18F · jmdembe · Dec 1, 2022 · Nov 22, 2022 · Nov 22, 2022 · Nov 22, 2022
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -246,3 +246,7 @@ trigger_devops:
   rules:
     - if: $CI_COMMIT_BRANCH == "main"
   trigger: lg/identity-devops
+
+include:
+  - template: Jobs/SAST.gitlab-ci.yml
+
diff --git a/app/components/memorable_date_component.html.erb b/app/components/memorable_date_component.html.erb
@@ -1,7 +1,7 @@
-<label class="usa-label">     
+<label class="usa-label">
     <%= label %>
 </label>
-<div class="usa-hint" id="validated-field-hint-<%= unique_id %>">
+<div id="validated-field-hint-<%= unique_id %>" class="usa-hint">
     <%= hint %>
 </div>
   <%= content_tag :'lg-memorable-date', min: min, max: max, **tag_options do -%>
@@ -22,17 +22,21 @@
                   pattern: '(1[0-2])|(0?[1-9])',
                   wrapper_html: { class: 'usa-form-group usa-form-group--month margin-bottom-0' },
                   label: t('components.memorable_date.month'),
-                  label_html: { class: 'usa-label' },
+                  label_html: {
+                    class: 'usa-label',
+                    id: "memorable-date-month-label-#{unique_id}",
+                  },
                   input_html: {
                     type: 'text',
                     class: 'validated-field__input memorable-date__month',
                     minLength: 1,
                     maxLength: 2,
                     aria: {
                       invalid: false,
-                      describedby: [
-                        "validated-field-error-#{unique_id}",
-                        "validated-field-hint-#{unique_id}",
+                      describedby: "validated-field-error-#{unique_id}",
+                      labelledby: [
+                        "memorable-date-month-label-#{unique_id}",
+                        "memorable-date-month-hint-#{unique_id}",
                       ],
                     },
                     value: month,
@@ -41,6 +45,9 @@
                   required: required,
                 ) %>
           <% end %>
+          <span id=<%= "memorable-date-month-hint-#{unique_id}" %> class="display-none">
+            <%= t('in_person_proofing.form.state_id.date_hint.month') %>
+          </span>
           </lg-validated-field>
           <lg-validated-field>
           <%= f.simple_fields_for name do |p| %>
@@ -49,17 +56,21 @@
                 pattern: '(3[01])|([12][0-9])|(0?[1-9])',
                 wrapper_html: { class: 'usa-form-group usa-form-group--day margin-bottom-0' },
                 label: t('components.memorable_date.day'),
-                label_html: { class: 'usa-label' },
+                label_html: {
+                  class: 'usa-label',
+                  id: "memorable-date-day-label-#{unique_id}",
+                },
                 input_html: {
                   type: 'text',
                   class: 'validated-field__input memorable-date__day',
                   minLength: 1,
                   maxLength: 2,
                   aria: {
                     invalid: false,
-                    describedby: [
-                      "validated-field-error-#{unique_id}",
-                      "validated-field-hint-#{unique_id}",
+                    describedby: "validated-field-error-#{unique_id}",
+                    labelledby: [
+                      "memorable-date-day-label-#{unique_id}",
+                      "memorable-date-day-hint-#{unique_id}",
                     ],
                   },
                   value: day,
@@ -68,6 +79,9 @@
                 required: required,
               ) %>
           <% end %>
+          <span id=<%= "memorable-date-day-hint-#{unique_id}" %> class="display-none">
+            <%= t('in_person_proofing.form.state_id.date_hint.day') %>
+          </span>
           </lg-validated-field>
           <lg-validated-field>
           <%= f.simple_fields_for name do |p| %>
@@ -76,17 +90,21 @@
                 pattern: '\d{4}',
                 wrapper_html: { class: 'usa-form-group usa-form-group--year margin-bottom-0' },
                 label: t('components.memorable_date.year'),
-                label_html: { class: 'usa-label' },
+                label_html: {
+                  class: 'usa-label',
+                  id: "memorable-date-year-label-#{unique_id}",
+                },
                 input_html: {
                   type: 'text',
                   class: 'validated-field__input memorable-date__year',
                   minLength: 4,
                   maxLength: 4,
                   aria: {
                     invalid: false,
-                    describedby: [
-                      "validated-field-error-#{unique_id}",
-                      "validated-field-hint-#{unique_id}",
+                    describedby: "validated-field-error-#{unique_id}",
+                    labelledby: [
+                      "memorable-date-year-label-#{unique_id}",
+                      "memorable-date-year-hint-#{unique_id}",
                     ],
                   },
                   value: year,
@@ -95,6 +113,9 @@
                 required: required,
               ) %>
           <% end %>
+          <span id=<%= "memorable-date-year-hint-#{unique_id}" %> class="display-none">
+            <%= t('in_person_proofing.form.state_id.date_hint.year') %>
+          </span>
         </lg-validated-field>
     </div>
   <% end -%>

diff --git a/app/controllers/idv/capture_doc_controller.rb b/app/controllers/idv/capture_doc_controller.rb
@@ -33,7 +33,7 @@ def ensure_user_id_in_session
                 token.blank? &&
                 document_capture_session_uuid.blank?
 
