Deploy RC 458 to Production

.rubocop.yml

@@ -895,6 +895,10 @@ Rails/EnumSyntax:
 Rails/EnvLocal:
   Enabled: true
 
+# Disabling this can cause confusing errors and disabling it should be avoided
+Rails/Exit:
+  Enabled: true
+
 Rails/ExpandedDateRange:
   Enabled: true
 

app/controllers/concerns/mfa_setup_concern.rb

@@ -98,6 +98,7 @@ def threatmetrix_attrs
       threatmetrix_session_id: user_session[:sign_up_threatmetrix_session_id],
       email: current_user.last_sign_in_email_address.email,
       uuid_prefix: current_sp&.app_id,
+      user_uuid: current_user.uuid,
     }
   end
 

app/controllers/idv/agreement_controller.rb

@@ -40,7 +40,11 @@ def update
 
         if IdentityConfig.store.in_person_proofing_opt_in_enabled &&
            IdentityConfig.store.in_person_proofing_enabled
-          redirect_to idv_how_to_verify_url
+          if params[:skip_hybrid_handoff]
+            redirect_to idv_choose_id_type_url
+          else
+            redirect_to idv_how_to_verify_url
+          end
         else
           redirect_to idv_hybrid_handoff_url
         end
@@ -53,7 +57,7 @@ def self.step_info
       Idv::StepInfo.new(
         key: :agreement,
         controller: self,
-        next_steps: [:hybrid_handoff, :document_capture, :how_to_verify],
+        next_steps: [:hybrid_handoff, :choose_id_type, :document_capture, :how_to_verify],
         preconditions: ->(idv_session:, user:) { idv_session.welcome_visited },
         undo_step: ->(idv_session:, user:) do
           idv_session.idv_consent_given_at = nil

app/controllers/idv/choose_id_type_controller.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module Idv
+  class ChooseIdTypeController < ApplicationController
+    include Idv::AvailabilityConcern
+    include IdvStepConcern
+    include StepIndicatorConcern
+
+    before_action :redirect_if_passport_not_available
+
+    def show
+      analytics.idv_doc_auth_choose_id_type_visited(**analytics_arguments)
+    end
+
+    def update
+      clear_future_steps!
+
+      @choose_id_type_form = Idv::ChooseIdTypeForm.new
+
+      result = @choose_id_type_form.submit(choose_id_type_form_params)
+
+      analytics.idv_doc_auth_choose_id_type_submitted(
+        **analytics_arguments.merge(result.to_h)
+          .merge({ chosen_id_type: }),
+      )
+
+      if result.success?
+        set_passport_requested
+        redirect_to next_step
+      else
+        render :show
+      end
+    end
+
+    def self.step_info
+      Idv::StepInfo.new(
+        key: :choose_id_type,
+        controller: self,
+        next_steps: [:document_capture],
+        preconditions: ->(idv_session:, user:) {
+          idv_session.flow_path == 'standard' &&
+            idv_session.passport_allowed == true
+        },
+        undo_step: ->(idv_session:, user:) do
+          idv_session.passport_requested = nil
+        end,
+      )
+    end
+
+    private
+
+    def redirect_if_passport_not_available
+      redirect_to idv_how_to_verify_url if !idv_session.passport_allowed
+    end
+
+    def chosen_id_type
+      choose_id_type_form_params[:choose_id_type_preference]
+    end
+
+    def set_passport_requested
+      if chosen_id_type == 'passport'
+        idv_session.passport_requested = true
+      else
+        idv_session.passport_requested = false
+      end
+    end
+
+    def next_step
+      idv_document_capture_url
+    end
+
+    def choose_id_type_form_params
+      params.require(:doc_auth).permit(:choose_id_type_preference)
+    end
+
+    def analytics_arguments
+      {
+        step: 'choose_id_type',
+        analytics_id: 'Doc Auth',
+        flow_path: idv_session.flow_path,
+      }
+    end
+  end
+end

app/controllers/idv/hybrid_handoff_controller.rb

@@ -58,7 +58,7 @@ def self.step_info
       Idv::StepInfo.new(
         key: :hybrid_handoff,
         controller: self,
-        next_steps: [:link_sent, :document_capture, :socure_document_capture],
+        next_steps: [:choose_id_type, :link_sent, :document_capture, :socure_document_capture],
         preconditions: ->(idv_session:, user:) {
                          idv_session.idv_consent_given? &&
                            (self.selected_remote(idv_session: idv_session) || # from opt-in screen
@@ -149,7 +149,7 @@ def update_document_capture_session_requested_at(session_uuid)
 
     def bypass_send_link_steps
       idv_session.flow_path = 'standard'
-      redirect_to vendor_document_capture_url
+      redirect_to next_step
 
       analytics.idv_doc_auth_hybrid_handoff_submitted(
         **analytics_arguments.merge(
@@ -158,6 +158,14 @@ def bypass_send_link_steps
       )
     end
 
