diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2083b53f37d..c27d29f2798 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -363,7 +363,7 @@ trigger_devops: name: dtzar/helm-kubectl:latest script: - kubectl config get-contexts - - export CONTEXT=$(kubectl config get-contexts | grep -v CURRENT | awk '{print $1}' | head -1) + - export CONTEXT=$(kubectl config get-contexts | grep review-apps | awk '{print $1}' | head -1) - kubectl config use-context "$CONTEXT" - |- export IDP_CONFIG=$(cat < :idv_link_sent_capture_doc_polling_started, 'IdV: location submitted' => :idv_in_person_location_submitted, 'IdV: location visited' => :idv_in_person_location_visited, - 'IdV: Mobile device and camera check' => :idv_mobile_device_and_camera_check, 'IdV: Native camera forced after failed attempts' => :idv_native_camera_forced, 'IdV: personal key acknowledgment toggled' => :idv_personal_key_acknowledgment_toggled, 'IdV: prepare submitted' => :idv_in_person_prepare_submitted, diff --git a/app/controllers/openid_connect/authorization_controller.rb b/app/controllers/openid_connect/authorization_controller.rb index 85e80de2676..76bfbada3a2 100644 --- a/app/controllers/openid_connect/authorization_controller.rb +++ b/app/controllers/openid_connect/authorization_controller.rb @@ -74,7 +74,7 @@ def check_sp_active end def check_sp_handoff_bounced - return unless SpHandoffBounce::IsBounced.call(sp_session) + return unless sp_handoff_bouncer.bounced? analytics.sp_handoff_bounced_detected redirect_to bounced_url true @@ -120,7 +120,7 @@ def resolved_authn_context_int_ial def handle_successful_handoff track_events - SpHandoffBounce::AddHandoffTimeToSession.call(sp_session) + sp_handoff_bouncer.add_handoff_time! redirect_user( @authorize_form.success_redirect_uri, @@ -261,5 +261,9 @@ def redirect_user(redirect_uri, issuer, user_uuid) ) end end + + def sp_handoff_bouncer + @sp_handoff_bouncer ||= SpHandoffBouncer.new(sp_session) + end end end diff --git a/app/jobs/resolution_proofing_job.rb b/app/jobs/resolution_proofing_job.rb index 868cc78ae71..9a7372d61df 100644 --- a/app/jobs/resolution_proofing_job.rb +++ b/app/jobs/resolution_proofing_job.rb @@ -23,6 +23,7 @@ def perform( should_proof_state_id:, ipp_enrollment_in_progress:, user_id: nil, + service_provider_issuer: nil, # rubocop:disable Lint/UnusedMethodArgument threatmetrix_session_id: nil, request_ip: nil, instant_verify_ab_test_discriminator: nil diff --git a/app/presenters/openid_connect_user_info_presenter.rb b/app/presenters/openid_connect_user_info_presenter.rb index 23d3f02c607..2b774c7e55e 100644 --- a/app/presenters/openid_connect_user_info_presenter.rb +++ b/app/presenters/openid_connect_user_info_presenter.rb @@ -85,7 +85,7 @@ def x509_attributes { x509_subject: stringify_attr(x509_data.subject), x509_issuer: stringify_attr(x509_data.issuer), - x509_presented:, + x509_presented: !!x509_data.presented.raw, } end @@ -172,16 +172,6 @@ def x509_session? identity.piv_cac_enabled? end - def x509_presented - if IdentityConfig.store.x509_presented_hash_attribute_requested_issuers.include?( - identity&.service_provider, - ) - x509_data.presented - else - !!x509_data.presented.raw - end - end - def active_profile identity.user&.active_profile end diff --git a/app/services/analytics_events.rb b/app/services/analytics_events.rb index a2e67ab2aef..d3c37ff3486 100644 --- a/app/services/analytics_events.rb +++ b/app/services/analytics_events.rb @@ -2601,28 +2601,6 @@ def idv_mail_only_warning_visited(**extra) ) end - # Tracks whether the user's device appears to be mobile device with a camera attached. - # @param [Boolean] is_camera_capable_mobile Whether we think the device _could_ have a camera. - # @param [Boolean,nil] camera_present Whether the user's device _actually_ has a camera available. - # @param [Integer,nil] grace_time Extra time allowed for browser to report camera availability. - # @param [Integer,nil] duration Time taken for browser to report camera availability. - def idv_mobile_device_and_camera_check( - is_camera_capable_mobile:, - camera_present: nil, - grace_time: nil, - duration: