Deploy RC 281 to Prod

Gemfile

@@ -42,7 +42,7 @@ gem 'net-sftp'
 gem 'newrelic_rpm', '~> 8.0'
 gem 'pg'
 gem 'phonelib'
-gem 'premailer-rails', '>= 1.11.1'
+gem 'premailer-rails', '>= 1.12.0'
 gem 'profanity_filter'
 gem 'rack', '>= 2.2.3.1'
 gem 'rack-attack', '>= 6.2.1'

Gemfile.lock

@@ -442,12 +442,13 @@ GEM
       google-protobuf (>= 3.19.2)
     phonelib (0.6.54)
     pkcs11 (0.3.4)
-    premailer (1.15.0)
+    premailer (1.21.0)
       addressable
-      css_parser (>= 1.6.0)
+      css_parser (>= 1.12.0)
       htmlentities (>= 4.0.0)
-    premailer-rails (1.11.1)
+    premailer-rails (1.12.0)
       actionmailer (>= 3)
+      net-smtp
       premailer (~> 1.7, >= 1.7.9)
     profanity_filter (0.1.1)
     pry (0.14.1)
@@ -778,7 +779,7 @@ DEPENDENCIES
   pg
   pg_query
   phonelib
-  premailer-rails (>= 1.11.1)
+  premailer-rails (>= 1.12.0)
   profanity_filter
   pry-byebug
   pry-doc

app/controllers/concerns/fraud_review_concern.rb

@@ -1,6 +1,11 @@
 module FraudReviewConcern
   extend ActiveSupport::Concern
 
+  delegate :fraud_check_failed?,
+           :fraud_review_pending?,
+           :fraud_rejection?,
+           to: :fraud_review_checker
+
   def handle_fraud
     handle_pending_fraud_review
     handle_fraud_rejection
@@ -22,13 +27,7 @@ def redirect_to_fraud_rejection
     redirect_to idv_not_verified_url
   end
 
-  def fraud_review_pending?
-    return false unless user_fully_authenticated?
-    current_user.fraud_review_pending?
-  end
-
-  def fraud_rejection?
-    return false unless user_fully_authenticated?
-    current_user.fraud_rejection?
+  def fraud_review_checker
+    @fraud_review_checker ||= FraudReviewChecker.new(current_user)
   end
 end

app/controllers/concerns/idv/verify_info_concern.rb

@@ -45,15 +45,19 @@ def update
         user_id: current_user.id,
         threatmetrix_session_id: flow_session[:threatmetrix_session_id],
         request_ip: request.remote_ip,
-        double_address_verification: current_user.establishing_in_person_enrollment&.
-          capture_secondary_id_enabled || false,
+        double_address_verification: capture_secondary_id_enabled,
       )
 
       redirect_to after_update_url
     end
 
     private
 
+    def capture_secondary_id_enabled
+      current_user.establishing_in_person_enrollment&.
+          capture_secondary_id_enabled || false
+    end
+
     def should_use_aamva?(pii)
       aamva_state?(pii) && !aamva_disallowed_for_service_provider?
     end

app/controllers/idv/gpo_verify_controller.rb

@@ -111,10 +111,6 @@ def confirm_verification_needed
       redirect_to account_url
     end
 
-    def fraud_check_failed?
-      threatmetrix_enabled? && (current_user.fraud_review_pending? || current_user.fraud_rejection?)
-    end
-
     def threatmetrix_enabled?
       FeatureManagement.proofing_device_profiling_decisioning_enabled?
     end

app/controllers/idv/in_person/verify_info_controller.rb

@@ -13,6 +13,7 @@ class VerifyInfoController < ApplicationController
 
       def show
         @step_indicator_steps = step_indicator_steps
+        @capture_secondary_id_enabled = capture_secondary_id_enabled
 
         analytics.idv_doc_auth_verify_visited(**analytics_arguments)
         Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).

app/controllers/idv/link_sent_controller.rb

@@ -43,9 +43,13 @@ def extra_view_variables
     private
 
     def confirm_upload_step_complete
-      return if flow_session['Idv::Steps::UploadStep']
+      return if flow_session[:flow_path] == 'hybrid'
 
