Deploy RC 440 to Production

.rubocop.yml

@@ -7,6 +7,7 @@ require:
   - rubocop-rails
   - rubocop-rspec
   - rubocop-performance
+  - rubocop-capybara
   - ./lib/linters/i18n_helper_html_linter.rb
   - ./lib/linters/analytics_event_name_linter.rb
   - ./lib/linters/localized_validation_message_linter.rb
@@ -43,6 +44,9 @@ Bundler/DuplicatedGem:
 Bundler/InsecureProtocolSource:
   Enabled: true
 
+Capybara/CurrentPathExpectation:
+  Enabled: true
+
 Gemspec/DuplicatedAssignment:
   Enabled: true
 

Gemfile

@@ -122,6 +122,7 @@ group :development, :test do
   gem 'rubocop-performance', '~> 1.23.0', require: false
   gem 'rubocop-rails', '~> 2.27.0', require: false
   gem 'rubocop-rspec', '~> 3.2.0', require: false
+  gem 'rubocop-capybara', require: false
   gem 'sqlite3', require: false
 end
 

Gemfile.lock

@@ -471,7 +471,7 @@ GEM
     orm_adapter (0.5.0)
     ostruct (0.6.1)
     parallel (1.26.3)
-    parser (3.3.4.2)
+    parser (3.3.6.0)
       ast (~> 2.4.1)
       racc
     pg (1.5.9)
@@ -635,6 +635,8 @@ GEM
       unicode-display_width (>= 2.4.0, < 4.0)
     rubocop-ast (1.36.2)
       parser (>= 3.3.1.0)
+    rubocop-capybara (2.21.0)
+      rubocop (~> 1.41)
     rubocop-performance (1.23.0)
       rubocop (>= 1.48.1, < 2.0)
       rubocop-ast (>= 1.31.1, < 2.0)
@@ -853,6 +855,7 @@ DEPENDENCIES
   rspec-retry
   rspec_junit_formatter
   rubocop (~> 1.69.1)
+  rubocop-capybara
   rubocop-performance (~> 1.23.0)
   rubocop-rails (~> 2.27.0)
   rubocop-rspec (~> 3.2.0)

Makefile

@@ -68,9 +68,9 @@ lint: ## Runs all lint tests
 	@echo "--- rubocop ---"
 	mkdir -p tmp
 ifdef JUNIT_OUTPUT
-	bundle exec rubocop --parallel --format progress --format junit --out rubocop.xml --display-only-failed --color 2> tmp/rubocop.txt
+	bundle exec rubocop --parallel --format progress --format junit --out rubocop.xml --display-only-failed --color 2> tmp/rubocop.txt || (cat tmp/rubocop.txt; exit 1)
 else
-	bundle exec rubocop --parallel --color 2> tmp/rubocop.txt
+	bundle exec rubocop --parallel --color 2> tmp/rubocop.txt || (cat tmp/rubocop.txt; exit 1)
 endif
 	awk 'NF {exit 1}' tmp/rubocop.txt || (printf "Error: Unexpected stderr output from Rubocop\n"; cat tmp/rubocop.txt; exit 1)
 	@echo "--- analytics_events ---"

app/assets/stylesheets/components/_header.scss

@@ -10,3 +10,10 @@
     @include u-height(9);
   }
 }
+
+/*
+  Workaround for https://github.com/uswds/uswds/issues/6260
+ */
+.usa-skipnav {
+  top: -5rem;
+}

app/controllers/accounts/connected_accounts/selected_email_controller.rb

@@ -14,6 +14,7 @@ def edit
         @select_email_form = build_select_email_form
         @can_add_email = EmailPolicy.new(current_user).can_add_email?
         analytics.sp_select_email_visited
+        @email_id = @identity.email_address_id || last_email
       end
 
       def update
@@ -50,6 +51,10 @@ def identity
         return @identity if defined?(@identity)
         @identity = current_user.identities.find_by(id: params[:identity_id])
       end
+
+      def last_email
+        EmailContext.new(current_user).last_sign_in_email_address.id
+      end
     end
   end
 end

app/controllers/concerns/idv/document_capture_concern.rb

@@ -24,21 +24,16 @@ def successful_response
     # copied from Flow::Failure module
     def failure(message = nil, extra = nil)
       form_response_params = { success: false }
-      form_response_params[:errors] = make_error_hash(message)
+      form_response_params[:errors] = error_hash(message)
       form_response_params[:extra] = extra unless extra.nil?
       FormResponse.new(**form_response_params)
     end
 
-    def make_error_hash(message)
-      Rails.logger.info("make_error_hash: stored_result: #{stored_result.inspect}")
-
-      error_hash = { message: message || I18n.t('doc_auth.errors.general.network_error') }
-
-      if stored_result&.errors&.has_key?(:socure)
-        error_hash[:socure] = stored_result.errors[:socure]
-      end
-
-      error_hash
+    def error_hash(message)
+      {
+        message: message || I18n.t('doc_auth.errors.general.network_error'),
+        socure: stored_result&.errors&.dig(:socure),
+      }
     end
 
     def extract_pii_from_doc(user, store_in_session: false)

app/controllers/concerns/idv/step_indicator_concern.rb

@@ -20,13 +20,21 @@ module StepIndicatorConcern
       { name: :secure_account },
     ].freeze
 
