Deploy RC 387 to Prod

.gitlab-ci.yml

@@ -144,6 +144,56 @@ build-review-image:
       --build-arg "ARG_CI_COMMIT_BRANCH=${CI_COMMIT_BRANCH}"
       --build-arg "ARG_CI_COMMIT_SHA=${CI_COMMIT_SHA}"
 
+build-idp-image:
+  stage: review
+  needs: []
+  interruptible: true
+  variables:
+    BRANCH_TAGGING_STRING: ''
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      variables:
+        BRANCH_TAGGING_STRING: '--destination ${ECR_REGISTRY}/identity-idp/idp:main'
+    - if: $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+    - if: $CI_PIPELINE_SOURCE != "merge_request_event"
+      when: never
+  tags:
+    - build-pool
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: ['']
+  script:
+    - mkdir -p /kaniko/.docker
+    - echo ${CI_ENVIRONMENT_SLUG}
+    - echo $CI_ENVIRONMENT_SLUG
+    - echo $CI_COMMIT_BRANCH
+    - echo $CI_COMMIT_SHA
+    - |-
+      KANIKOCFG="\"credsStore\":\"ecr-login\""
+      if [ "x${http_proxy}" != "x" -o "x${https_proxy}" != "x" ]; then
+        KANIKOCFG="${KANIKOCFG}, \"proxies\": { \"default\": { \"httpProxy\": \"${http_proxy}\", \"httpsProxy\": \"${https_proxy}\", \"noProxy\": \"${no_proxy}\"}}"
+      fi
+      KANIKOCFG="{ ${KANIKOCFG} }"
+      echo "${KANIKOCFG}" > /kaniko/.docker/config.json
+    - >-
+      /kaniko/executor
+      --context "${CI_PROJECT_DIR}"
+      --dockerfile "${CI_PROJECT_DIR}/dockerfiles/idp_prod.Dockerfile"
+      --destination "${ECR_REGISTRY}/identity-idp/idp:${CI_COMMIT_SHA}"
+      ${BRANCH_TAGGING_STRING}
+      --cache-repo="${ECR_REGISTRY}/identity-idp/idp/cache"
+      --cache-ttl=168h
+      --cache=true
+      --compressed-caching=false
+      --build-arg "http_proxy=${http_proxy}"
+      --build-arg "https_proxy=${https_proxy}"
+      --build-arg "no_proxy=${no_proxy}"
+      --build-arg "ARG_CI_ENVIRONMENT_SLUG=${CI_ENVIRONMENT_SLUG}"
+      --build-arg "ARG_CI_COMMIT_BRANCH=${CI_COMMIT_BRANCH}"
+      --build-arg "ARG_CI_COMMIT_SHA=${CI_COMMIT_SHA}"
+      --build-arg "LARGE_FILES_TOKEN=${LARGE_FILES_TOKEN}"
+      --build-arg "LARGE_FILES_USER=${LARGE_FILES_USER}"
+
 check_changelog:
   stage: test
   variables:

Gemfile

@@ -68,7 +68,7 @@ gem 'rqrcode'
 gem 'ruby-progressbar'
 gem 'ruby-saml'
 gem 'safe_target_blank', '>= 1.0.2'
-gem 'saml_idp', github: '18F/saml_idp', tag: '0.21.1-18f'
+gem 'saml_idp', github: '18F/saml_idp', tag: '0.21.0-18f'
 gem 'scrypt'
 gem 'simple_form', '>= 5.0.2'
 gem 'stringex', require: false

