Deploy RC 503 to Production

Gemfile.lock

@@ -385,7 +385,8 @@ GEM
     jsbundling-rails (1.1.2)
       railties (>= 6.0.0)
     json (2.13.2)
-    jwe (0.4.0)
+    jwe (1.1.1)
+      base64
     jwt (2.7.1)
     knapsack (4.0.0)
       rake

app/controllers/application_controller.rb

@@ -538,10 +538,15 @@ def find_device_profiling_result(type)
     ).last
   end
 
+  def user_in_one_account_verification_bucket?
+    ab_test_bucket(:ONE_ACCOUNT_USER_VERIFICATION_ENABLED) == :one_account_user_verification_enabled
+  end
+
   def user_duplicate_profiles_detected?
     return false unless sp_eligible_for_one_account?
     profile = current_user&.active_profile
     return false unless profile
+    return false unless user_in_one_account_verification_bucket?
     user_session[:duplicate_profile_ids].present?
   end
 

app/controllers/idv/phone_errors_controller.rb

@@ -7,6 +7,7 @@ class PhoneErrorsController < ApplicationController
     include StepIndicatorConcern
     include Idv::AbTestAnalyticsConcern
     include Idv::VerifyByMailConcern
+    include PhoneFormatter
 
     before_action :confirm_step_allowed, except: [:failure]
     before_action :set_gpo_letter_available
@@ -20,6 +21,7 @@ def warning
         @country_code = idv_session.previous_phone_step_params[:international_code]
       end
 
+      @formatted_phone = PhoneFormatter.format(@phone, country_code: @country_code)
       track_event(type: :warning)
     end
 

app/jobs/reports/irs_authentication_report.rb → app/jobs/reports/irs_registration_funnel_report.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 require 'csv'
-require 'reporting/irs_authentication_report'
+require 'reporting/irs_registration_funnel_report'
 
 module Reports
-  class IrsAuthenticationReport < BaseReport
-    REPORT_NAME = 'irs-authentication-report'
+  class IrsRegistrationFunnelReport < BaseReport
+    REPORT_NAME = 'irs-registration-funnel-report'
 
     attr_reader :report_date
 
@@ -19,7 +19,7 @@ def perform(date = Time.zone.yesterday.end_of_day)
 
       email_addresses = emails.select(&:present?)
       if email_addresses.empty?
-        Rails.logger.warn 'No email addresses received - Authentication Report NOT SENT'
+        Rails.logger.warn 'No email addresses received - Registration Funnel Report NOT SENT'
         return false
       end
 
@@ -29,7 +29,7 @@ def perform(date = Time.zone.yesterday.end_of_day)
 
       ReportMailer.tables_report(
         email: email_addresses,
-        subject: "IRS Authentication Report - #{report_date.to_date}",
+        subject: "IRS Registration Funnel Report - #{report_date.to_date}",
         reports: reports,
         message: preamble,
         attachment_format: :csv,
@@ -60,22 +60,22 @@ def preamble(env: Identity::Hostdata.env || 'local')
     end
 
     def reports
-      @reports ||= irs_authentication_report.as_emailable_reports
+      @reports ||= irs_registration_funnel_report.as_emailable_reports
     end
 
-    def irs_authentication_report
-      @irs_authentication_report ||= Reporting::IrsAuthenticationReport.new(
+    def irs_registration_funnel_report
+      @irs_registration_funnel_report ||= Reporting::IrsRegistrationFunnelReport.new(
         issuers: issuers,
         time_range: report_date.all_week,
       )
     end
 
     def issuers
-      [*IdentityConfig.store.irs_authentication_issuers]
+      [*IdentityConfig.store.irs_registration_funnel_issuers]
     end
 
     def emails
-      [*IdentityConfig.store.irs_authentication_emails]
+      [*IdentityConfig.store.irs_registration_funnel_emails]
     end
 
     def upload_to_s3(report_body, report_name: nil)

app/services/marketing_site.rb

@@ -10,6 +10,7 @@ class UnknownArticleException < StandardError; end
     manage-your-account/add-or-change-your-authentication-method
     manage-your-account/delete-your-account
     manage-your-account/personal-key
+    manage-your-account/resolve-duplicate-accounts
     trouble-signing-in/face-or-touch-unlock
     trouble-signing-in/forgot-your-password
     trouble-signing-in/forgot-your-personal-key

app/views/duplicate_profiles_detected/show.html.erb

@@ -3,7 +3,19 @@
 <%= render StatusPageComponent.new(status: :warning) do |c| %>
   <% c.with_header { @dupe_profiles_detected_presenter.heading } %>
 
