Deploy to the qa environment

.reek

@@ -24,6 +24,7 @@ FeatureEnvy:
     - Pii::Attributes#[]=
     - OpenidConnectLogoutForm#load_identity
     - Idv::ProfileMaker#pii_from_applicant
+    - Idv::Step#vendor_validator_result
 InstanceVariableAssumption:
   exclude:
     - User
@@ -41,6 +42,7 @@ NilCheck:
 LongParameterList:
   exclude:
     - IdentityLinker#optional_attributes
+    - VendorValidatorJob#perform
 RepeatedConditional:
   exclude:
     - Users::ResetPasswordsController
@@ -53,6 +55,7 @@ TooManyInstanceVariables:
   exclude:
     - OpenidConnectAuthorizeForm
     - OpenidConnectRedirector
+    - Idv::VendorResult
 TooManyStatements:
   max_statements: 6
   exclude:
@@ -72,6 +75,7 @@ TooManyMethods:
     - OpenidConnect::AuthorizationController
     - Idv::Session
     - User
+    - Verify::SessionsController
 UncommunicativeMethodName:
   exclude:
     - PhoneConfirmationFlow
@@ -89,6 +93,7 @@ UtilityFunction:
   public_methods_only: true
   exclude:
     - AnalyticsEventJob#perform
+    - ApplicationController#default_url_options
     - ApplicationHelper#step_class
     - PersonalKeyFormatter#regexp
     - SessionTimeoutWarningHelper#frequency
@@ -97,6 +102,7 @@ UtilityFunction:
     - SessionDecorator
     - WorkerHealthChecker::Middleware#call
     - UserEncryptedAttributeOverrides#create_fingerprint
+    - LocaleHelper#locale_url_param
 'app/controllers':
   InstanceVariableAssumption:
     enabled: false

.rubocop.yml

@@ -93,6 +93,9 @@ Metrics/ModuleLength:
   - spec/**/*
   - 'app/controllers/concerns/two_factor_authenticatable.rb'
 
+Metrics/ParameterLists:
+  CountKeywordArgs: false
+
 # This is a Rails 5 feature, so it should be disabled until we upgrade
 Rails/HttpPositionalArguments:
   Description: 'Use keyword arguments instead of positional arguments in http method calls.'

app/assets/javascripts/app/components/accordion.js

@@ -72,6 +72,7 @@ class Accordion extends Events {
     this.content.classList.add('shown');
     this.content.classList.remove('animate-out');
     this.content.classList.add('animate-in');
+    this.content.setAttribute('aria-hidden', 'false');
     this.emit('accordion.show');
   }
 
@@ -81,6 +82,7 @@ class Accordion extends Events {
     this.shownIcon.classList.add('display-none');
     this.content.classList.remove('animate-in');
     this.content.classList.add('animate-out');
+    this.content.setAttribute('aria-hidden', 'true');
     this.emit('accordion.hide');
     this.header.focus();
   }

app/assets/javascripts/app/form-validation.js

@@ -10,7 +10,7 @@ document.addEventListener('DOMContentLoaded', () => {
       if (input) {
         input.addEventListener('input', () => {
           if (input.validity.patternMismatch) {
-            input.setCustomValidity(I18n.t(`idv.errors.pattern_mismatch.${f}`));
+            input.setCustomValidity(I18n.t(`idv.errors.pattern_mismatch.${I18n.key(f)}`));
           } else {
             input.setCustomValidity('');
           }