nil, - **extra - ) - track_event( - 'IdV: Mobile device and camera check', - is_camera_capable_mobile: is_camera_capable_mobile, - camera_present: camera_present, - grace_time: grace_time, - duration: duration, - **extra, - ) - end - # @param [Integer] failed_capture_attempts Number of failed Acuant SDK attempts # @param [Integer] failed_submission_attempts Number of failed Acuant doc submissions # @param [String] field Image form field @@ -3069,57 +3047,6 @@ def idv_phone_of_record_visited( ) end - # @param ["sms", "voice"] otp_delivery_preference - # @param [Boolean] success - # @param [Hash] errors - # @param [Hash] error_details - # @param [Idv::ProofingComponentsLogging] proofing_components User's current proofing components - # @param [String,nil] active_profile_idv_level ID verification level of user's active profile. - # @param [String,nil] pending_profile_idv_level ID verification level of user's pending profile. - def idv_phone_otp_delivery_selection_submitted( - success:, - otp_delivery_preference:, - proofing_components: nil, - errors: nil, - error_details: nil, - active_profile_idv_level: nil, - pending_profile_idv_level: nil, - **extra - ) - track_event( - 'IdV: Phone OTP Delivery Selection Submitted', - { - success: success, - errors: errors, - error_details: error_details, - otp_delivery_preference: otp_delivery_preference, - proofing_components: proofing_components, - **extra, - }.compact, - active_profile_idv_level: active_profile_idv_level, - pending_profile_idv_level: pending_profile_idv_level, - ) - end - - # @param [Idv::ProofingComponentsLogging] proofing_components User's current proofing components - # @param [String,nil] active_profile_idv_level ID verification level of user's active profile. - # @param [String,nil] pending_profile_idv_level ID verification level of user's pending profile. - # User visited idv phone OTP delivery selection - def idv_phone_otp_delivery_selection_visit( - proofing_components: nil, - active_profile_idv_level: nil, - pending_profile_idv_level: nil, - **extra - ) - track_event( - 'IdV: Phone OTP delivery Selection Visited', - proofing_components: proofing_components, - active_profile_idv_level: active_profile_idv_level, - pending_profile_idv_level: pending_profile_idv_level, - **extra, - ) - end - # @param [Idv::ProofingComponentsLogging] proofing_components User's current proofing components # @param [String] step the step the user was on when they clicked use a different phone number # User decided to use a different phone number in idv @@ -3669,28 +3596,6 @@ def invalid_authenticity_token( ) end - # @param [Integer] rendered_event_count how many events were rendered in the API response - # @param [Boolean] authenticated whether the request was successfully authenticated - # @param [Float] elapsed_time the amount of time the function took to run - # @param [Boolean] success - # An IRS Attempt API client has requested events - def irs_attempts_api_events( - rendered_event_count:, - authenticated:, - elapsed_time:, - success:, - **extra - ) - track_event( - 'IRS Attempt API: Events submitted', - rendered_event_count: rendered_event_count, - authenticated: authenticated, - elapsed_time: elapsed_time, - success: success, - **extra, - ) - end - # @param [Boolean] success # @param [String] client_id # @param [Boolean] client_id_parameter_present @@ -4642,13 +4547,6 @@ def proofing_address_result_missing track_event('Proofing Address Result Missing') end - # @identity.idp.previous_event_name Proofing Document Timeout - # The job for document authentication did not record a result in the expected - # place during the expected time frame - def proofing_document_result_missing - track_event('Proofing Document Result Missing') - end - # Tracks when a user triggered a rate limiter # @param [String] limiter_type # @identity.idp.previous_event_name Throttler Rate Limit Triggered diff --git a/app/services/encryption/user_access_key.rb b/app/services/encryption/user_access_key.rb index 854ba65e65d..f3b9363c7e5 100644 --- a/app/services/encryption/user_access_key.rb +++ b/app/services/encryption/user_access_key.rb @@ -53,7 +53,7 @@ def unlock(encryption_key_arg) def unlocked? cek.present? end - alias built? unlocked? + alias_method :built?, :unlocked? def encryption_key Base64.strict_encode64(masked_ciphertext) diff --git a/app/services/idv/analytics_events_enhancer.rb b/app/services/idv/analytics_events_enhancer.rb index 44506047367..5645c1f3320 100644 --- a/app/services/idv/analytics_events_enhancer.rb +++ b/app/services/idv/analytics_events_enhancer.rb @@ -89,7 +89,6 @@ module AnalyticsEventsEnhancer idv_link_sent_capture_doc_polling_complete idv_link_sent_capture_doc_polling_started idv_mail_only_warning_visited - idv_mobile_device_and_camera_check idv_native_camera_forced idv_not_verified_visited idv_phone_use_different diff --git a/app/services/marketing_site.rb b/app/services/marketing_site.rb index b3eb7655839..894cdc02e46 100644 --- a/app/services/marketing_site.rb +++ b/app/services/marketing_site.rb @@ -16,7 +16,7 @@ class UnknownArticleException < StandardError; end verify-your-identity/verify-your-identity-in-person verify-your-identity/phone-number verify-your-identity/verify-your-address-by-mail - verify-your-identity/how-to-verify-your-identity + verify-your-identity/overview ].to_set.freeze def self.locale_segment diff --git a/app/services/proofing/aamva/hmac_secret.rb b/app/services/proofing/aamva/hmac_secret.rb index a1e7926b743..44b76403979 100644 --- a/app/services/proofing/aamva/hmac_secret.rb +++ b/app/services/proofing/aamva/hmac_secret.rb @@ -27,7 +27,7 @@ class HmacSecret attr_reader :client_secret, :server_secret, :psha1 - alias secret client_secret + alias_method :secret, :client_secret def initialize(encoded_client_secret, encoded_server_secret) @client_secret = Base64.decode64(encoded_client_secret) diff --git a/app/services/sp_handoff_bounce/add_handoff_time_to_session.rb b/app/services/sp_handoff_bounce/add_handoff_time_to_session.rb deleted file mode 100644 index e3f96b83ccf..00000000000 --- a/app/services/sp_handoff_bounce/add_handoff_time_to_session.rb +++ /dev/null @@ -1,9 +0,0 @@ -# frozen_string_literal: true - -module SpHandoffBounce - class AddHandoffTimeToSession - def self.call(session) - session[:sp_handoff_start_time] = Time.zone.now - end - end -end diff --git a/app/services/sp_handoff_bounce/is_bounced.rb b/app/services/sp_handoff_bounce/is_bounced.rb deleted file mode 100644 index 5c4db9ebe6d..00000000000 --- a/app/services/sp_handoff_bounce/is_bounced.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true - -module SpHandoffBounce - class IsBounced - def self.call(session) - start_time = session[:sp_handoff_start_time] - return if start_time.blank? - tz = Time.zone - start_time = tz.parse(start_time) if start_time.instance_of?(String) - tz.now <= (start_time + IdentityConfig.store.sp_handoff_bounce_max_seconds.seconds) - end - end -end diff --git a/app/services/sp_handoff_bouncer.rb b/app/services/sp_handoff_bouncer.rb new file mode 100644 index 00000000000..7f210bed49a --- /dev/null +++ b/app/services/sp_handoff_bouncer.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +class SpHandoffBouncer + attr_reader :sp_session + + def initialize(sp_session) + @sp_session = sp_session + end + + def add_handoff_time!(now = Time.zone.now) + sp_session[:sp_handoff_start_time] = now + end + + def bounced?(now = Time.zone.now) + start_time = sp_session[:sp_handoff_start_time] + return false if start_time.blank? + start_time = Time.zone.parse(start_time) if start_time.instance_of?