Deploy RC 131.1 to Production

.circleci/config.yml

@@ -105,6 +105,13 @@ commands:
           fail_only: true
           failure_message: ":smokeybear::red_circle: Smoke tests failed in environment: $MONITOR_ENV"
           include_project_field: false
+  store-smoketest-results:
+    steps:
+      - store_test_results:
+          path: tmp/capybara
+      - store_artifacts:
+          path: tmp/capybara
+          destination: capybara
 
 jobs:
   build:
@@ -214,6 +221,7 @@ jobs:
           command: |
             bin/smoke_test --remote --no-source-env
       - notify-slack-smoke-test-status
+      - store-smoketest-results
   smoketest-int:
     working_directory: ~/identity-idp
     executor: ruby_browsers
@@ -229,6 +237,7 @@ jobs:
           command: |
             bin/smoke_test --remote --no-source-env
       - notify-slack-smoke-test-status
+      - store-smoketest-results
   smoketest-staging:
     working_directory: ~/identity-idp
     executor: ruby_browsers
@@ -244,6 +253,7 @@ jobs:
           command: |
             bin/smoke_test --remote --no-source-env
       - notify-slack-smoke-test-status
+      - store-smoketest-results
   smoketest-prod:
     working_directory: ~/identity-idp
     executor: ruby_browsers
@@ -257,7 +267,7 @@ jobs:
           command: |
             bin/smoke_test --remote --no-source-env
       - notify-slack-smoke-test-status
-
+      - store-smoketest-results
 workflows:
   version: 2
   release:

.eslintrc

@@ -25,6 +25,7 @@
     "indent": "off",
     "max-classes-per-file": "off",
     "newline-per-chained-call": "off",
+    "no-console": "error",
     "no-empty": ["error", { "allowEmptyCatch": true }],
     "no-param-reassign": ["off", "never"],
     "no-confusing-arrow": "off",
@@ -35,13 +36,13 @@
         "selector": "NewExpression[callee.name='Event']",
         "message": "Use CustomEvent constructor with polyfill for Internet Explorer"
       },
-      {
-        "selector": "ArrayExpression > SpreadElement",
-        "message": "Don't use array spread, issue with IE 11 (use Array.from instead)"
-      },
       {
         "selector": "AssignmentExpression[left.property.name='href'][right.type=/(Template)?Literal/]",
         "message": "Do not assign window.location.href to a string or string template to avoid losing i18n parameters"
+      },
+      {
+        "selector": "CallExpression[callee.object.name=/^(it|describe|context)$/][callee.property.name='only'] > MemberExpression",
+        "message": "Test exclusivity should not be committed"
       }
     ],
     "no-unused-expressions": "off",
@@ -75,8 +76,7 @@
     {
       "files": "spec/javascripts/**/*",
       "rules": {
-        "react/jsx-props-no-spreading": "off",
-        "no-restricted-syntax": "off"
+        "react/jsx-props-no-spreading": "off"
       }
     }
   ]

Gemfile

@@ -20,7 +20,7 @@ gem 'faraday'
 gem 'foundation_emails'
 gem 'hiredis'
 gem 'http_accept_language'
-gem 'identity-doc-auth', github: '18F/identity-doc-auth', tag: 'v0.3.3'
+gem 'identity-doc-auth', github: '18F/identity-doc-auth', tag: 'v0.4.0'
 gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v0.4.3'
 require File.join(__dir__, 'lib', 'lambda_jobs', 'git_ref.rb')
 gem 'identity-idp-functions', github: '18F/identity-idp-functions', ref: LambdaJobs::GIT_REF
@@ -109,6 +109,7 @@ group :test do
   gem 'rack_session_access', '>= 0.2.0'
   gem 'rack-test', '>= 1.1.0'
   gem 'rails-controller-testing', '>= 1.0.4'
+  gem 'rspec-retry'
   gem 'shoulda-matchers', '~> 4.0', require: false
   gem 'timecop'
   gem 'webdrivers', '~> 4.0'
@@ -117,6 +118,6 @@ group :test do
 end
 
 group :production do
-  gem 'aamva', github: '18F/identity-aamva-api-client-gem', tag: 'v3.4.1'
+  gem 'aamva', github: '18F/identity-aamva-api-client-gem', tag: 'v3.6.0'
   gem 'lexisnexis', github: '18F/identity-lexisnexis-api-client-gem', tag: 'v2.5.1.pre'
 end

Gemfile.lock

@@ -1,21 +1,22 @@
 GIT
   remote: https://github.com/18F/identity-aamva-api-client-gem.git
-  revision: 149b5b480f0319ec39410e497bb4bbffd1652014
-  tag: v3.4.1
+  revision: dbf3d2e102603530a29cb43308b9aa639efaea1f
+  tag: v3.6.0
   specs:
-    aamva (3.4.1)
+    aamva (3.6.0)
       dotenv
       faraday
       hashie
+      proofer (>= 2.7.1)
       retries
       xmldsig
 