+    def next_step
+      if idv_session.passport_allowed
+        idv_choose_id_type_url
+      else
+        idv_document_capture_url
+      end
+    end
+
     def extra_view_variables
       { idv_phone_form: build_form }
     end

app/controllers/idv/welcome_controller.rb

@@ -11,6 +11,7 @@ class WelcomeController < ApplicationController
 
     def show
       idv_session.proofing_started_at ||= Time.zone.now.iso8601
+      idv_session.passport_allowed = IdentityConfig.store.doc_auth_passports_enabled
       analytics.idv_doc_auth_welcome_visited(**analytics_arguments)
 
       Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer])

app/forms/idv/choose_id_type_form.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Idv
+  class ChooseIdTypeForm
+    include ActiveModel::Model
+
+    validate :chosen_id_type_valid?
+    attr_reader :chosen_id_type
+
+    def initialize(chosen_id_type = nil)
+      @chosen_id_type = chosen_id_type
+    end
+
+    def submit(params)
+      @chosen_id_type = params[:choose_id_type_preference]
+
+      FormResponse.new(success: chosen_id_type_valid?, errors: errors)
+    end
+
+    def chosen_id_type_valid?
+      valid_types = ['passport', 'drivers_license'] # Will remove once pasport added to id slugs
+      return true if valid_types.include? @chosen_id_type
+      errors.add(
+        :chosen_id_type,
+        :invalid,
+        message: "`choose_id_type` #{@chosen_id_type} is invalid, expected one of #{valid_types}",
+      )
+      false
+    end
+  end
+end

app/forms/reset_password_form.rb

@@ -69,9 +69,7 @@ def mark_profile_as_password_reset
   end
 
   def password_reset_profile
-    FeatureManagement.pending_in_person_password_reset_enabled? ?
-      find_in_progress_in_person_or_active_profile :
-      active_profile
+    find_in_progress_in_person_or_active_profile
   end
 
   def find_in_progress_in_person_or_active_profile
@@ -103,12 +101,8 @@ def extra_analytics_attributes
   end
 
   def pending_profile_invalidated?
-    if FeatureManagement.pending_in_person_password_reset_enabled?
-      pending_profile.present? &&
-        !pending_profile.in_person_verification_pending? &&
-        !pending_profile.fraud_deactivation_reason?
-    else
-      pending_profile.present?
-    end
+    pending_profile.present? &&
+      !pending_profile.in_person_verification_pending? &&
+      !pending_profile.fraud_deactivation_reason?
   end
 end

app/jobs/account_creation_threat_metrix_job.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 class AccountCreationThreatMetrixJob < ApplicationJob
-  # rubocop:disable Lint/UnusedMethodArgument
   def perform(
     user_id: nil,
     threatmetrix_session_id: nil,
@@ -15,12 +14,12 @@ def perform(
       threatmetrix_session_id: threatmetrix_session_id,
       user_email: email,
       uuid_prefix: uuid_prefix,
+      uuid: user_uuid,
     )
   ensure
     user = User.find_by(id: user_id)
     analytics(user).account_creation_tmx_result(**device_profiling_result.to_h)
   end
-  # rubocop:enable Lint/UnusedMethodArgument
 
   def analytics(user)
     Analytics.new(user: user, request: nil, session: {}, sp: nil)

app/jobs/resolution_proofing_job.rb

@@ -25,9 +25,7 @@ def perform(
     service_provider_issuer: nil,
     threatmetrix_session_id: nil,
     request_ip: nil,
-    proofing_components: nil,
-    # DEPRECATED ARGUMENTS
-    should_proof_state_id: false # rubocop:disable Lint/UnusedMethodArgument
+    proofing_components: nil
   )
     timer = JobHelpers::Timer.new
 
