Deploy RC 188 to Prod

.gitlab-ci.yml

@@ -6,9 +6,10 @@
 variables:
   GITLAB_CI: 'true'
   ECR_REGISTRY: "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com"
+  IDP_CI_SHA: "sha256:8650f43d0e6d44729bff92657b59e511c874103ae6207b3c0781df042df6932f"
 
 default:
-  image: "${ECR_REGISTRY}/idp/ci:latest"
+  image: "${ECR_REGISTRY}/idp/ci@${IDP_CI_SHA}"
 
 .bundle_install: &bundle_install
   - bundle check || bundle install --deployment --jobs=4 --retry=3 --without deploy development doc production --path vendor/ruby

.rubocop.yml

@@ -276,6 +276,10 @@ Layout/SpaceAroundKeyword:
 Layout/SpaceAroundMethodCallOperator:
   Enabled: true
 
+Layout/SpaceAroundOperators:
+  Enabled: true
+  EnforcedStyleForExponentOperator: space
+
 Layout/SpaceBeforeBlockBraces:
   Enabled: true
   EnforcedStyle: space

Gemfile

@@ -3,7 +3,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
 
 ruby "~> #{File.read('.ruby-version').strip}"
 
-gem 'rails', '~> 6.1.4'
+gem 'rails', '~> 6.1.5.1'
 
 gem 'ahoy_matey', '~> 3.0'
 gem 'aws-sdk-kms', '~> 1.4'
@@ -56,7 +56,6 @@ gem 'ruby-saml'
 gem 'safe_target_blank', '>= 1.0.2'
 gem 'saml_idp', github: '18F/saml_idp', tag: '0.16.0-18f'
 gem 'scrypt'
-gem 'secure_headers', '~> 6.3'
 gem 'simple_form', '>= 5.0.2'
 gem 'stringex', require: false
 gem 'strong_migrations', '>= 0.4.2'

