Deploy RC 454 to Production

Gemfile.lock

@@ -478,7 +478,7 @@ GEM
     pg (1.5.9)
     pg_query (5.1.0)
       google-protobuf (>= 3.22.3)
-    phonelib (0.10.4)
+    phonelib (0.10.5)
     pkcs11 (0.3.4)
     premailer (1.27.0)
       addressable

app/components/password_strength_component.html.erb

@@ -12,7 +12,9 @@
     <div class="password-strength__meter-bar"></div>
     <div class="password-strength__meter-bar"></div>
   </div>
-  <%= t('instructions.password.strength.intro') %>
-  <span class="password-strength__strength"></span>
-  <div class="password-strength__feedback"></div>
+  <div id="password-strength">
+    <%= t('instructions.password.strength.intro') %>
+    <span class="password-strength__strength"></span>
+    <div class="password-strength__feedback"></div>
+  </div>
 <% end %>

app/controllers/concerns/idv/doc_auth_vendor_concern.rb

@@ -6,18 +6,23 @@ module DocAuthVendorConcern
 
     # @returns[String] String identifying the vendor to use for doc auth.
     def doc_auth_vendor
-      if resolved_authn_context_result.facial_match? || socure_user_set.maxed_users?
-        bucket = choose_non_socure_bucket
-      else
-        bucket = ab_test_bucket(:DOC_AUTH_VENDOR)
-      end
+      document_capture_session.doc_auth_vendor || begin
+        if resolved_authn_context_result.facial_match? || socure_user_set.maxed_users?
+          bucket = choose_non_socure_bucket
+        else
+          bucket = ab_test_bucket(:DOC_AUTH_VENDOR)
+        end
 
-      if bucket == :socure
-        if !add_user_to_socure_set
-          bucket = choose_non_socure_bucket # force to lexis_nexis if max user reached
+        if bucket == :socure
+          if !add_user_to_socure_set
+            bucket = choose_non_socure_bucket # force to lexis_nexis if max user reached
+          end
         end
+
+        doc_auth_vendor_for_bucket = DocAuthRouter.doc_auth_vendor_for_bucket(bucket)
+        document_capture_session.update!(doc_auth_vendor: doc_auth_vendor_for_bucket)
+        doc_auth_vendor_for_bucket
       end
-      DocAuthRouter.doc_auth_vendor_for_bucket(bucket)
     end
 
     def doc_auth_vendor_enabled?(vendor)

app/controllers/concerns/idv_step_concern.rb

@@ -9,6 +9,7 @@ module IdvStepConcern
   include FraudReviewConcern
   include Idv::AbTestAnalyticsConcern
   include Idv::VerifyByMailConcern
+  include Idv::DocAuthVendorConcern
 
   included do
     before_action :confirm_two_factor_authenticated
@@ -71,7 +72,15 @@ def confirm_hybrid_handoff_needed
     # available when the user tries to redo document capture.
     if idv_session.skip_hybrid_handoff? || !FeatureManagement.idv_allow_hybrid_flow?
       idv_session.flow_path = 'standard'
-      redirect_to idv_document_capture_url
+      redirect_to vendor_document_capture_url
+    end
+  end
+
+  def vendor_document_capture_url
+    if doc_auth_vendor == Idp::Constants::Vendors::SOCURE
+      idv_socure_document_capture_url
+    else
+      idv_document_capture_url
     end
   end
 

app/controllers/idv/document_capture_controller.rb

@@ -40,7 +40,7 @@ def update
       if result.success?
         redirect_to idv_ssn_url
       else
-        redirect_to idv_document_capture_url
+        redirect_to vendor_document_capture_url
       end
     end
 

app/controllers/idv/how_to_verify_controller.rb

@@ -98,5 +98,12 @@ def set_how_to_verify_presenter
     def mobile_required?
       idv_session.selfie_check_required || doc_auth_vendor == Idp::Constants::Vendors::SOCURE
     end
+
+    def document_capture_session
+      return @document_capture_session if defined?(@document_capture_session)
+      @document_capture_session = DocumentCaptureSession.find_by(
+        uuid: idv_session.document_capture_session_uuid,
+      )
+    end
   end
 end

app/controllers/idv/hybrid_handoff_controller.rb

@@ -149,7 +149,7 @@ def update_document_capture_session_requested_at(session_uuid)
 
