18F · jmdembe · Apr 18, 2023 · Apr 14, 2023 · Apr 14, 2023 · Apr 14, 2023
diff --git a/README.md b/README.md
@@ -21,6 +21,7 @@ Refer to the [_Local Development_ documentation](./docs/local-development.md) to
 - [Docker](docs/Docker.md)
 - [Front-end Architecture](docs/frontend.md)
 - [Local Development](docs/local-development.md)
+- [Mobile local development](docs/mobile.md)
 - [SAML Profile](docs/SAML_PROFILE.md)
 - [Security](docs/SECURITY.md)
 - [Troubleshooting Local Development](docs/troubleshooting.md)
diff --git a/app/assets/stylesheets/components/_tag.scss b/app/assets/stylesheets/components/_tag.scss
@@ -4,6 +4,8 @@
 
 .usa-tag {
   display: inline-block;
+  text-transform: none;
+  font-weight: bold;
 }
 
 .usa-tag--informative {

diff --git a/app/controllers/accounts/connected_accounts_controller.rb b/app/controllers/accounts/connected_accounts_controller.rb
@@ -11,7 +11,7 @@ def show
         personal_key: flash[:personal_key],
         sp_session_request_url: sp_session_request_url_with_updated_params,
         sp_name: decorated_session.sp_name,
-        decorated_user: current_user.decorate,
+        user: current_user,
         locked_for_session: pii_locked_for_session?(current_user),
       )
     end

diff --git a/app/controllers/accounts/history_controller.rb b/app/controllers/accounts/history_controller.rb
@@ -11,7 +11,7 @@ def show
         personal_key: flash[:personal_key],
         sp_session_request_url: sp_session_request_url_with_updated_params,
         sp_name: decorated_session.sp_name,
-        decorated_user: current_user.decorate,
+        user: current_user,
         locked_for_session: pii_locked_for_session?(current_user),
       )
     end

diff --git a/app/controllers/accounts/personal_keys_controller.rb b/app/controllers/accounts/personal_keys_controller.rb
@@ -31,7 +31,7 @@ def prompt_for_password_if_pii_locked
     end
 
     def pii_locked?
-      UserDecorator.new(current_user).identity_verified? &&
+      current_user.identity_verified? &&
         !Pii::Cacher.new(current_user, user_session).exists_in_session?
     end
 

diff --git a/app/controllers/accounts/two_factor_authentication_controller.rb b/app/controllers/accounts/two_factor_authentication_controller.rb
@@ -12,7 +12,7 @@ def show
         personal_key: flash[:personal_key],
         sp_session_request_url: sp_session_request_url_with_updated_params,
         sp_name: decorated_session.sp_name,
-        decorated_user: current_user.decorate,
+        user: current_user,
         locked_for_session: pii_locked_for_session?(current_user),
       )
     end

diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
@@ -13,7 +13,7 @@ def show
       personal_key: flash[:personal_key],
       sp_session_request_url: sp_session_request_url_with_updated_params,
       sp_name: decorated_session.sp_name,
-      decorated_user: current_user.decorate,
+      user: current_user,
       locked_for_session: pii_locked_for_session?(current_user),
     )
   end

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -252,16 +252,16 @@ def after_mfa_setup_path
   end
 
   def user_needs_to_reactivate_account?
-    return false if current_user.decorate.password_reset_profile.blank?
+    return false if current_user.password_reset_profile.blank?
     return false if pending_profile_newer_than_password_reset_profile?
     sp_session[:ial2] == true
   end
 
   def pending_profile_newer_than_password_reset_profile?
-    return false if current_user.decorate.pending_profile.blank?
-    return false if current_user.decorate.password_reset_profile.blank?
-    current_user.decorate.pending_profile.created_at >
-      current_user.decorate.password_reset_profile.updated_at
+    return false if current_user.pending_profile.blank?
+    return false if current_user.password_reset_profile.blank?
+    current_user.pending_profile.created_at >
+      current_user.password_reset_profile.updated_at
   end
 
   def reauthn_param

diff --git a/app/controllers/concerns/account_reactivation_concern.rb b/app/controllers/concerns/account_reactivation_concern.rb
@@ -2,7 +2,7 @@ module AccountReactivationConcern
   extend ActiveSupport::Concern
 
   def confirm_password_reset_profile
-    return if current_user.decorate.password_reset_profile
+    return if current_user.password_reset_profile
     redirect_to root_url
   end
 

diff --git a/app/controllers/concerns/ial2_profile_concern.rb b/app/controllers/concerns/ial2_profile_concern.rb
@@ -3,7 +3,7 @@ module Ial2ProfileConcern
 