-  <p><%= t('duplicate_profiles_detected.intro', app_name: APP_NAME) %></p>
+  <p>
+    <%= t(
+          'duplicate_profiles_detected.intro_html',
+          link_html: new_tab_link_to(
+            t('duplicate_profiles_detected.intro.link'),
+            MarketingSite.help_center_article_url(
+              category: 'manage-your-account',
+              article: 'resolve-duplicate-accounts',
+            ),
+          ),
+          app_name: APP_NAME,
+        ) %>
+  </p>
 
   <p><%= t('duplicate_profiles_detected.intro2', app_name: APP_NAME) %></p>
 

app/views/idv/phone_errors/warning.html.erb

@@ -8,8 +8,7 @@
 
       <% if @phone %>
         <p>
-          <%= t('idv.failure.phone.warning.you_entered') %>
-          <strong class='text-no-wrap'><%= PhoneFormatter.format(@phone, country_code: @country_code) %></strong>
+          <%= t('idv.failure.phone.warning.you_entered_html', formatted_phone: @formatted_phone) %>
         </p>
       <% end %>
 

config/application.yml.default

@@ -235,13 +235,13 @@ in_person_results_delay_in_hours: 1
 in_person_send_proofing_notifications_enabled: false
 in_person_stop_expiring_enrollments: false
 invalid_gpo_confirmation_zipcode: '00001'
-irs_authentication_emails: '[]'
-irs_authentication_issuers: '[]'
 irs_credential_tenure_report_config: '[]'
 irs_credential_tenure_report_issuers: '[]'
 irs_credentials_emails: '[]'
 irs_fraud_metrics_emails: '[]'
 irs_fraud_metrics_issuers: '[]'
+irs_registration_funnel_emails: '[]'
+irs_registration_funnel_issuers: '[]'
 irs_verification_report_config: '[]'
 irs_verification_report_issuers: '[]'
 
@@ -307,6 +307,7 @@ minimum_wait_before_another_usps_letter_in_hours: 24
 mx_timeout: 3
 new_device_alert_delay_in_minutes: 5
 newrelic_license_key: ''
+one_account_user_verification_enabled_percentage: 0
 openid_connect_content_security_form_action_enabled: false
 openid_connect_redirect: client_side_js
 otp_delivery_blocklist_findtime: 5
@@ -609,10 +610,10 @@ test:
   hmac_fingerprinter_key: a2c813d4dca919340866ba58063e4072adc459b767a74cf2666d5c1eef3861db26708e7437abde1755eb24f4034386b0fea1850a1cb7e56bff8fae3cc6ade96c
   hmac_fingerprinter_key_queue: '["old-key-one", "old-key-two"]'
   identity_pki_disabled: true
-  irs_authentication_emails: '["g@example.com", "h@example.com"]'
-  irs_authentication_issuers: '["urn:gov:gsa:openidconnect.profiles:sp:sso:agency_name:app_name"]'
   irs_fraud_metrics_emails: '["g@example.com", "h@example.com"]'
   irs_fraud_metrics_issuers: '["urn:gov:gsa:openidconnect.profiles:sp:sso:agency_name:app_name"]'
+  irs_registration_funnel_emails: '["g@example.com", "h@example.com"]'
+  irs_registration_funnel_issuers: '["urn:gov:gsa:openidconnect.profiles:sp:sso:agency_name:app_name"]'
   lexisnexis_trueid_account_id: 'test_account'
   lockout_period_in_minutes: 5
   logins_per_email_and_ip_limit: 2