Gemfile.lock

@@ -39,60 +39,60 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actioncable (6.1.5.1)
+      actionpack (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      activejob (= 6.1.4.7)
-      activerecord (= 6.1.4.7)
-      activestorage (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actionmailbox (6.1.5.1)
+      actionpack (= 6.1.5.1)
+      activejob (= 6.1.5.1)
+      activerecord (= 6.1.5.1)
+      activestorage (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       mail (>= 2.7.1)
-    actionmailer (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      actionview (= 6.1.4.7)
-      activejob (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actionmailer (6.1.5.1)
+      actionpack (= 6.1.5.1)
+      actionview (= 6.1.5.1)
+      activejob (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.4.7)
-      actionview (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actionpack (6.1.5.1)
+      actionview (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      activerecord (= 6.1.4.7)
-      activestorage (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actiontext (6.1.5.1)
+      actionpack (= 6.1.5.1)
+      activerecord (= 6.1.5.1)
+      activestorage (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       nokogiri (>= 1.8.5)
-    actionview (6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actionview (6.1.5.1)
+      activesupport (= 6.1.5.1)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.4.7)
-      activesupport (= 6.1.4.7)
+    activejob (6.1.5.1)
+      activesupport (= 6.1.5.1)
       globalid (>= 0.3.6)
-    activemodel (6.1.4.7)
-      activesupport (= 6.1.4.7)
-    activerecord (6.1.4.7)
-      activemodel (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
-    activestorage (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      activejob (= 6.1.4.7)
-      activerecord (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
-      marcel (~> 1.0.0)
+    activemodel (6.1.5.1)
+      activesupport (= 6.1.5.1)
+    activerecord (6.1.5.1)
+      activemodel (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
+    activestorage (6.1.5.1)
+      actionpack (= 6.1.5.1)
+      activejob (= 6.1.5.1)
+      activerecord (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
+      marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.4.7)
+    activesupport (6.1.5.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -199,7 +199,7 @@ GEM
     coderay (1.1.3)
     coercible (1.0.0)
       descendants_tracker (~> 0.0.1)
-    concurrent-ruby (1.1.9)
+    concurrent-ruby (1.1.10)
     connection_pool (2.2.5)
     cose (1.2.0)
       cbor (~> 0.5.9)
@@ -360,7 +360,7 @@ GEM
       activesupport (>= 4)
       railties (>= 4)
       request_store (~> 1.0)
-    loofah (2.14.0)
+    loofah (2.16.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     lru_redux (1.1.0)
@@ -448,20 +448,20 @@ GEM
     rack_session_access (0.2.0)
       builder (>= 2.0.0)
       rack (>= 1.0.0)
-    rails (6.1.4.7)
-      actioncable (= 6.1.4.7)
-      actionmailbox (= 6.1.4.7)
-      actionmailer (= 6.1.4.7)
-      actionpack (= 6.1.4.7)
-      actiontext (= 6.1.4.7)
-      actionview (= 6.1.4.7)
-      activejob (= 6.1.4.7)
-      activemodel (= 6.1.4.7)
-      activerecord (= 6.1.4.7)
-      activestorage (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    rails (6.1.5.1)
+      actioncable (= 6.1.5.1)
+      actionmailbox (= 6.1.5.1)
+      actionmailer (= 6.1.5.1)
+      actionpack (= 6.1.5.1)
+      actiontext (= 6.1.5.1)
+      actionview (= 6.1.5.1)
+      activejob (= 6.1.5.1)
+      activemodel (= 6.1.5.1)
+      activerecord (= 6.1.5.1)
+      activestorage (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       bundler (>= 1.15.0)
-      railties (= 6.1.4.7)
+      railties (= 6.1.5.1)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -480,11 +480,11 @@ GEM
     rails-i18n (6.0.0)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 7)
-    railties (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    railties (6.1.5.1)
+      actionpack (= 6.1.5.1)
+      activesupport (= 6.1.5.1)
       method_source
-      rake (>= 0.13)
+      rake (>= 12.2)
       thor (~> 1.0)
     rainbow (3.0.0)
     rake (13.0.6)
@@ -574,7 +574,6 @@ GEM
       faraday (> 0.8, < 2.0)
     scrypt (3.0.7)
       ffi-compiler (>= 1.0, < 2.0)
-    secure_headers (6.3.3)
     securecompare (1.0.0)
     selenium-webdriver (4.1.0)
       childprocess (>= 0.5, < 5.0)
@@ -752,7 +751,7 @@ DEPENDENCIES
   rack-test (>= 1.1.0)
   rack-timeout
   rack_session_access (>= 0.2.0)
-  rails (~> 6.1.4)
+  rails (~> 6.1.5.1)
   rails-controller-testing (>= 1.0.4)
   rails-erd (>= 1.6.0)
   redacted_struct
@@ -772,7 +771,6 @@ DEPENDENCIES
   safe_target_blank (>= 1.0.2)
   saml_idp!
   scrypt
-  secure_headers (~> 6.3)
   shoulda-matchers (~> 4.0)
   simple_form (>= 5.0.2)
   simplecov (~> 0.21.0)

app/assets/stylesheets/components/all.scss

@@ -8,6 +8,7 @@
 @import 'form-steps';
 @import 'footer';
 @import 'form';
+@import 'full-screen';
 @import 'hr';
 @import 'icon';
 @import 'list';

app/components/validated_field_component.js

@@ -1,3 +1 @@
-import { ValidatedField } from '@18f/identity-validated-field';
-
-customElements.define('lg-validated-field', ValidatedField);
+import '@18f/identity-validated-field';

app/controllers/account_reset/cancel_controller.rb

@@ -4,7 +4,7 @@ def show
       return render :show unless token
 
       result = AccountReset::ValidateCancelToken.new(token).call
-      track_event(result)
+      analytics.account_reset_cancel_token_validation(**result.to_h)
 
       if result.success?
         handle_valid_token
@@ -16,7 +16,7 @@ def show
     def create
       result = AccountReset::Cancel.new(session[:cancel_token]).call
 
-      track_event(result)
+      analytics.account_reset_cancel(**result.to_h)
 
       handle_success if result.success?
 
