Deploy RC 66 to staging

.reek

@@ -3,7 +3,6 @@ Attribute:
 ControlParameter:
   exclude:
     - CustomDeviseFailureApp#i18n_message
-    - OpenidConnectRedirector#initialize
     - NoRetryJobs#call
     - PhoneFormatter#self.format
     - Users::TwoFactorAuthenticationController#invalid_phone_number
@@ -33,7 +32,6 @@ FeatureEnvy:
     - reauthn?
     - mark_profile_inactive
     - EncryptedSidekiqRedis#zrem
-    - UserDecorator#should_acknowledge_personal_key?
     - Pii::Attributes#[]=
     - OpenidConnectLogoutForm#load_identity
     - Idv::ProfileMaker#pii_from_applicant
@@ -46,7 +44,6 @@ FeatureEnvy:
     - Utf8Sanitizer#event_attributes
     - Utf8Sanitizer#remote_ip
     - TwoFactorAuthenticationController#capture_analytics_for_exception
-    - Users::SessionsController#configure_permitted_parameters
     - UspsConfirmationExporter#make_entry_row
 InstanceVariableAssumption:
   exclude:
@@ -58,7 +55,6 @@ ManualDispatch:
   exclude:
     - EncryptedSidekiqRedis#respond_to_missing?
     - CloudhsmKeyGenerator#initialize_settings
-    - Users::SessionsController#configure_permitted_parameters
 NestedIterators:
   exclude:
     - UserFlowExporter#self.massage_html
@@ -87,10 +83,10 @@ TooManyConstants:
 TooManyInstanceVariables:
   exclude:
     - OpenidConnectAuthorizeForm
-    - OpenidConnectRedirector
     - Idv::VendorResult
     - CloudhsmKeyGenerator
     - CloudhsmKeySharer
+    - WebauthnSetupForm
 TooManyStatements:
   max_statements: 6
   exclude:

.reek.yml

@@ -0,0 +1,220 @@
+detectors:
+  Attribute:
+    enabled: false
+  ControlParameter:
+    exclude:
+      - CustomDeviseFailureApp#i18n_message
+      - OpenidConnectRedirector#initialize
+      - NoRetryJobs#call
+      - PhoneFormatter#self.format
+      - Users::TwoFactorAuthenticationController#invalid_phone_number
+  DuplicateMethodCall:
+    exclude:
+      - ApplicationController#disable_caching
+      - IdvFailureConcern#render_failure
+      - ServiceProviderSessionDecorator#registration_heading
+      - MfaConfirmationController#handle_invalid_password
+      - needs_to_confirm_email_change?
+      - WorkerHealthChecker#status
+      - UserFlowExporter#self.massage_assets
+      - BasicAuthUrl#build
+      - fallback_to_english
+      - Upaya::RandomTools#self.random_weighted_sample
+      - SmsController#authenticate
+  FeatureEnvy:
+    exclude:
+      - ActiveJob::Logging::LogSubscriber#json_for
+      - Ahoy::Store#track_event
+      - Aws::SES::Base#deliver
+      - CustomDeviseFailureApp#build_options
+      - CustomDeviseFailureApp#keys
+      - track_registration
+      - append_info_to_payload
+      - generate_slo_request
+      - reauthn?
+      - mark_profile_inactive
+      - EncryptedSidekiqRedis#zrem
+      - UserDecorator#should_acknowledge_personal_key?
+      - Pii::Attributes#[]=
+      - OpenidConnectLogoutForm#load_identity
+      - Idv::ProfileMaker#pii_from_applicant
+      - Idv::Step#vendor_validator_result
+      - IdvSession#vendor_result_timed_out?
+      - ServiceProviderSeeder#run
+      - OtpDeliverySelectionForm#unsupported_phone?
+      - fallback_to_english
+      - UserEncryptedAttributeOverrides#find_with_email
+      - Utf8Sanitizer#event_attributes
+      - Utf8Sanitizer#remote_ip
+      - TwoFactorAuthenticationController#capture_analytics_for_exception
+      - UspsConfirmationExporter#make_entry_row
+  InstanceVariableAssumption:
+    exclude:
+      - User
+      - JWT
+  IrresponsibleModule:
+    enabled: false
+  ManualDispatch:
+    exclude:
+      - EncryptedSidekiqRedis#respond_to_missing?
+      - CloudhsmKeyGenerator#initialize_settings
+  NestedIterators:
+    exclude:
+      - UserFlowExporter#self.massage_html
+      - TwilioService::Utils#sanitize_phone_number
+      - ServiceProviderSeeder#run
+      - UspsConfirmationUploader#upload_export
+  NilCheck:
+    enabled: false
+  LongParameterList:
+    max_params: 4
+    exclude:
+      - IdentityLinker#optional_attributes
+      - Idv::ProoferJob#perform
+      - Idv::VendorResult#initialize
+      - JWT
+      - SmsOtpSenderJob#perform
+  RepeatedConditional:
+    exclude:
+      - Users::ResetPasswordsController
+      - IdvController
+      - Idv::Base
+      - Rack::Attack
+  TooManyConstants:
+    exclude:
+      - Analytics
+  TooManyInstanceVariables:
+    exclude:
+      - OpenidConnectAuthorizeForm
+      - OpenidConnectRedirector
+      - Idv::VendorResult
+      - CloudhsmKeyGenerator
+      - CloudhsmKeySharer
+      - WebauthnSetupForm
+  TooManyStatements:
+    max_statements: 6
+    exclude:
+      - IdvFailureConcern#render_failure
+      - OpenidConnect::AuthorizationController#index
+      - OpenidConnect::AuthorizationController#store_request
+      - SamlIdpAuthConcern#store_saml_request
+      - Users::PhoneConfirmationController
+      - UserFlowExporter#self.massage_assets
+      - UserFlowExporter#self.massage_html
+      - UserFlowExporter#self.run
+      - Idv::Agent#proof
+      - Idv::VendorResult#initialize
+      - SamlIdpController#auth
+      - Upaya::QueueConfig#self.choose_queue_adapter
+      - Upaya::RandomTools#self.random_weighted_sample
+      - UserFlowFormatter#stop
+      - Upaya::QueueConfig#self.choose_queue_adapter
+      - Users::TwoFactorAuthenticationController#send_code
+  TooManyMethods:
+    exclude:
+      - Users::ConfirmationsController
+      - ApplicationController
+      - OpenidConnectAuthorizeForm
+      - OpenidConnect::AuthorizationController
+      - Idv::Session
+      - User
+      - Idv::SessionsController
+      - ServiceProviderSessionDecorator
+      - SessionDecorator
+      - HolidayService
+      - PhoneDeliveryPresenter
+      - CloudhsmKeyGenerator
+  UncommunicativeMethodName:
+    exclude:
+      - PhoneConfirmationFlow
+      - render_401
+      - SessionDecorator#registration_bullet_1
+      - ServiceProviderSessionDecorator#registration_bullet_1
+  UncommunicativeModuleName:
+    exclude:
+      - X509
+      - X509::Attribute
+      - X509::Attributes
+      - X509::SessionStore
+  UnusedParameters:
+    exclude:
+      - SmsOtpSenderJob#perform
+      - VoiceOtpSenderJob#perform
+  UnusedPrivateMethod:
+    exclude:
+      - ApplicationController
+      - ActiveJob::Logging::LogSubscriber
+      - SamlIdpController
+      - Users::PhoneConfirmationController
+      - ssn_is_unique
+  UtilityFunction:
+    public_methods_only: true
+    exclude:
+      - AnalyticsEventJob#perform
+      - ApplicationController#default_url_options
+      - ApplicationHelper#step_class
+      - NullTwilioClient#http_client
+      - PersonalKeyFormatter#regexp
+      - SessionTimeoutWarningHelper#frequency
+      - SessionTimeoutWarningHelper#start
+      - SessionTimeoutWarningHelper#warning
+      - SessionDecorator
+      - WorkerHealthChecker::Middleware#call
+      - UserEncryptedAttributeOverrides#create_fingerprint
+      - LocaleHelper#locale_url_param
+      - IdvSession#timed_out_vendor_error
+      - JWT::Signature#sign
+      - SmsAccountResetCancellationNotifierJob#perform
+directories:
+  'app/controllers':
+    InstanceVariableAssumption:
+      enabled: false
+  'spec':
+    BooleanParameter:
+      exclude:
+       - SamlAuthHelper#generate_saml_response
+    ControlParameter:
+      exclude:
+        - complete_idv_session
+        - SamlAuthHelper#link_user_to_identity
+        - visit_idp_from_sp_with_loa1
+        - visit_idp_from_sp_with_loa3
+    DuplicateMethodCall:
+      enabled: false
+    FeatureEnvy:
+      enabled: false
+    NestedIterators:
+      exclude:
+        - complete_idv_questions_fail
+        - complete_idv_questions_ok
+        - create_sidekiq_queues
+    NilCheck:
+      exclude:
+        - complete_idv_questions_fail
+        - complete_idv_questions_ok
+    TooManyInstanceVariables:
+      enabled: false
+    TooManyMethods:
+      enabled: false
+    TooManyStatements:
+      enabled: false
+    UncommunicativeMethodName:
+      exclude:
+        - visit_idp_from_sp_with_loa1
+        - visit_idp_from_sp_with_loa3
+        - visit_idp_from_mobile_app_with_loa1
+        - visit_idp_from_oidc_sp_with_loa1
+        - visit_idp_from_oidc_sp_with_loa3
+    UncommunicativeParameterName:
+      exclude:
+        - begin_sign_up_with_sp_and_loa
+    UncommunicativeVariableName:
+      exclude:
+        - complete_idv_questions_fail
+        - complete_idv_questions_ok
+    UtilityFunction:
+      enabled: false
+exclude_paths:
+  - db/migrate
+  - spec
+  - lib/tasks/

Gemfile

@@ -60,6 +60,7 @@ gem 'two_factor_authentication'
 gem 'typhoeus'
 gem 'uglifier', '~> 3.2'
 gem 'valid_email'
+gem 'webauthn'
 gem 'webpacker', '~> 3.4'
 gem 'xml-simple'
 gem 'xmlenc', '~> 0.6'