(String) + now <= (start_time + IdentityConfig.store.sp_handoff_bounce_max_seconds.seconds) + end +end diff --git a/app/services/x509/attribute.rb b/app/services/x509/attribute.rb index 7b9c4bce214..aaf1bbaa6c5 100644 --- a/app/services/x509/attribute.rb +++ b/app/services/x509/attribute.rb @@ -13,6 +13,6 @@ def initialize(raw: nil, norm: nil) end delegate :blank?, :present?, :to_s, :to_date, :==, :eql?, to: :raw - alias to_str to_s + alias_method :to_str, :to_s end end diff --git a/app/views/idv/how_to_verify/show.html.erb b/app/views/idv/how_to_verify/show.html.erb index 3b8b75993d5..2699c68fe16 100644 --- a/app/views/idv/how_to_verify/show.html.erb +++ b/app/views/idv/how_to_verify/show.html.erb @@ -100,17 +100,23 @@ heading: t('doc_auth.info.how_to_verify_troubleshooting_options_header'), options: [ { - url: MarketingSite.help_center_article_url( + url: help_center_redirect_path( category: 'verify-your-identity', - article: 'how-to-verify-your-identity', + article: 'overview', + flow: :idv, + step: :how_to_verify, + location: 'troubleshooting_options', ), text: t('doc_auth.info.verify_online_link_text'), new_tab: true, }, { - url: MarketingSite.help_center_article_url( + url: help_center_redirect_path( category: 'verify-your-identity', article: 'verify-your-identity-in-person', + flow: :idv, + step: :how_to_verify, + location: 'troubleshooting_options', ), text: t('doc_auth.info.verify_at_post_office_link_text'), new_tab: true, diff --git a/app/views/idv/welcome/show.html.erb b/app/views/idv/welcome/show.html.erb index cd76a848b03..39653251a16 100644 --- a/app/views/idv/welcome/show.html.erb +++ b/app/views/idv/welcome/show.html.erb @@ -11,7 +11,7 @@ t('doc_auth.info.getting_started_learn_more'), help_center_redirect_path( category: 'verify-your-identity', - article: 'how-to-verify-your-identity', + article: 'overview', flow: :idv, step: :welcome, location: 'intro_paragraph', diff --git a/config/application.yml.default b/config/application.yml.default index 772c6068aee..c5bea42e9fa 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -371,7 +371,6 @@ get_usps_proofing_results_job_request_delay_milliseconds: 1000 voice_otp_pause_time: '0.5s' voice_otp_speech_rate: 'slow' weekly_auth_funnel_report_config: '[]' -x509_presented_hash_attribute_requested_issuers: '[]' development: aamva_private_key: 123abc diff --git a/config/initializers/rack_timeout.rb b/config/initializers/rack_timeout.rb index 201e24f311a..ef16577cfa8 100644 --- a/config/initializers/rack_timeout.rb +++ b/config/initializers/rack_timeout.rb @@ -21,8 +21,8 @@ def call_with_excludes(env) end end - alias call_without_excludes call - alias call call_with_excludes + alias_method :call_without_excludes, :call + alias_method :call, :call_with_excludes end end diff --git a/config/locales/es.yml b/config/locales/es.yml index fc10dbeff5e..06b649c170a 100644 --- a/config/locales/es.yml +++ b/config/locales/es.yml @@ -786,8 +786,8 @@ event_types.piv_cac_disabled: Tarjeta PIV o CAC no asociada event_types.piv_cac_enabled: Tarjeta PIV o CAC asociada event_types.sign_in_after_2fa: Inicio de sesión con un segundo factor event_types.sign_in_before_2fa: Inicio de sesión con contraseña -event_types.sign_in_notification_timeframe_expired: Plazo de notificación expirado para el inicio de sesión desde un nuevo dispositivo -event_types.sign_in_unsuccessful_2fa: Error al autenticar +event_types.sign_in_notification_timeframe_expired: Venció el tiempo del mensaje para iniciar sesión en un dispositivo nuevo +event_types.sign_in_unsuccessful_2fa: No se pudo autenticar event_types.webauthn_key_added: Clave de seguridad de hardware añadida event_types.webauthn_key_removed: Clave de seguridad de hardware eliminada forms.backup_code_regenerate.caution: Si vuelve a generar sus códigos de recuperación, recibirá un conjunto nuevo de códigos. Sus códigos de recuperación originales ya no serán válidos. diff --git a/config/locales/fr.yml b/config/locales/fr.yml index 090edcf2e23..45cb378907e 100644 --- a/config/locales/fr.yml +++ b/config/locales/fr.yml @@ -786,7 +786,7 @@ event_types.piv_cac_disabled: Carte PIV/CAC désassociée event_types.piv_cac_enabled: Carte PIV/CAC associée event_types.sign_in_after_2fa: Connecté avec deuxième facteur event_types.sign_in_before_2fa: Connecté avec mot de passe -event_types.sign_in_notification_timeframe_expired: Délai de notification pour la connexion à partir d’un nouveau dispositif expiré +event_types.sign_in_notification_timeframe_expired: Expiration du délai de notification autorisé pour se connecter à partir d’un nouvel appareil event_types.sign_in_unsuccessful_2fa: Échec de l’authentification event_types.webauthn_key_added: Clé de sécurité