config/initializers/ab_tests.rb

@@ -137,6 +137,23 @@ def self.all
     user&.uuid
   end.freeze
 
+  ONE_ACCOUNT_USER_VERIFICATION_ENABLED = AbTest.new(
+    experiment_name: 'One Account User Verification Enabled',
+    should_log: [
+      'Email and Password Authentication',
+      'SP redirect initiated',
+      :one_account_duplicate_profiles_detected,
+      :one_account_unknown_profile_detected,
+      :one_account_recognize_all_profiles,
+    ].to_set,
+    buckets: {
+      one_account_user_verification_enabled_percentage:
+        IdentityConfig.store.one_account_user_verification_enabled_percentage,
+    },
+  ) do |user:, user_session:, **|
+    user&.uuid
+  end.freeze
+
   SOCURE_IDV_SHADOW_MODE_FOR_NON_DOCV_USERS = AbTest.new(
     experiment_name: 'Socure shadow mode',
     should_log: ['IdV: doc auth verify proofing results'].to_set,

config/initializers/job_configurations.rb

@@ -245,8 +245,8 @@
         args: -> { [Time.zone.yesterday.end_of_day] },
       },
       # Send previous week's authentication reports to irs
-      irs_weekly_authentication_report: {
-        class: 'Reports::IrsAuthenticationReport',
+      irs_weekly_registration_funnel_report: {
+        class: 'Reports::IrsRegistrationFunnelReport',
         cron: cron_every_monday,
         args: -> { [Time.zone.yesterday.end_of_day] },
       },

