Deploy RC 223 to Prod

README.md

@@ -189,6 +189,10 @@ There was an initial attempt to dockerize the IDP but it is currently deprecated
 
 If you'd like to work with the previous implementation see the [Docker documentation](./docs/Docker.md) to install the IdP as a container.
 
+### Linting
+
+Run `make lint`
+
 ### Troubleshooting
 #### I am receiving errors when running `$ make setup`
 
@@ -274,3 +278,11 @@ Paste the following contents into the text editor:
 Use Control+X to save the file.
 
 Restart your Mac to cause the .plist to take effect. Check the limits again and you should see both `ulimit -n` and `launchctl limit maxfiles` return a limit of 524288.
+
+##### Errors related to _sassc_
+
+If you are getting the error:
+```
+LoadError: cannot load such file -- sassc
+```
+Try `make run` for a short time, then use Ctrl+C to kill it

app/assets/stylesheets/components/_alert.scss

@@ -0,0 +1,8 @@
+.usa-alert--info-important {
+  @include u-bg('accent-cool-darker');
+  color: color('white');
+
+  &::before {
+    background-image: url('alert/info-white.svg');
+  }
+}

app/assets/stylesheets/components/all.scss

@@ -1,5 +1,6 @@
 @import 'account-header';
 @import 'alert-icon';
+@import 'alert';
 @import 'banner';
 @import 'block-link';
 @import 'btn';

app/assets/stylesheets/email.css.scss

@@ -2,7 +2,6 @@
 @import 'variables/email';
 @import 'foundation-emails/scss/foundation-emails';
 @import 'identity-style-guide/dist/assets/scss/packages/required';
-@import 'identity-style-guide/dist/assets/scss/packages/utilities';
 
 .gray {
   &:active,
@@ -156,3 +155,98 @@ h4 {
   padding-top: units(0.5);
   margin-right: units(1.5);
 }
+
+// Design system utility classes are duplicated here as a compromise to allow for consistent usage
+// while avoiding performance cost of importing the full design system. Feel free to add as needed.
+
+.border-1px {
+  @include u-border(1px);
+}
+
+.border-primary-light {
+  @include u-border('primary-light');
+}
+
+.display-inline-block {
+  @include u-display('inline-block');
+}
+
+.display-block {
+  @include u-display('block');
+}
+
+.font-heading-lg {
+  @include u-font('heading', 'lg');
+}
+
+.font-heading-md {
+  @include u-font('heading', 'md');
+}
+
+.font-sans-md {
+  @include u-font('sans', 'md');
+}
+
+.margin-bottom-0 {
+  @include u-margin-bottom(0);
+}
+
+.margin-bottom-1 {
+  @include u-margin-bottom(1);
+}
+
+.margin-bottom-105 {
+  @include u-margin-bottom(1.5);
+}
+
+.margin-bottom-2 {
+  @include u-margin-bottom(2);
+}
+
+.margin-bottom-4 {
+  @include u-margin-bottom(4);
+}
+
+.margin-top-0 {
+  @include u-margin-top(0);
+}
+
+.margin-top-5 {
+  @include u-margin-top(5);
+}
+
+.margin-y-105 {
+  @include u-margin-y(1.5);
+}
+
+.margin-y-4 {
+  @include u-margin-y(4);
+}
+
+.padding-4 {
+  @include u-padding(4);
+}
+
+.padding-bottom-4 {
+  @include u-padding-bottom(4);
+}
+
+.radius-lg {
+  @include u-radius('lg');
+}
+
+.text-bold {
+  @include u-text('bold');
+}
+
+.text-center {
+  @include u-text('center');
+}
+
+.usa-list {
+  @extend %usa-list;
+
+  li {
+    @extend %usa-list-item;
+  }
+}

app/components/barcode_component.rb

@@ -34,7 +34,7 @@ def barcode_caption_id
   end
 
   def css_class
-    [*tag_options[:class], 'display-inline-block margin-0']
+    [*tag_options[:class], 'display-inline-block']
   end
 
   private

app/components/language_picker_component.html.erb

@@ -1,18 +1,23 @@
 <%= content_tag(:div, **tag_options, class: css_class) do %>
-  <button
-    aria-controls="language-picker-<%= unique_id %>"
-    class="usa-accordion__button language-picker__label"
-  >
+  <%= content_tag(
+        :button,
+        class: 'usa-accordion__button language-picker__label',
+        aria: {
+          controls: "language-picker-#{unique_id}",
+          expanded: false,
+        },
+      ) do %>
     <%= image_tag(asset_url('globe-blue.svg'), width: 12, height: 12, alt: '', class: 'tablet:display-none') %>
     <%= image_tag(asset_url('globe-white.svg'), width: 12, height: 12, alt: '', class: 'display-none tablet:display-inline') %>
     <span id="language-picker-description-<%= unique_id %>">
       <%= t('i18n.language') %>
     </span>
-  </button>
+  <% end %>
   <ul
     id="language-picker-<%= unique_id %>"
     aria-describedby="language-picker-description-<%= unique_id %>"
     class="usa-accordion__content language-picker__list"
+    hidden
   >
     <% I18n.available_locales.each do |locale| %>
       <li>

