Deploy RC 324 to Prod

app/controllers/concerns/idv/ab_test_analytics_concern.rb

@@ -2,6 +2,7 @@ module Idv
   module AbTestAnalyticsConcern
     include AcuantConcern
     include Idv::GettingStartedAbTestConcern
+    include Idv::PhoneQuestionAbTestConcern
 
     def ab_test_analytics_buckets
       buckets = {}
@@ -10,7 +11,8 @@ def ab_test_analytics_buckets
       end
 
       buckets.merge(acuant_sdk_ab_test_analytics_args).
-        merge(getting_started_ab_test_analytics_bucket)
+        merge(getting_started_ab_test_analytics_bucket).
+        merge(phone_question_ab_test_analytics_bucket)
     end
   end
 end

app/controllers/concerns/idv/phone_question_ab_test_concern.rb

@@ -0,0 +1,30 @@
+module Idv
+  module PhoneQuestionAbTestConcern
+    def phone_question_ab_test_bucket
+      AbTests::IDV_PHONE_QUESTION.bucket(phone_question_user.uuid)
+    end
+
+    def phone_question_user
+      if defined?(document_capture_user) # hybrid flow
+        document_capture_user
+      else
+        current_user
+      end
+    end
+
+    def maybe_redirect_for_phone_question_ab_test
+      return if phone_question_ab_test_bucket != :show_phone_question
+      return if request.referer == idv_phone_question_url
+      return if request.referer == idv_link_sent_url
+
+      redirect_to idv_phone_question_url
+    end
+
+    def phone_question_ab_test_analytics_bucket
+      {
+        phone_question_ab_test_bucket:
+          phone_question_ab_test_bucket,
+      }
+    end
+  end
+end

app/controllers/concerns/idv/verify_info_concern.rb

@@ -24,6 +24,7 @@ def shared_update
       idv_session.vendor_phone_confirmation = false
       idv_session.user_phone_confirmation = false
 
+      # proof_resolution job expects these values
       pii[:uuid_prefix] = ServiceProvider.find_by(issuer: sp_session[:issuer])&.app_id
       pii[:ssn] = idv_session.ssn
       Idv::Agent.new(pii).proof_resolution(
@@ -238,7 +239,6 @@ def save_threatmetrix_status(form_response)
     def summarize_result_and_rate_limit_failures(summary_result)
       if summary_result.success?
         add_proofing_components
-        ssn_rate_limiter.reset!
       else
         idv_failure(summary_result)
       end

app/controllers/frontend_log_controller.rb

@@ -27,7 +27,6 @@ class FrontendLogController < ApplicationController
     'IdV: user clicked what to bring link on ready to verify page' => :idv_in_person_ready_to_verify_what_to_bring_link_clicked,
     'IdV: verify in person troubleshooting option clicked' => :idv_verify_in_person_troubleshooting_option_clicked,
     'Multi-Factor Authentication: download backup code' => :multi_factor_auth_backup_code_download,
-    'Sign In: IdV requirements accordion clicked' => :sign_in_idv_requirements_accordion_clicked,
     'User prompted before navigation' => :user_prompted_before_navigation,
     'User prompted before navigation and still on page' => :user_prompted_before_navigation_and_still_on_page,
   }.freeze

app/controllers/idv/by_mail/request_letter_controller.rb

@@ -12,8 +12,10 @@ class RequestLetterController < ApplicationController
       before_action :confirm_profile_not_too_old
 
       def index
+        @applicant = idv_session.applicant
         @presenter = RequestLetterPresenter.new(current_user, url_options)
         @step_indicator_current_step = step_indicator_current_step
+
         Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer).
           call(:usps_address, :view, true)
         analytics.idv_request_letter_visited(

app/controllers/idv/document_capture_controller.rb

@@ -5,7 +5,7 @@ class DocumentCaptureController < ApplicationController
     include IdvStepConcern
     include StepIndicatorConcern
 
-    before_action :confirm_not_rate_limited
+    before_action :confirm_not_rate_limited, except: [:update]
     before_action :confirm_hybrid_handoff_complete
     before_action :confirm_document_capture_needed
     before_action :override_csp_to_allow_acuant

app/controllers/idv/review_controller.rb → app/controllers/idv/enter_password_controller.rb

