Merge pull request #10723 from 18F/stages/rc-2024-05-30

Deploy RC 385 to Production

.gitlab-ci.yml

@@ -363,7 +363,7 @@ trigger_devops:
     name: dtzar/helm-kubectl:latest
   script:
     - kubectl config get-contexts
-    - export CONTEXT=$(kubectl config get-contexts | grep -v CURRENT | awk '{print $1}' | head -1)
+    - export CONTEXT=$(kubectl config get-contexts | grep review-apps | awk '{print $1}' | head -1)
     - kubectl config use-context "$CONTEXT"
     - |-
       export IDP_CONFIG=$(cat <<EOF
@@ -520,7 +520,7 @@ review-app:
 stop-review-app:
   resource_group: $CI_ENVIRONMENT_SLUG.review-app.identitysandbox.gov
   script:
-    - export CONTEXT=$(kubectl config get-contexts | grep -v CURRENT | awk '{print $1}' | head -1)
+    - export CONTEXT=$(kubectl config get-contexts | grep review-apps | awk '{print $1}' | head -1)
     - kubectl config use-context "$CONTEXT"
     - helm uninstall --namespace review-apps $CI_ENVIRONMENT_SLUG
   stage: review

.rubocop.yml

@@ -1019,6 +1019,10 @@ Security/YAMLLoad:
   Enabled: true
   SafeAutoCorrect: false
 
+Style/Alias:
+  Enabled: true
+  EnforcedStyle: prefer_alias_method
+
 Style/AndOr:
   Description: Use &&/|| instead of and/or.
   StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-and-or-or

app/controllers/frontend_log_controller.rb

@@ -30,7 +30,6 @@ class FrontendLogController < ApplicationController
     'IdV: Link sent capture doc polling started' => :idv_link_sent_capture_doc_polling_started,
     'IdV: location submitted' => :idv_in_person_location_submitted,
     'IdV: location visited' => :idv_in_person_location_visited,
-    'IdV: Mobile device and camera check' => :idv_mobile_device_and_camera_check,
     'IdV: Native camera forced after failed attempts' => :idv_native_camera_forced,
     'IdV: personal key acknowledgment toggled' => :idv_personal_key_acknowledgment_toggled,
     'IdV: prepare submitted' => :idv_in_person_prepare_submitted,

app/controllers/openid_connect/authorization_controller.rb

@@ -74,7 +74,7 @@ def check_sp_active
     end
 
     def check_sp_handoff_bounced
-      return unless SpHandoffBounce::IsBounced.call(sp_session)
+      return unless sp_handoff_bouncer.bounced?
       analytics.sp_handoff_bounced_detected
       redirect_to bounced_url
       true
@@ -120,7 +120,7 @@ def resolved_authn_context_int_ial
 
     def handle_successful_handoff
       track_events
-      SpHandoffBounce::AddHandoffTimeToSession.call(sp_session)
+      sp_handoff_bouncer.add_handoff_time!
 
       redirect_user(
         @authorize_form.success_redirect_uri,
@@ -261,5 +261,9 @@ def redirect_user(redirect_uri, issuer, user_uuid)
         )
       end
     end
+
+    def sp_handoff_bouncer
+      @sp_handoff_bouncer ||= SpHandoffBouncer.new(sp_session)
+    end
   end
 end

app/jobs/resolution_proofing_job.rb

@@ -23,6 +23,7 @@ def perform(
     should_proof_state_id:,
     ipp_enrollment_in_progress:,
     user_id: nil,
+    service_provider_issuer: nil, # rubocop:disable Lint/UnusedMethodArgument
     threatmetrix_session_id: nil,
     request_ip: nil,
     instant_verify_ab_test_discriminator: nil

app/presenters/openid_connect_user_info_presenter.rb

@@ -85,7 +85,7 @@ def x509_attributes
     {
       x509_subject: stringify_attr(x509_data.subject),
       x509_issuer: stringify_attr(x509_data.issuer),
-      x509_presented:,
+      x509_presented: !!x509_data.presented.raw,
     }
   end
 
@@ -172,16 +172,6 @@ def x509_session?
     identity.piv_cac_enabled?
   end
 
-  def x509_presented
-    if IdentityConfig.store.x509_presented_hash_attribute_requested_issuers.include?(
-      identity&.service_provider,
-    )
-      x509_data.presented
-    else
-      !!x509_data.presented.raw
-    end
-  end
-
   def active_profile
     identity.user&.active_profile
   end

