Deploy RC 203 to Prod

Makefile

@@ -99,11 +99,11 @@ public/packs/manifest.json: yarn.lock $(shell find app/javascript -type f) ## Bu
 
 test: export RAILS_ENV := test
 test: $(CONFIG) ## Runs RSpec and yarn tests in parallel
-	bundle exec rake parallel:spec && yarn test
+	bundle exec rake parallel:spec && yarn build && yarn test
 
 test_serial: export RAILS_ENV := test
 test_serial: $(CONFIG) ## Runs RSpec and yarn tests serially
-	bundle exec rake spec && yarn test
+	bundle exec rake spec && yarn build && yarn test
 
 fast_test: export RAILS_ENV := test
 fast_test: ## Abbreviated test run, runs RSpec tests without accessibility specs

README.md

@@ -31,8 +31,12 @@ We recommend using [Homebrew](https://brew.sh/), [rbenv](https://github.com/rben
 -- (to install Node.js v.14 using brew: `brew install node@14`)
 - [Yarn](https://yarnpkg.com/en/)
 - [chromedriver](https://formulae.brew.sh/cask/chromedriver)
+
+2. You will need to install openssl version 1.1:
+
+- Run `brew install openssl@1.1`
 
-2. Test that you have Postgres and Redis running.
+3. Test that you have Postgres and Redis running.
 
   For example, if you've installed with Homebrew, you can start the services like this:
 
@@ -46,13 +50,6 @@ We recommend using [Homebrew](https://brew.sh/), [rbenv](https://github.com/rben
   $ brew services list
   ```
 
-3. Create the development and test databases:
-
-  ```
-  $ psql -c "CREATE DATABASE identity_idp_development;"
-  $ psql -c "CREATE DATABASE identity_idp_test;"
-  ```
-
 4. Run the following command to set up your local environment:
 
   ```
@@ -62,6 +59,8 @@ We recommend using [Homebrew](https://brew.sh/), [rbenv](https://github.com/rben
   This command copies sample configuration files, installs required gems
   and sets up the database. Check out our Makefile commands to learn more about what this command does: https://github.com/18F/identity-idp/blob/main/Makefile
 
+  Note: If you didn't explicitly install `openssl@1.1` in Step 2 above and you use a M1 Mac, you may see an error on this step. Homebrew works differently on a M1 Mac, so specifying the version is necessary for the make script to work, but may still work on x86.
+
 5. Now that you have you have everything installed, you can run the following command to start your local server:
 
