Deploy RC 506 to Production

.gitlab-ci.yml

@@ -8,7 +8,7 @@ variables:
   FF_SCRIPT_SECTIONS: 'true'
   JUNIT_OUTPUT: 'true'
   ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com'
-  IDP_CI_SHA: 'sha256:96e9cfbcedcc8d2c6736d736ebc6462bbd2fed3250f513facb632f6f87c0c862'
+  IDP_CI_SHA: 'sha256:787f58c3d7e0899d7a622202aa21a9ead24a3fc160d1b158160429bdcc33e4fe'
   PKI_IMAGE_TAG: 'main'
   DASHBOARD_IMAGE_TAG: 'main'
   APPLICATION_MANIFEST: dockerfiles/application.yaml

.rubocop.yml

@@ -35,6 +35,7 @@ AllCops:
     - 'public/**/*'
   TargetRubyVersion: 3.4
   TargetRailsVersion: 8.0
+  ParserEngine: parser_prism
   UseCache: true
   DisabledByDefault: true
   SuggestExtensions: false

.ruby-version

@@ -1 +1 @@
-3.4.1
+3.4.5

CONTRIBUTING.md

@@ -1,13 +1,14 @@
 ## Welcome!
 
-We’re so glad you’re thinking about contributing to a Technology Transformation Services (TTS) open source project! If you’re unsure about anything, just ask — or submit your issue or pull request anyway. The worst that can happen is we’ll politely ask you to change something. We appreciate all friendly contributions.
+Thanks for thinking about contributing to a Technology Transformation Services (TTS) open source project! If you’re unsure about anything, just ask.
 
 TTS is committed to building a safe, welcoming, harassment-free culture for everyone. We expect everyone on the TTS team and everyone within TTS spaces, including contributors to our projects, to follow the [TTS Code of Conduct](https://github.com/18F/code-of-conduct/blob/master/code-of-conduct.md).
 
-We encourage you to read this project’s CONTRIBUTING policy (you are here), its [LICENSE](LICENSE.md), and its [README](README.md). When you are ready to make a pull request, read our [pull request process](https://handbook.login.gov/articles/pull-request-review.html), which is a part of [the Login.gov Handbook](https://handbook.login.gov/).
+**If you are an external contributor**, please check out our [External Contributor Guidelines](EXTERNAL_CONTRIBUTORS.md) before beginning any work on a code change.
 
-If you have any questions or want to read more, check out the [18F Open Source Policy GitHub repository]( https://github.com/18f/open-source-policy), or [send us an email](mailto:18f@gsa.gov).
+All contributors, internal or external, must read this project’s CONTRIBUTING policy (you are here), its [LICENSE](LICENSE.md), and its [README](README.md). When you are ready to make a pull request, read our [pull request process](https://handbook.login.gov/articles/pull-request-review.html), which is a part of [the Login.gov Handbook](https://handbook.login.gov/).
 
+If you have any questions, please feel free to open an issue on this project.
 
 ## Pull request guidelines
 
@@ -81,7 +82,7 @@ Please follow our [Code Review][review] guidelines.
 [Glen Sanford's thoughts on code reviews][thoughts] are also well worth
 reading.
 
-[review]: https://engineering.18f.gov/code-review/
+[review]: https://guides.18f.org/engineering/our-approach/code-review/
 [thoughts]: http://glen.nu/ramblings/oncodereview.php
 