app/services/analytics_events.rb

@@ -2601,28 +2601,6 @@ def idv_mail_only_warning_visited(**extra)
     )
   end
 
-  # Tracks whether the user's device appears to be mobile device with a camera attached.
-  # @param [Boolean] is_camera_capable_mobile Whether we think the device _could_ have a camera.
-  # @param [Boolean,nil] camera_present Whether the user's device _actually_ has a camera available.
-  # @param [Integer,nil] grace_time Extra time allowed for browser to report camera availability.
-  # @param [Integer,nil] duration Time taken for browser to report camera availability.
-  def idv_mobile_device_and_camera_check(
-    is_camera_capable_mobile:,
-    camera_present: nil,
-    grace_time: nil,
-    duration: nil,
-    **extra
-  )
-    track_event(
-      'IdV: Mobile device and camera check',
-      is_camera_capable_mobile: is_camera_capable_mobile,
-      camera_present: camera_present,
-      grace_time: grace_time,
-      duration: duration,
-      **extra,
-    )
-  end
-
   # @param [Integer] failed_capture_attempts Number of failed Acuant SDK attempts
   # @param [Integer] failed_submission_attempts Number of failed Acuant doc submissions
   # @param [String] field Image form field
@@ -3069,57 +3047,6 @@ def idv_phone_of_record_visited(
     )
   end
 
-  # @param ["sms", "voice"] otp_delivery_preference
-  # @param [Boolean] success
-  # @param [Hash] errors
-  # @param [Hash] error_details
-  # @param [Idv::ProofingComponentsLogging] proofing_components User's current proofing components
-  # @param [String,nil] active_profile_idv_level ID verification level of user's active profile.
-  # @param [String,nil] pending_profile_idv_level ID verification level of user's pending profile.
-  def idv_phone_otp_delivery_selection_submitted(
-    success:,
-    otp_delivery_preference:,
-    proofing_components: nil,
-    errors: nil,
-    error_details: nil,
-    active_profile_idv_level: nil,
-    pending_profile_idv_level: nil,
-    **extra
-  )
-    track_event(
-      'IdV: Phone OTP Delivery Selection Submitted',
-      {
-        success: success,
-        errors: errors,
-        error_details: error_details,
-        otp_delivery_preference: otp_delivery_preference,
-        proofing_components: proofing_components,
-        **extra,
-      }.compact,
-      active_profile_idv_level: active_profile_idv_level,
-      pending_profile_idv_level: pending_profile_idv_level,
-    )
-  end
-
-  # @param [Idv::ProofingComponentsLogging] proofing_components User's current proofing components
-  # @param [String,nil] active_profile_idv_level ID verification level of user's active profile.
-  # @param [String,nil] pending_profile_idv_level ID verification level of user's pending profile.
-  # User visited idv phone OTP delivery selection
-  def idv_phone_otp_delivery_selection_visit(
-    proofing_components: nil,
-    active_profile_idv_level: nil,
-    pending_profile_idv_level: nil,
-    **extra
-  )
-    track_event(
-      'IdV: Phone OTP delivery Selection Visited',
-      proofing_components: proofing_components,
-      active_profile_idv_level: active_profile_idv_level,
-      pending_profile_idv_level: pending_profile_idv_level,
-      **extra,
-    )
-  end
-
   # @param [Idv::ProofingComponentsLogging] proofing_components User's current proofing components
   # @param [String] step the step the user was on when they clicked use a different phone number
   # User decided to use a different phone number in idv
@@ -3669,28 +3596,6 @@ def invalid_authenticity_token(
     )
   end
 
-  # @param [Integer] rendered_event_count how many events were rendered in the API response
-  # @param [Boolean] authenticated whether the request was successfully authenticated
-  # @param [Float] elapsed_time the amount of time the function took to run
-  # @param [Boolean] success
-  # An IRS Attempt API client has requested events
-  def irs_attempts_api_events(
-    rendered_event_count:,
-    authenticated:,
-    elapsed_time:,
-    success:,
-    **extra
-  )
-    track_event(
-      'IRS Attempt API: Events submitted',
-      rendered_event_count: rendered_event_count,
-      authenticated: authenticated,
-      elapsed_time: elapsed_time,
-      success: success,
-      **extra,
-    )
-  end
-
   # @param [Boolean] success
   # @param [String] client_id
   # @param [Boolean] client_id_parameter_present
@@ -4642,13 +4547,6 @@ def proofing_address_result_missing
     track_event('Proofing Address Result Missing')
   end
 
-  # @identity.idp.previous_event_name Proofing Document Timeout
-  # The job for document authentication did not record a result in the expected
-  # place during the expected time frame
-  def proofing_document_result_missing
-    track_event('Proofing Document Result Missing')
-  end
-
   # Tracks when a user triggered a rate limiter
   # @param [String] limiter_type
   # @identity.idp.previous_event_name Throttler Rate Limit Triggered

app/services/encryption/user_access_key.rb

@@ -53,7 +53,7 @@ def unlock(encryption_key_arg)
     def unlocked?
       cek.present?
     end
-    alias built? unlocked?
+    alias_method :built?, :unlocked?
 