     def bypass_send_link_steps
       idv_session.flow_path = 'standard'
-      redirect_to idv_document_capture_url
+      redirect_to vendor_document_capture_url
 
       analytics.idv_doc_auth_hybrid_handoff_submitted(
         **analytics_arguments.merge(

app/controllers/idv/hybrid_mobile/entry_controller.rb

@@ -45,12 +45,6 @@ def update_sp_session
       end
 
       def validate_document_capture_session_id
-        if document_capture_session_uuid.blank?
-          # If we've already gotten a document capture user id previously, just continue
-          # processing and (eventually) redirect the user where they're supposed to be.
-          return true if document_capture_user_id
-        end
-
         result = Idv::DocumentCaptureSessionForm.new(document_capture_session_uuid).submit
 
         if result.success?

app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb

@@ -23,6 +23,7 @@ def show
             redirect_to idv_hybrid_mobile_capture_complete_url
           end
 
+          analytics.idv_doc_auth_document_capture_visited(**analytics_arguments)
           session[:socure_docv_wait_polling_started_at] = nil
 
           Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer])

app/controllers/idv/image_uploads_controller.rb

@@ -2,8 +2,6 @@
 
 module Idv
   class ImageUploadsController < ApplicationController
-    include DocAuthVendorConcern
-
     respond_to :json
 
     def create
@@ -22,7 +20,6 @@ def create
     def image_upload_form
       @image_upload_form ||= Idv::ApiImageUploadForm.new(
         params,
-        doc_auth_vendor:,
         acuant_sdk_upgrade_ab_test_bucket: ab_test_bucket(:ACUANT_SDK),
         service_provider: current_sp,
         analytics: analytics,

app/controllers/idv/socure/document_capture_controller.rb

@@ -22,6 +22,7 @@ class DocumentCaptureController < ApplicationController
       before_action :fetch_test_verification_data, only: [:update]
 
       def show
+        analytics.idv_doc_auth_document_capture_visited(**analytics_arguments)
         idv_session.socure_docv_wait_polling_started_at = nil
 
         Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer])

app/forms/idv/api_image_upload_form.rb

@@ -17,15 +17,13 @@ class ApiImageUploadForm
     def initialize(
       params,
       service_provider:,
-      doc_auth_vendor:,
       acuant_sdk_upgrade_ab_test_bucket:,
       analytics: nil,
       uuid_prefix: nil,
       liveness_checking_required: false
     )
       @params = params
       @service_provider = service_provider
-      @doc_auth_vendor = doc_auth_vendor
       @acuant_sdk_upgrade_ab_test_bucket = acuant_sdk_upgrade_ab_test_bucket
       @analytics = analytics
       @readable = {}
@@ -328,7 +326,7 @@ def document_capture_session_uuid
 
     def doc_auth_client
       @doc_auth_client ||= DocAuthRouter.client(
-        vendor: @doc_auth_vendor,
+        vendor: document_capture_session.doc_auth_vendor,
         warn_notifier: proc do |attrs|
           analytics&.doc_auth_warning(
             **attrs,

app/javascript/packages/password-strength/password-strength-element.spec.ts

@@ -82,6 +82,18 @@ describe('PasswordStrengthElement', () => {
     expect(input.validity.valid).to.be.false();
   });
 
+  it('updates the password aria-describedby attribute', async () => {
+    createElement();
+
+    const input: HTMLInputElement = screen.getByRole('textbox');
+
+    await userEvent.type(input, 'password');
+    expect(input.getAttribute('aria-describedby')).to.equal('password-strength ');
+
+    await userEvent.clear(input);
+    expect(input.getAttribute('aria-describedby')).to.equal('');
+  });
+
   it('shows concatenated suggestions from zxcvbn if there is no specific warning', async () => {
     createElement();
 

