Deploy RC 135 to Production

Gemfile

@@ -11,7 +11,10 @@ gem 'autoprefixer-rails', '~> 10.0'
 gem 'aws-sdk-kms', '~> 1.4'
 gem 'aws-sdk-lambda'
 gem 'aws-sdk-ses', '~> 1.6'
+gem 'aws-sdk-sqs'
 gem 'base32-crockford'
+gem 'daemons', '~> 1.3'
+gem 'delayed_job_active_record', '~> 4.1'
 gem 'device_detector'
 gem 'devise', '~> 4.7.2'
 gem 'dotiw', '>= 4.0.1'
@@ -32,6 +35,7 @@ gem 'jwt'
 gem 'local_time'
 gem 'lograge', '>= 0.11.2'
 gem 'maxminddb'
+gem 'mimemagic', '0.3.5', github: 'mimemagicrb/mimemagic', ref: '40dd02bb6b442535f97c35326c0383bc67'
 gem 'net-sftp'
 gem 'newrelic_rpm'
 gem 'pg'
@@ -120,5 +124,5 @@ end
 
 group :production do
   gem 'aamva', github: '18F/identity-aamva-api-client-gem', tag: 'v4.1.0'
-  gem 'lexisnexis', github: '18F/identity-lexisnexis-api-client-gem', tag: 'v3.1.0'
+  gem 'lexisnexis', github: '18F/identity-lexisnexis-api-client-gem', tag: 'v3.1.1'
 end

Gemfile.lock

@@ -29,10 +29,10 @@ GIT
 
 GIT
   remote: https://github.com/18F/identity-idp-functions.git
-  revision: 051a8c3dca143b215838176a07b1f0545ffec0a2
-  ref: 051a8c3dca143b215838176a07b1f0545ffec0a2
+  revision: d9241bdfea85a76c170e456a89ec6601549f4c4a
+  ref: d9241bdfea85a76c170e456a89ec6601549f4c4a
   specs:
-    identity-idp-functions (0.15.0)
+    identity-idp-functions (0.15.2)
       aamva (>= 4.0.0)
       aws-sdk-s3 (>= 1.73)
       aws-sdk-ssm (>= 1.55)
@@ -41,10 +41,10 @@ GIT
 
 GIT
   remote: https://github.com/18F/identity-lexisnexis-api-client-gem.git
-  revision: d6e73358ab899e8740e0008aff0e03e26bd4eb56
-  tag: v3.1.0
+  revision: 0e22ac2518a724b63a928feb68197b203ea47660
+  tag: v3.1.1
   specs:
-    lexisnexis (3.1.0)
+    lexisnexis (3.1.1)
       activesupport
       faraday
 
