Deploy RC 293 to Prod

.gitlab-ci.yml

@@ -89,6 +89,7 @@ install:
     - bundle exec rake assets:precompile
 
 # Build a container image async, and don't block CI tests
+# Cache intermediate images for 1 week (168 hours)
 build-idp-image:
   stage: review
   needs: []
@@ -116,6 +117,10 @@ build-idp-image:
       --context "${CI_PROJECT_DIR}"
       --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
       --destination "${ECR_REGISTRY}/identity-idp/review:${CI_COMMIT_SHA}"
+      --cache-repo="${ECR_REGISTRY}/identity-idp/review/cache"
+      --cache-ttl=168h
+      --cache=true
+      --compressed-caching=false
       --build-arg "http_proxy=${http_proxy}" --build-arg "https_proxy=${https_proxy}" --build-arg "no_proxy=${no_proxy}"
 
 check_changelog:
@@ -290,6 +295,7 @@ trigger_devops:
 
 review-app:
   stage: review
+  allow_failure: true
   needs:
     - job: build-idp-image
   resource_group: $CI_ENVIRONMENT_SLUG.review-app.identitysandbox.gov

.rubocop.yml

@@ -1046,7 +1046,7 @@ Style/IfInsideElse:
 Style/IfUnlessModifier:
   Description: Favor modifier if/unless usage when you have a single-line body.
   StyleGuide: https://github.com/bbatsov/ruby-style-guide#if-as-a-modifier
-  Enabled: true
+  Enabled: false
 
 Style/IfUnlessModifierOfIfUnless:
   Enabled: true

app/controllers/application_controller.rb

@@ -63,7 +63,6 @@ def analytics
         sp: current_sp&.issuer,
         session: session,
         ahoy: ahoy,
-        irs_session_id: irs_attempts_api_session_id,
       )
   end
 
@@ -72,24 +71,7 @@ def analytics_user
   end
 
   def irs_attempts_api_tracker
-    @irs_attempts_api_tracker ||= IrsAttemptsApi::Tracker.new(
-      session_id: irs_attempts_api_session_id,
-      request: request,
-      user: effective_user,
-      sp: current_sp,
-      cookie_device_uuid: cookies[:device],
-      sp_request_uri: decorated_session.request_url_params[:redirect_uri],
-      enabled_for_session: irs_attempts_api_enabled_for_session?,
-      analytics: analytics,
-    )
-  end
-
-  def irs_attempts_api_enabled_for_session?
-    current_sp&.irs_attempts_api_enabled?
-  end
-
-  def irs_attempts_api_session_id
-    decorated_session.irs_attempts_api_session_id
+    @irs_attempts_api_tracker ||= IrsAttemptsApi::Tracker.new
   end
 
   def user_event_creator

app/controllers/concerns/idv_session.rb

@@ -22,7 +22,7 @@ def confirm_phone_or_address_confirmed
     return if flash[:allow_confirmations_continue]
     return if idv_session.address_confirmed? || idv_session.phone_confirmed?
 
-    redirect_to idv_doc_auth_url
+    redirect_to idv_review_url
   end
 
   def idv_session

app/controllers/idv/doc_auth_controller.rb

@@ -1,46 +1,36 @@
 module Idv
   class DocAuthController < ApplicationController
-    before_action :confirm_two_factor_authenticated
-    before_action :redirect_if_pending_gpo
-    before_action :redirect_if_pending_in_person_enrollment
+    def index
+      log_unexpected_visit('DocAuthController index')
 
-    include IdvSession
-    include Flow::FlowStateMachine
-    include FraudReviewConcern
-    include Idv::OutageConcern
-
-    before_action :redirect_if_flow_completed
-    before_action :handle_fraud
-    # rubocop:disable Rails/LexicallyScopedActionFilter
-    before_action :check_for_outage, only: :show
-    # rubocop:enable Rails/LexicallyScopedActionFilter
+      redirect_to idv_welcome_url
+    end
 
-    FLOW_STATE_MACHINE_SETTINGS = {
-      step_url: :idv_doc_auth_step_url,
-      final_url: :idv_welcome_url,
-      flow: Idv::Flows::DocAuthFlow,
-      analytics_id: 'Doc Auth',
-    }.freeze
+    def show
+      log_unexpected_visit('DocAuthController show')
 
-    def return_to_sp
-      redirect_to return_to_sp_failure_to_proof_url(step: next_step, location: params[:location])
+      redirect_to idv_welcome_url
     end
 
-    def redirect_if_pending_gpo
-      redirect_to idv_gpo_verify_url if current_user.gpo_verification_pending_profile?
-    end
+    def update
+      log_unexpected_visit('DocAuthController update')
 
-    def redirect_if_flow_completed
-      flow_finish if idv_session.applicant
+      redirect_to idv_welcome_url
     end
 
-    def redirect_if_pending_in_person_enrollment
-      return if !IdentityConfig.store.in_person_proofing_enabled
-      redirect_to idv_in_person_ready_to_verify_url if current_user.pending_in_person_enrollment
+    def return_to_sp
+      log_unexpected_visit('DocAuthController return_to_sp', location: params[:location])
+      redirect_to return_to_sp_failure_to_proof_url(
+        step: params[:step],
+        location: params[:location],
+      )
     end
 
-    def flow_session
-      user_session['idv/doc_auth']
+    # Temporary logging to see if we're using these routes anywhere
+    def log_unexpected_visit(from, **extra)
+      extra[:referer] = request.referer
+      extra[:step] = params[:step]
+      analytics.track_event(from, **extra)
     end
   end
 end

app/controllers/idv/document_capture_controller.rb

@@ -28,6 +28,8 @@ def update
       Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
         call('document_capture', :update, true)
 
+      cancel_establishing_in_person_enrollments
+
       if result.success?
         redirect_to idv_ssn_url
       else
@@ -63,6 +65,11 @@ def confirm_document_capture_needed
       redirect_to idv_ssn_url
     end
 
+    def cancel_establishing_in_person_enrollments
+      UspsInPersonProofing::EnrollmentHelper.
+        cancel_stale_establishing_enrollments_for_user(current_user)
+    end
+
     def analytics_arguments
       {
         flow_path: flow_path,

app/controllers/idv/gpo_controller.rb

@@ -76,7 +76,7 @@ def confirm_user_completed_idv_profile_step
       return if current_user.gpo_verification_pending_profile?
       return if idv_session.verify_info_step_complete?
 
-      redirect_to idv_doc_auth_url
+      redirect_to idv_verify_info_url
     end
 
     def resend_letter