Deploy RC 313 to Prod

app/assets/stylesheets/components/_footer.scss

@@ -24,9 +24,11 @@ body {
   }
 
   a {
+    @include u-padding-y(1);
     text-decoration: none;
 
     @include at-media('tablet') {
+      @include u-padding-y(0);
       &,
       &:visited {
         color: color($theme-link-reverse-color);
@@ -59,6 +61,12 @@ body {
 }
 
 .footer__links {
-  @include u-padding-y(1);
+  @include u-padding-x(1);
   display: flex;
+  flex-wrap: wrap;
+
+  @include at-media('tablet') {
+    @include u-padding-y(1);
+    @include u-padding-x(0);
+  }
 }

app/controllers/accounts_controller.rb

@@ -28,4 +28,10 @@ def reauthentication
 
     redirect_to login_two_factor_options_path
   end
+
+  private
+
+  def confirm_user_is_not_suspended
+    redirect_to user_please_call_url if current_user.suspended?
+  end
 end

app/controllers/application_controller.rb

@@ -184,18 +184,7 @@ def service_provider_request
     @service_provider_request ||= ServiceProviderRequestProxy.from_uuid(params[:request_id])
   end
 
-  def add_piv_cac_setup_url
-    session[:needs_to_setup_piv_cac_after_sign_in] ? login_add_piv_cac_prompt_url : nil
-  end
-
-  def service_provider_mfa_setup_url
-    service_provider_mfa_policy.user_needs_sp_auth_method_setup? ?
-      authentication_methods_setup_url : nil
-  end
-
   def fix_broken_personal_key_url
-    return if !current_user.broken_personal_key?
-
     flash[:info] = t('account.personal_key.needs_new')
 
     pii_unlocked = Pii::Cacher.new(current_user, user_session).exists_in_session?
@@ -217,26 +206,21 @@ def fix_broken_personal_key_url
   end
 
   def after_sign_in_path_for(_user)
-    accept_rules_of_use_url ||
-      service_provider_mfa_setup_url ||
-      add_piv_cac_setup_url ||
-      fix_broken_personal_key_url ||
-      user_session.delete(:stored_location) ||
-      sp_session_request_url_with_updated_params ||
-      signed_in_url
+    return rules_of_use_path if !current_user.accepted_rules_of_use_still_valid?
+    return user_please_call_url if current_user.suspended?
+    return authentication_methods_setup_url if user_needs_sp_auth_method_setup?
+    return login_add_piv_cac_prompt_url if session[:needs_to_setup_piv_cac_after_sign_in].present?
+    return fix_broken_personal_key_url if current_user.broken_personal_key?
+    return user_session.delete(:stored_location) if user_session.key?(:stored_location)
+    return reactivate_account_url if user_needs_to_reactivate_account?
+    return sp_session_request_url_with_updated_params if sp_session.key?(:request_url)
+    signed_in_url
   end
 
   def signed_in_url
-    return user_two_factor_authentication_url unless user_fully_authenticated?
-    return user_please_call_url if current_user.suspended?
-    return reactivate_account_url if user_needs_to_reactivate_account?
     return url_for_pending_profile_reason if user_has_pending_profile?
     return backup_code_reminder_url if user_needs_backup_code_reminder?
-    account_url
-  end
-
-  def accept_rules_of_use_url
-    rules_of_use_path unless current_user.accepted_rules_of_use_still_valid?
+    account_path
   end
 
   def after_mfa_setup_path
@@ -291,10 +275,6 @@ def user_fully_authenticated?
       two_factor_enabled?
   end
 
-  def confirm_user_is_not_suspended
-    redirect_to user_please_call_url if current_user.suspended?
-  end
-
   def confirm_two_factor_authenticated
     authenticate_user!(force: true)
 
@@ -404,6 +384,7 @@ def service_provider_mfa_policy
       phishing_resistant_requested: sp_session[:phishing_resistant_requested],
     )
   end
+  delegate :user_needs_sp_auth_method_setup?, to: :service_provider_mfa_policy
 
   def sp_session
     session.fetch(:sp, {})

app/controllers/concerns/idv/threat_metrix_concern.rb

@@ -8,16 +8,6 @@ module ThreatMetrixConcern
     def override_csp_for_threat_metrix
       return unless FeatureManagement.proofing_device_profiling_collecting_enabled?
 