physique ajoutée event_types.webauthn_key_removed: Clé de sécurité physique supprimée @@ -1819,7 +1819,7 @@ user_mailer.new_device_sign_in_after_2fa.info_p2: Si vous reconnaissez cette act user_mailer.new_device_sign_in_after_2fa.info_p3_html: Si ce n’est pas vous, %{reset_password_link_html} et modifiez immédiatement vos %{authentication_methods_link_html}. user_mailer.new_device_sign_in_after_2fa.reset_password: réinitialisez votre mot de passe user_mailer.new_device_sign_in_after_2fa.subject: Nouvelle connexion et authentification avec votre compte %{app_name} -user_mailer.new_device_sign_in_attempts.events.sign_in_after_2fa: Signé avec deuxième facteur +user_mailer.new_device_sign_in_attempts.events.sign_in_after_2fa: Authentification réussie user_mailer.new_device_sign_in_attempts.events.sign_in_before_2fa: Connecté avec mot de passe user_mailer.new_device_sign_in_attempts.events.sign_in_unsuccessful_2fa: Échec de l’authentification user_mailer.new_device_sign_in_attempts.new_sign_in_from: Nouvelle connexion potentiellement localisée à %{location} diff --git a/config/locales/zh.yml b/config/locales/zh.yml index 853c7cdc500..8081fbf134e 100644 --- a/config/locales/zh.yml +++ b/config/locales/zh.yml @@ -786,8 +786,8 @@ event_types.piv_cac_disabled: PIV/CAC 卡无关联 event_types.piv_cac_enabled: PIV/CAC 卡已关联 event_types.sign_in_after_2fa: 已使用第二个因素登录 event_types.sign_in_before_2fa: 已使用密码登录 -event_types.sign_in_notification_timeframe_expired: Expired notification timeframe for sign-in from new device -event_types.sign_in_unsuccessful_2fa: Failed to authenticate +event_types.sign_in_notification_timeframe_expired: 从新设备登录的通知时间窗口已过 +event_types.sign_in_unsuccessful_2fa: 身份证实失败 event_types.webauthn_key_added: 硬件安全密钥已添加 event_types.webauthn_key_removed: 硬件安全密钥已去掉 forms.backup_code_regenerate.caution: 如果你重新生成备用代码,会收到新的一套备用代码。你原来的备用代码就会失效。 @@ -1824,9 +1824,9 @@ user_mailer.new_device_sign_in_after_2fa.info_p2: 如果你知道该活动,则 user_mailer.new_device_sign_in_after_2fa.info_p3_html: If this wasn’t you, %{reset_password_link_html} and change your %{authentication_methods_link_html} immediately. user_mailer.new_device_sign_in_after_2fa.reset_password: reset your password user_mailer.new_device_sign_in_after_2fa.subject: '%{app_name} 账户有新的登录和身份验证' -user_mailer.new_device_sign_in_attempts.events.sign_in_after_2fa: Authenticated +user_mailer.new_device_sign_in_attempts.events.sign_in_after_2fa: 身份已证实 user_mailer.new_device_sign_in_attempts.events.sign_in_before_2fa: Signed in with password -user_mailer.new_device_sign_in_attempts.events.sign_in_unsuccessful_2fa: Failed to authenticate +user_mailer.new_device_sign_in_attempts.events.sign_in_unsuccessful_2fa: 身份证实失败 user_mailer.new_device_sign_in_attempts.new_sign_in_from: 新登录可能是在 %{location} user_mailer.new_device_sign_in_before_2fa.info_p1_html.one: Your %{app_name} email and password were used to sign in from a new device but failed to authenticate. user_mailer.new_device_sign_in_before_2fa.info_p1_html.other: Your %{app_name} email and password were used to sign in from a new device but failed to authenticate %{count} times. diff --git a/lib/aws/ses.rb b/lib/aws/ses.rb index 032a93c1964..8ce634e0964 100644 --- a/lib/aws/ses.rb +++ b/lib/aws/ses.rb @@ -18,7 +18,7 @@ def deliver(mail) response end - alias deliver! deliver + alias_method :deliver!, :deliver private diff --git a/lib/identity_config.rb b/lib/identity_config.rb index 87e472b033b..6a9cdfa5281 100644 --- a/lib/identity_config.rb +++ b/lib/identity_config.rb @@ -439,7 +439,6 @@ def self.store config.add(:voice_otp_speech_rate) config.add(:vtm_url) config.add(:weekly_auth_funnel_report_config, type: :json) - config.add(:x509_presented_hash_attribute_requested_issuers, type: :json) end.freeze # rubocop:enable Metrics/BlockLength end diff --git a/lib/reporting/identity_verification_report.rb b/lib/reporting/identity_verification_report.rb index b4f10346945..a7b703073d9 100644 --- a/lib/reporting/identity_verification_report.rb +++ b/lib/reporting/identity_verification_report.rb @@ -194,8 +194,13 @@ def usps_enrollment_status_updated end def