 - Keep pull requests as small as possible, and focused on a single topic

EXTERNAL_CONTRIBUTORS.md

@@ -0,0 +1,71 @@
+## External Contributor Guidelines
+
+Login.gov is the public's one account for government. We believe in transparency in government, which includes having an open source repo that invites community contributions. However, Login.gov is in active development, and we have to be realistic about the types of contributions we are able to accept and review in a timely fashion.
+
+This page outlines our extra guidelines for external contributors, but you will stil be beholden to our [CONTRIBUTING](CONTRIBUTING.md) policy. Make sure you have read through and understood those requirements.
+
+In order to ensure we can get to your contributions in an effective and efficient way, please adhere to the following guidelines.
+
+There are three primary ways to help:
+- Reporting bugs
+- Submitting feature requests
+- Submitting code
+
+### License
+All contributions to this project will be released under the [CC0 dedication](https://creativecommons.org/public-domain/cc0/). By submitting a pull request, or filing a bug, issue, or feature-request you are agreeing to comply with this waiver of copyright interest. Details can be found in our [LICENSE](LICENSE.md).
+
+### Reporting
+
+You may report a bug or submit a feature request by:
+- [Submitting a ticket](https://zendesk.login.gov/) at the Login.gov Partner help center.
+- [Creating an issue](https://github.com/18F/identity-idp/issues) in our GitHub repo
+
+#### Bug reports
+
+Please include: 
+A detailed report of the bug, including:
+- Reproduction steps,
+- Expected behavior,
+- Current behavior, and; 
+- Any other relevant information, such as browser type, or mobile vs desktop. 
+
+#### Feature requests
+
+Please include:
+- The requesting agency or team,
+- The problem that you would like solved,
+- Context around the need,
+
+### Submitting code
+
+#### General process   
+
+- Fork this repository
+- Make changes in your own fork
+- Submit a pull request
+
+For security reasons, external contributions will not trigger our CI/CD pipelines. If a change is reviewed as safe, and approved, a member of the Login.gov engineering team will run the pipeline before the change can be merged.
+
+#### Considerations before working on a code change
+
+##### Bug Fixes
+
+Before working on any code, please submit a bug report and allow us to acknowledge it. If it's a known issue to us, we may already be working on a fix. We wouldn't want you to waste your time if a fix is in progress!
+
+##### Features
+We do not accept PRs for new features (or that extend current features) from external contributors. 
+
+We have a specific internal process for researching, designing and developing features. As we are a shared service that operates government-wide, we need to evaluate whether a feature is a good fit for all our partners before we can consider building it out. 
+
+If you'd like to submit a feature request for consideration, please follow the [steps outlined above](#reporting).
+
+### PR Requirements
+
+Our engineering capacity does not allow for much time for code review of external contributions. For this reason, we can only accept small, concise code changes that don't conflict with work we have in-flight.
+
+We will not be able to review a change until the following steps are met:
+
+- There are associated unit tests that validate the change,
+- There is evidence of manual accessibility testing for any client-side code,
+- All specs are passing, and;
+- The code matches existing patterns.

Gemfile

@@ -117,6 +117,7 @@ group :development, :test do
   gem 'rubocop-rails', '~> 2.27.0', require: false
   gem 'rubocop-rspec', '~> 3.2.0', require: false
   gem 'rubocop-capybara', require: false
+  gem 'prism'
   gem 'sqlite3', require: false
 end
 
@@ -133,7 +134,7 @@ group :test do
   gem 'rack-test', '>= 1.1.0'
   gem 'rails-controller-testing', '>= 1.0.4'
   gem 'rspec_junit_formatter'
-  gem 'shoulda-matchers', '~> 4.0', require: false
+  gem 'shoulda-matchers', '~> 6.0', require: false
   gem 'simple_xlsx_reader', require: false
   gem 'tableparser', require: false
   gem 'webmock'

Gemfile.lock

@@ -429,7 +429,7 @@ GEM
       net-pop
       net-smtp
     marcel (1.0.4)
-    matrix (0.4.2)
+    matrix (0.4.3)
     maxminddb (0.1.22)
     memory_profiler (1.0.1)
     method_source (1.1.0)
@@ -468,7 +468,7 @@ GEM
     orm_adapter (0.5.0)
     ostruct (0.6.3)
     parallel (1.27.0)
-    parser (3.3.8.0)
+    parser (3.3.9.0)
       ast (~> 2.4.1)
       racc
     pg (1.5.9)
@@ -512,7 +512,7 @@ GEM
       nio4r (~> 2.0)
     raabro (1.4.0)
     racc (1.8.1)
-    rack (3.0.16)
+    rack (3.0.18)
     rack-cors (2.0.2)
       rack (>= 2.0.0)
     rack-headers_filter (0.0.1)
@@ -669,8 +669,8 @@ GEM
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 4.0)
       websocket (~> 1.0)
-    shoulda-matchers (4.5.1)
-      activesupport (>= 4.2.0)
+    shoulda-matchers (6.5.0)
+      activesupport (>= 5.2.0)
     simple_form (5.3.0)
       actionpack (>= 5.2)
       activemodel (>= 5.2)
@@ -829,6 +829,7 @@ DEPENDENCIES
   pg_query
   phonelib
   premailer-rails (>= 1.12.0)
+  prism
   profanity_filter
   prometheus_exporter
   propshaft
@@ -866,7 +867,7 @@ DEPENDENCIES
   safe_target_blank (>= 1.0.2)
   saml_idp!
   scrypt
-  shoulda-matchers (~> 4.0)
+  shoulda-matchers (~> 6.0)
   simple_form (>= 5.0.2)
   simple_xlsx_reader
   simplecov (~> 0.22.0)
@@ -889,7 +890,7 @@ DEPENDENCIES
   zxcvbn (= 0.1.12)
 
