Deploy RC 207

.gitlab-ci.yml

@@ -6,7 +6,7 @@
 variables:
   GITLAB_CI: 'true'
   ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com'
-  IDP_CI_SHA: 'sha256:db00ce3b6c4b75e449d72e19329afdde94937547a75bfbfb6ef774ed3f5d77b6'
+  IDP_CI_SHA: 'sha256:cea459aea56802327075b873cc73a8859ecffa359a9311b359ea49b19b1ba934'
 
 default:
   image: '${ECR_REGISTRY}/idp/ci@${IDP_CI_SHA}'
@@ -185,7 +185,6 @@ js_tests:
     - *yarn_install
     - yarn test
 
-
 pinpoint-check:
   stage: test
   cache:

.nvmrc

@@ -1 +1 @@
-14
+16

.rubocop.yml

@@ -309,6 +309,9 @@ Layout/SpaceInLambdaLiteral:
   Enabled: true
   EnforcedStyle: require_no_space
 
+Layout/SpaceInsideArrayLiteralBrackets:
+  Enabled: true
+
 Layout/SpaceInsideBlockBraces:
   Enabled: true
 

README.md

@@ -23,8 +23,7 @@ We recommend using [Homebrew](https://brew.sh/), [rbenv](https://github.com/rben
 - Ruby ~> 3.0.4
 - [PostgreSQL](http://www.postgresql.org/download/)
 - [Redis 5+](http://redis.io/)
-- [Node.js v14](https://nodejs.org)
--- (to install Node.js v.14 using brew: `brew install node@14`)
+- [Node.js v16](https://nodejs.org)
 - [Yarn](https://yarnpkg.com/en/)
 - [chromedriver](https://formulae.brew.sh/cask/chromedriver)
 

app/assets/images/email/README.md

@@ -1,3 +1,7 @@
 # Email Images
 
-This folder contains images for exclusive use by mailer templates. This includes email-specific imagery, and also variants of existing assets. For example, since [SVG images are not well-supported](https://www.caniemail.com/features/image-svg/) in all email clients, this folder may include rasterized versions of common SVG images.
+This folder contains images for exclusive use by mailer templates. This includes email-specific imagery, and also variants of existing assets.
+
+For example, since [SVG images are not well-supported](https://www.caniemail.com/features/image-svg/) in all email clients, this folder may include rasterized versions of common SVG images.
+
+These images should not be used in application views, since vector images (SVG) are typically preferred due to improved render quality and smaller file size.

app/assets/stylesheets/components/_step-indicator.scss

@@ -1,6 +1,5 @@
 $step-indicator-current-step-border-width: 3px;
 $step-indicator-line-height: 4px;
-$step-indicator-pending-color: #a8b6c6;
 
 lg-step-indicator {
   display: block;
@@ -106,15 +105,11 @@ lg-step-indicator {
   border: $step-indicator-current-step-border-width solid color('success');
 }
 
-.step-indicator__step--complete:not(.step-indicator__step--pending)::before {
+.step-indicator__step--complete::before {
   background-color: color('white');
   background-image: url('alert/success.svg');
 }
 
-.step-indicator__step--pending::before {
-  background-image: url('alert/pending.svg');
-}
-
 .step-indicator__step:not(:last-child)::after {
   background-color: color('base-lighter');
   content: '';
@@ -126,11 +121,7 @@ lg-step-indicator {
   width: calc(100% - 1rem - #{$step-indicator-line-height * 2});
 }
 
-.step-indicator__step--pending:not(:last-child)::after {
-  background-color: $step-indicator-pending-color;
-}
-
-.step-indicator__step--complete:not(.step-indicator__step--pending):not(:last-child)::after {
+.step-indicator__step--complete:not(:last-child)::after {
   background-color: color('success');
 }
 

app/assets/stylesheets/components/all.scss

@@ -1,7 +1,6 @@
 @import 'account-header';
 @import 'banner';
 @import 'block-link';
-@import 'block-submit-button';
 @import 'btn';
 @import 'card';
 @import 'container';

app/components/phone_input_component.rb

@@ -36,9 +36,10 @@ def translated_country_code_names
   end
 
   def international_phone_codes
+    translated_international_codes = PhoneNumberCapabilities.translated_international_codes
     supported_country_codes.
       map do |code_key|
-        code_data = PhoneNumberCapabilities.translated_international_codes[code_key]
+        code_data = translated_international_codes[code_key]
 
