receive(:track_event). with('User Registration: Email Confirmation', analytics_token_error_hash) - expect(@irs_attempts_api_tracker).to receive(:user_registration_email_confirmation).with( - **attempts_tracker_error_hash, - ) - get :create, params: { confirmation_token: '""' } expect(flash[:error]).to eq t('errors.messages.confirmation_invalid_token') @@ -91,11 +68,6 @@ expect(@analytics).to receive(:track_event). with('User Registration: Email Confirmation', analytics_hash) - expect(@irs_attempts_api_tracker).to receive(:user_registration_email_confirmation).with( - email: email_address.email, - success: false, - ) - get :create, params: { confirmation_token: 'foo' } end @@ -120,11 +92,6 @@ expect(@analytics).to receive(:track_event). with('User Registration: Email Confirmation', analytics_hash) - expect(@irs_attempts_api_tracker).to receive(:user_registration_email_confirmation).with( - email: email_address.email, - success: false, - ) - get :create, params: { confirmation_token: 'foo' } expect(flash[:error]).to eq t('errors.messages.confirmation_period_expired') @@ -151,11 +118,6 @@ expect(@analytics).to receive(:track_event). with('User Registration: Email Confirmation', analytics_hash) - expect(@irs_attempts_api_tracker).to receive(:user_registration_email_confirmation).with( - email: email_address.email, - success: false, - ) - get :create, params: { confirmation_token: 'foo' } expect(flash[:error]).to eq t('errors.messages.confirmation_period_expired') @@ -213,7 +175,6 @@ user = email_address.user stub_analytics - stub_attempts_tracker analytics_hash = { success: true, @@ -225,11 +186,6 @@ expect(@analytics).to receive(:track_event). with('User Registration: Email Confirmation', analytics_hash) - expect(@irs_attempts_api_tracker).to receive(:user_registration_email_confirmation).with( - email: email_address.email, - success: true, - ) - get :create, params: { confirmation_token: 'foo' } end end diff --git a/spec/controllers/sign_up/passwords_controller_spec.rb b/spec/controllers/sign_up/passwords_controller_spec.rb index d6d509ecc22..13ab19211bd 100644 --- a/spec/controllers/sign_up/passwords_controller_spec.rb +++ b/spec/controllers/sign_up/passwords_controller_spec.rb @@ -30,7 +30,6 @@ before do stub_analytics - stub_attempts_tracker end it 'tracks analytics' do @@ -43,10 +42,6 @@ analytics_hash.merge({ request_id_present: false }), ) - expect(@irs_attempts_api_tracker).to receive(:user_registration_password_submitted). - with(success_properties) - expect(@irs_attempts_api_tracker).not_to receive(:user_registration_email_confirmation) - subject end @@ -64,7 +59,6 @@ before do stub_analytics - stub_attempts_tracker end context 'with a password that is too short' do @@ -72,12 +66,6 @@ let(:password_confirmation) { 'NewVal' } it 'tracks an invalid password event' do - expect(@irs_attempts_api_tracker).to receive(:user_registration_password_submitted). - with( - success: false, - ) - expect(@irs_attempts_api_tracker).not_to receive(:user_registration_email_confirmation) - subject expect(@analytics).to have_logged_event( diff --git a/spec/controllers/sign_up/registrations_controller_spec.rb b/spec/controllers/sign_up/registrations_controller_spec.rb index 8d68b8f6dfd..fa5d0994f7d 100644 --- a/spec/controllers/sign_up/registrations_controller_spec.rb +++ b/spec/controllers/sign_up/registrations_controller_spec.rb @@ -62,16 +62,10 @@ context 'when registering with a new email' do it 'tracks successful user registration' do stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) allow(subject).to receive(:create_user_event) - expect(@irs_attempts_api_tracker).to receive(:user_registration_email_submitted).with( - email: 'new@example.com', - **success_properties, - ) - post :create, params: { user: { email: 'new@example.com', terms_accepted: '1' } } user = User.find_with_email('new@example.com') @@ -124,7 +118,6 @@ existing_user = create(:user, email: 'test@example.com') stub_analytics - stub_attempts_tracker analytics_hash = { success: true, @@ -138,11 +131,6 @@ expect(@analytics).to receive(:track_event). with('User Registration: Email Submitted', analytics_hash) - expect(@irs_attempts_api_tracker).to receive(:user_registration_email_submitted).with( - email: 'TEST@example.com ', - **success_properties, - ) - expect(subject).to_not receive(:create_user_event) post :create, params: { user: { email: 'TEST@example.com ', terms_accepted: '1' } } @@ -151,7 +139,6 @@ it 'tracks unsuccessful user registration' do stub_analytics - stub_attempts_tracker analytics_hash = { success: false, @@ -166,12 +153,6 @@ expect(@analytics).to receive(:track_event). with('User Registration: Email Submitted', analytics_hash) - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :user_registration_email_submitted, - email: 'invalid@', - success: false, - ) - post :create, params: { user: { email: 'invalid@', request_id: '', terms_accepted: '1' } } end diff --git a/spec/controllers/two_factor_authentication/backup_code_verification_controller_spec.rb b/spec/controllers/two_factor_authentication/backup_code_verification_controller_spec.rb index 65df3035474..e86f49cc3fd 100644 --- a/spec/controllers/two_factor_authentication/backup_code_verification_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/backup_code_verification_controller_spec.rb @@ -26,10 +26,6 @@ freeze_time do sign_in_before_2fa(user) stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:mfa_login_backup_code, success: true) expect(controller).to receive(:handle_valid_verification_for_authentication_context). with(auth_method: TwoFactorAuthenticatable::AuthMethod::BACKUP_CODE). @@ -90,10 +86,6 @@ freeze_time do stub_sign_in_before_2fa(user) stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:mfa_login_backup_code, success: true) post :create, params: payload @@ -140,9 +132,6 @@ end it 'renders the show page' do - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:mfa_login_backup_code, success: false) post :create, params: payload expect(response).to render_template(:show) expect(flash[:error]).to eq t('two_factor_authentication.invalid_backup_code') @@ -158,9 +147,6 @@ end it 're-renders the backup code entry screen' do - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:mfa_login_backup_code, success: false) post :create, params: payload expect(response).to render_template(:show) @@ -175,13 +161,6 @@ user.save stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:mfa_login_backup_code, success: false) - - expect(@irs_attempts_api_tracker).to receive(:mfa_login_rate_limited). - with(mfa_device_type: 'backup_code') expect(PushNotification::HttpPush).to receive(:deliver). with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user)) diff --git a/spec/controllers/two_factor_authentication/otp_verification_controller_spec.rb b/spec/controllers/two_factor_authentication/otp_verification_controller_spec.rb index 0b2e8d4a6ab..dc18bd26fa1 100644 --- a/spec/controllers/two_factor_authentication/otp_verification_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/otp_verification_controller_spec.rb @@ -133,10 +133,6 @@ expect(controller.current_user.reload.second_factor_attempts_count).to eq 0 stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:mfa_login_phone_otp_submitted). - with({ reauthentication: false, success: false }) end it 'logs analytics' do @@ -218,17 +214,10 @@ controller.user_session[:mfa_selections] = ['sms'] stub_analytics - stub_attempts_tracker expect(PushNotification::HttpPush).to receive(:deliver). with(PushNotification::MfaLimitAccountLockedEvent.new(user: controller.current_user)) - expect(@irs_attempts_api_tracker).to receive(:mfa_login_phone_otp_submitted). - with({ reauthentication: false, success: false }) - - expect(@irs_attempts_api_tracker).to receive(:mfa_login_rate_limited). - with(mfa_device_type: 'otp') - post :create, params: { code: '12345', otp_delivery_preference: 'sms' } expect(@analytics).to have_logged_event( @@ -280,10 +269,6 @@ it 'tracks the valid authentication event' do stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:mfa_login_phone_otp_submitted). - with(reauthentication: false, success: true) expect(controller).to receive(:handle_valid_verification_for_authentication_context). with(auth_method: TwoFactorAuthenticatable::AuthMethod::SMS). @@ -413,10 +398,6 @@ describe 'when user submits an invalid OTP' do before do - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:mfa_login_phone_otp_submitted). - with({ reauthentication: false, success: false }) post :create, params: { code: '12345', otp_delivery_preference: 'sms' } end @@ -431,10 +412,6 @@ describe 'when user submits a valid OTP' do before do - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:mfa_login_phone_otp_submitted). - with({ reauthentication: false, success: true }) post :create, params: { code: subject.current_user.direct_otp, otp_delivery_preference: 'sms', @@ -465,7 +442,6 @@ controller.current_user.create_direct_otp stub_analytics - stub_attempts_tracker allow(controller).to receive(:create_user_event) @@ -508,9 +484,6 @@ controller.user_session[:phone_id] = phone_id - expect(@irs_attempts_api_tracker).to receive(:mfa_enroll_phone_otp_submitted). - with(success: true) - post( :create, params: { @@ -541,9 +514,6 @@ context 'user enters an invalid code' do before do - expect(@irs_attempts_api_tracker).to receive(:mfa_enroll_phone_otp_submitted). - with(success: false) - post( :create, params: { @@ -601,8 +571,6 @@ context 'user enters in valid code after invalid entry' do before do - expect(@irs_attempts_api_tracker).to receive(:mfa_enroll_phone_otp_submitted). - with(success: true) expect(subject.current_user.reload.second_factor_attempts_count).to eq 1 post( :create, @@ -616,21 +584,6 @@ expect(subject.current_user.reload.second_factor_attempts_count).to eq 0 end end - - context 'user has exceeded the maximum number of attempts' do - it 'tracks the attempt event' do - sign_in_before_2fa(user) - user.second_factor_attempts_count = - IdentityConfig.store.login_otp_confirmation_max_attempts - 1 - user.save - - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:mfa_enroll_rate_limited). - with(mfa_device_type: 'otp') - - post :create, params: { code: '12345', otp_delivery_preference: 'sms' } - end - end end context 'user does not include a code parameter' do diff --git a/spec/controllers/two_factor_authentication/personal_key_verification_controller_spec.rb b/spec/controllers/two_factor_authentication/personal_key_verification_controller_spec.rb index a244e28ee70..a301963c897 100644 --- a/spec/controllers/two_factor_authentication/personal_key_verification_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/personal_key_verification_controller_spec.rb @@ -202,10 +202,6 @@ personal_key_generated_at = controller.current_user. encrypted_recovery_code_digest_generated_at stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:mfa_login_rate_limited). - with(mfa_device_type: 'personal_key') expect(PushNotification::HttpPush).to receive(:deliver). with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user)) diff --git a/spec/controllers/two_factor_authentication/piv_cac_verification_controller_spec.rb b/spec/controllers/two_factor_authentication/piv_cac_verification_controller_spec.rb index 4e0a56e92a2..33fbea30594 100644 --- a/spec/controllers/two_factor_authentication/piv_cac_verification_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/piv_cac_verification_controller_spec.rb @@ -102,14 +102,8 @@ it 'tracks the valid authentication event' do stub_analytics - stub_attempts_tracker cfg = controller.current_user.piv_cac_configurations.first - expect(@irs_attempts_api_tracker).to receive(:mfa_login_piv_cac).with( - success: true, - subject_dn: x509_subject, - ) - expect(controller).to receive(:handle_valid_verification_for_authentication_context). with(auth_method: TwoFactorAuthenticatable::AuthMethod::PIV_CAC). and_call_original @@ -237,18 +231,9 @@ stub_sign_in_before_2fa(user) stub_analytics - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:mfa_login_rate_limited). - with(mfa_device_type: 'piv_cac') piv_cac_mismatch = { type: 'user.piv_cac_mismatch' } - expect(@irs_attempts_api_tracker).to receive(:mfa_login_piv_cac).with( - success: false, - subject_dn: bad_dn, - ) - expect(PushNotification::HttpPush).to receive(:deliver). with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user)) diff --git a/spec/controllers/two_factor_authentication/totp_verification_controller_spec.rb b/spec/controllers/two_factor_authentication/totp_verification_controller_spec.rb index e2ec77add5c..2df287303c0 100644 --- a/spec/controllers/two_factor_authentication/totp_verification_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/totp_verification_controller_spec.rb @@ -3,7 +3,6 @@ RSpec.describe TwoFactorAuthentication::TotpVerificationController do before do stub_analytics - stub_attempts_tracker end describe '#create' do @@ -45,8 +44,6 @@ it 'tracks the valid authentication event' do cfg = controller.current_user.auth_app_configurations.first - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:mfa_login_totp, success: true) expect(controller).to receive(:handle_valid_verification_for_authentication_context). with(auth_method: TwoFactorAuthenticatable::AuthMethod::TOTP). and_call_original @@ -167,12 +164,6 @@ @secret = user.generate_totp_secret Db::AuthAppConfiguration.create(user, @secret, nil, 'foo') - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:mfa_login_totp, success: false) - - expect(@irs_attempts_api_tracker).to receive(:mfa_login_rate_limited). - with(mfa_device_type: 'totp') - expect(PushNotification::HttpPush).to receive(:deliver). with(PushNotification::MfaLimitAccountLockedEvent.new(user: subject.current_user)) diff --git a/spec/controllers/two_factor_authentication/webauthn_verification_controller_spec.rb b/spec/controllers/two_factor_authentication/webauthn_verification_controller_spec.rb index 7d1ecf24292..35c576ddcbf 100644 --- a/spec/controllers/two_factor_authentication/webauthn_verification_controller_spec.rb +++ b/spec/controllers/two_factor_authentication/webauthn_verification_controller_spec.rb @@ -26,7 +26,6 @@ before do stub_analytics - stub_attempts_tracker sign_in_before_2fa(user) end @@ -41,7 +40,6 @@ before do allow(@analytics).to receive(:track_event) - allow(@irs_attempts_api_tracker).to receive(:track_event) end it 'tracks an analytics event' do @@ -139,10 +137,6 @@ end it 'tracks a valid submission' do - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :mfa_login_webauthn_roaming, - success: true, - ) expect(controller).to receive(:handle_valid_verification_for_authentication_context). with(auth_method: TwoFactorAuthenticatable::AuthMethod::WEBAUTHN). and_call_original @@ -204,11 +198,6 @@ end it 'tracks a valid submission' do - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :mfa_login_webauthn_platform, - success: true, - ) - freeze_time do patch :confirm, params: params expect(subject.user_session[:auth_events]).to eq( diff --git a/spec/controllers/users/backup_code_setup_controller_spec.rb b/spec/controllers/users/backup_code_setup_controller_spec.rb index 20934de2c76..80f446a1798 100644 --- a/spec/controllers/users/backup_code_setup_controller_spec.rb +++ b/spec/controllers/users/backup_code_setup_controller_spec.rb @@ -17,7 +17,6 @@ shared_examples 'valid backup codes creation' do it 'creates backup codes and logs expected events' do stub_analytics - stub_attempts_tracker allow(controller).to receive(:in_multi_mfa_selection_flow?).and_return(true) Funnel::Registration::AddMfa.call(user.id, 'phone', @analytics) diff --git a/spec/controllers/users/delete_controller_spec.rb b/spec/controllers/users/delete_controller_spec.rb index e61186248db..c5c4d113907 100644 --- a/spec/controllers/users/delete_controller_spec.rb +++ b/spec/controllers/users/delete_controller_spec.rb @@ -45,13 +45,10 @@ it 'logs a failed submit' do stub_analytics - stub_attempts_tracker stub_signed_in_user expect(@analytics).to receive(:track_event). with('Account Delete submitted', success: false) - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:logged_in_account_purged, success: false) delete end @@ -86,13 +83,10 @@ it 'logs a succesful submit' do stub_analytics - stub_attempts_tracker stub_signed_in_user expect(@analytics).to receive(:track_event). with('Account Delete submitted', success: true) - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:logged_in_account_purged, success: true) delete end diff --git a/spec/controllers/users/passwords_controller_spec.rb b/spec/controllers/users/passwords_controller_spec.rb index 5a6047469cc..11979e97f11 100644 --- a/spec/controllers/users/passwords_controller_spec.rb +++ b/spec/controllers/users/passwords_controller_spec.rb @@ -18,12 +18,8 @@ it 'redirects to profile and sends a password change email' do stub_sign_in stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) - expect(@irs_attempts_api_tracker).to receive(:logged_in_password_change). - with(success: true) - params = { password: 'salty new password', password_confirmation: 'salty new password', @@ -136,15 +132,10 @@ before do stub_sign_in stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) end it 'renders edit' do - expect(@irs_attempts_api_tracker).to receive(:logged_in_password_change).with( - success: false, - ) - patch :update, params: { update_user_password_form: params } expect(@analytics).to have_received(:track_event).with( @@ -188,15 +179,10 @@ before do stub_sign_in stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) end it 'renders edit' do - expect(@irs_attempts_api_tracker).to receive(:logged_in_password_change).with( - success: false, - ) - patch :update, params: { update_user_password_form: params } expect(@analytics).to have_received(:track_event).with( diff --git a/spec/controllers/users/piv_cac_authentication_setup_controller_spec.rb b/spec/controllers/users/piv_cac_authentication_setup_controller_spec.rb index 004e74474f2..57f10b8d948 100644 --- a/spec/controllers/users/piv_cac_authentication_setup_controller_spec.rb +++ b/spec/controllers/users/piv_cac_authentication_setup_controller_spec.rb @@ -112,13 +112,6 @@ context 'with no additional MFAs chosen on setup' do let(:mfa_selections) { ['piv_cac'] } it 'redirects to suggest 2nd MFA page' do - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :mfa_enroll_piv_cac, - success: true, - subject_dn: 'some dn', - ) - get :new, params: { token: good_token } expect(response).to redirect_to(auth_method_confirmation_url) end @@ -135,13 +128,6 @@ end it 'sets the session to not require piv setup upon sign-in' do - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :mfa_enroll_piv_cac, - success: true, - subject_dn: 'some dn', - ) - get :new, params: { token: good_token } expect(subject.session[:needs_to_setup_piv_cac_after_sign_in]).to eq false @@ -150,25 +136,11 @@ context 'with additional MFAs leftover' do it 'redirects to Mfa Confirmation page' do - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :mfa_enroll_piv_cac, - success: true, - subject_dn: 'some dn', - ) - get :new, params: { token: good_token } expect(response).to redirect_to(phone_setup_url) end it 'sets the piv/cac session information' do - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :mfa_enroll_piv_cac, - success: true, - subject_dn: 'some dn', - ) - get :new, params: { token: good_token } json = { 'subject' => 'some dn', @@ -189,13 +161,6 @@ context 'when redirected with an error token' do it 'renders the error template' do - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :mfa_enroll_piv_cac, - success: false, - subject_dn: nil, - ) - get :new, params: { token: bad_token } expect(response).to redirect_to setup_piv_cac_error_path(error: 'certificate.bad') end diff --git a/spec/controllers/users/piv_cac_login_controller_spec.rb b/spec/controllers/users/piv_cac_login_controller_spec.rb index 859cbdc7c45..75c99da9d05 100644 --- a/spec/controllers/users/piv_cac_login_controller_spec.rb +++ b/spec/controllers/users/piv_cac_login_controller_spec.rb @@ -149,8 +149,9 @@ ) end - it 'sets new device session value' do - expect(controller).to receive(:set_new_device_session) + it 'sets and then unsets new device session value' do + expect(controller).to receive(:set_new_device_session).with(nil).ordered + expect(controller).to receive(:set_new_device_session).with(false).ordered response end diff --git a/spec/controllers/users/reset_passwords_controller_spec.rb b/spec/controllers/users/reset_passwords_controller_spec.rb index 6e190c4a60b..49656ea8051 100644 --- a/spec/controllers/users/reset_passwords_controller_spec.rb +++ b/spec/controllers/users/reset_passwords_controller_spec.rb @@ -10,7 +10,6 @@ let(:email_address) { instance_double('EmailAddress') } before do stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) end @@ -37,10 +36,6 @@ end it 'redirects to page where user enters email for password reset token' do - expect(@irs_attempts_api_tracker).to receive(:forgot_password_email_confirmed).with( - success: false, - ) - get :edit expect(@analytics).to have_received(:track_event). @@ -86,10 +81,6 @@ end it 'redirects to page where user enters email for password reset token' do - expect(@irs_attempts_api_tracker).to receive(:forgot_password_email_confirmed).with( - success: false, - ) - get :edit expect(@analytics).to have_received(:track_event). @@ -116,10 +107,6 @@ end it 'redirects to page where user enters email for password reset token' do - expect(@irs_attempts_api_tracker).to receive(:forgot_password_email_confirmed).with( - success: false, - ) - get :edit expect(@analytics).to have_received(:track_event). @@ -148,10 +135,6 @@ allow(ForbiddenPasswords).to receive(:new).with(email_address.email).and_return(forbidden) expect(forbidden).to receive(:call) - expect(@irs_attempts_api_tracker).to receive(:forgot_password_email_confirmed).with( - success_properties, - ) - get :edit expect(response).to render_template :edit @@ -186,13 +169,8 @@ context 'user submits new password after token expires' do it 'redirects to page where user enters email for password reset token' do stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) - expect(@irs_attempts_api_tracker).to receive(:forgot_password_new_password_submitted).with( - success: false, - ) - raw_reset_token, db_confirmation_token = Devise.token_generator.generate(User, :reset_password_token) user = create( @@ -245,7 +223,6 @@ it 'renders edit' do stub_analytics - stub_attempts_tracker raw_reset_token, db_confirmation_token = Devise.token_generator.generate(User, :reset_password_token) @@ -281,9 +258,6 @@ expect(@analytics).to receive(:track_event). with('Password Reset: Password Submitted', analytics_hash) - expect(@irs_attempts_api_tracker).to receive(:forgot_password_new_password_submitted).with( - success: false, - ) put :update, params: { reset_password_form: form_params } @@ -298,7 +272,6 @@ it 'renders edit' do stub_analytics - stub_attempts_tracker raw_reset_token, db_confirmation_token = Devise.token_generator.generate(User, :reset_password_token) @@ -329,9 +302,6 @@ expect(@analytics).to receive(:track_event). with('Password Reset: Password Submitted', analytics_hash) - expect(@irs_attempts_api_tracker).to receive(:forgot_password_new_password_submitted).with( - success: false, - ) put :update, params: { reset_password_form: form_params } @@ -371,7 +341,6 @@ it 'redirects to sign in page' do stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) raw_reset_token, db_confirmation_token = @@ -392,10 +361,6 @@ stub_user_mailer(user) - expect(@irs_attempts_api_tracker).to receive( - :forgot_password_new_password_submitted, - ).with(success_properties) - params = { password: password, password_confirmation: password, @@ -431,7 +396,6 @@ it 'deactivates the active profile and redirects' do stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) raw_reset_token, db_confirmation_token = @@ -448,10 +412,6 @@ stub_user_mailer(user) - expect(@irs_attempts_api_tracker).to receive(:forgot_password_new_password_submitted).with( - success_properties, - ) - get :edit, params: { reset_password_token: raw_reset_token } params = { password: password, @@ -483,7 +443,6 @@ it 'confirms the user' do stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) raw_reset_token, db_confirmation_token = @@ -501,10 +460,6 @@ stub_user_mailer(user) - expect(@irs_attempts_api_tracker).to receive(:forgot_password_new_password_submitted).with( - success_properties, - ) - params = { password: password, password_confirmation: password, @@ -579,15 +534,10 @@ before do stub_analytics - stub_attempts_tracker allow(@analytics).to receive(:track_event) end it 'sends password reset email to user and tracks event' do - expect(@irs_attempts_api_tracker).to receive(:forgot_password_email_sent).with( - **email_param, - ) - expect do put :create, params: { password_reset_email_form: email_param } end.to change { ActionMailer::Base.deliveries.count }.by(1) @@ -639,7 +589,6 @@ context 'user is verified' do it 'captures in analytics that the user was verified' do stub_analytics - stub_attempts_tracker user = create(:user, :fully_registered) create(:profile, :active, :verified, user: user) @@ -655,9 +604,6 @@ expect(@analytics).to receive(:track_event). with('Password Reset: Email Submitted', analytics_hash) - expect(@irs_attempts_api_tracker).to receive(:forgot_password_email_sent).with( - email: user.email, - ) params = { password_reset_email_form: { email: user.email } } put :create, params: params diff --git a/spec/controllers/users/sessions_controller_spec.rb b/spec/controllers/users/sessions_controller_spec.rb index 561746547d1..6a9f029888a 100644 --- a/spec/controllers/users/sessions_controller_spec.rb +++ b/spec/controllers/users/sessions_controller_spec.rb @@ -18,7 +18,6 @@ describe 'DELETE /logout' do it 'tracks a logout event' do stub_analytics - stub_attempts_tracker expect(@analytics).to receive(:track_event).with( 'Logout Initiated', hash_including( @@ -29,10 +28,6 @@ sign_in_as_user - expect(@irs_attempts_api_tracker).to receive(:logout_initiated).with( - success: true, - ) - delete :destroy expect(controller.current_user).to be nil end @@ -50,7 +45,6 @@ it 'tracks the successful authentication for existing user' do stub_analytics - stub_attempts_tracker response @@ -72,7 +66,7 @@ end it 'sets new device session value' do - expect(controller).to receive(:set_new_device_session) + expect(controller).to receive(:set_new_device_session).with(nil) response end @@ -164,13 +158,6 @@ allow(subject).to receive(:session_bad_password_count_max_exceeded?).and_return(true) mock_email_parameter = { email: 'bob@example.com' } - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:login_email_and_password_auth). - with({ **mock_email_parameter, success: false }) - expect(@irs_attempts_api_tracker).to receive(:login_rate_limited). - with(mock_email_parameter) - post :create, params: { user: { **mock_email_parameter, password: 'eatCake!' } } end diff --git a/spec/controllers/users/totp_setup_controller_spec.rb b/spec/controllers/users/totp_setup_controller_spec.rb index 3b5b1304600..3ab67453d88 100644 --- a/spec/controllers/users/totp_setup_controller_spec.rb +++ b/spec/controllers/users/totp_setup_controller_spec.rb @@ -97,8 +97,6 @@ stub_sign_in(user) stub_analytics allow(@analytics).to receive(:track_event) - stub_attempts_tracker - allow(@irs_attempts_api_tracker).to receive(:track_event) subject.user_session[:new_totp_secret] = 'abcdehij' patch :confirm, params: { name: name, code: 123 } @@ -122,9 +120,6 @@ expect(@analytics).to have_received(:track_event). with('Multi-Factor Authentication Setup', result) - - expect(@irs_attempts_api_tracker).to have_received(:track_event). - with(:mfa_enroll_totp, success: false) end end @@ -135,8 +130,6 @@ stub_sign_in(user) stub_analytics allow(@analytics).to receive(:track_event) - stub_attempts_tracker - allow(@irs_attempts_api_tracker).to receive(:track_event) subject.user_session[:new_totp_secret] = secret patch :confirm, params: { name: name, code: generate_totp_code(secret) } @@ -159,9 +152,6 @@ expect(@analytics).to have_received(:track_event). with('Multi-Factor Authentication Setup', result) - - expect(@irs_attempts_api_tracker).to have_received(:track_event). - with(:mfa_enroll_totp, success: true) end end @@ -172,8 +162,6 @@ stub_sign_in(user) stub_analytics allow(@analytics).to receive(:track_event) - stub_attempts_tracker - allow(@irs_attempts_api_tracker).to receive(:track_event) subject.user_session[:new_totp_secret] = secret patch :confirm, params: { name: name } @@ -197,9 +185,6 @@ expect(@analytics).to have_received(:track_event). with('Multi-Factor Authentication Setup', result) - - expect(@irs_attempts_api_tracker).to have_received(:track_event). - with(:mfa_enroll_totp, success: false) end end @@ -210,8 +195,6 @@ stub_sign_in(user) stub_analytics allow(@analytics).to receive(:track_event) - stub_attempts_tracker - allow(@irs_attempts_api_tracker).to receive(:track_event) subject.user_session[:new_totp_secret] = secret patch :confirm, params: { code: generate_totp_code(secret) } @@ -236,9 +219,6 @@ expect(@analytics).to have_received(:track_event). with('Multi-Factor Authentication Setup', result) - - expect(@irs_attempts_api_tracker).to have_received(:track_event). - with(:mfa_enroll_totp, success: false) end end end @@ -249,8 +229,6 @@ stub_sign_in_before_2fa stub_analytics allow(@analytics).to receive(:track_event) - stub_attempts_tracker - allow(@irs_attempts_api_tracker).to receive(:track_event) subject.user_session[:new_totp_secret] = 'abcdehij' patch :confirm, params: { name: name, code: 123 } @@ -273,9 +251,6 @@ } expect(@analytics).to have_received(:track_event). with('Multi-Factor Authentication Setup', result) - - expect(@irs_attempts_api_tracker).to have_received(:track_event). - with(:mfa_enroll_totp, success: false) end end @@ -286,8 +261,6 @@ stub_sign_in_before_2fa stub_analytics allow(@analytics).to receive(:track_event) - stub_attempts_tracker - allow(@irs_attempts_api_tracker).to receive(:track_event) subject.user_session[:new_totp_secret] = secret subject.user_session[:mfa_selections] = mfa_selections subject.user_session[:in_account_creation_flow] = true @@ -313,9 +286,6 @@ expect(@analytics).to have_received(:track_event). with('Multi-Factor Authentication Setup', result) - - expect(@irs_attempts_api_tracker).to have_received(:track_event). - with(:mfa_enroll_totp, success: true) end end @@ -338,9 +308,6 @@ expect(@analytics).to have_received(:track_event). with('Multi-Factor Authentication Setup', result) - - expect(@irs_attempts_api_tracker).to have_received(:track_event). - with(:mfa_enroll_totp, success: true) end end end @@ -350,8 +317,6 @@ stub_sign_in_before_2fa stub_analytics allow(@analytics).to receive(:track_event) - stub_attempts_tracker - allow(@irs_attempts_api_tracker).to receive(:track_event) patch :confirm, params: { name: name, code: 123 } end @@ -374,9 +339,6 @@ expect(@analytics).to have_received(:track_event). with('Multi-Factor Authentication Setup', result) - - expect(@irs_attempts_api_tracker).to have_received(:track_event). - with(:mfa_enroll_totp, success: false) end end end diff --git a/spec/controllers/users/two_factor_authentication_controller_spec.rb b/spec/controllers/users/two_factor_authentication_controller_spec.rb index 067fcd2d695..3e34dd01523 100644 --- a/spec/controllers/users/two_factor_authentication_controller_spec.rb +++ b/spec/controllers/users/two_factor_authentication_controller_spec.rb @@ -349,14 +349,6 @@ def index } end - it 'tracks the verification attempt event' do - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:mfa_login_phone_otp_sent). - with(reauthentication: false, **success_parameters) - - get :send_code, params: otp_delivery_form_sms - end - it 'calls OtpRateLimiter#exceeded_otp_send_limit? and #increment' do otp_rate_limiter = instance_double(OtpRateLimiter) allow(OtpRateLimiter).to receive(:new). @@ -376,10 +368,6 @@ def index allow(OtpRateLimiter).to receive(:exceeded_otp_send_limit?). and_return(true) - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:mfa_login_phone_otp_sent_rate_limited). - with(**valid_phone_number) - freeze_time do (IdentityConfig.store.otp_delivery_blocklist_maxretry + 1).times do get :send_code, params: { @@ -440,15 +428,6 @@ def index get :send_code, params: otp_delivery_form_sms end - - it 'tracks the attempt event with failure reason' do - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:mfa_login_phone_otp_sent). - with(reauthentication: false, **default_parameters, success: false) - - get :send_code, params: otp_delivery_form_sms - end end context 'when Pinpoint throws an opt-out error' do @@ -595,50 +574,6 @@ def index ) end - it 'sends a 6-digit OTP when the idv_ten_digit_otp A/B test is in progress' do - stub_const( - 'AbTests::IDV_TEN_DIGIT_OTP', - FakeAbTestBucket.new.tap { |ab| ab.assign(@user.uuid => :ten_digit_otp) }, - ) - - sign_in_before_2fa(@user) - subject.user_session[:context] = 'confirmation' - subject.user_session[:unconfirmed_phone] = @unconfirmed_phone - parsed_phone = Phonelib.parse(@unconfirmed_phone) - - allow(Telephony).to receive(:send_confirmation_otp).and_call_original - - get :send_code, params: otp_delivery_form_sms - - expect(Telephony).to have_received(:send_confirmation_otp).with( - otp: subject.current_user.direct_otp, - to: @unconfirmed_phone, - expiration: 10, - channel: :sms, - otp_format: 'digit', - otp_length: '6', - domain: IdentityConfig.store.domain_name, - country_code: 'US', - extra_metadata: { - area_code: parsed_phone.area_code, - phone_fingerprint: Pii::Fingerprinter.fingerprint(parsed_phone.e164), - resend: nil, - }, - ) - end - - it 'tracks the enrollment attempt event' do - sign_in_before_2fa(@user) - subject.user_session[:context] = 'confirmation' - subject.user_session[:unconfirmed_phone] = @unconfirmed_phone - - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:mfa_enroll_phone_otp_sent). - with({ phone_number: '+12025551213', success: true, otp_delivery_method: 'sms' }) - - get :send_code, params: otp_delivery_form_sms - end - it 'rate limits confirmation OTPs on sign up' do parsed_phone = Phonelib.parse(@unconfirmed_phone) stub_analytics @@ -720,10 +655,6 @@ def index allow(OtpRateLimiter).to receive(:exceeded_otp_send_limit?). and_return(true) - stub_attempts_tracker - expect(@irs_attempts_api_tracker).to receive(:mfa_enroll_phone_otp_sent_rate_limited). - with(phone_number: '+12025551213') - freeze_time do (IdentityConfig.store.otp_delivery_blocklist_maxretry + 1).times do get :send_code, params: { diff --git a/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb b/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb index 8f1f6534d1b..b97b84cf3e3 100644 --- a/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb +++ b/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb @@ -146,21 +146,6 @@ } end - it 'tracks IRS attempts event' do - stub_sign_in_before_2fa - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:track_event). - with(:mfa_enroll_options_selected, success: true, - mfa_device_types: ['voice', 'auth_app']) - - patch :create, params: { - two_factor_options_form: { - selection: ['voice', 'auth_app'], - }, - } - end - context 'when multi selection with phone first' do it 'redirects properly' do stub_sign_in_before_2fa diff --git a/spec/controllers/users/verify_password_controller_spec.rb b/spec/controllers/users/verify_password_controller_spec.rb index 56c165e66a4..c03e1bee6d0 100644 --- a/spec/controllers/users/verify_password_controller_spec.rb +++ b/spec/controllers/users/verify_password_controller_spec.rb @@ -64,11 +64,6 @@ let(:user_params) { { user: { password: user.password } } } before do - stub_attempts_tracker - allow(@irs_attempts_api_tracker).to receive( - :logged_in_profile_change_reauthentication_submitted, - ) - allow(@irs_attempts_api_tracker).to receive(:idv_personal_key_generated) expect(controller).to receive(:verify_password_form).and_return(form) end @@ -87,13 +82,6 @@ ) end - it 'tracks the appropriate attempts api events' do - expect(@irs_attempts_api_tracker).to have_received( - :logged_in_profile_change_reauthentication_submitted, - ).with({ success: true }) - expect(@irs_attempts_api_tracker).to have_received(:idv_personal_key_generated) - end - it 'redirects to the manage personal key page' do expect(response).to redirect_to(manage_personal_key_url) end @@ -121,13 +109,6 @@ ) end - it 'tracks the appropriate attempts api event' do - expect(@irs_attempts_api_tracker).to have_received( - :logged_in_profile_change_reauthentication_submitted, - ).with({ success: false }) - expect(@irs_attempts_api_tracker).not_to have_received(:idv_personal_key_generated) - end - it 'renders the new template' do expect(response).to render_template(:new) end diff --git a/spec/controllers/users/verify_personal_key_controller_spec.rb b/spec/controllers/users/verify_personal_key_controller_spec.rb index b23c536d6bd..06ebf314b71 100644 --- a/spec/controllers/users/verify_personal_key_controller_spec.rb +++ b/spec/controllers/users/verify_personal_key_controller_spec.rb @@ -54,7 +54,6 @@ it 'renders rate limited page' do stub_analytics - stub_attempts_tracker expect(@analytics).to receive(:track_event).with( 'Personal key reactivation: Personal key form visited', ).once @@ -63,8 +62,6 @@ limiter_type: :verify_personal_key, ).once - expect(@irs_attempts_api_tracker).to receive(:personal_key_reactivation_rate_limited) - get :new expect(response).to render_template(:rate_limited) @@ -122,18 +119,6 @@ expect(subject.reactivate_account_session.validated_personal_key?).to eq(true) end - - it 'tracks irs attempts api for relevant users' do - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:personal_key_reactivation_submitted).with( - success: true, - ).once - - post :create, params: { personal_key: profiles.first.personal_key } - - expect(subject.reactivate_account_session.validated_personal_key?).to eq(true) - end end context 'with an invalid form' do @@ -147,24 +132,11 @@ post :create, params: personal_key_bad_params expect(response).to redirect_to(verify_personal_key_url) end - - it 'tracks irs attempts api for relevant users' do - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:personal_key_reactivation_submitted).with( - failure_properties, - ).once - - allow_any_instance_of(VerifyPersonalKeyForm).to receive(:submit).and_return(response_bad) - - post :create, params: personal_key_bad_params - end end context 'with rate limit reached' do it 'renders rate limited page' do stub_analytics - stub_attempts_tracker expect(@analytics).to receive(:track_event).with( 'Personal key reactivation: Personal key form submitted', errors: { personal_key: ['Please fill in this field.', error_text] }, @@ -177,25 +149,11 @@ limiter_type: :verify_personal_key, ).once - expect(@irs_attempts_api_tracker).to receive(:personal_key_reactivation_rate_limited).once - max_attempts = RateLimiter.max_attempts(:verify_personal_key) max_attempts.times { post :create, params: personal_key_bad_params } expect(response).to render_template(:rate_limited) end - - it 'tracks irs attempts api for relevant users' do - stub_attempts_tracker - - expect(@irs_attempts_api_tracker).to receive(:personal_key_reactivation_submitted).with( - failure_properties, - ).once - - allow_any_instance_of(VerifyPersonalKeyForm).to receive(:submit).and_return(response_bad) - - post :create, params: personal_key_bad_params - end end end end diff --git a/spec/controllers/users/webauthn_setup_controller_spec.rb b/spec/controllers/users/webauthn_setup_controller_spec.rb index f557fa8f315..fe5ccd85d8d 100644 --- a/spec/controllers/users/webauthn_setup_controller_spec.rb +++ b/spec/controllers/users/webauthn_setup_controller_spec.rb @@ -46,7 +46,6 @@ it 'tracks page visit' do stub_sign_in stub_analytics - stub_attempts_tracker expect(@analytics).to receive(:track_event). with( @@ -56,7 +55,6 @@ in_account_creation_flow: false, ) - expect(@irs_attempts_api_tracker).not_to receive(:track_event) expect(controller.send(:mobile?)).to be false get :new @@ -149,7 +147,6 @@ before do stub_analytics - stub_attempts_tracker stub_sign_in(user) allow(IdentityConfig.store).to receive(:domain_name).and_return('localhost:3000') request.host = 'localhost:3000' @@ -263,10 +260,6 @@ success: true, ) - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :mfa_enroll_webauthn_roaming, success: true - ) - patch :confirm, params: params end end @@ -326,10 +319,6 @@ }, ) - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :mfa_enroll_webauthn_platform, success: true - ) - patch :confirm, params: params end @@ -376,10 +365,6 @@ }, ) - expect(@irs_attempts_api_tracker).to receive(:track_event).with( - :mfa_enroll_webauthn_platform, success: false - ) - patch :confirm, params: params end end diff --git a/spec/factories/service_providers.rb b/spec/factories/service_providers.rb index 7e524900cca..374ead06d24 100644 --- a/spec/factories/service_providers.rb +++ b/spec/factories/service_providers.rb @@ -48,14 +48,6 @@ redirect_uris { ['http://localhost:7654/auth/result'] } end - trait :irs do - friendly_name { 'An IRS Service Provider' } - ial { 2 } - active { true } - irs_attempts_api_enabled { true } - redirect_uris { ['http://localhost:7654/auth/result'] } - end - factory :service_provider_without_help_text, traits: [:without_help_text] trait :internal do diff --git a/spec/features/account_reset/delete_account_spec.rb b/spec/features/account_reset/delete_account_spec.rb index 53a3aa545e9..617ee09ef89 100644 --- a/spec/features/account_reset/delete_account_spec.rb +++ b/spec/features/account_reset/delete_account_spec.rb @@ -4,7 +4,6 @@ allowed_extra_analytics: [:*] do include PushNotificationsHelper include OidcAuthHelper - include IrsAttemptsApiTrackingHelper let(:user) { create(:user, :fully_registered) } let(:user_email) { user.email_addresses.first.email } @@ -16,7 +15,6 @@ active: true, redirect_uris: ['http://localhost:7654/auth/result'], ial: 2, - irs_attempts_api_enabled: true, ) end diff --git a/spec/features/ialmax/saml_sign_in_spec.rb b/spec/features/ialmax/saml_sign_in_spec.rb index 9111adfb23e..cf6aa2a6545 100644 --- a/spec/features/ialmax/saml_sign_in_spec.rb +++ b/spec/features/ialmax/saml_sign_in_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.feature 'SAML IALMAX sign in', allowed_extra_analytics: [:*] do +RSpec.feature 'SAML IALMAX sign in' do include SamlAuthHelper context 'with an ial2 SP' do diff --git a/spec/features/idv/analytics_spec.rb b/spec/features/idv/analytics_spec.rb index 7c7382c2ac3..c0debcc985c 100644 --- a/spec/features/idv/analytics_spec.rb +++ b/spec/features/idv/analytics_spec.rb @@ -44,28 +44,28 @@ proofing_components: nil }, 'IdV: doc auth welcome visited' => { - step: 'welcome', analytics_id: 'Doc Auth', irs_reproofing: false, skip_hybrid_handoff: nil, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'welcome', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil }, 'IdV: doc auth welcome submitted' => { - step: 'welcome', analytics_id: 'Doc Auth', irs_reproofing: false, skip_hybrid_handoff: nil, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'welcome', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil }, 'IdV: doc auth agreement visited' => { - step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, acuant_sdk_upgrade_ab_test_bucket: :default }, 'IdV: consent checkbox toggled' => { checked: true, }, 'IdV: doc auth agreement submitted' => { - success: true, errors: {}, step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + success: true, errors: {}, step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, acuant_sdk_upgrade_ab_test_bucket: :default }, 'IdV: doc auth hybrid handoff visited' => { - step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, selfie_check_required: boolean + step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, selfie_check_required: boolean }, 'IdV: doc auth hybrid handoff submitted' => { - success: true, errors: {}, destination: :document_capture, flow_path: 'standard', step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, selfie_check_required: boolean + success: true, errors: {}, destination: :document_capture, flow_path: 'standard', step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, selfie_check_required: boolean }, 'IdV: doc auth document_capture visited' => { - flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, selfie_check_required: boolean, liveness_checking_required: boolean + flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, selfie_check_required: boolean, liveness_checking_required: boolean }, 'Frontend: IdV: front image added' => { width: 284, height: 38, mimeType: 'image/png', source: 'upload', size: 3694, captureAttempts: 1, flow_path: 'standard', acuant_sdk_upgrade_a_b_testing_enabled: 'false', use_alternate_sdk: anything, acuant_version: kind_of(String), acuantCaptureMode: nil, fingerprint: anything, failedImageResubmission: boolean, documentType: nil, dpi: nil, glare: nil, glareScoreThreshold: nil, isAssessedAsBlurry: nil, isAssessedAsGlare: nil, isAssessedAsUnsupported: nil, moire: nil, sharpness: nil, sharpnessScoreThreshold: nil, assessment: nil, liveness_checking_required: boolean @@ -81,31 +81,31 @@ success: true, errors: {}, user_id: user.uuid, submit_attempts: 1, remaining_submit_attempts: 3, flow_path: 'standard', attention_with_barcode: false, front_image_fingerprint: an_instance_of(String), back_image_fingerprint: an_instance_of(String), selfie_image_fingerprint: nil, liveness_checking_required: boolean, classification_info: {}, id_issued_status: 'present', id_expiration_status: 'present' }, 'IdV: doc auth document_capture submitted' => { - success: true, errors: {}, flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, selfie_check_required: boolean, liveness_checking_required: boolean + success: true, errors: {}, flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, selfie_check_required: boolean, liveness_checking_required: boolean }, 'IdV: doc auth ssn visited' => { - flow_path: 'standard', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false + flow_path: 'standard', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth' }, 'IdV: doc auth ssn submitted' => { - success: true, errors: {}, flow_path: 'standard', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false + success: true, errors: {}, flow_path: 'standard', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth' }, 'IdV: doc auth verify visited' => { - flow_path: 'standard', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false + flow_path: 'standard', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth' }, 'IdV: doc auth verify submitted' => { - flow_path: 'standard', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false + flow_path: 'standard', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth' }, 'IdV: doc auth verify proofing results' => { - success: true, errors: {}, flow_path: 'standard', address_edited: false, address_line2_present: false, analytics_id: 'Doc Auth', ssn_is_unique: true, step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, irs_reproofing: false, skip_hybrid_handoff: nil, + success: true, errors: {}, flow_path: 'standard', address_edited: false, address_line2_present: false, analytics_id: 'Doc Auth', ssn_is_unique: true, step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, proofing_results: { exception: nil, timed_out: false, threatmetrix_review_status: 'pass', context: { device_profiling_adjudication_reason: 'device_profiling_result_pass', resolution_adjudication_reason: 'pass_resolution_and_state_id', should_proof_state_id: true, stages: { resolution: { success: true, errors: {}, exception: nil, timed_out: false, transaction_id: 'resolution-mock-transaction-id-123', reference: 'aaa-bbb-ccc', can_pass_with_additional_verification: false, attributes_requiring_additional_verification: [], vendor_name: 'ResolutionMock', vendor_workflow: nil }, residential_address: { attributes_requiring_additional_verification: [], can_pass_with_additional_verification: false, errors: {}, exception: nil, reference: '', success: true, timed_out: false, transaction_id: '', vendor_name: 'ResidentialAddressNotRequired', vendor_workflow: nil }, state_id: { success: true, errors: {}, exception: nil, mva_exception: nil, requested_attributes: {}, timed_out: false, transaction_id: 'state-id-mock-transaction-id-456', vendor_name: 'StateIdMock', verified_attributes: [], state: 'MT', state_id_jurisdiction: 'ND', state_id_number: '#############' }, threatmetrix: threatmetrix_response } } } }, 'IdV: phone of record visited' => { - acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, + acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass' } }, 'IdV: phone confirmation form' => { - success: true, errors: {}, phone_type: :mobile, types: [:fixed_or_mobile], carrier: 'Test Mobile Carrier', country_code: 'US', area_code: '202', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, otp_delivery_preference: 'sms', + success: true, errors: {}, phone_type: :mobile, types: [:fixed_or_mobile], carrier: 'Test Mobile Carrier', country_code: 'US', area_code: '202', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, otp_delivery_preference: 'sms', active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass' } }, @@ -124,22 +124,22 @@ proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, 'IdV: phone confirmation otp submitted' => { - success: true, code_expired: false, code_matches: true, otp_delivery_preference: :sms, second_factor_attempts_count: 0, second_factor_locked_at: nil, errors: {}, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, + success: true, code_expired: false, code_matches: true, otp_delivery_preference: :sms, second_factor_attempts_count: 0, second_factor_locked_at: nil, errors: {}, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, :idv_enter_password_visited => { - address_verification_method: 'phone', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, + address_verification_method: 'phone', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, :idv_enter_password_submitted => { - success: true, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: false, deactivation_reason: nil, + success: true, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: false, deactivation_reason: nil, active_profile_idv_level: 'legacy_unsupervised', pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, 'IdV: final resolution' => { - success: true, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: false, deactivation_reason: nil, + success: true, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: false, deactivation_reason: nil, active_profile_idv_level: 'legacy_unsupervised', pending_profile_idv_level: nil, profile_history: match_array(kind_of(Idv::ProfileLogging)), proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } @@ -170,28 +170,28 @@ proofing_components: nil }, 'IdV: doc auth welcome visited' => { - step: 'welcome', analytics_id: 'Doc Auth', irs_reproofing: false, skip_hybrid_handoff: nil, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'welcome', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil }, 'IdV: doc auth welcome submitted' => { - step: 'welcome', analytics_id: 'Doc Auth', irs_reproofing: false, skip_hybrid_handoff: nil, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'welcome', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil }, 'IdV: doc auth agreement visited' => { - step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, acuant_sdk_upgrade_ab_test_bucket: :default }, 'IdV: consent checkbox toggled' => { checked: true, }, 'IdV: doc auth agreement submitted' => { - success: true, errors: {}, step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + success: true, errors: {}, step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, acuant_sdk_upgrade_ab_test_bucket: :default }, 'IdV: doc auth hybrid handoff visited' => { - step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, selfie_check_required: boolean + step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, selfie_check_required: boolean }, 'IdV: doc auth hybrid handoff submitted' => { - success: true, errors: hash_including(message: nil), destination: :link_sent, flow_path: 'hybrid', step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, telephony_response: hash_including(errors: {}, message_id: 'fake-message-id', request_id: 'fake-message-request-id', success: true), selfie_check_required: boolean + success: true, errors: hash_including(message: nil), destination: :link_sent, flow_path: 'hybrid', step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, telephony_response: hash_including(errors: {}, message_id: 'fake-message-id', request_id: 'fake-message-request-id', success: true), selfie_check_required: boolean }, 'IdV: doc auth document_capture visited' => { - flow_path: 'hybrid', step: 'document_capture', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', irs_reproofing: false, selfie_check_required: boolean, liveness_checking_required: boolean + flow_path: 'hybrid', step: 'document_capture', acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', selfie_check_required: boolean, liveness_checking_required: boolean }, 'Frontend: IdV: front image added' => { width: 284, height: 38, mimeType: 'image/png', source: 'upload', size: 3694, captureAttempts: 1, flow_path: 'hybrid', acuant_sdk_upgrade_a_b_testing_enabled: 'false', use_alternate_sdk: anything, acuant_version: kind_of(String), acuantCaptureMode: nil, fingerprint: anything, failedImageResubmission: boolean, documentType: nil, dpi: nil, glare: nil, glareScoreThreshold: nil, isAssessedAsBlurry: nil, isAssessedAsGlare: nil, isAssessedAsUnsupported: nil, moire: nil, sharpness: nil, sharpnessScoreThreshold: nil, assessment: nil, liveness_checking_required: boolean @@ -207,31 +207,31 @@ success: true, errors: {}, user_id: user.uuid, submit_attempts: 1, remaining_submit_attempts: 3, flow_path: 'hybrid', attention_with_barcode: false, front_image_fingerprint: an_instance_of(String), back_image_fingerprint: an_instance_of(String), selfie_image_fingerprint: nil, liveness_checking_required: boolean, classification_info: {}, id_issued_status: 'present', id_expiration_status: 'present' }, 'IdV: doc auth document_capture submitted' => { - success: true, errors: {}, flow_path: 'hybrid', step: 'document_capture', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', irs_reproofing: false, selfie_check_required: boolean, liveness_checking_required: boolean + success: true, errors: {}, flow_path: 'hybrid', step: 'document_capture', acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', selfie_check_required: boolean, liveness_checking_required: boolean }, 'IdV: doc auth ssn visited' => { - flow_path: 'hybrid', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false + flow_path: 'hybrid', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth' }, 'IdV: doc auth ssn submitted' => { - success: true, errors: {}, flow_path: 'hybrid', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false + success: true, errors: {}, flow_path: 'hybrid', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth' }, 'IdV: doc auth verify visited' => { - flow_path: 'hybrid', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false + flow_path: 'hybrid', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth' }, 'IdV: doc auth verify submitted' => { - flow_path: 'hybrid', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false + flow_path: 'hybrid', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth' }, 'IdV: doc auth verify proofing results' => { - success: true, errors: {}, flow_path: 'hybrid', address_edited: false, address_line2_present: false, analytics_id: 'Doc Auth', ssn_is_unique: true, step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, irs_reproofing: false, skip_hybrid_handoff: nil, + success: true, errors: {}, flow_path: 'hybrid', address_edited: false, address_line2_present: false, analytics_id: 'Doc Auth', ssn_is_unique: true, step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, proofing_results: { exception: nil, timed_out: false, threatmetrix_review_status: 'pass', context: { device_profiling_adjudication_reason: 'device_profiling_result_pass', resolution_adjudication_reason: 'pass_resolution_and_state_id', should_proof_state_id: true, stages: { resolution: { success: true, errors: {}, exception: nil, timed_out: false, transaction_id: 'resolution-mock-transaction-id-123', reference: 'aaa-bbb-ccc', can_pass_with_additional_verification: false, attributes_requiring_additional_verification: [], vendor_name: 'ResolutionMock', vendor_workflow: nil }, residential_address: { attributes_requiring_additional_verification: [], can_pass_with_additional_verification: false, errors: {}, exception: nil, reference: '', success: true, timed_out: false, transaction_id: '', vendor_name: 'ResidentialAddressNotRequired', vendor_workflow: nil }, state_id: { success: true, errors: {}, exception: nil, mva_exception: nil, requested_attributes: {}, timed_out: false, transaction_id: 'state-id-mock-transaction-id-456', vendor_name: 'StateIdMock', verified_attributes: [], state: 'MT', state_id_jurisdiction: 'ND', state_id_number: '#############' }, threatmetrix: threatmetrix_response } } } }, 'IdV: phone of record visited' => { - acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, + acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass' } }, 'IdV: phone confirmation form' => { - success: true, errors: {}, phone_type: :mobile, types: [:fixed_or_mobile], carrier: 'Test Mobile Carrier', country_code: 'US', area_code: '202', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, otp_delivery_preference: 'sms', + success: true, errors: {}, phone_type: :mobile, types: [:fixed_or_mobile], carrier: 'Test Mobile Carrier', country_code: 'US', area_code: '202', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, otp_delivery_preference: 'sms', active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass' } }, @@ -250,22 +250,22 @@ proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, 'IdV: phone confirmation otp submitted' => { - success: true, code_expired: false, code_matches: true, otp_delivery_preference: :sms, second_factor_attempts_count: 0, second_factor_locked_at: nil, errors: {}, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, + success: true, code_expired: false, code_matches: true, otp_delivery_preference: :sms, second_factor_attempts_count: 0, second_factor_locked_at: nil, errors: {}, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, :idv_enter_password_visited => { - address_verification_method: 'phone', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, + address_verification_method: 'phone', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, :idv_enter_password_submitted => { - success: true, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: false, deactivation_reason: nil, + success: true, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: false, deactivation_reason: nil, active_profile_idv_level: 'legacy_unsupervised', pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, 'IdV: final resolution' => { - success: true, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: false, deactivation_reason: nil, + success: true, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: false, deactivation_reason: nil, active_profile_idv_level: 'legacy_unsupervised', pending_profile_idv_level: nil, profile_history: match_array(kind_of(Idv::ProfileLogging)), proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } @@ -296,25 +296,25 @@ proofing_components: nil }, 'IdV: doc auth welcome visited' => { - step: 'welcome', analytics_id: 'Doc Auth', irs_reproofing: false, skip_hybrid_handoff: nil, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'welcome', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil }, 'IdV: doc auth welcome submitted' => { - step: 'welcome', analytics_id: 'Doc Auth', irs_reproofing: false, skip_hybrid_handoff: nil, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'welcome', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil }, 'IdV: doc auth agreement visited' => { - step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, acuant_sdk_upgrade_ab_test_bucket: :default }, 'IdV: doc auth agreement submitted' => { - success: true, errors: {}, step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + success: true, errors: {}, step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, acuant_sdk_upgrade_ab_test_bucket: :default }, 'IdV: doc auth hybrid handoff visited' => { - step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, selfie_check_required: boolean + step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, selfie_check_required: boolean }, 'IdV: doc auth hybrid handoff submitted' => { - success: true, errors: {}, destination: :document_capture, flow_path: 'standard', redo_document_capture: nil, step: 'hybrid_handoff', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, selfie_check_required: boolean + success: true, errors: {}, destination: :document_capture, flow_path: 'standard', redo_document_capture: nil, step: 'hybrid_handoff', acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, selfie_check_required: boolean }, 'IdV: doc auth document_capture visited' => { - flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false, selfie_check_required: boolean, liveness_checking_required: boolean + flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', selfie_check_required: boolean, liveness_checking_required: boolean }, 'Frontend: IdV: front image added' => { width: 284, height: 38, mimeType: 'image/png', source: 'upload', size: 3694, captureAttempts: 1, flow_path: 'standard', acuant_sdk_upgrade_a_b_testing_enabled: 'false', use_alternate_sdk: anything, acuant_version: kind_of(String), acuantCaptureMode: nil, fingerprint: anything, failedImageResubmission: boolean, documentType: nil, dpi: nil, glare: nil, glareScoreThreshold: nil, isAssessedAsBlurry: nil, isAssessedAsGlare: nil, isAssessedAsUnsupported: nil, moire: nil, sharpness: nil, sharpnessScoreThreshold: nil, assessment: nil, liveness_checking_required: boolean @@ -330,31 +330,31 @@ success: true, errors: {}, user_id: user.uuid, submit_attempts: 1, remaining_submit_attempts: 3, flow_path: 'standard', attention_with_barcode: false, front_image_fingerprint: an_instance_of(String), back_image_fingerprint: an_instance_of(String), selfie_image_fingerprint: nil, liveness_checking_required: boolean, classification_info: {}, id_issued_status: 'present', id_expiration_status: 'present' }, 'IdV: doc auth document_capture submitted' => { - success: true, errors: {}, flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false, selfie_check_required: boolean, liveness_checking_required: boolean + success: true, errors: {}, flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', selfie_check_required: boolean, liveness_checking_required: boolean }, 'IdV: doc auth ssn visited' => { - flow_path: 'standard', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false + flow_path: 'standard', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth' }, 'IdV: doc auth ssn submitted' => { - success: true, errors: {}, flow_path: 'standard', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false + success: true, errors: {}, flow_path: 'standard', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth' }, 'IdV: doc auth verify visited' => { - flow_path: 'standard', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false + flow_path: 'standard', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth' }, 'IdV: doc auth verify submitted' => { - flow_path: 'standard', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth', irs_reproofing: false + flow_path: 'standard', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, analytics_id: 'Doc Auth' }, 'IdV: doc auth verify proofing results' => { - success: true, errors: {}, flow_path: 'standard', address_edited: false, address_line2_present: false, analytics_id: 'Doc Auth', ssn_is_unique: true, step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, irs_reproofing: false, skip_hybrid_handoff: nil, + success: true, errors: {}, flow_path: 'standard', address_edited: false, address_line2_present: false, analytics_id: 'Doc Auth', ssn_is_unique: true, step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, proofing_results: { exception: nil, timed_out: false, threatmetrix_review_status: 'pass', context: { device_profiling_adjudication_reason: 'device_profiling_result_pass', resolution_adjudication_reason: 'pass_resolution_and_state_id', should_proof_state_id: true, stages: { resolution: { success: true, errors: {}, exception: nil, timed_out: false, transaction_id: 'resolution-mock-transaction-id-123', reference: 'aaa-bbb-ccc', can_pass_with_additional_verification: false, attributes_requiring_additional_verification: [], vendor_name: 'ResolutionMock', vendor_workflow: nil }, residential_address: { attributes_requiring_additional_verification: [], can_pass_with_additional_verification: false, errors: {}, exception: nil, reference: '', success: true, timed_out: false, transaction_id: '', vendor_name: 'ResidentialAddressNotRequired', vendor_workflow: nil }, state_id: { success: true, errors: {}, exception: nil, mva_exception: nil, requested_attributes: {}, timed_out: false, transaction_id: 'state-id-mock-transaction-id-456', vendor_name: 'StateIdMock', verified_attributes: [], state: 'MT', state_id_jurisdiction: 'ND', state_id_number: '#############' }, threatmetrix: threatmetrix_response } } } }, 'IdV: phone of record visited' => { - acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, + acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass' } }, 'IdV: USPS address letter requested' => { - resend: false, phone_step_attempts: 0, first_letter_requested_at: nil, hours_since_first_letter: 0, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, + resend: false, phone_step_attempts: 0, first_letter_requested_at: nil, hours_since_first_letter: 0, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass' } }, @@ -362,22 +362,22 @@ letter_already_sent: false, }, :idv_enter_password_visited => { - address_verification_method: 'gpo', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, + address_verification_method: 'gpo', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'gpo_letter' } }, 'IdV: USPS address letter enqueued' => { - enqueued_at: Time.zone.now.utc, resend: false, phone_step_attempts: 0, first_letter_requested_at: Time.zone.now.utc, hours_since_first_letter: 0, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, + enqueued_at: Time.zone.now.utc, resend: false, phone_step_attempts: 0, first_letter_requested_at: Time.zone.now.utc, hours_since_first_letter: 0, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'gpo_letter' } }, :idv_enter_password_submitted => { - success: true, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: true, in_person_verification_pending: false, deactivation_reason: nil, + success: true, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: true, in_person_verification_pending: false, deactivation_reason: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'gpo_letter' } }, 'IdV: final resolution' => { - success: true, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: true, in_person_verification_pending: false, deactivation_reason: nil, + success: true, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: true, in_person_verification_pending: false, deactivation_reason: nil, # NOTE: pending_profile_idv_level should be set here, a nil value is cached for current_user.pending_profile. active_profile_idv_level: nil, pending_profile_idv_level: nil, profile_history: match_array(kind_of(Idv::ProfileLogging)), @@ -393,25 +393,25 @@ let(:in_person_path_events) do { 'IdV: doc auth welcome visited' => { - step: 'welcome', analytics_id: 'Doc Auth', irs_reproofing: false, skip_hybrid_handoff: nil, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'welcome', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil }, 'IdV: doc auth welcome submitted' => { - step: 'welcome', analytics_id: 'Doc Auth', irs_reproofing: false, skip_hybrid_handoff: nil, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'welcome', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil }, 'IdV: doc auth agreement visited' => { - step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, acuant_sdk_upgrade_ab_test_bucket: :default }, 'IdV: doc auth agreement submitted' => { - success: true, errors: {}, step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + success: true, errors: {}, step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, acuant_sdk_upgrade_ab_test_bucket: :default }, 'IdV: doc auth hybrid handoff visited' => { - step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, selfie_check_required: boolean + step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, selfie_check_required: boolean }, 'IdV: doc auth hybrid handoff submitted' => { - success: true, errors: {}, destination: :document_capture, flow_path: 'standard', redo_document_capture: nil, step: 'hybrid_handoff', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, selfie_check_required: boolean + success: true, errors: {}, destination: :document_capture, flow_path: 'standard', redo_document_capture: nil, step: 'hybrid_handoff', acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, selfie_check_required: boolean }, 'IdV: doc auth document_capture visited' => { - flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, selfie_check_required: boolean, liveness_checking_required: boolean + flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, selfie_check_required: boolean, liveness_checking_required: boolean }, 'Frontend: IdV: front image added' => { width: 284, height: 38, mimeType: 'image/png', source: 'upload', size: 3694, captureAttempts: 1, flow_path: 'standard', acuant_sdk_upgrade_a_b_testing_enabled: 'false', use_alternate_sdk: anything, acuant_version: kind_of(String), acuantCaptureMode: nil, fingerprint: anything, failedImageResubmission: boolean, documentType: nil, dpi: nil, glare: nil, glareScoreThreshold: nil, isAssessedAsBlurry: nil, isAssessedAsGlare: nil, isAssessedAsUnsupported: nil, moire: nil, sharpness: nil, sharpnessScoreThreshold: nil, assessment: nil, liveness_checking_required: boolean @@ -439,35 +439,35 @@ flow_path: 'standard', opted_in_to_in_person_proofing: nil }, 'IdV: in person proofing state_id visited' => { - step: 'state_id', flow_path: 'standard', step_count: 1, analytics_id: 'In Person Proofing', irs_reproofing: false, opted_in_to_in_person_proofing: nil + step: 'state_id', flow_path: 'standard', step_count: 1, analytics_id: 'In Person Proofing', opted_in_to_in_person_proofing: nil }, 'IdV: in person proofing state_id submitted' => { - success: true, flow_path: 'standard', step: 'state_id', step_count: 1, analytics_id: 'In Person Proofing', irs_reproofing: false, errors: {}, same_address_as_id: false, opted_in_to_in_person_proofing: nil + success: true, flow_path: 'standard', step: 'state_id', step_count: 1, analytics_id: 'In Person Proofing', errors: {}, same_address_as_id: false, opted_in_to_in_person_proofing: nil }, 'IdV: in person proofing address visited' => { - step: 'address', flow_path: 'standard', analytics_id: 'In Person Proofing', irs_reproofing: false, same_address_as_id: false, opted_in_to_in_person_proofing: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil + step: 'address', flow_path: 'standard', analytics_id: 'In Person Proofing', same_address_as_id: false, opted_in_to_in_person_proofing: nil, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil }, 'IdV: in person proofing residential address submitted' => { - success: true, step: 'address', flow_path: 'standard', analytics_id: 'In Person Proofing', irs_reproofing: false, errors: {}, same_address_as_id: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil + success: true, step: 'address', flow_path: 'standard', analytics_id: 'In Person Proofing', errors: {}, same_address_as_id: false, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil }, 'IdV: doc auth ssn visited' => { - analytics_id: 'In Person Proofing', step: 'ssn', flow_path: 'standard', irs_reproofing: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, same_address_as_id: false + analytics_id: 'In Person Proofing', step: 'ssn', flow_path: 'standard', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, same_address_as_id: false }, 'IdV: doc auth ssn submitted' => { - analytics_id: 'In Person Proofing', success: true, step: 'ssn', flow_path: 'standard', irs_reproofing: false, errors: {}, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, same_address_as_id: false + analytics_id: 'In Person Proofing', success: true, step: 'ssn', flow_path: 'standard', errors: {}, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, same_address_as_id: false }, 'IdV: doc auth verify visited' => { - analytics_id: 'In Person Proofing', step: 'verify', flow_path: 'standard', irs_reproofing: false, same_address_as_id: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil + analytics_id: 'In Person Proofing', step: 'verify', flow_path: 'standard', same_address_as_id: false, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil }, 'IdV: doc auth verify submitted' => { - analytics_id: 'In Person Proofing', step: 