Deploy RC 251 to Prod

.gitignore

@@ -15,6 +15,7 @@
 .databag_secret
 .env
 .idea
+.irb_history
 .powrc
 .sass-cache
 .zeus.sock

.irbrc

@@ -0,0 +1 @@
+IRB.conf[:USE_AUTOCOMPLETE] = false

app/components/base_component.rb

@@ -8,7 +8,11 @@ def before_render
   end
 
   def self.scripts
-    @scripts ||= _sidecar_files(['js', 'ts']).map { |file| File.basename(file, '.*') }
+    @scripts ||= begin
+      scripts = _sidecar_files(['js', 'ts']).map { |file| File.basename(file, '.*') }
+      scripts.concat superclass.scripts if superclass.respond_to?(:scripts)
+      scripts
+    end
   end
 
   def unique_id

app/controllers/idv/gpo_verify_controller.rb

@@ -55,7 +55,7 @@ def create
                 disavowal_token: disavowal_token,
               )
               flash[:success] = t('account.index.verification.success')
-              redirect_to sign_up_completed_url
+              redirect_to next_step
             end
           end
         else
@@ -67,6 +67,15 @@ def create
 
     private
 
+    def next_step
+      if IdentityConfig.store.gpo_personal_key_after_otp
+        enable_personal_key_generation
+        idv_personal_key_url
+      else
+        sign_up_completed_url
+      end
+    end
+
     def throttle
       @throttle ||= Throttle.new(
         user: current_user,
@@ -104,5 +113,10 @@ def confirm_verification_needed
     def threatmetrix_enabled?
       FeatureManagement.proofing_device_profiling_decisioning_enabled?
     end
+
+    def enable_personal_key_generation
+      idv_session.resolution_successful = 'gpo'
+      idv_session.applicant = pii
+    end
   end
 end

app/controllers/idv/personal_key_controller.rb

@@ -47,7 +47,7 @@ def next_step
     end
 
     def confirm_profile_has_been_created
-      redirect_to account_url if idv_session.profile.blank?
+      redirect_to account_url if profile.blank?
     end
 
     def add_proofing_component
@@ -62,7 +62,9 @@ def finish_idv_session
       irs_attempts_api_tracker.idv_personal_key_generated
 
       if idv_session.address_verification_mechanism == 'gpo'
-        flash.now[:success] = t('idv.messages.mail_sent')
+        if !IdentityConfig.store.gpo_personal_key_after_otp
+          flash.now[:success] = t('idv.messages.mail_sent')
+        end
       else
         flash.now[:success] = t('idv.messages.confirm')
       end
@@ -73,9 +75,14 @@ def personal_key
       idv_session.personal_key || generate_personal_key
     end
 
+    def profile
+      return idv_session.profile if idv_session.profile
+      current_user.active_profile
+    end
+
     def generate_personal_key
       cacher = Pii::Cacher.new(current_user, user_session)
-      idv_session.profile.encrypt_recovery_pii(cacher.fetch)
+      profile.encrypt_recovery_pii(cacher.fetch)
     end
 
     def in_person_enrollment?
@@ -88,8 +95,8 @@ def pending_profile?
     end
 
     def blocked_by_device_profiling?
-      !idv_session.profile.active &&
-        idv_session.profile.deactivation_reason == 'threatmetrix_review_pending'
+      !profile.active &&
+        profile.deactivation_reason == 'threatmetrix_review_pending'
     end
   end
 end

app/controllers/idv/review_controller.rb

@@ -126,10 +126,11 @@ def password
     end
 
     def confirm_verify_info_complete
-      if IdentityConfig.store.doc_auth_verify_info_controller_enabled &&
-         !idv_session.resolution_successful
-        redirect_to idv_verify_info_url
-      end
+      return unless IdentityConfig.store.doc_auth_verify_info_controller_enabled
+      return unless user_fully_authenticated?
+      return if idv_session.resolution_successful
+
+      redirect_to idv_verify_info_url
     end
 
     def personal_key_confirmed
@@ -143,7 +144,16 @@ def need_personal_key_confirmation?
     end
 
     def next_step
-      idv_personal_key_url
+      if gpo_user_flow?
+        idv_come_back_later_url
+      else
+        idv_personal_key_url
+      end
+    end
+
+    def gpo_user_flow?
+      idv_session.address_verification_mechanism == 'gpo' &&
+        IdentityConfig.store.gpo_personal_key_after_otp
     end
 
     def handle_request_enroll_exception(err)

app/controllers/idv/verify_info_controller.rb

@@ -9,6 +9,8 @@ class VerifyInfoController < ApplicationController
     def show
       increment_step_counts
       analytics.idv_doc_auth_verify_visited(**analytics_arguments)
+      Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
+        call('verify', :view, true)
 
