Deploy RC 482 to Production

app/controllers/concerns/idv/document_capture_concern.rb

@@ -111,6 +111,7 @@ def track_document_request_event(document_request:, document_response:, timer:)
         vendor: 'Socure',
         vendor_request_time_in_ms: timer.results['vendor_request'],
         success: @url.present?,
+        customer_user_id: document_request_body[:customerUserId],
         document_type: document_request_body[:documentType],
         use_case_key: document_request_body[:useCaseKey],
         docv_transaction_token: response_hash.dig(:data, :docvTransactionToken),

app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb

@@ -36,6 +36,7 @@ def show
 
           # document request
           document_request = DocAuth::Socure::Requests::DocumentRequest.new(
+            customer_user_id: document_capture_user&.uuid,
             redirect_url: idv_hybrid_mobile_socure_document_capture_update_url,
             language: I18n.locale,
             liveness_checking_required: resolved_authn_context_result.facial_match?,

app/controllers/idv/in_person/ssn_controller.rb

@@ -39,16 +39,22 @@ def show
       def update
         clear_future_steps!
         ssn_form = Idv::SsnFormatForm.new(idv_session.ssn)
-        form_response = ssn_form.submit(params.require(:doc_auth).permit(:ssn))
+        form_response = ssn_form.submit(ssn: ssn_params[:ssn])
         @ssn_presenter = Idv::SsnPresenter.new(
           sp_name: decorated_sp_session.sp_name,
           ssn_form: ssn_form,
           step_indicator_steps: step_indicator_steps,
         )
 
+        attempts_api_tracker.idv_ssn_submitted(
+          success: form_response.success?,
+          social_security: ssn_params[:ssn],
+          failure_reason: attempts_api_tracker.parse_failure_reason(form_response),
+        )
+
         if form_response.success?
           idv_session.previous_ssn = idv_session.ssn
-          idv_session.ssn = SsnFormatter.normalize(params[:doc_auth][:ssn])
+          idv_session.ssn = SsnFormatter.normalize(ssn_params[:ssn])
           redirect_to next_url
         else
           flash[:error] = form_response.first_error_message
@@ -89,6 +95,10 @@ def analytics_arguments
         }.merge(ab_test_analytics_buckets)
           .merge(**extra_analytics_properties)
       end
+
+      def ssn_params
+        params.require(:doc_auth).permit(:ssn)
+      end
     end
   end
 end

app/controllers/idv/in_person/verify_info_controller.rb

@@ -13,9 +13,9 @@ class VerifyInfoController < ApplicationController
       before_action :confirm_step_allowed
 
       def show
-        @step_indicator_steps = step_indicator_steps
-        @ssn = idv_session.ssn
         @pii = pii
+        @ssn = pii[:ssn]
+        @presenter = Idv::InPerson::VerifyInfoPresenter.new(enrollment: enrollment)
 
         Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer])
           .call('verify', :view, true) # specify in_person?
@@ -76,6 +76,10 @@ def pii
         )
       end
 
+      def enrollment
+        current_user.establishing_in_person_enrollment
+      end
+
       # override IdvSessionConcern
       def flow_session
         user_session.fetch('idv/in_person', {})

app/controllers/idv/socure/document_capture_controller.rb

@@ -35,6 +35,7 @@ def show
 
         # document request
         document_request = DocAuth::Socure::Requests::DocumentRequest.new(
+          customer_user_id: current_user.uuid,
           redirect_url: idv_socure_document_capture_update_url,
           language: I18n.locale,
           liveness_checking_required: resolved_authn_context_result.facial_match?,

app/controllers/idv/ssn_controller.rb

@@ -38,16 +38,23 @@ def show
     def update
       clear_future_steps!
       ssn_form = Idv::SsnFormatForm.new(idv_session.ssn)
-      form_response = ssn_form.submit(params.require(:doc_auth).permit(:ssn))
+      form_response = ssn_form.submit(ssn: ssn_params[:ssn])
+
       @ssn_presenter = Idv::SsnPresenter.new(
         sp_name: decorated_sp_session.sp_name,
         ssn_form: ssn_form,
         step_indicator_steps: step_indicator_steps,
       )
 