successfully_verified_users - idv_final_resolution_verified + gpo_verification_submitted + usps_enrollment_status_updated + - fraud_review_passed + @successfully_verified_users ||= ( + data[Results::IDV_FINAL_RESOLUTION_VERIFIED] + + data[Events::USPS_ENROLLMENT_STATUS_UPDATED] + + data[Events::FRAUD_REVIEW_PASSED] + + data[Events::GPO_VERIFICATION_SUBMITTED] + + data[Events::GPO_VERIFICATION_SUBMITTED_OLD] + ).count end def idv_started diff --git a/lib/reporting/protocols_report.rb b/lib/reporting/protocols_report.rb index 91d7c9e8f0c..f6a5ecf347f 100644 --- a/lib/reporting/protocols_report.rb +++ b/lib/reporting/protocols_report.rb @@ -86,15 +86,35 @@ def to_csvs def protocol_data @protocol_data ||= begin - protocol_counts = Hash.new(0) - cloudwatch_client.fetch( + results = cloudwatch_client.fetch( query: protocol_query, from: time_range.begin, to: time_range.end, - ).each do |row| - protocol_counts[row['protocol']] += row['request_count'].to_i - end - protocol_counts + ) + { + saml: { + request_count: results. + select { |slice| slice['protocol'] == SAML_AUTH_EVENT }. + map { |slice| slice['request_count'].to_i }. + sum, + issuer_count: results. + select { |slice| slice['protocol'] == SAML_AUTH_EVENT }. + map { |slice| slice['issuer'] }. + uniq. + count, + }, + oidc: { + request_count: results. + select { |slice| slice['protocol'] == OIDC_AUTH_EVENT }. + map { |slice| slice['request_count'].to_i }. + sum, + issuer_count: results. + select { |slice| slice['protocol'] == OIDC_AUTH_EVENT }. + map { |slice| slice['issuer'] }. + uniq. + count, + }, + } end end @@ -125,12 +145,13 @@ def protocol_query format(<<~QUERY, params) fields - name AS protocol - | filter name IN %{event} + name AS protocol, + coalesce(properties.event_properties.service_provider, properties.event_properties.client_id) as issuer + | filter name IN %{event} AND properties.event_properties.success= 1 | stats - count(*) AS request_count + count(*) AS request_count BY - protocol + protocol, issuer QUERY end @@ -176,32 +197,42 @@ def overview_table end def saml_count - protocol_data[SAML_AUTH_EVENT] + protocol_data[:saml][:request_count] end def oidc_count - protocol_data[OIDC_AUTH_EVENT] + protocol_data[:oidc][:request_count] + end + + def saml_issuer_count + protocol_data[:saml][:issuer_count] + end + + def oidc_issuer_count + protocol_data[:oidc][:issuer_count] end def protocols_table [ - ['Authentication Protocol', '% of attempts', 'Total number'], + ['Authentication Protocol', '% of requests', 'Total requests', 'Count of issuers'], [ 'SAML', to_percent(saml_count, saml_count + oidc_count), saml_count, + saml_issuer_count, ], [ 'OIDC', to_percent(oidc_count, saml_count + oidc_count), oidc_count, + oidc_issuer_count, ], ] end def saml_signature_issues_table [ - ['Issue', 'Count of integrations with the issue', 'List of issuers with the issue'], + ['Issue', 'Count of issuers with the issue', 'List of issuers with the issue'], [ 'Not signing SAML authentication requests', saml_signature_data[:unsigned].length, @@ -217,7 +248,7 @@ def saml_signature_issues_table def loa_acr_requests_table [ - ['Count of integrations using LOA', 'List of issuers with the issue'], + ['Count of issuers using LOA', 'List of issuers with the issue'], [ loa_issuers_data.length, loa_issuers_data.join(', '), diff --git a/spec/controllers/concerns/remember_device_concern_spec.rb b/spec/controllers/concerns/remember_device_concern_spec.rb index 6c6ecfc13ba..7c05ff31bae 100644 --- a/spec/controllers/concerns/remember_device_concern_spec.rb +++ b/spec/controllers/concerns/remember_device_concern_spec.rb @@ -11,8 +11,8 @@ include(RememberDeviceConcern) attr_reader :sp, :raw_session, :request, :current_user - alias :sp_from_sp_session :sp - alias :sp_session :raw_session + alias_method :sp_from_sp_session, :sp + alias_method :sp_session, :raw_session def initialize(sp, raw_session, request, current_user) @sp = sp diff --git a/spec/features/idv/doc_auth/welcome_spec.rb b/spec/features/idv/doc_auth/welcome_spec.rb index 2b4c4ac186a..111f8da8118 100644 --- a/spec/features/idv/doc_auth/welcome_spec.rb +++ b/spec/features/idv/doc_auth/welcome_spec.rb @@ -26,7 +26,7 @@ flow: 'idv', redirect_url: MarketingSite.help_center_article_url( category: 'verify-your-identity', - article: 'how-to-verify-your-identity', + article: 'overview', ), ) end diff --git a/spec/i18n_spec.rb b/spec/i18n_spec.rb index 84c4b241df4..ef708925c75 100644 --- a/spec/i18n_spec.rb +++ b/spec/i18n_spec.rb @@ -98,8 +98,6 @@ class BaseTask { key: 'doc_auth.instructions.text4', locales: %i[zh] }, { key: 'errors.doc_auth.document_capture_canceled', locales: %i[zh] }, { key: 'errors.messages.blank_cert_element_req', locales: %i[zh] }, - { key: 'event_types.sign_in_notification_timeframe_expired', locales: %i[zh] }, - { key: 'event_types.sign_in_unsuccessful_2fa', locales: %i[zh] }, { key: 'forms.webauthn_setup.learn_more', locales: %i[zh] }, { key: 'forms.webauthn_setup.step_1', locales: %i[zh] }, { key: 'forms.webauthn_setup.step_1a', locales: %i[zh] }, @@ -146,9 +144,7 @@ class BaseTask { key: 'user_mailer.new_device_sign_in_after_2fa.authentication_methods', locales: %i[zh] }, { key: 'user_mailer.new_device_sign_in_after_2fa.info_p3_html', locales: %i[zh] }, { key: 'user_mailer.new_device_sign_in_after_2fa.reset_password', locales: %i[zh] }, - { key: 'user_mailer.new_device_sign_in_attempts.events.sign_in_after_2fa', locales: %i[zh] }, { key: 'user_mailer.new_device_sign_in_attempts.events.sign_in_before_2fa', locales: %i[zh] }, - { key: 'user_mailer.new_device_sign_in_attempts.events.sign_in_unsuccessful_2fa', locales: %i[zh] }, { key: 'user_mailer.new_device_sign_in_before_2fa.info_p1_html.one', locales: %i[zh] }, { key: 'user_mailer.new_device_sign_in_before_2fa.info_p1_html.other', locales: %i[zh] }, { key: 'user_mailer.new_device_sign_in_before_2fa.info_p1_html.zero', locales: %i[zh] }, diff --git a/spec/lib/reporting/identity_verification_report_spec.rb b/spec/lib/reporting/identity_verification_report_spec.rb index f7c5faa819a..37319501490 100644 --- a/spec/lib/reporting/identity_verification_report_spec.rb +++ b/spec/lib/reporting/identity_verification_report_spec.rb @@ -40,6 +40,7 @@ # Success through address confirmation user { 'user_id' => 'user4', 'name' => 'IdV: GPO verification submitted' }, + { 'user_id' => 'user4', 'name' => 'Fraud: Profile review passed', 'success' => '1' }, # Success through in-person verification, failed doc auth (rejected) { 'user_id' => 'user5', 'name' => 'IdV: doc auth welcome visited' }, @@ -82,7 +83,7 @@ ['Successfully Verified - With phone number', 1], ['Successfully Verified - With mailed code', 1], ['Successfully Verified - In Person', 1], - ['Successfully Verified - Passed fraud review', 1], + ['Successfully Verified - Passed fraud review', 2], ['Blanket Proofing Rate (IDV Started to Successfully Verified)', 0.8], ['Intent Proofing Rate (Welcome Submitted to Successfully Verified)', 0.8], ['Actual Proofing Rate (Image Submitted to Successfully Verified)', 0.8], @@ -124,7 +125,7 @@ ['Successfully Verified - With phone number', '1'], ['Successfully Verified - With mailed code', '1'], ['Successfully Verified - In Person', '1'], - ['Successfully Verified - Passed fraud review', '1'], + ['Successfully Verified - Passed fraud review', '2'], ['Blanket Proofing Rate (IDV Started to Successfully Verified)', '0.8'], ['Intent Proofing Rate (Welcome Submitted to Successfully Verified)', '0.8'], ['Actual Proofing Rate (Image Submitted to Successfully Verified)', '0.8'], @@ -160,7 +161,7 @@ 'IdV Reject: Doc Auth' => 3, 'IdV Reject: Phone Finder' => 1, 'IdV Reject: Verify' => 1, - 'Fraud: Profile review passed' => 1, + 'Fraud: Profile review passed' => 2, ) end end diff --git a/spec/lib/reporting/protocols_report_spec.rb b/spec/lib/reporting/protocols_report_spec.rb index ac70f5e986a..394b074964c 100644 --- a/spec/lib/reporting/protocols_report_spec.rb +++ b/spec/lib/reporting/protocols_report_spec.rb @@ -10,19 +10,28 @@ protocol_query_response = [ { 'protocol' => 'SAML Auth', + 'issuer' => 'Issuer 1', 'request_count' => '8', }, { 'protocol' => 'SAML Auth', + 'issuer' => 'Issuer 1', 'request_count' => '2', }, { 'protocol' => 