app/assets/javascripts/misc/i18n-strings.js.erb

@@ -5,7 +5,7 @@ window.LoginGov = window.LoginGov || {};
   'errors.messages.missing_field',
   'forms.passwords.show',
   'idv.errors.pattern_mismatch.dob',
-  'idv.errors.pattern_mismatch.personal-key',
+  'idv.errors.pattern_mismatch.personal_key',
   'idv.errors.pattern_mismatch.ssn',
   'idv.errors.pattern_mismatch.zipcode',
   'idv.modal.button.warning',
@@ -16,40 +16,45 @@ window.LoginGov = window.LoginGov || {};
   'instructions.password.strength.v',
   'links.remove',
   'valid_email.validations.email.invalid',
-  'zxcvbn.feedback.Use a few words, avoid common phrases',
-  'zxcvbn.feedback.No need for symbols, digits, or uppercase letters',
-  'zxcvbn.feedback.Add another word or two_ Uncommon words are better_',
-  'zxcvbn.feedback.Straight rows of keys are easy to guess',
-  'zxcvbn.feedback.Short keyboard patterns are easy to guess',
-  'zxcvbn.feedback.Use a longer keyboard pattern with more turns',
-  'zxcvbn.feedback.Repeats like "aaa" are easy to guess',
-  'zxcvbn.feedback.Repeats like "abcabcabc" are only slightly harder to guess than "abc"',
-  'zxcvbn.feedback.Avoid repeated words and characters',
-  'zxcvbn.feedback.Sequences like abc or 6543 are easy to guess',
-  'zxcvbn.feedback.Avoid sequences',
-  'zxcvbn.feedback.Recent years are easy to guess',
-  'zxcvbn.feedback.Avoid recent years',
-  'zxcvbn.feedback.Avoid years that are associated with you',
-  'zxcvbn.feedback.Dates are often easy to guess',
-  'zxcvbn.feedback.Avoid dates and years that are associated with you',
-  'zxcvbn.feedback.This is a top-10 common password',
-  'zxcvbn.feedback.This is a top-100 common password',
-  'zxcvbn.feedback.This is a very common password',
-  'zxcvbn.feedback.This is similar to a commonly used password',
-  'zxcvbn.feedback.A word by itself is easy to guess',
-  'zxcvbn.feedback.Names and surnames by themselves are easy to guess',
-  'zxcvbn.feedback.Common names and surnames are easy to guess',
-  'zxcvbn.feedback.Capitalization doesn\'t help very much',
-  'zxcvbn.feedback.All-uppercase is almost as easy to guess as all-lowercase',
-  'zxcvbn.feedback.Reversed words aren\'t much harder to guess',
-  'zxcvbn.feedback.Predictable substitutions like \'@\' instead of \'a\' don\'t help very much'
+  'zxcvbn.feedback.a_word_by_itself_is_easy_to_guess',
+  'zxcvbn.feedback.add_another_word_or_two_uncommon_words_are_better',
+  'zxcvbn.feedback.all_uppercase_is_almost_as_easy_to_guess_as_all_lowercase',
+  'zxcvbn.feedback.avoid_dates_and_years_that_are_associated_with_you',
+  'zxcvbn.feedback.avoid_recent_years',
+  'zxcvbn.feedback.avoid_repeated_words_and_characters',
+  'zxcvbn.feedback.avoid_sequences',
+  'zxcvbn.feedback.avoid_years_that_are_associated_with_you',
+  'zxcvbn.feedback.capitalization_doesnt_help_very_much',
+  'zxcvbn.feedback.common_names_and_surnames_are_easy_to_guess',
+  'zxcvbn.feedback.dates_are_often_easy_to_guess',
+  'zxcvbn.feedback.names_and_surnames_by_themselves_are_easy_to_guess',
+  'zxcvbn.feedback.there_is_no_need_for_symbols_digits_or_uppercase_letters',
+  'zxcvbn.feedback.predictable_substitutions_like__instead_of_a_dont_help_very_much',
+  'zxcvbn.feedback.recent_years_are_easy_to_guess',
+  'zxcvbn.feedback.repeats_like_aaa_are_easy_to_guess',
+  'zxcvbn.feedback.repeats_like_abcabcabc_are_only_slightly_harder_to_guess_than_abc',
+  'zxcvbn.feedback.reversed_words_arent_much_harder_to_guess',
+  'zxcvbn.feedback.sequences_like_abc_or_6543_are_easy_to_guess',
+  'zxcvbn.feedback.short_keyboard_patterns_are_easy_to_guess',
+  'zxcvbn.feedback.straight_rows_of_keys_are_easy_to_guess',
+  'zxcvbn.feedback.this_is_a_top_10_common_password',
+  'zxcvbn.feedback.this_is_a_top_100_common_password',
+  'zxcvbn.feedback.this_is_a_very_common_password',
+  'zxcvbn.feedback.this_is_similar_to_a_commonly_used_password',
+  'zxcvbn.feedback.for_a_stronger_password_use_a_few_words_separated_by_spaces_but_avoid_common_phrases',
+  'zxcvbn.feedback.use_a_longer_keyboard_pattern_with_more_turns'
 ] %>
 
