18F · mdiarra3 · Oct 26, 2023 · Oct 23, 2023 · Oct 23, 2023 · Oct 23, 2023
diff --git a/Makefile b/Makefile
@@ -115,8 +115,8 @@ lint_yarn_workspaces: ## Lints Yarn workspace packages
 	scripts/validate-workspaces.js
 
 lint_asset_bundle_size: ## Lints JavaScript and CSS compiled bundle size
-	find app/assets/builds/application.css -size -350000c | grep .
-	find public/packs/js/application-*.digested.js -size -8000c | grep .
+	find app/assets/builds/application.css -size -270000c | grep .
+	find public/packs/js/application-*.digested.js -size -5000c | grep .
 
 lint_migrations:
 	scripts/migration_check

diff --git a/app/assets/stylesheets/_uswds-form-controls.scss b/app/assets/stylesheets/_uswds-form-controls.scss
@@ -1,7 +1,6 @@
 @forward 'usa-checkbox';
 @forward 'usa-error-message';
 @forward 'usa-fieldset';
-@forward 'usa-file-input';
 @forward 'usa-form-group';
 @forward 'usa-hint';
 @forward 'usa-input';

diff --git a/app/assets/stylesheets/_uswds.scss b/app/assets/stylesheets/_uswds.scss
@@ -18,7 +18,6 @@
 @forward 'usa-modal';
 @forward 'usa-nav';
 @forward 'usa-process-list';
-@forward 'usa-prose';
 @forward 'usa-sidenav';
 @forward 'usa-skipnav';
 @forward 'usa-step-indicator';

diff --git a/app/assets/stylesheets/components/_index.scss b/app/assets/stylesheets/components/_index.scss
@@ -6,7 +6,6 @@
 @forward 'btn';
 @forward 'card';
 @forward 'code';
-@forward 'file-input';
 @forward 'form-steps';
 @forward 'footer';
 @forward 'form';

diff --git a/app/components/accordion_component.html.erb b/app/components/accordion_component.html.erb
@@ -10,7 +10,7 @@
     </button>
   </div>
   <div id="accordion-<%= unique_id %>" class="usa-accordion__container">
-    <div class="usa-accordion__content usa-prose">
+    <div class="usa-accordion__content">
       <%= content %>
     </div>
   </div>

diff --git a/app/components/webauthn_verify_button_component.html.erb b/app/components/webauthn_verify_button_component.html.erb
@@ -18,9 +18,7 @@
       <%= t('two_factor_authentication.webauthn_authenticating') %>
     </p>
   </div>
-  <%= render ButtonComponent.new(
-        big: true,
-        wide: true,
+  <%= render SubmitButtonComponent.new(
         class: 'webauthn-verify-button__button display-block margin-y-3',
       ).with_content(content) %>
   <%= hidden_field_tag :credential_id, '' %>

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -221,7 +221,7 @@ def after_sign_in_path_for(_user)
   end
 
   def signed_in_url
-    return url_for_pending_profile_reason if user_has_pending_profile?
+    return idv_verify_by_mail_enter_code_url if current_user.gpo_verification_pending_profile?
     return backup_code_reminder_url if user_needs_backup_code_reminder?
     account_path
   end

diff --git a/app/controllers/concerns/idv/step_indicator_concern.rb b/app/controllers/concerns/idv/step_indicator_concern.rb
@@ -43,11 +43,12 @@ def in_person_proofing?
     end
 
     def gpo_address_verification?
-      # Proofing component values are (currently) never reset between proofing attempts, hence why
-      # this refers to the session address verification mechanism and not the proofing component.
-      return true if current_user&.gpo_verification_pending_profile?
+      # This can be used in a context where user_session and idv_session are not available
+      # (hybrid flow), so check for current_user before accessing them.
+      return false unless current_user
+      return true if current_user.gpo_verification_pending_profile?
 
-      return idv_session&.address_verification_mechanism == 'gpo' if defined?(idv_session)
+      return idv_session.address_verification_mechanism == 'gpo'
     end
   end
 end
diff --git a/app/controllers/concerns/idv_session.rb b/app/controllers/concerns/idv_session.rb
@@ -21,7 +21,7 @@ def hybrid_session?
   def confirm_phone_or_address_confirmed
     return if idv_session.address_confirmed? || idv_session.phone_confirmed?
 
