Deploy RC 305 to Prod

.gitlab-ci.yml

@@ -450,7 +450,7 @@ ecr-scan:
     - echo $SCAN_FINDINGS
     - >
       echo $SCAN_FINDINGS |
-      jq -r 'if (.imageScanFindings.findings | length > 0) then
+      jq -r 'if (.imageScanFindings.enhancedFindings | length > 0) then
       {
         "version": "15.0.4",
         "scan": {
@@ -517,7 +517,32 @@ ecr-scan:
         ]
       }
       else
-        "No findings"
+      {
+        "version": "15.0.4",
+        "scan": {
+          "start_time": (now | strftime("%Y-%m-%dT%H:%M:%S")),
+          "end_time": (now | strftime("%Y-%m-%dT%H:%M:%S")),
+          "scanner": {
+            "id": "clair",
+            "name": "Amazon ECR Image Scan",
+            "version": "1.0.0",
+            "vendor": {
+              "name": "Amazon Web Services"
+            }
+          },
+          "analyzer": {
+            "id": "clair",
+            "name": "Amazon ECR Image Scan",
+            "version": "1.0.0",
+            "vendor": {
+              "name": "Amazon Web Services"
+            }
+          },
+          "status": "success",
+          "type": "container_scanning"
+        },
+        "vulnerabilities": []
+      }
       end' > gl-container-scanning-report.json
   artifacts:
     paths: 