 window.LoginGov.I18n = {
+  currentLocale: function() { return this.__currentLocale || (this.__currentLocale = document.querySelector('html').lang); },
   strings: {},
-  t: function(key) { return this.strings[key]; }
+  t: function(key) { return this.strings[this.currentLocale()][key]; },
+  key: function(key) { return key.replace(/[ -]/g, '_').replace(/\W/g, '').toLowerCase(); }
 };
 
-<% keys.each do |key| %>
-window.LoginGov.I18n.strings['<%= ActionController::Base.helpers.j key %>'] = '<%= ActionController::Base.helpers.j I18n.t(key) %>';
+<% I18n.available_locales.each do |locale| %>
+  window.LoginGov.I18n.strings['<%= ActionController::Base.helpers.j locale.to_s %>'] = {};
+  <% keys.each do |key| %>
+    window.LoginGov.I18n.strings['<%= ActionController::Base.helpers.j locale.to_s %>']['<%= ActionController::Base.helpers.j key %>'] = '<%= ActionController::Base.helpers.j I18n.t(key, locale: locale) %>';
+  <% end %>
 <% end %>

app/assets/javascripts/misc/pw-strength.js

@@ -27,8 +27,7 @@ function getFeedback(z) {
   const { warning, suggestions } = z.feedback;
 
   function lookup(str) {
-    const strFormatted = str.replace(/\./g, '_');
-    return I18n.t(`zxcvbn.feedback.${strFormatted}`);
+    return I18n.t(`zxcvbn.feedback.${I18n.key(str)}`);
   }
 
   if (!warning && !suggestions.length) return '';

app/controllers/application_controller.rb

@@ -1,6 +1,7 @@
 class ApplicationController < ActionController::Base
   include UserSessionContext
   include VerifyProfileConcern
+  include LocaleHelper
 
   FLASH_KEYS = %w[alert error notice success warning].freeze
 
@@ -46,10 +47,17 @@ def create_user_event(event_type, user = current_user)
 
   def decorated_session
     @_decorated_session ||= DecoratedSession.new(
-      sp: current_sp, view_context: view_context, sp_session: sp_session
+      sp: current_sp,
+      view_context: view_context,
+      sp_session: sp_session,
+      service_provider_request: service_provider_request
     ).call
   end
 
+  def default_url_options
+    { locale: locale_url_param }
+  end
+
   private
 
   def disable_caching
@@ -74,11 +82,14 @@ def sp_from_sp_session
   end
 
   def sp_from_request_id
-    issuer = ServiceProviderRequest.from_uuid(params[:request_id]).issuer
-    sp = ServiceProvider.from_issuer(issuer)
+    sp = ServiceProvider.from_issuer(service_provider_request.issuer)
     sp if sp.is_a? ServiceProvider
   end
 
+  def service_provider_request
+    @service_provider_request ||= ServiceProviderRequest.from_uuid(params[:request_id])
+  end
+
   def after_sign_in_path_for(user)
     stored_location_for(user) || sp_session[:request_url] || signed_in_path
   end
@@ -130,9 +141,7 @@ def skip_session_expiration
   end
 
   def set_locale
-    I18n.locale =
-      http_accept_language.compatible_language_from(I18n.available_locales) ||
-      I18n.default_locale
+    I18n.locale = LocaleChooser.new(params[:locale], request).locale
   end
 
   def sp_session

app/controllers/concerns/account_recovery_concern.rb → app/controllers/concerns/account_reactivation_concern.rb