@@ -25,10 +25,6 @@ def create
 
     private
 
-    def track_event(result)
-      analytics.account_reset(**result.to_h)
-    end
-
     def handle_valid_token
       session[:cancel_token] = token
       redirect_to url_for

app/controllers/account_reset/delete_account_controller.rb

@@ -4,7 +4,7 @@ def show
       render :show and return unless token
 
       result = AccountReset::ValidateGrantedToken.new(token).call
-      analytics.account_reset(**result.to_h)
+      analytics.account_reset_granted_token_validation(**result.to_h)
 
       if result.success?
         handle_valid_token
@@ -16,7 +16,7 @@ def show
     def delete
       granted_token = session.delete(:granted_token)
       result = AccountReset::DeleteAccount.new(granted_token).call
-      analytics.account_reset(**result.to_h.except(:email))
+      analytics.account_reset_delete(**result.to_h.except(:email))
 
       if result.success?
         handle_successful_deletion(result)

app/controllers/account_reset/request_controller.rb

@@ -5,7 +5,7 @@ class RequestController < ApplicationController
     before_action :confirm_two_factor_enabled
 
     def show
-      analytics.track_event(Analytics::ACCOUNT_RESET_VISIT)
+      analytics.account_reset_visit
     end
 
     def create
@@ -18,7 +18,7 @@ def create
 
     def create_account_reset_request
       response = AccountReset::CreateRequest.new(current_user).call
-      analytics.account_reset(**response.to_h.merge(analytics_attributes))
+      analytics.account_reset_request(**response.to_h, **analytics_attributes)
     end
 
     def confirm_two_factor_enabled
@@ -29,7 +29,6 @@ def confirm_two_factor_enabled
 
     def analytics_attributes
       {
-        event: 'request',
         sms_phone: TwoFactorAuthentication::PhonePolicy.new(current_user).configured?,
         totp: TwoFactorAuthentication::AuthAppPolicy.new(current_user).configured?,
         piv_cac: TwoFactorAuthentication::PivCacPolicy.new(current_user).configured?,

app/controllers/concerns/unconfirmed_user_concern.rb

@@ -3,7 +3,7 @@ module UnconfirmedUserConcern
 
   def find_user_with_confirmation_token
     @confirmation_token = params.permit(:confirmation_token)[:confirmation_token]
-    @email_address = EmailConfirmationTokenValidator.email_address_from_token(@confirmation_token)
+    @email_address = EmailAddress.find_with_confirmation_token(@confirmation_token)
     @user = @email_address&.user
   end
 
@@ -29,24 +29,10 @@ def track_user_already_confirmed_event
   end
 
   def stop_if_invalid_token
-    return if @email_address.present?
-    hash = {
-      success: false,
-      errors: { confirmation_token: [t('errors.messages.confirmation_invalid_token')] },
-      user_id: nil,
-    }
-    analytics.track_event(Analytics::USER_REGISTRATION_EMAIL_CONFIRMATION, hash)
-    process_unsuccessful_confirmation
-  end
-
-  def process_confirmation
     result = email_confirmation_token_validator.submit
     analytics.track_event(Analytics::USER_REGISTRATION_EMAIL_CONFIRMATION, result.to_h)
-    if result.success?
-      process_successful_confirmation
-    else
-      process_unsuccessful_confirmation
-    end
+    return if result.success?
+    process_unsuccessful_confirmation
   end
 
   def email_confirmation_token_validator
@@ -71,17 +57,9 @@ def process_unsuccessful_confirmation
 
   def unsuccessful_confirmation_error
     if email_confirmation_token_validator.confirmation_period_expired?
-      confirmation_period_expired_error
+      t('errors.messages.confirmation_period_expired')
     else
       t('errors.messages.confirmation_invalid_token')
     end
   end
-
-  def confirmation_period_expired_error
-    current_time = Time.zone.now
-    confirmation_period = distance_of_time_in_words(
-      current_time, current_time + Devise.confirm_within, true, accumulate_on: :hours
-    )
-    I18n.t('errors.messages.confirmation_period_expired', period: confirmation_period)
-  end
 end

app/controllers/concerns/verify_sp_attributes_concern.rb

@@ -1,6 +1,7 @@
 module VerifySpAttributesConcern
   def needs_completion_screen_reason
     return nil if sp_session[:issuer].blank?
+    return nil if sp_session[:request_url].blank?
 
     if sp_session_identity.nil?
       :new_sp