   def cache_active_profile(raw_password)
     cacher = Pii::Cacher.new(current_user, user_session)
-    profile = current_user.decorate.active_or_pending_profile
+    profile = current_user.active_or_pending_profile
     begin
       cacher.save(raw_password, profile)
     rescue Encryption::EncryptionError => err

diff --git a/app/controllers/concerns/idv/hybrid_mobile/hybrid_mobile_concern.rb b/app/controllers/concerns/idv/hybrid_mobile/hybrid_mobile_concern.rb
@@ -0,0 +1,15 @@
+module Idv
+  module HybridMobile
+    module HybridMobileConcern
+      extend ActiveSupport::Concern
+
+      included do
+        before_action :render_404_if_hybrid_mobile_controllers_disabled
+      end
+
+      def render_404_if_hybrid_mobile_controllers_disabled
+        render_not_found unless IdentityConfig.store.doc_auth_hybrid_mobile_controllers_enabled
+      end
+    end
+  end
+end
diff --git a/app/controllers/concerns/idv/phone_otp_rate_limitable.rb b/app/controllers/concerns/idv/phone_otp_rate_limitable.rb
@@ -9,14 +9,14 @@ module PhoneOtpRateLimitable
 
     def handle_locked_out_user
       reset_attempt_count_if_user_no_longer_locked_out
-      return unless decorated_user.locked_out?
+      return unless current_user.locked_out?
       analytics.idv_phone_confirmation_otp_rate_limit_locked_out
       handle_too_many_otp_attempts
       false
     end
 
     def reset_attempt_count_if_user_no_longer_locked_out
-      return unless decorated_user.no_longer_locked_out?
+      return unless current_user.no_longer_locked_out?
 
       UpdateUser.new(
         user: current_user,
@@ -41,13 +41,9 @@ def handle_too_many_otp_attempts
     def handle_max_attempts(type)
       presenter = TwoFactorAuthCode::MaxAttemptsReachedPresenter.new(
         type,
-        decorated_user,
+        current_user,
       )
       render_full_width('two_factor_authentication/_locked', locals: { presenter: presenter })
     end
-
-    def decorated_user
-      current_user.decorate
-    end
   end
 end
diff --git a/app/controllers/concerns/idv/step_utilities_concern.rb b/app/controllers/concerns/idv/step_utilities_concern.rb
@@ -17,7 +17,7 @@ def acuant_sdk_ab_test_analytics_args
     end
 
     def irs_reproofing?
-      effective_user&.decorate&.reproof_for_irs?(
+      effective_user&.reproof_for_irs?(
         service_provider: current_sp,
       ).present?
     end

diff --git a/app/controllers/concerns/idv_session.rb b/app/controllers/concerns/idv_session.rb
@@ -10,7 +10,7 @@ module IdvSession
   def confirm_idv_needed
     return if effective_user.active_profile.blank? ||
               decorated_session.requested_more_recent_verification? ||
-              effective_user.decorate.reproof_for_irs?(service_provider: current_sp)
+              effective_user.reproof_for_irs?(service_provider: current_sp)
 
     redirect_to idv_activated_url
   end

diff --git a/app/controllers/concerns/saml_idp_auth_concern.rb b/app/controllers/concerns/saml_idp_auth_concern.rb
@@ -117,8 +117,8 @@ def link_identity_from_session_data
 
   def identity_needs_verification?
     ial2_requested? &&
-      (current_user.decorate.identity_not_verified? ||
-       current_user.decorate.reproof_for_irs?(service_provider: current_sp))
+      (current_user.identity_not_verified? ||
+       current_user.reproof_for_irs?(service_provider: current_sp))
   end
 
   def_delegators :ial_context, :ial2_requested?

diff --git a/app/controllers/concerns/two_factor_authenticatable_methods.rb b/app/controllers/concerns/two_factor_authenticatable_methods.rb
@@ -47,7 +47,7 @@ def handle_too_many_otp_sends(phone: nil, context: nil)
   def handle_max_attempts(type)
     presenter = TwoFactorAuthCode::MaxAttemptsReachedPresenter.new(
       type,
-      decorated_user,
+      current_user,
     )
     sign_out
     render_full_width('two_factor_authentication/_locked', locals: { presenter: presenter })
@@ -79,7 +79,7 @@ def check_sp_required_mfa_bypass(auth_method:)
   end
 
   def reset_attempt_count_if_user_no_longer_locked_out
-    return unless decorated_user.no_longer_locked_out?
+    return unless current_user.no_longer_locked_out?
 