-    redirect_to idv_review_url
+    redirect_to idv_enter_password_url
   end
 
   def idv_session

diff --git a/app/controllers/concerns/idv_step_concern.rb b/app/controllers/concerns/idv_step_concern.rb
@@ -99,7 +99,7 @@ def confirm_verify_info_step_complete
 
   def confirm_verify_info_step_needed
     return unless idv_session.verify_info_step_complete?
-    redirect_to idv_review_url
+    redirect_to idv_enter_password_url
   end
 
   def confirm_address_step_complete

diff --git a/app/controllers/concerns/mfa_setup_concern.rb b/app/controllers/concerns/mfa_setup_concern.rb
@@ -6,24 +6,17 @@ def next_setup_path
       auth_method_confirmation_url
     elsif next_setup_choice
       confirmation_path
-    else
-      if user_session[:mfa_selections]
-        analytics.user_registration_mfa_setup_complete(
-          mfa_method_counts: mfa_context.enabled_two_factor_configuration_counts_hash,
-          in_account_creation_flow: user_session[:in_account_creation_flow] || false,
-          enabled_mfa_methods_count: mfa_context.enabled_mfa_methods_count,
-          pii_like_keypaths: [[:mfa_method_counts, :phone]],
-          second_mfa_reminder_conversion: user_session.delete(:second_mfa_reminder_conversion),
-          success: true,
-        )
-      end
+    elsif user_session[:mfa_selections]
+      track_user_registration_mfa_setup_complete_event
       user_session.delete(:mfa_selections)
-      nil
+
+      sign_up_completed_path
     end
   end
 
   def confirmation_path(next_mfa_selection_choice = nil)
     user_session[:next_mfa_selection_choice] = next_mfa_selection_choice || next_setup_choice
+
     case user_session[:next_mfa_selection_choice]
     when 'voice', 'sms', 'phone'
       phone_setup_url
@@ -80,6 +73,17 @@ def show_skip_additional_mfa_link?
 
   private
 
+  def track_user_registration_mfa_setup_complete_event
+    analytics.user_registration_mfa_setup_complete(
+      mfa_method_counts: mfa_context.enabled_two_factor_configuration_counts_hash,
+      in_account_creation_flow: user_session[:in_account_creation_flow] || false,
+      enabled_mfa_methods_count: mfa_context.enabled_mfa_methods_count,
+      pii_like_keypaths: [[:mfa_method_counts, :phone]],
+      second_mfa_reminder_conversion: user_session.delete(:second_mfa_reminder_conversion),
+      success: true,
+    )
+  end
+
   def determine_next_mfa
     return unless user_session[:mfa_selections]
     current_setup_step = user_session[:next_mfa_selection_choice]

diff --git a/app/controllers/concerns/remember_device_concern.rb b/app/controllers/concerns/remember_device_concern.rb
@@ -64,9 +64,8 @@ def expired_for_interval?(user, interval)
   end
 
   def has_remember_device_auth_event?
-    auth_methods_session.auth_events.any? do |auth_event|
-      auth_event[:auth_method] == TwoFactorAuthenticatable::AuthMethod::REMEMBER_DEVICE
-    end
+    auth_methods_session.last_auth_event&.fetch(:auth_method) ==
+      TwoFactorAuthenticatable::AuthMethod::REMEMBER_DEVICE
   end
 
   def handle_valid_remember_device_cookie(remember_device_cookie:)

diff --git a/app/controllers/idv/by_mail/enter_code_controller.rb b/app/controllers/idv/by_mail/enter_code_controller.rb
@@ -23,15 +23,14 @@ def index
           return
         end
 
-        gpo_mail = Idv::GpoMail.new(current_user)
-        @gpo_mail_spammed = gpo_mail.mail_spammed?
         @last_date_letter_was_sent = last_date_letter_was_sent
         @gpo_verify_form = GpoVerifyForm.new(user: current_user, pii: pii)
         @code = session[:last_gpo_confirmation_code] if FeatureManagement.reveal_gpo_code?
 
-        @should_prompt_user_to_request_another_letter =
+        gpo_mail = Idv::GpoMail.new(current_user)
+        @can_request_another_letter =
           FeatureManagement.gpo_verification_enabled? &&
-          !@gpo_mail_spammed &&
+          !gpo_mail.mail_spammed? &&
           !gpo_mail.profile_too_old?
 
         if pii_locked?

diff --git a/app/controllers/idv/by_mail/request_letter_controller.rb b/app/controllers/idv/by_mail/request_letter_controller.rb
@@ -34,7 +34,7 @@ def create
           flash[:success] = t('idv.messages.gpo.another_letter_on_the_way')
           redirect_to idv_letter_enqueued_url
         else
-          redirect_to idv_review_url
+          redirect_to idv_enter_password_url
         end
       end
 