-      redirect_to idv_doc_auth_url
+      if flow_session[:flow_path] == 'standard'
+        redirect_to idv_document_capture_url
+      else
+        redirect_to idv_doc_auth_url
+      end
     end
 
     def confirm_document_capture_needed

app/controllers/idv/personal_key_controller.rb

@@ -3,6 +3,7 @@ class PersonalKeyController < ApplicationController
     include IdvSession
     include StepIndicatorConcern
     include SecureHeadersConcern
+    include FraudReviewConcern
 
     before_action :apply_secure_headers_override
     before_action :confirm_two_factor_authenticated
@@ -23,8 +24,8 @@ def update
       analytics.idv_personal_key_submitted(
         address_verification_method: address_verification_method,
         deactivation_reason: idv_session.profile&.deactivation_reason,
-        fraud_review_pending: idv_session.profile&.fraud_review_pending?,
-        fraud_rejection: idv_session.profile&.fraud_rejection?,
+        fraud_review_pending: fraud_review_pending?,
+        fraud_rejection: fraud_rejection?,
       )
       redirect_to next_step
     end
@@ -38,7 +39,7 @@ def address_verification_method
     def next_step
       if in_person_enrollment?
         idv_in_person_ready_to_verify_url
-      elsif blocked_by_device_profiling?
+      elsif fraud_check_failed?
         idv_please_call_url
       elsif session[:sp]
         sign_up_completed_url
@@ -91,10 +92,5 @@ def in_person_enrollment?
       return false unless IdentityConfig.store.in_person_proofing_enabled
       current_user.pending_in_person_enrollment.present?
     end
-
-    def blocked_by_device_profiling?
-      !profile.active &&
-        profile.fraud_review_pending? || profile.fraud_rejection?
-    end
   end
 end

app/controllers/idv/review_controller.rb

@@ -5,6 +5,7 @@ class ReviewController < ApplicationController
     include IdvStepConcern
     include StepIndicatorConcern
     include PhoneConfirmation
+    include FraudReviewConcern
 
     before_action :confirm_verify_info_step_complete
     before_action :confirm_address_step_complete
@@ -18,8 +19,8 @@ def confirm_current_password
 
       analytics.idv_review_complete(
         success: false,
-        fraud_review_pending: current_user.fraud_review_pending?,
-        fraud_rejection: current_user.fraud_rejection?,
+        fraud_review_pending: fraud_review_pending?,
+        fraud_rejection: fraud_rejection?,
       )
       irs_attempts_api_tracker.idv_password_entered(success: false)
 

app/controllers/users/phones_controller.rb

@@ -3,8 +3,9 @@ class PhonesController < ApplicationController
     include PhoneConfirmation
     include RecaptchaConcern
     include ReauthenticationRequiredConcern
+    include MfaSetupConcern
 
-    before_action :confirm_two_factor_authenticated
+    before_action :confirm_user_authenticated_for_2fa_setup
     before_action :redirect_if_phone_vendor_outage
     before_action :check_max_phone_numbers_per_account, only: %i[add create]
     before_action :allow_csp_recaptcha_src, if: :recaptcha_enabled?

app/forms/gpo_verify_form.rb

@@ -21,7 +21,7 @@ def submit
       if pending_in_person_enrollment?
         UspsInPersonProofing::EnrollmentHelper.schedule_in_person_enrollment(user, pii)
         pending_profile&.deactivate(:in_person_verification_pending)
-      elsif fraud_check_failed? && threatmetrix_enabled?
+      elsif fraud_review_checker.fraud_check_failed? && threatmetrix_enabled?
         pending_profile&.remove_gpo_deactivation_reason
         deactivate_for_fraud_review
       else
@@ -37,7 +37,7 @@ def submit
         enqueued_at: gpo_confirmation_code&.code_sent_at,
         pii_like_keypaths: [[:errors, :otp], [:error_details, :otp]],
         pending_in_person_enrollment: pending_in_person_enrollment?,
-        threatmetrix_check_failed: fraud_check_failed?,
+        threatmetrix_check_failed: fraud_review_checker.fraud_check_failed?,
       },
     )
   end
@@ -89,8 +89,8 @@ def threatmetrix_enabled?
     FeatureManagement.proofing_device_profiling_decisioning_enabled?
   end
 
-  def fraud_check_failed?
-    user.fraud_review_pending? || user.fraud_rejection?
+  def fraud_review_checker
+    @fraud_review_checker ||= FraudReviewChecker.new(user)
   end
 
   def activate_profile

app/javascript/packages/document-capture/components/location-collection-item.scss

