Deploy RC 452 to Production

Gemfile

@@ -73,7 +73,7 @@ gem 'rqrcode'
 gem 'ruby-progressbar'
 gem 'ruby-saml'
 gem 'safe_target_blank', '>= 1.0.2'
-gem 'saml_idp', github: '18F/saml_idp', tag: '0.23.5-18f'
+gem 'saml_idp', github: '18F/saml_idp', tag: '0.23.6-18f'
 gem 'scrypt'
 gem 'simple_form', '>= 5.0.2'
 gem 'stringex', require: false

Gemfile.lock

@@ -36,14 +36,15 @@ GIT
 
 GIT
   remote: https://github.com/18F/saml_idp.git
-  revision: bdf8e1f93707e413ecbd0f48d803e18812e19f90
-  tag: 0.23.5-18f
+  revision: 32e9be98c30bc5d01b4088500e4d518f724aadc5
+  tag: 0.23.6-18f
   specs:
-    saml_idp (0.23.5.pre.18f)
+    saml_idp (0.23.6.pre.18f)
       activesupport
       builder
       faraday
       nokogiri (>= 1.10.2)
+      ostruct
       pkcs11
 
 GIT

Makefile

@@ -26,6 +26,7 @@ ARTIFACT_DESTINATION_FILE ?= ./tmp/idp.tar.gz
 	lint \
 	lint_analytics_events \
 	lint_analytics_events_sorted \
+	lint_tracker_events \
 	lint_country_dialing_codes \
 	lint_database_schema_files \
 	lint_erb \
@@ -77,6 +78,7 @@ endif
 	@echo "--- analytics_events ---"
 	make lint_analytics_events
 	make lint_analytics_events_sorted
+	make lint_tracker_events
 	@echo "--- brakeman ---"
 	make brakeman
 	# JavaScript
@@ -305,11 +307,14 @@ lint_analytics_events_sorted:
 	@test "$(shell grep '^  def ' app/services/analytics_events.rb)" = "$(shell grep '^  def ' app/services/analytics_events.rb | sort)" \
 		|| (echo '\033[1;31mError: methods in analytics_events.rb are not sorted alphabetically\033[0m' && exit 1)
 
+lint_tracker_events: .yardoc ## Checks that all methods on AnalyticsEvents are documented
+	bundle exec ruby lib/analytics_events_documenter.rb --class-name="AttemptsApi::TrackerEvents" --check --skip-extra-params $<
+
 public/api/_analytics-events.json: .yardoc .yardoc/objects/root.dat
 	mkdir -p public/api
 	bundle exec ruby lib/analytics_events_documenter.rb --class-name="AnalyticsEvents" --json $< > $@
 
-.yardoc .yardoc/objects/root.dat: app/services/analytics_events.rb
+.yardoc .yardoc/objects/root.dat: app/services/analytics_events.rb app/services/attempts_api/tracker_events.rb
 	bundle exec yard doc \
 		--no-progress \
 		--fail-on-warning \

app/controllers/api/attempts/configuration_controller.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Api
+  module Attempts
+    class ConfigurationController < ApplicationController
+      include RenderConditionConcern
+      prepend_before_action :skip_session_load
+      prepend_before_action :skip_session_expiration
+
+      check_or_render_not_found -> { IdentityConfig.store.attempts_api_enabled }
+
+      def index
+        render json: AttemptsConfigurationPresenter.new.configuration
+      end
+    end
+  end
+end

app/controllers/api/attempts/events_controller.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Api
+  module Attempts
+    class EventsController < ApplicationController
+      include RenderConditionConcern
+      check_or_render_not_found -> { IdentityConfig.store.attempts_api_enabled }
+
+      prepend_before_action :skip_session_load
+      prepend_before_action :skip_session_expiration
+
+      def poll
+        head :method_not_allowed
+      end
+
+      def status
+        render json: {
+          status: :disabled,
+          reason: :not_yet_implemented,
+        }
+      end
+    end
+  end
+end

app/controllers/idv/in_person/address_controller.rb

@@ -7,7 +7,6 @@ class AddressController < ApplicationController
       include IdvStepConcern
 
       before_action :confirm_step_allowed
-      before_action :confirm_in_person_address_step_needed, only: :show
       before_action :set_usps_form_presenter
 
       def show
@@ -50,7 +49,9 @@ def self.step_info
           key: :ipp_address,
           controller: self,
           next_steps: [:ipp_ssn],
-          preconditions: ->(idv_session:, user:) { idv_session.ipp_state_id_complete? },
+          preconditions: ->(idv_session:, user:) {
+            idv_session.ipp_state_id_complete?
+          },
           undo_step: ->(idv_session:, user:) do
             idv_session.invalidate_in_person_address_step!
           end,
@@ -96,13 +97,6 @@ def redirect_to_next_page
         end
       end
 