-      return if params[:step] != 'ssn'
-
-      threat_metrix_csp_overrides
-    end
-
-    # Remove this duplication once in_person_controller is no longer in use
-    # for their SSN step
-    def override_csp_for_threat_metrix_no_fsm
-      return unless FeatureManagement.proofing_device_profiling_collecting_enabled?
-
       threat_metrix_csp_overrides
     end
 

app/controllers/concerns/idv/verify_info_concern.rb

@@ -69,8 +69,9 @@ def resolution_rate_limiter
     end
 
     def ssn_rate_limiter
+      ssn = idv_session.ssn || pii[:ssn]
       @ssn_rate_limiter ||= RateLimiter.new(
-        target: Pii::Fingerprinter.fingerprint(pii[:ssn]),
+        target: Pii::Fingerprinter.fingerprint(ssn),
         rate_limit_type: :proof_ssn,
       )
     end
@@ -223,7 +224,7 @@ def async_state_done(current_async_state)
     end
 
     def next_step_url
-      return idv_gpo_url if FeatureManagement.idv_by_mail_only?
+      return idv_request_letter_url if FeatureManagement.idv_by_mail_only?
       idv_phone_url
     end
 
@@ -300,17 +301,19 @@ def log_idv_verification_submitted_event(success: false, failure_reason: nil)
         last_name: pii_from_doc[:last_name],
         date_of_birth: pii_from_doc[:dob],
         address: pii_from_doc[:address1],
-        ssn: pii_from_doc[:ssn],
+        ssn: idv_session.ssn || pii_from_doc[:ssn],
         failure_reason: failure_reason,
       )
     end
 
     def check_ssn
-      Idv::SsnForm.new(current_user).submit(ssn: pii[:ssn])
+      ssn = idv_session.ssn || pii[:ssn]
+      Idv::SsnForm.new(current_user).submit(ssn: ssn)
     end
 
     def move_applicant_to_idv_session
       idv_session.applicant = pii
+      idv_session.applicant[:ssn] ||= idv_session.ssn
       idv_session.applicant['uuid'] = current_user.uuid
       delete_pii
     end

app/controllers/concerns/idv_step_concern.rb

@@ -17,7 +17,7 @@ module IdvStepConcern
   end
 
   def confirm_no_pending_gpo_profile
-    redirect_to idv_gpo_verify_url if current_user&.gpo_verification_pending_profile?
+    redirect_to idv_verify_by_mail_enter_code_url if current_user&.gpo_verification_pending_profile?
   end
 
   def confirm_no_pending_in_person_enrollment
@@ -52,7 +52,7 @@ def flow_path
   private
 
   def confirm_ssn_step_complete
-    return if pii.present? && pii[:ssn].present?
+    return if pii.present? && (idv_session.ssn.present? || pii[:ssn].present?)
     redirect_to prev_url
   end
 

app/controllers/concerns/rate_limit_concern.rb

@@ -64,8 +64,8 @@ def idv_attempter_rate_limited?(rate_limit_type)
   end
 
   def pii_ssn
-    return unless defined?(flow_session) && user_session
-    pii_from_doc_ssn = flow_session[:pii_from_doc]&.[](:ssn)
+    return unless defined?(flow_session) && defined?(idv_session) && user_session
+    pii_from_doc_ssn = idv_session&.ssn || flow_session[:pii_from_doc]&.[](:ssn)
     return pii_from_doc_ssn if pii_from_doc_ssn
     flow_session[:pii_from_user]&.[](:ssn)
   end

app/controllers/concerns/verify_profile_concern.rb

@@ -2,7 +2,7 @@ module VerifyProfileConcern
   private
 
   def url_for_pending_profile_reason
-    return idv_gpo_verify_url if current_user.gpo_verification_pending_profile?
+    return idv_verify_by_mail_enter_code_url if current_user.gpo_verification_pending_profile?
     return idv_in_person_ready_to_verify_url if current_user.in_person_pending_profile?
     return idv_please_call_url if current_user.fraud_review_pending?
     idv_not_verified_url if current_user.fraud_rejection?