config/locales/en.yml

@@ -738,18 +738,19 @@ duplicate_profiles_detected.accounts_list.heading: Accounts with the same verifi
 duplicate_profiles_detected.cant_access: 'I can’t access an account'
 duplicate_profiles_detected.connected_acct_html: '<strong> Connected agencies: </strong> %{count}'
 duplicate_profiles_detected.created_at_html: '<strong> Created: </strong> %{timestamp_html}'
-duplicate_profiles_detected.delete_duplicates.details_html: Sign in, authenticate, and delete the account from the ‘Your account’ page. %{link_html}
-duplicate_profiles_detected.delete_duplicates.heading: 'Delete the duplicate accounts'
+duplicate_profiles_detected.delete_duplicates.details_html: Sign in and delete the account from the “Your account” page. %{link_html}
+duplicate_profiles_detected.delete_duplicates.heading: 'Delete the duplicate account(s)'
 duplicate_profiles_detected.delete_duplicates.link: How to delete your account.
 duplicate_profiles_detected.dont_recognize_account: I don’t recognize an account above
 duplicate_profiles_detected.duplicate: Duplicate
 duplicate_profiles_detected.get_help: Get Help
 duplicate_profiles_detected.heading: We found other accounts that may be yours
-duplicate_profiles_detected.intro: The %{app_name} requires that you only have one identity verified %{app_name} account. Learn more about duplicate accounts
-duplicate_profiles_detected.intro2: 'You need to delete the duplicate accounts before signing into %{app_name}. Here’s what to do:'
+duplicate_profiles_detected.intro_html: '%{app_name} requires that you only have one identity verified %{app_name} account. %{link_html}'
+duplicate_profiles_detected.intro.link: Learn more about duplicate accounts.
+duplicate_profiles_detected.intro2: 'You need to delete duplicate accounts before signing into %{app_name}. Here’s what to do:'
 duplicate_profiles_detected.last_sign_in_at_html: '<strong> Last login: </strong> %{timestamp_html}'
 duplicate_profiles_detected.never_logged_in: Never logged in
-duplicate_profiles_detected.select_an_account.details: Keep the account that you’ve connected to the most agencies. That way you don’t have to reconnect to all the agencies you use.
+duplicate_profiles_detected.select_an_account.details: Keep the account you use the most. For example, the one tied to the most services. That way, you won’t have to reconnect services.
 duplicate_profiles_detected.select_an_account.heading: Choose an account to keep
 duplicate_profiles_detected.sign_back_in.details: Go back to the %{app_name} website and sign in using the one %{app_name} account you kept.
 duplicate_profiles_detected.sign_back_in.heading: Sign back into %{app_name} with one account
@@ -1124,7 +1125,7 @@ idv.failure.phone.warning.heading: We couldn’t match you to this number
 idv.failure.phone.warning.learn_more_link: Learn more about what phone number to use
 idv.failure.phone.warning.next_steps_html: Try <strong>another</strong> number that you use often and have used for a long time. This can be a work or home number.
 idv.failure.phone.warning.try_again_button: Try another number
-idv.failure.phone.warning.you_entered: 'We couldn’t find a record of you using this number:'
+idv.failure.phone.warning.you_entered_html: "We couldn’t find a record of you using this number: <strong class='text-no-wrap'>%{formatted_phone}</strong>"
 idv.failure.sessions.exception: There was an internal error processing your request.
 idv.failure.sessions.fail_html: For your security, we limit the number of times you can attempt to verify personal information online. <strong>Try again in %{timeout}.</strong>
 idv.failure.sessions.heading: We couldn’t find records matching your personal information
@@ -1946,7 +1947,7 @@ user_mailer.dupe_profile.review_complete.success_info: We completed a review of
 user_mailer.dupe_profile.review_complete.unable_heading: We are not able to sign you in
 user_mailer.dupe_profile.review_complete.unable_info: We completed a review of your accounts and are not able to sign you in. Please contact %{sp_or_app_name} for further assistance.
 user_mailer.dupe_profile.sign_in.description: Someone just signed into a %{app_name} that had previously been verified with your personal information. For your safety we have restricted access on all accounts with matching information and access to %{sp_or_app_name}.
-user_mailer.dupe_profile.sign_in.description2_html: If this was you, you should delete the duplicate account by following the %{steps_link_html} and use only one account for. If this wasn’t you contact the %{help_center_link_html}.
+user_mailer.dupe_profile.sign_in.description2_html: If this was you, you should delete the duplicate account by following the %{steps_link_html} and use only one account for your security. If this wasn’t you, contact the %{help_center_link_html}.
 user_mailer.dupe_profile.sign_in.heading: Another account using your personal information has signed in
 user_mailer.dupe_profile.sign_in.help_center_link: '%{app_name} Help Center'
 user_mailer.dupe_profile.sign_in.steps_link: steps outlined here