     UpdateUser.new(
       user: current_user,
@@ -119,7 +119,7 @@ def handle_invalid_otp(type:, context: nil)
 
     flash.now[:error] = invalid_otp_error(type)
 
-    if decorated_user.locked_out?
+    if current_user.locked_out?
       handle_second_factor_locked_user(context: context, type: type)
     else
       render_show_after_invalid
@@ -295,10 +295,6 @@ def display_phone_to_deliver_to
     end
   end
 
-  def decorated_user
-    current_user.decorate
-  end
-
   def confirmation_for_add_phone?
     UserSessionContext.confirmation_context?(context) && user_fully_authenticated?
   end

diff --git a/app/controllers/concerns/verify_profile_concern.rb b/app/controllers/concerns/verify_profile_concern.rb
@@ -17,14 +17,13 @@ def user_backup_codes_configured?
   end
 
   def user_last_signed_in_more_than_5_months_ago?
-    user = UserDecorator.new(current_user)
-    second_last_signed_in_at = user.second_last_signed_in_at
+    second_last_signed_in_at = current_user.second_last_signed_in_at
     second_last_signed_in_at && second_last_signed_in_at < 5.months.ago
   end
 
   def profile_needs_verification?
     return false if current_user.blank?
-    current_user.decorate.pending_profile_requires_verification? ||
+    current_user.pending_profile_requires_verification? ||
       user_needs_to_reactivate_account?
   end
 end
diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb
@@ -12,7 +12,7 @@ def show
       personal_key: nil,
       sp_session_request_url: sp_session_request_url_with_updated_params,
       sp_name: decorated_session.sp_name,
-      decorated_user: current_user.decorate,
+      user: current_user,
       locked_for_session: pii_locked_for_session?(current_user),
     )
     device_and_events

diff --git a/app/controllers/idv/come_back_later_controller.rb b/app/controllers/idv/come_back_later_controller.rb
@@ -12,7 +12,7 @@ def show
     private
 
     def confirm_user_needs_gpo_confirmation
-      redirect_to account_url unless current_user.decorate.pending_profile_requires_verification?
+      redirect_to account_url unless current_user.pending_profile_requires_verification?
     end
   end
 end
diff --git a/app/controllers/idv/doc_auth_controller.rb b/app/controllers/idv/doc_auth_controller.rb
@@ -33,7 +33,7 @@ def return_to_sp
     end
 
     def redirect_if_pending_profile
-      redirect_to idv_gpo_verify_url if current_user.decorate.pending_profile_requires_verification?
+      redirect_to idv_gpo_verify_url if current_user.pending_profile_requires_verification?
     end
 
     def redirect_if_flow_completed

diff --git a/app/controllers/idv/gpo_controller.rb b/app/controllers/idv/gpo_controller.rb
@@ -57,7 +57,7 @@ def update_tracking
     end
 
     def resend_requested?
-      current_user.decorate.pending_profile_requires_verification?
+      current_user.pending_profile_requires_verification?
     end
 
     def confirm_mail_not_spammed
@@ -68,7 +68,7 @@ def confirm_mail_not_spammed
     def confirm_user_completed_idv_profile_step
       # If the user has a pending profile, they may have completed idv in a
       # different session and need a letter resent now
-      return if current_user.decorate.pending_profile_requires_verification?
+      return if current_user.pending_profile_requires_verification?
       return if idv_session.verify_info_step_complete?
 
       redirect_to idv_doc_auth_url

diff --git a/app/controllers/idv/gpo_verify_controller.rb b/app/controllers/idv/gpo_verify_controller.rb
@@ -100,7 +100,7 @@ def params_otp
     end
 
     def confirm_verification_needed
-      return if current_user.decorate.pending_profile_requires_verification?
+      return if current_user.pending_profile_requires_verification?
       redirect_to account_url
     end
 

diff --git a/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb b/app/controllers/idv/hybrid_mobile/capture_complete_controller.rb
@@ -5,8 +5,7 @@ class CaptureCompleteController < ApplicationController
       include IdvStepConcern
       include StepIndicatorConcern
       include StepUtilitiesConcern
-
-      before_action :render_404_if_hybrid_mobile_controllers_disabled
+      include HybridMobileConcern
 
       def show
         increment_step_counts
@@ -21,10 +20,6 @@ def show
 
       private
 
-      def render_404_if_hybrid_mobile_controllers_disabled
-        render_not_found unless IdentityConfig.store.doc_auth_hybrid_mobile_controllers_enabled
-      end
-
       def analytics_arguments
         {
           flow_path: 'hybrid',

diff --git a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb
@@ -0,0 +1,11 @@
+module Idv
+  module HybridMobile
+    class DocumentCaptureController < ApplicationController
+      include HybridMobileConcern
+
+      def show
+        # TODO
+      end
+    end
+  end
+end