Deploy RC 488 to Production

app/controllers/idv/agreement_controller.rb

@@ -42,14 +42,11 @@ def update
       if result.success?
         idv_session.idv_consent_given_at = Time.zone.now
 
-        if IdentityConfig.store.in_person_proofing_opt_in_enabled &&
-           IdentityConfig.store.in_person_proofing_enabled
-          if params[:skip_hybrid_handoff]
-            redirect_to idv_choose_id_type_url
-          else
-            redirect_to idv_how_to_verify_url
-          end
+        if in_person_proofing_route_enabled? && params[:skip_hybrid_handoff]
+          redirect_to idv_choose_id_type_url
         else
+          idv_session.opted_in_to_in_person_proofing = false
+          idv_session.skip_doc_auth_from_how_to_verify = false
           redirect_to idv_hybrid_handoff_url
         end
       else
@@ -80,6 +77,11 @@ def analytics_arguments
       }.merge(ab_test_analytics_buckets)
     end
 
+    def in_person_proofing_route_enabled?
+      IdentityConfig.store.in_person_proofing_opt_in_enabled &&
+        IdentityConfig.store.in_person_proofing_enabled
+    end
+
     def skip_to_capture
       idv_session.flow_path = 'standard'
 

app/controllers/idv/how_to_verify_controller.rb

@@ -36,8 +36,9 @@ def update
         if how_to_verify_form_params['selection'] == Idv::HowToVerifyForm::REMOTE
           idv_session.opted_in_to_in_person_proofing = false
           idv_session.skip_doc_auth_from_how_to_verify = false
+          idv_session.flow_path = 'standard'
           abandon_any_ipp_progress
-          redirect_to idv_hybrid_handoff_url
+          redirect_to idv_document_capture_url
         else
           idv_session.opted_in_to_in_person_proofing = true
           idv_session.flow_path = 'standard'

app/controllers/idv/hybrid_handoff_controller.rb

@@ -19,8 +19,12 @@ def show
                                         Idv::InPersonConfig.enabled_for_issuer?(
                                           decorated_sp_session.sp_issuer,
                                         )
-
+      @post_office_enabled = IdentityConfig.store.in_person_proofing_enabled &&
+                             IdentityConfig.store.in_person_proofing_opt_in_enabled &&
+                             IdentityConfig.store.in_person_doc_auth_button_enabled
       @selfie_required = idv_session.selfie_check_required
+      @idv_how_to_verify_form = Idv::HowToVerifyForm.new
+      set_how_to_verify_presenter
 
       Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).call(
         'upload', :view,
@@ -35,8 +39,14 @@ def show
 
     def update
       clear_future_steps!
+      abandon_any_ipp_progress
 
-      if params[:type] == 'mobile'
+      if how_to_verify_form_params['selection'] == Idv::HowToVerifyForm::IPP
+        idv_session.opted_in_to_in_person_proofing = true
+        idv_session.flow_path = 'standard'
+        idv_session.skip_doc_auth_from_how_to_verify = true
+        redirect_to idv_document_capture_url(step: :hybrid_handoff)
+      elsif params[:type] == 'mobile'
         handle_phone_submission
       else
         bypass_send_link_steps
@@ -61,7 +71,7 @@ def self.step_info
         next_steps: [:choose_id_type, :link_sent, :document_capture, :socure_document_capture],
         preconditions: ->(idv_session:, user:) {
                          idv_session.idv_consent_given? &&
-                           (self.selected_remote(idv_session: idv_session) || # from opt-in screen
+                         (self.selected_remote(idv_session: idv_session) || # from opt-in screen
                              # back from ipp doc capture screen
                              idv_session.skip_doc_auth_from_handoff)
                        },
@@ -74,6 +84,19 @@ def self.step_info
 
     private
 
+    def mobile_required?
+      idv_session.selfie_check_required ||
+        document_capture_session.doc_auth_vendor == Idp::Constants::Vendors::SOCURE
+    end
+
+    def set_how_to_verify_presenter
+      @presenter = Idv::HowToVerifyPresenter.new(
+        mobile_required: mobile_required?,
+        selfie_check_required: @selfie_required,
+        passport_allowed: idv_session.passport_allowed,
+      )
+    end
+
     def abandon_any_ipp_progress
       current_user&.establishing_in_person_enrollment&.cancel
     end
@@ -248,5 +271,11 @@ def formatted_destination_phone
       raw_phone = params.require(:doc_auth).permit(:phone)
       PhoneFormatter.format(raw_phone, country_code: 'US')
     end
+
+    def how_to_verify_form_params
+      params.require(:idv_how_to_verify_form).permit(:selection, selection: [])
+    rescue ActionController::ParameterMissing
+      ActionController::Parameters.new(selection: [])
+    end
   end
 end

app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb

@@ -29,6 +29,9 @@ def show
           Funnel::DocAuth::RegisterStep.new(document_capture_user.id, sp_session[:issuer])
             .call('hybrid_mobile_socure_document_capture', :view, true)
 
+          @selfie_check_required = resolved_authn_context_result.facial_match?
+          @hybrid_flow = true
+
           if document_capture_session.socure_docv_capture_app_url.present?
             @url = document_capture_session.socure_docv_capture_app_url
             return

app/controllers/idv/socure/document_capture_controller.rb

@@ -28,6 +28,9 @@ def show
         Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer])
           .call('socure_document_capture', :view, true)
 