@@ -12,4 +12,9 @@
   margin-top: 1rem;
   padding-bottom: 1rem;
   border-color: color('primary-light');
+
+  &:last-child {
+    border-bottom-style: none;
+    padding-bottom: 0;
+  }
 }

app/jobs/get_usps_proofing_results_job.rb

@@ -370,7 +370,7 @@ def handle_successful_status_update(enrollment, response)
       passed: true,
       reason: 'Successful status update',
     )
-    enrollment.profile.activate
+    enrollment.profile.activate_after_passing_in_person
     enrollment.update(
       status: :passed,
       proofed_at: proofed_at,

app/models/profile.rb

@@ -71,12 +71,19 @@ def activate_after_passing_review
     activate
   end
 
+  def activate_after_passing_in_person
+    update!(
+      deactivation_reason: nil,
+    )
+    activate
+  end
+
   def deactivate(reason)
     update!(active: false, deactivation_reason: reason)
   end
 
   def has_deactivation_reason?
-    has_fraud_deactivation_reason? || gpo_verification_pending?
+    deactivation_reason.present? || has_fraud_deactivation_reason? || gpo_verification_pending?
   end
 
   def has_fraud_deactivation_reason?

app/models/user.rb

@@ -114,10 +114,6 @@ def gpo_verification_pending_profile
     profiles.where.not(gpo_verification_pending_at: nil).order(created_at: :desc).first
   end
 
-  def fraud_review_eligible?
-    fraud_review_pending_profile&.fraud_review_pending_at&.after?(30.days.ago)
-  end
-
   def fraud_review_pending?
     fraud_review_pending_profile.present?
   end

app/presenters/two_factor_auth_code/phone_delivery_presenter.rb

@@ -95,7 +95,7 @@ def cancel_link
     def troubleshoot_change_phone_or_method_option
       if unconfirmed_phone
         {
-          url: phone_setup_path,
+          url: add_phone_path,
           text: t('two_factor_authentication.phone_verification.troubleshooting.change_number'),
         }
       else

app/services/fraud_review_checker.rb

@@ -0,0 +1,23 @@
+class FraudReviewChecker
+  attr_reader :user
+
+  def initialize(user)
+    @user = user
+  end
+
+  def fraud_check_failed?
+    fraud_review_pending? || fraud_rejection?
+  end
+
+  def fraud_review_pending?
+    user&.fraud_review_pending_profile.present?
+  end
+
+  def fraud_rejection?
+    user&.fraud_rejection_profile.present?
+  end
+
+  def fraud_review_eligible?
+    !!user&.fraud_review_pending_profile&.fraud_review_pending_at&.after?(30.days.ago)
+  end
+end

app/services/idv/actions/redo_document_capture_action.rb

@@ -7,9 +7,14 @@ def self.analytics_submitted_event
 
       def call
         flow_session['redo_document_capture'] = true
-        unless flow_session[:skip_upload_step]
-          mark_step_incomplete(:link_sent)
+        if flow_session[:skip_upload_step]
+          redirect_to idv_document_capture_url
+        else
           mark_step_incomplete(:upload)
+
+          if !IdentityConfig.store.doc_auth_link_sent_controller_enabled
+            mark_step_incomplete(:link_sent)
+          end
         end
       end
     end

app/services/idv/steps/in_person/state_id_step.rb

@@ -37,7 +37,7 @@ def call
            end
           end
 
-          maybe_redirect_to_verify_info if updating_state_id?
+          maybe_redirect_to_verify_info(flow_session[steps[:address].to_s].blank?)
         end
 
         def extra_view_variables

app/services/idv/steps/temp_maybe_redirect_to_verify_info_helper.rb

@@ -1,14 +1,15 @@
+##
 # This module and calls to it can be removed when the in_person_verify_info_controller_enabled
 # flag is removed.
 #
-
 module Idv
   module Steps
     module TempMaybeRedirectToVerifyInfoHelper
       private
 
-      def maybe_redirect_to_verify_info
+      def maybe_redirect_to_verify_info(skip = false)
         return unless IdentityConfig.store.in_person_verify_info_controller_enabled
+        return if skip
         flow_session[:flow_path] = @flow.flow_path
         redirect_to idv_in_person_verify_info_url
       end

app/services/idv/steps/upload_step.rb

@@ -75,7 +75,8 @@ def handle_phone_submission
           failure_reason: failure_reason,
         )
 
-        if IdentityConfig.store.doc_auth_link_sent_controller_enabled
+        if !failure_reason &&
+           IdentityConfig.store.doc_auth_link_sent_controller_enabled
           flow_session[:flow_path] = 'hybrid'
           redirect_to idv_link_sent_url
         end
@@ -98,7 +99,7 @@ def application
       def bypass_send_link_steps
         mark_step_complete(:link_sent)
 
-        flow_session[:flow_path] = @flow.flow_path
+        flow_session[:flow_path] = 'standard'
         redirect_to idv_document_capture_url
 
         form_response(destination: :document_capture)