 RUBY VERSION
-   ruby 3.4.1p0
+   ruby 3.4.5p51
 
 BUNDLED WITH
    2.6.9

app/assets/stylesheets/components/_block-link.scss

@@ -24,7 +24,7 @@
     &::before {
       @include u-border('1px', 'primary');
       border-radius: 6px;
-      inset: 0 units(-1) 0 units(-1);
+      inset: 0 units(-1);
       content: '';
       pointer-events: none;
       position: absolute;

app/controllers/concerns/idv/document_capture_concern.rb

@@ -98,17 +98,10 @@ def correct_vendor_path(expected_doc_auth_vendor, in_hybrid_mobile:)
       end
     end
 
-    def fetch_test_verification_data
-      return unless IdentityConfig.store.socure_docv_verification_data_test_mode
-
-      docv_transaction_token_override = params.permit(:docv_token)[:docv_token]
-      return unless IdentityConfig.store.socure_docv_verification_data_test_mode_tokens
-        .include?(docv_transaction_token_override)
-
+    def fetch_synchronous_docv_result
       SocureDocvResultsJob.perform_now(
         document_capture_session_uuid:,
-        docv_transaction_token_override:,
-        async: true,
+        async: false,
       )
     end
 

app/controllers/concerns/idv/verify_info_concern.rb

@@ -234,6 +234,7 @@ def async_state_done(current_async_state)
 
     def next_step_url
       return idv_request_letter_url if FeatureManagement.idv_by_mail_only? ||
+                                       idv_session.gpo_request_letter_visited ||
                                        idv_session.gpo_letter_requested
       idv_phone_url
     end

app/controllers/idv/address_controller.rb

@@ -4,6 +4,7 @@ module Idv
   class AddressController < ApplicationController
     include Idv::AvailabilityConcern
     include IdvStepConcern
+    include Idv::StepIndicatorConcern
 
     before_action :confirm_not_rate_limited_after_doc_auth
     before_action :confirm_step_allowed
@@ -13,7 +14,8 @@ def new
 
       @address_form = build_address_form
       @presenter = AddressPresenter.new(
-        gpo_letter_requested: idv_session.gpo_letter_requested,
+        gpo_request_letter_visited: idv_session.gpo_request_letter_visited ||
+          idv_session.gpo_letter_requested,
         address_update_request: address_update_request?,
       )
     end
@@ -79,7 +81,8 @@ def success
 
     def failure
       @presenter = AddressPresenter.new(
-        gpo_letter_requested: idv_session.gpo_letter_requested,
+        gpo_request_letter_visited: idv_session.gpo_request_letter_visited ||
+          idv_session.gpo_letter_requested,
         address_update_request: address_update_request?,
       )
       render :new
@@ -114,5 +117,13 @@ def address_edited?
     def profile_params
       params.require(:idv_form).permit(Idv::AddressForm::ATTRIBUTES)
     end
+
+    def step_indicator_steps
+      if idv_session.gpo_request_letter_visited || idv_session.gpo_letter_requested
+        return StepIndicatorConcern::STEP_INDICATOR_STEPS_GPO
+      end
+
+      StepIndicatorConcern::STEP_INDICATOR_STEPS
+    end
   end
 end

app/controllers/idv/by_mail/request_letter_controller.rb

@@ -17,6 +17,7 @@ def index
 
         Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer)
           .call(:usps_address, :view, true)
+        idv_session.gpo_request_letter_visited = true
         idv_session.gpo_letter_requested = true
         analytics.idv_request_letter_visited
       end
@@ -37,7 +38,9 @@ def self.step_info
           preconditions: ->(idv_session:, user:) do
             idv_session.verify_info_step_complete?
           end,
-          undo_step: ->(idv_session:, user:) { idv_session.address_verification_mechanism = nil },
+          undo_step: ->(idv_session:, user:) do
+            idv_session.address_verification_mechanism = nil
+          end,
         )
       end
 