+        @selfie_check_required = resolved_authn_context_result.facial_match?
+        @hybrid_flow = false
+
         if document_capture_session.socure_docv_capture_app_url.present?
           @url = document_capture_session.socure_docv_capture_app_url
           return

app/controllers/two_factor_authentication/piv_cac_verification_controller.rb

@@ -29,6 +29,19 @@ def redirect_to_piv_cac_service
       ), allow_other_host: true
     end
 
+    def error
+      @presenter = PivCacErrorPresenter.new(
+        error: params[:error],
+        view: view_context,
+        try_again_url: login_two_factor_piv_cac_url,
+      )
+    end
+
+    def logout
+      sign_out
+      redirect_to sign_up_email_path
+    end
+
     private
 
     def process_token
@@ -44,7 +57,7 @@ def process_token
       if result.success?
         handle_valid_piv_cac
       else
-        handle_invalid_piv_cac
+        handle_invalid_piv_cac(piv_cac_verification_form.error_type)
       end
     end
 
@@ -59,7 +72,7 @@ def handle_valid_piv_cac
       redirect_to after_sign_in_path_for(current_user)
     end
 
-    def handle_invalid_piv_cac
+    def handle_invalid_piv_cac(error)
       clear_piv_cac_information
       update_invalid_user
 
@@ -68,8 +81,7 @@ def handle_invalid_piv_cac
       elsif redirect_for_piv_cac_mismatch_replacement?
         redirect_to login_two_factor_piv_cac_mismatch_url
       else
-        flash[:error] = t('two_factor_authentication.invalid_piv_cac')
-        redirect_to login_two_factor_piv_cac_url
+        redirect_to login_two_factor_piv_cac_error_url(error: error)
       end
     end
 

app/jobs/reports/irs_verification_report.rb

@@ -28,7 +28,6 @@ def perform(date = Time.zone.yesterday.end_of_day)
       end
 
       ReportMailer.tables_report(
-        title: 'IRS Verification Report',
         email: email_addresses,
         subject: "IRS Verification Report - #{report_date.to_date}",
         reports: reports,

app/jobs/resolution_proofing_job.rb

@@ -122,7 +122,6 @@ def make_vendor_proofing_requests(
   )
     result = progressive_proofer(user:, proofing_vendor:).proof(
       applicant_pii: applicant_pii,
-      user_email: user_email_for_proofing(user),
       threatmetrix_session_id: threatmetrix_session_id,
       request_ip: request_ip,
       ipp_enrollment_in_progress: ipp_enrollment_in_progress,
@@ -161,7 +160,7 @@ def logger_info_hash(hash)
 
   def progressive_proofer(user:, proofing_vendor:)
     @progressive_proofer ||= Proofing::Resolution::ProgressiveProofer.new(
-      user_uuid: user.uuid, proofing_vendor:,
+      user_uuid: user.uuid, proofing_vendor:, user_email: user_email_for_proofing(user),
     )
   end
 

app/jobs/socure_docv_results_job.rb

@@ -88,6 +88,7 @@ def socure_document_verification_result
       customer_user_id: document_capture_session&.user&.uuid,
       document_capture_session_uuid:,
       docv_transaction_token_override:,
+      user_email: document_capture_session&.user&.last_sign_in_email_address&.email,
     ).fetch
   end
 

app/presenters/idv/how_to_verify_presenter.rb

@@ -20,6 +20,14 @@ def header_text
     t('doc_auth.headings.how_to_verify')
   end
 
+  def hybrid_handoff_text
+    if selfie_required
+      t('doc_auth.info.hybrid_handoff_selfie')
+    else
+      t('doc_auth.info.hybrid_handoff_no_selfie')
+    end
+  end
+
   def online_asset_url
     if mobile_required
       'idv/mobile-phone-icon.svg'
@@ -83,6 +91,10 @@ def post_office_instruction
     t('doc_auth.info.verify_at_post_office_instruction')
   end
 
+  def post_office_accepted_id_instruction
+    t('doc_auth.info.verify_at_post_office_instruction')
+  end
+
   def post_office_description
     if passport_allowed
       IdentityConfig.store.in_person_passports_enabled ?

app/services/doc_auth/socure/requests/docv_result_request.rb

@@ -9,22 +9,25 @@ class DocvResultRequest < DocAuth::Socure::Request
         def initialize(
           customer_user_id:,
           document_capture_session_uuid:,
+          user_email:,
           docv_transaction_token_override: nil
         )
           @customer_user_id = customer_user_id
+          @user_email = user_email
           @document_capture_session_uuid = document_capture_session_uuid
           @docv_transaction_token_override = docv_transaction_token_override
         end
 
         private
 
-        attr_reader :customer_user_id, :docv_transaction_token_override
+        attr_reader :customer_user_id, :docv_transaction_token_override, :user_email
 
         def body
           {
             modules: ['documentverification'],
             docvTransactionToken: docv_transaction_token,
             customerUserId: customer_user_id,
+            email: user_email,
           }.to_json
         end
 

app/services/proofing/resolution/plugins/residential_address_plugin.rb

@@ -14,12 +14,7 @@ def initialize(
           @sp_cost_token = sp_cost_token
         end
 
-        def call(
-          applicant_pii:,
-          current_sp:,
-          ipp_enrollment_in_progress:,
-          timer:
-        )
+        def call(applicant_pii:, current_sp:, ipp_enrollment_in_progress:, timer:)
           return residential_address_unnecessary_result unless ipp_enrollment_in_progress
 
           timer.time('residential address') do