Gemfile.lock

@@ -35,10 +35,10 @@ GIT
 
 GIT
   remote: https://github.com/18F/saml_idp.git
-  revision: 85c9a24bd4edab43320d0454e2c0e2fac31ffb90
-  tag: 0.21.1-18f
+  revision: 33275d69f7609e448942d6e3ce5c27779920995f
+  tag: 0.21.0-18f
   specs:
-    saml_idp (0.21.1.pre.18f)
+    saml_idp (0.21.0.pre.18f)
       activesupport
       builder
       faraday
@@ -79,71 +79,71 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.1.3.3)
-      actionpack (= 7.1.3.3)
-      activesupport (= 7.1.3.3)
+    actioncable (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
       zeitwerk (~> 2.6)
-    actionmailbox (7.1.3.3)
-      actionpack (= 7.1.3.3)
-      activejob (= 7.1.3.3)
-      activerecord (= 7.1.3.3)
-      activestorage (= 7.1.3.3)
-      activesupport (= 7.1.3.3)
+    actionmailbox (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activejob (= 7.1.3.4)
+      activerecord (= 7.1.3.4)
+      activestorage (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.1.3.3)
-      actionpack (= 7.1.3.3)
-      actionview (= 7.1.3.3)
-      activejob (= 7.1.3.3)
-      activesupport (= 7.1.3.3)
+    actionmailer (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      actionview (= 7.1.3.4)
+      activejob (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
       rails-dom-testing (~> 2.2)
-    actionpack (7.1.3.3)
-      actionview (= 7.1.3.3)
-      activesupport (= 7.1.3.3)
+    actionpack (7.1.3.4)
+      actionview (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       nokogiri (>= 1.8.5)
       racc
       rack (>= 2.2.4)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    actiontext (7.1.3.3)
-      actionpack (= 7.1.3.3)
-      activerecord (= 7.1.3.3)
-      activestorage (= 7.1.3.3)
-      activesupport (= 7.1.3.3)
+    actiontext (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activerecord (= 7.1.3.4)
+      activestorage (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.1.3.3)
-      activesupport (= 7.1.3.3)
+    actionview (7.1.3.4)
+      activesupport (= 7.1.3.4)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activejob (7.1.3.3)
-      activesupport (= 7.1.3.3)
+    activejob (7.1.3.4)
+      activesupport (= 7.1.3.4)
       globalid (>= 0.3.6)
-    activemodel (7.1.3.3)
-      activesupport (= 7.1.3.3)
-    activerecord (7.1.3.3)
-      activemodel (= 7.1.3.3)
-      activesupport (= 7.1.3.3)
+    activemodel (7.1.3.4)
+      activesupport (= 7.1.3.4)
+    activerecord (7.1.3.4)
+      activemodel (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       timeout (>= 0.4.0)
-    activestorage (7.1.3.3)
-      actionpack (= 7.1.3.3)
-      activejob (= 7.1.3.3)
-      activerecord (= 7.1.3.3)
-      activesupport (= 7.1.3.3)
+    activestorage (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activejob (= 7.1.3.4)
+      activerecord (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       marcel (~> 1.0)
-    activesupport (7.1.3.3)
+    activesupport (7.1.3.4)
       base64
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
@@ -458,7 +458,7 @@ GEM
     pg (1.5.4)
     pg_query (4.2.3)
       google-protobuf (>= 3.22.3)
-    phonelib (0.8.8)
+    phonelib (0.8.9)
     pkcs11 (0.3.4)
     premailer (1.21.0)
       addressable
@@ -513,20 +513,20 @@ GEM
     rackup (2.1.0)
       rack (>= 3)
       webrick (~> 1.8)
-    rails (7.1.3.3)
-      actioncable (= 7.1.3.3)
-      actionmailbox (= 7.1.3.3)
-      actionmailer (= 7.1.3.3)
-      actionpack (= 7.1.3.3)
-      actiontext (= 7.1.3.3)
-      actionview (= 7.1.3.3)
-      activejob (= 7.1.3.3)
-      activemodel (= 7.1.3.3)
-      activerecord (= 7.1.3.3)
-      activestorage (= 7.1.3.3)
-      activesupport (= 7.1.3.3)
+    rails (7.1.3.4)
+      actioncable (= 7.1.3.4)
+      actionmailbox (= 7.1.3.4)
+      actionmailer (= 7.1.3.4)
+      actionpack (= 7.1.3.4)
+      actiontext (= 7.1.3.4)
+      actionview (= 7.1.3.4)
+      activejob (= 7.1.3.4)
+      activemodel (= 7.1.3.4)
+      activerecord (= 7.1.3.4)
+      activestorage (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       bundler (>= 1.15.0)
-      railties (= 7.1.3.3)
+      railties (= 7.1.3.4)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -541,9 +541,9 @@ GEM
     rails-i18n (7.0.6)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
-    railties (7.1.3.3)
-      actionpack (= 7.1.3.3)
-      activesupport (= 7.1.3.3)
+    railties (7.1.3.4)
+      actionpack (= 7.1.3.4)
+      activesupport (= 7.1.3.4)
       irb
       rackup (>= 1.0.0)
       rake (>= 12.2)

app/controllers/concerns/idv/verify_info_concern.rb

@@ -296,6 +296,8 @@ def move_applicant_to_idv_session
     end
 
     def add_proofing_costs(results)
+      return if results[:context][:sp_costs_added]
+
       results[:context][:stages].each do |stage, hash|
         if stage == :resolution
           # transaction_id comes from ConversationId

app/controllers/concerns/two_factor_authenticatable_methods.rb

@@ -17,7 +17,14 @@ def handle_valid_verification_for_authentication_context(auth_method:)
 
     if IdentityConfig.store.feature_new_device_alert_aggregation_enabled && new_device?
       if current_user.sign_in_new_device_at.blank?
-        current_user.update(sign_in_new_device_at: disavowal_event.created_at)
+        if sign_in_notification_timeframe_expired_event.present?
+          current_user.update(
+            sign_in_new_device_at: sign_in_notification_timeframe_expired_event.created_at,
+          )
+        else
+          current_user.update(sign_in_new_device_at: disavowal_event.created_at)
+          analytics.sign_in_notification_timeframe_expired_absent
+        end
       end
 
