Deploy RC 255 to Prod

Gemfile

@@ -33,7 +33,7 @@ gem 'jsbundling-rails', '~> 1.0.0'
 gem 'jwe'
 gem 'jwt'
 gem 'lograge', '>= 0.11.2'
-gem 'lookbook', '~> 1.4.5', require: false
+gem 'lookbook', '~> 1.5.3', require: false
 gem 'lru_redux'
 gem 'msgpack', '~> 1.6'
 gem 'maxminddb'
@@ -68,7 +68,7 @@ gem 'strong_migrations', '>= 0.4.2'
 gem 'subprocess', require: false
 gem 'uglifier', '~> 4.2'
 gem 'valid_email', '>= 0.1.3'
-gem 'view_component', '~> 2.51.0'
+gem 'view_component', '~> 2.82.0'
 gem 'webauthn', '~> 2.5.2'
 gem 'xmldsig', '~> 0.6'
 gem 'xmlenc', '~> 0.7', '>= 0.7.1'

Gemfile.lock

@@ -366,7 +366,7 @@ GEM
     loofah (2.19.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    lookbook (1.4.5)
+    lookbook (1.5.3)
       actioncable
       activemodel
       css_parser
@@ -376,7 +376,7 @@ GEM
       railties (>= 5.0)
       redcarpet (~> 3.5)
       rouge (>= 3.26, < 5.0)
-      view_component (~> 2.0)
+      view_component (> 2.0, < 4)
       yard (~> 0.9.25)
       zeitwerk (~> 2.5)
     lru_redux (1.1.0)
@@ -520,7 +520,7 @@ GEM
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     redacted_struct (1.1.0)
-    redcarpet (3.5.1)
+    redcarpet (3.6.0)
     redis (5.0.5)
       redis-client (>= 0.9.0)
     redis-client (0.12.0)
@@ -541,7 +541,7 @@ GEM
     retries (0.0.5)
     rexml (3.2.5)
     rotp (6.2.0)
-    rouge (4.0.1)
+    rouge (4.1.0)
     rqrcode (2.1.0)
       chunky_png (~> 1.0)
       rqrcode_core (~> 1.0)
@@ -665,8 +665,9 @@ GEM
       activemodel
       mail (>= 2.6.1)
       simpleidn
-    view_component (2.51.0)
-      activesupport (>= 5.0.0, < 8.0)
+    view_component (2.82.0)
+      activesupport (>= 5.2.0, < 8.0)
+      concurrent-ruby (~> 1.0)
       method_source (~> 1.0)
     virtus (2.0.0)
       axiom-types (~> 0.1)
@@ -762,7 +763,7 @@ DEPENDENCIES
   knapsack
   letter_opener (~> 1.8)
   lograge (>= 0.11.2)
-  lookbook (~> 1.4.5)
+  lookbook (~> 1.5.3)
   lru_redux
   maxminddb
   msgpack (~> 1.6)
@@ -822,7 +823,7 @@ DEPENDENCIES
   subprocess
   uglifier (~> 4.2)
   valid_email (>= 0.1.3)
-  view_component (~> 2.51.0)
+  view_component (~> 2.82.0)
   webauthn (~> 2.5.2)
   webdrivers (~> 5.2.0)
   webmock

app/assets/stylesheets/components/_phone-input.scss

@@ -14,6 +14,10 @@ lg-phone-input {
     }
   }
 
+  .iti__dial-code {
+    color: color('ink');
+  }
+
   .iti:not(.iti--allow-dropdown) input {
     padding-left: 36px;
     padding-right: 6px;

app/components/base_component.rb

@@ -9,7 +9,7 @@ def before_render
 
   def self.scripts
     @scripts ||= begin
-      scripts = _sidecar_files(['js', 'ts']).map { |file| File.basename(file, '.*') }
+      scripts = sidecar_files(['js', 'ts']).map { |file| File.basename(file, '.*') }
       scripts.concat superclass.scripts if superclass.respond_to?(:scripts)
       scripts
     end

app/controllers/concerns/idv/step_utilities_concern.rb

@@ -0,0 +1,41 @@
+module Idv
+  module StepUtilitiesConcern
+    extend ActiveSupport::Concern
+
+    def flow_session
+      user_session['idv/doc_auth']
+    end
+
+    # copied from doc_auth_controller
+    def flow_path
+      flow_session[:flow_path]
+    end
+
+    def confirm_pii_from_doc
+      @pii = flow_session['pii_from_doc'] # hash with indifferent access
+      return if @pii.present?
+      flow_session.delete('Idv::Steps::DocumentCaptureStep')
+      redirect_to idv_doc_auth_url
+    end
+
+    # Copied from capture_doc_flow.rb
+    # and from doc_auth_flow.rb
+    def acuant_sdk_ab_test_analytics_args
+      capture_session_uuid = flow_session[:document_capture_session_uuid]
+      if capture_session_uuid
+        {
+          acuant_sdk_upgrade_ab_test_bucket:
+            AbTests::ACUANT_SDK.bucket(capture_session_uuid),
+        }
+      else
+        {}
+      end
+    end
+
+    def irs_reproofing?
+      effective_user&.decorate&.reproof_for_irs?(
+        service_provider: current_sp,
+      ).present?
+    end
+  end
+end

