Deploy rc-2017-08-21 to staging

app/assets/javascripts/app/form-field-format.js

@@ -3,6 +3,7 @@ import DateFormatter from './modules/date-formatter';
 import InternationalPhoneFormatter from './modules/international-phone-formatter';
 import NumericFormatter from './modules/numeric-formatter';
 import PersonalKeyFormatter from './modules/personal-key-formatter';
+import USPhoneFormatter from './modules/us-phone-formatter';
 import ZipCodeFormatter from './modules/zip-code-formatter';
 
 
@@ -15,6 +16,7 @@ function formatForm() {
     ['.mfa', new NumericFormatter()],
     ['.mortgage', new NumericFormatter()],
     ['.phone', new InternationalPhoneFormatter()],
+    ['.us-phone', new USPhoneFormatter()],
     ['.personal-key', new PersonalKeyFormatter()],
     ['.ssn', new SocialSecurityNumberFormatter()],
     ['.zipcode', new ZipCodeFormatter()],

app/assets/javascripts/app/modules/us-phone-formatter.js

@@ -0,0 +1,16 @@
+import { PhoneFormatter } from 'field-kit';
+
+class USPhoneFormatter extends PhoneFormatter {
+  isChangeValid(change, error) {
+    const match = change.proposed.text.match(/^\+(\d?)/);
+    if (match && match[1] === '') {
+      change.proposed.text = '+1';
+      change.proposed.selectedRange.start = 4;
+    } else if (match && match[1] !== '1') {
+      return false;
+    }
+    return super.isChangeValid(change, error);
+  }
+}
+
+export default USPhoneFormatter;

app/assets/javascripts/app/phone-internationalization.js

@@ -6,7 +6,7 @@ const I18n = window.LoginGov.I18n;
 const phoneFormatter = new PhoneFormatter();
 
 const getPhoneUnsupportedAreaCodeCountry = (areaCode) => {
-  const form = document.querySelector('#new_two_factor_setup_form');
+  const form = document.querySelector('[data-international-phone-form]');
   const phoneUnsupportedAreaCodes = JSON.parse(form.dataset.unsupportedAreaCodes);
   return phoneUnsupportedAreaCodes[areaCode];
 };
@@ -52,8 +52,8 @@ const unsupportedPhoneOTPDeliveryWarningMessage = (phone) => {
 };
 
 const updateOTPDeliveryMethods = () => {
-  const phoneRadio = document.querySelector('#two_factor_setup_form_otp_delivery_preference_voice');
-  const smsRadio = document.querySelector('#two_factor_setup_form_otp_delivery_preference_sms');
+  const phoneRadio = document.querySelector('[data-international-phone-form] .otp_delivery_preference_voice');
+  const smsRadio = document.querySelector('[data-international-phone-form] .otp_delivery_preference_sms');
 
   if (!phoneRadio || !smsRadio) {
     return;

app/assets/stylesheets/components/_loading.scss

@@ -1,4 +1,4 @@
 .loading-spinner {
   margin: auto;
-  width: 100px;
+  width: 144px;
 }

app/controllers/application_controller.rb

@@ -69,7 +69,11 @@ def redirect_on_timeout
     return unless params[:timeout]
 
     flash[:notice] = t('notices.session_cleared', minutes: Figaro.env.session_timeout_in_minutes)
-    redirect_to url_for(params.except(:timeout))
+    redirect_to url_for(permitted_timeout_params)
+  end
+
+  def permitted_timeout_params
+    params.permit(:request_id)
   end
 
   def current_sp

app/controllers/concerns/two_factor_authenticatable.rb

@@ -187,7 +187,7 @@ def reset_otp_session_data
 
   def after_otp_verification_confirmation_path
     if idv_context?
-      verify_confirmations_path
+      verify_review_path
     elsif after_otp_action_required?
       after_otp_action_path
     else
@@ -231,9 +231,11 @@ def unconfirmed_phone?
     user_session[:unconfirmed_phone] && idv_or_confirmation_context?
   end
 