+      attempts_api_tracker.idv_ssn_submitted(
+        success: form_response.success?,
+        social_security: ssn_params[:ssn],
+        failure_reason: attempts_api_tracker.parse_failure_reason(form_response),
+      )
+
       if form_response.success?
         idv_session.previous_ssn = idv_session.ssn
-        idv_session.ssn = SsnFormatter.normalize(params[:doc_auth][:ssn])
+        idv_session.ssn = SsnFormatter.normalize(ssn_params[:ssn])
         redirect_to next_url
       else
         flash[:error] = form_response.first_error_message
@@ -91,5 +98,9 @@ def analytics_arguments
         previous_ssn_edit_distance: previous_ssn_edit_distance,
       }.merge(ab_test_analytics_buckets)
     end
+
+    def ssn_params
+      params.require(:doc_auth).permit(:ssn)
+    end
   end
 end

app/forms/idv/ssn_format_form.rb

@@ -5,8 +5,6 @@ class SsnFormatForm
     include ActiveModel::Model
     include FormSsnFormatValidator
 
-    ATTRIBUTES = [:ssn].freeze
-
     attr_accessor :ssn
 
     def self.model_name
@@ -18,12 +16,12 @@ def initialize(incoming_ssn)
       @updating_ssn = ssn.present?
     end
 
-    def submit(params)
-      consume_params(params)
+    def submit(ssn:)
+      @ssn = ssn
 
       FormResponse.new(
         success: valid?,
-        errors: errors,
+        errors:,
         extra: {
           pii_like_keypaths: [
             [:same_address_as_id],
@@ -37,18 +35,5 @@ def submit(params)
     def updating_ssn?
       @updating_ssn
     end
-
-    private
-
-    def consume_params(params)
-      params.each do |key, value|
-        raise_invalid_ssn_parameter_error(key) unless ATTRIBUTES.include?(key.to_sym)
-        send(:"#{key}=", value)
-      end
-    end
-
-    def raise_invalid_ssn_parameter_error(key)
-      raise ArgumentError, "#{key} is an invalid ssn attribute"
-    end
   end
 end

app/jobs/expire_account_reset_requests_job.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+class ExpireAccountResetRequestsJob < ApplicationJob
+  queue_as :long_running
+
+  def perform(now)
+    resets = 0
+    expired_days = (
+      IdentityConfig.store.account_reset_wait_period_days +
+      IdentityConfig.store.account_reset_token_valid_for_days
+    ).days
+    AccountResetRequest.where(
+      sql_query_for_users_with_expired_requests,
+      tvalue: now + expired_days,
+    ).order('requested_at ASC').limit(1_000).each do |arr|
+      resets += 1 if expire_request(arr)
+    end
+
+    analytics.account_reset_request_expired(count: resets)
+
+    resets
+  end
+
+  private
+
+  def analytics
+    @analytics ||= Analytics.new(
+      user: AnonymousUser.new,
+      request: nil,
+      sp: nil,
+      session: {},
+    )
+  end
+
+  def sql_query_for_users_with_expired_requests
+    <<~SQL
+      request_token IS NOT NULL AND
+      cancelled_at IS NULL AND
+      granted_at < :tvalue
+    SQL
+  end
+
+  def expire_request(arr)
+    arr.update!(
+      cancelled_at: Time.zone.now,
+      request_token: nil,
+      granted_token: nil,
+    )
+  end
+end

app/jobs/reports/irs_verification_report.rb

@@ -72,7 +72,6 @@ def irs_verification_report
       @irs_verification_report ||= Reporting::IrsVerificationReport.new(
         time_range: previous_week_range,
         issuers: IdentityConfig.store.irs_verification_report_issuers || [],
-        # issuers: ['urn:gov:gsa:openidconnect.profiles:sp:sso:irs:sample'], # Make dynamic
       )
     end
 

app/jobs/resolution_proofing_job.rb

@@ -114,7 +114,7 @@ def make_vendor_proofing_requests(
     ipp_enrollment_in_progress:,
     current_sp:
   )
-    result = progressive_proofer.proof(
+    result = progressive_proofer(user:).proof(
       applicant_pii: applicant_pii,
       user_email: user_email_for_proofing(user),
       threatmetrix_session_id: threatmetrix_session_id,
@@ -154,8 +154,8 @@ def logger_info_hash(hash)
     logger.info(hash.to_json)
   end
 