@@ -94,6 +94,13 @@ GIT
       aws-sdk-pinpointsmsvoice
       i18n
 
+GIT
+  remote: https://github.com/mimemagicrb/mimemagic.git
+  revision: 40dd02bb6b442535f97c35326c0383bc67146ac4
+  ref: 40dd02bb6b442535f97c35326c0383bc67
+  specs:
+    mimemagic (0.3.5)
+
 GEM
   remote: https://rubygems.org/
   specs:
@@ -199,6 +206,9 @@ GEM
     aws-sdk-ses (1.36.0)
       aws-sdk-core (~> 3, >= 3.109.0)
       aws-sigv4 (~> 1.1)
+    aws-sdk-sqs (1.35.0)
+      aws-sdk-core (~> 3, >= 3.109.0)
+      aws-sigv4 (~> 1.1)
     aws-sdk-ssm (1.103.0)
       aws-sdk-core (~> 3, >= 3.109.0)
       aws-sigv4 (~> 1.1)
@@ -269,7 +279,13 @@ GEM
     crass (1.0.6)
     css_parser (1.7.1)
       addressable
+    daemons (1.3.1)
     debug_inspector (0.0.3)
+    delayed_job (4.1.9)
+      activesupport (>= 3.0, < 6.2)
+    delayed_job_active_record (4.1.5)
+      activerecord (>= 3.0, < 6.2)
+      delayed_job (>= 3.0, < 5)
     derailed_benchmarks (1.8.1)
       benchmark-ips (~> 2)
       get_process_mem (~> 0)
@@ -418,7 +434,6 @@ GEM
     mime-types (3.3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2021.0225)
-    mimemagic (0.3.5)
     mini_histogram (0.3.1)
     mini_mime (1.0.2)
     mini_portile2 (2.5.0)
@@ -432,7 +447,7 @@ GEM
     net-ssh (5.2.0)
     newrelic_rpm (6.14.0)
     nio4r (2.5.5)
-    nokogiri (1.11.1)
+    nokogiri (1.11.2)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
     notiffany (0.1.3)
@@ -738,6 +753,7 @@ DEPENDENCIES
   aws-sdk-kms (~> 1.4)
   aws-sdk-lambda
   aws-sdk-ses (~> 1.6)
+  aws-sdk-sqs
   axe-matchers (~> 2.6.0)
   base32-crockford
   better_errors (>= 2.5.1)
@@ -748,6 +764,8 @@ DEPENDENCIES
   capybara-screenshot (>= 1.0.23)
   capybara-selenium (>= 0.0.6)
   codeclimate-test-reporter
+  daemons (~> 1.3)
+  delayed_job_active_record (~> 4.1)
   derailed_benchmarks (~> 1.8)
   device_detector
   devise (~> 4.7.2)
@@ -778,6 +796,7 @@ DEPENDENCIES
   local_time
   lograge (>= 0.11.2)
   maxminddb
+  mimemagic (= 0.3.5)!
   net-sftp
   newrelic_rpm
   nokogiri (~> 1.11.0)

app/assets/stylesheets/components/_btn.scss

@@ -111,3 +111,30 @@
     text-decoration: none;
   }
 }
+
+.usa-button.usa-button--unstyled:visited {
+  // Temporary: Links in the IdP do not currently conform to the design system and instead retain
+  // their color even if visited. Part of the work of LG-3877 should be to remove these styles, and
+  // instead allow both unstyled buttons and links inherit the default design system visited color.
+  // Alternatively, consider removing unstyled button classes from links, since the intention of an
+  // unstyled button is to take the visual appearance of a link.
+  color: $link-color;
+}
+
+.usa-button.usa-button--unstyled:hover,
+.usa-button.usa-button--hover.usa-button--unstyled {
+  // Temporary: Links in the IdP do not currently conform to the design system and instead retain
+  // their color while hovered. Part of the work of LG-3877 should be to remove these styles, and
+  // instead allow both unstyled buttons and links inherit the default design system hover color.
+  color: $link-color;
+}
+
+.usa-button--unstyled {
+  &:hover,
+  &:active {
+    // Temporary: These styles should be ported upstream to the design system, optionally as part of
+    // future reconciliation effort with uswds/uswds#4077.
+    -moz-osx-font-smoothing: inherit;
+    -webkit-font-smoothing: inherit;
+  }
+}

app/controllers/account_reset/recover_controller.rb

@@ -22,7 +22,7 @@ def send_notifications
       current_user.confirmed_email_addresses.each do |email_address|
         UserMailer.confirm_email_and_reverify(current_user,
                                               email_address,
-                                              current_user.account_recovery_request).deliver_later
+                                              current_user.account_recovery_request).deliver_now
       end
     end
 

app/controllers/concerns/two_factor_authenticatable_methods.rb

@@ -178,7 +178,7 @@ def send_phone_added_email
     event = create_user_event_with_disavowal(:phone_added, current_user)
     current_user.confirmed_email_addresses.each do |email_address|
       UserMailer.phone_added(current_user, email_address, disavowal_token: event.disavowal_token).
-        deliver_later
+        deliver_now
     end
   end
 

app/controllers/idv/usps_controller.rb

@@ -168,7 +168,7 @@ def error_message
 
     def send_reminder
       current_user.confirmed_email_addresses.each do |email_address|
-        UserMailer.letter_reminder(current_user, email_address.email).deliver_later
+        UserMailer.letter_reminder(current_user, email_address.email).deliver_now
       end
     end
 