-      def confirm_in_person_address_step_needed
-        return if pii_from_user&.dig(:same_address_as_id) == 'false' &&
-                  !pii_from_user.has_key?(:address1)
-        return if request.referer == idv_in_person_verify_info_url
-        redirect_to idv_in_person_ssn_url
-      end
-
       def set_usps_form_presenter
         @presenter = Idv::InPerson::UspsFormPresenter.new
       end

app/controllers/idv/in_person/ssn_controller.rb

@@ -9,9 +9,8 @@ class SsnController < ApplicationController
       include Steps::ThreatMetrixStepHelper
       include ThreatMetrixConcern
 
+      before_action :confirm_step_allowed
       before_action :confirm_not_rate_limited_after_doc_auth
-      before_action :confirm_in_person_address_step_complete
-      before_action :confirm_repeat_ssn, only: :show
       before_action :override_csp_for_threat_metrix,
                     if: -> { FeatureManagement.proofing_device_profiling_collecting_enabled? }
 
@@ -66,23 +65,17 @@ def self.step_info
           key: :ipp_ssn,
           controller: self,
           next_steps: [:ipp_verify_info],
-          preconditions: ->(idv_session:, user:) { idv_session.ipp_document_capture_complete? },
-          undo_step: ->(idv_session:, user:) { idv_session.ssn = nil },
+          preconditions: ->(idv_session:, user:) {
+            idv_session.ipp_document_capture_complete?
+          },
+          undo_step: ->(idv_session:, user:) {
+            idv_session.invalidate_ssn_step!
+          },
         )
       end
 
       private
 
-      def flow_session
-        user_session.fetch('idv/in_person', {})
-      end
-
-      def confirm_repeat_ssn
-        return if !idv_session.ssn
-        return if request.referer == idv_in_person_verify_info_url
-        redirect_to idv_in_person_verify_info_url
-      end
-
       def next_url
         idv_in_person_verify_info_url
       end
@@ -96,11 +89,6 @@ def analytics_arguments
         }.merge(ab_test_analytics_buckets)
           .merge(**extra_analytics_properties)
       end
-
-      def confirm_in_person_address_step_complete
-        return if flow_session[:pii_from_user] && flow_session[:pii_from_user][:address1].present?
-        redirect_to idv_in_person_address_url
-      end
     end
   end
 end

app/controllers/idv/in_person/verify_info_controller.rb

@@ -10,8 +10,7 @@ class VerifyInfoController < ApplicationController
       include VerifyInfoConcern
 
       before_action :confirm_not_rate_limited_after_doc_auth, except: [:show]
-      before_action :confirm_pii_data_present
-      before_action :confirm_ssn_step_complete
+      before_action :confirm_step_allowed
 
       def show
         @step_indicator_steps = step_indicator_steps
@@ -40,7 +39,8 @@ def self.step_info
           controller: self,
           next_steps: [:phone],
           preconditions: ->(idv_session:, user:) do
-            idv_session.ssn && idv_session.ipp_document_capture_complete?
+            idv_session.ssn && idv_session.ipp_document_capture_complete? &&
+              threatmetrix_session_id_present_or_not_required?(idv_session:)
           end,
           undo_step: ->(idv_session:, user:) do
             idv_session.residential_resolution_vendor = nil
@@ -89,17 +89,6 @@ def analytics_arguments
         }.merge(ab_test_analytics_buckets)
           .merge(**extra_analytics_properties)
       end
-
-      def confirm_ssn_step_complete
-        return if pii.present? && idv_session.ssn.present?
-        redirect_to prev_url
-      end
-
-      def confirm_pii_data_present
-        unless user_session.dig('idv/in_person').present?
-          redirect_to idv_path
-        end
-      end
     end
   end
 end

app/controllers/idv/ssn_controller.rb

@@ -65,7 +65,9 @@ def self.step_info
         controller: self,
         next_steps: [:verify_info],
         preconditions: ->(idv_session:, user:) { idv_session.remote_document_capture_complete? },
-        undo_step: ->(idv_session:, user:) { idv_session.ssn = nil },
+        undo_step: ->(idv_session:, user:) {
+          idv_session.invalidate_ssn_step!
+        },
       )
     end
 

app/controllers/sign_up/completions_controller.rb

@@ -123,6 +123,7 @@ def pii
     end
 
     def send_in_person_completion_survey
+      return unless IdentityConfig.store.in_person_completion_survey_delivery_enabled
       return unless resolved_authn_context_result.identity_proofing?
 