config/locales/es.yml

@@ -745,26 +745,27 @@ doc_auth.tips.document_capture_selfie_text1: Quite cualquier prenda o accesorio
 doc_auth.tips.document_capture_selfie_text2: Tómese la foto en un lugar bien iluminado
 doc_auth.tips.document_capture_selfie_text3: Mantenga una expresión neutral
 doc_auth.tips.document_capture_selfie_text4: Revise que se vea su rostro completo dentro del círculo verde.
-duplicate_profiles_detected.accounts_list.heading: Accounts with the same verified information
-duplicate_profiles_detected.cant_access: 'I can’t access an account'
+duplicate_profiles_detected.accounts_list.heading: Cuentas con la misma información verificada
+duplicate_profiles_detected.cant_access: 'No puedo acceder a una cuenta'
 duplicate_profiles_detected.connected_acct_html: '<strong> Connected agencies: </strong> %{count}'
 duplicate_profiles_detected.created_at_html: '<strong> Created: </strong> %{timestamp_html}'
-duplicate_profiles_detected.delete_duplicates.details_html: Sign in, authenticate, and delete the account from the ‘Your account’ page. %{link_html}
-duplicate_profiles_detected.delete_duplicates.heading: 'Delete the duplicate accounts'
-duplicate_profiles_detected.delete_duplicates.link: How to delete your account.
-duplicate_profiles_detected.dont_recognize_account: I don’t recognize an account above
+duplicate_profiles_detected.delete_duplicates.details_html: Inicie sesión y, en la página de “Su cuenta”, elimine la cuenta. %{link_html}
+duplicate_profiles_detected.delete_duplicates.heading: 'Elimine las cuentas duplicadas.'
+duplicate_profiles_detected.delete_duplicates.link: Cómo eliminar su cuenta.
+duplicate_profiles_detected.dont_recognize_account: No reconozco una de estas cuentas
 duplicate_profiles_detected.duplicate: Duplicate
-duplicate_profiles_detected.get_help: Get Help
-duplicate_profiles_detected.heading: We found other accounts that may be yours
-duplicate_profiles_detected.intro: The %{app_name} requires that you only have one identity verified %{app_name} account. Learn more about duplicate accounts
-duplicate_profiles_detected.intro2: 'You need to delete the duplicate accounts before signing into %{app_name}. Here’s what to do:'
+duplicate_profiles_detected.get_help: Obtener ayuda
+duplicate_profiles_detected.heading: Encontramos otras cuentas que pueden ser suyas
+duplicate_profiles_detected.intro_html: '%{app_name} requiere que usted tenga una sola cuenta de %{app_name} en la cual haya verificado su identidad. %{link_html}'
+duplicate_profiles_detected.intro.link: Obtenga más información acerca de las cuentas duplicadas.
+duplicate_profiles_detected.intro2: 'Antes de iniciar sesión en %{app_name}, necesita eliminar las cuentas duplicadas. Esto es lo que tiene que hacer:'
 duplicate_profiles_detected.last_sign_in_at_html: '<strong> Last login: </strong> %{timestamp_html}'
 duplicate_profiles_detected.never_logged_in: Never logged in
-duplicate_profiles_detected.select_an_account.details: Keep the account that you’ve connected to the most agencies. That way you don’t have to reconnect to all the agencies you use.
-duplicate_profiles_detected.select_an_account.heading: Choose an account to keep
-duplicate_profiles_detected.sign_back_in.details: Go back to the %{app_name} website and sign in using the one %{app_name} account you kept.
-duplicate_profiles_detected.sign_back_in.heading: Sign back into %{app_name} with one account
-duplicate_profiles_detected.sign_out: Sign out
+duplicate_profiles_detected.select_an_account.details: Conserve la cuenta que más usa. Por ejemplo, la que está vinculada a más servicios. Así, no tendrá que volver a conectar los servicios.
+duplicate_profiles_detected.select_an_account.heading: Elija la cuenta que desea conservar.
+duplicate_profiles_detected.sign_back_in.details: Vuelva al sitio web de %{app_name} e inicie sesión usando la cuenta de %{app_name} que conservó.
+duplicate_profiles_detected.sign_back_in.heading: Vuelva a iniciar sesión en %{app_name} con una cuenta.
+duplicate_profiles_detected.sign_out: Cerrar sesión
 duplicate_profiles_detected.signed_in: Signed In
 email_address.not_found: El correo electrónico no encontrado
 email_addresses.add.duplicate: Esta dirección de correo electrónico ya está registrada en su cuenta.
@@ -1135,7 +1136,7 @@ idv.failure.phone.warning.heading: No pudimos asociarlo a este número
 idv.failure.phone.warning.learn_more_link: Obtenga más información sobre el número de teléfono que debe usar
 idv.failure.phone.warning.next_steps_html: Intente con <strong>otro</strong> número que use a menudo y haya usado por mucho tiempo. Puede ser el número del trabajo o de casa.
 idv.failure.phone.warning.try_again_button: Intentar con otro número
-idv.failure.phone.warning.you_entered: 'No pudimos encontrar su registro con este número:'
+idv.failure.phone.warning.you_entered_html: "No pudimos encontrar su registro con este número: <strong class='text-no-wrap'>%{formatted_phone}</strong>"
 idv.failure.sessions.exception: Hubo un error interno al procesar su solicitud.
 idv.failure.sessions.fail_html: Por su seguridad, limitamos el número de veces que puede intentar verificar la información personal en línea. <strong>Vuelva a intentarlo en %{timeout}.</strong>
 idv.failure.sessions.heading: No encontramos registros que coincidan con sus datos personales