-      result = CaptureDoc::ValidateDocumentCaptureSession.new(document_capture_session_uuid).call
+      result = Idv::DocumentCaptureSessionForm.new(document_capture_session_uuid).submit
 
       analytics.track_event(FLOW_STATE_MACHINE_SETTINGS[:analytics_id], result.to_h)
       process_result(result)

diff --git a/app/controllers/idv/in_person/usps_locations_controller.rb b/app/controllers/idv/in_person/usps_locations_controller.rb
@@ -11,22 +11,37 @@ class UspsLocationsController < ApplicationController
 
       before_action :confirm_authenticated_for_api, only: [:update]
 
-      # get the list of all pilot Post Office locations
+      # retrieve the list of nearby IPP Post Office locations with a POST request
       def index
         usps_response = []
         begin
-          usps_response = Proofer.new.request_pilot_facilities
+          if IdentityConfig.store.arcgis_search_enabled
+            candidate = UspsInPersonProofing::Applicant.new(
+              address: search_params['street_address'],
+              city: search_params['city'], state: search_params['state'],
+              zip_code: search_params['zip_code']
+            )
+            usps_response = proofer.request_facilities(candidate)
+          else
+            usps_response = proofer.request_pilot_facilities
+          end
+        rescue ActionController::ParameterMissing
+          usps_response = proofer.request_pilot_facilities
         rescue Faraday::ConnectionFailed => _error
           nil
         end
 
         render json: usps_response.to_json
       end
 
+      def proofer
+        @proofer ||= Proofer.new
+      end
+
       # save the Post Office location the user selected to an enrollment
       def update
         enrollment.update!(
-          selected_location_details: permitted_params.as_json,
+          selected_location_details: update_params.as_json,
           issuer: current_sp&.issuer,
         )
 
@@ -47,7 +62,16 @@ def enrollment
         )
       end
 
-      def permitted_params
+      def search_params
+        params.require(:address).permit(
+          :street_address,
+          :city,
+          :state,
+          :zip_code,
+        )
+      end
+
+      def update_params
         params.require(:usps_location).permit(
           :formatted_city_state_zip,
           :name,

diff --git a/app/controllers/idv/otp_delivery_method_controller.rb b/app/controllers/idv/otp_delivery_method_controller.rb
@@ -67,7 +67,9 @@ def render_new_with_error_message
     def send_phone_confirmation_otp_and_handle_result
       save_delivery_preference
       result = send_phone_confirmation_otp
-      analytics.idv_phone_confirmation_otp_sent(**result.to_h)
+      analytics.idv_phone_confirmation_otp_sent(
+        **result.to_h.merge(adapter: Telephony.config.adapter),
+      )
 
       irs_attempts_api_tracker.idv_phone_otp_sent(
         phone_number: @idv_phone,
@@ -92,7 +94,7 @@ def handle_send_phone_confirmation_otp_failure(result)
 
     def save_delivery_preference
       original_session = idv_session.user_phone_confirmation_session
-      idv_session.user_phone_confirmation_session = PhoneConfirmation::ConfirmationSession.new(
+      idv_session.user_phone_confirmation_session = Idv::PhoneConfirmationSession.new(
         code: original_session.code,
         phone: original_session.phone,
         sent_at: original_session.sent_at,

diff --git a/app/controllers/idv/personal_key_controller.rb b/app/controllers/idv/personal_key_controller.rb
@@ -10,20 +10,25 @@ class PersonalKeyController < ApplicationController
     before_action :confirm_profile_has_been_created
 
     def show
-      analytics.idv_personal_key_visited
+      analytics.idv_personal_key_visited(address_verification_method: address_verification_method)
       add_proofing_component
 
       finish_idv_session
     end
 
     def update
       user_session[:need_personal_key_confirmation] = false
-      analytics.idv_personal_key_submitted
+
+      analytics.idv_personal_key_submitted(address_verification_method: address_verification_method)
       redirect_to next_step
     end
 
     private
 
+    def address_verification_method
+      user_session.dig('idv', 'address_verification_mechanism')
+    end
+
     def next_step
       if pending_profile? && idv_session.address_verification_mechanism == 'gpo'
         idv_come_back_later_url

diff --git a/app/controllers/idv/review_controller.rb b/app/controllers/idv/review_controller.rb
@@ -36,7 +36,7 @@ def confirm_current_password
 
     def new
       @applicant = idv_session.applicant
-      analytics.idv_review_info_visited
+      analytics.idv_review_info_visited(address_verification_method: address_verification_method)
 
       gpo_mail_service = Idv::GpoMail.new(current_user)
       flash_now = flash.now
@@ -67,6 +67,10 @@ def create
 