'verify', flow_path: 'standard', irs_reproofing: false, same_address_as_id: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil + analytics_id: 'In Person Proofing', step: 'verify', flow_path: 'standard', same_address_as_id: false, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil }, 'IdV: doc auth verify proofing results' => { - success: true, errors: {}, flow_path: 'standard', address_edited: false, address_line2_present: false, analytics_id: 'In Person Proofing', ssn_is_unique: true, step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, irs_reproofing: false, same_address_as_id: false, skip_hybrid_handoff: nil, + success: true, errors: {}, flow_path: 'standard', address_edited: false, address_line2_present: false, analytics_id: 'In Person Proofing', ssn_is_unique: true, step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, same_address_as_id: false, skip_hybrid_handoff: nil, proofing_results: { exception: nil, timed_out: false, threatmetrix_review_status: 'pass', context: { device_profiling_adjudication_reason: 'device_profiling_result_pass', resolution_adjudication_reason: 'pass_resolution_and_state_id', should_proof_state_id: true, stages: { resolution: { success: true, errors: {}, exception: nil, timed_out: false, transaction_id: 'resolution-mock-transaction-id-123', reference: 'aaa-bbb-ccc', can_pass_with_additional_verification: false, attributes_requiring_additional_verification: [], vendor_name: 'ResolutionMock', vendor_workflow: nil }, residential_address: { errors: {}, exception: nil, reference: 'aaa-bbb-ccc', success: true, timed_out: false, transaction_id: 'resolution-mock-transaction-id-123', can_pass_with_additional_verification: false, attributes_requiring_additional_verification: [], vendor_name: 'ResolutionMock', vendor_workflow: nil }, state_id: { success: true, errors: {}, exception: nil, mva_exception: nil, requested_attributes: {}, timed_out: false, transaction_id: 'state-id-mock-transaction-id-456', vendor_name: 'StateIdMock', verified_attributes: [], state: 'MT', state_id_jurisdiction: 'ND', state_id_number: '#############' }, threatmetrix: threatmetrix_response } } } }, 'IdV: phone confirmation form' => { - success: true, errors: {}, phone_type: :mobile, types: [:fixed_or_mobile], carrier: 'Test Mobile Carrier', country_code: 'US', area_code: '202', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, otp_delivery_preference: 'sms', + success: true, errors: {}, phone_type: :mobile, types: [:fixed_or_mobile], carrier: 'Test Mobile Carrier', country_code: 'US', area_code: '202', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, otp_delivery_preference: 'sms', active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'usps', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', source_check: 'aamva' } }, @@ -486,22 +486,22 @@ proofing_components: { address_check: 'lexis_nexis_address', document_check: 'usps', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', source_check: 'aamva' } }, 'IdV: phone confirmation otp submitted' => { - success: true, code_expired: false, code_matches: true, otp_delivery_preference: :sms, second_factor_attempts_count: 0, second_factor_locked_at: nil, errors: {}, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, + success: true, code_expired: false, code_matches: true, otp_delivery_preference: :sms, second_factor_attempts_count: 0, second_factor_locked_at: nil, errors: {}, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'usps', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, :idv_enter_password_visited => { - acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, address_verification_method: 'phone', + acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, address_verification_method: 'phone', active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'usps', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, :idv_enter_password_submitted => { - success: true, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: true, deactivation_reason: nil, + success: true, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: true, deactivation_reason: nil, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'usps', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, 'IdV: final resolution' => { - success: true, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: true, deactivation_reason: nil, + success: true, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: nil, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: true, deactivation_reason: nil, # NOTE: pending_profile_idv_level should be set here, a nil value is cached for current_user.pending_profile. active_profile_idv_level: nil, pending_profile_idv_level: nil, profile_history: match_array(kind_of(Idv::ProfileLogging)), @@ -541,28 +541,28 @@ proofing_components: nil }, 'IdV: doc auth welcome visited' => { - step: 'welcome', analytics_id: 'Doc Auth', irs_reproofing: false, skip_hybrid_handoff: anything, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'welcome', analytics_id: 'Doc Auth', skip_hybrid_handoff: anything }, 'IdV: doc auth welcome submitted' => { - step: 'welcome', analytics_id: 'Doc Auth', irs_reproofing: false, skip_hybrid_handoff: anything, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'welcome', analytics_id: 'Doc Auth', skip_hybrid_handoff: anything }, 'IdV: doc auth agreement visited' => { - step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: anything, irs_reproofing: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: anything, acuant_sdk_upgrade_ab_test_bucket: :default }, 'IdV: consent checkbox toggled' => { checked: true, }, 'IdV: doc auth agreement submitted' => { - success: true, errors: {}, step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: anything, irs_reproofing: false, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default + success: true, errors: {}, step: 'agreement', analytics_id: 'Doc Auth', skip_hybrid_handoff: anything, acuant_sdk_upgrade_ab_test_bucket: :default }, 'IdV: doc auth hybrid handoff visited' => { - step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, selfie_check_required: boolean + step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, selfie_check_required: boolean }, 'IdV: doc auth hybrid handoff submitted' => { - success: true, errors: {}, destination: :document_capture, flow_path: 'standard', step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, irs_reproofing: false, selfie_check_required: boolean + success: true, errors: {}, destination: :document_capture, flow_path: 'standard', step: 'hybrid_handoff', redo_document_capture: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', skip_hybrid_handoff: nil, selfie_check_required: boolean }, 'IdV: doc auth document_capture visited' => { - flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, skip_hybrid_handoff: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', irs_reproofing: false, selfie_check_required: boolean, liveness_checking_required: true + flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, skip_hybrid_handoff: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', selfie_check_required: boolean, liveness_checking_required: true }, 'Frontend: IdV: front image added' => { width: 284, height: 38, mimeType: 'image/png', source: 'upload', size: 3694, captureAttempts: 1, flow_path: 'standard', acuant_sdk_upgrade_a_b_testing_enabled: 'false', use_alternate_sdk: anything, acuant_version: kind_of(String), acuantCaptureMode: nil, fingerprint: anything, failedImageResubmission: boolean, documentType: nil, dpi: nil, glare: nil, glareScoreThreshold: nil, isAssessedAsBlurry: nil, isAssessedAsGlare: nil, isAssessedAsUnsupported: nil, moire: nil, sharpness: nil, sharpnessScoreThreshold: nil, assessment: nil, liveness_checking_required: boolean @@ -578,34 +578,34 @@ success: true, errors: {}, user_id: user.uuid, submit_attempts: 1, remaining_submit_attempts: 3, flow_path: 'standard', attention_with_barcode: false, front_image_fingerprint: an_instance_of(String), back_image_fingerprint: an_instance_of(String), selfie_image_fingerprint: an_instance_of(String), liveness_checking_required: boolean, classification_info: {}, id_issued_status: 'present', id_expiration_status: 'present' }, 'IdV: doc auth document_capture submitted' => { - success: true, errors: {}, flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, skip_hybrid_handoff: nil, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, analytics_id: 'Doc Auth', irs_reproofing: false, selfie_check_required: boolean, liveness_checking_required: true + success: true, errors: {}, flow_path: 'standard', step: 'document_capture', redo_document_capture: nil, skip_hybrid_handoff: nil, acuant_sdk_upgrade_ab_test_bucket: :default, analytics_id: 'Doc Auth', selfie_check_required: boolean, liveness_checking_required: true }, :idv_selfie_image_added => { acuant_version: kind_of(String), captureAttempts: 1, failedImageResubmission: nil, fingerprint: 'aIzxkX_iMtoxFOURZr55qkshs53emQKUOr7VfTf6G1Q', flow_path: 'standard', height: 38, mimeType: 'image/png', size: 3694, source: 'upload', width: 284, liveness_checking_required: boolean, selfie_attempts: 0 }, 'IdV: doc auth ssn visited' => { - flow_path: 'standard', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: anything, analytics_id: 'Doc Auth', irs_reproofing: false + flow_path: 'standard', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: anything, analytics_id: 'Doc Auth' }, 'IdV: doc auth ssn submitted' => { - success: true, errors: {}, flow_path: 'standard', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: anything, analytics_id: 'Doc Auth', irs_reproofing: false + success: true, errors: {}, flow_path: 'standard', step: 'ssn', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: anything, analytics_id: 'Doc Auth' }, 'IdV: doc auth verify visited' => { - flow_path: 'standard', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: anything, analytics_id: 'Doc Auth', irs_reproofing: false + flow_path: 'standard', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: anything, analytics_id: 'Doc Auth' }, 'IdV: doc auth verify submitted' => { - flow_path: 'standard', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: anything, analytics_id: 'Doc Auth', irs_reproofing: false + flow_path: 'standard', step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: anything, analytics_id: 'Doc Auth' }, 'IdV: doc auth verify proofing results' => { - success: true, errors: {}, flow_path: 'standard', address_edited: false, address_line2_present: false, analytics_id: 'Doc Auth', ssn_is_unique: true, step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, irs_reproofing: false, skip_hybrid_handoff: anything, + success: true, errors: {}, flow_path: 'standard', address_edited: false, address_line2_present: false, analytics_id: 'Doc Auth', ssn_is_unique: true, step: 'verify', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: anything, proofing_results: { exception: nil, timed_out: false, threatmetrix_review_status: 'pass', context: { device_profiling_adjudication_reason: 'device_profiling_result_pass', resolution_adjudication_reason: 'pass_resolution_and_state_id', should_proof_state_id: true, stages: { resolution: { success: true, errors: {}, exception: nil, timed_out: false, transaction_id: 'resolution-mock-transaction-id-123', reference: 'aaa-bbb-ccc', can_pass_with_additional_verification: false, attributes_requiring_additional_verification: [], vendor_name: 'ResolutionMock', vendor_workflow: nil }, residential_address: { attributes_requiring_additional_verification: [], can_pass_with_additional_verification: false, errors: {}, exception: nil, reference: '', success: true, timed_out: false, transaction_id: '', vendor_name: 'ResidentialAddressNotRequired', vendor_workflow: nil }, state_id: { success: true, errors: {}, exception: nil, mva_exception: nil, requested_attributes: {}, timed_out: false, transaction_id: 'state-id-mock-transaction-id-456', vendor_name: 'StateIdMock', verified_attributes: [], state: 'MT', state_id_jurisdiction: 'ND', state_id_number: '#############' }, threatmetrix: threatmetrix_response } } } }, 'IdV: phone of record visited' => { - acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: anything, + acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: anything, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass' } }, 'IdV: phone confirmation form' => { - success: true, errors: {}, phone_type: :mobile, types: [:fixed_or_mobile], carrier: 'Test Mobile Carrier', country_code: 'US', area_code: '202', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: anything, otp_delivery_preference: 'sms', + success: true, errors: {}, phone_type: :mobile, types: [:fixed_or_mobile], carrier: 'Test Mobile Carrier', country_code: 'US', area_code: '202', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: anything, otp_delivery_preference: 'sms', active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass' } }, @@ -624,22 +624,22 @@ proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, 'IdV: phone confirmation otp submitted' => { - success: true, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: anything, code_expired: false, code_matches: true, otp_delivery_preference: :sms, second_factor_attempts_count: 0, second_factor_locked_at: nil, errors: {}, + success: true, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: anything, code_expired: false, code_matches: true, otp_delivery_preference: :sms, second_factor_attempts_count: 0, second_factor_locked_at: nil, errors: {}, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, :idv_enter_password_visited => { - address_verification_method: 'phone', acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: anything, + address_verification_method: 'phone', acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: anything, active_profile_idv_level: nil, pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, :idv_enter_password_submitted => { - success: true, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: anything, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: false, deactivation_reason: nil, + success: true, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: anything, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: false, deactivation_reason: nil, active_profile_idv_level: 'unsupervised_with_selfie', pending_profile_idv_level: nil, proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } }, 'IdV: final resolution' => { - success: true, acuant_sdk_upgrade_ab_test_bucket: :default, lexisnexis_instant_verify_workflow_ab_test_bucket: :default, skip_hybrid_handoff: anything, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: false, deactivation_reason: nil, + success: true, acuant_sdk_upgrade_ab_test_bucket: :default, skip_hybrid_handoff: anything, fraud_review_pending: false, fraud_rejection: false, gpo_verification_pending: false, in_person_verification_pending: false, deactivation_reason: nil, active_profile_idv_level: 'unsupervised_with_selfie', pending_profile_idv_level: nil, profile_history: match_array(kind_of(Idv::ProfileLogging)), proofing_components: { document_check: 'mock', document_type: 'state_id', source_check: 'aamva', resolution_check: 'lexis_nexis', threatmetrix: threatmetrix, threatmetrix_review_status: 'pass', address_check: 'lexis_nexis_address' } diff --git a/spec/features/idv/doc_auth/document_capture_spec.rb b/spec/features/idv/doc_auth/document_capture_spec.rb index 635f942289f..f315310fe7d 100644 --- a/spec/features/idv/doc_auth/document_capture_spec.rb +++ b/spec/features/idv/doc_auth/document_capture_spec.rb @@ -86,12 +86,7 @@ end context 'rate limits calls to backend docauth vendor', allow_browser_log: true do - let(:fake_attempts_tracker) { IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new } before do - allow_any_instance_of(ApplicationController).to receive( - :irs_attempts_api_tracker, - ).and_return(fake_attempts_tracker) - allow(fake_attempts_tracker).to receive(:idv_document_upload_rate_limited) allow(IdentityConfig.store).to receive(:doc_auth_max_attempts).and_return(max_attempts) DocAuth::Mock::DocAuthMockClient.mock_response!