       if ssn_throttle.throttled?
         redirect_to idv_session_errors_ssn_failure_url
@@ -27,6 +29,8 @@ def show
     def update
       return if idv_session.verify_info_step_document_capture_session_uuid
       analytics.idv_doc_auth_verify_submitted(**analytics_arguments)
+      Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
+        call('verify', :update, true)
 
       pii[:uuid_prefix] = ServiceProvider.find_by(issuer: sp_session[:issuer])&.app_id
 
@@ -114,6 +118,7 @@ def pii
     end
 
     def delete_pii
+      flow_session.delete(:pii_from_doc)
       flow_session.delete(:pii_from_user)
     end
 

app/controllers/users/phone_setup_controller.rb

@@ -12,14 +12,14 @@ class PhoneSetupController < ApplicationController
 
     def index
       @new_phone_form = NewPhoneForm.new(
-        current_user,
+        user: current_user,
         setup_voice_preference: setup_voice_preference?,
       )
       track_phone_setup_visit
     end
 
     def create
-      @new_phone_form = NewPhoneForm.new(current_user)
+      @new_phone_form = NewPhoneForm.new(user: current_user)
       result = @new_phone_form.submit(new_phone_form_params)
       analytics.multi_factor_auth_phone_setup(**result.to_h)
 

app/controllers/users/phones_controller.rb

@@ -8,11 +8,11 @@ class PhonesController < ReauthnRequiredController
 
     def add
       user_session[:phone_id] = nil
-      @new_phone_form = NewPhoneForm.new(current_user)
+      @new_phone_form = NewPhoneForm.new(user: current_user)
     end
 
     def create
-      @new_phone_form = NewPhoneForm.new(current_user)
+      @new_phone_form = NewPhoneForm.new(user: current_user)
       if @new_phone_form.submit(user_params).success?
         confirm_phone
         bypass_sign_in current_user

app/controllers/users/verify_password_controller.rb

@@ -14,6 +14,9 @@ def update
       @decrypted_pii = decrypted_pii
       result = verify_password_form.submit
 
+      irs_attempts_api_tracker.logged_in_profile_change_reauthentication_submitted(
+        success: result.success?,
+      )
       if result.success?
         handle_success(result)
       else
@@ -38,6 +41,7 @@ def decrypted_pii
 
     def handle_success(result)
       flash[:personal_key] = result.extra[:personal_key]
+      irs_attempts_api_tracker.idv_personal_key_generated
       reactivate_account_session.clear
       redirect_to account_url
     end

app/forms/new_phone_form.rb

@@ -15,23 +15,26 @@ class NewPhoneForm
   validate :validate_not_premium_rate
   validate :validate_allowed_carrier
 
-  attr_accessor :phone, :international_code, :otp_delivery_preference,
-                :otp_make_default_number, :setup_voice_preference
+  attr_reader :phone,
+              :international_code,
+              :otp_delivery_preference,
+              :otp_make_default_number,
+              :setup_voice_preference
 
   alias_method :setup_voice_preference?, :setup_voice_preference
 
-  def initialize(user, setup_voice_preference: false)
-    self.user = user
-    self.otp_delivery_preference = user.otp_delivery_preference
-    self.otp_make_default_number = false
-    self.setup_voice_preference = setup_voice_preference
+  def initialize(user:, setup_voice_preference: false)
+    @user = user
+    @otp_delivery_preference = user.otp_delivery_preference
+    @otp_make_default_number = false
+    @setup_voice_preference = setup_voice_preference
   end
 
   def submit(params)
     ingest_submitted_params(params)
 
     success = valid?
-    self.phone = submitted_phone unless success
+    @phone = submitted_phone unless success
 
     FormResponse.new(success: success, errors: errors, extra: extra_analytics_attributes)
   end
@@ -64,15 +67,12 @@ def phone_info
 
   private
 
-  attr_accessor :user, :submitted_phone
+  attr_reader :user, :submitted_phone
 
   def ingest_phone_number(params)
-    self.international_code = params[:international_code]
-    self.submitted_phone = params[:phone]
-    self.phone = PhoneFormatter.format(
-      submitted_phone,
-      country_code: international_code,
-    )
+    @international_code = params[:international_code]
+    @submitted_phone = params[:phone]
+    @phone = PhoneFormatter.format(submitted_phone, country_code: international_code)
   end
 
   def extra_analytics_attributes
@@ -135,8 +135,8 @@ def ingest_submitted_params(params)
     delivery_prefs = params[:otp_delivery_preference]
     default_prefs = params[:otp_make_default_number]
 
-    self.otp_delivery_preference = delivery_prefs if delivery_prefs
-    self.otp_make_default_number = true if default_prefs
+    @otp_delivery_preference = delivery_prefs if delivery_prefs
+    @otp_make_default_number = true if default_prefs
   end
 
   def confirmed_phone?