18F · solipet · Sep 26, 2022 · Sep 22, 2022 · Sep 22, 2022 · Sep 22, 2022
diff --git a/app/assets/stylesheets/utilities/_typography.scss b/app/assets/stylesheets/utilities/_typography.scss
@@ -99,3 +99,29 @@ h6,
 .h6 {
   @extend %h6;
 }
+
+.separator-text {
+  display: flex;
+  align-items: center;
+  text-align: center;
+  font-size: 1.125rem;
+  margin-top: 32px;
+  margin-bottom: 16px;
+
+  &::before,
+  &::after {
+    content: '';
+    display: block;
+    border-bottom: 1px solid color('primary-light');
+    flex-grow: 1;
+    min-width: 2rem;
+  }
+
+  &::before {
+    margin-right: 1rem;
+  }
+
+  &::after {
+    margin-left: 1rem;
+  }
+}
diff --git a/app/controllers/account_reset/delete_account_controller.rb b/app/controllers/account_reset/delete_account_controller.rb
@@ -20,7 +20,7 @@ def delete
 
       irs_attempts_api_tracker.account_reset_account_deleted(
         success: result.success?,
-        failure_reason: result.errors,
+        failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
       )
       if result.success?
         handle_successful_deletion(result)

diff --git a/app/controllers/concerns/inherited_proofing_concern.rb b/app/controllers/concerns/inherited_proofing_concern.rb
@@ -27,4 +27,38 @@ def va_inherited_proofing_auth_code
   def va_inherited_proofing_auth_code_params_key
     'inherited_proofing_auth'
   end
+
+  # Service Provider-agnostic members for now.
+  # Think about putting this in a factory(ies).
+
+  def inherited_proofing_service
+    inherited_proofing_service_class.new inherited_proofing_service_provider_data
+  end
+
+  def inherited_proofing_service_class
+    raise 'Inherited Proofing is not enabled' unless IdentityConfig.store.inherited_proofing_enabled
+
+    if va_inherited_proofing?
+      if IdentityConfig.store.va_inherited_proofing_mock_enabled
+        return Idv::InheritedProofing::Va::Mocks::Service
+      end
+      return Idv::InheritedProofing::Va::Service
+    end
+
+    raise 'Inherited proofing service class could not be identified'
+  end
+
+  def inherited_proofing_form(payload_hash)
+    return Idv::InheritedProofing::Va::Form.new payload_hash: payload_hash if va_inherited_proofing?
+
+    raise 'Inherited proofing form could not be identified'
+  end
+
+  def inherited_proofing_service_provider_data
+    if va_inherited_proofing?
+      { auth_code: va_inherited_proofing_auth_code }
+    else
+      {}
+    end
+  end
 end
diff --git a/app/controllers/concerns/unconfirmed_user_concern.rb b/app/controllers/concerns/unconfirmed_user_concern.rb
@@ -38,7 +38,7 @@ def stop_if_invalid_token
     irs_attempts_api_tracker.user_registration_email_confirmation(
       email: @email_address&.email,
       success: result.success?,
-      failure_reason: result.to_h[:error_details],
+      failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
     )
     return if result.success?
     process_unsuccessful_confirmation

diff --git a/app/controllers/idv/gpo_verify_controller.rb b/app/controllers/idv/gpo_verify_controller.rb
@@ -35,7 +35,7 @@ def create
         analytics.idv_gpo_verification_submitted(**result.to_h)
         irs_attempts_api_tracker.idv_gpo_verification_submitted(
           success: result.success?,
-          failure_reason: result.errors.presence,
+          failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
         )
 
         if result.success?

diff --git a/app/controllers/idv/inherited_proofing_controller.rb b/app/controllers/idv/inherited_proofing_controller.rb
@@ -1,6 +1,8 @@
 module Idv
   class InheritedProofingController < ApplicationController
     include Flow::FlowStateMachine
+    include IdvSession
+    include InheritedProofingConcern
 
     before_action :render_404_if_disabled
 

diff --git a/app/controllers/idv/phone_controller.rb b/app/controllers/idv/phone_controller.rb
@@ -34,7 +34,7 @@ def create
       irs_attempts_api_tracker.idv_phone_submitted(
         phone_number: step_params[:phone],
         success: result.success?,
-        failure_reason: result.errors,
+        failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
       )
       flash[:error] = result.first_error_message if !result.success?
       return render :new, locals: { gpo_letter_available: gpo_letter_available } if !result.success?

diff --git a/app/controllers/openid_connect/logout_controller.rb b/app/controllers/openid_connect/logout_controller.rb
@@ -19,12 +19,10 @@ def index
 
       if result.success? && (redirect_uri = result.extra[:redirect_uri])
         sign_out
-        unless logout_params[:prevent_logout_redirect] == 'true'
-          redirect_to(
-            redirect_uri,
-            allow_other_host: true,
-          )
-        end
+        redirect_to(
+          redirect_uri,
+          allow_other_host: true,
+        )
       else
         render :error
       end
@@ -35,7 +33,6 @@ def logout_params
         :id_token_hint,
         :post_logout_redirect_uri,
         :state,
-        :prevent_logout_redirect,
       ]
 
       if IdentityConfig.store.accept_client_id_in_oidc_logout ||

diff --git a/app/controllers/sign_up/passwords_controller.rb b/app/controllers/sign_up/passwords_controller.rb
@@ -16,7 +16,7 @@ def create
       analytics.password_creation(**result.to_h)
       irs_attempts_api_tracker.user_registration_password_submitted(
         success: result.success?,
-        failure_reason: result.errors,
+        failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
       )
       store_sp_metadata_in_session unless sp_request_id.empty?
 