app/controllers/users/email_confirmations_controller.rb

@@ -40,7 +40,7 @@ def process_successful_confirmation(email_address)
     def confirm_and_notify_user(email_address)
       email_address.update!(confirmed_at: Time.zone.now)
       email_address.user.confirmed_email_addresses.each do |confirmed_email_address|
-        UserMailer.email_added(email_address.user, confirmed_email_address.email).deliver_later
+        UserMailer.email_added(email_address.user, confirmed_email_address.email).deliver_now
       end
     end
 

app/controllers/users/emails_controller.rb

@@ -100,7 +100,7 @@ def retain_confirmed_emails
 
     def send_delete_email_notification
       @current_confirmed_emails.each do |confirmed_email|
-        UserMailer.email_deleted(current_user, confirmed_email).deliver_later
+        UserMailer.email_deleted(current_user, confirmed_email).deliver_now
       end
     end
   end

app/controllers/users/piv_cac_authentication_setup_controller.rb

@@ -15,9 +15,6 @@ class PivCacAuthenticationSetupController < ApplicationController
     def new
       if params.key?(:token)
         process_piv_cac_setup
-      # this branch is deprecated, remove it
-      elsif flash[:error_type].present?
-        render_error
       else
         render_prompt
       end
@@ -74,16 +71,6 @@ def piv_cac_service_url_with_redirect
       )
     end
 
-    def render_error
-      @presenter = PivCacErrorPresenter.new(
-        error: flash[:error_type],
-        view: view_context,
-        try_again_url: setup_piv_cac_url,
-      )
-
-      render :error
-    end
-
     def process_piv_cac_setup
       result = user_piv_cac_form.submit
       analytics.track_event(Analytics::MULTI_FACTOR_AUTH_SETUP, result.to_h)

app/controllers/users/verify_account_controller.rb

@@ -10,22 +10,36 @@ def index
       usps_mail = Idv::UspsMail.new(current_user)
       @mail_spammed = usps_mail.mail_spammed?
       @verify_account_form = VerifyAccountForm.new(user: current_user)
-      return unless FeatureManagement.reveal_usps_code?
-      @code = session[:last_usps_confirmation_code]
+      @code = session[:last_usps_confirmation_code] if FeatureManagement.reveal_usps_code?
+
+      if Throttler::IsThrottled.call(current_user.id, :verify_gpo_key)
+        render :throttled
+      else
+        render :index
+      end
     end
 
     def create
       @verify_account_form = build_verify_account_form
 
-      result = @verify_account_form.submit
-      analytics.track_event(Analytics::ACCOUNT_VERIFICATION_SUBMITTED, result.to_h)
+      throttled = Throttler::IsThrottledElseIncrement.call(
+        current_user.id,
+        :verify_gpo_key,
+      )
 
-      if result.success?
-        create_user_event(:account_verified)
-        flash[:success] = t('account.index.verification.success')
-        redirect_to sign_up_completed_url
+      if throttled
+        render :throttled
       else
-        render :index
+        result = @verify_account_form.submit
+        analytics.track_event(Analytics::ACCOUNT_VERIFICATION_SUBMITTED, result.to_h)
+
+        if result.success?
+          create_user_event(:account_verified)
+          flash[:success] = t('account.index.verification.success')
+          redirect_to sign_up_completed_url
+        else
+          render :index
+        end
       end
     end
 

app/controllers/users/verify_personal_key_controller.rb

@@ -12,15 +12,31 @@ def new
         user: current_user,
         personal_key: '',
       )
+
+      if Throttler::IsThrottled.call(current_user.id, :verify_personal_key)
+        render :throttled
+      else
+        render :new
+      end
     end
 
     def create
-      result = personal_key_form.submit
-      analytics.track_event(Analytics::PERSONAL_KEY_REACTIVATION_SUBMITTED, result.to_h)
-      if result.success?
-        handle_success(result)
+      throttled = Throttler::IsThrottledElseIncrement.call(
+        current_user.id,
+        :verify_personal_key,
+      )
+
+      if throttled
+        render :throttled
       else
-        handle_failure(result)
+        result = personal_key_form.submit
+
+        analytics.track_event(Analytics::PERSONAL_KEY_REACTIVATION_SUBMITTED, result.to_h)
+        if result.success?
+          handle_success(result)
+        else
+          handle_failure(result)
+        end
       end
     end