         [
           international_phone_code_label(code_data),

app/controllers/concerns/idv/phone_otp_rate_limitable.rb

@@ -29,6 +29,7 @@ def reset_attempt_count_if_user_no_longer_locked_out
 
     def handle_too_many_otp_sends
       analytics.idv_phone_confirmation_otp_rate_limit_sends
+      irs_attempts_api_tracker.idv_phone_otp_sent_rate_limited
       handle_max_attempts('otp_requests')
     end
 

app/controllers/concerns/idv/step_indicator_concern.rb

@@ -0,0 +1,50 @@
+module Idv
+  module StepIndicatorConcern
+    extend ActiveSupport::Concern
+
+    include IdvSession
+
+    included do
+      helper_method :step_indicator_steps
+    end
+
+    def step_indicator_steps
+      if in_person_proofing?
+        if gpo_address_verification?
+          Idv::Flows::InPersonFlow::STEP_INDICATOR_STEPS_GPO
+        else
+          Idv::Flows::InPersonFlow::STEP_INDICATOR_STEPS
+        end
+      elsif gpo_address_verification?
+        Idv::Flows::DocAuthFlow::STEP_INDICATOR_STEPS_GPO
+      else
+        Idv::Flows::DocAuthFlow::STEP_INDICATOR_STEPS
+      end
+    end
+
+    private
+
+    def in_person_proofing?
+      proofing_components_as_hash['document_check'] == Idp::Constants::Vendors::USPS
+    end
+
+    def gpo_address_verification?
+      # Proofing component values are (currently) never reset between proofing attempts, hence why
+      # this refers to the session address verification mechanism and not the proofing component.
+      !!current_user.pending_profile || idv_session.address_verification_mechanism == 'gpo'
+    end
+
+    def proofing_components_as_hash
+      # A proofing component record exists as a zero-or-one-to-one relation with a user, and values
+      # are set during identity verification. These values are recorded to the profile at creation,
+      # including for a pending profile.
+      @proofing_components_as_hash ||= begin
+        if current_user.pending_profile
+          current_user.pending_profile.proofing_components
+        else
+          ProofingComponent.find_by(user: current_user).as_json
+        end
+      end.to_h
+    end
+  end
+end

app/controllers/concerns/verify_sp_attributes_concern.rb

@@ -3,13 +3,14 @@ def needs_completion_screen_reason
     return nil if sp_session[:issuer].blank?
     return nil if sp_session[:request_url].blank?
 
+    sp_session_identity = find_sp_session_identity
     if sp_session_identity.nil?
       :new_sp
-    elsif !requested_attributes_verified?
+    elsif !requested_attributes_verified?(sp_session_identity)
       :new_attributes
-    elsif consent_has_expired?
+    elsif consent_has_expired?(sp_session_identity)
       :consent_expired
-    elsif consent_was_revoked?
+    elsif consent_was_revoked?(sp_session_identity)
       :consent_revoked
     end
   end
@@ -26,7 +27,7 @@ def update_verified_attributes
     )
   end
 
-  def consent_has_expired?
+  def consent_has_expired?(sp_session_identity)
     return false unless sp_session_identity
     return false if sp_session_identity.deleted_at.present?
     last_estimated_consent = sp_session_identity.last_consented_at || sp_session_identity.created_at
@@ -35,7 +36,7 @@ def consent_has_expired?
       verified_after_consent?(last_estimated_consent)
   end
 
-  def consent_was_revoked?
+  def consent_was_revoked?(sp_session_identity)
     return false unless sp_session_identity
     sp_session_identity.deleted_at.present?
   end
@@ -48,14 +49,13 @@ def verified_after_consent?(last_estimated_consent)
     verification_timestamp.present? && last_estimated_consent < verification_timestamp
   end
 
-  def sp_session_identity
-    @sp_session_identity =
-      current_user&.identities&.find_by(service_provider: sp_session[:issuer])
+  def find_sp_session_identity
+    current_user&.identities&.find_by(service_provider: sp_session[:issuer])
   end
 
-  def requested_attributes_verified?
-    @sp_session_identity && (
-      Array(sp_session[:requested_attributes]) - @sp_session_identity.verified_attributes.to_a
+  def requested_attributes_verified?(sp_session_identity)
+    sp_session_identity && (
+      Array(sp_session[:requested_attributes]) - sp_session_identity.verified_attributes.to_a
     ).empty?
   end
 end

app/controllers/frontend_log_controller.rb

@@ -5,7 +5,9 @@ class FrontendLogController < ApplicationController
   before_action :check_user_authenticated
   before_action :validate_parameter_types
 