+    STEP_INDICATOR_STEPS_IPP = [
+      { name: :find_a_post_office },
+      { name: :verify_info },
+      { name: :verify_phone },
+      { name: :re_enter_password },
+      { name: :go_to_the_post_office },
+    ].freeze
+
     included do
       helper_method :step_indicator_steps
     end
 
     def step_indicator_steps
       if in_person_proofing?
-        Idv::Flows::InPersonFlow::STEP_INDICATOR_STEPS
+        Idv::StepIndicatorConcern::STEP_INDICATOR_STEPS_IPP
       elsif gpo_address_verification?
         Idv::StepIndicatorConcern::STEP_INDICATOR_STEPS_GPO
       else

app/controllers/idv/by_mail/request_letter_controller.rb

@@ -59,11 +59,7 @@ def confirm_letter_sends_allowed
       end
 
       def step_indicator_steps
-        if in_person_proofing?
-          Idv::Flows::InPersonFlow::STEP_INDICATOR_STEPS_GPO
-        else
-          StepIndicatorConcern::STEP_INDICATOR_STEPS_GPO
-        end
+        StepIndicatorConcern::STEP_INDICATOR_STEPS_GPO
       end
     end
   end

app/controllers/idv/by_mail/resend_letter_controller.rb

@@ -83,11 +83,7 @@ def pii_locked?
       end
 
       def step_indicator_steps
-        if in_person_proofing?
-          Idv::Flows::InPersonFlow::STEP_INDICATOR_STEPS_GPO
-        else
-          StepIndicatorConcern::STEP_INDICATOR_STEPS_GPO
-        end
+        StepIndicatorConcern::STEP_INDICATOR_STEPS_GPO
       end
     end
   end

app/controllers/sign_up/select_email_controller.rb

@@ -7,7 +7,6 @@ class SelectEmailController < ApplicationController
     check_or_render_not_found -> { IdentityConfig.store.feature_select_email_to_share_enabled }
     before_action :confirm_two_factor_authenticated
     before_action :verify_needs_completions_screen
-    before_action :verify_multiple_emails
 
     def show
       @sp_name = current_sp.friendly_name || sp.agency&.name
@@ -56,10 +55,6 @@ def last_email
       end
     end
 
-    def verify_multiple_emails
-      redirect_to sign_up_completed_path if user_emails.count < 2
-    end
-
     def verify_needs_completions_screen
       redirect_to account_url unless needs_completion_screen_reason
     end

app/controllers/socure_webhook_controller.rb

@@ -11,6 +11,7 @@ class SocureWebhookController < ApplicationController
   def create
     begin
       log_webhook_receipt
+      repeat_webhook
       process_webhook_event
     rescue StandardError => e
       NewRelic::Agent.notice_error(e)
@@ -134,4 +135,20 @@ def user
   def docv_transaction_token
     @docv_transaction_token ||= event[:docvTransactionToken] || event[:docVTransactionToken]
   end
+
+  def repeat_webhook
+    endpoints = IdentityConfig.store.socure_docv_webhook_repeat_endpoints
+    return if endpoints.blank?
+
+    headers = {
+      Authorization: request.headers['Authorization'],
+      'Content-Type': request.headers['Content-Type'],
+    }
+
+    body = socure_params.to_h
+
+    endpoints.each do |endpoint|
+      SocureDocvRepeatWebhookJob.perform_later(body:, headers:, endpoint:)
+    end
+  end
 end

app/controllers/test/ipp_controller.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module Test
+  class IppController < ApplicationController
+    layout 'no_card'
+
+    before_action :render_not_found_in_production
+
+    def index
+      @enrollments = InPersonEnrollment
+        .order(created_at: :desc)
+        .limit(10)
+
+      @enrollments_with_actions = @enrollments.map do |e|
+        case e.status
+        when 'pending' then [e, :approve]
+        else [e]
+        end
+      end
+    end
+
+    def update
+      enrollment_id = params['enrollment'].to_i
+      enrollment = InPersonEnrollment.find(enrollment_id)
+
+      if enrollment.present?
+        approve_enrollment(enrollment)
+      end
+
+      redirect_to test_ipp_url
+    end
+
+    private
+
+    def approve_enrollment(enrollment)
+      return if !enrollment.pending?
+
+      res = JSON.parse(
+        UspsInPersonProofing::Mock::Fixtures.request_passed_proofing_results_response,
+      )
+
+      job = GetUspsProofingResultsJob.new
+      job.instance_variable_set(
+        :@enrollment_outcomes,
+        { enrollments_passed: 0,
+          enrollments_failed: 0,
+          enrollments_errored: 0,
+          enrollments_expired: 0,
+          enrollments_checked: 0 },
+      )
+
+      job.send(:process_enrollment_response, enrollment, res)
+    end
+
+    def render_not_found_in_production
+      return unless Rails.env.production?
+      render_not_found
+    end
+  end
+end