     def encryption_key
       Base64.strict_encode64(masked_ciphertext)

app/services/idv/analytics_events_enhancer.rb

@@ -89,7 +89,6 @@ module AnalyticsEventsEnhancer
       idv_link_sent_capture_doc_polling_complete
       idv_link_sent_capture_doc_polling_started
       idv_mail_only_warning_visited
-      idv_mobile_device_and_camera_check
       idv_native_camera_forced
       idv_not_verified_visited
       idv_phone_use_different

app/services/marketing_site.rb

@@ -16,7 +16,7 @@ class UnknownArticleException < StandardError; end
     verify-your-identity/verify-your-identity-in-person
     verify-your-identity/phone-number
     verify-your-identity/verify-your-address-by-mail
-    verify-your-identity/how-to-verify-your-identity
+    verify-your-identity/overview
   ].to_set.freeze
 
   def self.locale_segment

app/services/proofing/aamva/hmac_secret.rb

@@ -27,7 +27,7 @@ class HmacSecret
 
       attr_reader :client_secret, :server_secret, :psha1
 
-      alias secret client_secret
+      alias_method :secret, :client_secret
 
       def initialize(encoded_client_secret, encoded_server_secret)
         @client_secret = Base64.decode64(encoded_client_secret)

app/services/sp_handoff_bouncer.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class SpHandoffBouncer
+  attr_reader :sp_session
+
+  def initialize(sp_session)
+    @sp_session = sp_session
+  end
+
+  def add_handoff_time!(now = Time.zone.now)
+    sp_session[:sp_handoff_start_time] = now
+  end
+
+  def bounced?(now = Time.zone.now)
+    start_time = sp_session[:sp_handoff_start_time]
+    return false if start_time.blank?
+    start_time = Time.zone.parse(start_time) if start_time.instance_of?(String)
+    now <= (start_time + IdentityConfig.store.sp_handoff_bounce_max_seconds.seconds)
+  end
+end

app/services/x509/attribute.rb

@@ -13,6 +13,6 @@ def initialize(raw: nil, norm: nil)
     end
 
     delegate :blank?, :present?, :to_s, :to_date, :==, :eql?, to: :raw
-    alias to_str to_s
+    alias_method :to_str, :to_s
   end
 end

app/views/idv/how_to_verify/show.html.erb

@@ -100,17 +100,23 @@
       heading: t('doc_auth.info.how_to_verify_troubleshooting_options_header'),
       options: [
         {
-          url: MarketingSite.help_center_article_url(
+          url: help_center_redirect_path(
             category: 'verify-your-identity',
-            article: 'how-to-verify-your-identity',
+            article: 'overview',
+            flow: :idv,
+            step: :how_to_verify,
+            location: 'troubleshooting_options',
           ),
           text: t('doc_auth.info.verify_online_link_text'),
           new_tab: true,
         },
         {
-          url: MarketingSite.help_center_article_url(
+          url: help_center_redirect_path(
             category: 'verify-your-identity',
             article: 'verify-your-identity-in-person',
+            flow: :idv,
+            step: :how_to_verify,
+            location: 'troubleshooting_options',
           ),
           text: t('doc_auth.info.verify_at_post_office_link_text'),
           new_tab: true,

app/views/idv/welcome/show.html.erb

@@ -11,7 +11,7 @@
             t('doc_auth.info.getting_started_learn_more'),
             help_center_redirect_path(
               category: 'verify-your-identity',
-              article: 'how-to-verify-your-identity',
+              article: 'overview',
               flow: :idv,
               step: :welcome,
               location: 'intro_paragraph',

config/application.yml.default

@@ -371,7 +371,6 @@ get_usps_proofing_results_job_request_delay_milliseconds: 1000
 voice_otp_pause_time: '0.5s'
 voice_otp_speech_rate: 'slow'
 weekly_auth_funnel_report_config: '[]'
-x509_presented_hash_attribute_requested_issuers: '[]'
 
 development:
   aamva_private_key: 123abc

config/initializers/rack_timeout.rb

@@ -21,8 +21,8 @@ def call_with_excludes(env)
       end
     end
 
-    alias call_without_excludes call
-    alias call call_with_excludes
+    alias_method :call_without_excludes, :call
+    alias_method :call, :call_with_excludes
   end
 end
 

config/locales/es.yml

@@ -786,8 +786,8 @@ event_types.piv_cac_disabled: Tarjeta PIV o CAC no asociada
 event_types.piv_cac_enabled: Tarjeta PIV o CAC asociada
 event_types.sign_in_after_2fa: Inicio de sesión con un segundo factor
 event_types.sign_in_before_2fa: Inicio de sesión con contraseña
-event_types.sign_in_notification_timeframe_expired: Plazo de notificación expirado para el inicio de sesión desde un nuevo dispositivo
-event_types.sign_in_unsuccessful_2fa: Error al autenticar
+event_types.sign_in_notification_timeframe_expired: Venció el tiempo del mensaje para iniciar sesión en un dispositivo nuevo
+event_types.sign_in_unsuccessful_2fa: No se pudo autenticar
 event_types.webauthn_key_added: Clave de seguridad de hardware añadida
 event_types.webauthn_key_removed: Clave de seguridad de hardware eliminada
 forms.backup_code_regenerate.caution: Si vuelve a generar sus códigos de recuperación, recibirá un conjunto nuevo de códigos. Sus códigos de recuperación originales ya no serán válidos.