+  # rubocop:disable MethodLength
   def phone_view_data
     {
       confirmation_for_phone_change: confirmation_for_phone_change?,
+      confirmation_for_idv: idv_context?,
       phone_number: display_phone_to_deliver_to,
       code_value: direct_otp_code,
       otp_delivery_preference: two_factor_authentication_method,
@@ -243,6 +245,7 @@ def phone_view_data
       totp_enabled: current_user.totp_enabled?,
     }.merge(generic_data)
   end
+  # rubocop:enable MethodLength
 
   def authenticator_view_data
     {

app/controllers/users/phones_controller.rb

@@ -5,13 +5,13 @@ class PhonesController < ReauthnRequiredController
     before_action :confirm_two_factor_authenticated
 
     def edit
-      @update_user_phone_form = UpdateUserPhoneForm.new(current_user)
+      @user_phone_form = UserPhoneForm.new(current_user)
     end
 
     def update
-      @update_user_phone_form = UpdateUserPhoneForm.new(current_user)
+      @user_phone_form = UserPhoneForm.new(current_user)
 
-      if @update_user_phone_form.submit(user_params).success?
+      if @user_phone_form.submit(user_params).success?
         process_updates
         bypass_sign_in current_user
       else
@@ -22,14 +22,14 @@ def update
     private
 
     def user_params
-      params.require(:update_user_phone_form).permit(:phone, :international_code)
+      params.require(:user_phone_form).permit(:phone, :international_code, :otp_delivery_preference)
     end
 
     def process_updates
-      if @update_user_phone_form.phone_changed?
+      if @user_phone_form.phone_changed?
         analytics.track_event(Analytics::PHONE_CHANGE_REQUESTED)
         flash[:notice] = t('devise.registrations.phone_update_needs_confirmation')
-        prompt_to_confirm_phone(phone: @update_user_phone_form.phone)
+        prompt_to_confirm_phone(phone: @user_phone_form.phone)
       else
         redirect_to account_url
       end

app/controllers/users/two_factor_authentication_setup_controller.rb

@@ -8,14 +8,13 @@ class TwoFactorAuthenticationSetupController < ApplicationController
     skip_before_action :handle_two_factor_authentication
 
     def index
-      @two_factor_setup_form = TwoFactorSetupForm.new(current_user)
-      @unsupported_area_codes = PhoneNumberCapabilities::VOICE_UNSUPPORTED_US_AREA_CODES
+      @user_phone_form = UserPhoneForm.new(current_user)
       analytics.track_event(Analytics::USER_REGISTRATION_PHONE_SETUP_VISIT)
     end
 
     def set
-      @two_factor_setup_form = TwoFactorSetupForm.new(current_user)
-      result = @two_factor_setup_form.submit(params[:two_factor_setup_form])
+      @user_phone_form = UserPhoneForm.new(current_user)
+      result = @user_phone_form.submit(params[:user_phone_form])
 
       analytics.track_event(Analytics::MULTI_FACTOR_AUTH_PHONE_SETUP, result.to_h)
 
@@ -37,7 +36,7 @@ def authorize_otp_setup
     end
 
     def process_valid_form
-      prompt_to_confirm_phone(phone: @two_factor_setup_form.phone)
+      prompt_to_confirm_phone(phone: @user_phone_form.phone)
     end
   end
 end

app/controllers/verify/come_back_later_controller.rb

@@ -0,0 +1,20 @@
+module Verify
+  class ComeBackLaterController < ApplicationController
+    include IdvSession
+
+    before_action :confirm_idv_session_completed
+    before_action :confirm_usps_verification_method_chosen
+
+    def show; end
+
+    private
+
+    def confirm_idv_session_completed
+      redirect_to account_path if idv_session.profile.blank?
+    end
+
+    def confirm_usps_verification_method_chosen
+      redirect_to account_path unless idv_session.address_verification_mechanism == 'usps'
+    end
+  end
+end