app/controllers/concerns/idv_session.rb

@@ -7,7 +7,7 @@ module IdvSession
     before_action :redirect_if_sp_context_needed
   end
 
-  def confirm_idv_session_started
+  def confirm_idv_applicant_created
     redirect_to idv_verify_info_url if idv_session.applicant.blank?
   end
 

app/controllers/concerns/idv_step_concern.rb

@@ -6,6 +6,5 @@ module IdvStepConcern
   included do
     before_action :confirm_two_factor_authenticated
     before_action :confirm_idv_needed
-    before_action :confirm_idv_session_started
   end
 end

app/controllers/idv/personal_key_controller.rb

@@ -56,6 +56,8 @@ def add_proofing_component
 
     def finish_idv_session
       @code = personal_key
+      @personal_key_generated_at = current_user.personal_key_generated_at
+
       user_session[:personal_key] = @code
       idv_session.personal_key = nil
 

app/controllers/idv/phone_controller.rb

@@ -7,6 +7,7 @@ class PhoneController < ApplicationController
 
     attr_reader :idv_form
 
+    before_action :confirm_idv_applicant_created
     before_action :confirm_step_needed
     before_action :set_idv_form
 

app/controllers/idv/review_controller.rb

@@ -6,6 +6,7 @@ class ReviewController < ApplicationController
     include StepIndicatorConcern
     include PhoneConfirmation
 
+    before_action :confirm_idv_applicant_created
     before_action :confirm_idv_steps_complete
     before_action :confirm_idv_phone_confirmed
     before_action :confirm_current_password, only: [:create]

app/controllers/idv/ssn_controller.rb

@@ -0,0 +1,88 @@
+module Idv
+  class SsnController < ApplicationController
+    include IdvSession
+    include StepIndicatorConcern
+    include StepUtilitiesConcern
+    include Steps::ThreatMetrixStepHelper
+
+    before_action :render_404_if_ssn_controller_disabled
+    before_action :confirm_two_factor_authenticated
+    before_action :confirm_pii_from_doc
+
+    attr_accessor :error_message
+
+    def show
+      increment_step_counts
+
+      analytics.idv_doc_auth_redo_ssn_submitted(**analytics_arguments) if updating_ssn
+
+      analytics.idv_doc_auth_ssn_visited(**analytics_arguments)
+
+      render :show, locals: extra_view_variables
+    end
+
+    def update
+      @error_message = nil
+      form_response = form_submit
+
+      unless form_response.success?
+        @error_message = form_response.first_error_message
+        redirect_to idv_ssn_url
+      end
+
+      flow_session['pii_from_doc'][:ssn] = params[:doc_auth][:ssn]
+
+      analytics.idv_doc_auth_ssn_submitted(**analytics_arguments)
+
+      irs_attempts_api_tracker.idv_ssn_submitted(
+        ssn: params[:doc_auth][:ssn],
+      )
+
+      idv_session.invalidate_steps_after_ssn!
+
+      redirect_to idv_verify_info_url
+    end
+
+    def extra_view_variables
+      {
+        updating_ssn: updating_ssn,
+        success_alert_enabled: !updating_ssn,
+        **threatmetrix_view_variables,
+      }
+    end
+
+    private
+
+    def render_404_if_ssn_controller_disabled
+      render_not_found unless IdentityConfig.store.doc_auth_ssn_controller_enabled
+    end
+
+    def analytics_arguments
+      {
+        flow_path: flow_path,
+        step: 'ssn',
+        step_count: current_flow_step_counts['Idv::Steps::SsnStep'],
+        analytics_id: 'Doc Auth',
+        irs_reproofing: irs_reproofing?,
+      }.merge(**acuant_sdk_ab_test_analytics_args)
+    end
+
+    def current_flow_step_counts
+      user_session['idv/doc_auth_flow_step_counts'] ||= {}
+      user_session['idv/doc_auth_flow_step_counts'].default = 0
+      user_session['idv/doc_auth_flow_step_counts']
+    end
+
+    def increment_step_counts
+      current_flow_step_counts['Idv::Steps::SsnStep'] += 1
+    end
+
+    def form_submit
+      Idv::SsnFormatForm.new(current_user).submit(params.require(:doc_auth).permit(:ssn))
+    end
+
+    def updating_ssn
+      flow_session.dig('pii_from_doc', :ssn).present?
+    end
+  end
+end