diff --git a/app/controllers/sign_up/registrations_controller.rb b/app/controllers/sign_up/registrations_controller.rb
@@ -30,7 +30,7 @@ def create
       irs_attempts_api_tracker.user_registration_email_submitted(
         email: permitted_params[:email],
         success: result.success?,
-        failure_reason: result.to_h[:error_details],
+        failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
       )
 
       if result.success?

diff --git a/app/controllers/test/device_profiling_controller.rb b/app/controllers/test/device_profiling_controller.rb
@@ -0,0 +1,33 @@
+module Test
+  class DeviceProfilingController < ApplicationController
+    prepend_before_action :skip_session_load
+    prepend_before_action :skip_session_expiration
+    skip_before_action :verify_authenticity_token
+
+    layout false
+
+    # iframe fallback
+    def index
+      tmx_backend.record_profiling_result(
+        session_id: params[:session_id],
+        result: 'no_result',
+      )
+    end
+
+    # explicit JS POST
+    def create
+      tmx_backend.record_profiling_result(
+        session_id: params[:session_id],
+        result: params[:result],
+      )
+
+      head :ok
+    end
+
+    private
+
+    def tmx_backend
+      @tmx_backend ||= Proofing::Mock::DeviceProfilingBackend.new
+    end
+  end
+end
diff --git a/app/controllers/two_factor_authentication/piv_cac_verification_controller.rb b/app/controllers/two_factor_authentication/piv_cac_verification_controller.rb
@@ -33,7 +33,7 @@ def process_token
       irs_attempts_api_tracker.mfa_login_piv_cac(
         success: result.success?,
         subject_dn: piv_cac_verification_form.x509_dn,
-        failure_reason: result.errors.presence,
+        failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
       )
       if result.success?
         handle_valid_piv_cac

diff --git a/app/controllers/users/delete_controller.rb b/app/controllers/users/delete_controller.rb
@@ -8,7 +8,7 @@ def show
     end
 
     def delete
-      irs_attempts_api_tracker.account_purged(success: true)
+      irs_attempts_api_tracker.logged_in_account_purged(success: true)
       send_push_notifications
       delete_user
       sign_out
@@ -31,7 +31,7 @@ def confirm_current_password
 
       flash[:error] = t('idv.errors.incorrect_password')
       analytics.account_delete_submitted(success: false)
-      irs_attempts_api_tracker.account_purged(success: false)
+      irs_attempts_api_tracker.logged_in_account_purged(success: false)
       render :show
     end
 

diff --git a/app/controllers/users/passwords_controller.rb b/app/controllers/users/passwords_controller.rb
@@ -18,7 +18,7 @@ def update
       analytics.password_changed(**result.to_h)
       irs_attempts_api_tracker.logged_in_password_change(
         success: result.success?,
-        failure_reason: result.to_h[:error_details],
+        failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
       )
 
       if result.success?

diff --git a/app/controllers/users/piv_cac_authentication_setup_controller.rb b/app/controllers/users/piv_cac_authentication_setup_controller.rb
@@ -89,7 +89,7 @@ def process_piv_cac_setup
       irs_attempts_api_tracker.mfa_enroll_piv_cac(
         success: result.success?,
         subject_dn: user_piv_cac_form.x509_dn,
-        failure_reason: result.errors.presence,
+        failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
       )
       if result.success?
         process_valid_submission

diff --git a/app/controllers/users/piv_cac_setup_from_sign_in_controller.rb b/app/controllers/users/piv_cac_setup_from_sign_in_controller.rb
@@ -40,7 +40,7 @@ def process_piv_cac_setup
       irs_attempts_api_tracker.mfa_enroll_piv_cac(
         success: result.success?,
         subject_dn: user_piv_cac_form.x509_dn,
-        failure_reason: result.errors.presence,
+        failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
       )
       if result.success?
         process_valid_submission

diff --git a/app/controllers/users/reset_passwords_controller.rb b/app/controllers/users/reset_passwords_controller.rb
@@ -24,7 +24,7 @@ def edit
       analytics.password_reset_token(**result.to_h)
       irs_attempts_api_tracker.forgot_password_email_confirmed(
         success: result.success?,
-        failure_reason: result.errors,
+        failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
       )
 
       if result.success?
@@ -45,7 +45,7 @@ def update
       analytics.password_reset_password(**result.to_h)
       irs_attempts_api_tracker.forgot_password_new_password_submitted(
         success: result.success?,
-        failure_reason: result.errors,
+        failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
       )
 
       if result.success?
@@ -98,7 +98,7 @@ def create_account_if_email_not_found
       irs_attempts_api_tracker.user_registration_email_submitted(
         email: email,
         success: result.success?,
-        failure_reason: result.to_h[:error_details],
+        failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
       )
       create_user_event(:account_created, user)
     end

diff --git a/app/controllers/users/verify_personal_key_controller.rb b/app/controllers/users/verify_personal_key_controller.rb
@@ -33,7 +33,7 @@ def create
         )
         irs_attempts_api_tracker.personal_key_reactivation_submitted(
           success: result.success?,
-          failure_reason: result.errors,
+          failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
         )
         if result.success?
           handle_success(decrypted_pii: personal_key_form.decrypted_pii)