     private
 
+    def address_verification_method
+      user_session.dig('idv', 'address_verification_mechanism')
+    end
+
     def log_reproof_event
       irs_attempts_api_tracker.idv_reproof
     end

diff --git a/app/controllers/users/delete_controller.rb b/app/controllers/users/delete_controller.rb
@@ -21,7 +21,7 @@ def delete
 
     def delete_user
       ActiveRecord::Base.transaction do
-        Db::DeletedUser::Create.call(current_user.id)
+        DeletedUser.create_from_user(current_user)
         current_user.destroy!
       end
     end

diff --git a/app/controllers/users/two_factor_authentication_controller.rb b/app/controllers/users/two_factor_authentication_controller.rb
@@ -219,6 +219,7 @@ def track_events(otp_delivery_preference:)
         context: context,
         otp_delivery_preference: otp_delivery_preference,
         resend: params.dig(:otp_delivery_selection_form, :resend),
+        adapter: Telephony.config.adapter,
         telephony_response: @telephony_result.to_h,
         success: @telephony_result.success?,
       )
@@ -271,19 +272,24 @@ def send_user_otp(method)
       end
 
       current_user.create_direct_otp
-      params = {
+      otp_params = {
         to: phone_to_deliver_to,
         otp: current_user.direct_otp,
         expiration: TwoFactorAuthenticatable::DIRECT_OTP_VALID_FOR_MINUTES,
         channel: method.to_sym,
         domain: IdentityConfig.store.domain_name,
         country_code: parsed_phone.country,
+        extra_metadata: {
+          area_code: parsed_phone.area_code,
+          phone_fingerprint: Pii::Fingerprinter.fingerprint(parsed_phone.e164),
+          resend: params.dig(:otp_delivery_selection_form, :resend),
+        },
       }
 
       if UserSessionContext.authentication_or_reauthentication_context?(context)
-        Telephony.send_authentication_otp(**params)
+        Telephony.send_authentication_otp(**otp_params)
       else
-        Telephony.send_confirmation_otp(**params)
+        Telephony.send_confirmation_otp(**otp_params)
       end
     end
 

diff --git a/app/forms/add_user_email_form.rb b/app/forms/add_user_email_form.rb
@@ -1,6 +1,7 @@
 class AddUserEmailForm
   include ActiveModel::Model
   include FormAddEmailValidator
+  include ActionView::Helpers::TranslationHelper
 
   attr_reader :email
 

diff --git a/app/forms/idv/api_image_upload_form.rb b/app/forms/idv/api_image_upload_form.rb
@@ -199,15 +199,6 @@ def as_readable(image_key)
       end
     end
 
-    def track_event(event, attributes = {})
-      if analytics.present?
-        analytics.track_event(
-          event,
-          attributes,
-        )
-      end
-    end
-
     def update_analytics(client_response)
       add_costs(client_response)
       update_funnel(client_response)
@@ -216,16 +207,19 @@ def update_analytics(client_response)
           client_image_metrics: image_metadata,
           async: false,
           flow_path: params[:flow_path],
-        ).merge(native_camera_ab_test_data),
+        ).merge(native_camera_ab_test_data, acuant_sdk_upgrade_ab_test_data),
       )
       pii_from_doc = client_response.pii_from_doc || {}
-      store_encrypted_images_if_required
+      stored_image_result = store_encrypted_images_if_required
       irs_attempts_api_tracker.idv_document_upload_submitted(
         success: client_response.success?,
         document_state: pii_from_doc[:state],
         document_number: pii_from_doc[:state_id_number],
         document_issued: pii_from_doc[:state_id_issued],
         document_expiration: pii_from_doc[:state_id_expiration],
+        document_front_image_filename: stored_image_result&.front_filename,
+        document_back_image_filename: stored_image_result&.back_filename,
+        document_image_encryption_key: stored_image_result&.encryption_key,
         first_name: pii_from_doc[:first_name],
         last_name: pii_from_doc[:last_name],
         date_of_birth: pii_from_doc[:dob],
@@ -239,7 +233,9 @@ def store_encrypted_images_if_required
 
       encrypted_document_storage_writer.encrypt_and_write_document(
         front_image: front_image_bytes,
+        front_image_content_type: front.content_type,
         back_image: back_image_bytes,
+        back_image_content_type: back.content_type,
       )
     end
 
@@ -259,6 +255,14 @@ def native_camera_ab_test_data
       }
     end
 
+    def acuant_sdk_upgrade_ab_test_data
+      return {} unless IdentityConfig.store.idv_acuant_sdk_upgrade_a_b_testing_enabled
+      {
+        acuant_sdk_upgrade_ab_test_bucket:
+          AbTests::ACUANT_SDK.bucket(document_capture_session.uuid),
+      }
+    end
+
     def acuant_sdk_capture?
       image_metadata.dig(:front, :source) == Idp::Constants::Vendors::ACUANT &&
         image_metadata.dig(:back, :source) == Idp::Constants::Vendors::ACUANT