app/forms/select_email_form.rb

@@ -7,6 +7,9 @@ class SelectEmailForm
   attr_reader :user, :identity, :selected_email_id
 
   validate :validate_owns_selected_email
+  validates :selected_email_id, presence: {
+    message: proc { I18n.t('simple_form.required.text') },
+  }
 
   def initialize(user:, identity: nil)
     @user = user

app/javascript/packages/analytics/digital-analytics-program.spec.ts

@@ -4,12 +4,7 @@ import { pathToFileURL } from 'node:url';
 
 describe('digital analytics program', () => {
   it('parses without syntax error', async () => {
-    // Future: Replace with Promise.withResolvers once supported
-    // See: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/withResolvers
-    let resolve;
-    const promise = new Promise((_resolve) => {
-      resolve = _resolve;
-    });
+    const { promise, resolve } = Promise.withResolvers<void>();
 
     // Reference: https://github.com/nodejs/node/issues/30682
     const toDataURL = (source: string) =>

app/javascript/packs/document-capture.tsx

@@ -178,7 +178,7 @@ render(
                       isSelfieCaptureEnabled: getSelfieCaptureEnabled(),
                       isSelfieDesktopTestMode: String(docAuthSelfieDesktopTestMode) === 'true',
                       showHelpInitially: true,
-                      immediatelyBeginCapture: true,
+                      immediatelyBeginCapture: false,
                     }}
                   >
                     <FailedCaptureAttemptsContextProvider

app/jobs/socure_docv_repeat_webhook_job.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class SocureDocvRepeatWebhookJob < ApplicationJob
+  queue_as :high_socure_docv
+
+  def perform(body:, headers:, endpoint:)
+    wr = DocAuth::Socure::WebhookRepeater.new(body:, headers:, endpoint:)
+    wr.repeat
+  end
+end

app/mailers/user_mailer.rb

@@ -248,6 +248,20 @@ def account_verified(profile:)
     end
   end
 
+  def idv_please_call(**)
+    with_user_locale(user) do
+      @hide_title = true
+
+      mail(
+        to: email_address.email,
+        subject: t('user_mailer.idv_please_call.subject', app_name: APP_NAME),
+        template_name: 'idv_please_call',
+      )
+    end
+  end
+
+  alias_method :in_person_please_call, :idv_please_call
+
   def in_person_completion_survey
     with_user_locale(user) do
       @header = t('user_mailer.in_person_completion_survey.header')
@@ -373,21 +387,6 @@ def in_person_failed_fraud(enrollment:, visited_location_name: nil)
     end
   end
 
-  def in_person_please_call(enrollment:, visited_location_name: nil)
-    with_user_locale(user) do
-      @presenter = Idv::InPerson::VerificationResultsEmailPresenter.new(
-        enrollment: enrollment,
-        url_options: url_options,
-        visited_location_name: visited_location_name,
-      )
-      @hide_title = true
-      mail(
-        to: email_address.email,
-        subject: t('user_mailer.in_person_please_call.subject', app_name: APP_NAME),
-      )
-    end
-  end
-
   def account_rejected
     with_user_locale(user) do
       mail(

app/presenters/socure_error_presenter.rb

@@ -151,16 +151,19 @@ def heading_string_for(error_code)
 
   def error_string_for(error_code)
     if error_code == :network
-      t('doc_auth.errors.general.new_network_error')
-    elsif remapped_error(error_code) == 'underage' # special handling because it says 'Login.gov'
+      return t('doc_auth.errors.general.new_network_error')
+    end
+
+    remapped_error_code = remapped_error(error_code)
+    if remapped_error_code == 'underage' # special handling because it says 'Login.gov'
       I18n.t('doc_auth.errors.underage', app_name: APP_NAME)
     else
       # i18n-tasks-use t('doc_auth.errors.unreadable_id')
       # i18n-tasks-use t('doc_auth.errors.unaccepted_id_type')
       # i18n-tasks-use t('doc_auth.errors.expired_id')
       # i18n-tasks-use t('doc_auth.errors.low_resolution')
       # i18n-tasks-use t('doc_auth.errors.id_not_found')
-      I18n.t("doc_auth.errors.#{remapped_error(error_code)}")
+      I18n.t("doc_auth.errors.#{remapped_error_code}")
     end
   end
 end

app/services/doc_auth/socure/responses/docv_result_response.rb

@@ -38,7 +38,6 @@ class DocvResultResponse < DocAuth::Response
         def initialize(http_response:,
                        biometric_comparison_required: false)
           @http_response = http_response
-
           @biometric_comparison_required = biometric_comparison_required
           @pii_from_doc = read_pii