-  def progressive_proofer
-    @progressive_proofer ||= Proofing::Resolution::ProgressiveProofer.new
+  def progressive_proofer(user:)
+    @progressive_proofer ||= Proofing::Resolution::ProgressiveProofer.new(user_uuid: user.uuid)
   end
 
   def shadow_mode_ab_test_bucket(user:)

app/jobs/socure_docv_results_job.rb

@@ -85,6 +85,7 @@ def log_pii_validation(doc_pii_response:)
 
   def socure_document_verification_result
     DocAuth::Socure::Requests::DocvResultRequest.new(
+      customer_user_id: document_capture_session&.user&.uuid,
       document_capture_session_uuid:,
       docv_transaction_token_override:,
     ).fetch

app/jobs/socure_shadow_mode_proofing_job.rb

@@ -37,7 +37,7 @@ def perform(
 
     applicant = build_applicant(encrypted_arguments:, user_email:)
 
-    socure_result = proofer.proof(applicant)
+    socure_result = proofer(user:).proof(applicant)
 
     analytics.idv_socure_shadow_mode_proofing_result(
       resolution_result: format_proofing_result_for_logs(proofing_result),
@@ -116,9 +116,10 @@ def build_applicant(
     }
   end
 
-  def proofer
+  def proofer(user:)
     @proofer ||= Proofing::Socure::IdPlus::Proofer.new(
       Proofing::Socure::IdPlus::Config.new(
+        user_uuid: user.uuid,
         api_key: IdentityConfig.store.socure_idplus_api_key,
         base_url: IdentityConfig.store.socure_idplus_base_url,
         timeout: IdentityConfig.store.socure_idplus_timeout_in_seconds,

app/models/in_person_enrollment.rb

@@ -175,6 +175,11 @@ def cancel
     profile&.deactivate_due_to_in_person_verification_cancelled
   end
 
+  # @return [Boolean] Whether the enrollment is type passport book.
+  def passport_book?
+    document_type == DOCUMENT_TYPE_PASSPORT_BOOK
+  end
+
   private
 
   def days_to_expire

app/presenters/idv/in_person/ready_to_verify_presenter.rb

@@ -18,7 +18,7 @@ def initialize(enrollment:, barcode_image_url: nil, sp_name: nil)
       end
 
       def enrolled_with_passport_book?
-        enrollment.document_type == InPersonEnrollment::DOCUMENT_TYPE_PASSPORT_BOOK
+        enrollment.passport_book?
       end
 
       # Reminder is exclusive of the day the email is sent (1 less than days_to_due_date)

app/presenters/idv/in_person/verify_info_presenter.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class Idv::InPerson::VerifyInfoPresenter
+  def initialize(enrollment:)
+    @enrollment = enrollment
+  end
+
+  def step_indicator_steps
+    Idv::StepIndicatorConcern::STEP_INDICATOR_STEPS_IPP
+  end
+
+  def identity_info_partial
+    passport_flow? ? 'passport_section' : 'state_id_section'
+  end
+
+  def passport_flow?
+    @enrollment.passport_book?
+  end
+end

app/presenters/image_upload_response_presenter.rb

@@ -56,7 +56,7 @@ def as_json(*)
       end
       json[:hints] = true if show_hints?
       json[:ocr_pii] = ocr_pii
-      json[:result_failed] = doc_auth_result_failed?
+      json[:result_failed] = doc_auth_failed?
       json[:result_code_invalid] = result_code_invalid?
       json[:doc_type_supported] = doc_type_supported?
       json[:selfie_status] = selfie_status if show_selfie_failures?
@@ -78,8 +78,8 @@ def result_code_invalid?
       !attention_with_barcode?
   end
 
-  def doc_auth_result_failed?
-    @form_response.to_h[:doc_auth_result] == DocAuth::LexisNexis::ResultCodes::FAILED.name
+  def doc_auth_failed?
+    @form_response.to_h[:transaction_status] == DocAuth::LexisNexis::TransactionCodes::FAILED.name
   end
 
   def show_hints?