Deploy RC 286 to Prod

Brewfile

@@ -1,4 +1,4 @@
-brew 'postgresql@13'
+brew 'postgresql@14'
 brew 'redis'
 brew 'node@16'
 brew 'yarn'

Makefile

@@ -25,6 +25,7 @@ ARTIFACT_DESTINATION_FILE ?= ./tmp/idp.tar.gz
 	help \
 	lint \
 	lint_analytics_events \
+	lint_analytics_events_sorted \
 	lint_tracker_events \
 	lint_country_dialing_codes \
 	lint_erb \
@@ -75,6 +76,7 @@ endif
 	@echo "--- analytics_events ---"
 	make lint_analytics_events
 	make lint_tracker_events
+	make lint_analytics_events_sorted
 	@echo "--- brakeman ---"
 	bundle exec brakeman
 	@echo "--- bundler-audit ---"
@@ -102,6 +104,7 @@ endif
 	@echo "--- lint migrations ---"
 	make lint_migrations
 
+
 lint_erb: ## Lints ERB files
 	bundle exec erblint app/views app/components
 
@@ -247,6 +250,10 @@ analytics_events: public/api/_analytics-events.json ## Generates a JSON file tha
 lint_analytics_events: .yardoc ## Checks that all methods on AnalyticsEvents are documented
 	bundle exec ruby lib/analytics_events_documenter.rb --class-name="AnalyticsEvents" --check $<
 
+lint_analytics_events_sorted:
+	@test "$(shell grep '^  def ' app/services/analytics_events.rb)" = "$(shell grep '^  def ' app/services/analytics_events.rb | sort)" \
+		|| (echo 'Error: methods in analytics_events.rb are not sorted alphabetically' && exit 1)
+
 lint_tracker_events: .yardoc ## Checks that all methods on AnalyticsEvents are documented
 	bundle exec ruby lib/analytics_events_documenter.rb --class-name="IrsAttemptsApi::TrackerEvents" --check --skip-extra-params $<
 

app/assets/stylesheets/components/_icon.scss

@@ -20,22 +20,3 @@ $icon-min-padding: 2px;
     margin-right: #{0.5rem - px-to-rem($icon-min-padding)};
   }
 }
-
-.ico-absolute {
-  background-repeat: no-repeat;
-  background-size: $h4;
-  position: relative;
-
-  &-success {
-    &::before {
-      background-image: url('/alert/success.svg');
-      content: '';
-      display: block;
-      height: $h4;
-      left: units(neg-4);
-      position: absolute;
-      top: (lh('body', $theme-body-line-height) - $h4) * 0.5;
-      width: $h4;
-    }
-  }
-}

app/components/memorable_date_component.html.erb

@@ -35,11 +35,12 @@
                     minLength: 1,
                     maxLength: 2,
                     aria: {
-                      invalid: false,
+                      invalid: has_errors?,
                       labelledby: [
                         "memorable-date-month-label-#{unique_id}",
                         "memorable-date-month-hint-#{unique_id}",
                       ],
+                      describedby: ["validated-field-error-#{unique_id}"],
                     },
                     value: month,
                   },
@@ -71,11 +72,13 @@
                   minLength: 1,
                   maxLength: 2,
                   aria: {
-                    invalid: false,
+                    invalid: has_errors?,
                     labelledby: [
                       "memorable-date-day-label-#{unique_id}",
                       "memorable-date-day-hint-#{unique_id}",
                     ],
+                    describedby: ["validated-field-error-#{unique_id}"],
+
                   },
                   value: day,
                 },
@@ -107,11 +110,12 @@
                   minLength: 4,
                   maxLength: 4,
                   aria: {
-                    invalid: false,
+                    invalid: has_errors?,
                     labelledby: [
                       "memorable-date-year-label-#{unique_id}",
                       "memorable-date-year-hint-#{unique_id}",
                     ],
+                    describedby: ["validated-field-error-#{unique_id}"],
                   },
                   value: year,
                 },
@@ -125,4 +129,8 @@
         </lg-validated-field>
     </div>
   <% end -%>
-<div id="validated-field-error-<%= unique_id %>" class="usa-error-message display-none"></div>
+<div id="validated-field-error-<%= unique_id %>" class="usa-error-message <%= 'display-none' unless has_errors? %>">
+  <% if has_errors? %>
+    <%= error_msg %>
+  <% end %>
+</div>

app/components/memorable_date_component.rb

@@ -122,6 +122,14 @@ def i18n_long_format(date)
     end
   end
 
+  def has_errors?
+    form.object.respond_to?(:errors) && form.object.errors.key?(name)
+  end
+
+  def error_msg
+    form.object.errors[name]&.first
+  end
+
   # Configure default generic error messages for component,
   # then integrate any overrides
   def generate_error_messages(label, min, max, override_error_messages)