app/controllers/idv/hybrid_mobile/socure/document_capture_controller.rb

@@ -16,7 +16,6 @@ class DocumentCaptureController < ApplicationController
         before_action -> do
           redirect_to_correct_vendor(Idp::Constants::Vendors::SOCURE, in_hybrid_mobile: true)
         end, only: :show
-        before_action :fetch_test_verification_data, only: [:update]
 
         def show
           if rate_limiter.limited?
@@ -126,6 +125,15 @@ def wait_for_result?
           # If the stored_result is nil, the job fetching the results has not completed.
           analytics.idv_doc_auth_document_capture_polling_wait_visited(**analytics_arguments)
           if wait_timed_out?
+            analytics.idv_socure_verification_webhook_missing(
+              docv_transaction_token: document_capture_session.socure_docv_transaction_token,
+            )
+
+            fetch_synchronous_docv_result
+
+            document_capture_session.reload
+            return false if document_capture_session.load_result.present?
+
             redirect_to idv_hybrid_mobile_socure_document_capture_errors_url(
               error_code: :timeout,
             )

app/controllers/idv/socure/document_capture_controller.rb

@@ -19,7 +19,6 @@ class DocumentCaptureController < ApplicationController
       before_action -> do
         redirect_to_correct_vendor(Idp::Constants::Vendors::SOCURE, in_hybrid_mobile: false)
       end, only: :show
-      before_action :fetch_test_verification_data, only: [:update]
 
       def show
         analytics.idv_doc_auth_document_capture_visited(**analytics_arguments)
@@ -122,6 +121,15 @@ def wait_for_result?
         # If the stored_result is nil, the job fetching the results has not completed.
         analytics.idv_doc_auth_document_capture_polling_wait_visited(**analytics_arguments)
         if wait_timed_out?
+          analytics.idv_socure_verification_webhook_missing(
+            docv_transaction_token: document_capture_session.socure_docv_transaction_token,
+          )
+
+          fetch_synchronous_docv_result
+
+          document_capture_session.reload
+          return false if document_capture_session.load_result.present?
+
           redirect_to idv_socure_document_capture_errors_url(error_code: :timeout)
         else
           @refresh_interval =

app/javascript/packages/build-sass/cli.js

@@ -7,6 +7,7 @@ import { parseArgs } from 'node:util';
 import { fileURLToPath } from 'node:url';
 import { watch } from 'chokidar';
 import { initAsyncCompiler as initAsyncSassCompiler } from 'sass-embedded';
+import { isDependency } from '@aduth/is-dependency';
 import { buildFile } from './index.js';
 import getDefaultLoadPaths from './get-default-load-paths.js';
 import getErrorSassStackPaths from './get-error-sass-stack-paths.js';
@@ -31,7 +32,7 @@ const { values: flags, positionals: fileArgs } = parseArgs({
 });
 
 const { watch: isWatching, 'out-dir': outDir, 'load-path': loadPaths = [], verbose } = flags;
-loadPaths.push(...getDefaultLoadPaths());
+loadPaths.push(...getDefaultLoadPaths(isDependency));
 
 const sassCompiler = await initAsyncSassCompiler();
 

app/javascript/packages/build-sass/get-default-load-paths.js

@@ -1,5 +1,3 @@
-import { isDependency } from '@aduth/is-dependency';
-
 /** @type {Record<string, string[]>} */
 const DEPENDENCY_LOAD_PATHS_MAPPING = {
   '@18f/identity-design-system': ['node_modules/@18f/identity-design-system/packages'],
@@ -11,7 +9,7 @@ const DEPENDENCY_LOAD_PATHS_MAPPING = {
  *
  * @return {string[]} Array of load paths.
  */
-const getDefaultLoadPaths = () =>
+const getDefaultLoadPaths = (isDependency) =>
   Object.entries(DEPENDENCY_LOAD_PATHS_MAPPING)
     .filter(([dependency]) => isDependency(dependency))
     .flatMap(([, loadPaths]) => loadPaths);