Deploy RC 404 to Production

app/assets/stylesheets/email.css.scss

@@ -117,27 +117,25 @@ h6 {
   }
 }
 
-.info-alert,
-.warning-alert {
-  padding: 0 units(0.5);
+.usa-alert {
+  border-left: units($theme-alert-bar-width) solid;
 
   td {
-    padding: units(1.5);
-    padding-right: units(1);
+    padding: units(1.5) 0;
 
-    & + td {
-      padding-left: 0;
-      padding-right: units(1.5);
+    &:first-child {
+      padding-left: $alert-icon-optical-padding;
+      padding-right: units(1);
     }
   }
-}
 
-.info-alert {
-  background-color: color('info-lighter');
-}
+  &.usa-alert--info {
+    @include alert-status-wrapper-styles('info');
+  }
 
-.warning-alert {
-  background-color: color('warning-lighter');
+  &.usa-alert--warning {
+    @include alert-status-wrapper-styles('warning');
+  }
 }
 
 .process-list td {

app/controllers/redirect/policy_controller.rb

@@ -3,10 +3,18 @@
 module Redirect
   class PolicyController < RedirectController
     def show
-      redirect_to_and_log(
-        MarketingSite.security_and_privacy_practices_url,
-        tracker_method: analytics.method(:policy_redirect),
-      )
+      redirect_to_and_log(policy_url, tracker_method: analytics.method(:policy_redirect))
+    end
+
+    private
+
+    def policy_url
+      case params[:policy]
+      when 'privacy_act_statement'
+        MarketingSite.privacy_act_statement_url
+      else
+        MarketingSite.security_and_privacy_practices_url
+      end
     end
   end
 end

app/forms/idv/api_image_upload_form.rb

@@ -348,6 +348,7 @@ def update_analytics(client_response:, vendor_request_time_in_ms:)
       update_funnel(client_response)
       birth_year = client_response.pii_from_doc&.dob&.to_date&.year
       zip_code = client_response.pii_from_doc&.zipcode&.to_s&.strip&.slice(0, 5)
+      issue_year = client_response.pii_from_doc&.state_id_issued&.to_date&.year
       analytics.idv_doc_auth_submitted_image_upload_vendor(
         **client_response.to_h.merge(
           birth_year: birth_year,
@@ -356,6 +357,7 @@ def update_analytics(client_response:, vendor_request_time_in_ms:)
           flow_path: params[:flow_path],
           vendor_request_time_in_ms: vendor_request_time_in_ms,
           zip_code: zip_code,
+          issue_year: issue_year,
         ).except(:classification_info).
         merge(acuant_sdk_upgrade_ab_test_data),
       )

app/javascript/packages/webauthn/enroll-webauthn-device.spec.ts

@@ -85,10 +85,10 @@ describe('enrollWebauthnDevice', () => {
           ],
           timeout: 800000,
           attestation: 'none',
+          hints: ['security-key'],
           authenticatorSelection: {
             userVerification: 'discouraged',
             authenticatorAttachment: 'cross-platform',
-            hints: ['security-key'],
           },
           excludeCredentials: [
             {
@@ -139,9 +139,9 @@ describe('enrollWebauthnDevice', () => {
 
         expect(navigator.credentials.create).to.have.been.calledWithMatch({
           publicKey: {
+            hints: ['client-device'],
             authenticatorSelection: {
               authenticatorAttachment: 'platform',
-              hints: ['client-device'],
             },
           },
         });

app/javascript/packages/webauthn/enroll-webauthn-device.ts

@@ -41,7 +41,7 @@ interface EnrollResult {
   transports?: string[];
 }
 
-interface AuthenticatorSelectionCriteriaWithHints extends AuthenticatorSelectionCriteria {
+interface PublicKeyCredentialCreationOptionsWithHints extends PublicKeyCredentialCreationOptions {
   hints?: Array<PublicKeyCredentialHintType>;
 }
 
@@ -94,14 +94,14 @@ async function enrollWebauthnDevice({
       pubKeyCredParams: SUPPORTED_ALGORITHMS.map((alg) => ({ alg, type: 'public-key' })),
       timeout: 800000,
       attestation: 'none',
+      hints,
       authenticatorSelection: {
         // Prevents user from needing to use PIN with Security Key
         userVerification: 'discouraged',
         authenticatorAttachment,
-        hints,
-      } as AuthenticatorSelectionCriteriaWithHints,
+      },
       excludeCredentials,
-    },
+    } as PublicKeyCredentialCreationOptionsWithHints,
   })) as PublicKeyCredential;
 
   const response = credential.response as AuthenticatorAttestationResponseBrowserSupport;

app/jobs/get_usps_proofing_results_job.rb

@@ -103,7 +103,7 @@ def check_enrollment(enrollment)
     enrollment_outcomes[:enrollments_checked] += 1
 
     response = proofer.request_proofing_results(
-      enrollment.unique_id, enrollment.enrollment_code
+      enrollment,
     )
   rescue Faraday::BadRequestError => err
     # 400 status code. This is used for some status updates and some common client errors

app/models/doc_auth_log.rb

@@ -12,10 +12,6 @@ class DocAuthLog < ApplicationRecord
   # rubocop:disable Rails/UnusedIgnoredColumns
   self.ignored_columns = [
     :aamva,
-    :email_sent_view_at,
-    :email_sent_view_count,
-    :send_link_view_at,
-    :send_link_view_count,
   ]
   # rubocop:enable Rails/UnusedIgnoredColumns
 end

app/policies/mfa_policy.rb

@@ -15,6 +15,10 @@ def phishing_resistant_mfa_enabled?
       mfa_user.webauthn_configurations.present?
   end
 
