Skip to content

Deploy RC 316 to Production #9249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mitchellhenke merged 24 commits into from
Sep 21, 2023
Merged

Deploy RC 316 to Production #9249

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
b329bdd
LG-10022: Add second MFA encouragement screen (#9124)
aduth Sep 18, 2023
7f0129b
Add brakeman instructions to Makefile (#9213)
soniaconnolly Sep 18, 2023
70e801b
LG-10769: Diffferentiate between account creation and account and acc…
mdiarra3 Sep 18, 2023
ce6c2f6
Finish removing ssn from flow session (revert the revert) (#9229)
soniaconnolly Sep 18, 2023
159523d
10300: Publish @18f/identity-components for use alongside Address Sea…
allthesignals Sep 18, 2023
a42515e
Add internal reporting mail method (LG-10912) (#9219)
zachmargolis Sep 18, 2023
3fb9a2c
LG-11000 Decorated session rename (#9200)
theabrad Sep 18, 2023
c3d95a8
LG-10810 Update re-enter password screen H1 (#9214)
theabrad Sep 19, 2023
ee27eb8
LG-10919 reenter password banner (#9223)
soniaconnolly Sep 19, 2023
0ed23c1
Fix banner margins (#9236)
soniaconnolly Sep 19, 2023
7254f16
changelog: User-Facing Improvements, Authentication, Update Backup co…
mdiarra3 Sep 19, 2023
d426842
LG-10779 Add a specific test case for a profile that cannot pass frau…
jmhooper Sep 19, 2023
72b5761
LG-10718: rename Proofing Resolution Result Missing event (#9239)
solipet Sep 19, 2023
3eecdbc
LG-10330 Make No In Person Locations View Configurable (#9230)
gina-yamada Sep 19, 2023
02ff8b2
LG-10850 Update all screens to say 5 to 10 days to get a letter (#9224)
soniaconnolly Sep 19, 2023
a4ffdb3
LG-10785: Move full address entry PO search into the @18f/identity-ad…
Sep 20, 2023
a5aa620
LG-10427 prevent doc image resubmission validation (#9177)
dawei-nava Sep 20, 2023
e8e276a
Bump @18f/identity-address-search minor version (#9245)
Sep 20, 2023
4ba6266
LG-10657 Add idv_session.pii_from_doc to replace flow_session[:pii_fr…
soniaconnolly Sep 20, 2023
da64687
LG-10779 Add fraud review logging to the action account tooling (#9238)
jmhooper Sep 20, 2023
b1b4873
LG-10891 Add MultiRegionKmsMigration::UserMigrationJob to the backgro…
jmhooper Sep 20, 2023
b02aa6d
Add conditionalNames to webpack in address-search (#9248)
gina-yamada Sep 21, 2023
77704ae
Use Redis expiretime to avoid repeated TTL calls when building IdToke…
Sep 21, 2023
4252fb5
Merge branch 'stages/prod' into stages/rc-2023-09-21
Sep 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,13 @@ ARTIFACT_DESTINATION_FILE ?= ./tmp/idp.tar.gz
lint \
lint_analytics_events \
lint_analytics_events_sorted \
lint_tracker_events \
lint_country_dialing_codes \
lint_erb \
lint_lockfiles \
lint_optimized_assets \
lint_tracker_events \
lint_yaml \
lint_yarn_workspaces \
lint_lockfiles \
lintfix \
normalize_yaml \
optimize_assets \
Expand Down Expand Up @@ -78,7 +78,7 @@ endif
make lint_tracker_events
make lint_analytics_events_sorted
@echo "--- brakeman ---"
bundle exec brakeman
make brakeman
@echo "--- bundler-audit ---"
bundle exec bundler-audit check --update
# JavaScript
Expand Down Expand Up @@ -141,8 +141,8 @@ lintfix: ## Try to automatically fix any Ruby, ERB, JavaScript, YAML, or CSS lin
@echo "--- normalize yaml ---"
make normalize_yaml

brakeman: ## Runs brakeman
bundle exec brakeman
brakeman: ## Runs brakeman code security check
(bundle exec brakeman) || (echo "Error: update code as needed to remove security issues. For known exceptions already in brakeman.ignore, use brakeman to interactively update exceptions."; exit 1)

public/packs/manifest.json: yarn.lock $(shell find app/javascript -type f) ## Builds JavaScript assets
yarn build
Expand Down
8 changes: 8 additions & 0 deletions app/assets/stylesheets/tables-report.css.scss
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
@forward 'uswds-core';
@forward 'usa-prose';
@forward 'usa-table';