@@ -1,5 +1,5 @@
 module Idv
-  class ReviewController < ApplicationController
+  class EnterPasswordController < ApplicationController
     before_action :personal_key_confirmed
 
     include IdvStepConcern
@@ -19,7 +19,7 @@ class ReviewController < ApplicationController
     def new
       Funnel::DocAuth::RegisterStep.new(current_user.id, current_sp&.issuer).
         call(:encrypt, :view, true)
-      analytics.idv_review_info_visited(
+      analytics.idv_enter_password_visited(
         address_verification_method: address_verification_method,
         **ab_test_analytics_buckets,
       )
@@ -51,7 +51,7 @@ def create
 
       redirect_to next_step
 
-      analytics.idv_review_complete(
+      analytics.idv_enter_password_complete(
         success: true,
         fraud_review_pending: idv_session.profile.fraud_review_pending?,
         fraud_rejection: idv_session.profile.fraud_rejection?,
@@ -84,21 +84,21 @@ def step_indicator_step
     private
 
     def title
-      gpo_user_flow? ? t('titles.idv.review_letter') : t('titles.idv.review')
+      gpo_user_flow? ? t('titles.idv.enter_password_letter') : t('titles.idv.enter_password')
     end
 
     def heading
       if gpo_user_flow?
-        t('idv.titles.session.review_letter', app_name: APP_NAME)
+        t('idv.titles.session.enter_password_letter', app_name: APP_NAME)
       else
-        t('idv.titles.session.review', app_name: APP_NAME)
+        t('idv.titles.session.enter_password', app_name: APP_NAME)
       end
     end
 
     def confirm_current_password
       return if valid_password?
 
-      analytics.idv_review_complete(
+      analytics.idv_enter_password_complete(
         success: false,
         gpo_verification_pending: current_user.gpo_verification_pending_profile?,
         # note: this always returns false as of 8/23

app/controllers/idv/hybrid_handoff_controller.rb

@@ -3,11 +3,13 @@ class HybridHandoffController < ApplicationController
     include ActionView::Helpers::DateHelper
     include IdvStepConcern
     include StepIndicatorConcern
+    include PhoneQuestionAbTestConcern
 
     before_action :confirm_not_rate_limited
     before_action :confirm_verify_info_step_needed
     before_action :confirm_agreement_step_complete
     before_action :confirm_hybrid_handoff_needed, only: :show
+    before_action :maybe_redirect_for_phone_question_ab_test, only: :show
 
     def show
       analytics.idv_doc_auth_hybrid_handoff_visited(**analytics_arguments)

app/controllers/idv/otp_verification_controller.rb

@@ -33,7 +33,7 @@ def update
       if result.success?
         idv_session.user_phone_confirmation = true
         save_in_person_notification_phone
-        flash[:success] = t('idv.messages.review.phone_verified')
+        flash[:success] = t('idv.messages.enter_password.phone_verified')
         redirect_to idv_review_url
       else
         handle_otp_confirmation_failure

app/controllers/idv/personal_key_controller.rb

@@ -30,6 +30,7 @@ def update
         fraud_review_pending: fraud_review_pending?,
         fraud_rejection: fraud_rejection?,
       )
+      idv_session.personal_key = nil
       redirect_to next_step
     end
 
@@ -63,8 +64,7 @@ def finish_idv_session
       @code = personal_key
       @personal_key_generated_at = current_user.personal_key_generated_at
 
-      user_session[:personal_key] = @code
-      idv_session.personal_key = nil
+      idv_session.personal_key = @code
 
       irs_attempts_api_tracker.idv_personal_key_generated
     end

app/controllers/idv/phone_controller.rb

@@ -145,6 +145,7 @@ def set_idv_form
         allowed_countries:
           PhoneNumberCapabilities::ADDRESS_IDENTITY_PROOFING_SUPPORTED_COUNTRY_CODES,
         failed_phone_numbers: idv_session.failed_phone_step_numbers,
+        hybrid_handoff_phone_number: idv_session.phone_for_mobile_flow,
       )
     end
 
@@ -171,14 +172,15 @@ def async_state_done(async_state)
             [:context, :stages, :address],
           ],
           new_phone_added: new_phone_added?,
+          hybrid_handoff_phone_used: hybrid_handoff_phone_used?,
         ),
       )
 
-      if async_state.result[:success]
-        rate_limiter.reset!
-        redirect_to_next_step and return
+      if form_result.success?
+        redirect_to_next_step
+      else
+        handle_proofing_failure
       end
-      handle_proofing_failure
     end
 
     def is_req_from_frontend?
@@ -198,8 +200,18 @@ def new_phone_added?
       configured_phones = context.phone_configurations.map(&:phone).map do |number|
         PhoneFormatter.format(number)
       end
-      applicant_phone = PhoneFormatter.format(idv_session.applicant['phone'])
-      !configured_phones.include?(applicant_phone)
+      !configured_phones.include?(formatted_previous_phone_step_params_phone)
+    end
+
+    def hybrid_handoff_phone_used?
+      formatted_previous_phone_step_params_phone ==
+        PhoneFormatter.format(idv_session.phone_for_mobile_flow)
+    end
+
+    def formatted_previous_phone_step_params_phone
+      PhoneFormatter.format(
+        idv_session.previous_phone_step_params&.fetch('phone'),
+      )
     end
 
     def gpo_letter_available