 GIT
   remote: https://github.com/18F/identity-doc-auth.git
-  revision: 4e1e09d7e5eb673dfbc1e301feacc74859d25d29
-  tag: v0.3.3
+  revision: 164a507fd17ecffe4ef2289120d89156358b3a80
+  tag: v0.4.0
   specs:
-    identity-doc-auth (0.3.3)
+    identity-doc-auth (0.4.0)
       activesupport
       faraday
 
@@ -29,10 +30,11 @@ GIT
 
 GIT
   remote: https://github.com/18F/identity-idp-functions.git
-  revision: 8c16776e19b211d15bda7246d99ff95155d60c11
-  ref: 8c16776e19b211d15bda7246d99ff95155d60c11
+  revision: eb8aa1657173af64fd9fcad2ab4df2a5741eb51d
+  ref: eb8aa1657173af64fd9fcad2ab4df2a5741eb51d
   specs:
-    identity-idp-functions (0.10.0)
+    identity-idp-functions (0.11.0)
+      aamva (>= 3.5.0)
       aws-sdk-s3 (>= 1.73)
       aws-sdk-ssm (>= 1.55)
       retries (>= 0.0.5)
@@ -571,6 +573,8 @@ GEM
       rspec-expectations (~> 3.9)
       rspec-mocks (~> 3.9)
       rspec-support (~> 3.9)
+    rspec-retry (0.6.2)
+      rspec-core (> 3.3)
     rspec-support (3.10.0)
     rubocop (1.4.2)
       parallel (~> 1.10)
@@ -797,6 +801,7 @@ DEPENDENCIES
   rotp (~> 6.1)
   rqrcode
   rspec-rails (~> 4.0)
+  rspec-retry
   rubocop (~> 1.4.0)
   rubocop-rails (>= 2.5.2)
   ruby-progressbar