       Idv::InPerson::CompletionSurveySender.send_completion_survey(

app/javascript/packages/document-capture/components/acuant-capture.tsx

@@ -132,6 +132,10 @@ interface AcuantCaptureProps {
    * Prefix to prepend to user action analytics labels.
    */
   name: string;
+  /**
+   * Determine whether the selfie help text shoule be shown.
+   */
+  showSelfieHelp: () => void;
 }
 
 /**
@@ -308,6 +312,7 @@ function AcuantCapture(
     allowUpload = true,
     errorMessage,
     name,
+    showSelfieHelp,
   }: AcuantCaptureProps,
   ref: Ref<HTMLInputElement | null>,
 ) {
@@ -545,6 +550,7 @@ function AcuantCapture(
     });
 
     setImageCaptureText('');
+    showSelfieHelp();
     setIsCapturingEnvironment(false);
   }
 

app/javascript/packages/document-capture/components/document-capture-review-issues.tsx

@@ -83,6 +83,7 @@ function DocumentCaptureReviewIssues({
           selfieValue={value.selfie}
           isReviewStep
           showHelp={false}
+          showSelfieHelp={() => undefined}
         />
       )}
       <FormStepsButton.Submit />

app/javascript/packages/document-capture/components/document-side-acuant-capture.tsx

@@ -23,6 +23,7 @@ interface DocumentSideAcuantCaptureProps {
   onError: OnErrorCallback;
   className?: string;
   isReviewStep: boolean;
+  showSelfieHelp: () => void;
 }
 
 /**
@@ -54,6 +55,7 @@ function DocumentSideAcuantCapture({
   onError,
   className,
   isReviewStep,
+  showSelfieHelp,
 }: DocumentSideAcuantCaptureProps) {
   const error = errors.find(({ field }) => field === side)?.error;
   const { changeStepCanComplete } = useContext(FormStepsContext);
@@ -97,6 +99,7 @@ function DocumentSideAcuantCapture({
       name={side}
       className={className}
       allowUpload={isUploadAllowed}
+      showSelfieHelp={showSelfieHelp}
     />
   );
 }

app/javascript/packages/document-capture/components/documents-step.tsx

@@ -36,6 +36,7 @@ export function DocumentsCaptureStep({
           side={side}
           value={value[side]}
           isReviewStep={isReviewStep}
+          showSelfieHelp={() => undefined}
         />
       ))}
     </>

app/javascript/packages/document-capture/components/selfie-step.tsx

@@ -24,11 +24,13 @@ export function SelfieCaptureStep({
   selfieValue,
   isReviewStep,
   showHelp,
+  showSelfieHelp,
 }: {
   defaultSideProps: DefaultSideProps;
   selfieValue: ImageValue;
   isReviewStep: boolean;
   showHelp: boolean;
+  showSelfieHelp: () => void;
 }) {
   const { t } = useI18n();
 
@@ -55,6 +57,7 @@ export function SelfieCaptureStep({
           side="selfie"
           value={selfieValue}
           isReviewStep={isReviewStep}
+          showSelfieHelp={showSelfieHelp}
         />
       )}
     </>
@@ -74,6 +77,10 @@ export default function SelfieStep({
   const { showHelpInitially } = useContext(SelfieCaptureContext);
   const [showHelp, setShowHelp] = useState(showHelpInitially);
 
+  const showSelfieHelp = () => {
+    setShowHelp(true);
+  };
+
   function TakeSelfieButton() {
     return (
       <div className="margin-y-5 ">
@@ -106,6 +113,7 @@ export default function SelfieStep({
         selfieValue={value.selfie}
         isReviewStep={false}
         showHelp={showHelp}
+        showSelfieHelp={showSelfieHelp}
       />
       {showHelp && <TakeSelfieButton />}
       {!showHelp && isLastStep && <FormStepsButton.Submit />}

app/jobs/reports/sp_idv_weekly_dropoff_report.rb

@@ -55,7 +55,7 @@ def send_report(report_config)
     end
 
     def build_report_maker(issuers:, agency_abbreviation:, time_range:)
-      Reporting::SpProofingEventsByUuid.new(issuers:, agency_abbreviation:, time_range:)
+      Reporting::SpIdvWeeklyDropoffReport.new(issuers:, agency_abbreviation:, time_range:)
     end
   end
 end

app/presenters/attempts_configuration_presenter.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+# https://openid.net/specs/openid-sharedsignals-framework-1_0-ID3.html#name-transmitter-configuration-m
+class AttemptsConfigurationPresenter
+  include Rails.application.routes.url_helpers
+
+  DELIVERY_METHOD_POLL = 'https://schemas.openid.net/secevent/risc/delivery-method/poll'
+
+  def configuration
+    {
+      issuer: root_url,
+      jwks_uri: api_openid_connect_certs_url,
+      delivery_methods_supported: [
+        DELIVERY_METHOD_POLL,
+      ],
+      delivery: [
+        {
+          delivery_method: DELIVERY_METHOD_POLL,
+          url: api_attempts_poll_url,
+        },
+      ],
+      status_endpoint: api_attempts_status_url,
+    }
+  end
+
+  def url_options
+    {}
+  end
+end