       UserAlerts::AlertUserAboutNewDevice.send_alert(
@@ -87,6 +94,15 @@ def reset_attempt_count_if_user_no_longer_locked_out
     )
   end
 
+  def sign_in_notification_timeframe_expired_event
+    return @sign_in_notification_timeframe_expired_event if defined?(
+      @sign_in_notification_timeframe_expired_event
+    )
+    @sign_in_notification_timeframe_expired_event = current_user.events.where(
+      event_type: 'sign_in_notification_timeframe_expired',
+    ).order(created_at: :desc).limit(1).take
+  end
+
   def handle_remember_device_preference(remember_device_preference)
     save_user_opted_remember_device_pref(remember_device_preference)
     save_remember_device_preference(remember_device_preference)

app/controllers/saml_idp_controller.rb

@@ -131,6 +131,7 @@ def capture_analytics
       requested_ial: requested_ial,
       request_signed: saml_request.signed?,
       matching_cert_serial: saml_request.service_provider.matching_cert&.serial&.to_s,
+      requested_nameid_format: saml_request.name_id_format,
     )
     analytics.saml_auth(**analytics_payload)
   end

app/javascript/packages/phone-input/package.json

@@ -4,7 +4,7 @@
   "version": "1.0.0",
   "dependencies": {
     "intl-tel-input": "^17.0.19",
-    "libphonenumber-js": "^1.11.2"
+    "libphonenumber-js": "^1.11.3"
   },
   "sideEffects": [
     "./index.ts"

app/jobs/reports/combined_invoice_supplement_report_v2.rb

@@ -44,13 +44,13 @@ def build_csv(iaas, partner_accounts)
         )
       end
 
-      by_issuer_profile_age_results = iaas.flat_map do |iaa|
-        iaa.issuers.flat_map do |issuer|
+      by_issuer_profile_age_results = partner_accounts.flat_map do |partner_account|
+        partner_account.issuers.flat_map do |issuer|
           Db::MonthlySpAuthCount::NewUniqueMonthlyUserCountsByPartner.call(
-            partner: issuer, # just a label
+            partner: partner_account.partner,
             issuers: [issuer],
-            start_date: iaa.start_date,
-            end_date: iaa.end_date,
+            start_date: partner_account.start_date,
+            end_date: partner_account.end_date,
           )
         end
       end
@@ -103,7 +103,7 @@ def combine_by_iaa_month(
           'partner_ial2_new_unique_users_year4',
           'partner_ial2_new_unique_users_year5',
           'partner_ial2_new_unique_users_year_greater_than_5',
-          'partner_ial2_new_unique_users_year_unknown',
+          'partner_ial2_new_unique_users_unknown',
 
           'issuer_ial1_total_auth_count',
           'issuer_ial2_total_auth_count',
@@ -118,7 +118,7 @@ def combine_by_iaa_month(
           'issuer_ial2_new_unique_users_year4',
           'issuer_ial2_new_unique_users_year5',
           'issuer_ial2_new_unique_users_year_greater_than_5',
-          'issuer_ial2_new_unique_users_year_unknown',
+          'issuer_ial2_new_unique_users_unknown',
         ]
         by_issuer_iaa_issuer_year_months.each do |iaa_key, issuer_year_months|
           issuer_year_months.each do |issuer, year_months_data|
@@ -161,7 +161,7 @@ def combine_by_iaa_month(
                 partner_results[:partner_ial2_new_unique_users_year4] || 0,
                 partner_results[:partner_ial2_new_unique_users_year5] || 0,
                 partner_results[:partner_ial2_new_unique_users_year_greater_than_5] || 0,
-                partner_results[:partner_ial2_new_unique_users_year_unknown] || 0,
+                partner_results[:partner_ial2_new_unique_users_unknown] || 0,
 
                 (ial1_total_auth_count = extract(issuer_results, :total_auth_count, ial: 1)),
                 (ial2_total_auth_count = extract(issuer_results, :total_auth_count, ial: 2)),
@@ -176,7 +176,7 @@ def combine_by_iaa_month(
                 issuer_profile_age_results[:partner_ial2_new_unique_users_year4] || 0,
                 issuer_profile_age_results[:partner_ial2_new_unique_users_year5] || 0,
                 issuer_profile_age_results[:partner_ial2_new_unique_users_year_greater_than_5] || 0,
-                issuer_profile_age_results[:partner_ial2_new_unique_users_year_unknown] || 0,
+                issuer_profile_age_results[:partner_ial2_new_unique_users_unknown] || 0,
               ]
             end
           end