+  # rubocop:disable Layout/LineLength
   EVENT_MAP = {
+    'IdV: verify in person troubleshooting option clicked' => :idv_verify_in_person_troubleshooting_option_clicked,
     'IdV: forgot password visited' => :idv_forgot_password,
     'IdV: password confirm visited' => :idv_review_info_visited,
     'IdV: password confirm submitted' => proc do |analytics|
@@ -22,6 +24,7 @@ class FrontendLogController < ApplicationController
   }.transform_values do |method|
     method.is_a?(Proc) ? method : AnalyticsEvents.instance_method(method)
   end.freeze
+  # rubocop:enable Layout/LineLength
 
   def create
     event = log_params[:event]

app/controllers/idv/capture_doc_controller.rb

@@ -1,5 +1,9 @@
 module Idv
   class CaptureDocController < ApplicationController
+    # rubocop:disable Rails/LexicallyScopedActionFilter
+    # index comes from the flow_state_matchine.rb
+    before_action :track_index_loads, only: [:index]
+    # rubocop:enable Rails/LexicallyScopedActionFilter
     before_action :ensure_user_id_in_session
 
     include Flow::FlowStateMachine
@@ -20,6 +24,10 @@ def return_to_sp
 
     private
 
+    def track_index_loads
+      irs_attempts_api_tracker.idv_phone_upload_link_used
+    end
+
     def ensure_user_id_in_session
       return if session[:doc_capture_user_id] &&
                 token.blank? &&

app/controllers/idv/come_back_later_controller.rb

@@ -1,5 +1,7 @@
 module Idv
   class ComeBackLaterController < ApplicationController
+    include StepIndicatorConcern
+
     before_action :confirm_two_factor_authenticated
     before_action :confirm_user_needs_gpo_confirmation
 

app/controllers/idv/gpo_controller.rb

@@ -1,6 +1,7 @@
 module Idv
   class GpoController < ApplicationController
     include IdvSession
+    include StepIndicatorConcern
 
     before_action :confirm_two_factor_authenticated
     before_action :confirm_idv_needed
@@ -10,6 +11,7 @@ class GpoController < ApplicationController
 
     def index
       @presenter = GpoPresenter.new(current_user, url_options)
+      @step_indicator_current_step = step_indicator_current_step
       analytics.idv_gpo_address_visited(
         letter_already_sent: @presenter.letter_already_sent?,
       )
@@ -35,6 +37,14 @@ def gpo_mail_service
 
     private
 
+    def step_indicator_current_step
+      if resend_requested?
+        :get_a_letter
+      else
+        :verify_phone_or_address
+      end
+    end
+
     def update_tracking
       analytics.idv_gpo_address_letter_requested(resend: resend_requested?)
       irs_attempts_api_tracker.idv_letter_requested(success: true, resend: resend_requested?)

app/controllers/idv/gpo_verify_controller.rb

@@ -1,6 +1,7 @@
 module Idv
   class GpoVerifyController < ApplicationController
     include IdvSession
+    include StepIndicatorConcern
 
     before_action :confirm_two_factor_authenticated
     before_action :confirm_verification_needed
@@ -27,10 +28,15 @@ def create
       @gpo_verify_form = build_gpo_verify_form
 
       if throttle.throttled_else_increment?
+        irs_attempts_api_tracker.idv_gpo_verification_throttled
         render_throttled
       else
         result = @gpo_verify_form.submit
         analytics.idv_gpo_verification_submitted(**result.to_h)
+        irs_attempts_api_tracker.idv_gpo_verification_submitted(
+          success: result.success?,
+          failure_reason: result.errors.presence,
+        )
 
         if result.success?
           if result.extra[:pending_in_person_enrollment]

app/controllers/idv/in_person/ready_to_verify_controller.rb

@@ -2,6 +2,7 @@ module Idv
   module InPerson
     class ReadyToVerifyController < ApplicationController
       include RenderConditionConcern
+      include StepIndicatorConcern
 
       check_or_render_not_found -> { IdentityConfig.store.in_person_proofing_enabled }
 

app/controllers/idv/in_person_controller.rb

@@ -9,8 +9,10 @@ class InPersonController < ApplicationController
 
     include IdvSession
     include Flow::FlowStateMachine
+    include Idv::ThreatMetrixConcern
 
     before_action :redirect_if_flow_completed
+    before_action :override_csp_for_threat_metrix
 
     FLOW_STATE_MACHINE_SETTINGS = {
       step_url: :idv_in_person_step_url,