.table-number {
font-variant-numeric: tabular-nums;
text-align: right;
}
2 changes: 1 addition & 1 deletion app/controllers/accounts/connected_accounts_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ def show
decrypted_pii: nil,
personal_key: flash[:personal_key],
sp_session_request_url: sp_session_request_url_with_updated_params,
sp_name: decorated_session.sp_name,
sp_name: decorated_sp_session.sp_name,
user: current_user,
locked_for_session: pii_locked_for_session?(current_user),
)
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/accounts/history_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ def show
decrypted_pii: nil,
personal_key: flash[:personal_key],
sp_session_request_url: sp_session_request_url_with_updated_params,
sp_name: decorated_session.sp_name,
sp_name: decorated_sp_session.sp_name,
user: current_user,
locked_for_session: pii_locked_for_session?(current_user),
)
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/accounts/two_factor_authentication_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ def show
decrypted_pii: nil,
personal_key: flash[:personal_key],
sp_session_request_url: sp_session_request_url_with_updated_params,
sp_name: decorated_session.sp_name,
sp_name: decorated_sp_session.sp_name,
user: current_user,
locked_for_session: pii_locked_for_session?(current_user),
)
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/accounts_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ def show
decrypted_pii: cacher.fetch,
personal_key: flash[:personal_key],
sp_session_request_url: sp_session_request_url_with_updated_params,
sp_name: decorated_session.sp_name,
sp_name: decorated_sp_session.sp_name,
user: current_user,
locked_for_session: pii_locked_for_session?(current_user),
)
Expand Down
12 changes: 7 additions & 5 deletions app/controllers/application_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ class ApplicationController < ActionController::Base
include LocaleHelper
include VerifySpAttributesConcern
include EffectiveUser
include SecondMfaReminderConcern

# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
Expand All @@ -24,7 +25,7 @@ class ApplicationController < ActionController::Base
rescue_from error, with: :render_timeout
end

helper_method :decorated_session, :user_fully_authenticated?
helper_method :decorated_sp_session, :user_fully_authenticated?

prepend_before_action :add_new_relic_trace_attributes
prepend_before_action :session_expires_at
Expand Down Expand Up @@ -78,15 +79,15 @@ def user_event_creator
@user_event_creator ||= UserEventCreator.new(request: request, current_user: current_user)
end
delegate :create_user_event, :create_user_event_with_disavowal, to: :user_event_creator
delegate :remember_device_default, to: :decorated_session
delegate :remember_device_default, to: :decorated_sp_session

def decorated_session
@decorated_session ||= DecoratedSession.new(
def decorated_sp_session
@decorated_sp_session ||= ServiceProviderSessionCreator.new(
sp: current_sp,
view_context: view_context,
sp_session: sp_session,
service_provider_request: service_provider_request,
).call
).create_session
end

def default_url_options
Expand Down Expand Up @@ -213,6 +214,7 @@ def after_sign_in_path_for(_user)
return fix_broken_personal_key_url if current_user.broken_personal_key?
return user_session.delete(:stored_location) if user_session.key?(:stored_location)
return reactivate_account_url if user_needs_to_reactivate_account?
return second_mfa_reminder_url if user_needs_second_mfa_reminder?
return sp_session_request_url_with_updated_params if sp_session.key?(:request_url)
signed_in_url
end
Expand Down
2 changes: 2 additions & 0 deletions app/controllers/concerns/idv/document_capture_concern.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ def extract_pii_from_doc(user, response, store_in_session: false)
if store_in_session
flow_session[:pii_from_doc] ||= {}
flow_session[:pii_from_doc].merge!(pii_from_doc)
idv_session.pii_from_doc ||= {}
idv_session.pii_from_doc.merge!(pii_from_doc)
idv_session.clear_applicant!
end
end
Expand Down
9 changes: 3 additions & 6 deletions app/controllers/concerns/idv/verify_info_concern.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ def shared_update
Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
call('verify', :update, true)

pii[:uuid_prefix] = ServiceProvider.find_by(issuer: sp_session[:issuer])&.app_id
set_state_id_type

ssn_rate_limiter.increment!
Expand All @@ -25,11 +24,8 @@ def shared_update
idv_session.vendor_phone_confirmation = false
idv_session.user_phone_confirmation = false