@@ -1,4 +1,4 @@
-module AccountRecoveryConcern
+module AccountReactivationConcern
   extend ActiveSupport::Concern
 
   def confirm_password_reset_profile

app/controllers/concerns/idv_failure_concern.rb

@@ -5,14 +5,18 @@ def render_failure
     if step_attempts_exceeded?
       @view_model = view_model(error: 'fail')
       flash_message(type: :error)
-    elsif step.form_valid_but_vendor_validation_failed?
+    elsif form_valid_but_vendor_validation_failed?
       @view_model = view_model(error: 'warning')
       flash_message(type: :warning)
     else
       @view_model = view_model
     end
   end
 
+  def form_valid_but_vendor_validation_failed?
+    idv_form.valid? && !step.vendor_validation_passed?
+  end
+
   def flash_message(type:)
     flash.now[type.to_sym] = @view_model.flash_message
   end

app/controllers/concerns/idv_session.rb

@@ -2,6 +2,7 @@ module IdvSession
   extend ActiveSupport::Concern
 
   def confirm_idv_session_started
+    return if current_user.decorate.needs_profile_usps_verification?
     redirect_to verify_session_url if idv_session.params.blank?
   end
 
@@ -39,4 +40,8 @@ def idv_vendor
   def idv_attempter
     @_idv_attempter ||= Idv::Attempter.new(current_user)
   end
+
+  def vendor_validator_result
+    VendorValidatorResultStorage.new.load(idv_session.async_result_id)
+  end
 end

app/controllers/reactivate_account_controller.rb

@@ -1,5 +1,5 @@
 class ReactivateAccountController < ApplicationController
-  include AccountRecoveryConcern
+  include AccountReactivationConcern
 
   before_action :confirm_two_factor_authenticated
   before_action :confirm_password_reset_profile

app/controllers/sign_out_controller.rb

@@ -0,0 +1,13 @@
+class SignOutController < ApplicationController
+  include FullyAuthenticatable
+
+  skip_before_action :handle_two_factor_authentication
+
+  def destroy
+    path_after_cancellation = decorated_session.cancel_link_path
+    sign_out
+    flash[:success] = t('devise.sessions.signed_out')
+    redirect_to path_after_cancellation
+    delete_branded_experience
+  end
+end

app/controllers/users/phones_controller.rb

@@ -11,7 +11,7 @@ def edit
     def update
       @update_user_phone_form = UpdateUserPhoneForm.new(current_user)
 
-      if @update_user_phone_form.submit(user_params)
+      if @update_user_phone_form.submit(user_params).success?
         process_updates
         bypass_sign_in current_user
       else

app/controllers/users/verify_password_controller.rb

@@ -1,6 +1,6 @@
 module Users
   class VerifyPasswordController < ApplicationController
-    include AccountRecoveryConcern
+    include AccountReactivationConcern
 
     before_action :confirm_two_factor_authenticated
     before_action :confirm_password_reset_profile

app/controllers/users/verify_personal_key_controller.rb

@@ -1,10 +1,10 @@
 module Users
   class VerifyPersonalKeyController < ApplicationController
-    include AccountRecoveryConcern
+    include AccountReactivationConcern
 
     before_action :confirm_two_factor_authenticated
     before_action :confirm_password_reset_profile
-    before_action :init_account_recovery, only: [:new]
+    before_action :init_account_reactivation, only: [:new]
 
     def new
       @personal_key_form = VerifyPersonalKeyForm.new(
@@ -25,10 +25,10 @@ def create
 
     private
 
-    def init_account_recovery
+    def init_account_reactivation
       return if reactivate_account_session.started?
 
-      flash.now[:notice] = t('notices.account_recovery')
+      flash.now[:notice] = t('notices.account_reactivation')
       reactivate_account_session.start
     end