   ```

app/components/troubleshooting_options_component.html.erb

@@ -1,10 +1,4 @@
 <%= tag.section(**tag_options, class: css_class) do %>
-  <% if new_features? %>
-    <span class="usa-tag bg-accent-cool-darker text-uppercase display-inline-block">
-      <%= t('components.troubleshooting_options.new_feature') %>
-    </span>
-  <% end %>
-
   <%= header %>
   <ul class="troubleshooting-options__options">
     <% options.each do |option| %>

app/components/troubleshooting_options_component.rb

@@ -4,19 +4,14 @@ class TroubleshootingOptionsComponent < BaseComponent
 
   attr_reader :tag_options
 
-  def initialize(new_features: false, **tag_options)
-    @new_features = new_features
+  def initialize(**tag_options)
     @tag_options = tag_options.dup
   end
 
   def render?
     options?
   end
 
-  def new_features?
-    @new_features
-  end
-
   def css_class
     [
       'troubleshooting-options',

app/controllers/application_controller.rb

@@ -83,6 +83,11 @@ def analytics_user
   def irs_attempts_api_tracker
     @irs_attempts_api_tracker ||= IrsAttemptsApi::Tracker.new(
       session_id: irs_attempts_api_session_id,
+      request: request,
+      user: effective_user,
+      sp: current_sp,
+      device_fingerprint: cookies[:device],
+      sp_request_uri: decorated_session.request_url_params[:redirect_uri],
       enabled_for_session: irs_attempt_api_enabled_for_session?,
     )
   end

app/controllers/concerns/mfa_setup_concern.rb

@@ -7,13 +7,15 @@ def next_setup_path
     elsif next_setup_choice
       confirmation_path
     else
+      if user_session[:mfa_selections]
+        analytics.user_registration_mfa_setup_complete(
+          mfa_method_counts: mfa_context.enabled_two_factor_configuration_counts_hash,
+          enabled_mfa_methods_count: mfa_context.enabled_mfa_methods_count,
+          pii_like_keypaths: [[:mfa_method_counts, :phone]],
+          success: true,
+        )
+      end
       user_session.delete(:mfa_selections)
-      analytics.user_registration_mfa_setup_complete(
-        mfa_method_counts: mfa_context.enabled_two_factor_configuration_counts_hash,
-        enabled_mfa_methods_count: mfa_context.enabled_mfa_methods_count,
-        pii_like_keypaths: [[:mfa_method_counts, :phone]],
-        success: true,
-      )
       nil
     end
   end

app/controllers/concerns/saml_idp_logout_concern.rb

@@ -58,6 +58,9 @@ def track_logout_event
       oidc: false,
       saml_request_valid: sp_initiated ? valid_saml_request? : true,
     )
+    irs_attempts_api_tracker.logout_initiated(
+      success: true,
+    )
   end
 
   def track_remote_logout_event

app/controllers/concerns/unconfirmed_user_concern.rb

@@ -25,11 +25,21 @@ def track_user_already_confirmed_event
       errors: { email: [t('errors.messages.already_confirmed')] },
       user_id: @user.uuid,
     )
+    irs_attempts_api_tracker.user_registration_email_confirmation(
+      email: @email_address.email,
+      success: false,
+      failure_reason: { email: [:already_confirmed] },
+    )
   end
 
   def stop_if_invalid_token
     result = email_confirmation_token_validator.submit
     analytics.user_registration_email_confirmation(**result.to_h)
+    irs_attempts_api_tracker.user_registration_email_confirmation(
+      email: @email_address&.email,
+      success: result.success?,
+      failure_reason: result.to_h[:error_details],
+    )
     return if result.success?
     process_unsuccessful_confirmation
   end

app/controllers/frontend_log_controller.rb

@@ -9,7 +9,7 @@ class FrontendLogController < ApplicationController
     'IdV: forgot password visited' => :idv_forgot_password,
     'IdV: password confirm visited' => :idv_review_info_visited,
     'IdV: password confirm submitted' => proc do |analytics|
-      analytics.idv_review_complete
+      analytics.idv_review_complete(success: true)
       analytics.idv_final(success: true)
     end,
     'IdV: personal key visited' => :idv_personal_key_visited,

app/controllers/idv/doc_auth_controller.rb

@@ -6,10 +6,11 @@ class DocAuthController < ApplicationController
     before_action :redirect_if_pending_in_person_enrollment
     before_action :extend_timeout_using_meta_refresh_for_select_paths
 
-    include IdvSession # remove if we retire the non docauth LOA3 flow
+    include IdvSession
     include Flow::FlowStateMachine
     include Idv::DocumentCaptureConcern
 
+    before_action :redirect_if_flow_completed
     before_action :override_document_capture_step_csp
     before_action :update_if_skipping_upload
     # rubocop:disable Rails/LexicallyScopedActionFilter
@@ -37,6 +38,10 @@ def redirect_if_pending_profile
       redirect_to idv_gpo_verify_url if current_user.decorate.pending_profile_requires_verification?
     end
 
+    def redirect_if_flow_completed
+      flow_finish if idv_session.applicant
+    end
+
     def redirect_if_pending_in_person_enrollment
       return if !IdentityConfig.store.in_person_proofing_enabled
       redirect_to idv_in_person_ready_to_verify_url if current_user.pending_in_person_enrollment

app/controllers/idv/gpo_controller.rb

@@ -55,7 +55,7 @@ def gpo_mail_service
     private
 
     def update_tracking
-      analytics.idv_gpo_address_letter_requested(enqueued_at: Time.zone.now)
+      analytics.idv_gpo_address_letter_requested(enqueued_at: Time.zone.now, resend: true)
       create_user_event(:gpo_mail_sent, current_user)
 
       ProofingComponent.create_or_find_by(user: current_user).update(address_check: 'gpo_letter')

app/controllers/idv/in_person_controller.rb

@@ -2,9 +2,13 @@ module Idv
   class InPersonController < ApplicationController
     before_action :render_404_if_disabled
     before_action :confirm_two_factor_authenticated
+    before_action :redirect_unless_enrollment
 
+    include IdvSession
     include Flow::FlowStateMachine
 