# rubocop:disable Layout/LineLength
# TEMPORARY DEBUGGING
logger.info("ResolutionJobDebug: user_uuid=#{current_user.uuid} old=#{pii[:ssn].present?} new=#{idv_session.ssn.present?} controller=#{self.class.name}")
# rubocop:enable Layout/LineLength
pii[:ssn] = idv_session.ssn # Required for proof_resolution job
pii[:uuid_prefix] = ServiceProvider.find_by(issuer: sp_session[:issuer])&.app_id
pii[:ssn] = idv_session.ssn
Idv::Agent.new(pii).proof_resolution(
document_capture_session,
should_proof_state_id: should_use_aamva?(pii),
Expand Down Expand Up @@ -323,6 +319,7 @@ def move_applicant_to_idv_session

def delete_pii
flow_session.delete(:pii_from_doc)
idv_session.pii_from_doc = nil
flow_session.delete(:pii_from_user)
end

Expand Down
2 changes: 1 addition & 1 deletion app/controllers/concerns/idv_session.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ module IdvSession

def confirm_idv_needed
return if idv_session_user.active_profile.blank? ||
decorated_session.requested_more_recent_verification? ||
decorated_sp_session.requested_more_recent_verification? ||
idv_session_user.reproof_for_irs?(service_provider: current_sp)

redirect_to idv_activated_url
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/concerns/idv_step_concern.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ def redirect_for_mail_only
end

def pii_from_doc
flow_session[:pii_from_doc]
idv_session.pii_from_doc || flow_session[:pii_from_doc]
end

def pii_from_user
Expand Down
6 changes: 6 additions & 0 deletions app/controllers/concerns/mfa_setup_concern.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,10 @@ def next_setup_path
if user_session[:mfa_selections]
analytics.user_registration_mfa_setup_complete(
mfa_method_counts: mfa_context.enabled_two_factor_configuration_counts_hash,
in_account_creation_flow: user_session[:in_account_creation_flow] || false,
enabled_mfa_methods_count: mfa_context.enabled_mfa_methods_count,
pii_like_keypaths: [[:mfa_method_counts, :phone]],
second_mfa_reminder_conversion: user_session.delete(:second_mfa_reminder_conversion),
success: true,
)
end
Expand Down Expand Up @@ -59,6 +61,10 @@ def suggest_second_mfa?
mfa_selection_count < 2 && mfa_context.enabled_mfa_methods_count < 2
end

def in_account_creation_flow?
user_session[:in_account_creation_flow] || false
end

def mfa_selection_count
user_session[:mfa_selections]&.count || 0
end
Expand Down
4 changes: 2 additions & 2 deletions app/controllers/concerns/remember_device_concern.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ def check_remember_device_preference
return if remember_device_cookie.nil?
return unless remember_device_cookie.valid_for_user?(
user: current_user,
expiration_interval: decorated_session.mfa_expiration_interval,
expiration_interval: decorated_sp_session.mfa_expiration_interval,
)

handle_valid_remember_device_cookie(remember_device_cookie: remember_device_cookie)
Expand All @@ -35,7 +35,7 @@ def remember_device_cookie
def remember_device_expired_for_sp?
expired_for_interval?(
current_user,
decorated_session.mfa_expiration_interval,
decorated_sp_session.mfa_expiration_interval,
)
end

Expand Down
30 changes: 30 additions & 0 deletions app/controllers/concerns/second_mfa_reminder_concern.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
module SecondMfaReminderConcern
def user_needs_second_mfa_reminder?
return false unless IdentityConfig.store.second_mfa_reminder_enabled
return false if user_has_dismissed_second_mfa_reminder? || user_has_multiple_mfa_methods?
exceeded_sign_in_count_for_second_mfa_reminder? || exceeded_account_age_for_second_mfa_reminder?
end

private

def user_has_dismissed_second_mfa_reminder?
current_user.second_mfa_reminder_dismissed_at.present?
end

def user_has_multiple_mfa_methods?
MfaContext.new(current_user).enabled_mfa_methods_count > 1
end

def exceeded_sign_in_count_for_second_mfa_reminder?
current_user.sign_in_count(since: second_mfa_reminder_account_age_cutoff) >=
IdentityConfig.store.second_mfa_reminder_sign_in_count
end

def exceeded_account_age_for_second_mfa_reminder?
current_user.created_at.before?(second_mfa_reminder_account_age_cutoff)
end

def second_mfa_reminder_account_age_cutoff
IdentityConfig.store.second_mfa_reminder_account_age_in_days.days.ago
end
end
2 changes: 1 addition & 1 deletion app/controllers/concerns/secure_headers_concern.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ def csp_uris
# Returns fully formed CSP array w/"'self'" and redirect_uris
SecureHeadersAllowList.csp_with_sp_redirect_uris(
authorize_params[:redirect_uri],
decorated_session.sp_redirect_uris,
decorated_sp_session.sp_redirect_uris,
)
end