app/controllers/verify/confirmations_controller.rb

@@ -21,6 +21,8 @@ def update
     def next_step
       if session[:sp] && !pending_profile?
         sign_up_completed_url
+      elsif pending_profile? && idv_session.address_verification_mechanism == 'usps'
+        verify_come_back_later_path
       else
         after_sign_in_path_for(current_user)
       end

app/controllers/verify/phone_controller.rb

@@ -2,6 +2,7 @@ module Verify
   class PhoneController < ApplicationController
     include IdvStepConcern
     include IdvFailureConcern
+    include PhoneConfirmation
 
     before_action :confirm_step_needed
     before_action :confirm_step_allowed
@@ -31,7 +32,7 @@ def show
       increment_step_attempts
 
       if result.success?
-        redirect_to verify_review_url
+        redirect_to_next_step
       else
         render_failure
         render :new
@@ -40,6 +41,24 @@ def show
 
     private
 
+    def redirect_to_next_step
+      if phone_confirmation_required?
+        prompt_to_confirm_phone(phone: idv_session.params[:phone], context: 'idv')
+      else
+        redirect_to verify_review_url
+      end
+    end
+
+    def phone_confirmation_required?
+      normalized_phone = idv_session.params[:phone]
+      return false if normalized_phone.blank?
+
+      formatted_phone = normalized_phone.phony_formatted(
+        format: :international, normalize: :US, spaces: ' '
+      )
+      formatted_phone != current_user.phone
+    end
+
     def submit_idv_job
       SubmitIdvJob.new(
         vendor_validator_class: Idv::PhoneValidator,
@@ -69,7 +88,7 @@ def step_params
     end
 
     def confirm_step_needed
-      redirect_to verify_review_path if idv_session.vendor_phone_confirmation == true
+      redirect_to_next_step if idv_session.vendor_phone_confirmation == true
     end
 
     def idv_form

app/controllers/verify/review_controller.rb

@@ -4,6 +4,7 @@ class ReviewController < ApplicationController
     include PhoneConfirmation
 
     before_action :confirm_idv_steps_complete
+    before_action :confirm_idv_phone_confirmed
     before_action :confirm_current_password, only: [:create]
 
     def confirm_idv_steps_complete
@@ -12,6 +13,16 @@ def confirm_idv_steps_complete
       return redirect_to(verify_address_path) unless idv_address_complete?
     end
 
+    def confirm_idv_phone_confirmed
+      return unless idv_session.address_verification_mechanism == 'phone'
+      return if idv_session.phone_confirmed?
+
+      prompt_to_confirm_phone(
+        phone: idv_session.params[:phone],
+        context: 'idv'
+      )
+    end
+
     def confirm_current_password
       return if valid_password?
 
@@ -34,7 +45,7 @@ def new
 
     def create
       init_profile
-      redirect_to_next_step
+      redirect_to verify_confirmations_path
       analytics.track_event(Analytics::IDV_REVIEW_COMPLETE)
     end
 
@@ -68,27 +79,10 @@ def init_profile
       idv_session.cache_encrypted_pii(current_user.user_access_key)
     end
 
-    def redirect_to_next_step
-      if phone_confirmation_required?
-        prompt_to_confirm_phone(phone: idv_params[:phone], context: 'idv')
-      else
-        redirect_to verify_confirmations_path
-      end
-    end
-
     def idv_params
       idv_session.params
     end
 
-    def phone_confirmation_required?
-      normalized_phone = idv_params[:phone]
-      return false if normalized_phone.blank?
-
-      formatted_phone = PhoneFormatter.new.format(normalized_phone)
-      formatted_phone != current_user.phone &&
-        idv_session.address_verification_mechanism == 'phone'
-    end
-
     def valid_password?
       current_user.valid_password?(password)
     end