'SAML Auth', + 'issuer' => 'Issuer 2', 'request_count' => '10', }, { 'protocol' => 'OpenID Connect: authorization request', - 'request_count' => '80', + 'issuer' => 'Issuer 3', + 'request_count' => '60', + }, + { + 'protocol' => 'OpenID Connect: authorization request', + 'issuer' => 'Issuer 4', + 'request_count' => '20', }, ] saml_signature_query_response = [ @@ -183,17 +192,19 @@ def expected_tables(strings: false) ['Report Generated', Date.today.to_s], # rubocop:disable Rails/Date ], [ - ['Authentication Protocol', '% of attempts', 'Total number'], - ['SAML', string_or_num(strings, 20.0), string_or_num(strings, 20)], - ['OIDC', string_or_num(strings, 80.0), string_or_num(strings, 80)], + ['Authentication Protocol', '% of requests', 'Total requests', 'Count of issuers'], + ['SAML', string_or_num(strings, 20.0), string_or_num(strings, 20), + string_or_num(strings, 2)], + ['OIDC', string_or_num(strings, 80.0), string_or_num(strings, 80), + string_or_num(strings, 2)], ], [ - ['Issue', 'Count of integrations with the issue', 'List of issuers with the issue'], + ['Issue', 'Count of issuers with the issue', 'List of issuers with the issue'], ['Not signing SAML authentication requests', string_or_num(strings, 2), 'Issuer1, Issuer3'], ['Incorrectly signing SAML authentication requests', string_or_num(strings, 1), 'Issuer1'], ], [ - ['Count of integrations using LOA', 'List of issuers with the issue'], + ['Count of issuers using LOA', 'List of issuers with the issue'], [ string_or_num(strings, 3), 'Issuer1, Issuer2, Issuer3', diff --git a/spec/presenters/openid_connect_user_info_presenter_spec.rb b/spec/presenters/openid_connect_user_info_presenter_spec.rb index af81f4f8314..0f662816518 100644 --- a/spec/presenters/openid_connect_user_info_presenter_spec.rb +++ b/spec/presenters/openid_connect_user_info_presenter_spec.rb @@ -324,25 +324,6 @@ end end end - - context 'when the sp requested x509_presented scope before it was fixed to string' do - before do - expect(IdentityConfig.store).to receive( - :x509_presented_hash_attribute_requested_issuers, - ).and_return([identity.service_provider]) - OutOfBandSessionAccessor.new(rails_session_id).put_x509(x509, 5.minutes.to_i) - end - - it 'returns x509_presented as an X509::Attribute' do - # This is guarding against partners who may have coded against - # a bug where we returning the wrong data type for x509_presented - aggregate_failures do - expect(user_info[:x509_subject]).to eq(x509_subject) - expect(user_info[:x509_presented].class).to eq(X509::Attribute) - expect(user_info[:x509_issuer]).to eq(x509_issuer) - end - end - end end end end diff --git a/spec/support/features/idv_step_helper.rb b/spec/support/features/idv_step_helper.rb index cc76166a271..527fd63cc1b 100644 --- a/spec/support/features/idv_step_helper.rb +++ b/spec/support/features/idv_step_helper.rb @@ -96,8 +96,8 @@ def complete_idv_steps_with_phone_before_confirmation_step(user = user_with_2fa) complete_enter_password_step(user) end - alias complete_idv_steps_before_enter_password_step - complete_idv_steps_with_phone_before_enter_password_step + alias_method :complete_idv_steps_before_enter_password_step, + :complete_idv_steps_with_phone_before_enter_password_step def complete_idv_steps_with_gpo_before_enter_password_step(user = user_with_2fa) complete_idv_steps_before_gpo_step(user) diff --git a/spec/views/idv/welcome/show.html.erb_spec.rb b/spec/views/idv/welcome/show.html.erb_spec.rb index 85dcb436686..6a4d16303d2 100644 --- a/spec/views/idv/welcome/show.html.erb_spec.rb +++ b/spec/views/idv/welcome/show.html.erb_spec.rb @@ -45,7 +45,7 @@ t('doc_auth.info.getting_started_learn_more'), href: help_center_redirect_path( category: 'verify-your-identity', - article: 'how-to-verify-your-identity', + article: 'overview', flow: :idv, step: :welcome, location: 'intro_paragraph', @@ -63,7 +63,7 @@ t('doc_auth.info.getting_started_learn_more'), href: help_center_redirect_path( category: 'verify-your-identity', - article: 'how-to-verify-your-identity', + article: 'overview', flow: :idv, step: :welcome, location: 'intro_paragraph',