Gemfile.lock

@@ -60,70 +60,70 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.0.5.1)
-      actionpack (= 7.0.5.1)
-      activesupport (= 7.0.5.1)
+    actioncable (7.0.7)
+      actionpack (= 7.0.7)
+      activesupport (= 7.0.7)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.5.1)
-      actionpack (= 7.0.5.1)
-      activejob (= 7.0.5.1)
-      activerecord (= 7.0.5.1)
-      activestorage (= 7.0.5.1)
-      activesupport (= 7.0.5.1)
+    actionmailbox (7.0.7)
+      actionpack (= 7.0.7)
+      activejob (= 7.0.7)
+      activerecord (= 7.0.7)
+      activestorage (= 7.0.7)
+      activesupport (= 7.0.7)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.5.1)
-      actionpack (= 7.0.5.1)
-      actionview (= 7.0.5.1)
-      activejob (= 7.0.5.1)
-      activesupport (= 7.0.5.1)
+    actionmailer (7.0.7)
+      actionpack (= 7.0.7)
+      actionview (= 7.0.7)
+      activejob (= 7.0.7)
+      activesupport (= 7.0.7)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (7.0.5.1)
-      actionview (= 7.0.5.1)
-      activesupport (= 7.0.5.1)
+    actionpack (7.0.7)
+      actionview (= 7.0.7)
+      activesupport (= 7.0.7)
       rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.5.1)
-      actionpack (= 7.0.5.1)
-      activerecord (= 7.0.5.1)
-      activestorage (= 7.0.5.1)
-      activesupport (= 7.0.5.1)
+    actiontext (7.0.7)
+      actionpack (= 7.0.7)
+      activerecord (= 7.0.7)
+      activestorage (= 7.0.7)
+      activesupport (= 7.0.7)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.5.1)
-      activesupport (= 7.0.5.1)
+    actionview (7.0.7)
+      activesupport (= 7.0.7)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.5.1)
-      activesupport (= 7.0.5.1)
+    activejob (7.0.7)
+      activesupport (= 7.0.7)
       globalid (>= 0.3.6)
-    activemodel (7.0.5.1)
-      activesupport (= 7.0.5.1)
-    activerecord (7.0.5.1)
-      activemodel (= 7.0.5.1)
-      activesupport (= 7.0.5.1)
+    activemodel (7.0.7)
+      activesupport (= 7.0.7)
+    activerecord (7.0.7)
+      activemodel (= 7.0.7)
+      activesupport (= 7.0.7)
     activerecord-postgis-adapter (8.0.2)
       activerecord (~> 7.0.0)
       rgeo-activerecord (~> 7.0.0)
-    activestorage (7.0.5.1)
-      actionpack (= 7.0.5.1)
-      activejob (= 7.0.5.1)
-      activerecord (= 7.0.5.1)
-      activesupport (= 7.0.5.1)
+    activestorage (7.0.7)
+      actionpack (= 7.0.7)
+      activejob (= 7.0.7)
+      activerecord (= 7.0.7)
+      activesupport (= 7.0.7)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (7.0.5.1)
+    activesupport (7.0.7)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -199,7 +199,7 @@ GEM
       parser (>= 2.4)
       smart_properties
     bindata (2.4.14)
-    bootsnap (1.15.0)
+    bootsnap (1.16.0)
       msgpack (~> 1.2)
     brakeman (6.0.1)
     browser (5.3.1)
@@ -289,7 +289,7 @@ GEM
       railties (>= 5.0.0)
     faker (2.19.0)
       i18n (>= 1.6, < 2)
-    faraday (2.7.4)
+    faraday (2.7.10)
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-net_http (3.0.2)
@@ -317,7 +317,7 @@ GEM
       railties (>= 6.0.0)
       thor (>= 0.14.1)
       webrick (>= 1.3)
-    google-protobuf (3.21.12)
+    google-protobuf (3.24.0)
     guard (2.16.2)
       formatador (>= 0.2.4)
       listen (>= 2.7, < 4.0)
@@ -381,7 +381,7 @@ GEM
     loofah (2.21.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
-    lookbook (2.0.3)
+    lookbook (2.0.5)
       activemodel
       css_parser
       htmlbeautifier (~> 1.3)
@@ -394,7 +394,7 @@ GEM
       yard (~> 0.9.25)
       zeitwerk (~> 2.5)
     lru_redux (1.1.0)
-    lumberjack (1.2.8)
+    lumberjack (1.2.9)
     mail (2.8.1)
       mini_mime (>= 0.1.1)
       net-imap
@@ -409,7 +409,7 @@ GEM
     mini_mime (1.1.5)
     mini_portile2 (2.8.4)
     minitest (5.19.0)
-    msgpack (1.6.0)
+    msgpack (1.7.2)
     multiset (0.5.3)
     nenv (0.3.0)
     net-imap (0.3.7)
@@ -440,9 +440,9 @@ GEM
     parser (3.2.2.3)
       ast (~> 2.4.1)
       racc
-    pg (1.4.5)
-    pg_query (2.2.0)
-      google-protobuf (>= 3.19.2)
+    pg (1.5.3)
+    pg_query (4.2.3)
+      google-protobuf (>= 3.22.3)
     phonelib (0.8.2)
     pkcs11 (0.3.4)
     premailer (1.21.0)
@@ -492,20 +492,20 @@ GEM
     rack_session_access (0.2.0)
       builder (>= 2.0.0)
       rack (>= 1.0.0)
-    rails (7.0.5.1)
-      actioncable (= 7.0.5.1)
-      actionmailbox (= 7.0.5.1)
-      actionmailer (= 7.0.5.1)
-      actionpack (= 7.0.5.1)
-      actiontext (= 7.0.5.1)
-      actionview (= 7.0.5.1)
-      activejob (= 7.0.5.1)
-      activemodel (= 7.0.5.1)
-      activerecord (= 7.0.5.1)
-      activestorage (= 7.0.5.1)
-      activesupport (= 7.0.5.1)
+    rails (7.0.7)
+      actioncable (= 7.0.7)
+      actionmailbox (= 7.0.7)
+      actionmailer (= 7.0.7)
+      actionpack (= 7.0.7)
+      actiontext (= 7.0.7)
+      actionview (= 7.0.7)
+      activejob (= 7.0.7)
+      activemodel (= 7.0.7)
+      activerecord (= 7.0.7)
+      activestorage (= 7.0.7)
+      activesupport (= 7.0.7)
       bundler (>= 1.15.0)
-      railties (= 7.0.5.1)
+      railties (= 7.0.7)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -520,9 +520,9 @@ GEM
     rails-i18n (7.0.6)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
-    railties (7.0.5.1)
-      actionpack (= 7.0.5.1)
-      activesupport (= 7.0.5.1)
+    railties (7.0.7)
+      actionpack (= 7.0.7)
+      activesupport (= 7.0.7)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -541,7 +541,7 @@ GEM
     regexp_parser (2.8.1)
     reline (0.3.7)
       io-console (~> 0.5)
-    request_store (1.5.0)
+    request_store (1.5.1)
       rack (>= 1.4)
     responders (3.0.1)
       actionpack (>= 5.0)
@@ -553,7 +553,7 @@ GEM
       activerecord (>= 5.0)
       rgeo (>= 1.0.0)
     rotp (6.2.0)
-    rouge (4.1.1)
+    rouge (4.1.3)
     rqrcode (2.1.0)
       chunky_png (~> 1.0)
       rqrcode_core (~> 1.0)
@@ -690,9 +690,9 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    webrick (1.7.0)
+    webrick (1.8.1)
     websocket (1.2.9)
-    websocket-driver (0.7.5)
+    websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     xmldsig (0.6.6)
@@ -706,8 +706,7 @@ GEM
       nokogiri (~> 1.11)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    yard (0.9.28)
-      webrick (~> 1.7.0)
+    yard (0.9.34)
     zeitwerk (2.6.11)
     zonebie (0.6.1)
     zxcvbn (0.1.9)