@@ -124,6 +122,7 @@ def make_vendor_proofing_requests(
       ipp_enrollment_in_progress: ipp_enrollment_in_progress,
       timer: timer,
       current_sp: current_sp,
+      user_uuid: user.uuid,
     )
 
     log_threatmetrix_info(result.device_profiling_result, user)

app/models/user.rb

@@ -546,19 +546,17 @@ def current_in_progress_in_person_enrollment_profile
   private
 
   def find_password_reset_profile
-    FeatureManagement.pending_in_person_password_reset_enabled? ?
-      find_in_person_in_progress_or_active_profile :
-      find_active_profile
-  end
-
-  def find_active_profile
-    profiles.where.not(activated_at: nil).order(activated_at: :desc).first
+    find_in_person_in_progress_or_active_profile
   end
 
   def find_in_person_in_progress_or_active_profile
     current_in_progress_in_person_enrollment_profile || find_active_profile
   end
 
+  def find_active_profile
+    profiles.where.not(activated_at: nil).order(activated_at: :desc).first
+  end
+
   def lockout_period
     IdentityConfig.store.lockout_period_in_minutes.minutes
   end

app/policies/idv/flow_policy.rb

@@ -18,6 +18,7 @@ class FlowPolicy
         agreement: Idv::AgreementController.step_info,
         how_to_verify: Idv::HowToVerifyController.step_info,
         hybrid_handoff: Idv::HybridHandoffController.step_info,
+        choose_id_type: Idv::ChooseIdTypeController.step_info,
         link_sent: Idv::LinkSentController.step_info,
         document_capture: Idv::DocumentCaptureController.step_info,
         socure_document_capture: Idv::Socure::DocumentCaptureController.step_info,

app/services/account_creation/device_profiling.rb

@@ -6,17 +6,20 @@ class DeviceProfiling
                 :threatmetrix_session_id,
                 :user_email,
                 :device_profile_result,
-                :uuid_prefix
+                :uuid_prefix,
+                :uuid
     def proof(
       request_ip:,
       threatmetrix_session_id:,
       user_email:,
-      uuid_prefix:
+      uuid_prefix:,
+      uuid:
     )
       @request_ip = request_ip
       @threatmetrix_session_id = threatmetrix_session_id
       @user_email = user_email
       @uuid_prefix = uuid_prefix
+      @uuid = uuid
 
       @device_profile_result = device_profile
     end
@@ -31,6 +34,7 @@ def device_profile
         email: user_email,
         request_ip: request_ip,
         uuid_prefix: uuid_prefix,
+        uuid: uuid,
       )
     end
 

app/services/analytics_events.rb

@@ -1306,6 +1306,51 @@ def idv_doc_auth_capture_complete_visited(
     )
   end
 
+  # @param [Boolean] success
+  # @param [String] step Current IdV step
+  # @param [String] analytics_id Current IdV flow identifier
+  # @param ["hybrid","standard"] flow_path Document capture user flow
+  # @param ['drivers_license', 'passport'] chosen_id_type Chosen id type of the user
+  # @param [Hash] error_details
+  def idv_doc_auth_choose_id_type_submitted(
+    success:,
+    step:,
+    analytics_id:,
+    flow_path:,
+    chosen_id_type:,
+    error_details: nil,
+    **extra
+  )
+    track_event(
+      :idv_doc_auth_choose_id_type_submitted,
+      success:,
+      step:,
+      analytics_id:,
+      flow_path:,
+      chosen_id_type:,
+      error_details:,
+      **extra,
+    )
+  end
+
+  # @param [String] step Current IdV step
+  # @param [String] analytics_id Current IdV flow identifier
+  # @param ["hybrid","standard"] flow_path Document capture user flow
+  def idv_doc_auth_choose_id_type_visited(
+    step:,
+    analytics_id:,
+    flow_path:,
+    **extra
+  )
+    track_event(
+      :idv_doc_auth_choose_id_type_visited,
+      step:,
+      analytics_id:,
+      flow_path:,
+      **extra,
+    )
+  end
+
   # User returns from Socure document capture, but is waiting on a result to be fetched
   # @param ["hybrid","standard"] flow_path Document capture user flow
   # @param [String] step Current IdV step