app/components/password_confirmation_component.html.erb

@@ -43,6 +43,4 @@
   >
     <%= t('components.password_confirmation.toggle_label') %>
   </label>
-
-  <%= form.hidden_field :confirmation_enabled, value: true %>
 <% end %>

app/controllers/concerns/idv/step_utilities_concern.rb

@@ -4,7 +4,7 @@ module StepUtilitiesConcern
     include AcuantConcern
 
     def irs_reproofing?
-      effective_user&.reproof_for_irs?(
+      current_user&.reproof_for_irs?(
         service_provider: current_sp,
       ).present?
     end

app/controllers/concerns/idv_session.rb

@@ -1,16 +1,15 @@
 module IdvSession
   extend ActiveSupport::Concern
-  include EffectiveUser
 
   included do
-    before_action :redirect_unless_effective_user
+    before_action :redirect_unless_idv_session_user
     before_action :redirect_if_sp_context_needed
   end
 
   def confirm_idv_needed
-    return if effective_user.active_profile.blank? ||
+    return if idv_session_user.active_profile.blank? ||
               decorated_session.requested_more_recent_verification? ||
-              effective_user.reproof_for_irs?(service_provider: current_sp)
+              idv_session_user.reproof_for_irs?(service_provider: current_sp)
 
     redirect_to idv_activated_url
   end
@@ -29,20 +28,26 @@ def confirm_phone_or_address_confirmed
   def idv_session
     @idv_session ||= Idv::Session.new(
       user_session: user_session,
-      current_user: effective_user,
+      current_user: idv_session_user,
       service_provider: current_sp,
     )
   end
 
-  def redirect_unless_effective_user
-    redirect_to root_url if !effective_user
+  def redirect_unless_idv_session_user
+    redirect_to root_url if !idv_session_user
   end
 
   def redirect_if_sp_context_needed
     return if sp_from_sp_session.present?
     return unless IdentityConfig.store.idv_sp_required
-    return if effective_user.profiles.any?
+    return if idv_session_user.profiles.any?
 
     redirect_to account_url
   end
+
+  def idv_session_user
+    return User.find_by(id: session[:doc_capture_user_id]) if !current_user && hybrid_session?
+
+    current_user
+  end
 end

app/controllers/concerns/rate_limit_concern.rb

@@ -47,16 +47,15 @@ def throttle_and_controller_match(throttle_type)
       self.instance_of?(Idv::VerifyInfoController) ||
         self.instance_of?(Idv::InPerson::VerifyInfoController)
     when :idv_doc_auth
-      self.instance_of?(Idv::DocumentCaptureController) ||
-        self.instance_of?(Idv::HybridMobile::DocumentCaptureController)
+      self.instance_of?(Idv::DocumentCaptureController)
     when :proof_address
       self.instance_of?(Idv::PhoneController)
     end
   end
 
   def idv_attempter_rate_limited?(throttle_type)
     Throttle.new(
-      user: effective_user,
+      user: idv_session_user,
       throttle_type: throttle_type,
     ).throttled?
   end

app/controllers/frontend_log_controller.rb

@@ -22,6 +22,8 @@ class FrontendLogController < ApplicationController
     'IdV: user clicked sp link on ready to verify page' => :idv_in_person_ready_to_verify_sp_link_clicked,
     'IdV: user clicked what to bring link on ready to verify page' => :idv_in_person_ready_to_verify_what_to_bring_link_clicked,
     'IdV: consent checkbox toggled' => :idv_consent_checkbox_toggled,
+    'User prompted before navigation' => :user_prompted_before_navigation,
+    'User prompted before navigation and still on page' => :user_prompted_before_navigation_and_still_on_page,
   }.transform_values { |method| AnalyticsEvents.instance_method(method) }.freeze
   # rubocop:enable Layout/LineLength
 

app/controllers/idv/document_capture_controller.rb

@@ -54,7 +54,11 @@ def extra_view_variables
     def confirm_upload_step_complete
       return if flow_session[:flow_path].present?
 