( method: :post_front_image, @@ -127,11 +122,6 @@ ) end - it 'logs irs attempts event for rate limiting' do - attach_and_submit_images - expect(fake_attempts_tracker).to have_received(:idv_document_upload_rate_limited) - end - context 'successfully processes image on last attempt' do before do DocAuth::Mock::DocAuthMockClient.reset! diff --git a/spec/features/idv/doc_auth/hybrid_handoff_spec.rb b/spec/features/idv/doc_auth/hybrid_handoff_spec.rb index 09433178e0b..facc735d59e 100644 --- a/spec/features/idv/doc_auth/hybrid_handoff_spec.rb +++ b/spec/features/idv/doc_auth/hybrid_handoff_spec.rb @@ -6,7 +6,6 @@ include ActionView::Helpers::DateHelper let(:fake_analytics) { FakeAnalytics.new } - let(:fake_attempts_tracker) { IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new } let(:idv_send_link_max_attempts) { 3 } let(:idv_send_link_attempt_window_in_minutes) do IdentityConfig.store.idv_send_link_attempt_window_in_minutes @@ -22,8 +21,6 @@ end sign_in_and_2fa_user allow_any_instance_of(ApplicationController).to receive(:analytics).and_return(fake_analytics) - allow_any_instance_of(ApplicationController).to receive(:irs_attempts_api_tracker). - and_return(fake_attempts_tracker) end context 'on a desktop device send link' do @@ -40,10 +37,6 @@ end it 'proceeds to link sent page when user chooses to use phone' do - expect(fake_attempts_tracker).to receive( - :idv_document_upload_method_selected, - ).with({ upload_method: 'mobile' }) - click_send_link expect(page).to have_current_path(idv_link_sent_path) @@ -54,13 +47,6 @@ end it 'proceeds to the next page with valid info', :js do - expect(fake_attempts_tracker).to receive( - :idv_phone_upload_link_sent, - ).with( - success: true, - phone_number: '+1 415-555-0199', - ) - expect(Telephony).to receive(:send_doc_auth_link). with(hash_including(to: '+1 415-555-0199')). and_call_original @@ -95,10 +81,6 @@ end it 'does not proceed if Telephony raises an error' do - expect(fake_attempts_tracker).to receive(:idv_phone_upload_link_sent).with( - success: false, - phone_number: '+1 225-555-1000', - ) fill_in :doc_auth_phone, with: '225-555-1000' click_send_link @@ -140,10 +122,6 @@ allow(IdentityConfig.store).to receive(:idv_send_link_max_attempts). and_return(idv_send_link_max_attempts) - expect(fake_attempts_tracker).to receive( - :idv_phone_send_link_rate_limited, - ).with({ phone_number: '+1 415-555-0199' }) - freeze_time do idv_send_link_max_attempts.times do expect(page).to_not have_content( diff --git a/spec/features/idv/doc_auth/verify_info_step_spec.rb b/spec/features/idv/doc_auth/verify_info_step_spec.rb index 1a8fd3cf682..41040492220 100644 --- a/spec/features/idv/doc_auth/verify_info_step_spec.rb +++ b/spec/features/idv/doc_auth/verify_info_step_spec.rb @@ -5,7 +5,6 @@ include DocAuthHelper let(:fake_analytics) { FakeAnalytics.new } - let(:fake_attempts_tracker) { IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new } let(:user) { user_with_2fa } # values from Idp::Constants::MOCK_IDV_APPLICANT @@ -24,8 +23,6 @@ before do allow_any_instance_of(ApplicationController).to receive(:analytics).and_return(fake_analytics) - allow_any_instance_of(ApplicationController).to receive(:irs_attempts_api_tracker). - and_return(fake_attempts_tracker) sign_in_and_2fa_user(user) complete_doc_auth_steps_before_ssn_step end @@ -83,12 +80,7 @@ expect(page).to have_text('900-45-6789') end - it 'logs analytics and attempts tracker events on submit' do - expect(fake_attempts_tracker).to receive(:idv_verification_submitted).with( - success: true, - **fake_pii_details, - ssn: DocAuthHelper::GOOD_SSN, - ) + it 'logs analytics event on submit' do complete_verify_step expect(fake_analytics).to have_logged_event( @@ -99,11 +91,6 @@ end it 'does not proceed to the next page if resolution fails' do - expect(fake_attempts_tracker).to receive(:idv_verification_submitted).with( - success: false, - **fake_pii_details, - ssn: DocAuthHelper::SSN_THAT_FAILS_RESOLUTION, - ) fill_out_ssn_form_with_ssn_that_fails_resolution click_idv_continue complete_verify_step @@ -116,11 +103,6 @@ end it 'does not proceed to the next page if resolution raises an exception' do - expect(fake_attempts_tracker).to receive(:idv_verification_submitted).with( - success: false, - **fake_pii_details, - ssn: DocAuthHelper::SSN_THAT_RAISES_EXCEPTION, - ) fill_out_ssn_form_with_ssn_that_raises_exception click_idv_continue @@ -150,9 +132,6 @@ # proof_ssn_max_attempts is 10, vs 5 for resolution, so it doesn't get triggered it 'rate limits resolution and continues when it expires' do - expect(fake_attempts_tracker).to receive(:idv_verification_rate_limited).at_least(1).times. - with({ limiter_context: 'single-session' }) - (max_resolution_attempts - 2).times do complete_verify_step expect(page).to have_current_path(idv_session_errors_warning_path) @@ -221,8 +200,6 @@ end it 'rate limits ssn and continues when it expires' do - expect(fake_attempts_tracker).to receive(:idv_verification_rate_limited).at_least(1).times. - with({ limiter_context: 'multi-session' }) complete_verify_step expect(page).to have_current_path(idv_session_errors_ssn_failure_path) expect(fake_analytics).to have_logged_event( @@ -247,7 +224,6 @@ end it 'continues to next step if ssn successful on last attempt' do - expect(fake_attempts_tracker).not_to receive(:idv_verification_rate_limited) click_link t('idv.buttons.change_ssn_label') expect(page).to have_current_path(idv_ssn_path) @@ -299,8 +275,6 @@ complete_ssn_step complete_verify_step - - expect(DocAuthLog.find_by(user_id: user.id).aamva).not_to be_nil end end @@ -322,8 +296,6 @@ complete_ssn_step complete_verify_step - - expect(DocAuthLog.find_by(user_id: user.id).aamva).to be_nil end end end @@ -343,24 +315,6 @@ complete_verify_step expect(page).to have_current_path(idv_phone_path) end - - it 'tracks attempts tracker event with failure reason' do - expect(fake_attempts_tracker).to receive(:idv_verification_submitted).with( - success: false, - **fake_pii_details, - ssn: DocAuthHelper::GOOD_SSN, - ) - sign_in_and_2fa_user(user) - complete_doc_auth_steps_before_verify_step - - allow(DocumentCaptureSession).to receive(:find_by). - and_return(nil) - - complete_verify_step - expect(page).to have_content(t('idv.failure.timeout')) - expect(page).to have_current_path(idv_verify_info_path) - allow(DocumentCaptureSession).to receive(:find_by).and_call_original - end end context 'async timed out' do diff --git a/spec/features/idv/end_to_end_idv_spec.rb b/spec/features/idv/end_to_end_idv_spec.rb index 71f95b6b145..b26d4f711b7 100644 --- a/spec/features/idv/end_to_end_idv_spec.rb +++ b/spec/features/idv/end_to_end_idv_spec.rb @@ -255,7 +255,6 @@ def validate_verify_info_submit(user) expect(page).to have_content(t('doc_auth.forms.doc_success')) expect(user.proofing_component.resolution_check).to eq(Idp::Constants::Vendors::LEXIS_NEXIS) expect(user.proofing_component.source_check).to eq(Idp::Constants::Vendors::AAMVA) - expect(DocAuthLog.find_by(user_id: user.id).aamva).to eq(true) end def validate_phone_page diff --git a/spec/features/idv/threat_metrix_pending_spec.rb b/spec/features/idv/threat_metrix_pending_spec.rb index 2a00c7ba78e..e5a1b5b8bcf 100644 --- a/spec/features/idv/threat_metrix_pending_spec.rb +++ b/spec/features/idv/threat_metrix_pending_spec.rb @@ -3,7 +3,6 @@ RSpec.feature 'Users pending ThreatMetrix review', :js, allowed_extra_analytics: [:*] do include IdvStepHelper include OidcAuthHelper - include IrsAttemptsApiTrackingHelper include DocAuthHelper before do @@ -17,7 +16,6 @@ active: true, redirect_uris: ['http://localhost:7654/auth/result'], ial: 2, - irs_attempts_api_enabled: true, ) end diff --git a/spec/features/new_device_tracking_spec.rb b/spec/features/new_device_tracking_spec.rb index 49ebc7bd324..272d45e5dca 100644 --- a/spec/features/new_device_tracking_spec.rb +++ b/spec/features/new_device_tracking_spec.rb @@ -134,6 +134,59 @@ expect_delivered_email_count(0) end end + + context 'when reauthenticating' do + it 'does not send a second user notification' do + # Regression: LG-13419: Reset new-device session value after fully authenticating, so that + # reauthentication doesn't consider the device as new and send another notification. + sign_in_live_with_2fa(user) + expect_delivered_email_count(1) + + expire_reauthn_window + + within('.sidenav') { click_on t('account.navigation.add_phone_number') } + expect(page).to have_current_path(login_two_factor_options_path) + click_on t('forms.buttons.continue') + fill_in_code_with_last_phone_otp + click_submit_default + + expect_delivered_email_count(1) + end + end + + context 'authenticating with piv' do + let(:user) { create(:user, :fully_registered, :with_piv_or_cac) } + + it 'sends a user notification on signin' do + visit new_user_session_path + click_on t('account.login.piv_cac') + fill_in_piv_cac_credentials_and_submit(user) + + expect_delivered_email_count(1) + expect_delivered_email( + to: [user.email_addresses.first.email], + subject: t('user_mailer.new_device_sign_in_after_2fa.subject', app_name: APP_NAME), + ) + end + + context 'when reauthenticating' do + it 'does not send a second user notification' do + visit new_user_session_path + click_on t('account.login.piv_cac') + fill_in_piv_cac_credentials_and_submit(user) + + expire_reauthn_window + + within('.sidenav') { click_on t('account.navigation.add_phone_number') } + expect(page).to have_current_path(login_two_factor_options_path) + click_on t('forms.buttons.continue') + fill_in_code_with_last_phone_otp + click_submit_default + + expect_delivered_email_count(1) + end + end + end end context 'user does not have existing devices' do diff --git a/spec/features/remember_device/cookie_expiration_spec.rb b/spec/features/remember_device/cookie_expiration_spec.rb index 4aa8f4a6af4..b17659d3c52 100644 --- a/spec/features/remember_device/cookie_expiration_spec.rb +++ b/spec/features/remember_device/cookie_expiration_spec.rb @@ -1,7 +1,6 @@ require 'rails_helper' -RSpec.describe 'signing in with remember device and closing browser', - allowed_extra_analytics: [:*] do +RSpec.describe 'signing in with remember device and closing browser' do include SamlAuthHelper let(:user) { user_with_2fa } diff --git a/spec/features/remember_device/revocation_spec.rb b/spec/features/remember_device/revocation_spec.rb index df8b654fced..1c83a366484 100644 --- a/spec/features/remember_device/revocation_spec.rb +++ b/spec/features/remember_device/revocation_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.feature 'taking an action that revokes remember device', allowed_extra_analytics: [:*] do +RSpec.feature 'taking an action that revokes remember device' do include NavigationHelper before do diff --git a/spec/features/remember_device/session_expiration_spec.rb b/spec/features/remember_device/session_expiration_spec.rb index 664823fec24..1fea732eb4d 100644 --- a/spec/features/remember_device/session_expiration_spec.rb +++ b/spec/features/remember_device/session_expiration_spec.rb @@ -1,7 +1,6 @@ require 'rails_helper' -RSpec.describe 'signing in with remember device and idling on the sign in page', - allowed_extra_analytics: [:*] do +RSpec.describe 'signing in with remember device and idling on the sign in page' do include SamlAuthHelper include OidcAuthHelper diff --git a/spec/features/reports/sp_active_users_report_spec.rb b/spec/features/reports/sp_active_users_report_spec.rb index 663db74a256..caae13a6856 100644 --- a/spec/features/reports/sp_active_users_report_spec.rb +++ b/spec/features/reports/sp_active_users_report_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.feature 'sp active users report', allowed_extra_analytics: [:*] do +RSpec.feature 'sp active users report' do include SamlAuthHelper include OidcAuthHelper include IdvHelper diff --git a/spec/features/saml/multiple_endpoints_spec.rb b/spec/features/saml/multiple_endpoints_spec.rb index c85718f1a0c..fa66a4341a8 100644 --- a/spec/features/saml/multiple_endpoints_spec.rb +++ b/spec/features/saml/multiple_endpoints_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.describe 'multiple saml endpoints', allowed_extra_analytics: [:*] do +RSpec.describe 'multiple saml endpoints' do include SamlAuthHelper include IdvHelper diff --git a/spec/features/saml/saml_logout_spec.rb b/spec/features/saml/saml_logout_spec.rb index 9d92642d9b0..3e1400f1e90 100644 --- a/spec/features/saml/saml_logout_spec.rb +++ b/spec/features/saml/saml_logout_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.feature 'SAML logout', allowed_extra_analytics: [:*] do +RSpec.feature 'SAML logout' do include SamlAuthHelper let(:user) { create(:user, :fully_registered) } diff --git a/spec/features/saml/saml_relay_state_spec.rb b/spec/features/saml/saml_relay_state_spec.rb index 0081a5b53e7..4c4293d78ca 100644 --- a/spec/features/saml/saml_relay_state_spec.rb +++ b/spec/features/saml/saml_relay_state_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.feature 'SAML RelayState', allowed_extra_analytics: [:*] do +RSpec.feature 'SAML RelayState' do include SamlAuthHelper context 'when RelayState is passed in authn request' do diff --git a/spec/features/saml/saml_spec.rb b/spec/features/saml/saml_spec.rb index 9a38081eacd..73cb1f469d3 100644 --- a/spec/features/saml/saml_spec.rb +++ b/spec/features/saml/saml_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.feature 'saml api', allowed_extra_analytics: [:*] do +RSpec.feature 'saml api' do include SamlAuthHelper include IdvHelper diff --git a/spec/features/sign_in/banned_users_spec.rb b/spec/features/sign_in/banned_users_spec.rb index 3d745b607fb..aecb624ae3a 100644 --- a/spec/features/sign_in/banned_users_spec.rb +++ b/spec/features/sign_in/banned_users_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.feature 'Banning users for an SP', allowed_extra_analytics: [:*] do +RSpec.feature 'Banning users for an SP' do include SamlAuthHelper include OidcAuthHelper diff --git a/spec/features/sign_in/remember_device_default_spec.rb b/spec/features/sign_in/remember_device_default_spec.rb index 933759d99ff..6679e98eca3 100644 --- a/spec/features/sign_in/remember_device_default_spec.rb +++ b/spec/features/sign_in/remember_device_default_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.describe 'Remember device checkbox', allowed_extra_analytics: [:*] do +RSpec.describe 'Remember device checkbox' do include SamlAuthHelper context 'when the user signs in and arrives at the 2FA page' do diff --git a/spec/features/sign_in/sp_return_log_spec.rb b/spec/features/sign_in/sp_return_log_spec.rb index cdf0d48e8e3..93e7b185515 100644 --- a/spec/features/sign_in/sp_return_log_spec.rb +++ b/spec/features/sign_in/sp_return_log_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.feature 'SP return logs', allowed_extra_analytics: [:*] do +RSpec.feature 'SP return logs' do include SamlAuthHelper it 'updates user id after user authenticates so we can track any user back to issuer', :email do diff --git a/spec/features/two_factor_authentication/backup_code_sign_up_spec.rb b/spec/features/two_factor_authentication/backup_code_sign_up_spec.rb index 640365d0f6f..5ee7d702930 100644 --- a/spec/features/two_factor_authentication/backup_code_sign_up_spec.rb +++ b/spec/features/two_factor_authentication/backup_code_sign_up_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.feature 'sign up with backup code', allowed_extra_analytics: [:*] do +RSpec.feature 'sign up with backup code' do include DocAuthHelper include SamlAuthHelper diff --git a/spec/features/two_factor_authentication/second_mfa_reminder_spec.rb b/spec/features/two_factor_authentication/second_mfa_reminder_spec.rb index 434261f55b8..b2d15ec3e93 100644 --- a/spec/features/two_factor_authentication/second_mfa_reminder_spec.rb +++ b/spec/features/two_factor_authentication/second_mfa_reminder_spec.rb @@ -1,6 +1,6 @@ require 'rails_helper' -RSpec.feature 'Second MFA Reminder', allowed_extra_analytics: [:*] do +RSpec.feature 'Second MFA Reminder' do include OidcAuthHelper let(:service_provider) { ServiceProvider.find_by(issuer: OidcAuthHelper::OIDC_IAL1_ISSUER) } diff --git a/spec/features/visitors/bad_password_spec.rb b/spec/features/visitors/bad_password_spec.rb index f63bb61898c..53fe0364040 100644 --- a/spec/features/visitors/bad_password_spec.rb +++ b/spec/features/visitors/bad_password_spec.rb @@ -1,7 +1,6 @@ require 'rails_helper' -RSpec.feature 'Visitor signs in with bad passwords and gets locked out', - allowed_extra_analytics: [:*] do +RSpec.feature 'Visitor signs in with bad passwords and gets locked out' do let(:user) { create(:user, :fully_registered) } let(:bad_password) { 'badpassword' } diff --git a/spec/forms/idv/api_image_upload_form_spec.rb b/spec/forms/idv/api_image_upload_form_spec.rb index fa657bebb9a..45c3bb180cd 100644 --- a/spec/forms/idv/api_image_upload_form_spec.rb +++ b/spec/forms/idv/api_image_upload_form_spec.rb @@ -18,7 +18,6 @@ ), service_provider: build(:service_provider, issuer: 'test_issuer'), analytics: fake_analytics, - irs_attempts_api_tracker: irs_attempts_api_tracker, liveness_checking_required: liveness_checking_required, ) end @@ -52,7 +51,6 @@ let!(:document_capture_session) { DocumentCaptureSession.create!(user: create(:user)) } let(:document_capture_session_uuid) { document_capture_session.uuid } let(:fake_analytics) { FakeAnalytics.new } - let(:irs_attempts_api_tracker) { IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new } describe '#valid?' do context 'with all valid images' do @@ -82,8 +80,6 @@ context 'when rate limited from submission' do it 'is not valid' do - expect(irs_attempts_api_tracker).to receive(:idv_document_upload_rate_limited).with(no_args) - RateLimiter.new( rate_limit_type: :idv_doc_auth, user: document_capture_session.user, @@ -167,23 +163,6 @@ describe '#submit' do context 'with a valid form' do it 'logs analytics' do - expect(irs_attempts_api_tracker).to receive(:idv_document_upload_submitted).with( - { - address: '1 FAKE RD', - date_of_birth: '1938-10-06', - document_back_image_filename: nil, - document_expiration: '2099-12-31', - document_front_image_filename: nil, - document_image_encryption_key: nil, - document_issued: '2019-12-31', - document_number: '1111111111111', - document_state: 'MT', - first_name: 'FAKEY', - last_name: 'MCFAKERSON', - success: true, - }, - ) - form.submit expect(fake_analytics).to have_logged_event( @@ -282,23 +261,6 @@ end it 'logs analytics' do - expect(irs_attempts_api_tracker).to receive(:idv_document_upload_submitted).with( - { - address: '1 FAKE RD', - date_of_birth: '1938-10-06', - document_back_image_filename: nil, - document_expiration: '2099-12-31', - document_front_image_filename: nil, - document_image_encryption_key: nil, - document_issued: '2019-12-31', - document_number: '1111111111111', - document_state: 'MT', - first_name: 'FAKEY', - last_name: 'MCFAKERSON', - success: true, - }, - ) - form.submit expect(fake_analytics).to have_logged_event( @@ -611,13 +573,6 @@ end it 'includes doc_pii errors' do - expect(irs_attempts_api_tracker).to receive(:idv_document_upload_submitted).with( - hash_including( - { - success: false, - }, - ), - ) response = form.submit expect(response.errors[:doc_pii]).to eq('bad') end diff --git a/spec/forms/idv/phone_confirmation_otp_verification_form_spec.rb b/spec/forms/idv/phone_confirmation_otp_verification_form_spec.rb index 0071e983840..53b719da32d 100644 --- a/spec/forms/idv/phone_confirmation_otp_verification_form_spec.rb +++ b/spec/forms/idv/phone_confirmation_otp_verification_form_spec.rb @@ -15,12 +15,6 @@ ) end let(:max_attempts) { 2 } - let(:irs_attempts_api_tracker) do - instance_double( - IrsAttemptsApi::Tracker, - idv_phone_otp_submitted_rate_limited: true, - ) - end before do allow(IdentityConfig.store).to receive(:login_otp_confirmation_max_attempts). @@ -32,7 +26,6 @@ def try_submit(code) described_class.new( user: user, user_phone_confirmation_session: user_phone_confirmation_session, - irs_attempts_api_tracker: irs_attempts_api_tracker, ).submit(code: code) end @@ -79,10 +72,6 @@ def try_submit(code) context 'when the code is expired' do let(:phone_confirmation_otp_sent_at) { 11.minutes.ago } - before do - allow(IrsAttemptsApi::Tracker).to receive(:new).and_return(irs_attempts_api_tracker) - end - it 'returns an unsuccessful result' do result = try_submit(phone_confirmation_otp_code) @@ -103,8 +92,6 @@ def try_submit(code) expect(user.second_factor_attempts_count).to eq(max_attempts) expect(user.second_factor_locked_at).to be_within(1.second).of(Time.zone.now) - expect(irs_attempts_api_tracker).to have_received(:idv_phone_otp_submitted_rate_limited). - with({ phone_number: phone }) end end diff --git a/spec/forms/register_user_email_form_spec.rb b/spec/forms/register_user_email_form_spec.rb index 8d1da4e8afd..2ed6db7df2d 100644 --- a/spec/forms/register_user_email_form_spec.rb +++ b/spec/forms/register_user_email_form_spec.rb @@ -2,8 +2,7 @@ RSpec.describe RegisterUserEmailForm do let(:analytics) { FakeAnalytics.new } - let(:attempts_tracker) { IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new } - subject { RegisterUserEmailForm.new(analytics: analytics, attempts_tracker: attempts_tracker) } + subject { RegisterUserEmailForm.new(analytics:) } it_behaves_like 'email validation' @@ -120,9 +119,6 @@ end it 'creates rate_limiter events after reaching rate_limiter limit' do - expect(attempts_tracker).to receive(:user_registration_email_submission_rate_limited). - with(email: registered_email_address, email_already_registered: true) - IdentityConfig.store.reg_confirmed_email_max_attempts.times do subject.submit(email: variation_of_preexisting_email, terms_accepted: '1') end @@ -177,12 +173,6 @@ end it 'creates rate_limiter events after reaching rate_limiter limit' do - expect(attempts_tracker).to receive( - :user_registration_email_submission_rate_limited, - ).with( - email: registered_email_address, email_already_registered: false, - ) - IdentityConfig.store.reg_unconfirmed_email_max_attempts.times do subject.submit(email: registered_email_address, terms_accepted: '1') end @@ -197,14 +187,8 @@ let(:rate_limit) { IdentityConfig.store.reg_unconfirmed_email_max_attempts } it 'creates rate_limiter events after reaching rate_limiter limit' do - expect(attempts_tracker).to receive( - :user_registration_email_submission_rate_limited, - ).with( - email: "taken+#{rate_limit}@gmail.com", email_already_registered: false, - ) - 1.upto(rate_limit) do |i| - RegisterUserEmailForm.new(analytics: analytics, attempts_tracker: attempts_tracker). + RegisterUserEmailForm.new(analytics:). submit( email: "taken+#{i}@gmail.com", terms_accepted: '1', ) @@ -256,7 +240,7 @@ end it 'saves the user email_language for a valid form' do - form = RegisterUserEmailForm.new(analytics: analytics, attempts_tracker: attempts_tracker) + form = RegisterUserEmailForm.new(analytics:) response = form.submit( email: unregistered_email_address, email_language: 'fr', terms_accepted: '1', @@ -270,14 +254,8 @@ let(:rate_limit) { IdentityConfig.store.reg_unconfirmed_email_max_attempts } it 'creates rate_limiter events after reaching rate_limiter limit' do - expect(attempts_tracker).to receive( - :user_registration_email_submission_rate_limited, - ).with( - email: "taken+#{rate_limit}@gmail.com", email_already_registered: false, - ) - 1.upto(rate_limit) do |i| - RegisterUserEmailForm.new(analytics: analytics, attempts_tracker: attempts_tracker). + RegisterUserEmailForm.new(analytics:). submit( email: "taken+#{i}@gmail.com", terms_accepted: '1', ) diff --git a/spec/jobs/resolution_proofing_job_spec.rb b/spec/jobs/resolution_proofing_job_spec.rb index c41649e4b7c..602b8ea3a90 100644 --- a/spec/jobs/resolution_proofing_job_spec.rb +++ b/spec/jobs/resolution_proofing_job_spec.rb @@ -34,7 +34,6 @@ subject(:perform) do instance.perform( result_id: document_capture_session.result_id, - instant_verify_ab_test_discriminator: document_capture_session.uuid, should_proof_state_id: should_proof_state_id, encrypted_arguments: encrypted_arguments, trace_id: trace_id, @@ -110,83 +109,6 @@ end end - context 'with a nil instant_verify_ab_test_discriminator (check for 50/50 state)' do - subject(:perform) do - instance.perform( - result_id: document_capture_session.result_id, - should_proof_state_id: should_proof_state_id, - encrypted_arguments: encrypted_arguments, - trace_id: trace_id, - user_id: user.id, - threatmetrix_session_id: threatmetrix_session_id, - request_ip: request_ip, - ipp_enrollment_in_progress: ipp_enrollment_in_progress, - ) - end - it 'stores a successful result' do - stub_vendor_requests - - perform - - result = document_capture_session.load_proofing_result[:result] - result_context = result[:context] - result_context_stages = result_context[:stages] - result_context_stages_resolution = result_context_stages[:resolution] - result_context_stages_state_id = result_context_stages[:state_id] - result_context_stages_threatmetrix = result_context_stages[:threatmetrix] - - expect(result[:exception]).to be_nil - expect(result[:errors].keys).to eq([:'Execute Instant Verify']) - expect(result[:success]).to be true - expect(result[:timed_out]).to be false - expect(result[:threatmetrix_review_status]).to eq('pass') - - # result[:context] - expect(result_context[:should_proof_state_id]) - - # result[:context][:stages][:resolution] - expect(result_context_stages_resolution[:vendor_name]). - to eq('lexisnexis:instant_verify') - expect(result_context_stages_resolution[:errors]).to include(:'Execute Instant Verify') - expect(result_context_stages_resolution[:exception]).to eq(nil) - expect(result_context_stages_resolution[:success]).to eq(true) - expect(result_context_stages_resolution[:timed_out]).to eq(false) - expect(result_context_stages_resolution[:transaction_id]).to eq('123456') - expect(result_context_stages_resolution[:reference]).to eq('Reference1') - expect(result_context_stages_resolution[:can_pass_with_additional_verification]). - to eq(false) - expect(result_context_stages_resolution[:attributes_requiring_additional_verification]). - to eq([]) - - # result[:context][:stages][:state_id] - expect(result_context_stages_state_id[:vendor_name]).to eq('aamva:state_id') - expect(result_context_stages_state_id[:errors]).to eq({}) - expect(result_context_stages_state_id[:exception]).to eq(nil) - expect(result_context_stages_state_id[:success]).to eq(true) - expect(result_context_stages_state_id[:timed_out]).to eq(false) - expect(result_context_stages_state_id[:transaction_id]).to eq('1234-abcd-efgh') - expect(result_context_stages_state_id[:verified_attributes]).to match_array( - %w[address state_id_number state_id_type dob last_name first_name], - ) - - # result[:context][:stages][:threatmetrix] - expect(result_context_stages_threatmetrix[:client]).to eq('lexisnexis') - expect(result_context_stages_threatmetrix[:errors]).to eq({}) - expect(result_context_stages_threatmetrix[:exception]).to eq(nil) - expect(result_context_stages_threatmetrix[:success]).to eq(true) - expect(result_context_stages_threatmetrix[:timed_out]).to eq(false) - expect(result_context_stages_threatmetrix[:transaction_id]).to eq('1234') - expect(result_context_stages_threatmetrix[:review_status]).to eq('pass') - expect(result_context_stages_threatmetrix[:response_body]).to eq( - JSON.parse(LexisNexisFixtures.ddp_success_redacted_response_json, symbolize_names: true), - ) - - proofing_component = user.proofing_component - expect(proofing_component.threatmetrix).to equal(true) - expect(proofing_component.threatmetrix_review_status).to eq('pass') - end - end - context 'with a failed InstantVerify result' do it 'stores an unsuccessful result' do stub_vendor_requests( @@ -408,7 +330,6 @@ subject(:perform) do instance.perform( result_id: document_capture_session.result_id, - instant_verify_ab_test_discriminator: document_capture_session.uuid, should_proof_state_id: should_proof_state_id, encrypted_arguments: encrypted_arguments, trace_id: trace_id, diff --git a/spec/lib/reporting/identity_verification_report_spec.rb b/spec/lib/reporting/identity_verification_report_spec.rb index 37319501490..742e062cf03 100644 --- a/spec/lib/reporting/identity_verification_report_spec.rb +++ b/spec/lib/reporting/identity_verification_report_spec.rb @@ -14,7 +14,7 @@ cloudwatch_client = double( 'Reporting::CloudwatchClient', fetch: [ - # Online verification user (failed each vendor once, then suceeded once) + # Online verification user (failed each vendor once, then succeeded once) { 'user_id' => 'user1', 'name' => 'IdV: doc auth welcome visited' }, { 'user_id' => 'user1', 'name' => 'IdV: doc auth welcome submitted' }, { 'user_id' => 'user1', 'name' => 'IdV: doc auth image upload vendor submitted', 'doc_auth_failed_non_fraud' => '1' }, @@ -38,6 +38,13 @@ { 'user_id' => 'user3', 'name' => 'IdV: final resolution', 'fraud_review_pending' => '1' }, { 'user_id' => 'user3', 'name' => 'Fraud: Profile review passed', 'success' => '1' }, + # Fraud review user (rejected) + { 'user_id' => 'user3', 'name' => 'IdV: doc auth welcome visited' }, + { 'user_id' => 'user3', 'name' => 'IdV: doc auth welcome submitted' }, + { 'user_id' => 'user3', 'name' => 'IdV: doc auth image upload vendor submitted', 'success' => '1' }, + { 'user_id' => 'user3', 'name' => 'IdV: final resolution', 'fraud_review_pending' => '1' }, + { 'user_id' => 'user3', 'name' => 'Fraud: Profile review rejected', 'success' => '1' }, + # Success through address confirmation user { 'user_id' => 'user4', 'name' => 'IdV: GPO verification submitted' }, { 'user_id' => 'user4', 'name' => 'Fraud: Profile review passed', 'success' => '1' }, @@ -79,6 +86,7 @@ ['Workflow completed - In-Person Pending', 1], ['Workflow completed - Fraud Review Pending', 1], [], + ['Fraud review rejected', 1], ['Successfully Verified', 4], ['Successfully Verified - With phone number', 1], ['Successfully Verified - With mailed code', 1], @@ -121,6 +129,7 @@ ['Workflow completed - In-Person Pending', '1'], ['Workflow completed - Fraud Review Pending', '1'], [], + ['Fraud review rejected', '1'], ['Successfully Verified', '4'], ['Successfully Verified - With phone number', '1'], ['Successfully Verified - With mailed code', '1'], @@ -162,6 +171,7 @@ 'IdV Reject: Phone Finder' => 1, 'IdV Reject: Verify' => 1, 'Fraud: Profile review passed' => 2, + 'Fraud: Profile review rejected' => 1, ) end end diff --git a/spec/models/profile_spec.rb b/spec/models/profile_spec.rb index 02eeb838baa..8ebb3d532cd 100644 --- a/spec/models/profile_spec.rb +++ b/spec/models/profile_spec.rb @@ -874,36 +874,6 @@ expect(profile.fraud_review_pending_at).to_not eq nil expect(profile).to_not be_active end - - context 'when the initiating_sp is the IRS' do - let(:sp) { create(:service_provider, :irs) } - let(:profile) do - create( - :profile, - user: user, - active: false, - fraud_review_pending_at: 1.day.ago, - initiating_service_provider: sp, - ) - end - - context 'when the feature flag is enabled' do - before do - allow(IdentityConfig.store).to receive(:irs_attempt_api_track_idv_fraud_review). - and_return(true) - end - - it 'logs an attempt event' do - expect(profile.initiating_service_provider.irs_attempts_api_enabled?).to be_truthy - - expect(profile.irs_attempts_api_tracker).to receive(:fraud_review_adjudicated). - with( - hash_including(decision: 'pass'), - ) - profile.activate_after_passing_review - end - end - end end describe '#activate_after_fraud_review_unnecessary' do @@ -1115,46 +1085,6 @@ expect { profile }.to change(ActionMailer::Base.deliveries, :count).by(0) end end - - context 'when the SP is the IRS' do - let(:sp) { create(:service_provider, :irs) } - let(:profile) do - create(:profile, :fraud_review_pending, active: false, initiating_service_provider: sp) - end - - context 'and notify_user is true' do - it 'logs an event with manual_reject' do - allow(IdentityConfig.store).to receive(:irs_attempt_api_track_idv_fraud_review). - and_return(true) - - expect(profile.initiating_service_provider.irs_attempts_api_enabled?).to be_truthy - - expect(profile.irs_attempts_api_tracker).to receive(:fraud_review_adjudicated). - with( - hash_including(decision: 'manual_reject'), - ) - - profile.reject_for_fraud(notify_user: true) - end - end - - context 'and notify_user is false' do - it 'logs an event with automatic_reject' do - allow(IdentityConfig.store).to receive(:irs_attempt_api_enabled).and_return(true) - allow(IdentityConfig.store).to receive(:irs_attempt_api_track_idv_fraud_review). - and_return(true) - - expect(profile.initiating_service_provider.irs_attempts_api_enabled?).to be_truthy - - expect(profile.irs_attempts_api_tracker).to receive(:fraud_review_adjudicated). - with( - hash_including(decision: 'automatic_reject'), - ) - - profile.reject_for_fraud(notify_user: false) - end - end - end end describe 'query class methods' do diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 88ddf55bdb2..349819d5753 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -1667,38 +1667,4 @@ def it_should_not_send_survey expect(user.second_last_signed_in_at).to eq(event2.reload.created_at) end end - - describe '#reproof_for_irs?' do - let(:service_provider) { create(:service_provider) } - - it 'returns false if the service provider is not an attempts API service provider' do - user = create(:user, :proofed) - - expect(user.reproof_for_irs?(service_provider: service_provider)).to be_falsy - end - - context 'an attempts API service provider' do - let(:service_provider) { create(:service_provider, :irs) } - - it 'returns false if the user has not proofed before' do - user = create(:user) - - expect(user.reproof_for_irs?(service_provider: service_provider)).to be_falsy - end - - it 'returns false if the active profile initiating SP was an attempts API SP' do - user = create(:user, :proofed) - - user.active_profile.update!(initiating_service_provider: service_provider) - - expect(user.reproof_for_irs?(service_provider: service_provider)).to be_falsy - end - - it 'returns true if the active profile initiating SP was not an attempts API SP' do - user = create(:user, :proofed) - - expect(user.reproof_for_irs?(service_provider: service_provider)).to be_truthy - end - end - end end diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index e7c8f61a781..09c22c7a6e5 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -42,7 +42,6 @@ config.include Capybara::RSpecMatchers, type: :component config.include AgreementsHelper config.include AnalyticsHelper - config.include IrsAttemptsApiTrackingHelper config.include AwsKmsClientHelper config.include KeyRotationHelper config.include OtpHelper diff --git a/spec/requests/openid_connect_authorize_spec.rb b/spec/requests/openid_connect_authorize_spec.rb index e30adf4f7dd..051b1061602 100644 --- a/spec/requests/openid_connect_authorize_spec.rb +++ b/spec/requests/openid_connect_authorize_spec.rb @@ -1,7 +1,6 @@ require 'rails_helper' -RSpec.describe 'user signs in partially and visits openid_connect/authorize', - allowed_extra_analytics: [:*] do +RSpec.describe 'user signs in partially and visits openid_connect/authorize' do let(:user) { create(:user, :fully_registered, with: { phone: '+1 (202) 555-1213' }) } it 'prompts the user to 2FA' do diff --git a/spec/services/account_reset/delete_account_spec.rb b/spec/services/account_reset/delete_account_spec.rb index 582236929f7..d93340d5742 100644 --- a/spec/services/account_reset/delete_account_spec.rb +++ b/spec/services/account_reset/delete_account_spec.rb @@ -6,7 +6,6 @@ let(:user) { create(:user) } let(:request) { FakeRequest.new } let(:analytics) { FakeAnalytics.new } - let(:fake_attempts_tracker) { IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new } let(:service_provider) do create( @@ -14,7 +13,6 @@ active: true, redirect_uris: ['http://localhost:7654/auth/result'], ial: 2, - irs_attempts_api_enabled: true, ) end @@ -42,38 +40,5 @@ expect(User.find_by(id: user.id)).to be_nil end end - - context 'track irs event' do - before do - allow_any_instance_of(AccountReset::DeleteAccount).to receive( - :irs_attempts_api_tracker, - ).and_return(fake_attempts_tracker) - end - - it 'logs attempts api event with success true if the token is good' do - expect(fake_attempts_tracker).to receive(:account_reset_account_deleted).with( - success: true, - ) - - create_account_reset_request_for(user, service_provider.issuer) - grant_request(user) - token = AccountResetRequest.where(user_id: user.id).first.granted_token - AccountReset::DeleteAccount.new(token, request, analytics).call - end - - it 'logs attempts api event with failure reason if the token is expired' do - expect(fake_attempts_tracker).to receive(:account_reset_account_deleted).with( - success: false, - ) - - create_account_reset_request_for(user, service_provider.issuer) - grant_request(user) - - travel_to(Time.zone.now + 2.days) do - token = AccountResetRequest.first.granted_token - AccountReset::DeleteAccount.new(token, request, analytics).call - end - end - end end end diff --git a/spec/services/account_reset/validate_granted_token_spec.rb b/spec/services/account_reset/validate_granted_token_spec.rb deleted file mode 100644 index de23fbaf3d3..00000000000 --- a/spec/services/account_reset/validate_granted_token_spec.rb +++ /dev/null @@ -1,44 +0,0 @@ -require 'rails_helper' - -RSpec.describe AccountReset::ValidateGrantedToken do - include AccountResetHelper - - let(:user) { create(:user) } - let(:request) { FakeRequest.new } - let(:analytics) { FakeAnalytics.new } - let(:fake_attempts_tracker) { IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new } - - let(:service_provider) do - create( - :service_provider, - active: true, - redirect_uris: ['http://localhost:7654/auth/result'], - ial: 2, - irs_attempts_api_enabled: true, - ) - end - - describe '#call' do - context 'track irs event' do - before do - allow_any_instance_of(AccountReset::ValidateGrantedToken).to receive( - :irs_attempts_api_tracker, - ).and_return(fake_attempts_tracker) - end - - it 'logs attempts api event with failure reason if the token is expired' do - expect(fake_attempts_tracker).to receive(:account_reset_account_deleted).with( - success: false, - ) - - create_account_reset_request_for(user, service_provider.issuer) - grant_request(user) - - travel_to(Time.zone.now + 2.days) do - token = AccountResetRequest.first.granted_token - AccountReset::ValidateGrantedToken.new(token, request, analytics).call - end - end - end - end -end diff --git a/spec/services/idv/agent_spec.rb b/spec/services/idv/agent_spec.rb index 86c46ab809f..523b38445fe 100644 --- a/spec/services/idv/agent_spec.rb +++ b/spec/services/idv/agent_spec.rb @@ -133,6 +133,30 @@ end end + it 'passes the correct service provider to the ResolutionProofingJob' do + issuer = 'https://rp1.serviceprovider.com/auth/saml/metadata' + document_capture_session.update!