Expand Down
2 changes: 1 addition & 1 deletion app/controllers/events_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ def show
decrypted_pii: nil,
personal_key: nil,
sp_session_request_url: sp_session_request_url_with_updated_params,
sp_name: decorated_session.sp_name,
sp_name: decorated_sp_session.sp_name,
user: current_user,
locked_for_session: pii_locked_for_session?(current_user),
)
Expand Down
6 changes: 5 additions & 1 deletion app/controllers/idv/address_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,13 @@ def idv_form
end

def success
# Make sure pii_from_doc is available in both places so we can
# update the address for both and keep them in sync
idv_session.pii_from_doc = pii_from_doc
profile_params.each do |key, value|
flow_session[:pii_from_doc][key] = value
idv_session.pii_from_doc[key] = value
end
flow_session[:pii_from_doc] = idv_session.pii_from_doc
redirect_to idv_verify_info_url
end

Expand Down
4 changes: 2 additions & 2 deletions app/controllers/idv/by_mail/enter_code_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,10 +102,10 @@ def prepare_for_personal_key
UserAlerts::AlertUserAboutAccountVerified.call(
user: current_user,
date_time: event.created_at,
sp_name: decorated_session.sp_name,
sp_name: decorated_sp_session.sp_name,
)
flash[:success] = t('account.index.verification.success')
end
end

idv_session.address_verification_mechanism = 'gpo'
idv_session.address_confirmed!
Expand Down
4 changes: 2 additions & 2 deletions app/controllers/idv/cancellations_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ def new
self.session_go_back_path = go_back_path || idv_path
@hybrid_session = hybrid_session?
@presenter = CancellationsPresenter.new(
sp_name: decorated_session.sp_name,
sp_name: decorated_sp_session.sp_name,
url_options: url_options,
)
end
Expand Down Expand Up @@ -72,7 +72,7 @@ def cancel_session
end

def cancelled_redirect_path
if decorated_session.sp_name
if decorated_sp_session.sp_name
return_to_sp_failure_to_proof_path(location_params)
else
account_path
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/idv/document_capture_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ def extra_view_variables
{
document_capture_session_uuid: document_capture_session_uuid,
flow_path: 'standard',
sp_name: decorated_session.sp_name,
sp_name: decorated_sp_session.sp_name,
failure_to_proof_url: return_to_sp_failure_to_proof_url(step: 'document_capture'),
}.merge(
acuant_sdk_upgrade_a_b_testing_variables,
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/idv/getting_started_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ def show
Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
call('agreement', :view, true)

@sp_name = decorated_session.sp_name || APP_NAME
@sp_name = decorated_sp_session.sp_name || APP_NAME
@title = t('doc_auth.headings.getting_started', sp_name: @sp_name)
end

Expand Down
21 changes: 18 additions & 3 deletions app/controllers/idv/review_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,15 @@ def new
**ab_test_analytics_buckets,
)

@title = title
@heading = heading

flash_now = flash.now
if gpo_mail_service.mail_spammed?
flash_now[:error] = t('idv.errors.mail_limit_reached')
elsif address_verification_method == 'gpo'
flash_now[:info] = t('idv.messages.review.gpo_pending')
end

@verifying_by_mail = address_verification_method == 'gpo'
end

def create
Expand Down Expand Up @@ -81,6 +84,18 @@ def step_indicator_step

private

def title
gpo_user_flow? ? t('titles.idv.review_letter') : t('titles.idv.review')
end

def heading
if gpo_user_flow?
t('idv.titles.session.review_letter', app_name: APP_NAME)
else
t('idv.titles.session.review', app_name: APP_NAME)
end
end

def confirm_current_password
return if valid_password?

Expand Down Expand Up @@ -128,7 +143,7 @@ def init_profile
UserAlerts::AlertUserAboutAccountVerified.call(
user: current_user,
date_time: event.created_at,
sp_name: decorated_session.sp_name,
sp_name: decorated_sp_session.sp_name,
)
end
end
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/idv/session_errors_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ def failure
rate_limit_type: :idv_resolution,
)
@expires_at = rate_limiter.expires_at
@sp_name = decorated_session.sp_name
@sp_name = decorated_sp_session.sp_name
log_event(based_on_limiter: rate_limiter)
end

Expand Down
2 changes: 1 addition & 1 deletion app/controllers/idv/welcome_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ def show
Funnel::DocAuth::RegisterStep.new(current_user.id, sp_session[:issuer]).
call('welcome', :view, true)

@sp_name = decorated_session.sp_name || APP_NAME
@sp_name = decorated_sp_session.sp_name || APP_NAME
@title = t('doc_auth.headings.getting_started', sp_name: @sp_name)

@ab_test_bucket = getting_started_ab_test_bucket
Expand Down
Loading