@@ -83,7 +83,7 @@ def first_letter_requested_at
       end
 
       def confirm_mail_not_spammed
-        redirect_to idv_review_url if gpo_mail_service.mail_spammed?
+        redirect_to idv_enter_password_url if gpo_mail_service.mail_spammed?
       end
 
       def confirm_user_completed_idv_profile_step

diff --git a/app/controllers/idv/cancellations_controller.rb b/app/controllers/idv/cancellations_controller.rb
@@ -33,6 +33,16 @@ def destroy
       end
     end
 
+    def exit
+      analytics.idv_cancellation_confirmed(step: params[:step])
+      cancel_session
+      if hybrid_session?
+        render :destroy
+      else
+        redirect_to cancelled_redirect_path
+      end
+    end
+
     private
 
     def barcode_step?

diff --git a/app/controllers/idv/confirm_start_over_controller.rb b/app/controllers/idv/confirm_start_over_controller.rb
@@ -10,22 +10,13 @@ class ConfirmStartOverController < ApplicationController
     def index
       @step_indicator_step = requested_letter_before? ? :get_a_letter : :verify_phone_or_address
 
-      # Temporarily check referer until request letter view is updated to link to
-      # the before_letter route
-      if request.referer == idv_request_letter_url
-        analytics.idv_gpo_confirm_start_over_before_letter_visited
-        render 'idv/confirm_start_over/before_letter'
-      else
-        analytics.idv_gpo_confirm_start_over_visited
-        render :index
-      end
+      analytics.idv_gpo_confirm_start_over_visited
     end
 
     def before_letter
       @step_indicator_step = requested_letter_before? ? :get_a_letter : :verify_phone_or_address
-      analytics.idv_gpo_confirm_start_over_before_letter_visited
 
-      render 'idv/confirm_start_over/before_letter'
+      analytics.idv_gpo_confirm_start_over_before_letter_visited
     end
 
     private

diff --git a/app/controllers/idv/document_capture_controller.rb b/app/controllers/idv/document_capture_controller.rb
@@ -4,6 +4,7 @@ class DocumentCaptureController < ApplicationController
     include DocumentCaptureConcern
     include IdvStepConcern
     include StepIndicatorConcern
+    include PhoneQuestionAbTestConcern
 
     before_action :confirm_not_rate_limited, except: [:update]
     before_action :confirm_hybrid_handoff_complete
@@ -47,6 +48,7 @@ def extra_view_variables
         failure_to_proof_url: return_to_sp_failure_to_proof_url(step: 'document_capture'),
       }.merge(
         acuant_sdk_upgrade_a_b_testing_variables,
+        phone_question_ab_test_analytics_bucket,
       )
     end
 

diff --git a/app/controllers/idv/enter_password_controller.rb b/app/controllers/idv/enter_password_controller.rb
@@ -27,11 +27,6 @@ def new
       @title = title
       @heading = heading
 
-      flash_now = flash.now
-      if gpo_mail_service.mail_spammed?
-        flash_now[:error] = t('idv.errors.mail_limit_reached')
-      end
-
       @verifying_by_mail = address_verification_method == 'gpo'
     end
 
@@ -110,7 +105,7 @@ def confirm_current_password
       irs_attempts_api_tracker.idv_password_entered(success: false)
 
       flash[:error] = t('idv.errors.incorrect_password')
-      redirect_to idv_review_url
+      redirect_to idv_enter_password_url
     end
 
     def gpo_mail_service
@@ -191,7 +186,7 @@ def handle_request_enroll_exception(err)
         reason: 'Request exception',
       )
       flash[:error] = t('idv.failure.exceptions.internal_error')
-      redirect_to idv_review_url
+      redirect_to idv_enter_password_url
     end
   end
 end
diff --git a/app/controllers/idv/hybrid_mobile/document_capture_controller.rb b/app/controllers/idv/hybrid_mobile/document_capture_controller.rb
@@ -3,6 +3,7 @@ module HybridMobile
     class DocumentCaptureController < ApplicationController
       include DocumentCaptureConcern
       include HybridMobileConcern
+      include PhoneQuestionAbTestConcern
 
       before_action :check_valid_document_capture_session
       before_action :override_csp_to_allow_acuant
@@ -42,6 +43,7 @@ def extra_view_variables
           failure_to_proof_url: return_to_sp_failure_to_proof_url(step: 'document_capture'),
         }.merge(
           acuant_sdk_upgrade_a_b_testing_variables,
+          phone_question_ab_test_analytics_bucket,
         )
       end
 