app/controllers/idv/gpo_verify_controller.rb → app/controllers/idv/by_mail/enter_code_controller.rb

@@ -1,7 +1,7 @@
-module Idv
-  class GpoVerifyController < ApplicationController
+module Idv::ByMail
+  class EnterCodeController < ApplicationController
     include IdvSession
-    include StepIndicatorConcern
+    include Idv::StepIndicatorConcern
     include FraudReviewConcern
 
     prepend_before_action :note_if_user_did_not_receive_letter
@@ -13,7 +13,7 @@ def index
       # slightly different copy on this screen.
       @user_did_not_receive_letter = !!params[:did_not_receive_letter]
 
-      analytics.idv_gpo_verification_visited(
+      analytics.idv_verify_by_mail_enter_code_visited(
         source: if @user_did_not_receive_letter then 'gpo_reminder_email' end,
       )
 
@@ -52,15 +52,15 @@ def create
       @gpo_verify_form = build_gpo_verify_form
 
       result = @gpo_verify_form.submit
-      analytics.idv_gpo_verification_submitted(**result.to_h)
+      analytics.idv_verify_by_mail_enter_code_submitted(**result.to_h)
       irs_attempts_api_tracker.idv_gpo_verification_submitted(
         success: result.success?,
         failure_reason: irs_attempts_api_tracker.parse_failure_reason(result),
       )
 
       if !result.success?
         flash[:error] = @gpo_verify_form.errors.first.message
-        redirect_to idv_gpo_verify_url
+        redirect_to idv_verify_by_mail_enter_code_url
         return
       end
 
@@ -90,7 +90,7 @@ def note_if_user_did_not_receive_letter
 
       if current_user && session.delete(:gpo_user_did_not_receive_letter)
         # ...and we can pick things up here.
-        redirect_to idv_gpo_verify_path(did_not_receive_letter: 1)
+        redirect_to idv_verify_by_mail_enter_code_path(did_not_receive_letter: 1)
       end
     end
 

app/controllers/idv/come_back_later_controller.rb → app/controllers/idv/by_mail/letter_enqueued_controller.rb

@@ -1,13 +1,13 @@
-module Idv
-  class ComeBackLaterController < ApplicationController
+module Idv::ByMail
+  class LetterEnqueuedController < ApplicationController
     include IdvSession
-    include StepIndicatorConcern
+    include Idv::StepIndicatorConcern
 
     before_action :confirm_two_factor_authenticated
     before_action :confirm_user_needs_gpo_confirmation
 
     def show
-      analytics.idv_come_back_later_visit
+      analytics.idv_letter_enqueued_visit
     end
 
     private

app/controllers/idv/gpo_controller.rb → app/controllers/idv/by_mail/request_letter_controller.rb

@@ -1,7 +1,7 @@
-module Idv
-  class GpoController < ApplicationController
+module Idv::ByMail
+  class RequestLetterController < ApplicationController
     include IdvSession
-    include StepIndicatorConcern
+    include Idv::StepIndicatorConcern
     include Idv::AbTestAnalyticsConcern
 
     before_action :confirm_two_factor_authenticated
@@ -11,11 +11,11 @@ class GpoController < ApplicationController
     before_action :confirm_profile_not_too_old
 
     def index
-      @presenter = GpoPresenter.new(current_user, url_options)
+      @presenter = RequestLetterPresenter.new(current_user, url_options)
       @step_indicator_current_step = step_indicator_current_step
       Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer).
         call(:usps_address, :view, true)
-      analytics.idv_gpo_address_visited(
+      analytics.idv_request_letter_visited(
         letter_already_sent: @presenter.resend_requested?,
       )
     end
@@ -29,7 +29,7 @@ def create
       elsif resend_requested?
         resend_letter
         flash[:success] = t('idv.messages.gpo.another_letter_on_the_way')
-        redirect_to idv_come_back_later_url
+        redirect_to idv_letter_enqueued_url
       else
         redirect_to idv_review_url
       end