app/controllers/concerns/idv_session.rb

@@ -44,7 +44,7 @@ def irs_reproofing?
   end
 
   def document_capture_session_uuid
-    idv_session.document_capture_session_uuid || flow_session[:document_capture_session_uuid]
+    idv_session.document_capture_session_uuid
   end
 
   def document_capture_session

app/controllers/concerns/saml_idp_auth_concern.rb

@@ -6,12 +6,13 @@ module SamlIdpAuthConcern
     # rubocop:disable Rails/LexicallyScopedActionFilter
     before_action :validate_saml_request, only: :auth
     before_action :validate_service_provider_and_authn_context, only: :auth
+    before_action :check_sp_active, only: :auth
+    before_action :log_external_saml_auth_request, only: [:auth]
     # this must take place _before_ the store_saml_request action or the SAML
     # request is cleared (along with the rest of the session) when the user is
     # signed out
     before_action :sign_out_if_forceauthn_is_true_and_user_is_signed_in, only: :auth
     before_action :store_saml_request, only: :auth
-    before_action :check_sp_active, only: :auth
     # rubocop:enable Rails/LexicallyScopedActionFilter
   end
 

app/controllers/idv/capture_doc_status_controller.rb

@@ -12,7 +12,7 @@ def show
 
     def status
       @status ||= begin
-        if !flow_session || !document_capture_session
+        if !document_capture_session
           :unauthorized
         elsif document_capture_session.cancelled_at
           :gone
@@ -31,7 +31,7 @@ def status
     end
 
     def redirect_url
-      return unless flow_session && document_capture_session
+      return unless document_capture_session
 
       if rate_limiter.limited?
         idv_session_errors_rate_limited_url
@@ -40,10 +40,6 @@ def redirect_url
       end
     end
 
-    def flow_session
-      user_session['idv/doc_auth']
-    end
-
     def session_result
       return @session_result if defined?(@session_result)
       @session_result = document_capture_session.load_result ||
@@ -56,7 +52,7 @@ def document_capture_session
     end
 
     def document_capture_session_uuid
-      idv_session.document_capture_session_uuid || flow_session[:document_capture_session_uuid]
+      idv_session.document_capture_session_uuid
     end
 
     def rate_limiter

app/controllers/idv/document_capture_controller.rb

@@ -20,6 +20,7 @@ def show
 
     def update
       flow_session['redo_document_capture'] = nil # done with this redo
+      idv_session.redo_document_capture = nil # done with this redo
       result = handle_stored_result
       analytics.idv_doc_auth_document_capture_submitted(**result.to_h.merge(analytics_arguments))
 
@@ -56,6 +57,7 @@ def confirm_hybrid_handoff_complete
 
     def confirm_document_capture_needed
       return if flow_session['redo_document_capture']
+      return if idv_session.redo_document_capture
 
       pii = flow_session['pii_from_doc'] # hash with indifferent access
       return if pii.blank? && !idv_session.verify_info_step_complete?
@@ -74,7 +76,8 @@ def analytics_arguments
         step: 'document_capture',
         analytics_id: 'Doc Auth',
         irs_reproofing: irs_reproofing?,
-        redo_document_capture: flow_session[:redo_document_capture],
+        redo_document_capture:
+          idv_session.redo_document_capture || flow_session[:redo_document_capture],
       }.compact.merge(ab_test_analytics_buckets)
     end