app/controllers/concerns/fully_authenticatable.rb

@@ -1,6 +1,8 @@
 module FullyAuthenticatable
-  def delete_branded_experience
+  def delete_branded_experience(logout: false)
     ServiceProviderRequestProxy.delete(request_id)
+    session[:sp] = {} if logout
+    nil
   end
 
   def request_id

app/controllers/concerns/idv_session.rb

@@ -14,8 +14,7 @@ def confirm_idv_session_started
   def confirm_idv_needed
     return if effective_user.active_profile.blank? ||
               decorated_session.requested_more_recent_verification? ||
-              effective_user.decorate.reproof_for_irs?(service_provider: current_sp) ||
-              strict_ial2_upgrade_required?
+              effective_user.decorate.reproof_for_irs?(service_provider: current_sp)
 
     redirect_to idv_activated_url
   end
@@ -24,10 +23,6 @@ def hybrid_session?
     session[:doc_capture_user_id].present?
   end
 
-  def strict_ial2_upgrade_required?
-    sp_session[:ial2_strict] && !effective_user.active_profile&.strict_ial2_proofed?
-  end
-
   def confirm_idv_vendor_session_started
     return if flash[:allow_confirmations_continue]
     redirect_to idv_doc_auth_url unless idv_session.proofing_started?

app/controllers/idv_controller.rb

@@ -10,7 +10,7 @@ def index
     if decorated_session.requested_more_recent_verification? ||
        current_user.decorate.reproof_for_irs?(service_provider: current_sp)
       verify_identity
-    elsif active_profile? && !strict_ial2_upgrade_required?
+    elsif active_profile?
       redirect_to idv_activated_url
     elsif idv_attempter_throttled?
       irs_attempts_api_tracker.idv_verification_rate_limited
@@ -49,10 +49,6 @@ def profile_needs_reactivation?
     redirect_to reactivate_account_url
   end
 
-  def strict_ial2_upgrade_required?
-    sp_session[:ial2_strict] && !current_user.active_profile&.strict_ial2_proofed?
-  end
-
   def active_profile?
     current_user.active_profile.present?
   end

app/controllers/openid_connect/logout_controller.rb

@@ -1,6 +1,7 @@
 module OpenidConnect
   class LogoutController < ApplicationController
     include SecureHeadersConcern
+    include FullyAuthenticatable
 
     before_action :apply_secure_headers_override, only: [:index, :delete]
     before_action :confirm_two_factor_authenticated, only: [:delete]
@@ -62,6 +63,8 @@ def handle_successful_logout_request(result, redirect_uri)
         }
         @params[:state] = logout_params[:state] if !logout_params[:state].nil?
         @service_provider_name = @logout_form.service_provider&.friendly_name
+        delete_branded_experience(logout: true)
+
         render :index
       else
         analytics.logout_initiated(**result.to_h.except(:redirect_uri))

app/controllers/users/service_provider_inactive_controller.rb

@@ -8,8 +8,7 @@ def index
       @sp_name = sp_from_sp_session&.friendly_name ||
                  I18n.t('service_providers.errors.generic_sp_name')
 
-      delete_branded_experience
-      session[:sp] = {}
+      delete_branded_experience(logout: true)
     end
   end
 end

app/decorators/user_decorator.rb

@@ -62,8 +62,9 @@ def identity_verified?(service_provider: nil)
   end
 
   def reproof_for_irs?(service_provider:)
-    service_provider&.irs_attempts_api_enabled &&
-      !user.active_profile&.initiating_service_provider&.irs_attempts_api_enabled
+    return false unless user.active_profile.present?
+    return false unless service_provider&.irs_attempts_api_enabled
+    !user.active_profile.initiating_service_provider&.irs_attempts_api_enabled
   end
 
   def active_profile_newer_than_pending_profile?

app/forms/idv/api_image_upload_form.rb

@@ -66,8 +66,6 @@ def post_images_to_client
       response = doc_auth_client.post_images(
         front_image: front.read,
         back_image: back.read,
-        selfie_image: nil,
-        liveness_checking_enabled: false,
         image_source: image_source,
         user_uuid: user_uuid,
         uuid_prefix: uuid_prefix,

app/helpers/application_helper.rb

@@ -32,7 +32,6 @@ def ial2_requested?
 
   def liveness_checking_enabled?
     return false if !FeatureManagement.liveness_checking_enabled?
-    return sp_session[:ial2_strict] if sp_session.key?(:ial2_strict)
     !!current_user&.decorate&.password_reset_profile&.strict_ial2_proofed?
   end