+  def piv_cac_mfa_enabled?
+    mfa_user.piv_cac_configurations.present?
+  end
+
   def multiple_factors_enabled?
     mfa_user.enabled_mfa_methods_count > 1
   end

app/presenters/two_factor_options_presenter.rb

@@ -43,7 +43,12 @@ def all_options_sorted
       TwoFactorAuthentication::SetUpPivCacSelectionPresenter,
       TwoFactorAuthentication::SetUpBackupCodeSelectionPresenter,
     ].map do |klass|
-      klass.new(user:, piv_cac_required:, phishing_resistant_required:, user_agent:)
+      klass.new(
+        user:,
+        piv_cac_required: piv_cac_required?,
+        phishing_resistant_required: phishing_resistant_only?,
+        user_agent:,
+      )
     end.
       partition(&:recommended?).
       flatten
@@ -106,11 +111,13 @@ def skip_label
   private
 
   def piv_cac_required?
-    @piv_cac_required
+    @piv_cac_required &&
+      !mfa_policy.piv_cac_mfa_enabled?
   end
 
   def phishing_resistant_only?
-    @phishing_resistant_required && !mfa_policy.phishing_resistant_mfa_enabled?
+    @phishing_resistant_required &&
+      !mfa_policy.phishing_resistant_mfa_enabled?
   end
 
   def mfa_policy

app/services/usps_in_person_proofing/mock/fixtures.rb

@@ -115,10 +115,6 @@ def self.request_in_progress_proofing_results_response
         load_response_fixture('request_in_progress_proofing_results_response.json')
       end
 
-      def self.request_enrollment_code_response
-        load_response_fixture('request_enrollment_code_response.json')
-      end
-
       def self.load_response_fixture(filename)
         path = File.join(
           File.dirname(__FILE__),

app/services/usps_in_person_proofing/mock/proofer.rb

@@ -40,7 +40,7 @@ def request_facilities(_location, is_enhanced_ipp)
         end
       end
 
-      def request_proofing_results(_unique_id, _enrollment_code)
+      def request_proofing_results(_enrollment)
         JSON.parse(Fixtures.request_passed_proofing_results_response)
       end
     end

app/services/usps_in_person_proofing/proofer.rb

@@ -73,45 +73,25 @@ def request_enroll(applicant, is_enhanced_ipp)
     end
 
     # Makes HTTP request to retrieve proofing status
-    # Requires the applicant's enrollment code and unique ID.
+    # Requires the applicant's InPersonEnrollment.
     # When proofing is complete the API returns 200 status.
     # If the applicant has not been to the post office, has proofed recently,
     # or there is another issue, the API returns a 400 status with an error message.
-    # @param unique_id [String]
-    # @param enrollment_code [String]
+    # param enrollment [InPersonEnrollment]
     # @return [Hash] API response
-    def request_proofing_results(unique_id, enrollment_code)
+    def request_proofing_results(enrollment)
       url = "#{root_url}/ivs-ippaas-api/IPPRest/resources/rest/getProofingResults"
       request_body = {
-        sponsorID: sponsor_id,
-        uniqueID: unique_id,
-        enrollmentCode: enrollment_code,
+        sponsorID: enrollment.sponsor_id.to_i,
+        uniqueID: enrollment.unique_id,
+        enrollmentCode: enrollment.enrollment_code,
       }
 
       faraday.post(url, request_body, dynamic_headers) do |req|
         req.options.context = { service_name: 'usps_proofing_results' }
       end.body
     end
 
-    # Makes HTTP request to retrieve enrollment code
-    # If an applicant has a currently valid enrollment code, it will be returned.
-    # If they do not, a new one will be generated and returned. USPS sends the applicant an email
-    # with instructions and the enrollment code.
-    # Requires the applicant's unique ID.
-    # @param unique_id [String]
-    # @return [Hash] API response
-    def request_enrollment_code(unique_id)
-      url = "#{root_url}/ivs-ippaas-api/IPPRest/resources/rest/requestEnrollmentCode"
-      request_body = {
-        sponsorID: sponsor_id,
-        uniqueID: unique_id,
-      }
-
-      faraday.post(url, request_body, dynamic_headers) do |req|
-        req.options.context = { service_name: 'usps_enrollment_code' }
-      end.body
-    end
-
     # Makes a request to retrieve a new OAuth token, caches it, and returns it. Tokens have
     # historically had 15 minute expirys
     # @return [String] the token

app/views/account_reset/pending/confirm.html.erb

@@ -1,11 +1,17 @@
 <% self.title = t('account_reset.cancel_request.title') %>
 
+<%= render PageHeadingComponent.new.with_content(t('account_reset.pending.header')) %>
+
 <p><%= t('account_reset.pending.confirm', interval: @account_reset_deletion_period_interval) %></p>
 