README.md

@@ -113,6 +113,8 @@ We recommend using [Homebrew](https://brew.sh/), [rbenv](https://github.com/rben
   MONITOR_ENV=INT ./bin/smoke_test --remote
   ```
 
+  For remote smoke tests, we save a screenshot of failed test scenarios to help debugging in `tmp/capybara`, and they are exported to CircleCI as build artifacts as well.
+
 #### Speeding up local development and testing
 
   To automatically run the test that corresponds to the file you are editing,

app/controllers/analytics_controller.rb

@@ -2,39 +2,6 @@ class AnalyticsController < ApplicationController
   skip_before_action :verify_authenticity_token
 
   def create
-    results.each do |event, result|
-      next if result.nil?
-
-      analytics.track_event(event, result.to_h)
-    end
     head :ok
   end
-
-  private
-
-  def results
-    {
-      Analytics::FRONTEND_BROWSER_CAPABILITIES => platform_authenticator_result,
-    }
-  end
-
-  def platform_authenticator_result
-    return unless current_user
-    return if platform_authenticator_results_saved? || platform_authenticator_available?.nil?
-
-    session[:platform_authenticator_analytics_saved] = true
-    extra = { platform_authenticator: platform_authenticator_available? }
-    FormResponse.new(success: true, errors: {}, extra: extra)
-  end
-
-  def platform_authenticator_available?
-    @platform_authenticator_available ||= begin
-      available = params.dig(:platform_authenticator, :available)
-      available == 'true' if %w[true false].include?(available)
-    end
-  end
-
-  def platform_authenticator_results_saved?
-    session[:platform_authenticator_analytics_saved] == true
-  end
 end

app/controllers/application_controller.rb

@@ -274,15 +274,24 @@ def set_locale
     I18n.locale = LocaleChooser.new(params[:locale], request).locale
   end
 
+  def sp_session_ial
+    sp_session[:ial]
+  end
+
+  def sp_session_ial_1_or_2
+    return 1 if sp_session[:ial].blank?
+    sp_session[:ial] > 1 ? 2 : 1
+  end
+
   def increment_monthly_auth_count
     return unless current_user&.id
     issuer = sp_session[:issuer]
-    return if issuer.blank? || !first_auth_of_session?(issuer)
-    MonthlySpAuthCount.increment(current_user.id, issuer, sp_session[:ial2] ? 2 : 1)
+    return if issuer.blank? || !first_auth_of_session?(issuer, sp_session_ial)
+    MonthlySpAuthCount.increment(current_user.id, issuer, sp_session_ial_1_or_2)
   end
 
-  def first_auth_of_session?(issuer)
-    authenticated_to_sp_token = "auth-counted-#{issuer}"
+  def first_auth_of_session?(issuer, ial)
+    authenticated_to_sp_token = "auth_counted_ial#{ial}_#{issuer}"
     authenticated_to_sp = user_session[authenticated_to_sp_token]
     return if authenticated_to_sp
     user_session[authenticated_to_sp_token] = true
@@ -344,7 +353,7 @@ def analytics_exception_info(exception)
   end
 
   def add_sp_cost(token)
-    Db::SpCost::AddSpCost.call(sp_session[:issuer].to_s, sp_session[:ial2] ? 2 : 1, token)
+    Db::SpCost::AddSpCost.call(sp_session[:issuer].to_s, sp_session_ial_1_or_2, token)
   end
 
   def mobile?

app/controllers/concerns/idv/document_capture_concern.rb

@@ -0,0 +1,15 @@
+module Idv
+  module DocumentCaptureConcern
+    def override_document_capture_step_csp
+      return if params[:step] != 'document_capture'
+
+      SecureHeaders.append_content_security_policy_directives(
+        request,
+        # required to run wasm until wasm-eval is available
+        script_src: ['\'unsafe-eval\''],
+        # required for retrieving image dimensions from uploaded images
+        img_src: ['blob:'],
+      )
+    end
+  end
+end

app/controllers/concerns/verify_sp_attributes_concern.rb

@@ -74,8 +74,4 @@ def requested_attributes_verified?
       sp_session[:requested_attributes] - @sp_session_identity.verified_attributes.to_a
     ).empty?
   end
-
-  def sp_session_ial
-    sp_session[:ial2] ? 2 : 1
-  end
 end

app/controllers/idv/cac_controller.rb

@@ -2,7 +2,6 @@ module Idv
   class CacController < ApplicationController
     include PivCacConcern
 
-    before_action :render_404_if_disabled
     before_action :confirm_two_factor_authenticated
     before_action :cac_callback
 
@@ -26,10 +25,6 @@ def redirect_to_piv_cac_service
 
     private
 
-    def render_404_if_disabled
-      render_not_found unless AppConfig.env.cac_proofing_enabled == 'true'
-    end
-
     def cac_callback
       return unless request.path == idv_cac_step_path(:present_cac) && params[:token]
 

app/controllers/idv/cancellations_controller.rb

@@ -1,14 +1,15 @@
 module Idv
   class CancellationsController < ApplicationController
     include IdvSession
+    include GoBackHelper
 
     before_action :confirm_two_factor_authenticated
     before_action :confirm_idv_needed
 
     def new
       properties = ParseControllerFromReferer.new(request.referer).call
       analytics.track_event(Analytics::IDV_CANCELLATION, properties)
-      @go_back_path = go_back_path
+      @go_back_path = go_back_path || idv_path
     end
 
     def destroy
@@ -24,22 +25,5 @@ def reset_doc_auth
       user_session.delete('idv/doc_auth')
       user_session['idv'] = { params: {}, step_attempts: { phone: 0 } }
     end
-
-    def go_back_path
-      referer_path || idv_path
-    end
-
-    def referer_path
-      referer_string = request.env['HTTP_REFERER']
-      return if referer_string.blank?
-      referer_uri = URI.parse(referer_string)
-      return if referer_uri.scheme == 'javascript'
-      return unless referer_uri.host == AppConfig.env.domain_name
-      extract_path_and_query_from_uri(referer_uri)
-    end
-
-    def extract_path_and_query_from_uri(uri)
-      [uri.path, uri.query].compact.join('?')
-    end
   end
 end

app/controllers/idv/capture_doc_controller.rb

@@ -1,9 +1,11 @@
 module Idv
   class CaptureDocController < ApplicationController
     before_action :ensure_user_id_in_session
-    before_action :add_unsafe_eval_to_capture_steps
 
     include Flow::FlowStateMachine
+    include Idv::DocumentCaptureConcern
+
+    before_action :override_document_capture_step_csp
 
     FSM_SETTINGS = {
       step_url: :idv_capture_doc_step_url,
@@ -25,16 +27,6 @@ def ensure_user_id_in_session
       process_result(result)
     end
 
-    def add_unsafe_eval_to_capture_steps
-      return unless current_step == 'document_capture'
-
-      # required to run wasm until wasm-eval is available
-      SecureHeaders.append_content_security_policy_directives(
-        request,
-        script_src: ['\'unsafe-eval\''],
-      )
-    end
-
     def process_result(result)
       if result.success?
         reset_session
@@ -60,5 +52,9 @@ def token
     def document_capture_session_uuid
       params['document-capture-session']
     end
+
+    def analytics_user
+      user_id_from_token ? User.find(user_id_from_token) : super
+    end
   end
 end

app/controllers/idv/capture_doc_status_controller.rb

@@ -16,7 +16,9 @@ def document_capture_session_poll_render_result
       document_capture_session = DocumentCaptureSession.find_by(uuid: session_uuid)
       return { plain: 'Unauthorized', status: :unauthorized } unless document_capture_session
 
-      result = document_capture_session.load_result
+      result = document_capture_session.load_result ||
+               document_capture_session.load_doc_auth_async_result
+
       return { plain: 'Pending', status: :accepted } if result.blank?
       return { plain: 'Unauthorized', status: :unauthorized } unless result.success?
       { plain: 'Complete', status: :ok }