app/controllers/idv/verify_info_controller.rb

@@ -1,6 +1,7 @@
 module Idv
   class VerifyInfoController < ApplicationController
-    include IdvSession
+    include IdvStepConcern
+    include StepUtilitiesConcern
 
     before_action :confirm_two_factor_authenticated
     before_action :confirm_ssn_step_complete
@@ -73,21 +74,6 @@ def update
 
     private
 
-    # copied from doc_auth_controller
-    def flow_session
-      user_session['idv/doc_auth']
-    end
-
-    def flow_path
-      flow_session[:flow_path]
-    end
-
-    def irs_reproofing?
-      effective_user&.decorate&.reproof_for_irs?(
-        service_provider: current_sp,
-      ).present?
-    end
-
     def analytics_arguments
       {
         flow_path: flow_path,
@@ -98,20 +84,6 @@ def analytics_arguments
       }.merge(**acuant_sdk_ab_test_analytics_args)
     end
 
-    # Copied from capture_doc_flow.rb
-    # and from doc_auth_flow.rb
-    def acuant_sdk_ab_test_analytics_args
-      capture_session_uuid = flow_session[:document_capture_session_uuid]
-      if capture_session_uuid
-        {
-          acuant_sdk_upgrade_ab_test_bucket:
-          AbTests::ACUANT_SDK.bucket(capture_session_uuid),
-        }
-      else
-        {}
-      end
-    end
-
     # copied from verify_step
     def pii
       @pii = flow_session[:pii_from_doc] if flow_session
@@ -125,7 +97,11 @@ def delete_pii
     # copied from address_controller
     def confirm_ssn_step_complete
       return if pii.present? && pii[:ssn].present?
-      redirect_to idv_doc_auth_url
+      if IdentityConfig.store.doc_auth_ssn_controller_enabled
+        redirect_to idv_ssn_url
+      else
+        redirect_to idv_doc_auth_url
+      end
     end
 
     def confirm_profile_not_already_confirmed

app/controllers/reactivate_account_controller.rb

@@ -4,7 +4,9 @@ class ReactivateAccountController < ApplicationController
   before_action :confirm_two_factor_authenticated
   before_action :confirm_password_reset_profile
 
-  def index; end
+  def index
+    @personal_key_generated_at = current_user.personal_key_generated_at
+  end
 
   def update
     reactivate_account_session.suspend

app/controllers/users/personal_keys_controller.rb

@@ -17,6 +17,7 @@ def show
       return redirect_to account_url if personal_key.blank?
 
       @code = personal_key
+      @personal_key_generated_at = current_user.personal_key_generated_at
     end
 
     def update

app/forms/openid_connect_authorize_form.rb

@@ -110,7 +110,8 @@ def aal_values
   end
 
   def aal
-    Saml::Idp::Constants::AUTHN_CONTEXT_CLASSREF_TO_AAL[aal_values.sort.max]
+    Saml::Idp::Constants::AUTHN_CONTEXT_CLASSREF_TO_AAL[aal_values.sort.max] ||
+      Saml::Idp::Constants::DEFAULT_AAL_AUTHN_CONTEXT_CLASSREF
   end
 
   def_delegators :ial_context,

app/javascript/packages/phone-input/index.ts

@@ -137,6 +137,7 @@ export class PhoneInputElement extends HTMLElement {
 
     const iti = intlTelInput(this.textInput, {
       preferredCountries: ['US', 'CA'],
+      initialCountry: this.codeInput.value,
       localizedCountries: countryCodePairs,
       onlyCountries: supportedCountryCodes,
       autoPlaceholder: 'off',

app/javascript/packages/phone-input/package.json

@@ -3,7 +3,7 @@
   "private": true,
   "version": "1.0.0",
   "dependencies": {
-    "intl-tel-input": "^17.0.8",
+    "intl-tel-input": "^17.0.19",
     "libphonenumber-js": "^1.10.11"
   }
 }

app/models/user.rb

@@ -101,6 +101,12 @@ def pending_profile
     profiles.gpo_verification_pending.order(created_at: :desc).first
   end
 
+  def personal_key_generated_at
+    encrypted_recovery_code_digest_generated_at ||
+      active_profile&.verified_at ||
+      profiles.verified.order(activated_at: :desc).first&.verified_at
+  end
+
   def default_phone_configuration
     phone_configurations.order('made_default_at DESC NULLS LAST, created_at').first
   end