diff --git a/app/controllers/idv/link_sent_controller.rb b/app/controllers/idv/link_sent_controller.rb
@@ -3,6 +3,7 @@ class LinkSentController < ApplicationController
     include DocumentCaptureConcern
     include IdvStepConcern
     include StepIndicatorConcern
+    include PhoneQuestionAbTestConcern
 
     before_action :confirm_not_rate_limited
     before_action :confirm_hybrid_handoff_complete
@@ -32,7 +33,9 @@ def update
     end
 
     def extra_view_variables
-      { phone: idv_session.phone_for_mobile_flow }
+      { phone: idv_session.phone_for_mobile_flow }.merge(
+        phone_question_ab_test_analytics_bucket,
+      )
     end
 
     private

diff --git a/app/controllers/idv/otp_verification_controller.rb b/app/controllers/idv/otp_verification_controller.rb
@@ -34,7 +34,7 @@ def update
         idv_session.user_phone_confirmation = true
         save_in_person_notification_phone
         flash[:success] = t('idv.messages.enter_password.phone_verified')
-        redirect_to idv_review_url
+        redirect_to idv_enter_password_url
       else
         handle_otp_confirmation_failure
       end
@@ -44,7 +44,7 @@ def update
 
     def confirm_step_needed
       return unless idv_session.user_phone_confirmation
-      redirect_to idv_review_url
+      redirect_to idv_enter_password_url
     end
 
     def confirm_otp_sent

diff --git a/app/controllers/idv/phone_controller.rb b/app/controllers/idv/phone_controller.rb
@@ -73,7 +73,7 @@ def redirect_to_next_step
           send_phone_confirmation_otp_and_handle_result
         end
       else
-        redirect_to idv_review_url
+        redirect_to idv_enter_password_url
       end
     end
 

diff --git a/app/controllers/idv/phone_errors_controller.rb b/app/controllers/idv/phone_errors_controller.rb
@@ -46,7 +46,7 @@ def rate_limiter
 
     def confirm_idv_phone_step_needed
       return unless user_fully_authenticated?
-      redirect_to idv_review_url if idv_session.user_phone_confirmation == true
+      redirect_to idv_enter_password_url if idv_session.user_phone_confirmation == true
     end
 
     def confirm_idv_phone_step_submitted

diff --git a/app/controllers/idv/resend_otp_controller.rb b/app/controllers/idv/resend_otp_controller.rb
@@ -30,7 +30,7 @@ def handle_send_phone_confirmation_otp_failure(result)
 
     def confirm_user_phone_confirmation_needed
       return unless idv_session.user_phone_confirmation
-      redirect_to idv_review_url
+      redirect_to idv_enter_password_url
     end
 
     def confirm_user_phone_confirmation_session_started

diff --git a/app/controllers/idv/session_errors_controller.rb b/app/controllers/idv/session_errors_controller.rb
@@ -18,6 +18,7 @@ def warning
         rate_limit_type: :idv_resolution,
       )
 
+      @step_indicator_steps = step_indicator_steps
       @remaining_attempts = rate_limiter.remaining_count
       log_event(based_on_limiter: rate_limiter)
     end

diff --git a/app/controllers/mfa_confirmation_controller.rb b/app/controllers/mfa_confirmation_controller.rb
@@ -40,7 +40,7 @@ def after_skip_path
     if backup_code_confirmation_needed?
       confirm_backup_codes_path
     else
-      after_mfa_setup_path
+      sign_up_completed_path
     end
   end
 

diff --git a/app/controllers/sign_up/completions_controller.rb b/app/controllers/sign_up/completions_controller.rb
@@ -81,14 +81,16 @@ def sign_user_out_and_instruct_to_go_back_to_mobile_app
     end
 
     def analytics_attributes(page_occurence)
-      { ial2: sp_session[:ial2],
+      {
+        ial2: sp_session[:ial2],
         ialmax: sp_session[:ialmax],
         service_provider_name: decorated_sp_session.sp_name,
         sp_session_requested_attributes: sp_session[:requested_attributes],
         sp_request_requested_attributes: service_provider_request.requested_attributes,
         page_occurence: page_occurence,
         in_account_creation_flow: user_session[:in_account_creation_flow] || false,
-        needs_completion_screen_reason: needs_completion_screen_reason }
+        needs_completion_screen_reason: needs_completion_screen_reason,
+      }
     end
 
     def track_completion_event(last_page)
-Original file line number
+Diff line change
@@ Expand Up / @@ -73,7 +73,7 @@ def redirect_to_next_step @@
               send_phone_confirmation_otp_and_handle_result
             end
           else
-            redirect_to idv_review_url
+            redirect_to idv_enter_password_url
           end
         end
@@ Expand Down @@