-      redirect_to idv_doc_auth_url
+      if IdentityConfig.store.doc_auth_hybrid_handoff_controller_enabled
+        redirect_to idv_hybrid_handoff_url
+      else
+        redirect_to idv_doc_auth_url
+      end
     end
 
     def confirm_document_capture_needed

app/controllers/idv/hybrid_handoff_controller.rb

@@ -7,11 +7,10 @@ class HybridHandoffController < ApplicationController
     include StepUtilitiesConcern
 
     before_action :confirm_two_factor_authenticated
-    before_action :render_404_if_hybrid_handoff_controller_disabled
     before_action :confirm_agreement_step_complete
+    before_action :confirm_hybrid_handoff_needed, only: :show
 
     def show
-      flow_session[:flow_path] = 'standard'
       analytics.idv_doc_auth_upload_visited(**analytics_arguments)
 
       Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).call(
@@ -45,6 +44,7 @@ def handle_phone_submission
       return throttled_failure if throttle.throttled?
       idv_session.phone_for_mobile_flow = params[:doc_auth][:phone]
       flow_session[:phone_for_mobile_flow] = idv_session.phone_for_mobile_flow
+      flow_session[:flow_path] = 'hybrid'
       telephony_result = send_link
       telephony_form_response = build_telephony_form_response(telephony_result)
 
@@ -60,14 +60,17 @@ def handle_phone_submission
       )
 
       if !failure_reason
-        flow_session[:flow_path] = 'hybrid'
         redirect_to idv_link_sent_url
+
+        # for the 50/50 state
+        flow_session['Idv::Steps::UploadStep'] = true
       else
         redirect_to idv_hybrid_handoff_url
+        flow_session[:flow_path] = nil
       end
 
       analytics.idv_doc_auth_upload_submitted(
-        **analytics_arguments.merge(form_response(destination: :link_sent).to_h),
+        **analytics_arguments.merge(telephony_form_response.to_h),
       )
     end
 
@@ -100,6 +103,7 @@ def build_telephony_form_response(telephony_result)
         extra: {
           telephony_response: telephony_result.to_h,
           destination: :link_sent,
+          flow_path: flow_session[:flow_path],
         },
       )
     end
@@ -118,11 +122,14 @@ def bypass_send_link_steps
       flow_session[:flow_path] = 'standard'
       redirect_to idv_document_capture_url
 
-      response = form_response(destination: :document_capture)
+      # for the 50/50 state
+      flow_session['Idv::Steps::UploadStep'] = true
+
       analytics.idv_doc_auth_upload_submitted(
-        **analytics_arguments.merge(response.to_h),
+        **analytics_arguments.merge(
+          form_response(destination: :document_capture).to_h,
+        ),
       )
-      response
     end
 
     def extra_view_variables
@@ -158,25 +165,17 @@ def analytics_arguments
         step: 'upload',
         analytics_id: 'Doc Auth',
         irs_reproofing: irs_reproofing?,
-        flow_path: flow_session[:flow_path],
       }.merge(**acuant_sdk_ab_test_analytics_args)
     end
 
-    def mark_link_sent_step_complete
-      flow_session['Idv::Steps::LinkSentStep'] = true
-    end
-
-    def mark_upload_step_complete
-      flow_session['Idv::Steps::UploadStep'] = true
-    end
-
     def form_response(destination:)
       FormResponse.new(
         success: true,
         errors: {},
         extra: {
           destination: destination,
           skip_upload_step: mobile_device?,
+          flow_path: flow_session[:flow_path],
         },
       )
     end
@@ -210,16 +209,22 @@ def failure(message, extra = nil)
       FormResponse.new(**form_response_params)
     end
 
-    def render_404_if_hybrid_handoff_controller_disabled
-      render_not_found unless IdentityConfig.store.doc_auth_hybrid_handoff_controller_enabled
-    end
-
     def confirm_agreement_step_complete
       return if flow_session['Idv::Steps::AgreementStep']
 
       redirect_to idv_doc_auth_url
     end
 
+    def confirm_hybrid_handoff_needed
+      return if !flow_session[:flow_path]
+
+      if flow_session[:flow_path] == 'standard'
+        redirect_to idv_document_capture_url
+      elsif flow_session[:flow_path] == 'hybrid'
+        redirect_to idv_link_sent_url
+      end
+    end
+
     def formatted_destination_phone
       raw_phone = params.require(:doc_auth).permit(:phone)
       PhoneFormatter.format(raw_phone, country_code: 'US')

app/controllers/idv/link_sent_controller.rb

@@ -80,6 +80,7 @@ def handle_document_verification_success(get_results_response)
     def render_document_capture_cancelled
       if IdentityConfig.store.doc_auth_hybrid_handoff_controller_enabled
         redirect_to idv_hybrid_handoff_url
+        flow_session[:flow_path] = nil
       else
         mark_upload_step_incomplete
         redirect_to idv_doc_auth_url # was idv_url, why?

app/controllers/idv/personal_key_controller.rb

@@ -74,7 +74,7 @@ def personal_key
 
     def profile
       return idv_session.profile if idv_session.profile
-      current_user.active_profile
+      current_user.active_or_pending_profile
     end
 
     def generate_personal_key