app/javascript/packages/password-strength/password-strength-element.ts

@@ -154,17 +154,29 @@ class PasswordStrengthElement extends HTMLElement {
    */
   #handleValueChange() {
     const hasValue = !!this.input.value;
+    const inputDescribedBy = this.input.getAttribute('aria-describedby');
     this.classList.toggle('display-none', !hasValue);
     this.removeAttribute('score');
     if (hasValue) {
       const result = zxcvbn(this.input.value, this.forbiddenPasswords);
       const score = this.#getNormalizedScore(result);
       this.setAttribute('score', String(score));
+      if (!inputDescribedBy?.includes('password-strength')) {
+        this.input.setAttribute(
+          'aria-describedby',
+          ['password-strength', inputDescribedBy].join(' '),
+        );
+      }
       this.input.setCustomValidity(
         this.#isValid(result) ? '' : t('errors.messages.stronger_password'),
       );
       this.strength.textContent = this.#getStrengthLabel(score);
       this.feedback.textContent = this.#getNormalizedFeedback(result);
+    } else if (inputDescribedBy) {
+      this.input.setAttribute(
+        'aria-describedby',
+        inputDescribedBy.replace(/\s*password-strength\s*/, ''),
+      );
     }
   }
 }

app/jobs/reports/ab_tests_report.rb

@@ -8,7 +8,7 @@ class AbTestsReport < BaseReport
 
     def initialize(report_date = nil, *args, **kwargs)
       @report_date = report_date
-      super(*args, **kwargs)
+      super(report_date, *args, **kwargs)
     end
 
     # @param [DateTime]

app/presenters/update_password_presenter.rb

@@ -15,15 +15,6 @@ def forbidden_passwords
     end.uniq
   end
 
-  def aria_described_by_if_eligible
-    return {} if required_password_change?
-    {
-      input_html: {
-        aria: { describedby: 'password-description' },
-      },
-    }
-  end
-
   def submit_text
     if required_password_change?
       I18n.t('forms.passwords.edit.buttons.submit')

app/views/accounts/_connected_app.html.erb

@@ -17,6 +17,7 @@
               'account.connected_apps.associated_attributes_html',
               timestamp_html: render(TimeComponent.new(time: identity.created_at)),
             ) %>
+      <br>
       <strong>
         <%= identity.email_address&.email || t('account.connected_apps.email_not_selected') %>
       </strong>

app/views/users/passwords/edit.html.erb

@@ -22,7 +22,9 @@
         form: f,
         password_label: t('forms.passwords.edit.labels.password'),
         forbidden_passwords: @update_password_presenter.forbidden_passwords,
-        field_options: @update_password_presenter.aria_described_by_if_eligible,
+        field_options: {
+          input_html: { aria: { describedby: 'password-description' } },
+        },
       ) %>
   <%= f.submit @update_password_presenter.submit_text, class: 'display-block margin-top-5 margin-bottom-4' %>
 <% end %>

config/application.yml.default

@@ -163,8 +163,8 @@ identity_pki_local_dev: false
 idv_account_verified_email_campaign_id: '20241028'
 idv_acuant_sdk_upgrade_a_b_testing_enabled: false
 idv_acuant_sdk_upgrade_a_b_testing_percent: 50
-idv_acuant_sdk_version_alternate: '11.9.2'
-idv_acuant_sdk_version_default: '11.9.3'
+idv_acuant_sdk_version_alternate: '11.9.3'
+idv_acuant_sdk_version_default: '11.9.3.508'
 idv_attempt_window_in_hours: 6
 idv_available: true
 idv_contact_phone_number: (844) 555-5555

db/primary_migrate/20250219164618_add_doc_auth_vendor_to_document_capture_sessions_w_comment.rb

@@ -0,0 +1,9 @@
+class AddDocAuthVendorToDocumentCaptureSessionsWComment < ActiveRecord::Migration[7.2]
+  def up
+    add_column :document_capture_sessions, :doc_auth_vendor, :string, comment: 'sensitive=false'
+  end
+
+  def down
+    remove_column :document_capture_sessions, :doc_auth_vendor
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[8.0].define(version: 2025_02_07_144037) do
+ActiveRecord::Schema[8.0].define(version: 2025_02_19_164618) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "citext"
   enable_extension "pg_catalog.plpgsql"
@@ -200,6 +200,7 @@
     t.string "last_doc_auth_result", comment: "sensitive=false"
     t.string "socure_docv_transaction_token", comment: "sensitive=false"
     t.string "socure_docv_capture_app_url", comment: "sensitive=false"
+    t.string "doc_auth_vendor", comment: "sensitive=false"
     t.index ["result_id"], name: "index_document_capture_sessions_on_result_id"
     t.index ["socure_docv_transaction_token"], name: "index_socure_docv_transaction_token", unique: true
     t.index ["user_id"], name: "index_document_capture_sessions_on_user_id"