+    before_action :redirect_if_flow_completed
+
     FSM_SETTINGS = {
       step_url: :idv_in_person_step_url,
       final_url: :idv_phone_url,
@@ -17,5 +21,13 @@ class InPersonController < ApplicationController
     def render_404_if_disabled
       render_not_found unless InPersonConfig.enabled_for_issuer?(current_sp&.issuer)
     end
+
+    def redirect_unless_enrollment
+      redirect_to idv_url unless current_user.establishing_in_person_enrollment
+    end
+
+    def redirect_if_flow_completed
+      flow_finish if idv_session.applicant
+    end
   end
 end

app/controllers/idv/review_controller.rb

@@ -24,6 +24,7 @@ def confirm_idv_phone_confirmed
     def confirm_current_password
       return if valid_password?
 
+      analytics.idv_review_complete(success: false)
       flash[:error] = t('idv.errors.incorrect_password')
       redirect_to idv_review_url
     end
@@ -46,7 +47,7 @@ def create
       init_profile
       user_session[:need_personal_key_confirmation] = true
       redirect_to next_step
-      analytics.idv_review_complete
+      analytics.idv_review_complete(success: true)
       analytics.idv_final(success: true)
 
       return unless FeatureManagement.reveal_gpo_code?
@@ -87,11 +88,9 @@ def idv_address_complete?
 
     def init_profile
       idv_session.create_profile_from_applicant_with_password(password)
-      idv_session.cache_encrypted_pii(password)
-      idv_session.complete_session
 
       if idv_session.address_verification_mechanism == 'gpo'
-        analytics.idv_gpo_address_letter_requested(enqueued_at: Time.zone.now)
+        analytics.idv_gpo_address_letter_requested(enqueued_at: Time.zone.now, resend: false)
       end
 
       if idv_session.profile.active?

app/controllers/idv/session_errors_controller.rb

@@ -56,11 +56,15 @@ def confirm_idv_session_step_needed
     end
 
     def set_try_again_path
-      if params[:from]&.starts_with? idv_in_person_path
+      if in_person_flow?
         @try_again_path = idv_in_person_path
       else
         @try_again_path = idv_doc_auth_path
       end
     end
+
+    def in_person_flow?
+      params[:flow] == 'in_person'
+    end
   end
 end

app/controllers/openid_connect/logout_controller.rb

@@ -10,6 +10,9 @@ def index
       result = @logout_form.submit
 
       analytics.logout_initiated(**result.to_h.except(:redirect_uri))
+      irs_attempts_api_tracker.logout_initiated(
+        success: result.success?,
+      )
 
       if result.success? && (redirect_uri = result.extra[:redirect_uri])
         sign_out

app/controllers/sign_out_controller.rb

@@ -3,6 +3,9 @@ class SignOutController < ApplicationController
 
   def destroy
     analytics.logout_initiated(method: 'cancel link')
+    irs_attempts_api_tracker.logout_initiated(
+      success: true,
+    )
     url_after_cancellation = decorated_session.cancel_link_url
     sign_out
     flash[:success] = t('devise.sessions.signed_out')

app/controllers/sign_up/registrations_controller.rb

@@ -23,6 +23,11 @@ def create
       result = @register_user_email_form.submit(permitted_params)
 
       analytics.user_registration_email(**result.to_h)
+      irs_attempts_api_tracker.user_registration_email_submitted(
+        email: permitted_params[:email],
+        success: result.success?,
+        failure_reason: result.to_h[:error_details],
+      )
 
       if result.success?
         process_successful_creation

app/controllers/two_factor_authentication/totp_verification_controller.rb

@@ -19,6 +19,7 @@ def create
       result = TotpVerificationForm.new(current_user, params.require(:code).strip).submit
 
       analytics.track_mfa_submit_event(result.to_h)
+      irs_attempts_api_tracker.multi_factor_auth_verify_totp(success: result.success?)
 
       if result.success?
         handle_valid_otp

app/controllers/users/reset_passwords_controller.rb

@@ -86,6 +86,11 @@ def create_account_if_email_not_found
       return unless result
 
       analytics.user_registration_email(**result.to_h)
+      irs_attempts_api_tracker.user_registration_email_submitted(
+        email: email,
+        success: result.success?,
+        failure_reason: result.to_h[:error_details],
+      )
       create_user_event(:account_created, user)
     end
 

app/controllers/users/sessions_controller.rb

@@ -41,8 +41,6 @@ def create
     def destroy
       analytics.logout_initiated(sp_initiated: false, oidc: false)
       irs_attempts_api_tracker.logout_initiated(
-        user_uuid: current_user.uuid,
-        unique_session_id: current_user.unique_session_id,
         success: true,
       )
       super

app/controllers/users/totp_setup_controller.rb

@@ -27,6 +27,10 @@ def confirm
       properties = result.to_h.merge(analytics_properties)
       analytics.multi_factor_auth_setup(**properties)
 
+      irs_attempts_api_tracker.multi_factor_auth_enroll_totp(
+        success: result.success?,
+      )
+
       if result.success?
         process_valid_code
       else

app/controllers/verify_controller.rb

@@ -24,7 +24,6 @@ def app_data
     {
       base_path: idv_app_path,
       cancel_url: idv_cancel_path,
-      in_person_url: in_person_url,
       initial_values: initial_values,
       reset_password_url: forgot_password_url,
       enabled_step_names: IdentityConfig.store.idv_api_enabled_steps,
@@ -47,10 +46,6 @@ def enabled_steps
     IdentityConfig.store.idv_api_enabled_steps
   end
 
-  def in_person_url
-    idv_in_person_url if Idv::InPersonConfig.enabled_for_issuer?(current_sp&.issuer)
-  end
-
   def step_enabled?(step)
     enabled_steps.include?(step)
   end

app/decorators/session_decorator.rb

@@ -47,6 +47,10 @@ def requested_more_recent_verification?
 
   def irs_attempts_api_session_id; end
 
+  def request_url_params
+    {}
+  end
+
   private
 
   attr_reader :view_context