-<%= button_to(
-      account_reset_pending_cancel_path,
-      class: 'usa-button usa-button--wide usa-button--big margin-bottom-2',
+<%= render ButtonComponent.new(
+      url: account_reset_pending_cancel_path,
       method: :post,
-    ) { t('forms.buttons.continue') } %>
+      class: 'margin-top-3 margin-bottom-2',
+      wide: true,
+      big: true,
+    ).with_content(t('account_reset.pending.cancel_request')) %>
 
-<%= link_to(t('links.go_back'), account_reset_pending_path) %>
+<div>
+  <%= link_to(t('links.go_back'), account_reset_pending_path) %>
+</div>

app/views/devise/sessions/new.html.erb

@@ -77,7 +77,11 @@
   <p class="margin-y-1">
     <%= new_tab_link_to(
           t('notices.privacy.security_and_privacy_practices'),
-          MarketingSite.security_and_privacy_practices_url,
+          policy_redirect_url(
+            policy: :security_and_privacy_practices,
+            flow: :sign_in,
+            step: :sign_in,
+          ),
         ) %>
   </p>
 

app/views/idv/agreement/show.html.erb

@@ -35,7 +35,12 @@
   <p class="margin-top-2">
     <%= new_tab_link_to(
           t('doc_auth.instructions.learn_more'),
-          policy_redirect_url(flow: :idv, step: :agreement, location: :consent),
+          policy_redirect_url(
+            policy: :security_and_privacy_practices,
+            flow: :idv,
+            step: :agreement,
+            location: :consent,
+          ),
         ) %>
   </p>
   <div class="margin-top-4">

app/views/idv/phone/new.html.erb

@@ -85,7 +85,6 @@
     <% end %>
   <% end %>
 
-  <h2><%= t('idv.titles.otp_delivery_method') %></h2>
   <p><%= t('idv.messages.otp_delivery_method_description') %></p>
 
   <div class="grid-row grid-gap-2">

app/views/user_mailer/shared/_in_person_ready_to_verify.html.erb

@@ -1,8 +1,8 @@
 <% if @presenter.outage_message_enabled? %>
-<table class="warning-alert margin-y-4">
+<table class="usa-alert usa-alert--warning margin-y-4">
   <tr>
     <td style="width:16px;">
-      <%= image_tag('email/warning.png', width: 16, height: 16, alt: '') %>
+      <%= image_tag('email/warning.png', width: 16, height: 14, alt: '', style: 'margin-top: 5px;') %>
     </td>
     <td>
       <%= render 'shared/outage_alert', date: @presenter.formatted_outage_expected_update_date, email_date: @presenter.formatted_outage_emailed_by_date %>
@@ -35,10 +35,10 @@
 </div>
 
 <%# Alert %>
-<table class="info-alert margin-y-4 radius-lg">
+<table class="usa-alert usa-alert--info margin-y-4">
   <tr>
     <td style="width:16px;">
-      <%= image_tag('email/info.png', width: 16, height: 16, alt: '') %>
+      <%= image_tag('email/info.png', width: 16, height: 16, alt: '', style: 'margin-top: 4px;') %>
     </td>
     <td>
       <p class="margin-bottom-1"><strong><%= t('in_person_proofing.body.barcode.deadline', deadline: @presenter.formatted_due_date) %></strong></p>
@@ -103,7 +103,7 @@
               <p class="margin-bottom-0"><%= t('in_person_proofing.process.real_id_and_supporting_docs.info') %></p>
               <ul class="usa-list margin-top-0">
                 <% t('in_person_proofing.process.eipp_state_id_supporting_docs.info_list').each do |doc| %>
-                  <li><%= doc %></li> 
+                  <li><%= doc %></li>
                 <% end %>
               </ul>
             </td>
@@ -185,7 +185,7 @@
             <p class="margin-bottom-0"><%= t('in_person_proofing.process.eipp_state_id_supporting_docs.info') %></p>
             <ul class="usa-list margin-top-0">
               <% t('in_person_proofing.process.eipp_state_id_supporting_docs.info_list').each do |doc| %>
-                <li><%= doc %></li> 
+                <li><%= doc %></li>
               <% end %>
             </ul>
           </td>
@@ -236,7 +236,7 @@
       </td>
     </tr>
   </table>
-  
+
   <% if !@is_enhanced_ipp %>
     <p class="margin-bottom-0 padding-bottom-4">
       <%= t('in_person_proofing.body.barcode.questions') %>