(issuer: issuer) + agent = Idv::Agent.new( + Idp::Constants::MOCK_IDV_APPLICANT.merge(uuid: user.uuid, ssn: '999-99-9999'), + ) + + expect(ResolutionProofingJob).to receive(:perform_later).with( + hash_including( + service_provider_issuer: issuer, + ), + ) + + agent.proof_resolution( + document_capture_session, + should_proof_state_id: true, + trace_id: trace_id, + user_id: user.id, + threatmetrix_session_id: nil, + request_ip: request_ip, + ipp_enrollment_in_progress: ipp_enrollment_in_progress, + ) + end + it 'returns an unsuccessful result and notifies exception trackers if an exception occurs' do agent = Idv::Agent.new( Idp::Constants::MOCK_IDV_APPLICANT_WITH_SSN.merge( @@ -159,10 +183,10 @@ ) end - context 'successfully proofs in IPP flow' do + context 'in-person proofing is enabled' do let(:ipp_enrollment_in_progress) { true } - it 'returns a successful result' do + it 'returns a successful result if resolution passes' do addr = Idp::Constants::MOCK_IDV_APPLICANT_STATE_ID_ADDRESS agent = Idv::Agent.new(addr.merge(uuid: user.uuid)) agent.proof_resolution( diff --git a/spec/services/idv/lexis_nexis_instant_verify_spec.rb b/spec/services/idv/lexis_nexis_instant_verify_spec.rb deleted file mode 100644 index 2b0e5ff8ce4..00000000000 --- a/spec/services/idv/lexis_nexis_instant_verify_spec.rb +++ /dev/null @@ -1,75 +0,0 @@ -require 'rails_helper' - -RSpec.describe Idv::LexisNexisInstantVerify do - let(:session_uuid) { SecureRandom.uuid } - let(:default_workflow) { 'legacy_workflow' } - let(:alternate_workflow) { 'equitable_workflow' } - let(:ab_testing_enabled) { false } - - subject { Idv::LexisNexisInstantVerify.new(session_uuid) } - - before do - allow(IdentityConfig.store). - to receive(:lexisnexis_instant_verify_workflow_ab_testing_enabled). - and_return(ab_testing_enabled) - allow(IdentityConfig.store). - to receive(:lexisnexis_instant_verify_workflow_ab_testing_percent). - and_return(5) - allow(IdentityConfig.store). - to receive(:lexisnexis_instant_verify_workflow). - and_return(default_workflow) - allow(IdentityConfig.store). - to receive(:lexisnexis_instant_verify_workflow_alternate). - and_return(alternate_workflow) - end - - context 'with lexisnexis instant verify workflow A/B testing disabled' do - let(:ab_testing_enabled) { false } - - it 'returns correct variables' do - variables = subject.workflow_ab_testing_variables - - expect(variables[:ab_testing_enabled]).to eq(false) - expect(variables[:use_alternate_workflow]).to eq(false) - expect(variables[:instant_verify_workflow]).to eq(default_workflow) - end - end - - context 'with lexisnexis instant verify workflow A/B testing enabled' do - let(:ab_testing_enabled) { true } - - context 'and A/B test specifies the alternate workflow' do - before do - stub_const( - 'AbTests::LEXISNEXIS_INSTANT_VERIFY_WORKFLOW', - FakeAbTestBucket.new.tap { |ab| ab.assign(session_uuid => :use_alternate_workflow) }, - ) - end - - it 'returns correct variables' do - variables = subject.workflow_ab_testing_variables - - expect(variables[:ab_testing_enabled]).to eq(true) - expect(variables[:use_alternate_workflow]).to eq(true) - expect(variables[:instant_verify_workflow]).to eq(alternate_workflow) - end - end - - context 'and A/B test specifies the default workflow' do - before do - stub_const( - 'AbTests::LEXISNEXIS_INSTANT_VERIFY_WORKFLOW', - FakeAbTestBucket.new.tap { |ab| ab.assign(session_uuid => 0) }, - ) - end - - it 'returns correct variables' do - variables = subject.workflow_ab_testing_variables - - expect(variables[:ab_testing_enabled]).to eq(true) - expect(variables[:use_alternate_workflow]).to eq(false) - expect(variables[:instant_verify_workflow]).to eq(default_workflow) - end - end - end -end diff --git a/spec/services/idv/phone_confirmation_session_spec.rb b/spec/services/idv/phone_confirmation_session_spec.rb index 3b883084853..66aa09b2b2c 100644 --- a/spec/services/idv/phone_confirmation_session_spec.rb +++ b/spec/services/idv/phone_confirmation_session_spec.rb @@ -38,63 +38,16 @@ end describe '.generate_code' do - let(:ab_test_enabled) { false } - before do - allow(IdentityConfig.store).to receive(:ab_testing_idv_ten_digit_otp_enabled). - and_return(ab_test_enabled) - end - - context 'A/B test not enabled' do - it 'generates a six-character alphanumeric code' do - code = described_class.generate_code(user: user, delivery_method: :voice) + it 'generates a six-character alphanumeric code for sms' do + code = described_class.generate_code(delivery_method: :sms) - expect(code).to match(six_char_alphanumeric) - end + expect(code).to match(six_char_alphanumeric) end - context '10-digit A/B test enabled' do - let(:ab_test_enabled) { true } - - context '10-digit A/B test puts user in :six_alphanumeric_otp bucket' do - before do - stub_const( - 'AbTests::IDV_TEN_DIGIT_OTP', - FakeAbTestBucket.new.tap { |ab| ab.assign(user.uuid => :six_alphanumeric_otp) }, - ) - end - it 'generates a six-character alphanumeric code for sms' do - code = described_class.generate_code(user: user, delivery_method: :sms) + it 'generates a ten-digit numeric code for voice' do + code = described_class.generate_code(delivery_method: :voice) - expect(code).to match(six_char_alphanumeric) - end - - it 'generates a six-character alphanumeric code for voice' do - code = described_class.generate_code(user: user, delivery_method: :voice) - - expect(code).to match(six_char_alphanumeric) - end - end - - context '10-digit A/B test puts user in :ten_digit_otp bucket' do - before do - stub_const( - 'AbTests::IDV_TEN_DIGIT_OTP', - FakeAbTestBucket.new.tap { |ab| ab.assign(user.uuid => :ten_digit_otp) }, - ) - end - - it 'generates a six-character alphanumeric code for sms' do - code = described_class.generate_code(user: user, delivery_method: :sms) - - expect(code).to match(six_char_alphanumeric) - end - - it 'generates a ten-digit numeric code for voice' do - code = described_class.generate_code(user: user, delivery_method: :voice) - - expect(code).to match(ten_digit_numeric) - end - end + expect(code).to match(ten_digit_numeric) end end diff --git a/spec/services/idv/phone_step_spec.rb b/spec/services/idv/phone_step_spec.rb index bf1c7495f56..a5213b09c6f 100644 --- a/spec/services/idv/phone_step_spec.rb +++ b/spec/services/idv/phone_step_spec.rb @@ -1,8 +1,6 @@ require 'rails_helper' RSpec.describe Idv::PhoneStep, allowed_extra_analytics: [:*] do - before { stub_attempts_tracker } - let(:user) { create(:user) } let(:service_provider) do create( @@ -37,7 +35,6 @@ Proofing::Mock::AddressMockClient::PROOFER_TIMEOUT_PHONE_NUMBER end let(:trace_id) { SecureRandom.uuid } - let(:attempts_tracker) { @irs_attempts_api_tracker } let(:analytics) { FakeAnalytics.new } subject do @@ -45,7 +42,6 @@ idv_session: idv_session, trace_id: trace_id, analytics: analytics, - attempts_tracker: attempts_tracker, ) end @@ -131,13 +127,6 @@ end.to(change { rate_limiter.fetch_state!.attempts }.by(1)) end - it 'logs a rate limited attempts_tracker event' do - rate_limiter.increment_to_limited! - - expect(@irs_attempts_api_tracker).to receive(:idv_phone_otp_sent_rate_limited) - subject.submit(phone: bad_phone) - end - it 'marks the phone as unconfirmed if it matches 2FA phone' do user.phone_configurations = [build(:phone_configuration, user: user, phone: good_phone)] diff --git a/spec/services/idv/send_phone_confirmation_otp_spec.rb b/spec/services/idv/send_phone_confirmation_otp_spec.rb index 78d10f72e1e..72bb15575fa 100644 --- a/spec/services/idv/send_phone_confirmation_otp_spec.rb +++ b/spec/services/idv/send_phone_confirmation_otp_spec.rb @@ -94,8 +94,8 @@ to: phone, expiration: 10, channel: :voice, - otp_format: 'character', - otp_length: '6', + otp_format: 'digit', + otp_length: '10', domain: IdentityConfig.store.domain_name, country_code: 'US', extra_metadata: { diff --git a/spec/services/marketing_site_spec.rb b/spec/services/marketing_site_spec.rb index 7746e4bf795..a49dd628769 100644 --- a/spec/services/marketing_site_spec.rb +++ b/spec/services/marketing_site_spec.rb @@ -135,6 +135,24 @@ end end + describe '.accessibility_statement_url' do + subject(:url) { MarketingSite.accessibility_statement_url } + + it_behaves_like 'a marketing site URL' + + it 'points to the accessibility statement' do + expect(url).to eq('https://www.login.gov/accessibility/') + end + + context 'when the user has set their locale to :es' do + before { I18n.locale = :es } + + it 'points to the accessibility statement with the locale appended' do + expect(url).to eq('https://www.login.gov/es/accessibility/') + end + end + end + describe '.help_center_article_url' do let(:category) {} let(:article) {} diff --git a/spec/services/proofing/resolution/progressive_proofer_spec.rb b/spec/services/proofing/resolution/progressive_proofer_spec.rb index f5ee93080e6..88c0778bb60 100644 --- a/spec/services/proofing/resolution/progressive_proofer_spec.rb +++ b/spec/services/proofing/resolution/progressive_proofer_spec.rb @@ -29,7 +29,7 @@ let(:dcs_uuid) { SecureRandom.uuid } let(:instance) do - instance = described_class.new(instant_verify_ab_test_discriminator: dcs_uuid) + instance = described_class.new allow(instance).to receive(:user_can_pass_after_state_id_check?).and_call_original instance end @@ -72,16 +72,6 @@ } end - let(:ab_test_variables) { {} } - - let(:lniv) do - instance_double( - Idv::LexisNexisInstantVerify, - dcs_uuid, - workflow_ab_testing_variables: ab_test_variables, - ) - end - let(:resolution_result) do instance_double(Proofing::Resolution::Result, success?: true, errors: nil) end @@ -101,14 +91,7 @@ def block_real_instant_verify_requests end before do - # Remove the next two lines and un-comment the following line when - # the LexiNexis Instant Verify A/B test is ended - allow(Proofing::LexisNexis::InstantVerify::Proofer).to receive(:new). - and_return(instant_verify_proofer) - allow(Idv::LexisNexisInstantVerify).to receive(:new).and_return(lniv) - # uncomment after removing the above - # allow(instance).to receive(:resolution_proofer).and_return(instant_verify_proofer) - + allow(instance).to receive(:resolution_proofer).and_return(instant_verify_proofer) allow(instance).to receive(:lexisnexis_ddp_proofer).and_return(threatmetrix_proofer) allow(instance).to receive(:state_id_proofer).and_return(aamva_proofer) @@ -199,44 +182,6 @@ def block_real_instant_verify_requests expect(device_profiling_result.review_status).to eq('pass') end end - - # Remove the mocks: - # `Proofing::LexisNexis::InstantVerify::Proofer#new` - # `Proofing::LexisNexis::InstantVerify#new` - # in the outermost `before` block after removing this context. - context 'LexisNexis Instant Verify A/B test enabled' do - let(:ab_test_variables) do - { - ab_testing_enabled: true, - use_alternate_workflow: true, - instant_verify_workflow: 'equitable_workflow', - } - end - - before { proof } - - it 'uses the selected workflow' do - expect(Proofing::LexisNexis::InstantVerify::Proofer).to( - have_received(:new).with( - hash_including( - instant_verify_workflow: 'equitable_workflow', - ), - ), - ) - end - end - - context 'remote flow does not augment pii' do - it 'proofs with untransformed pii' do - proof - - expect(aamva_proofer).to have_received(:proof).with(applicant_pii) - expect(proof.same_address_as_id).to eq(nil) - expect(proof.ipp_enrollment_in_progress).to eq(false) - expect(proof.residential_resolution_result.vendor_name). - to eq('ResidentialAddressNotRequired') - end - end end context 'ipp flow' do diff --git a/spec/services/request_password_reset_spec.rb b/spec/services/request_password_reset_spec.rb index 3fdeca4a58d..8b079c9b6bd 100644 --- a/spec/services/request_password_reset_spec.rb +++ b/spec/services/request_password_reset_spec.rb @@ -6,17 +6,6 @@ let(:request_id) { SecureRandom.uuid } let(:email_address) { user.email_addresses.first } let(:email) { email_address.email } - let(:irs_attempts_api_tracker) do - instance_double( - IrsAttemptsApi::Tracker, - forgot_password_email_sent: true, - forgot_password_email_rate_limited: true, - ) - end - - before do - allow(IrsAttemptsApi::Tracker).to receive(:new).and_return(irs_attempts_api_tracker) - end context 'when the user is not found' do it 'sends the user missing email' do @@ -30,7 +19,6 @@ RequestPasswordReset.new( email: email, - irs_attempts_api_tracker: irs_attempts_api_tracker, request_id: request_id, ).perform end @@ -38,10 +26,7 @@ context 'when the user is found' do subject(:perform) do - described_class.new( - email: email, - irs_attempts_api_tracker: irs_attempts_api_tracker, - ).perform + described_class.new(email:).perform end before do @@ -77,20 +62,11 @@ subject end - - it 'calls irs tracking method forgot_password_email_sent' do - subject - - expect(irs_attempts_api_tracker).to have_received(:forgot_password_email_sent).once - end end context 'when the user is found, but is suspended' do subject(:perform) do - described_class.new( - email: email, - irs_attempts_api_tracker: irs_attempts_api_tracker, - ).perform + described_class.new(email:).perform end before do @@ -134,12 +110,6 @@ subject end - - it 'does not call irs tracking method forgot_password_email_sent' do - subject - - expect(irs_attempts_api_tracker).not_to have_received(:forgot_password_email_sent) - end end context 'when the user is found, not privileged, and not yet confirmed' do @@ -155,10 +125,7 @@ end expect do - RequestPasswordReset.new( - email: email, - irs_attempts_api_tracker: irs_attempts_api_tracker, - ).perform + RequestPasswordReset.new(email:).perform end. to(change { user.reload.reset_password_token }) end @@ -181,7 +148,6 @@ RequestPasswordReset.new( email:, - irs_attempts_api_tracker:, request_id:, ).perform end @@ -196,16 +162,10 @@ end it 'always finds the user with the confirmed email address' do - form = RequestPasswordReset.new( - **email_param, - irs_attempts_api_tracker: irs_attempts_api_tracker, - ) + form = RequestPasswordReset.new(**email_param) form.perform expect(form.send(:user)).to eq(@user_confirmed) - expect(irs_attempts_api_tracker).to have_received(:forgot_password_email_sent).with( - email_param, - ) end end @@ -219,7 +179,6 @@ RequestPasswordReset.new( email: email, analytics: analytics, - irs_attempts_api_tracker: irs_attempts_api_tracker, ).perform end. to(change { user.reload.reset_password_token }) @@ -230,7 +189,6 @@ RequestPasswordReset.new( email: email, analytics: analytics, - irs_attempts_api_tracker: irs_attempts_api_tracker, ).perform end. to_not(change { user.reload.reset_password_token }) @@ -239,9 +197,6 @@ 'Rate Limit Reached', limiter_type: :reset_password_email, ) - expect(irs_attempts_api_tracker).to have_received(:forgot_password_email_rate_limited).with( - email: email, - ) end it 'only sends a push notification when the attempts have not been rate limited' do @@ -256,7 +211,6 @@ RequestPasswordReset.new( email: email, analytics: analytics, - irs_attempts_api_tracker: irs_attempts_api_tracker, ).perform end. to(change { user.reload.reset_password_token }) @@ -267,7 +221,6 @@ RequestPasswordReset.new( email: email, analytics: analytics, - irs_attempts_api_tracker: irs_attempts_api_tracker, ).perform end. to_not(change { user.reload.reset_password_token }) diff --git a/spec/services/sp_handoff_bouncer_spec.rb b/spec/services/sp_handoff_bouncer_spec.rb new file mode 100644 index 00000000000..358cb3fcbda --- /dev/null +++ b/spec/services/sp_handoff_bouncer_spec.rb @@ -0,0 +1,52 @@ +require 'rails_helper' + +RSpec.describe SpHandoffBouncer do + let(:sp_session) { {} } + let(:now) { Time.zone.now } + subject(:bouncer) { SpHandoffBouncer.new(sp_session) } + + describe '#add_handoff_time!' do + it 'sets the handoff time in the session' do + expect { bouncer.add_handoff_time!(now) }. + to(change { sp_session[:sp_handoff_start_time] }.to(now)) + end + end + + describe '#bounced?' do + subject(:bounced?) { bouncer.bounced? } + + context 'with no handoff start time in the session' do + it { expect(bounced?).to eq(false) } + end + + context 'with a handoff time (as a string) in the session that is within the bounce window' do + before do + bouncer.add_handoff_time!( + (now + 1 - IdentityConfig.store.sp_handoff_bounce_max_seconds.seconds).to_s, + ) + end + + it { expect(bounced?).to eq(true) } + end + + context 'with a handoff time (as a time) in the session that is within the bounce window' do + before do + bouncer.add_handoff_time!( + now + 1 - IdentityConfig.store.sp_handoff_bounce_max_seconds.seconds, + ) + end + + it { expect(bounced?).to eq(true) } + end + + context 'with a handoff time (as a string) in the session that older than the bounce window' do + before do + bouncer.add_handoff_time!( + (now - 1 - IdentityConfig.store.sp_handoff_bounce_max_seconds.seconds).to_s, + ) + end + + it { expect(bounced?).to eq(false) } + end + end +end diff --git a/spec/support/fake_attempts_tracker.rb b/spec/support/fake_attempts_tracker.rb deleted file mode 100644 index 768a9c045ff..00000000000 --- a/spec/support/fake_attempts_tracker.rb +++ /dev/null @@ -1,17 +0,0 @@ -module IrsAttemptsApiTrackingHelper - class FakeAttemptsTracker - include IrsAttemptsApi::TrackerEvents - - attr_reader :events - - def initialize - @events = Hash.new - end - - def track_event(event, attributes = {}) - events[event] ||= [] - events[event] << attributes - nil - end - end -end diff --git a/spec/support/features/irs_attempts_api_tracking_helper.rb b/spec/support/features/irs_attempts_api_tracking_helper.rb deleted file mode 100644 index 8bb29415fe9..00000000000 --- a/spec/support/features/irs_attempts_api_tracking_helper.rb +++ /dev/null @@ -1,13 +0,0 @@ -module IrsAttemptsApiTrackingHelper - def stub_attempts_tracker - irs_attempts_api_tracker = FakeAttemptsTracker.new - - if respond_to?(:controller) - allow(controller).to receive(:irs_attempts_api_tracker).and_return(irs_attempts_api_tracker) - else - allow(self).to receive(:irs_attempts_api_tracker).and_return(irs_attempts_api_tracker) - end - - @irs_attempts_api_tracker = irs_attempts_api_tracker - end -end diff --git a/spec/views/sign_up/registrations/new.html.erb_spec.rb b/spec/views/sign_up/registrations/new.html.erb_spec.rb index a1b3742b4fc..f0000703d30 100644 --- a/spec/views/sign_up/registrations/new.html.erb_spec.rb +++ b/spec/views/sign_up/registrations/new.html.erb_spec.rb @@ -13,7 +13,6 @@ allow(view).to receive(:current_user).and_return(nil) @register_user_email_form = RegisterUserEmailForm.new( analytics: FakeAnalytics.new, - attempts_tracker: IrsAttemptsApiTrackingHelper::FakeAttemptsTracker.new, ) view_context = ActionController::Base.new.view_context allow(view_context).to receive(:new_user_session_url).